(Effective Date on November 21, 2023) Suprema Global Technical Support Website Privacy Policy

Suprema Global Technical Support Website Privacy Policy 

The overseas customer technical support site (hereinafter referred to as “Suprema Global Technical Support Site” or “Site”) of Suprema Co., Ltd. (hereinafter referred to as the “Company”) protects users’ personal information and handles related complaints quickly and smoothly. In order to do so, we establish and disclose the personal information processing policy as follows.  

Article 1. Purpose of Personal Data Processing and Processing Items  

①. The Company processes the personal data of data subjects as follows: 

Category (Service) 

Purpose of processing 

Processed personal data 






Suprema Global Technical Support Site 





Sign up 

Enter the user account  information 

Essential 

Name, Email, Company Name, Country, Region, The name of the company that purchased, Company Type (Suprema Authorized Distributor, SI, End-User, Dealer, Reseller) 

Send the user account  registration email 

Essential 

Name, Email 

User Account Activation 

Essential 

Name, Password 

Edit the signed up information 

Account management 

Optional 

Direct input information: Photo, Title(Position, title, stage name, etc.), Work Phone, cell phone, Twitter 

Input information through administrator request : Region for USA 

Chat-bot 

Chat-bot Service 

Essential 

Name, email, chatbot message (transmission time, message content) 

Optional 

Country, Region, The name of the company that purchased, Company Type (Suprema Authorized Distributor, SI, End-User, Dealer, Reseller) 

Creating a ticket 

Ticket Management 

Essential 

Name, Email, Ticket Content 

Optional 

Region, Company Name, Country, The name of the company that purchased, Company Type(Suprema Authorized Distributor, SI, End-User, Dealer, Reseller) 

Sending the email response  

Email response service provided 

Essential 

Name, Email 

1) The above personal information is used to provide technical support to Suprema’s overseas customers. 

- Handle inquiries 

- Technical support problem analysis and follow-up actions 

- Send responses to registered tickets 

- Send emails to send notices or known issues on websites and forums 

- Used for technical support trends, such as customer-specific statistical analysis data, market research, product planning, and quality issue analysis data. 

2) To respond to technical problems through tickets, information can be collected through web pages, emails, messengers, remote support, etc. 

3) You have the right to refuse information collection. However, if the user refuses consent, Suprema technical support, forum > following posts, and viewing posts in the forum may be restricted. 

 ② The Company collects personal data through the following methods: 

1) The Company's website (including mobile web and apps) 

2) Information collection tools (access logs, cookies, etc.) 

3) Direct provision by the data subject via offline channels (exhibitions, etc.) 

4) Mail, telephone, fax, or other means used by the data subject for inquiry and consultation purposes 

 ③ The Company collects the minimum amount of personal data necessary to achieve the purpose of collection and ensures that such data is not used for purposes other than the intended ones. If the purpose of use changes, the Company will take necessary measures, including obtaining separate or additional consent from the data subject.  

 ④ The definitions of terms by collection items are as follows.  

1) TICKET

 This means a post created by a customer or Suprema technical support team on a technical support site for overseas customers. Only the requester who created the ticket can access the ticket, and Suprema's technical support team with the agent's authority on the site can review the ticket for technical support.  

2) TICKET CREATION  

This means the first post is registered. 

3) CHAT-BOT 

This is a chat-based automatic response service provided by the site. 

4) Ticket creation path 

It can be created after the customer logs in. 

Customers can request ticket creation via Chat-bot. 

Customers can automatically generate tickets by sending an email to tech_uk@supremainc.com. The ticket will automatically be transferred to the UK technical support team. 

Customers can automatically generate tickets by sending an email to tech_na@supremainc.com. The ticket is automatically transferred to the technical support team that provides technical support for the US country. 

Article 2. Retention of Personal Data and Period of Use  

① Unless required by relevant laws, the Company shall dispose of personal data without delay after the purpose of collection and use has been achieved. 

② When personal data is collected based on the data subject's direct consent, it is retained for the period agreed upon. 

③ Despite the principle of immediate disposal after the purpose is achieved, if there is a need to retain personal data for a certain period as required by relevant laws and internal policies (e.g., for confirming transaction-related obligations), the Company will retain it as follows. 


Category 

Legal Basis 

Retention Period 

Records related to contracts or withdrawal of subscriptions, etc. 

Act on the Consumer Protection in Electronic Commerce 

5 years 

Records related to payment of fees and supply of goods, etc. 

5 years 

Records related to consumer complaints or dispute resolution 

3 years 

Records related to advertisements 

6 months 

Website access records 

Protection Of Communications Secrets Act 

3 months 

   Article 3. Provision of Personal Data to Third Parties 

 ① The Company will not use or disclose the data subject's personal data to third parties without consent, except when required by relevant laws or regulations. 

② However, personal data may be provided without separate consent in the following situations: 

1) For the purpose of settling service fees; 

2) When providing data in an anonymized form for statistical, research, or market survey purposes to research institutions, survey organizations, or other entities; or 

3) When required by special provisions of relevant laws, such as the Personal Information Protection Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, Protection of Communications Secrets Act, Framework Act on National Taxes, Act on Real Name Financial Transactions and Confidentiality, Credit Information Use and Protection Act, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Act, Act on Consumer Protection in Electronic Commerce, Criminal Procedure Act. 

③ If personal data is provided to third parties without the data subject's consent under special legal provisions, only the minimum necessary information will be provided, and it will not be used for purposes other than the intended ones. 

Article 4. Personal information processing entrustment and Consent to overseas transfer of personal information 

① The Company entrusts and transfers (stores) personal data to domestic and overseas entities to ensure smooth information provision, marketing, and stable service delivery, where the personal data is retained by the systems of the entrusted company. The Company shall ensure that the entrusted company only manages the data physically and does not have access to it. 


Personal data(items) being transferred 

Destination country of the transfer 

Timing and method of the transfer 

Transfer recipient 

Corporation name 

Contact 

Purpose of using personal information 

Delivery purpose and 

Retention period 

Name, e-mail address, customer information, record on the user’s tickets, relevant data (Includes information originally collected and information that has changed through modification of the information) 





USA 

Transfer via network upon request 

Freshworks Inc. 

support@freshworks.com 

ㅇ C/S, operation, maintenance 

ㅇSendemailreply 

ㅇSend notices, etc. to forum posts 

Until the membership is canceled, or the entrustment contract is terminated, 

② The Company manages and supervises the entrusted entity to ensure compliance with technical and administrative protection measures, as well as other relevant laws and regulations related to personal data, and prohibits them from processing the data for purposes beyond the scope specified. 

③ In the event of a change in the content of the consigned processing or the entrusted company, the Company will promptly disclose such changes through this privacy policy. 

④ The technical and administrative protection measures of cloud services shall comply with the policies of the cloud service provider. The cloud service provider shall solely manage the physical aspect of the outsourced personal data and shall not access it. 

⑤ The data subject may choose to refuse the transfer of their personal data by contacting the Privacy Officer or the relevant department of the Company. However, please note that refusal to transfer personal data may result in limited access to the Company's relevant services. 

Article 5. Personal Data Destruction Procedure and Method 

 ① When personal data becomes obsolete, such as when the retention period expires or the processing purpose has been achieved, the Company shall dispose of the personal data promptly. 

② In cases where personal data needs to be retained despite the expiration of the agreed-upon retention period or the achievement of the processing purpose due to other laws, it will be transferred to a separate database (DB) or stored in a different location. 

③ The following outlines the procedure and method for the destruction of personal data: 

1) Procedure: 

Information entered by a data subject shall be transferred to a separate database (or a separate document if provided in hard copy) once the intended purpose has been achieved, and stored for a certain period in accordance with internal policies and other related laws. Otherwise, it will be immediately deleted. At this time, the personal information transferred to the database shall not be used for any other purpose, except as required by law. 

2) Method: 

Any information in the form of electronic files shall be deleted through a technical method that makes the records unrecoverable. Personal information printed in hard copy shall be shredded or incinerated. 

Article 6. Rights and Duties of Data Subjects and Exercise of Rights 

① The data subject may exercise the following privacy-related rights directly or indirectly through their legal representative with the Company at any time: 

1) The right to receive information about the processing of personal data. 

2) The right to determine the extent of consent for the processing of personal data. 

3) The right to verify the processing of personal data and request access to (including obtaining copies of) and the transfer of personal data. 

4) The right to request the suspension, correction, or deletion of personal data processing. 

5) The right to seek compensation for damages caused by the processing of personal data through prompt and fair procedures. 

6) The right to object to automated decisions based on personal data processing and request an explanation. 

  

The exercise of rights under article 1 can be done in writing, by phone, by e-mail, by facsimile (fax), etc., and the company will take action without delay after going through the user's identity verification process.  

③ The data subject may exercise their rights either directly or indirectly through their legal representative or an authorized agent. In such cases, a letter of authorization is required. 

④ Notwithstanding the provisions of Paragraph 1, access to personal data and the right to correction may be restricted when: 

1) It poses a serious threat to the life, body, property, or rights of the data subject or a third party; 

2) It significantly disrupts the proper operation of the service provider; or 

3) It violates other laws, etc. 

⑤ The Company does not generally collect personal data from individuals under the age of 16.  

Article 7. Measures to Ensure the Safety of Personal Data 

The Company takes the following administrative, technical, and physical measures to safeguard personal data. 

  1) Administrative measures: 

Establishment and implementation of information security regulations and privacy control policy, operation of a dedicated organization, and regular training for employees. 

  2) Technical measures: 

Access control and authentication for personal data processing systems, installation, and operation of access control systems and security programs, encryption of personal data, encrypted transmission, etc. 

  3) Physical measures: 

Access control for computer rooms, etc. 

Article 8. Installation, Operation, and Rejection of Automatic Personal Data Collection Devices 

① The Company may use cookies, which have the following characteristics, to provide individualized customized services to users: 

1) Cookies are small pieces of information sent by the website's server to the user's computer browser. 

2) Cookies are used to store and retrieve usage histories of website visitors. 

3) Cookies may be stored on users' PC hard drives. 

 ② The Company uses these cookies to recognize users on its website(s) and remember their previous choices for default settings, including language preferences and location. Both first-party and third-party cookies may be used in combination. For detailed information about cookie usage, please refer to our Cookie Policy.  

 ③ Users have the option to configure their web browsers to allow all cookies, request permission before saving cookies, or refuse all cookies. However, it is important to note that rejecting cookies may lead to limitations and issues in the use of our services, and the Company does not assume responsibility for any resulting restrictions.  

 ④ How to install, enable, or reject cookies 


Category 

Rejection method 

Microsoft browser 

For Windows 10 Internet Explorer 11 

Click on the "Tools" button in Internet Explorer. Select "Internet Options." Go to the "Privacy" tab. Click on "Advanced" in the Settings section. Choose whether to block or allow cookies. 

Microsoft Edge 

Click on the "..." button in the top right corner of Edge. Select "Settings." 

On the left side of the Settings page, click on "Privacy, search, and services." In the "Tracking prevention" section, choose the level of tracking prevention you prefer. 

Decide whether to always use "Strict" tracking prevention when searching in InPrivate mode. 

In the "Privacy" section below, select whether to send "Do Not Track" requests. 

Chrome 

PC 

Click on the menu in the top right corner of the web browser, and choose "Settings." Navigate to "Privacy and security." 

Go to "Cookies and other site data" and decide whether to allow cookies. 

Mobile 

Click on the menu in the top right corner of the web browser, and select "Settings." In "Advanced settings," choose "Site settings." 

Go to "Cookies" and decide whether to allow cookies. 

Safari 

Mac OS 

Click on "Safari" in the top left corner of the Mac OS menu bar and choose "Preferences." 

Go to "Privacy" and decide whether to allow cookies. 

iOS 

Go to "Settings." Find and select "Safari" in the list of apps. Under "Privacy & Security," decide whether to allow cookies. 


1 Comment

 Article 9. Contact Information for Privacy Officer and Relevant Department 

① The Company has designated a Privacy Officer, who takes on the general roles and responsibilities of a Data Protection Officer (DPO), to ensure the protection of your personal data and handle any privacy-related inquiries or complaints. 

Category 

Privacy Officer 

Department in Charge of Privacy Protection 

Name 

Chang-soon Park 

Information Security Office 

Contact / E-mail 

031-710-2450 / cspark@suprema.co.kr 

privacy@suprema.co.kr 

② Data subjects may contact the Privacy Officer and the competent department for any inquiries, complaints, or damages related to the protection of personal data that arise while using the Company's services (or business). The Company will promptly respond and handle inquiries from data subjects. 

 


 Article 10. Remedy for Infringement of Rights and Interests of Data Subjects

 ① If you need to report or consult about a violation of personal data, you can contact the agencies listed below for assistance: 


Privacy Breach Report Center 

Personal Information Dispute Mediation Committee 

Cyber Investigation Division, Supreme Prosecutors' Office 

Cybercrime Report and Management Bureau, National Police Agency 

(+82) 118 

privacy.kisa.or.kr 

(+82) 1833-6972 

www.kopico.go.kr 

(+82) 1301 

www.spo.go.kr 

(+82) 182 

ecrm.police.go.kr 


Article 11. Privacy Policy of Other Websites 

The website where the Company's Privacy Policy is posted may contain links to other websites. The Company's Privacy Policy applies solely to its own services provided on the website. Clicking on the links to third-party websites will require reviewing the respective privacy policies of those sites. 


 

Article 12. Changes in Personal Data Processing Policy and Obligation to Notify 

① This Privacy Policy may be updated whenever necessary to comply with legal requirements or Company policies. Any additions, deletions, or modifications to the policy will be communicated through the Company's website along with the reasons for the changes. 

② This Privacy Policy will take effect on November 21, 2023, replacing all prior versions. 

③ You can find the previous versions of our Privacy Policy below: 

  

Link to previous Privacy Policy documents