본문 바로가기 주메뉴 바로가기

(주)엠제이비전테크

KOR ENG

전체메뉴

Inquiry Digital Service Mall

  • B, 6th floor, Jonggak Building, 673 Gukchaebosang-ro, Jung-gu, Daegu
  • +82-70-8721-3412
  • mjvt.support@ph.co.kr

login

Privacy Policy

MJ Vision Tech Co., Ltd. values ​​your personal information and complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.

In accordance with Article 30 of the Personal Information Protection Act, MJ Vision Tech Co., Ltd. establishes and discloses the personal information management plan as follows in order to protect the personal information of the information subject and to ensure that related problems can be dealt with promptly and smoothly.

Chapter 1: General Provisions

Article 1 (Purpose)

MJ Vision Tech Co., Ltd.'s personal information internal management plan is in accordance with Article 29 of the 「Personal Information Protection Act」, Article 30 of the Enforcement Decree of the same Act, and 'Standards for Measures to Ensure Safety of Personal Information' (No. 2020-2) in processing personal information. The purpose of this Act is to determine matters concerning technical, managerial, and physical safety measures necessary to secure safety so that personal information is not lost, stolen, leaked, forged, falsified, or damaged.

Article 2 (Definition of Terms)

The meaning of terms used in the personal information internal management plan is as follows.

  • 1.Personal information is information about a living individual that can identify an individual through name, resident registration number, video, etc. (Even if a specific individual cannot be identified with this information alone, it can be easily combined with other information to be identified. includes) says
    • Pseudonymization refers to the process of deleting part of personal information or replacing part or all of it so that a specific individual cannot be identified without additional information.
  • 2.Personal information is information about a living individual that can identify an individual through name, resident registration number, video, etc. (Even if a specific individual cannot be identified with this information alone, it can be easily combined with other information to be identified. includes) says
  • 3.Data subject refers to a person who can be identified by the processed information and becomes the subject of the information.
  • 4.Personal information file refers to a collection of personal information systematically arranged or organized according to certain rules so that personal information can be easily retrieved.
  • 5.Personal Information Processor refers to public institutions, corporations, organizations, and individuals who process personal information by themselves or through others to operate personal information files for business purposes.
  • 6.Person in charge of personal information protection refers to a person who is in charge of the personal information processing of the personal information manager and falls under Article 32 (2) of the Decree.
  • 7.Personal information handlers refers to executives and employees, dispatched workers, and part-time workers who are in charge of handling personal information under the direction and supervision of the personal information manager.
  • 8.Personal information processing system refers to a system systematically configured to process personal information such as a database system.
  • 9.Password means that when an information subject or personal information manager accesses a personal information processing system, business computer or information communication network, etc., it must be entered together with an identifier and delivered to the system so that it can be identified as a person with legitimate access rights. It is a unique string of information that is not disclosed to others.
  • 10.Information Communications Network refers to the collection, processing, storage, and search of information by using telecommunications facilities pursuant to Article 2, Subparagraph 2 of the 「Framework Act on Telecommunications」 or using telecommunications facilities, computers and computer-using technology. ·It refers to the information communication system that transmits or receives.
  • 11.Public wireless network refers to a network where an unspecified number of people can use the Internet through a wireless access device (AP).
  • 12.Mobile devices refers to portable devices used for processing personal information, such as PDAs, smartphones, and tablet PCs that can use wireless networks.
  • 13.Biometric information is information about physical or behavioral characteristics that can identify an individual, such as fingerprint, face, iris, vein, voice, handwriting, etc., and includes information that has been processed or created therefrom.
  • 14.Secondary storage media refers to media that can store data, such as a portable hard disk, USB memory, CD (Compact Disk), DVD (Digital Versatile Disk), etc. It refers to a storage medium that can be separated.
  • 15.Internal network refers to the section where access is controlled or blocked in the Internet section by physical network separation, access control system, etc.
  • 16.Access record refers to the personal information handler’s account, access date and time, access location information (PC, mobile device, etc. of the person who accessed the personal information handler, terminal information or server IP address, etc.), processed information subject information, tasks performed (collecting, generating, linking, linking, recording, storing, holding, processing, editing, searching, outputting, correcting, restoring, using, providing, disclosing, Destruction, etc.) is recorded electronically. In this case, “connection” refers to a state in which data transmission or reception is possible by being connected to the personal information processing system.
  • 17.Management terminal refers to a terminal that directly accesses the personal information processing system for the purpose of management, operation, development, and security of the personal information processing system.
Article 3 (Scope of Application)

This personal information internal management plan is applied to the trustee who handles personal information of MJ Vision Tech Co., Ltd. or entrusts MJ Vision Tech Co., Ltd.'s personal information processing business.

Chapter 2 Establishment and Implementation of Internal Management Plan

Article 4 (Establishment and Approval of Internal Management Plan)
  • 1.The person in charge of personal information protection establishes an internal management plan through an internal decision-making process to comply with laws and regulations related to personal information protection.
  • 2.If there is a significant change in each item of the internal management plan, the person in charge of personal information protection must immediately reflect it and amend the internal management plan, and store and manage the history.
  • 3.The person in charge of personal information protection checks and manages the implementation status of the internal management plan at least once a year and takes appropriate measures according to the results.
Article 5 (Announcement of Internal Management Plan)
  • 1.The person in charge of personal information protection shall notify all employees, trustees, and related persons of the internal management plan approved in accordance with Article 4 to comply with it.
  • 2.The internal management plan is kept or provided in a way that executives, employees, trustees, and related persons can peruse at any time.

Chapter 3 Roles and Responsibilities of Personal Information Protection Officer

Article 6 (Designation of Person in Charge of Personal Information Protection)
  • 1.In accordance with Article 31 of the 「Personal Information Protection Act」 and Article 32 of the Enforcement Decree of the same Act, MJ Vision Tech Co., Ltd. appoints the person in charge of personal information protection as the head of the headquarters.
Article 7 (Role and Responsibilities of Person in Charge of Personal Information Protection)
  • 1.The person in charge of personal information protection performs the following tasks.
    • Establishment and implementation of personal information protection plan
    • Regular investigation and improvement of personal information processing status and practice
    • Handling of complaints related to personal information processing and damage relief
    • Establishment of an internal control system to prevent leakage and misuse of personal information
    • Establishment and implementation of personal information protection education plan
    • Protection and management supervision of personal information files
    • Establishment, change and enforcement of personal information processing policy in accordance with Article 30 of the 「Personal Information Protection Act」
    • Management of data related to personal information protection
    • Destruction of personal information when the purpose of processing has been achieved or the retention period has passed
  • 2.The person in charge of personal information protection may, if necessary, investigate the processing status of personal information, processing system, etc. from time to time or receive reports from related parties in performing the duties of paragraph 1.
  • 3.The person in charge of personal information protection shall immediately take corrective measures when he/she finds out about the violation of this Act and other related laws and regulations in relation to personal information protection.
Article 8 (Role and Responsibility of Personal Information Handler)
  • 1.The person in charge of personal information protection performs the following tasks.
    • Personal information processing
    • Tasks related to personal information protection entrusted by the person in charge of personal information protection
    • Application for personal information file registration to the person in charge of personal information protection
    • Destruction of personal information (files)
    • When destroying personal information (files), request the person in charge of personal information protection to delete the registration of personal information (files)
    • Participation in personal information protection activities
    • Compliance and implementation of the internal management plan
    • Implementation of standards for technical and managerial protection of personal information
    • Inspection of illegal or unreasonable infringement of personal information by employees or third parties, etc.
  • 2.In handling personal information, personal information handlers must comply with the plan, as well as laws and regulations related to personal information protection, so that personal information can be safely managed.

Chapter 4 Personal Information Protection Education

Article 9 (Education of Personal Information Protection Manager)
  • 1.MJ Vision Tech Co., Ltd. conducts training related to personal information protection at least once a year for the person in charge of personal information protection.
Article 10 (Education of personal information handlers)
  • 1.In order to ensure proper handling of personal information, the person in charge of personal information protection shall establish and implement a personal information protection education plan necessary for personal information handlers by determining the following matters.
    • Educational purpose and target
    • Training content
    • Training schedule and method
  • 2.The person in charge of personal information protection must record and keep the results of personal information protection education in accordance with Chapter 4 or related data that can prove it.

Chapter 5 Technical Safety Measures

Article 11 (Management of Access Rights)
  • 1.MJ Vision Tech Co., Ltd. conducts training related to personal information protection at least once a year for the person in charge of personal information protection.
  • 2.MJ Vision Tech Co., Ltd. must change or revoke the access authority to the personal information processing system without delay if the personal information handler is changed due to personnel transfer, such as transfer or retirement.
  • 3.MJ Vision Tech Co., Ltd. shall record the details of granting, changing or canceling the authority pursuant to Paragraphs 1 and 2, and keep the records for at least 3 years.
  • 4.When MJ Vision Tech Co., Ltd. issues a user account that can access the personal information processing system, it must issue a user account for each personal information handler, and must ensure that it is not shared with other personal information handlers.
  • 5.MJ Vision Tech Co., Ltd. shall apply the following items so that personal information handlers or information subjects can set and implement safe passwords for personal information processing systems and internet homepages.
    • It consists of at least 8 or 10 digits in length depending on the combination and composition of letters and numbers.
      • At least 8 digits: In case of using two or more types of characters
      • Character Type: Alphabet uppercase and lowercase letters, special characters, numbers
      • At least 10 digits: When composed of one character type
      • However, it can be vulnerable if it consists only of numbers
    • Make your password difficult to guess or guess
      • Do not use the same character repetition (aaabbb, 123123, etc.), strings next to each other on the keyboard (qwer, etc.), serial numbers (12345678, etc.), family names, birthdays, phone numbers, etc.
    • Change it regularly at least once a quarter and immediately change it to a new password if it is exposed to a third party
  • 6.MJ Vision Tech Co., Ltd. shall take necessary technical measures such as restricting access to the personal information processing system if account information or password is entered incorrectly more than a certain number of times so that only authorized personal information handlers can access the personal information processing system.
Article 12 (Access Control)
  • 1.MJ Vision Tech Co., Ltd. shall take measures including the following functions to prevent illegal access and infringement accidents by unauthorized insiders and outsiders through information and communication networks.
    • Restrict unauthorized access by restricting access to the personal information processing system to IP (Internet Protocol) addresses, etc.
    • Detect and respond to illegal personal information leakage attempts by analyzing IP (Internet Protocol) addresses accessed to the personal information processing system
  • 2.MJ Vision Tech Co., Ltd. shall apply secure access methods such as virtual private networks (VPNs) or dedicated lines or secure authentication methods when personal information handlers attempt to access the personal information processing system from outside through an information and communication network.
  • 3.MJ Vision Tech Co., Ltd. is a personal information processing system, business computer, mobile device, and management system to prevent disclosure or leakage of personal information being handled to persons without permission to view it through the Internet homepage, P2P, sharing settings, and use of open wireless networks. Measures must be taken to control access to terminals, etc.
  • 4.MJ Vision Tech Co., Ltd. shall inspect vulnerabilities at least once a year and take necessary supplementary measures to prevent leakage, alteration, or damage of unique identification information through the Internet homepage that processes unique identification information.
  • 5.In order to prevent illegal access to the personal information processing system and infringement accidents, MJ Vision Tech Co., Ltd. shall automatically block access to the system if the personal information handler does not process business for a certain period of time.
  • 6.Paragraph 1 may not apply if MJ Vision Tech Co., Ltd. processes personal information using a business computer or mobile device without using a separate personal information processing system, and in this case, the operating system of the business computer or mobile device ( You can use the access control function provided by OS (Operating System) or security program.
  • 7.MJ Vision Tech Co., Ltd. shall take protective measures such as setting a password for the mobile device to prevent leakage of personal information due to loss or theft of the mobile device for business use.
Article 13 (Encryption of Personal Information)
  • 1.MJ Vision Tech Co., Ltd. must encrypt unique identification information, passwords, and bio information when transmitting them through information and communication networks or through auxiliary storage media.
  • 2.MJ Vision Tech Co., Ltd. shall encrypt and store passwords and bio information. However, when storing a password, it must be stored after one-way encryption (hash function) so that it cannot be decrypted.
  • 3.MJ Vision Tech Co., Ltd. must encrypt unique identification information when storing it in the Internet section or the intermediate point between the Internet section and the internal network (DMZ: Demilitarized Zone).
  • 4.When MJ Vision Tech Co., Ltd. stores unique identification information on the internal network, it must be encrypted.
  • 5.When MJ Vision Tech Co., Ltd. encrypts personal information in accordance with Paragraph 1, Paragraph 2, Paragraph 3 or Paragraph 4, it must be encrypted and stored with a secure encryption algorithm.
  • 6.When MJ Vision Tech Co., Ltd. stores and manages unique identification information on a business computer or mobile device, it must be encrypted using commercial encryption software or a safe encryption algorithm before storing.
Article 14 (Storage and inspection of access records)
  • 1.MJ Vision Tech Co., Ltd. shall keep and manage records of access to the personal information processing system by personal information handlers, including the items in each of the following subparagraphs, for at least one year. However, in the case of a personal information system that processes personal information about 50,000 or more information subjects, or handles unique identification information or sensitive information, it must be stored and managed for at least two years.
    • Identification information of the personal information handler (account information such as ID)
    • Date and time of access (date and time)
    • Access point information (connector's terminal information or IP address)
    • Processed data subject information (name, ID, etc. of data subject)
    • Tasks to be performed (viewing, modifying, deleting, printing, input, etc.)
  • 2.MJ Vision Tech Co., Ltd. shall inspect the access records of the personal information processing system at least once a month in order to respond to loss, theft, leakage, forgery, alteration or damage of personal information. In particular, if it is discovered that personal information has been downloaded, the reason must be confirmed.
  • 3.MJ Vision Tech Co., Ltd. shall safely store the access records of personal information handlers so that they are not forged, altered, stolen, or lost.
Article 15 (Prevention of malicious programs, etc.)
  • 1.MJ Vision Tech Co., Ltd. must install and operate security programs such as vaccine software that can prevent and treat malicious programs, etc., and must comply with the following items.
    • Use the automatic update function of the security program or update it at least once a day to keep it up to date
    • If a malicious program-related alert is issued or if there is a security update notice from the manufacturer of the application program or operating system software in use, update accordingly.
    • Countermeasures such as deletion of detected malicious programs, etc.
Article 16 (Safety measures for terminals for management)
  • 1.MJ Vision Tech Co., Ltd. shall take the following safety measures for management terminals to prevent personal information infringement accidents such as personal information leakage.
    • Measures to prevent unauthorized persons from accessing and manipulating terminals for management
    • Measures to prevent use other than the intended purpose
    • Application of security measures to prevent malicious program infection, etc.

Chapter 6 Administrative Safety Measures

Article 17 (Organization and Operation of Personal Information Protection Organization)
  • 1.MJ Vision Tech Co., Ltd. shall organize and operate a personal information protection organization that includes the following items for safe handling of personal information.
    • Designation of personal information protection officer
    • Designation of a person in charge who supports the work of the personal information protection manager under the direction and supervision of the personal information protection manager
    • Designation of personal information handling department that handles personal information
  • 2.The personal information handling department must process personal information through sufficient consultation and coordination with the person in charge of personal information protection.
  • 3.The personal information protection organization shall carry out the duties pursuant to Article 7, and may perform other matters deemed necessary to secure the safety of personal information.
Article 18 (Response to Personal Information Leakage Accidents)
  • 1.MJ Vision Tech Co., Ltd. shall establish and implement a personal information leakage accident response plan to minimize the occurrence of damage through prompt response in the event of a personal information leakage accident.
  • 2.The personal information leakage accident response plan pursuant to Paragraph 1 shall include emergency measures, leakage notice/inquiry and reporting procedures, measures to respond to customer complaints, measures to minimize on-site congestion, measures to relieve customer anxiety, measures to relieve victims, etc.
  • 3.MJ Vision Tech Co., Ltd. shall strive to minimize the inconvenience and economic burden of information subjects in carrying out damage recovery measures following personal information leakage.
Article 19 (Risk Analysis and Response)
  • 1.MJ Vision Tech Co., Ltd. shall conduct risk analysis and prepare countermeasures such as applying necessary security measures to prevent personal information from being lost, stolen, leaked, forged, altered or damaged.
  • 2.The risk analysis according to Paragraph 1 can be performed by using personal information risk analysis standards or by identifying and evaluating risk factors.
Article 20 (Management and Supervision of Trustees)
  • 1.When MJ Vision Tech Co., Ltd. entrusts the processing of personal information to a third party, it must set the following matters, train the trustee, and supervise whether the trustee handles personal information safely.
    • Purpose and scope of consignment work
    • Consignment period
    • Restrictions on re-entrustment
    • Matters concerning the prohibition of handling personal information other than for the purpose of consignment
    • Matters concerning measures to ensure safety, such as restricting access to personal information
    • Matters related to supervision, such as inspection of management status of personal information held in relation to consignment duties
    • Matters concerning liability such as compensation for damages in case the trustee violates the obligations to be observed
  • 2.MJ Vision Tech Co., Ltd. shall keep records of the results of educating and supervising trustees in accordance with Paragraph 1, and shall take necessary security measures if problems are found.

Chapter 7 Physical Safety Measures

Article 21 (Physical Safety Measures)
  • 1.MJ Vision Tech Co., Ltd. must establish and operate access control procedures for physical storage locations that store personal information, such as the Suseong-gu integrated control center, computer room, and data storage room.
  • 2.MJ Vision Tech Co., Ltd. shall store documents and auxiliary storage media containing personal information in a safe place with a lock.
  • 3.MJ Vision Tech Co., Ltd. shall prepare security measures to control the export and import of auxiliary storage media containing personal information. However, this may not apply in the case of processing personal information using a business computer or mobile device without operating a separate personal information processing system.
Article 22 (Destruction of Personal Information)
  • 1.MJ Vision Tech Co., Ltd. must destroy the personal information within 5 days, unless there is a justifiable reason, when the holding period of personal information has elapsed, the purpose of processing has been achieved, etc. should do
    • Complete destruction (incineration, crushing, etc.)
    • Deletion using dedicated device
    • Perform a factory reset or overwrite to prevent data from being restored
  • 2.MJ Vision Tech Co., Ltd. shall take the following measures if it is difficult to destroy only part of the personal information, or if it is difficult to destroy it by the method of paragraph 1.
    • In the case of electronic files: Management and supervision to ensure that personal information is not recovered or reproduced after deletion
    • In the case of records, prints, documents, and other recording media other than subparagraph 1: Delete the relevant part by masking, perforation, etc.
  • 3.MJ Vision Tech Co., Ltd. shall record and manage matters related to personal information destruction, and the enforcement and confirmation of destruction shall be carried out under the responsibility of the person in charge of personal information protection.

Chapter 8 Installation, Operation and Management of Image Information Processing Equipment

Article 23 (Designation of person in charge of management of visual information processing equipment)
  • 1.MJ Vision Tech Co., Ltd. can designate the person in charge of the task as the person in charge of personal image information protection.
  • 2.The person in charge of management under Paragraph 1 shall perform the following duties in accordance with the duties of the person in charge of personal information protection pursuant to Article 31 Paragraph 2 of the Act.
    • Establishment and implementation of personal image information protection plan
    • Regular investigation and improvement of personal image information processing status and practice
    • Handling of complaints related to personal image information processing and damage relief
    • Establishment of an internal control system to prevent leakage and misuse/abuse of personal image information
    • Establishment and implementation of personal video information protection education plan
    • Management and supervision of protection and destruction of personal image information files
    • Other tasks necessary for the protection of personal image information
Article 24 (Visual Information Processing Equipment Operation and Management Policy)
  • 1.The person in charge of personal image information protection must establish a policy for operating and managing image information processing equipment, and if it is changed, it can be disclosed as necessary so that the information subject can easily check it.
  • 2.The video information processing device operation management policy may be included in the personal information processing policy pursuant to Article 30 of the Act.
  • 3.If it is difficult to set the minimum period for achieving the purpose of retaining personal image information, the storage period shall be within 30 days after collection of personal image information.
Article 25 (Collection of Prior Opinions)
  • 1.Even in the case of additional installation following a change in the purpose of installation of video information processing equipment, opinions of related experts and interested parties must be collected in accordance with Article 24 (1) of the Enforcement Decree.
Article 26 (Installation of information boards)
  • 1.The person in charge of personal image information protection shall install a notice board stating the matters in each of the following subparagraphs so that the information subject can easily recognize that the image information processing device is installed and operated.
    • Purpose and place of installation
    • Shooting range and time
    • Name or title and contact information of the person in charge of personal image information management
    • Name and contact information of the consignee in case of consignment of work related to the installation and operation of image information processing equipment
Article 27 (Personal Video Information Protection Measures)
  • 1.Operators of image information processing devices shall take the following measures to prevent personal image information from being lost, stolen, leaked, altered or damaged.
    • Any act of manipulating the image information processing device for a purpose other than the purpose of installation or illuminating other places is prohibited, and the use of the recording function is prohibited.
    • Personal image information access control and restrictions on access rights
    • Application of technology that can safely store and transmit personal image information (encrypted transmission in case of network camera, password setting for personal information image file, etc.)
    • Storage of processing records and measures to prevent forgery and falsification (preparation of personal image information management ledger when using, viewing, providing, and destroying personal image information, etc.)
    • Arrange storage facilities or install locks for safe physical storage
Article 28 (Inspection of Installation and Operation of Video Information Processing Equipment)
  • 1.The person in charge of personal image information protection shall conduct self-inspection of each of the following subparagraphs regarding compliance with this plan.
    • Contents of the operation and management policy of image information processing equipment
    • Status of management and supervision of management manager’s job performance, consignment and consignee
    • Installation and operation of image information processing equipment and technical, managerial and physical measures
    • Personal image information collection, use, provision and destruction, measures to exercise the rights of the information subject
    • Whether the need for installation and operation of image information processing equipment continues, etc.

Chapter 9 Other Matters Necessary for Personal Information Protection

Article 29 (Usage and Provision of Personal Information for Other Purposes)
  • 1.In principle, MJ Vision Tech Co., Ltd. shall not use or provide personal information beyond the scope of the original collection purpose. However, in any of the following cases, personal information may be used for purposes other than the intended purpose or provided to a third party, except when there is a possibility of unreasonably infringing on the interests of the subject of information or a third party.
    • In the case of obtaining separate consent from the information subject
    • Special provisions of other laws
    • When it is clearly necessary for the interests of the life, body and property of the information subject or a third party
    • If personal information is not used for any other purpose or is not provided to a third party, it is impossible to carry out the duties prescribed by other laws, and the protection committee has undergone deliberation and resolution
    • When it is necessary to provide foreign governments, etc. for the implementation of treaties and international agreements
    • Where it is necessary for criminal investigation and prosecution and maintenance
    • When it is necessary for the court's trial work
    • Cases where it is necessary for the execution of punishment, probation, and protective disposition
  • 2.Procedures for non-purpose use and provision to third parties

    You can move left and right by touching and dragging the image.

    Procedures for non-purpose use and provision to third parties
    procedure manager Main Content
    1. Receipt of request for provision Handler (person in charge)
    • Requests for provision of personal information are received in writing
    2. Legal Basis Review Handler (person in charge)
    • Review the legal basis to see if use other than purpose or provision to a third party is possible
    3. Implementation of Consent Procedure Handler (person in charge)
    • If there is no legal basis, separate consent must be obtained from the information subject
    4. Ledger records and management Handler (person in charge)
    • Use of personal information for other purposes and provision to third parties (Enforcement Rules of the Personal Information Protection Act [Form No. 1]) must be recorded and managed.
    5. Approval of the Privacy Officer Privacy Officer
    • After reviewing the person in charge of personal information protection, obtain approval from the person in charge of personal information protection
    6. Use and provision other than purpose Handler (person in charge)
    • Use of personal information for other purposes after approval by the person in charge of personal information protection / Provision of personal information to a third party
    • If the personal information protection manager is not approved, the reason for non-provision is notified to the requester
    7. Requesting protective measures Handler (person in charge)
    • When providing to a third party, request in writing to limit the purpose of use, method of use, period of use, type of use, etc., or prepare necessary measures to ensure the safety of personal information.
    8. Submission of action results Person requesting provision of personal information
    • A person who has received a request for measures to ensure safety must take measures accordingly and notify the result in writing to the personal information manager (person in charge) who provided the personal information.
    9. Disclosure of key details Handler (person in charge)
    • Post on the website bulletin board (or personal information processing policy) for more than 10 days within 30 days
    Recipient
     
    Personal information file name
     
    Basis of provision
     
    Provided item
     
    Purpose of provision
     
    Retention period
     

    ※ If the consent of the information subject has been obtained, or if it is provided for the purpose of criminal investigation and prosecution and maintenance, it will not be disclosed.
상단으로