Privacy Policy

One Steel Resources Trading Co., Ltd. handles personal information collected and held in a safe and legal manner in accordance with relevant laws and regulations.
One Steel Resources Trading Co., Ltd. (hereinafter referred to as the ‘Company’) values the personal information of customers and complies with the Act on the Promotion of Information and Communications Network Utilization and Information Protection.
Through the personal information handling policy, the company informs you about the purpose and method of using the personal information you provide, and what measures are being taken to protect your personal information.
When the company revises the privacy policy, the company will notify the revision through the website.
This policy is effective from January 30, 2022.

1. Personal information collection items and methods

The company collects personal information as follows within the minimum range necessary to provide services. When collecting personal information, we must notify the user in advance and ask for their consent.

  • Collection items (required): ID, password, email, company name, name
  • How to collect personal information: Sign up for membership
  • Collection items (required): name, email
  • How to collect personal information: Online Inquiry
  • In the process of using the service, information such as access log, IP address, cookie, visit date and time, illegal use record, service use record, etc. may be automatically generated and collected.

2. Purpose of use of personal information

One Steel Co., Ltd. uses personal information only for the following purposes, such as member management of all services related to One Steel Resources (web PC/mobile), service development, provision and improvement, and establishment of a safe Internet use environment.

1) Sign Up

  • - Member management such as confirmation of intention to join membership, identification of users and legal representatives, identification of users, confirmation of intention to withdraw from membership
  • - Collection of customer information to provide event information, participation opportunities, and advertising information (used for marketing and advertising purposes)
  • - Delivery of notices such as restrictions on the use of members who violate laws and regulations and terms of use, prevention of acts that impede the smooth operation of the service, including illegal use, and re-enactment, prevention of account theft and illegal transactions, and revision of terms and conditions , user protection and service operation, such as record retention for dispute resolution and civil complaint handling

2) Online Inquiry

  • - Service provision, inquiry or complaint handling, etc.
  • - Service operation and anonymization are used as statistical data to improve existing services or discover new service elements

3) Customer Center

  • - Service provision, inquiry or complaint handling, etc. service operation and anonymization are used as statistical data to improve existing services or discover new service elements
  • - Use restrictions on members who violate laws and regulations and terms of use of One Steel Resources Trade, prevention and sanctions against acts that interfere with the smooth operation of the service, including illegal use, prevention of account theft and illegal transactions; User protection and service operation such as delivery of notices such as amendments to terms and conditions, preservation of records for dispute resolution, and complaint handling

3. Period of retention and use of personal information

In principle, after the purpose of collecting and using personal information is achieved, the information is destroyed without delay.
However, if it is necessary to preserve it in accordance with the provisions of the relevant laws, the company keeps the member information for a certain period as stipulated by the relevant laws and regulations as follows.

  • Retention items: Same as Article 1 personal information collection items
  • Basis for retention: Member consent (however, for pseudonymous information, related provisions of the Personal Information Protection Act)
  • Retention period: Membership retention period (However, pseudonym information is defined as until the company needs it, and in the case of a lawyer's identity document, it is destroyed immediately upon completion of the lawyer's approval)

However, even after membership withdrawal, the following information is retained for the period specified for the following reasons.

1) Items necessary for service operation and protection of member rights

  • Retention items: ID, e-mail address, member classification
  • Basis for preservation: Consent of members (prevention of re-registration of bad users, disputes regarding infringement of rights such as defamation and cooperation in investigations)
  • Retention period: 1 year after membership withdrawal

2) Required items related to the use of service postings

  • Retention items: information written in service posts
  • Grounds: Member consent (preservation of member inquiries and posts made by members)
  • Retention period: Until the request for deletion of the relevant post

3) Items necessary for handling consumer complaints and disputes

  • Retention items: records of consumer complaints or disputes
  • Grounds Act: Act on Consumer Protection in Electronic Commerce, Etc.
  • Retention period: 3 years from the date of occurrence

4. Procedure and method of destruction of personal information

In principle, the company destroys the information without delay after the purpose of collection and use of personal information is achieved.
The destruction procedure and method are as follows.

  • Destruction procedure

    • Personal information printed on paper: crushed with a shredder or incinerated
    • Personal information stored in the form of an electronic file: Deleted using a technical method that cannot reproduce the record
  • Destruction method

    • Personal information stored in electronic file format is deleted using a technical method that cannot reproduce the record.

5. Provision and consignment of personal information

In principle, the company does not provide users' personal information to external parties. However, in the following cases, personal information is provided to third parties in exceptional cases.

  • - When users have agreed in advance
  • - When there is a request from the investigation agency in accordance with the provisions of laws and regulations or in accordance with the procedures and methods stipulated in the laws for the purpose of investigation

6. Measures to secure the safety of personal information

In handling users' personal information, the company is taking the following technical and administrative measures to ensure stability so that personal information is not lost, stolen, leaked, altered or damaged.

1) Personal information encryption
Users' personal information is protected by a password, and important data is protected through separate security functions such as encrypting files and transmission data or using a file lock function.

2) Technical measures against hacking
In order to prevent leakage or damage to users' personal information by hacking or computer viruses, the company implements an access control function on personal information from the outside, and periodically updates the vaccine program to prevent personal information from being violated there is.

3) Restriction of access to personal information processing system
The company records details of granting, changing, and canceling access rights to personal information handlers, stipulates and operates the password generation method and change cycle as follows, and is taking necessary measures to restrict access to other personal information. .
a. Combination of each of the following character types is composed of a minimum length of 8 characters or more and a maximum length of 16 characters or less.
■ English case
■ Numbers
■ Special Characters
b. Do not use easy-to-guess personal information such as consecutive numbers, birthdays, phone numbers, and passwords similar to IDs
c. Change the password at least once every semi-annual

4) Training of personal information handling staff
We are implementing administrative measures such as limiting and minimizing the number of employees handling personal information to the person in charge, providing regular education on acquisition of new security technologies and obligations to protect personal information, and managing access rights by assigning a separate password.

5) Personal ID and password management
In principle, the ID and password used by the user are to be used only by the user. The company is not responsible for any problems caused by the leakage of personal information such as ID and password due to the user's personal negligence, or for any incidents that occur due to the basic risks of the Internet. Change your password frequently with a security awareness of passwords, and pay special attention not to leak personal information when logging in from a public PC.

7. Matters concerning the rights and obligations of data subjects and methods of exercising them;

Website users can inquire or modify their registered personal information at any time.
If you request correction of errors in personal information, the personal information will not be used or provided until the correction is completed.
In addition, if incorrect personal information has already been provided to a third party, the result of the correction will be notified to the third party without delay so that the correction can be made.
The company handles personal information canceled or deleted at the request of the user as specified in the "period of retention and use of personal information collected by the company"
to prevent it from being viewed or used for other purposes. are processing.

8. Matters concerning the installation and operation of the automatic personal information collection device and its rejection

The company uses 'cookies' to store and find users' information from time to time. Cookies are files containing information about Internet use that the company's server sends to the user's computer using the company's website and is stored on the user's computer hard disk.

  • [Purpose of use of cookies]
    Target marketing and personalized services are provided by analyzing the access frequency and visit time of members and non-members, identifying users' tastes and interests and tracking traces, and identifying the degree of participation in various events and the number of visits, etc.

  • [How to reject cookie settings]
    Users have the option to install cookies. Users can allow all cookies by setting options in the web browser, check each time a cookie is saved, or refuse to save all cookies.

  • [Setting method]
    For Internet Explorer: Tools > Internet Options > Privacy at the top of your web browser
    For Chrome: Settings menu on the right side of the web browser > Show advanced settings at the bottom of the screen > Content setting button for personal information > Cookies

9. Civil service related to personal information

In order to protect personal information and handle complaints related to personal information, the company has designated the relevant department and personal information manager as follows.

  • Phone number: +82 2-564-1388
  • E-mail: one@one-steel.co.kr
  • Person in charge of personal information management: Person in charge

You can report any complaints related to personal information protection that occur while using the company's services to the person in charge of personal information management or the department in charge.
The company will provide prompt and sufficient answers to users' reports.

10. Matters concerning changes to the personal information processing policy

If the company revises the personal information processing policy, it will be notified through the notice on the website at least 7 days in advance. However, in the event of significant changes, such as changes in the items of personal information collected or the purpose of use, notice at least 30 days in advance and, unless otherwise notified, take effect after 30 days have elapsed. In addition, the company may obtain separate consent from members if necessary in accordance with related laws.

11. Remedies for Infringement of Rights

If your rights and interests regarding personal information have been violated or you need advice, please contact the following organizations.