Privacy Policy of Grepp Inc.



Grepp Inc. (hereinafter, the “Company”) is committed to protecting the members’ personal information and complies with the provisions of protecting personal information under the related laws including ‘Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.’ (hereinafter, the “Act on Information and Communications Network”) and ‘Personal Information Protection Act’. The Company provides the following Privacy Policy and will exert its fullest endeavor in protecting the users’ rights and interests. This Privacy Policy shall be applied to the services defined in the Article 2 of the Company’s Terms and Conditions and includes the following provisions.


Article 1 [Purpose of Processing Personal Information]

Article 2 [Processing and Retention Period of Personal Information]

Article 3 [Provision of Personal Information to a Third Party]

Article 4 [Consignment of Personal Information Processing]

Article 5 [Rights and Obligations of Principal of Information and the Methods of Exercising]

Article 6 [Personal Information Items to be Processed]

Article 7 [Matters Concerning the Installation/Operation and Refusal of the Automatic Personal Information Collection System]

Article 8 [Destruction of Personal Information]

Article 9 [Measures to Secure Personal Information]

Article 10 [Contact Information of a Person in Charge of Privacy Protection]

Article 11 [Modification to the Privacy Policy]




Article 1 [Purpose of Processing Personal Information]

Personal Information refers to information on living individuals and is used to identify individual members by their real names, etc. (including information from which a particular individual can be identified when combined with other information even if the individual cannot be identified only with the information itself). Collected personal information will be utilized for the following purposes:

① Subscription for membership at homepage and management thereof

Personal information is processed for the purposes of identifying a person for the use of membership services, confirming the intention to sign up, maintaining and managing the membership, preventing unfair or unauthorized use of the services, processing counseling and inquiries, giving various announcement/notification, etc.

② Provision of services including goods

Personal information is processed for the purposes of self-validation, identification of individuals to provide contents such as recruitment information matching and coding tests, delivery of information arising out of provision and use of the services (result of employment acceptance, test result, etc.), mutual contacts among the members, purchase of services and payment thereof, sending out of a written agreement and invoices, provision of contents, sending out of items and evidential materials, etc.

③ Development of services and utilization of marketing and advertisement

Provision of customized services, instruction and recommendation of services usage, analysis of statistics and access frequency for service improvement and development of new services, fees settlement in time of purchasing and using paid services, publication of advertisement in accordance with statistical features, provision of information on promotional events and participation opportunities.

④ Statistical analysis for understanding of recruitment and employment trends, data analysis for service advancement



Article 2 [Processing and Retention Period of Personal Information]

The Company processes and retains the personal information collected and consented from a principal of the information within the use period in accordance with the laws. Each processing and retention period of personal information shall be as follows:

① Subscription information collected for the provision of online/mobile services: until withdrawal of subscription

However, in any of the following causes, the personal information will be processed and retained until such causes cease to exist despite the member’s withdrawal:

  1. If any investigation or inspection is ongoing against the breach of related laws, information will be processed and retained until such investigation is over.

  2. In the event of any remaining claim-obligation relationship resulting from the use of Programmers, information will be processed and retained until the settlement of such claim-obligation relationship.

② If information needs to be stored for the following reasons, the information will be stored in a separate DB or table which is blocked from the outside:

  1. Retention of personal information pursuant to the laws
    
1) Protection of Communications Secrets Act - History of service uses, access logs, access IP information: 3 months. 2) Act on the Consumer Protection in Electronic Commerce, etc. - Records on display and advertisement: 6 months, Records on withdrawal of agreement: 5 years, Records on the payment and supply of goods, etc.: 5 years, Records on settlement of consumer complaints and disputes: 3 years. 3) Value-Added Tax Act - Information on transaction details including tax bill, receipt, etc.: 5 years.

  2. Effective term system for personal information (dormant account policy)
    
1) If there is no access history on the Services (website, mobile web) provided by Programmers during the retention period of personal information selected by the members, the personal information of a user not using the Services shall be stored and managed separately from the information of general users. (converted to dormant account) 2) The Company shall notify the users of the details of such contents thirty (30) days prior to the point of conversion to a dormant account via email, etc. 3) The personal information separately stored shall not be used or provided except as specially stipulated in the related laws and regulations and will be kept for a specific period of time and destroyed after the lapse of such period; provided, however, that the personal information not destroyed shall be provided upon the related user’s request at the point of re-commencement of the services.


Article 3 [Provision of Personal Information to a Third Party]

① The Company shall handle the personal information of the principal within the scope specified in Article 1 hereof and provide such information to a third party only if such act has obtained a consent from the principal of information or is stipulated in the special provisions of laws such as Article 17 of the ‘Personal Information Protection Act’ (Provision of Personal Information).

② The Company provides personal information to a third party as follows:

Information recipient Purpose of provision Provided information Period of retention and use
Member who created a coding test that a regular member or temporary member has applied for, and a member co-hosting a coding test Confirmation of applicant’s information and provision of recruitment related information Confirmation of applicant’s information and provision of recruitment related information From the point of consent to the point of membership withdrawal or service termination
Among corporate members, a company that has an access to resumes and coding tests, a company that a personal member has applied for research of job seekers’ data in accordance with the purpose of recruitment ID, name, profile picture, work experience (company name, position, term of service, work description), education (school name, period of attendance, degree, major, GPA, other description), coding test results ID, name, profile picture, work experience (company name, position, term of service, work description), education (school name, period of attendance, degree, major, GPA, other description), coding test results

③ Personal information may be provided if it is pursuant to Article 18 of the Personal Information Protection Act, or is requested by investigative agency in compliance with procedures and methods determined in laws for investigation purpose.

You may choose not to consent to the provision of your personal information to a third party or at any time cancel your consent of provision; provided, however, that you may be restricted from using part of our services that are based on the provision of information to a third party except for subscription.


Article 4 [Consignment of Personal Information Processing]

① The following affairs are entrusted to third parties to provide seamless Services.

1) Domestic entrusted parties

Entrusted Parties Affair
Danal, inc Payment processing (CMS, Virtual Account, credit card, other payment methods, refund account verification), prevention of wrongful payment
Stibee E-mail service
Amazon Web Services Inc.(Seoul Region) Hosting and backend infrastructure

2) Cross-border entrusted parties

Entrusted Party Information Management Officer Purpose Items to be transferred Country Transfer Date Use Period
Sendgrid datasubjectrequests@sendgrid.com E-mail service name and email United States of America Cross-border transfer of personal information,Transmission via network at the time of service use Until the user’s deregistration or the termination of entrustment agreement
Mailchimp privacy@mailchimp.com E-mail service name and email United States of America Cross-border transfer of personal information,Transmission via network at the time of service use Until the user’s deregistration or the termination of entrustment agreement


Article 5 [Rights and Obligations of Principal of Information, and Methods of Exercising]

① Principal of information may at any time exercise his/her rights in connection with the protection of personal information at the Company’s Programmers homepage (programmers.co.kr).

  1. Inquiry and modification of personal information: available in the upper right part of Programmers homepage [setting > account management]

  2. Membership withdrawal: available in the upper right part of Programmers homepage [setting>account management>account>delete account]

  3. Cancellation of consent: status of whether to disclose a resume or not can be set through [setting>account management>resume management>disclosure] and setting of receiving advertisement can be changed through [setting>account management>email notification].

② Any inquiries on the exercise of rights pursuant to paragraph 1 of this Article can be addressed to Programmers website, in written form, or via phone call or email, and the Company will take measures for this without delay.

③ Exercise of rights pursuant to paragraph 1 of this Article may be done by a proxy such as a legal representative of a principal of information or any person who has been delegated. In such a case, a Power of Attorney prepared in accordance with the format determined in the Personal Information Protection Act shall be submitted.



Article 6 [Items of Personal Information to be Processed]

The Company collects, uses, retains and destroys the following items of personal information by types of Programmers members and services. The members are authorized to refuse to consent to the provision of optional items, in which case, such members may be restricted from subscribing or using the services.

① Personal member

  1. Subscription

    • Required items: name, email (ID), password
    • Optional items: date of birth, affiliated company, telephone, one line self-introduction, homepage, location, account information set by the user for interconnection with exterior services such as Facebook, self-identification value (CI, DI), consent to receive marketing information (email)
  2. Programimng contest

    • Required items: personal information required by the applied company to fill in its own resume format, if necessary
    • Optional items: date of birth
  3. Use of recruitment services

    • Required items: name, email, telephone
    • Optional items: storage address, blog or website address, one line self-introduction, work experience (company name, duty, period, position, other links and description), toy project (name of project, one-line description of the project, team organization, year of creation, roles, storage links, whether it is open or not), education (name of school or institution, major, degree, period of attendance, graduation, other description), language proficiency (foreign name, proficiency level, test score)
  4. Use of paid services

    • Required items: payment information
    • Payment by card: name of card company, card number, expiration date
    • Payment by mobile: mobile number, information of telecommunications company
    • Remittance with a bank book: name of bank, account number

② Corporate member

  1. Subscription

    • Required items: email (ID), password, name
    • Optional items: self-identification value (CI, DI), consent to receive marketing information (email)
  2. Recruitment of developers

    • Required items: company introduction, open positions, description of positions, company’s homepage, address of place of business
    • Optional items: hiring period, stack of required techniques
  3. Use of paid services

    • Required items: payment information
    • Payment by card: name of card company, card number, expiration date
    • Payment by mobile: mobile number, information of telecommunications company
    • Remittance with a bank book: name of bank, account number

③ Temporary member applying for a coding test

  1. Application for a coding test
    • Required items: name, email (ID), (In application of recruitment test) results of a coding test hosted by an applied company

④ During process of using the internet service, the following items of personal information may be automatically created and collected:

  1. IP address, cookies, service use history, visit history, record of abnormal usage, etc.



Article 7 [Matters Concerning the Installation/Operation and Refusal of the Automatic Personal Information Collection System]

① In order to provide personalized and customized services, the Company uses ‘cookie’ which stores and recalls in a frequent basis information on the use of Programmers services. Cookie is a small packet of data sent from a server used for the operation of a website to the user’s browser and is kept in your computer hard disk. Information collected by the Company through cookies shall be limited to the member’s unique number (User ID), and the Company does not collect any other information. The member’s unique number collected by the Company through cookies may be utilized for the following purposes:

  1. Purpose of using cookies

    • To provide customized services by analyzing access frequency and visiting time of members and non-members, comprehending fields of users’ interests and tracing tracks, and analyzing degree of participation in various promotional events and the number of visits, etc.
  2. Methods of refuse cookies

    • You have an option to consent to the installation of cookies. Therefore, you may allow all cookies by setting an option in your web browser, or go through a confirmation process every time the cookies are stored, or otherwise refuse the storage of all cookies.
  • Setting methods
    • Internet Explorer: Tool>Internet option>Personal information>setting of the level of processing personal information in the upper part of your web browser
    • Chrome: Menu>Tool>Delete Internet usage history in the right part of your web browser.

② The Company obtains users’ information through service session. Session refers to the system file sent to the user’s computer from a servicer of the services when the user visits the services site and it stays in the user’s computer for a while to maintain connection for the user. This session is only used for the current connection and is deleted when the browser gets closed.



Article 8 [Destruction of Personal Information]

① When the personal information becomes no longer necessary with the lapse of retention period and achievement of processing purposes, the Company shall destroy the related personal information without delay.

② In the case where personal information should continue to be preserved in accordance with other laws and regulations despite the lapse of retention period as previously consented by a principal of information or the achievement of processing purposes, such personal information shall be retained in compliance with the laws.

③ Process and method of destroying personal information are as follows:

  1. Process of destructon

    • Personal information, the collection and purpose of which has been achieved, shall be immediately destroyed, or be transferred to a separate DB in case it should be stored in accordance with related laws and be destroyed without delay after being stored safely for a specific period of time (refer to processing and retention period of personal information) in compliance with internal regulations and related laws. In such a case, the personal information transferred to DB shall not be utilized for any purpose other than stipulated in the laws.
  2. Method of destruction

    • Any personal information recorded or stored in the form of electronic file is destroyed by using the methods forbidding its replay, and any personal information recorded or stored in paper document is destroyed by using a paper shredder or is incinerated.



Article 9 [Measures to Secure Personal Information]

The Company is taking technical and managerial measures in accordance with related laws which are to be abided by an information and telecommunications service provider including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., Personal Information Protection Act in order to secure safety of personal information so that such information is not lost, stolen, leaked or damaged from forgery.

① Technical measures

  1. Personal information is protected by password, and important data are being protected with the use of separate security function by encrypting files and data or by using Lock functions.

  2. The Company is taking measures to prevent any damages from computer viruses by using vaccine programs. The vaccine programs are updated on a regular basis, and in the advent of any unexpected virus, such updated vaccine programs are applied immediately to prevent any infringement of personal information.

  3. The Company is adopting a securing system (SSL) that can safely send personal information in the network by using an encrypted algorithm.

② Managerial measures

  1. The Company has established and executed internal management plans, thereby strictly limiting the person handling personal information to the person who is in charge of managing personal information and the person who unavoidably has to handle personal information for his/her occupational duties, and the Company is emphasizing the compliance of this policy such as by providing frequent trainings for the employees in charge.



Article 10 [Person in Charge of Privacy Protection]

Company designates the following person who is in charge of privacy protection in order to take overall responsibility for the personal information processing and to deal with the member’s complaints and damage relief in connection therewith. Should you have any inquires on the customers’ personal information, please contact the following person in charge of privacy protection:

① Department: Programmers Team
② Staff in charge: DooShik Chung(CSO)
③ Contact: 070-4107-1884
④ Email: contact@grepp.co



Article 11 [Modification to the Privacy Policy]

The Company’s Privacy Policy may be modified in accordance with the modifications to the laws and guidelines by the government as well as the Company’s Terms and Conditions and internal policy. In case of amendment, the Company will publish the contents thereof on the Company’s homepage or announce via email in compliance with Article 31 of the Personal Information Protection Act and Article 30 of the Enforcement Decree of the Personal Information Protection Act.



Date of publication: January 14, 2020

Effective date: January 21, 2020

이전 개인정보취급방침 보기