KOR Open menu
Close menu
Company
Investor Relations
Sustainability
News & Media
News & Media

SK Square Privacy Policy

SK Square (hereinafter referred to as the “Company”) processes and manages personal information lawfully and securely in compliance with the Personal Information Protection Act and related laws and regulations to safeguard the freedoms and rights of information subjects. Pursuant to Article 30 of the Personal Information Protection Act, we have formulated and disclosed the following privacy policy to inform information subjects about the procedures and standards for processing personal information. This policy also ensures the prompt and efficient resolution of any grievances related to personal information handling.

  1. 1.Collection, Purpose, and Retention Period of Personal Information

    1. The Company collects and processes personal information for the following purposes. Personal information will not be used for any other purpose unless the data subject’s consent is obtained as per Article 18 of the Personal Information Protection Act. Additionally, the Company processes and retains personal information within the period agreed upon when collecting personal information or within the period required by law. Services are provided to children under 14 only with the consent of their legal guardians.

      • Personal Information Items Collected with Consent
      Purpose of Processing

      Providing online general meeting services

      ∙ Verifying eligibility for general meeting viewing rights, confirming shareholder status, sending authentication codes for accessing the online general meeting, responding to customer inquiries
      Items Collected
      Name, date of birth, gender, email address
      Retention Period
      2 years from the date of the general meeting *)
      Purpose of Processing Items Collected Retention Period

      Providing online general meeting services

      ∙ Verifying eligibility for general meeting viewing rights, confirming shareholder status, sending authentication codes for accessing the online general meeting, responding to customer inquiries

      		 Name, date of birth, gender, email address 2 years from the date of the general meeting *)

      *) However, if it is required to retain personal information under the provisions of relevant laws, the personal information may be retained in accordance with the stipulations of those laws.

    2. No personal information is collected on the Company's main website(www.sksquare.com).

  2. 2.Provision of Personal Information to Third Parties

    1. The Company processes personal information within the scope specified in the purpose of handling personal information and provides personal information to third parties only in cases that comply with Articles 17 and 18 of the Personal Information Protection Act, such as with the data subject's consent or specific legal provisions.

    2. In accordance with the emergency guidelines for personal information processing and protection jointly announced by government ministries, the Company may provide personal information to relevant agencies without the data subject's consent in the event of emergencies such as disasters, infectious diseases, incidents, or accidents causing urgent threats to life or safety, or urgent property loss.

  3. 3.Matters Concerning the Entrustment of the Processing of Personal Information

    1. The Company outsources personal information processing to ensure smooth operations. Details of the outsourced processing are as follows:

      Outsourced Entity
      Teletogether Co., Ltd.
      Details of Outsourced Work

      Providing online general meeting services

      ∙ Verifying eligibility for viewing rights, confirming shareholder status, sending authentication codes for accessing the online general meeting, responding to customer inquiries
      Outsourced Entity Details of Outsourced Work
      Teletogether Co., Ltd.

      Providing online general meeting services

      ∙ Verifying eligibility for viewing rights, confirming shareholder status, sending authentication codes for accessing the online general meeting, responding to customer inquiries

    2. The Company ensures compliance with the Personal Information Protection Act by stipulating in contracts that the outsourced entity must not process personal information beyond the scope of the outsourced work, must take technical and administrative protection measures, must limit re-outsourcing, must ensure the safety of personal information, and must be supervised and monitored by the Company.

    3. If there are changes in the outsourced work or the outsourced entity, this privacy policy will be updated promptly.

  4. 4.Personal Information Deletion Procedures and Methods

    1. The Company deletes personal information without delay when the retention period expires, or the purpose of processing is achieved.

    2. If the retention period of personal information, for which consent was obtained from the information subject, has expired or the processing purpose has been achieved, but the personal information must be retained according to other laws, the Company will move the relevant personal information to a separate database (DB) or store it in a different location.

    3. The procedures and methods of deleting personal information are as follows:

      1. A. Deletion Procedure

        The Company selects personal information for deletion when there is a reason for deletion and deletes the personal information upon approval from the Personal Information Protection Officer.

      2. B. Deletion Method

        The Company deletes personal information recorded and stored in electronic file format in a manner that ensures the information cannot be reproduced, and personal information recorded and stored on paper is shredded using a shredder.

  5. 5.Rights and Obligations of Information Subjects and Their Legal Representatives and Exercise of the Rights

    1. The information subject may exercise the rights of access, correction, deletion, suspension of processing, refusal of automated decision-making, and request for explanation against the Company at any time.

      ※ Requests for access to personal information, etc., concerning children under the age of 14 must be made by their legal representative. Information subjects who are minors over the age of 14 may exercise their rights concerning their personal information either by themselves or through their legal representative.

    2. The information subject may exercise the rights by contacting the department described in Article 9(1) of this policy, and the Company will take immediate action.

    3. The rights may be exercised through an agent, such as the legal representative of the information subject or a person authorized by him/her. In this case, the information subject should use the power of attorney form provided in Appendix 11 of the Notification on the Personal Information Processing Methods.

    4. The rights of the information subject to request access to and suspension of processing of personal information may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.

    5. The right of the information subject to request the deletion of personal information may be restricted under Article 36(1) of the Personal Information Protection Act.

    6. If the information subject has consented to automated decision-making, has been informed in advance through a contract, or if there are clear legal regulations, the right to refuse automated decision-making is not recognized. However, requests for explanation and review are allowed.

    7. Requests for refusal of automated decision-making or explanations may be rejected if there are legitimate reasons such as the risk of unjustly infringing on the life, body, property, or other rights of others.

    8. The Company verifies whether the person exercising the rights is the information subject himself/herself or a legitimate representative.

    9. The Company endeavors to ensure that the information subject's rights are processed quickly and efficiently by the information protection department.

  6. 6.Measures to Ensure the Security of Personal Information

    The Company takes the following measures to ensure the security of personal information:

    • Administrative measures: Establishment and implementation of internal management plans, operation of a dedicated organization, and regular employee training
    • Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, and installation of security programs
    • Physical measures: Access control to computer rooms and data storage rooms

    Additionally, the Company implements the following activities to ensure the security of personal information beyond the requirements stipulated by law:

    • Obtaining Information Protection Certification (ISO/IEC 27001)

  7. 7.Installation and Operation of Automated Tools for the Collection of Personal Information and Refusal to Accept Them.

    The Company does not use tools that automatically collect personal information, such as "cookies" that store and retrieve information about users.

  8. 8.Matters Concerning the Refusal of Collection, Use, and Provision of Behavioral Information

    The Company does not collect, use, or provide behavioral information for online customized advertising.

  9. 9.Personal Information Protection Officer and Department Responsible for Receiving and Processing Access Requests

    1. The Company endeavors to ensure that the information subject's rights are processed quickly and efficiently by the information protection department.

      Privacy Officer Privacy Manager
      Depart-
      ment      		 Information Protection Information Protection
      Name Kim Byeongyoon Cho Hyewoo PL
      E-mail - pi@partner.
      sk.com
      Contact - 02-6100-
      3114

    2. Information subjects can contact the Personal Information Protection Officer and the designated department for inquiries, complaint handling, and remedies related to personal information protection arising while using the Company’s services. The Company will respond and address the inquiries of information subjects without delay.

    3. Information subjects may also request access to their personal information under Article 35 of the Personal Information Protection Act through the information protection department. The Company will make efforts to ensure that requests for access to personal information by information subjects are processed promptly.

  10. 10.Remedies for Infringement of Rights

    1. Information subjects can seek remedies for personal information infringement by applying for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, and other relevant agencies. For further reports or consultations on personal information infringement, please contact the following organizations.

      1. A. Personal Information Dispute Mediation Committee : (No area code) 1833-6972 (www.kopico.go.kr)
      2. B. Personal Information Infringement Report Center : (No area code) 118 (privacy.kisa.or.kr)
      3. C. Supreme Prosecutors' Office : (No area code) 1301 (www.spo.go.kr)
      4. D. National Police Agency : (No area code) 182 (ecrm.cyber.go.kr)

    2. The Company strives to guarantee the information subject's right to self-determination regarding personal information and endeavors to provide consultation and remedies for personal information infringement. If you need to report or consult on such matters, please contact the following department.

      Consultation and Reporting on Personal Information Protection
      Department Information Protection
      Name Cho Hyewoo PL
      E-mail pi@partner.sk.com
      Contact 02-6100-3114
      Consultation and Reporting on Personal Information Protection
      Department Information Protection
      Name Cho Hyewoo PL
      E-mail pi@partner.sk.com
      Contact 02-6100-
      3114

  11. 11.Disclosure and Changes to the Privacy Policy

    This privacy policy is effective from August 7, 2024.

Privacy Policy

SK Square (hereinafter referred to as the “Company”) processes and manages personal information lawfully and securely in compliance with the Personal Information Protection Act and related laws and regulations to safeguard the freedoms and rights of information subjects. Pursuant to Article 30 of the Personal Information Protection Act, we have formulated and disclosed the following privacy policy to inform information subjects about the procedures and standards for processing personal information. This policy also ensures the prompt and efficient resolution of any grievances related to personal information handling. SK Square’s privacy policy is applied equally not only to internal executives/employees but also to external stakeholders.

  1. 1.Purpose of Processing Personal Information, Items Collected, and Period of Retention and Use

    We do not collect any personal information on our main website (www.sksquare.com).

  2. 2.Provision of Personal Information to Third Parties

    As we do not collect any personal information on this website, we do not provide any personal information to third parties. Below is the general policy of the Company regarding the provision of personal information to third parties:

    • The Company may only provide personal information to third parties in accordance with the circumstances specified in Articles 17 and 18 of the Personal Information Protection Act.

      1. Where consent is obtained from the information subject;

      2. Where special provisions exist in other laws or it is inevitable to observe legal obligations;

      3. Where it is deemed manifestly necessary for the protection of life, bodily or property interests of the information subject or third party from imminent danger;

      4. Where it is necessary to attain the justifiable interest of a personal information controller, which such interest is manifestly superior to the rights of the information subject. In such cases, processing shall be allowed only to the extent the processing is substantially related to the justifiable interest of the personal information controller and does not go beyond a reasonable scope; or

      5. Where it is urgently necessary for the public safety and security, public health, etc.

    • The Company will inform the information subject of the following matters and obtain consent when it provides personal information to a third party.

      1. The recipient of personal information;

      2. The purpose of the use of the personal information (the purpose for which the recipient of personal information uses such information);

      3. Particulars of personal information to be provided;

      4. The period during which the recipient retains and uses personal information; and

      5. The fact that the information subject is entitled to deny consent, and disadvantages, if any, resulting from the denial of consent.

  3. 3.Matters Concerning the Entrustment of the Processing of Personal Information

    On this website, we do not entrust the processing of personal information to third parties. However, if the Company decides to entrust a third party with the processing of personal information, we will disclose the details of the entrustment and the entrusted party on the relevant webpage.

  4. 4.Personal Information Destruction Procedures and Methods

    The Company will promptly destroy personal information when it becomes unnecessary due to the expiration of the retention period or the fulfillment of the purpose for processing the personal information.

    1. Destruction procedures

      The Company identifies personal information that should be destroyed due to the expiration of the retention period or fulfillment of processing purposes. A destruction plan is established and approved by the Privacy Officer. Personal information is destroyed within five days from the expiration of the retention period or fulfillment of processing purposes.

    2. Destruction methods

      - If the information is in electronic form, it will be permanently deleted using irreversible means.

      - If the information is in non-electronic form, it will be shredded or incinerated.

    If other laws or regulations require us to retain personal information beyond the agreed retention period or purpose of processing, we will transfer such personal information to a separate database (DB) or store it in a different location.

  5. 5.Rights and Obligations of Information Subjects and Their Legal Representatives and Exercise of the Rights

    1. The information subject may exercise the rights of access, correction, deletion, suspension of processing, refusal of automated decision-making, and request for explanation against the Company at any time.

      ※ Requests for access to personal information, etc., concerning children under the age of 14 must be made by their legal representative. Information subjects who are minors over the age of 14 may exercise their rights concerning their personal information either by themselves or through their legal representative.

    2. According to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, information subjects may exercise their rights through various means such as writing, email, or fax. To request access to personal information, information subjects should use the form provided in Appendix 8 of the Notification on the Personal Information Processing Methods (No. 2023-12). The Company will promptly take action upon receiving the request.

    3. The rights may be exercised through an agent, such as the legal representative of the information subject or a person authorized by him/her. In this case, the information subject should use the power of attorney form provided in Appendix 11 of the Notification on the Personal Information Processing Methods (No. 2023-12).  

    4. The rights of the information subject to request access to and suspension of processing of personal information may be restricted under Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.

    5. Requests for correction or deletion of personal information may not be accepted if such personal information is specified as necessary to be collected under another law.

    6. The right to refuse automated decision-making may be exercised if the automated decision-making was made in accordance with Article 15 (1), paragraphs 1, 2, or 4 of the Personal Data Protection Act.

    7. When the Company receives a request from an information subject to exercise his/her rights of access, correction, deletion, suspension of processing, refusal of automated decision-making, or request for explanation regarding personal information, the Company will verify that the person is indeed the information subject him/herself or his/her duly authorized representative.

  6. 6.Measures to Ensure the Security of Personal Information

    The Company complies with Article 29 of the Personal Information Protection Act to ensure the security of personal information and takes the following measures:

    • Administrative measures: Establishment and implementation of internal management plans, regular training;
    • Technical measures: Control of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, etc.; and
    • Physical measures: Access control to computer rooms, data storage rooms, etc.

    In addition to these statutory measures, the Company also implements the following activities to ensure the security of personal information:

    • Information protection certification (ISO/IEC 27001).

  7. 7.Installation and Operation of Automated Tools for the Collection of Personal Information and Refusal to Accept Them.

    The Company does not use tools that automatically collect personal information, such as “cookies” that store and retrieve information about users from time to time.

  8. 8.Privacy Officer and the Department in Charge of Receiving and Handling Requests for Access

    The Company has appointed the following person as the Privacy Officer who oversees the overall handling of personal information and is responsible for managing complaints and providing redress to information subjects related to the handling of personal information.

    Privacy Officer Privacy Manager
    Depart-
    ment    		 Privacy Privacy
    Name Kim Byeongyoon Cho Hyewoo PL
    Contact - 02-6100-
    3114

  9. 9.Remedies for Infringement of the Rights and Interests of the Information Subject

    The information subject may seek remedies for infringement of their personal information by filing a case with or contacting the Personal Information Dispute Mediation Committee or the Korea Internet and Security Agency Privacy Call Center. For other reports and consultations regarding personal information infringement, please contact the following organizations:

  10. 10.Changes to the Privacy Policy

    This Privacy Policy takes effect from 25 April, 2024.