Union Biometricks Co., Ltd. (hereinafter referred to as the “Company”) strives to comply with 「the Act on Promotion of Information and Communications Network Utilization and Information Protection」, the Personal Information Protection Act」, and 「the General Data Protection Regulation (GDPR)」. In order to protect users’ personal information and to ensure the prompt and smooth handling of any related concerns, the Company has established and discloses the following Privacy Policy.
Article 1. Items of personal information collected
Article 2. Personal information collection method
Article 3. Purpose of use of personal information
Article 4. Retention and Processing Period of Personal Data
Article 5. Provision of Personal Data to Third Parties
Article 6. Information on the Entrustment of Personal Data Processing
Article 7. Information on the International Transfer of Personal Data
Article 8. Rights and Duties of Data Subjects and Exercise of Rights
Article 9. Personal Data Destruction Procedure and Method
Article 10. Measures to Ensure the Safety of Personal Data
Article 11. Contact Information for Privacy Officer and Relevant Department
Article 12. Changes in Personal Data Processing Policy and Obligation to Notify
Article 1. Items of personal information collected
The Company collects the following categories of personal data.
| Category(service) | Purpose of processing | Processed personal data | Processing and retention period | |
| Customer Inquiries |
Sales / Purchase AS / Technical PR / Marketing |
Required | Name, E-mail, Telephone, Company Name | 2 years |
| Marketing | Optional | Name, E-mail, Telephone, Company Name | 2 years | |
| Offline Events | Exhibition registration | Required | E-mail, Name, Company Name, Department | 1 year |
| Optional | Telephone, title | 1 year | ||
| Unis B Plus (Access Control Device) | Required | Name, E-mail, PW, Telephone | Until the data is deleted or consent is withdrawn | |
| UBio PetID (Management of Canine Nasal Print Data) | Required | Name, E-mail, PW, Telephone | ||
| UBio-Xkey (Mobile Card) | Required | UBio-Xkey (Mobile Card) | ||
Article 2. Personal information collection method
- The user provides consent to the collection of personal information through the website and directly inputs the information.
- Collection through automated data collection tools (such as access logs, cookies, etc.)
- Collection when users make inquiries or request consultations via email, phone, fax, etc.
Article 3. Purposes of Use of Personal Information
The Company collects and uses personal information for the following purposes. The collected personal information will not be used for any purposes other than those stated below, and in the event of a change in the purpose of use, the Company will take necessary measures as required by law, such as obtaining prior consent.
| Category | Collected Information |
| Use of information for service provision | To respond to inquiries and provide information and guidance. |
| Use for marketing and advertising purposes | To send notifications and promotional information via SMS, email, and other communication channels. |
| Use for customer satisfaction surveys and analysis | To conduct research and development of products and services, and to use customer data for statistical analysis. |
Article 4. Period of Retention and Use of Personal Information
- In principle, the Company promptly destroys personal information once the purpose of its collection and use has been achieved, unless it is required to retain the information in accordance with applicable laws and regulations..
- However, if it is necessary to retain personal information in accordance with relevant laws and regulations, the Company will retain member information for a specified period as prescribed by those laws, as outlined below.
- Relevant Laws and Retention Periods
| Category | Relevant Laws | Retention Periods |
| Records related to contracts or withdrawal of subscriptions, etc. | Act on the Consumer Protection in Electronic Commerce, etc. | 5 years |
| Records related to payment of fees and supply of goods, etc. | 5 years | |
| Records related to consumer complaints or dispute resolution | 3 years | |
| Records related to advertisements | 6 months | |
| Website access records | Protection of Communications Secrets Act | 3 months |
Article 5. Provision of Personal Data to Third Parties
The Company will not use or disclose the data subject’s personal data to third parties without consent, except when required by relevant laws or regulations.
Article 6. Outsourcing of Personal Information Handling
- To ensure efficient processing of personal information, the Company outsources certain tasks to third-party service providers as described below.
| Company | Entrusted Task | Entrusted Personal Data | Entrustment Period |
| Gongtong-i | Confirmation of Website User Information | Name, E-mail, Telephone | Until the end of the entrusted service agreement |
| Seffice | Package Maintenance | Name, E-mail, Telephone, Address | Until the end of the entrusted service agreement |
| DOUZONE | Package Maintenance | Name, E-mail, Telephone, Bank Account Number | Until the end of the entrusted service agreement |
- When entering into an outsourcing agreement, the Company specifies in the contract or other documents the obligations related to the protection of personal information as stipulated in Article 26 of 「the Personal Information Protection Act」, including prohibiting the processing of personal information beyond the entrusted tasks, implementing technical and administrative safeguards, restricting subcontracting, and responsibilities for managing and supervising the service provider. The Company also monitors whether the service provider handles personal information securely.
- In the event of any changes to the details of the entrusted tasks or the entrusted party, the Company will promptly disclose such changes through this Privacy Policy.
Article 7. Matters Regarding the Transfer of Personal Information Overseas
The Company entrusts the processing of personal information to overseas service providers as outlined below in order to ensure smooth information delivery, marketing, service stability, and access to up-to-date technologies. Personal information is stored in the systems of the entrusted parties..
| Company | Contact | Purpose of Entrustment | Entrusted Items | Recipient Country | Time and method of Entrustment | Retention and Usage Period of Personal Information |
| Amazon Web Services Inc. | aws-korea-privacy@amazon.com | Provision of Services and Storage of Personal Information |
Name, E-mail, Password, Company Name, Country |
Japan | Transferred over the network at the time the user enters personal information on the website | Until the user withdraws membership or requests deletion of their personal information |
Article 8. Rights and Duties of Data Subjects and Exercise of Rights
- The data subject may at any time request the company to access, provide, correct, withdraw consent, delete, or suspend the processing of their personal information (hereinafter referred to as “access, etc.”).
- The exercise of rights may be made via written request, email, fax, or through the customer service center, and the company will promptly take necessary actions without delay.
- However, the company may refuse requests for access to or suspension of the processing of personal information if such requests fall under Article 35(4) or Article 37(2) of 「the Personal Information Protection Act.」
- Requests for correction or deletion of personal information cannot be fulfilled if the personal information is required to be collected under other laws and regulations.
- The data subject and their legal representative may exercise the following rights related to personal information protection against the company at any time.
- In principle, the company does not collect personal information from data subjects under the age of 16.
- Installation, Operation, and Rejection of Automatic Data Collection Devices
- The company uses cookies to store and retrieve user information from time to time in order to provide more appropriate and useful services. A cookie is a small text file sent by the server used to operate the company’s website to the user’s computer, which is stored on the user’s hard drive. Users may choose whether or not to allow the use of cookies. However, the company is not responsible for any service-related issues or limitations that may arise from the refusal to use cookies.
- How to Refuse Cookie Settings
- Users can configure the settings of their web browser to allow all cookies, to receive a notification each time a cookie is stored, or to reject the storage of all cookies
- How to Set Cookie Preferences (for Internet Explorer)
- Select “Internet Options” from the “Tools” menu
- Click on the “Privacy” tab
- Click “Advanced”.
- Choose whether to allow, block, or be prompted for cookies.
Article 9. Personal Data Destruction Procedure and Method
The company, in principle, destroys personal information without delay once the purpose of its collection and use has been achieved. The procedures, timelines, and methods for destruction are as follows:.
- Destruction Procedure
The information entered by the user is transferred to a separate database (or to separate physical files in the case of paper documents) after the purpose has been achieved. It is then retained for a certain period in accordance with internal policies and other applicable laws, or destroyed immediately. During this retention period, personal information stored in the database will not be used for any purpose other than those prescribed by law..
- Destruction Method
Electronic files containing personal information are destroyed using technical methods that prevent data recovery. Personal information printed on paper is destroyed by shredding or incineration.
Article 10. Measures to Ensure the Safety of Personal Data
The Company takes the following administrative, technical, and physical measures to safeguard personal data.
- Administrative Measures: Establishment, compliance, inspection, and training related to information security policies, guidelines, and internal personal information management plans
- Technical Measures: Management and authentication of access rights to personal information processing systems, installation and operation of access control systems and security programs, encryption of personal information, and secure transmission of encrypted data.
- Physical Measures: Establishment and operation of access control to data centers (computer rooms), etc.
Article 11. Contact Information for Privacy Officer and Relevant Department
- The company designates a Personal Information Protection Officer and relevant departments to protect users’ personal information and handle related complaints. The Personal Information Protection Officer (CPO) serves as the Data Protection Officer (DPO).
| Category | Name | Position | Contact |
| Privacy Officer | Nak-chun Sung | Director of Headquarters | 02-6488-3038 / ssung747@unionbiometrics.com |
| Department in Charge of Privacy Protection | IT Infra Team | Quality Innovation Headquarters | 02-6488-3240 / sung@unionbiometrics.com |
- For any inquiries, complaints, or requests for remedy related to personal information protection arising from the use of the company’s services (or business), please contact the Personal Information Protection Officer and the relevant department. We will respond and address your concerns without delay.
- If you need to report or consult regarding any other personal information infringements, please contact the following organizations.
- Personal Information Breach Reporting Center : 118 (privacy.kisa.co.kr)
- Personal Information Dispute Resolution Committee : 1833-6972 (kopico.go.kr)
- Supreme Prosecutors’ Office : 1301 (spo.go.kr)
- Police Agency : 182 (ecrm.cyber.go.kr)
Article 12. Changes in Personal Data Processing Policy and Obligation to Notify
- If there are any additions, deletions, or modifications to the contents of the Privacy Policy, we will notify users at least 7 days prior to the revision through the ‘Notices and Announcements’ section on the website.
- In the event of significant changes affecting users’ rights, such as the collection and use of personal information or provision to third parties, we will notify users at least 30 days in advance.
Link to previous Privacy Policy documents