Rinnai Korea Corp. values protection of your personal information with an utmost importance, and obeys regulations on personal information protection as explained in 『Act on Promotion of Utilization of Information and Communications Network』 as well as 『Personal Information Protection Guideline』 legislated by the Ministry of Information and Communication. Through the Personal Information Protection Guideline, Rinnai Korea Corp. clearly lets you know for what purposes and by which means the personal information you provide are being used and also what measures are specifically being taken for the protection of personal information. These policies on handling of personal information may be modified based on revision of relevant laws or policies of the company so please check regularly when you sign up as a member or when you visit and use the company’s website. 1. List of Collected Personal Information Items and Collection Methods Rinnai Korea Corp. values protection of your personal information with an utmost importance, and obeys regulations on personal information protection as explained in 『Act on Promotion of Utilization of Information and Communications Network』 as well as 『Personal Information Protection Guideline』 legislated by the Ministry of Information and Communication. Through the Personal Information Protection Guideline, Rinnai Korea Corp. clearly lets you know for what purposes and by which means the personal information you provide are being used and also what measures are specifically being taken for the protection of personal information. ① Collected items: items collected during membership signup - Required items: ID, password, name, e-mail address, phone number (landline, mobile) - Optional items: home address, actual birthdate, occupation, marriage status, etc. (however, home address is a required input item when requesting a visiting or consultation service) ② Collection method: collection of user information via the website, automatic log collection through a log analysis software ※ To sign up a child who is 14 years old or younger, a legal representative’s consent of the Terms shall be obtained in advance. 2. Purpose of collection and use of personal information: Rinnai Korea Corp. utilizes the collected personal information for the following purposes. ① Member management: Individual verification and identification due to usage of membership services, prevention of illegal and unauthorized use by a bad member, confirmation of intention to sign up, limit in memberships and number of signups, preservation of records for dispute arbitration, processing of complaints, delivery of announcements, etc. The detailed purpose of collection and use of each personal information item is as follows. * Name, ID, password, e-mail address, phone number: used in member identification procedure for the use of membership service * E-mail address, phone number: securing of smooth communication paths for delivery of announcements, processing of complaints, etc., guiding of new services, news and event information. * Address, phone number: Securing of accurate addresses of destinations for after-sales services and shipment of event prizes. ② Utilization in marketing and advertising: Development of new services, provision of services and posting of advertisements based on demographical characteristics, understanding of frequency of log-in, statistical data on members’ services usage, delivery of advertising information such as events, promotion for marketing and sales at Rinnai dealers and product stores, utilization of DM, TM and SMS, etc. (sales planning needs to be checked) 3. Period of Retention and Use of Collected Personal Information The website of Rinnai Korea Corp. retains the collected personal information from the time of membership signup until the termination (request for withdrawal, etc.). Also at the time of membership termination, the website of Rinnai Korea Corp. immediately destroys the member’s personal information in an irreproducible, unrenewable way (for cases in which the personal information has been provided to a third party, it shall order the third party to destroy the information immediately). For the following cases, however, the website shall retain the personal information during the period specified in each clause. ① If there exists a need for personal information to be retained according to laws and regulations such as Commercial Act, the transaction history and a minimum amount of basic information shall be retained for the retention period specified in the laws. ② Personal information shall be retained for the promised retention period as shown below for the following 2 cases: if the retention period is notified to the users in advance and has not passed, or if a consent is obtained from individual users. - Records regarding withdrawal of contracts or subscriptions: 5 years - Records regarding payment of loans or supplying of goods, etc.: 5 years - Records regarding consumer complaints: 3 years - Records regarding processing of disputes: 10 years 4. Destruction of Personal Information ① Destruction procedure The information entered by a member for membership signup, etc. will be destroyed after its initial purpose is achieved and it is stored for a specified time period based on internal policies and/or the grounds for information protection as written in relevant laws and regulations. ② Destruction method Any personal information printed on paper shall be destroyed via shredding or burning and the personal information stored in the form of an electronic file shall be deleted via a technical method by which recorded cannot be regenerated. 5. Rights and Responsibilities of User Be sure to accurately enter the user’s most up-to-date personal information to prevent any sudden accidents. The responsibilities of accidents caused by a user’s input of inaccurate information lie in the user him/herself, and stealing of another user’s information or input of false information may lead to loss of membership rights. A user retains a right for his/her personal information to be protected as well as a responsibility to protect him/herself and not to infringe on another user’s information. Be sure not to allow a user’s personal information including passwords from leaking out and also not to damage another user’s personal information including his/her posts. If a user does not fulfill the aforementioned responsibilities and damage another user’s information and dignity, he/she may be subject to a punishment or a penalty based on the 『Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.』. ① Rights to browse personal information and request revision: A user may browse or revise his/her registered personal information any time. If personal information is to be browsed or revised, directly browse or revise on 『My Page』 or contact the manager or administrator of personal information protection via mail, phone call or e-mail, and an immediate measure will be taken. ② Rights to withdraw the consent to collection, use and provision of personal information: A user may withdraw his/her consent to the collection, use and provision of personal information, which was originally agreed at the membership signup. For withdrawal of consent, click 『Withdraw』 in 『My Page』 or contact the administrator of personal information protection via mail or e-mail, and an immediate measure including deletion of personal information will be taken after an identification procedure. 6. Collection of Personal Information by Cookie The website of Rinnai Korea Corp. employs “cookies”, which frequently save and locate your information. Your personal information that the website of Rinnai Korea Corp. collects through cookies are limited to IDs, status of page views, etc. and no other information is collected. Your personal information collected through cookies is used for the following purposes. It is utilized to analyze the frequency of log-in or duration of visits of members and non-members alike, understand users’ different preferences and interests, establish target marketing and restructure services. In various events that Rinnai Korea Corp. conducts through its website, these cookies are used as data to assign differential opportunities for entry based on the degree of your participation and the number of visits, and to provide distinct information to each individual’s diverse area of interests. You have a choice regarding cookies. By selecting [Tools] > [Internet Options] > [Security] > [Custom] on a web browser, you may allow all cookies, check every time a cookie is saved, or reject saving of all cookies. 7. Technical and administrative protection of personal information in cookies In handling of your personal information, the website of Rinnai Korea Corp. seeks the following technical measures to secure a sufficient level of safety against loss, theft, leakage, falsification or damage of personal information. ① Technical protection measures A user’s personal information is protected with a password and employs SSL (Secure Sockets Layer), which uses a password algorithm to safety transmit personal information on a network. ② Administrative protection measures - The right of access to users’ personal information shall be limited to a minimum number of people. - If the person who handles personal information is replaced due to a change in personnel such as transfer or resignation, the right of access to the personal information processing system shall be modified or eliminated immediately. - A periodic in-house education shall be held on acquisition of new security technology and the responsibility in protecting personal information for the employees handling personal information - Transfer of duties for the employee handling personal information shall be conducted thoroughly in a secure setting, and responsibilities shall be made clear regarding personal information accidents after entering or exiting the company. - Personal information and basic data shall not be kept together but rather separately stored in distinct servers. - Computer room and data storage room, etc. shall be specified as special protection zones and restrict access. - The company shall not take responsibility on events that occur due to the user’s own mistakes or fundamental risks of the Internet. Each individual member shall properly manage his/her own ID and password for protection of personal information and take a full responsibility regarding them. - If a mistake by an internal administrator or an accident in technical management leads to the loss, leakage, falsification and/or damage of personal information, the company shall immediately notify the user regarding it and devise suitable measures and compensation. 8. Employees in charge of civil complaints and management regarding personal information To protect your personal information and process complaints regarding personal information, the website of Rinnai Korea Corp. appoints a manager in charge of personal information protection to manage the information while opening a window through which your opinions and complaints regarding personal information protection can be raised. If you may have any questions or complaints regarding your personal information, please contact the manager-in-charge of personal information protection. A necessary measure will immediately be taken and its processing results will be notified. ① To protect its customers’ personal information and process their complaints regarding personal information, Rinnai Korea Corp. retains the following manager and operator in charge of personal information, as described below. Personal Information Manager-in-charge: IT Strategy Team Manager, Rinnai Korea Corp. Personal Information Operator-in-charge: IT Strategy Team Security Manager, Rinnai Korea Corp. E-mail: webmaster@rinnai.co.kr Phone: 032-570-6930(Request for After-sales Service/Consultation : 1544-3651) Fax: 032-570-8979 ② If a consultation regarding personal information is required, you may contact Internet Crime Investigation Center, Internet Crime Investigation Center at Supreme Prosecutors’ Office, Cyber Terror Response Center at Korea National Police Agency, etc. - Personal Information Violation Report Center Phone: (02)1336 URL: http://www.1336.or.kr - Internet Crime Investigation Center, Supreme Prosecutors’ Office Phone: 02-3480-3600 URL: http://www.spo.go.kr - Cyber Terror Response Center, Korea National Police Agency Phone: 02-392-0330 URL: http://www.ctrc.go.kr - Information Protection Mark Accreditation Committee Phone: 02-508-0533~4 URL: http://www.eprivacy.or.kr