GMPBIO (hereinafter, the “Company”) values users’ personal information, complies with statutory obligations on protection of personal information such as the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. and the Act on Protection of Personal Information, and has created a Policy to Handle (Process) Personal Information to protect the users’ right and interest to the maximum extent possible.

Through the Policy to Handle (Process) Personal Information, the Company publicizes its operations on personal information treatment (processing) with particulars such as the types of personal information collected from the users and the purpose of processing such information, the time limit for processing and holding in possession, users’ method to exercise their rights, measures to procure the security, and so on.

Whenever there is a change in the Policy to Handle (Process) Personal Information, including updating, deleting, or adding its contents, whether resulting from any amendment to the relevant statutory sources or the administrative policy or change in the Company’s internal policy, we will post the change on our website at www.gmpbio.co.kr so as to keep the users updated.

The Company’s Policy to Handle (Process) Personal Information contains the following:

Types of personal information collected and method of collection

The following information may be generated and collected in the course of using the service.
Types of personal information collected

Login ID, Password, Name, Birth date, Tel(phone), E-mail, Address, Cookie

Method to collect
Collection through Q&A within the Website, membership registration

Purpose of collecting and using personal information

The Company collects personal information for the following purposes. The pfi will not be used for any other purpose and whenever it is necessary to change the purpose, we will comply with the statutory requirements such as obtaining users’ consents in advance.
- Customer inquiry (Q&A) - Review and reply to the inquiries from users

Time limit for possessing and using personal information

Company handles and retains personal information within the personal information retention and use period consented by the information supplier at the time of gathering the personal information or the personal information retention and use period pursuant to laws.
- Personal identification pursuant to use and confirmation of real name: 3 years
- Records on consumer complaints or settlement of disputes: 5 years from the termination date of handling the dispute
- Cases relating to product administration and medical information relating to the products: 5 years
- Product research and development and improvement: Until the achievement of the objective (for product research and development and improvement, only abstract information that cannot specify an individual after 5 years have passed may be retained)

Destruction of Personal Information

Company destroys the pertaining personal information without delay when the personal information is deemed to be no longer necessary, such as when the objective of handling has been achieved or the personal information retention period has lapsed.
In the event of having to preserve personal information pursuant to other laws, despite of achieving the objective of handling or the lapse of the personal information retention period consented by the information supplier, the pertaining personal information is preserved by transferring to a separate database or by using a different storage place.
The personal information destruction procedure and method are as follows.
Destruction procedure

- Company selects the personal information with a cause for destruction, and destroys the personal information by obtaining the approval of the personal information protection manager of Compan

Destruction method

- Company destroys personal information recorded or stored in an electronic file form so that the record may not be regenerated, and destroys personal information recorded or stored in a paper document through incineration or shedding in a shredder.

Matters on providing personal information to a third party

The Company will not disclose duly collected users’ personal information outside the Company as a matter of principle. However, as follows are the exceptions.
A user has right to disallow disclosure of his/her personal information to a third party. However, those users who refuse to give consents may have his/her use of the service limited.
- If the user has given his/her consent in advance.
- If it is specifically required by laws or regulations or inevitable in order to comply with statutory requirements, or if it is deemed necessary for the sake of life, body or property of the information owner or a third party when the information owner or his/her legal representative is under a state incapable of communication or unable to give consent due to unknown domiciles or otherwise (only to the extent the purpose of collecting personal information is served).

Matters regarding entrustment of personal information

If, in order to provide better service, it is desirable to entrust the handling of personal information to an independent professional business, the Company will obtain the consent of the owner of information and notify the name of the trustee company and the service to be entrusted.
- entrustment : THREEWAY
- entrustment contents : website, system management

Rights and Obligations of Information Supplier and Exercising Method

The information supplier may exercise the rights relating to personal information protection in the following sections at any time against Company.
The person in charge : Seungbae Min
1. Demand to access personal information
2. Demand to make correction when there is an error
3. Demand for deletion
4. Demand for suspension of handling

Personal Information Safety Procurement Measures

The Company is operating cookies that regularly stores and locates users’ information.
1. Managerial measures : Establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: Installation of security program, encryption of matters such as unique identifier, installation of access control system, and management of access authority.
3. Physical measures: Access control such as to the data processing room or data storage room

Personal information manager and customer complaint center

To protect users’personal information and handle personal information-related customer complaint, the Company has appointed a personal information manager and processor. Any inquiry related to personal information protection and management should be directed to the personal information processor for instant and adequate reply.

Division : Seungbae Min
Contact : +82-31-943-5000
E-mail : sbmin@gmp.co.kr

Personal information management (protection) processor : Seungbae Min
Contact : +82-31-943-5000
E-mail :sbmin@gmp.co.kr

Any user seeking to relief from personal information infringement may apply for resolution or consultation to Personal Information Dispute Mediation Committee, Korea Internet and Security Agency (Personal Information Grievance Center). In addition, users may contact the following institutions to be consulted on personal information infringement cases.
1. Personal Information Dispute Mediation Committee (118)
2. Korea Internet and Security Agency (Personal Information Grievance Center)(www.kopico.or.kr/1336)
3. Information Protection Mark Verification Committee (http://eprivacy.or.kr/02-580-0533~4)
4. Internet Crime Investigation Center of the Supreme Prosecutors’ Office (http://icic.sppo.go.kr/02-3480-3600)
5. Cyber Police Agency (www.police.go.kr/1566-0112)
6. Personal information Protection Committee (http://privacy.kisa.or.kr/kor/main.jsp)/02-2180-3000)