top of page

SmileShark Co.,Ltd. (hereinafter referred to as the "Company") complies with the Personal Information Protection Act of the Republic Korea and  other applicable laws. This Privacy Policy explains how the Company collects, uses, retains, and protects personal information.

1. (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information shall not be used for purposes other than those stated below. If the purpose of use is changed, the Company will take necessary measures such as obtaining consent in accordance with applicable laws.

2. (Items of Personal Information Collected)

  1. The Company collects and processes personal information for purposes such as user support and service provision. When collecting personal information, the Company notifies users in advance and obtains their consent.

  2. The Company processes, retains, and destroys personal information within the retention and usage period specified in the consent form, in accordance with applicable laws and the Company’s Privacy Policy.

  3. In the course of providing services, the following information may be automatically generated or additionally collected.

3 (Processing and Retention Period of Personal Information)

The Company destroys personal information without delay once the purpose of collection and use prescribed by applicable laws has been achieved.  
However, where it is necessary to retain personal information pursuant to relevant laws and regulations, the Company retains users’ information for a certain period as prescribed by such laws, as set forth below.

1. The processing and retention period for each category of personal information is as follows.

  • For the purposes of this Policy, “Members” refer to individuals who register as members of Tech Support Center 2.0 and receive services provided by the Company.

  • “Contract Customers” refer to individuals or entities that enter into a contract with the Company and receive services provided through Tech Support Center 2.0.

2. The statutory retention periods required under applicable laws are as follows.

4. (Procedures and Methods for Destruction of Personal Information)

The Company, in principle, destroys personal information without delay once the purpose of collection and use has been achieved.

The procedures and methods for destruction are as follows.

1. Destruction Procedures

Personal information entered by users for purposes such as membership registration is separated into a separate database (DB) after the purpose has been achieved (or, in the case of paper documents, stored in a separate storage location). Such information is stored in accordance with internal policies and information protection guidelines prescribed by other applicable laws (see Article 3 (Processing and Retention Period of Personal Information)) and is then destroyed.

Personal information that has been separated into a separate database (DB) is not used for any purpose other than those required under applicable laws.

 

 2. Destruction Methods

1) Personal information stored in electronic file format is destroyed using technical methods that render the records irrecoverable.

2) Personal information stored or printed on paper documents is destroyed by shredding or incineration.

5. (Measures to Ensure the Safety of Personal Information)

In accordance with Article 29 of the Personal Information Protection Act, the Company implements the following technical, administrative, and physical measures necessary to ensure the safety of personal information.

  1. Administrative measures: Establishment and implementation of internal management plans, operation of a dedicated organization, and regular employee training

  2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, and installation and regular updates of security programs

  3. Physical measures: Access control for facilities such as computer rooms and data storage rooms

6. (Provision of Personal Information to Third Parties)

The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only with the prior consent of the data subject or where there are special provisions under applicable laws.

Except in the following cases, the Company does not provide personal information to third parties without the prior consent of the data subject:
   1.    Where the data subject has given prior consent
   2.    Where provision is required by law or where investigative authorities request such information in accordance with procedures prescribed by applicable laws for investigative purposes

7. (Outsourcing of Personal Information Processing)

The Company does not outsource users’ personal information to external service providers without obtaining the users’ consent.

If such outsourcing becomes necessary in the future, the Company will notify users of the entrusted parties and the details of the outsourced tasks and obtain prior consent where required.

The Company outsources personal information processing tasks as follows.

  1. Details of Domestic Outsourcing of Personal Information Processing

2. Details of Overseas Outsourcing of Personal Information Processing

  1. When entering into an outsourcing agreement, the Company specifies matters such as the prohibition of processing personal information beyond the scope of the outsourced tasks, technical and administrative protective measures, restrictions on re-outsourcing, management and supervision of the entrusted party, and liability for damages, in written agreements such as contracts, in accordance with Article 26 of the Personal Information Protection Act. The Company supervises whether the entrusted party processes personal information safely.

  2. If there are any changes to the outsourced tasks or the entrusted parties, such changes will be disclosed without delay through this Privacy Policy.

  3. Method, procedure, and effect of refusing the transfer of personal information:
    If a user refuses the overseas transfer of personal information, the relevant services may not be available. If you do not wish to consent to overseas transfer, please notify us of your refusal through the contact information below, and we will take necessary measures.

Contact for Requests and Processing
Department : Operation Team
Phone : 070-4369-2028
Email : contact@smileshark.kr

8. (Rights of Data Subjects and Legal Representatives and How to Exercise Them)

  1. Pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, data subjects may, at any time, exercise the following rights with respect to their personal information held by the Company:
    the right to request access to, correction of, deletion of, or suspension of processing of personal information.

  2. The rights set forth in Paragraph 1 may be exercised in writing, by telephone, or by email, and the Company shall take necessary measures without delay upon receipt of such requests.

  3. Such rights may also be exercised through a legal representative or an authorized agent of the data subject. In such cases, a power of attorney in the form prescribed under Form No. 11 of the “Public Notice on Personal Information Processing Methods” must be submitted.

  4. Requests for access to personal information or suspension of processing may be restricted in accordance with Article 35(4) and Article 37(2) of the Personal Information Protection Act.

  5. Requests for correction or deletion of personal information may be denied where the relevant personal information is required to be collected or retained under other applicable laws and regulations.

  6. When a request is made to exercise any of the rights described above, the Company shall verify whether the requester is the data subject or a legitimately authorized representative before taking action.

9. (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

The Company uses cookies and similar technologies that store information and retrieve it periodically.
A cookie is a small text file sent by a website server to a user’s web browser and stored on the user’s device for the purpose of operating the website efficiently.

  • The Company uses cookies for the following purposes : to enhance convenience in using the services; to provide customized and optimized services; and to conduct statistical analysis of service usage.

  • Users have the right to choose whether to allow the installation of cookies. Accordingly, users may configure their web browser setting to: allow all cookies, receive a prompt each time a cookie is stored, or refuse the storage of all cookies.

  • Methods for refusing or managing cookies settings are as follows :

    ▶ Desktop browsers

    ・ Chrome : Select ":" at the top right of the browser > Open a new incognito window (Shortcut : Ctrl+Shift+N)

    ・ Microsoft Edge : Select ‘…’ at the top right of the browser > Open a new InPrivate window (Chorcut : Ctrl+Shift+N)

    ▶ Mobile browsers

    ・ Chrome : Select ‘⋮’ at the top right of the mobile browser > Open a new incognito tab

    ・ Safari : Device Settings > Safari > Advanced > Block All Cookies

    ・ Samsung Internet : Select the ‘Tab’ icon at the bottom of the browser > Turn on Secret Mode > Start

  • Please note that refusing or blocking cookies may result in limitations or difficulties in using certain services provided by the Company.

10. (Use of Analytics Tools)

For the purpose of providing better and more efficient services, the Company uses Google Analytics, a web log analysis tool provided by Google Inc.

Google Analytics collects behavioral information of users visiting the Company’s website through the use of cookies.

In this process, only non-identifiable information that cannot be used to identify individual users is collected.

Notwithstanding thr foregoing, users may refuse the use of Google Analytics by: installing Google Analytics Opt-out Browser Add-on (available on the Google Analytics Opt-out Browser Add-on Download Page); or configuring their web browser settings to block cookies.

Google Analytics collects behavioral information of users visiting the Company’s website through the use of cookies.

In this process, only non-identifiable information that cannot be used to identify individual users is collected.

11. (Remedy for Infringement of Rights)

Data subjects may seek remedies for infringement of personal information rights by applying for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center operated by the Korea Internet & Security Agency (KISA), or other relevant organizations.

  1. Personal Information Disqute Mediation Committee 
    Telephone: 1833-6972   |   Website:  www.kopico.go.kr
    Address: 12F, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul, 03171, Republic of Korea

  2. Personal Information Infringement Report Center (KISA)
    Telephone: 118   |  Website: privacy.kisa.or.kr
    Address : Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do, 58324, Republic of Korea

  3. Supreme Prosecutors' Office of the Republic of Korea
    Telephon: 1301  |  Website: www.spo.go.kr

  4. National Police Agency of the Republic of Korea
    Telephone: 182   |   Website: ecrm.cyber.go.kr

Any person whose rights or interests have been infringed due to a disposition or omission by the head of a public institution in response to a request made pursuant to Articles 35 (Right of Access), 36 (Right to Rectification or Deletion), or 37 (Right to Suspension of Processing) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.

※ For further details regarding administrative appeals, please refer to the website of the Central Administrative Appeals Commission(www.simpan.go.kr)

12. (Personal Information Protection Officer)

In order to protect users’ personal information and to handle complaints related to personal information, the Company designates the following department and personal information protection officer.

Personal Information Consultation Department
Department : Operation Team
Telephone: 070-4369-2028
Email : contact@smileshark.kr

Personal Information Protection Officer (DPO)
Name : Ho-Sang Kwak, Director
Telephone : 070-4369-2028
Email : contact@smileshark.kr

13. (Notice of Changes to the Privacy Policy)

In the event of any additions, deletions, or modifications to this Privacy Policy due to changes in applicable laws, policies, or security technologies, the Company shall provide prior notice of such changes at least seven (7) days before the effective date of implementation.

 

However, where there are material changes that significantly affect the rights of data subjects, the Company shall provide notice at least thirty (30) days in advance, and may obtain renewed consent from users, if necessary.

 

Notices of amendments to this Privacy Policy shall be provided through appropriate means, including publication on the Company’s website.

bottom of page