The overseas customer technical support site (hereinafter referred to as “Suprema Global Technical Support Site” or “Site”) of Suprema Co., Ltd. (hereinafter referred to as the “Company”) protects users’ personal information and handles related complaints quickly and smoothly. In order to do so, we establish and disclose the personal information processing policy as follows.
Article 1. Purpose of Personal Data Processing and Processing Items
①. The Company processes the personal data of data subjects as follows:
Purpose of processing
Processed personal data
Suprema Global Technical Support Site
Enter the user account information
Name, Email, Company Name, Country, Region, The name of the company that purchased, Company Type (Suprema Authorized Distributor, SI, End-User, Dealer, Reseller)
Send the user account registration email
User Account Activation
Edit the signed up information
Direct input information: Photo, Title(Position, title, stage name, etc.), Work Phone, cell phone, Twitter
Input information through administrator request : Region for USA
Name, email, chatbot message (transmission time, message content)
Country, Region, The name of the company that purchased, Company Type (Suprema Authorized Distributor, SI, End-User, Dealer, Reseller)
Creating a ticket
Name, Email, Ticket Content
Region, Company Name, Country, The name of the company that purchased, Company Type(Suprema Authorized Distributor, SI, End-User, Dealer, Reseller)
Sending the email response
Email response service provided
1) The above personal information is used to provide technical support to Suprema’s overseas customers.
- Handle inquiries
- Technical support problem analysis and follow-up actions
- Send responses to registered tickets
- Send emails to send notices or known issues on websites and forums
- Used for technical support trends, such as customer-specific statistical analysis data, market research, product planning, and quality issue analysis data.
2) To respond to technical problems through tickets, information can be collected through web pages, emails, messengers, remote support, etc.
3) You have the right to refuse information collection. However, if the user refuses consent, Suprema technical support, forum > following posts, and viewing posts in the forum may be restricted.
② The Company collects personal data through the following methods:
1) The Company's website (including mobile web and apps)
2) Information collection tools (access logs, cookies, etc.)
3) Direct provision by the data subject via offline channels (exhibitions, etc.)
4) Mail, telephone, fax, or other means used by the data subject for inquiry and consultation purposes
③ The Company collects the minimum amount of personal data necessary to achieve the purpose of collection and ensures that such data is not used for purposes other than the intended ones. If the purpose of use changes, the Company will take necessary measures, including obtaining separate or additional consent from the data subject.
④ The definitions of terms by collection items are as follows.
This means a post created by a customer or Suprema technical support team on a technical support site for overseas customers. Only the requester who created the ticket can access the ticket, and Suprema's technical support team with the agent's authority on the site can review the ticket for technical support.
2) TICKET CREATION
This means the first post is registered.
This is a chat-based automatic response service provided by the site.
4) Ticket creation path
It can be created after the customer logs in.
Customers can request ticket creation via Chat-bot.
Customers can automatically generate tickets by sending an email to email@example.com. The ticket will automatically be transferred to the UK technical support team.
Customers can automatically generate tickets by sending an email to firstname.lastname@example.org. The ticket is automatically transferred to the technical support team that provides technical support for the US country.
Article 2. Retention of Personal Data and Period of Use
① Unless required by relevant laws, the Company shall dispose of personal data without delay after the purpose of collection and use has been achieved.
② When personal data is collected based on the data subject's direct consent, it is retained for the period agreed upon.
③ Despite the principle of immediate disposal after the purpose is achieved, if there is a need to retain personal data for a certain period as required by relevant laws and internal policies (e.g., for confirming transaction-related obligations), the Company will retain it as follows.
Records related to contracts or withdrawal of subscriptions, etc.
Act on the Consumer Protection in Electronic Commerce
Records related to payment of fees and supply of goods, etc.
Records related to consumer complaints or dispute resolution
Records related to advertisements
Website access records
Protection Of Communications Secrets Act
Article 3. Provision of Personal Data to Third Parties
① The Company will not use or disclose the data subject's personal data to third parties without consent, except when required by relevant laws or regulations.
② However, personal data may be provided without separate consent in the following situations:
1) For the purpose of settling service fees;
2) When providing data in an anonymized form for statistical, research, or market survey purposes to research institutions, survey organizations, or other entities; or
3) When required by special provisions of relevant laws, such as the Personal Information Protection Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, Protection of Communications Secrets Act, Framework Act on National Taxes, Act on Real Name Financial Transactions and Confidentiality, Credit Information Use and Protection Act, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Act, Act on Consumer Protection in Electronic Commerce, Criminal Procedure Act.
③ If personal data is provided to third parties without the data subject's consent under special legal provisions, only the minimum necessary information will be provided, and it will not be used for purposes other than the intended ones.
Article 4. Personal information processing entrustment and Consent to overseas transfer of personal information
① The Company entrusts and transfers (stores) personal data to domestic and overseas entities to ensure smooth information provision, marketing, and stable service delivery, where the personal data is retained by the systems of the entrusted company. The Company shall ensure that the entrusted company only manages the data physically and does not have access to it.
Personal data(items) being transferred
Destination country of the transfer
Timing and method of the transfer
Purpose of using personal information
Delivery purpose and
Name, e-mail address, customer information, record on the user’s tickets, relevant data (Includes information originally collected and information that has changed through modification of the information)
Transfer via network upon request
ㅇ C/S, operation, maintenance
ㅇSend notices, etc. to forum posts
Until the membership is canceled, or the entrustment contract is terminated,
② The Company manages and supervises the entrusted entity to ensure compliance with technical and administrative protection measures, as well as other relevant laws and regulations related to personal data, and prohibits them from processing the data for purposes beyond the scope specified.
④ The technical and administrative protection measures of cloud services shall comply with the policies of the cloud service provider. The cloud service provider shall solely manage the physical aspect of the outsourced personal data and shall not access it.
⑤ The data subject may choose to refuse the transfer of their personal data by contacting the Privacy Officer or the relevant department of the Company. However, please note that refusal to transfer personal data may result in limited access to the Company's relevant services.
Article 5. Personal Data Destruction Procedure and Method
① When personal data becomes obsolete, such as when the retention period expires or the processing purpose has been achieved, the Company shall dispose of the personal data promptly.
② In cases where personal data needs to be retained despite the expiration of the agreed-upon retention period or the achievement of the processing purpose due to other laws, it will be transferred to a separate database (DB) or stored in a different location.
③ The following outlines the procedure and method for the destruction of personal data:
Information entered by a data subject shall be transferred to a separate database (or a separate document if provided in hard copy) once the intended purpose has been achieved, and stored for a certain period in accordance with internal policies and other related laws. Otherwise, it will be immediately deleted. At this time, the personal information transferred to the database shall not be used for any other purpose, except as required by law.
Any information in the form of electronic files shall be deleted through a technical method that makes the records unrecoverable. Personal information printed in hard copy shall be shredded or incinerated.
Article 6. Rights and Duties of Data Subjects and Exercise of Rights
① The data subject may exercise the following privacy-related rights directly or indirectly through their legal representative with the Company at any time:
1) The right to receive information about the processing of personal data.
2) The right to determine the extent of consent for the processing of personal data.
3) The right to verify the processing of personal data and request access to (including obtaining copies of) and the transfer of personal data.
4) The right to request the suspension, correction, or deletion of personal data processing.
5) The right to seek compensation for damages caused by the processing of personal data through prompt and fair procedures.
6) The right to object to automated decisions based on personal data processing and request an explanation.
② The exercise of rights under article 1 can be done in writing, by phone, by e-mail, by facsimile (fax), etc., and the company will take action without delay after going through the user's identity verification process.
③ The data subject may exercise their rights either directly or indirectly through their legal representative or an authorized agent. In such cases, a letter of authorization is required.
④ Notwithstanding the provisions of Paragraph 1, access to personal data and the right to correction may be restricted when:
1) It poses a serious threat to the life, body, property, or rights of the data subject or a third party;
2) It significantly disrupts the proper operation of the service provider; or
3) It violates other laws, etc.
⑤ The Company does not generally collect personal data from individuals under the age of 16.
Article 7. Measures to Ensure the Safety of Personal Data
The Company takes the following administrative, technical, and physical measures to safeguard personal data.
1) Administrative measures:
Establishment and implementation of information security regulations and privacy control policy, operation of a dedicated organization, and regular training for employees.
2) Technical measures:
Access control and authentication for personal data processing systems, installation, and operation of access control systems and security programs, encryption of personal data, encrypted transmission, etc.
3) Physical measures:
Access control for computer rooms, etc.
Article 8. Installation, Operation, and Rejection of Automatic Personal Data Collection Devices
1) Cookies are small pieces of information sent by the website's server to the user's computer browser.
2) Cookies are used to store and retrieve usage histories of website visitors.
3) Cookies may be stored on users' PC hard drives.
③ Users have the option to configure their web browsers to allow all cookies, request permission before saving cookies, or refuse all cookies. However, it is important to note that rejecting cookies may lead to limitations and issues in the use of our services, and the Company does not assume responsibility for any resulting restrictions.
④ How to install, enable, or reject cookies
For Windows 10 Internet Explorer 11
Click on the "Tools" button in Internet Explorer. Select "Internet Options." Go to the "Privacy" tab. Click on "Advanced" in the Settings section. Choose whether to block or allow cookies.
Click on the "..." button in the top right corner of Edge. Select "Settings."
On the left side of the Settings page, click on "Privacy, search, and services." In the "Tracking prevention" section, choose the level of tracking prevention you prefer.
Decide whether to always use "Strict" tracking prevention when searching in InPrivate mode.
In the "Privacy" section below, select whether to send "Do Not Track" requests.
Click on the menu in the top right corner of the web browser, and choose "Settings." Navigate to "Privacy and security."
Go to "Cookies and other site data" and decide whether to allow cookies.
Click on the menu in the top right corner of the web browser, and select "Settings." In "Advanced settings," choose "Site settings."
Go to "Cookies" and decide whether to allow cookies.
Click on "Safari" in the top left corner of the Mac OS menu bar and choose "Preferences."
Go to "Privacy" and decide whether to allow cookies.
Go to "Settings." Find and select "Safari" in the list of apps. Under "Privacy & Security," decide whether to allow cookies.
Article 9. Contact Information for Privacy Officer and Relevant Department
① The Company has designated a Privacy Officer, who takes on the general roles and responsibilities of a Data Protection Officer (DPO), to ensure the protection of your personal data and handle any privacy-related inquiries or complaints.
Department in Charge of Privacy Protection
Information Security Office
Contact / E-mail
031-710-2450 / email@example.com
② Data subjects may contact the Privacy Officer and the competent department for any inquiries, complaints, or damages related to the protection of personal data that arise while using the Company's services (or business). The Company will promptly respond and handle inquiries from data subjects.
Article 10. Remedy for Infringement of Rights and Interests of Data Subjects
① If you need to report or consult about a violation of personal data, you can contact the agencies listed below for assistance:
Privacy Breach Report Center
Personal Information Dispute Mediation Committee
Cyber Investigation Division, Supreme Prosecutors' Office
Cybercrime Report and Management Bureau, National Police Agency
Article 12. Changes in Personal Data Processing Policy and Obligation to Notify