1Q ON

Privacy Policy

Last updated: February 28, 2023

Hana TI company Ltd.(the company) operates oneqon.hanati.co.kr (the “Site”). This page informs you of our policies regarding the collection and use of personal information we receive from users of the Site.

Hana TI company Ltd. complies with the Personal Information Protection Regulations under the relevant laws and regulations to be observed, including the Personal Information Protection Act, the Promotion of Information and Communication Network Utilization and Information Protection Act.

OneQ ON (The Solution brand of Hana TI company Ltd.) will inform you that the personal information is used for any purpose and method and the measures are being taken to protect personal information by the privacy policy.

The company discloses the privacy policy at the bottom of the website (oneqon.hanati.co.kr) so that users can easily access it at any time.

The company's personal information processing policy may be changed from time to time due to changes in legal and government guidelines or changes in internal policies. When users visit the OneQ ON homepage, they should check the privacy policy from time to time.

This Privacy Policy contains the following information.

1. Personal information collection items and methods: 1) Personal information collection items To respond to customer inquiries related to the company's solutions We collect the following personal information.
However, we do not collect sensitive personal information that may infringe upon users' basic human rights.
- Required information : Name, phone number, company name, company e-mail, requests
- Optional information : position, country of residence

2) How to collect personal information
- Home page

2. Purpose of collection and use of personal information: Personal information is processed for the purpose of customer management, such as replying to customer inquiries about OneQ ON's solution.

3. Agreements of collecting personal information: When inquiring about the solution on the OneQ ON website, we ask whether the user agrees to collect, use, and provide personal information, and when the user clicks the [Agree] button, we regard it as agreeing to collect, use, and provide personal information.

4. Installation and operation of automatic personal information collection devices: The following information can be automatically generated and collected in the process of using service or business processing; User's browser type and OS, visit history (IP address, connection time), cookies

5. Use of personal information outside of the intended purpose and provide third parties: The company does not use the users' personal information outside of the purpose of collection and use or provide it to others or other institutions.

Exceptions being made in the following cases.

① In case there is a special provision in the law
② In case necessary for investigation of a crime and for performing the court's trial duties
③ In case the user agrees or provides it to the user
④ In the case of providing minimum user information (name, phone number) necessary for statistical purposes, academic research, etc., the information is provided in a form that cannot identify a particular individual.

6. Matters concerning the consignment of personal information processing: The company does not entrust personal information to an external company. In the future, if the entrusted work occurs or the entrusted work is changed, we will disclose it through this personal information processing policy without delay.

7. Rights and obligations of users and how to exercise them: 1) Users can exercise the following privacy-related rights against the company at any time.
- Request to read personal information
- Request for correction in case of errors, etc.
- Request for deletion
- Request to stop processing, etc.

2) If a user requests to view personal information through writing, e-mail, fax, etc., without delay I will take action. [Application form]
However, if there is a special provision in the law or it is unavoidable to comply with the statutory obligation, if there is a special provision in the law or it is unavoidable to comply with the statutory obligation, there is a risk of harming the life or body of another person or the property of another person If there is a risk of unfairly infringing on other interests, or if it is difficult to fulfill the contract, such as not being able to provide the service agreed to with the user if personal information is not processed, the user does not clearly indicate his/her intention to terminate the contract. In this case, the relevant user may be notified and the request for reading and processing suspension may be rejected.
3) If a user requests correction or deletion of errors in personal information, the relevant information is processed until the correction or deletion is completed. We do not use or provide personal information.
4) Users may request to view personal information through a delegated agent. In this case, a power of attorney must be submitted. [Power of attorney]

8. Rights of users and agents and how to exercise them: 1) Users and their delegated representatives can inquire or modify registered personal information at any time, and if they do not agree to the company's processing of personal information, they can refuse consent. However, in such a case, it may be difficult to use some or all of the service.
2) Users can view, correct, or withdraw their personal information directly from the company website or through an authorized agent in order to withdraw their consent. Or, if you contact the personal information protection department in writing, by phone or e-mail, we will take action without delay.
3) If a user or an authorized agent requests correction of errors in personal information, the personal information will not be used or provided until the correction is completed.
4) The company handles personal information that has been canceled or deleted at the request of the user or the delegated agent as specified in "9. Period of Use and Retention of Personal Information" and is not allowed to be viewed or used for any other purpose.

9. Period of use and retention of personal information: In principle, users' personal information is destroyed without delay when the purpose of collection and use of personal information is achieved. If the user requests the deletion of personal information, the information will be deleted without delay.

10. Procedures and Methods for Destruction of Personal Information: 1) Destruction procedure
- The personal information submitted by the user will be destroyed within 5 days when the personal information becomes unnecessary, such as when the purpose is achieved.
However, if it is necessary to keep personal information in accordance with '9. Period of Use and Retention of Personal Information', personal information is moved to a separate database (DB) or stored in a different storage location.
- This personal information will not be used for any other purpose other than being retained unless it is required by law.

2) Destruction method
- Personal information printed on paper is destroyed by crushing or incineration.
- Personal information stored in the form of electronic files will be deleted using a technical method that cannot reproduce the record.

11. Matters concerning measures to ensure the safety of personal information: In handling users' personal information, the company is safe so that personal information is not lost, stolen, leaked, altered or damaged.
The following technical, managerial and physical measures are being taken to secure

1) administrative action
- Establishment and implementation of internal management plan
- Education for employees and trustees who directly process personal information
- Regular self-inspection according to the internal management plan

2) technical measures
- Differentially grant access to the internal personal information processing system to the minimum extent necessary for business performance
- Encryption of personal information and apply a security device that can safely transmit personal information on the network
- Operation of backup management system and regular backup to keep system access records and prevent forgery or falsification
- Application of document encryption solution to respond to theft/loss of personal information files
- Installation and operation of security programs that can prevent, treat, and monitor hacking and malicious programs
- Application of access control to prevent illegal access and infringement accidents through information and communications networks

3) physical action
- Minimize access rights to the computer room, personal information data storage room, etc. and operate a physical access restriction system
- Documents containing personal information, auxiliary storage media, etc. are stored in a safe place with a locking device.
However, despite the fact that the company has fulfilled its obligation to protect personal information, the company is not responsible for any damage that is not attributable to the company, such as the user's negligence or accidents in areas not managed by the company.

12. Matters concerning changes to the personal information processing policy: When the company changes the personal information processing policy, it continuously discloses the time of change and implementation, and the changed content, and compares the changed content before and after the change so that users can easily check it and discloses it.

13. Personal information protection department and contact information: The company limits the number of personal information managers to a minimum number to prevent damage caused by leakage and misuse or abuse of personal information, and designates a representative with practical responsibility for personal information management as the personal information protection officer. The person in charge of personal information protection of the company is as follows.

1) Personal Information Protection Officer
- Position: Managing Director
- Name: Kim Heung-man

2) Department in charge of personal information protection
- Affiliation: Security Consulting Team
- Person in charge: Assistant Manager Noh Hae-Myeong
- Tel: 02-6477-1294
- Mail: hanati.privacy@hanafn.com
※ You will be connected to the department in charge of personal information protection.

If you need to report or consult on other personal information infringement, you can contact the following organizations.
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- Cyber Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / 1301 without area code)
- National Police Agency Cyber Investigation Bureau (police.go.kr / 182 without area code)

14. Obligations of Notice: 1) What are cookies?
① The company uses cookies to store and retrieve user information from time to time to provide personalized and customized services.
② Cookies are very small text files sent by the server used to operate the website to the user's browser and are stored on the hard disk of the user's computer. Then, when the user visits the website, the website server reads the contents of the cookie stored on the user's hard disk and is used to maintain the user's environment settings and provide customized services.
③ Cookies do not automatically or actively collect information that identifies individuals, and users can refuse to store or delete these cookies at any time.

2) Installation/operation and rejection of cookies
① Users have the option to install cookies. Therefore, the user allows all cookies by setting options in the web browser, or checks each time a cookie is saved. Alternatively, you can refuse to save all cookies.

15. Duty of Notice: The company will notify you through the website if there is a significant change in user rights, such as collection and use of personal information, or if there is a change, such as addition or deletion, to the contents of the personal information processing policy.

supplementary policy

Article 1 (Enforcement Date) This personal information processing policy is effective from January 20, 2020.

Article 2 (Enforcement Date) This personal information processing policy is effective from November 10, 2021. [Revised Comparison Table]

Article 3 (Enforcement Date) This personal information processing policy is effective from February 28, 2023. [Revised Comparison Table]