Privacy Policy

Privacy

Shin & Kim (www.shinkim.com) (“S&K”) maintains the following Privacy Policy to protect personal information and effectively manage requests relating to personal information pursuant to Article 30 of the Personal Information Protection Act.

Article 1 (Purpose, Types of Personal Information Collected, and Retention Period)

The purpose of personal information management by S&K, types of personal information collected, and the retention period will be as follows:

  1. Personal Information of Clients and Prospective Clients
    • Purpose of Collecting Personal Information : To send clients and prospective clients S&K newsletters, promotional materials, information and invitations on events hosted by S&K, to file tax returns, and to otherwise provide other information to clients and prospective clients.
    • Types of Personal Information Collected : Name, contact information (phone number and email address), address, employer, job position, and account number.
    • Collection Methods : Business cards, documents (e.g., powers of attorney, contracts, etc.), phone and fax numbers, email addresses.
    • Retention Period : Until the purpose of collecting personal information is achieved or until the client or prospective client requests the destruction of his/her personal information.
  2. Personal Information of Officers and Employees
    • Purpose of Collecting Personal Information : For the management of S&K personnel and their welfare, including, but not limited to, execution and maintenance of employment agreements, payment of salaries and severance pay, education, maintenance of professional licenses, insurance and pension, and provision of social welfare benefits to S&K’s officers/employees and their family members.
    • Types of Personal Information Collected
      • Required information: Name, Resident Registration Number, contact information (phone number and email), address, academic background, professional experience, history of military service, account numbers, etc.
      • Optional information: Vehicle registration, family relations, contact information (phone numbers and email addresses) of family members, etc.
    • Collection Methods : Documents, telephone and fax numbers, email addresses.
    • Retention Period : Until 3 years after the officer or employee has resigned or been terminated or until destruction of personal information is requested by the individual.
  3. Personal Information of Job Applicants
    • Purpose of Collecting Personal Information : To maintain a human resources database and to facilitate hiring decisions.
    • Items of Personal Information Managed : Name, gender, date of birth, contact information (phone number and email address), address, academic background, professional experience, history of military service, marital status, law school and/or the Judicial Research & Training Institute transcripts, foreign language test results, and other professional licenses.
    • Collection Methods : Documents, telephone and fax numbers, email addresses.
    • Retention Period : Until 3 years after final decision by the Recruiting Committee concerning the job applicant or until destruction of personal information is requested by the job applicant.

Article 2 (Transfer of Personal Information to Third Parties)

  1. The personal information of the individuals to whom the information relates (“data subjects”) will be used by S&K solely for the purposes set forth in Article 1 above. S&K will not use personal information beyond the original scope of such purpose or transfer personal information to any third party except in the following circumstances:
    1. if separate consent is obtained from the data subject;
    2. if the transfer is required by law or regulation;
    3. if the transfer is necessary in emergency situations to protect life, safety, or property of the data subject concerned or a third party, when the data subject or his/her legal representative is not in a position to express intent or it is impossible to obtain prior consent from the data subject due to an inability to contact the data subject, etc.; or
    4. if personal information of data subjects is needed for preparing statistical data, academic research, etc. and such personal information is anonymized such that the identity of the data subject cannot be ascertained.
  2. In obtaining consent under item 1 of Paragraph (1) above from a data subject, S&K will provide the following information to the data subject. S&K will also notify the data subjects if the following list changes and will obtain their consent:
    1. the proposed third party recipients of the personal information;
    2. the purpose for transferring the personal information (the recipient’s purpose for using the personal information);
    3. the types of personal information to be provided and used by the third party recipient;
    4. the retention period of the personal information (the recipient’s retention period for the personal information); and
    5. a reminder that the data subject may refuse consent and an explanation of any disadvantages if consent is refused.

Article 3 (Outsourcing Management of Personal Information)

  1. For effective management of personal information, S&K has outsourced certain management of personal information as follows:
    • Access information
      • Contract : CBRE Korea Co., Ltd. and Daelim Corporation
      • Details : To manage access by S&K officers and employees and visitors to the building and its facilities
      • Period of Outsourcing : Until the outsourcing agreement is terminated
    • Parking Information
      • Contract : GS Park 24 Co., Ltd. (GS Gran Seoul Parking) and Hi Parking (JongNo Tower Parking)
      • Details : To manage access and use of parking facilities by S&K officers and employees
      • Period of Outsourcing : Until the outsourcing agreement is terminated
    • Send email
      • Contract : Mail Link
      • Details : To manage the sending of newsletters, seminar invitations, etc.
      • Period of Outsourcing : Until the outsourcing agreement is terminated
  2. When entering into outsourcing agreements, S&K includes (i) provisions that prohibit the use of personal information for any purpose other than the outsourced work; (ii) technical requirements and required administrative measures to protect personal information; (iii) restrictions on subcontracting its obligations, and requirements for supervising entrusted parties; and (iv) liability provisions (indemnification), etc., pursuant to Article 26 of the Personal Information Protection Act. S&K will supervise the outsourced service provider to ensure that personal information is safely managed.
  3. Should there be any changes in the outsourced work or the contractor, S&K will promptly update this Privacy Policy to reflect such changes.

Article 4 (Rights and Obligations of Data Subjects)

  1. Data subjects may request that their personal information used by S&K be available for inspection. However, S&K may restrict or refuse such inspection for the following reasons:
    1. if inspection is prohibited or restricted by law; or
    2. if inspection is likely to harm the life or body of another person or unreasonably infringe the property or other interests of another person.
  2. Within 10 days of receiving a request for inspection under Paragraph (1) above, S&K will reply as to whether or not the data subject can inspect the requested personal information. If S&K postpones or refuses such inspection, S&K will inform the data subject of the reason for such postponement or refusal.
  3. Any data subject who inspected his/her personal information under Paragraph (1) above may request that S&K delete or correct such information. However, no such request for deletion can be made if the personal information concerned is required to be collected under express provisions of applicable law or regulations.
  4. Within 10 days after S&K receives a request to correct or delete personal information under Paragraph (3) above, S&K will inform the data subject concerned of the status of the correction or deletion, if any, performed by S&K, or if S&K refuses to meet such request, it will notify the data subject, explaining the reasons for its refusal and what the data subject may do to raise an objection.
  5. Any data subject may request that S&K suspend the use of his/her personal information. In such case, S&K will promptly suspend all or part of its use of the personal information of the data subject concerned as requested by the data subject. However, S&K may refuse the data subject’s request for suspension in any of the following cases or for other reasonable grounds:
    1. if there are special provisions in law or it is necessary in order to fulfill an obligation imposed by law or regulation;
    2. if such suspension is likely to harm the life or body of another person or unreasonably infringe the property or other interests of another person; or
    3. if the failure to use the personal information will make it difficult for S&K to provide the agreed services with the data subject or otherwise perform any agreement with the data subject, and the data subject has not clearly indicated an intent to terminate such agreement.
  6. Within 10 days after receipt of a request to suspend the use of personal information under Paragraph (5) above, S&K will inform the data subject of the status of any suspension or if S&K refuses to grant such request, it will notify the data subject, explaining the reasons for such refusal and what the data subject may do to raise an objection.
  7. To exercise his/ her rights under this Article, the data subject may submit a request form by personal delivery, by email or fax to S&K (at the department responsible for the protection of personal information) as set forth in Article 7(1). The request form is for the inspection, correction, deletion, or suspension of personal information management as set out in Form No. 8 of the Enforcement Rules to the Personal Information Protection Act.
  8. Any data subject may exercise his/her rights under this Article through his/her legal representative, any other appointee or agent, subject to the submission of a power of attorney in the form of Form No. 11 of the Enforcement Rules to the Personal Information Protection Act.

Article 5 (Destruction of Personal Information)

  1. S&K will promptly destroy personal information that is no longer needed, including when the purpose of collecting personal information is achieved or the retention period under Article 1 has expired.
  2. S&K will destroy personal information in the following manner:
    1. electronic files : permanently delete so that restoration of data is impossible; and
    2. records, printouts, documents or other media, other than falling under item 1 above: shred or burn.

Article 6 (Measures to Ensure Protection of Personal Information)

S&K employs the following technical, administrative and physical measures to protect personal information as required under Article 29 of the Personal Information Protection Act:

  1. Minimizing handling of personal information by employees and education:

    S&K designates specific employees charged with handling personal information. No other employee may use or handle personal information.

  2. Regular internal audits

    S&K conducts internal audits on a regular basis (once a quarter) to ensure proper handling and protection of personal information.

  3. Establishment and implementation of internal management plans

    S&K has established internal plans for the safe management of personal information and implements them.

  4. Encryption of personal information

    All passwords are encrypted for storage and management. For other significant data files, separate security functions are utilized, such as encrypting the files and transmission data or using the file lock function.

  5. Technical measures against hacking, etc.

    S&K installs security programs and conducts periodic renewals and checks in order to prevent personal information from being divulged or tampered with through hacking, computer viruses, etc. S&K maintains its system in an area restricted from outside access. S&K performs technical and physical monitoring and blocking.

  6. Control of outsider access to personal information and restrictions on access

    The minimal access to the system for personal information management is granted to managers responsible for the performance of their duties. Different persons responsible for various duties are granted access to different degrees. S&K takes measures for restricting access to personal information by managing records relating to the grant, change and cancellation of access rights. Also, to prevent illegal access and infringement of personal data by outsiders, S&K operates a system for blocking intrusions and other systems necessary to control external access to personal information.

  7. Storage of access records and prevention of forgery or alteration

    Records of access to personal information management systems are kept and managed for at least 6 months, and security functions are employed to prevent forgery, alteration, theft or loss of access records.

  8. Document security

    Documents, auxiliary storage devices, and other repositories of personal information are kept in a safe place with a locking function.

  9. Controlled access

    A separate physical storage area for storing personal information is designated and is subject to access control procedures, which are operated by S&K.

Article 7 (Personal Information Protection Manager)

  1. S&K’s personal information protection manager and department responsible for the protection of personal information are as follows:
    1. Personal Information Protection Manager
      • Name : Daeyong Baek
      • Position Title : Attorney
      • Contact Numbers : T 02-316-4630, F 02-756-6266
      • Email : dybaek@shinkim.com
    2. Department for the Protection of Personal Information
      • Department : IT
      • Manager : Jong-Ha Hwang, Head of IT
      • Contact Numbers : T 02-316-4099, F 02-756-6266
      • Email : jhahwang@shinkim.com
  2. The data subject may contact the personal information protection manager and the department responsible for the protection of personal information regarding any inquiry on personal information protection, complaints, relief, etc. that may arise in the course of the use of S&K services. S&K will promptly respond to and handle any such inquires raised by data subjects.

Article 8 (Installation, Operation and Refusal of Cookies)

  1. Definition of a cookie

    A cookie is a small text file which the server of a website sends and stores on the user’s computer hard disc for the operation of a website. The data subject may decide to allow the the installation and collection of cookies or may refuse the collection of cookies.

  2. To manage your cookie settings
    1. For Internet Explorer : Select “Tool” (at the top of the web browser) > “Internet Option” > “Personal Information” > select setting
    2. For Chrome : Select “Chrome Setting and Control“(at the upper-right side of the web browser ) > “Setting” > “Advanced” > “Contents Setting” in the “Personal Information and Security” section > select setting in the cookie section

Article 9 (Relief for Infringement of Rights and Interests)

Data subjects may seek relief and advice on personal information infringement from the following organizations. Please contact the following organizations directly if you are not satisfied with S&K’s handling of complaints related to your personal information or relief provided by S&K or need more detailed support.

  1. Personal Information Infringement Reporting Center (operated by the Korea Internet & Security Agency)
    • Function : Processing reports of personal information infringement, providing advice
    • Website : privacy.kisa.or.kr
    • Telephone Number : 118 (No Area Code)
    • Address : Personal Information Infringement Reporting Center, 3rd Floor, 9 Jinheung-gil Naju-si Jeollanam-do, Korea (58324)
  2. Personal Information Dispute Mediation Committee
    • Function : Processing of personal information dispute applications, mediation of class action disputes (civil resolutions)
    • Website: www.kopico.go.kr
    • Telephone Number: 1833-6972
    • Address: Personal Information Dispute Mediation Committee, 4th Floor, 209 Sejong-daero Jongno-gu Seoul, Korea (03171)
  3. Cybercrime Investigation Division of the Supreme Prosecutors’ Office
    02-3480-3573 (www.spo.go.kr)
  4. Korean National Police Agency Cyber Bureau
    1566-0112 (cyberbureau.police.go.kr)

Article 10 (Amendment of Privacy Policy)

This Privacy Policy is effective as of January 1, 2015. Any amendment hereto (such as any addition hereto or deletion or correction of any part hereof) will be published on the S&K website (www.shinkim.com) at least 7 days prior to the effective date of such amendment.

SNS Channels