OKESTRO
Privacy Policy

Download Previous Version

OKESTRO complies with the Personal Information Protection Act and related laws and regulations to protect the freedom and rights of information subjects, lawfully processing and securely managing personal information. Pursuant to Article 30 of the Personal Information Protection Act, OKESTRO establishes and discloses a privacy policy to inform information subjects of the procedures and standards for processing personal information, and to promptly and smoothly address related grievances.

Purpose of processing personal information, items collected, retention and use period.

OKESTRO processes the personal information of the data subject as follows:

Customer using the website

Service Purpose of collection Items collected Retention and use period
Customer inquiries Processing of confirming the inquirer, replying to inquiries, etc. [Required] Name, email address, phone number, inquiry content Until 3 years after the inquiry or withdrawal of consent
※However, it is stored according to the legal obligation retention period.
Statistics on performance information and development of new services Statistical information on product/service usage performance, development of new services [Required] Various automatically generated information and service usage records generated during service usage (app usage history, search history, records of improper use, access logs, cookies), information such as posts/other contents created by the data subject, device information (OS/screen size, device ID), IP address Until 3 years after inquiry or withdrawal of consent
※However, it is stored according to the legal obligation retention period
Promotion and marketing Providing services and advertising based on statistical characteristics, providing advertising (customized) information [Optional] Name, Email Address, Phone Number Until 3 years after inquiry or withdrawal of consent
Service Purpose of collection
Customer inquiries Processing of confirming the inquirer, replying to inquiries, etc.
Statistics on performance information and development of new services Statistical information on product/service usage performance, development of new services
Promotion and marketing Providing services and advertising based on statistical characteristics, providing advertising (customized) information
Items collected Retention and use period
[Required] Name, email address, phone number, inquiry content Until 3 years after the inquiry or withdrawal of consent
※However, it is stored according to the legal obligation retention period.
[Required] Various automatically generated information and service usage records generated during service usage (app usage history, search history, records of improper use, access logs, cookies), information such as posts/other contents created by the data subject, device information (OS/screen size, device ID), IP address Until 3 years after inquiry or withdrawal of consent
※However, it is stored according to the legal obligation retention period
[Optional] Name, Email Address, Phone Number Until 3 years after inquiry or withdrawal of consent

Job Applicant

Service Purpose of collection Items collected Retention and use period
Job Application Verification of the applicant's identity, progress and management of the hiring process, verification of experience and qualifications, decision and notification of hiring status, verification of past application history, confirmation of intention to apply for additional hiring [Required] Name, mobile phone number, email address, date of birth, educational background, military service, work experience, foreign language, and other qualifications.
[Optional] Photo, reason for application, other notes
(If not hired) Up to 3 years after notification of rejection
※However, in cases where it must be preserved rather than destroyed in accordance with relevant laws and regulations, it will last until the relevant period.
Service Purpose of collection
Job Application Verification of the applicant's identity, progress and management of the hiring process, verification of experience and qualifications, decision and notification of hiring status, verification of past application history, confirmation of intention to apply for additional hiring
Items collected Retention and use period
[Required] Name, mobile phone number, email address, date of birth, educational background, military service, work experience, foreign language, and other qualifications.
[Optional] Photo, reason for application, other notes
(If not hired) Up to 3 years after notification of rejection
※However, in cases where it must be preserved rather than destroyed in accordance with relevant laws and regulations, it will last until the relevant period.

※ Information subject to retention and disposal after a certain period in accordance with legal obligations is as follows.

Legal Basis Data Retention Retention Period
Article 6 of the Act on Consumer Protection in Electronic Commerce, etc. and Article 6 (1) of the Enforcement Decree Contract or subscription cancellation, payment, supply records of goods, etc. 5 years
Records of consumer complaints or dispute resolution 3 years
Records of display/advertisement 6 months
Framework Act on National Taxes Books and supporting documents for all transactions stipulated by tax laws 5 years
Article 22 (1) of the Electronic Financial Transaction Act and Article 12 (1) of the Enforcement Decree Records of electronic financial transactions 5 years
Article 15-2 of the Communications Secrets Protection Act and Article 41 (2) 2 of the Enforcement Decree Service visit records 3 months
Article 20 (2) of the Act on Use and Protection of Credit Information Records of collection, processing, and use of credit information 3 years
Article 71 of the Value Added Tax Act Issuing tax invoices to those who have received goods and services 5 years
Recruitment process (if there are preferential conditions) Disabled status, veteran status, elderly person status Disabled Welfare Act, Disabled Employment Promotion and Vocational Rehabilitation Act, Act on Honorable Treatment and Support of Persons of National Merit, etc.

Provision of personal information to third parties

  • OKESTRO processes the personal information of the information subject only within the scope specified in the purpose of processing personal information, and personal information is only processed in cases that fall under Articles 17 and 18 of the Personal Information Protection Act, including the consent of the information subject and special provisions of the law. is provided to a third party, and other than that, the personal information of the information subject is not provided to a third party.
  • OKESTRO does not currently provide personal information to third parties.
  • In accordance with the “Personal Information Processing and Protection Rules in Emergency Situations” jointly announced by government-related ministries, OKESTRO handles emergency situations such as disasters, infectious diseases, incidents/accidents causing imminent life or physical danger, and imminent property loss. In this case, personal information may be provided to relevant organizations without the consent of the information subject. For more details, please click here*.

In this case, OKESTRO will provide only the minimum necessary personal information in accordance with applicable laws and will not provide it for purposes other than those intended.

※ Information and communication service provider
A telecommunications business operator under Article 2, Paragraph 8 of the Telecommunications Business Act and a person who provides information or mediates the provision of information by using the telecommunications service of a telecommunications business operator for profit purposes

Entrustment of personal information processing

  • To ensure smooth personal information processing. OKESTRO entrusts the following personal information processing tasks.
    Person who is entrusted (trustee) Consignment work Retention and use period
    Stibee Co.,Ltd Email sending and management tasks. Until membership withdrawal or end of consignment contract (processing is entrusted only when the user uses the service)
  • When concluding a consignment contract, OKESTRO prohibits the processing of personal information for purposes other than the purpose of performing the entrusted work in accordance with Article 26 of the Personal Information Protection Act, technical and managerial protection measures, restrictions on re-entrustment, management and supervision of the consignee, and matters related to responsibility such as compensation for damages. Is specified in documents such as contract, and we supervise whether the trustee handles personal information safely.
  • If the details of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.

Destruction of personal information

  • When personal information becomes unnecessary, such as when the personal information retention period has expired or the purpose of processing has been achieved, OKESTRO destroys the personal information without delay.
  • In cases where personal information must continue to be preserved pursuant to other laws and regulations despite the expiration of the personal information retention period agreed upon by the information subject or the purpose of processing has been achieved, the personal information may be transferred to a separate database (DB) or stored in a different storage location. and preserve it.
  • The procedures and methods for destroying personal information are as follows. 1)Destruction Procedure
    OKESTRO selects the personal information that requires destruction and destroys the personal information with the approval of the personal information protection manager of <Personal Information Processor>.
    2)Destruction Method.
    OKESTRO destroys personal information recorded and stored in the form of electronic files so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by sharing or incineration.

Rights, obligations and exercise methods of information subjects and legal representatives.

  • The information subject can exercise his/her rights, such as requesting viewing, correction, deletion, and suspension of processing of personal information, at any time against the <personal information processor>.
  • Rights can be exercised against <Personal Information Processor> through writing, email, facsimile (fax), etc. in accordance with Article 41, Paragraph 2 of the Enforcement Decree of the Personal Information Protection Act, and OKESTRO will take action without delay.
  • Rights can also be exercised through an agent, such as the information subject's legal representative or a person authorized to do so. In this case, you must submit a power of attorney in the format of Annex No. 11 of the “Notice on Personal Information Processing Methods (No. 2023-12).”
  • Requests to view and suspend personal information processing may be restricted by Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
  • Requests for correction or deletion of personal information cannot be made if the personal information is specified as the subject of collection in other laws and regulations.
  • OKESTRO verifies whether the person making the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing, is the person or a legitimate agent in accordance with the information subject's rights.

Measures to ensure the safety of personal information.

OKESTRO is taking the following measures to ensure the safety of personal information.

  • Management measures: Establishment and implementation of internal management plan, operation of dedicated organization, regular employee training.
  • Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation, and update of security programs.
  • Physical measures: Access control to computer rooms, data storage rooms, etc.

Matters related to installation, operation and refusal of automatic personal information collection devices

  • OKESTRO uses 'cookies' to store usage information and retrieve it from time to time in order to provide individualized services to information subjects.
  • Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser and are sometimes stored on the hard disk of the user's PC computer. 1)Purpose of Cookie Use:
    Cookies are used to store user preferences, etc. to provide users with a faster web environment and to improve services for convenient use. This allows users to use the service more easily.
    2)Installation, operation and refusal of cookies:
    You can refuse the storage of cookies through the option settings in the Tools > Internet Options > Personal Information menu at the top of your web browser.
    3)If you refuse to store cookies, you may have difficulty using customized services.

Personal information protection manager and personal information access request

  • OKESTRO is responsible for the overall management of personal information processing, and has designated a personal information protection manager as follows to handle complaints and provide relief for damage from information subjects related to personal information processing.
  • The information subject may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the department below. OKESTRO will strive to promptly process the information subject's request to view personal information.
    Division Name, etc Contact
    Personal information protection officer Position: CEO
    Name: Kim MinJun, Kim YoungKwang
    Telephone : +82-2-6080-0029
    E-mail : info@okestro.com
    Personal information protection department
    Request to view personal information
    Department Name: Customer Support Center Telephone : +82-2-6080-0029
    E-mail : info@okestro.com
  • The information subject may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that arise while using OKESTRO's services (or business) to the personal information protection manager and responsible department. OKESTRO will respond and process inquiries from information subjects without delay.

How to Remedy for Rights Infringement

OKESTRO guarantees the information subject’s right to self-determination of personal information and strives to provide consultation and relief for damage caused by personal information infringement. If you need to report or consult, please contact the responsible department below.

Grievance handling department
Department name : Management Planning
Person in charge : Cho In-hwan
Contact information: <Phone : 02-6080-0029>, <E-mail : info@okestro.com>, <Fax : 02-6080-0029>

In order to receive relief from personal information infringement, the information subject may apply for dispute resolution or consultation to the Personal Information Dispute Meditation Committee, the Korea Internet & Security Agency’s Personal Information Infringement Reporting Center, etc. For other personal information infringement reports and consultations, please contact the organizations below.

Changes to personal information processing policy

This privacy policy is effective from May 20, 2024.

Orchestra Privacy Policy

In order to protect the freedom and rights of information subjects, Orchestra complies with the Personal Information Protection Act and related laws and regulations to legally process and safely manage personal information. In accordance with Article 30 of the Personal Information Protection Act, we have established and disclosed the following personal information processing policy to inform information subjects of the procedures and standards for processing personal information and to handle grievances related thereto promptly and smoothly.

Purpose of processing, items collected, retention and use period of personal information

Orchestra processes personal data of data subjects as follows

Customers using the home page

Services Purpose of Collection What we collect Retention and Usage Period
Customer inquiries To verify inquirers, reply to inquiries, etc. [Required] Name, email address, mobile phone number, inquiry details 3 years after inquiry or until consent is withdrawn *Stored in accordance with statutory retention periods
Performance information statistics and new service development Statistics of product/service usage performance information and development of new services [Required] Various automatically generated information and service usage records generated during service use (app usage history, search history, faulty usage history, access logs, cookies), information such as posts and other content created by the information subject, terminal information (OS/screen size, device ID), IP address for 3 years after the inquiry or until the consent is withdrawn *However, it is kept according to the statutory mandatory retention period
Public Relations and Marketing Provision of services and advertisements based on statistical characteristics, and provision of advertising (customized) information [Optional] Name, email address, mobile phone number 3 years after inquiry or until consent is withdrawn
Services Purpose of Collection
Customer inquiries Verify inquirers, reply to inquiries, and more
Performance information statistics and new service development Product/service usage information statistics and new service development
Public Relations and Marketing To provide services and deliver advertisements based on statistical characteristics, and to provide advertising (personalized) information
What we collect Retention and Usage Period
[Required] Name, email address, mobile phone number, inquiry details 3 years after inquiry or until consent is withdrawn *Stored in accordance with statutory retention periods
[Required] Various automatically generated information and service usage records (app usage history, search history, bad usage history, access logs, cookies) generated during service use, information such as posts and other contents created by the information subject, terminal information (OS/screen size, device ID), IP address for 3 years after the inquiry or until the consent is withdrawn *However, it is kept according to the statutory mandatory retention period
[optional] Name, email address, mobile phone number 3 years after your inquiry or until you withdraw your consent

Job applicants

Services Purpose of Collection What we collect Retention and Usage Period
Job Application To verify the applicant’s identity, conduct and manage the recruitment process, verify experience and qualifications, determine and notify whether or not to hire, verify past application history, and confirm the applicant’s intention to apply for further recruitment [Required] Name, mobile phone number, e-mail address, date of birth, education, military service, work experience, foreign language, and other qualifications [Optional] Photo, reason for applying, and other notes (In case of non-recruitment) Up to 3 years after notification of non-recruitment *But if it is required to be preserved without destruction in accordance with relevant laws and regulations, up to that period
Services Purpose of Collection
Job Application Verify applicant identity, conduct and manage the recruitment process, verify experience and qualifications, determine and notify employment status, check past application history, and confirm intent to apply for further employment
What we collect Retention and Usage Period
[Required] Name, mobile phone number, e-mail address, date of birth, education, military service, work experience, foreign language, and other qualifications [Optional] Photo, reason for applying, and other notes (In case of non-recruitment) Up to 3 years after notification of non-recruitment *But if it is required to be preserved without destruction in accordance with relevant laws and regulations, up to that period

The following information is stored for a certain period of time and then destroyed according to the statutory retention period.

Supporting legislation Retention Retention period
Article 6 of the Act on Consumer Protection in Electronic Commerce, etc. and Article 6(1) of the Enforcement Decree Records of contract or withdrawal of subscription, payment, supply of goods, etc. 5 years
Records of consumer complaints or dispute handling 3 years
Records about display/advertising 6 months
Internal Revenue Code Books and supporting documentation for all transactions required by tax law 5 years
Article 22(1) of the Electronic Financial Transactions Act and Article 12(1) of the Enforcement Decree Records on electronic financial transactions 5 years
Article 15(2) of the Protection of Communications Secrets Act and Article 41(2) of the Enforcement Decree Service visit records 3 months
Act on the Use and Protection of Credit Information, Article 20, Paragraph 2 Records on the collection, processing, and use of credit information 3 years
Article 71 of the VAT Act Issuance of tax invoice to the recipient of goods and services 5 years
Hiring process (if there are preferences) Disability, veteran status, elderly status Disability Welfare Act, Employment Promotion and Vocational Rehabilitation Act, National Meritorious Person Act, etc.

Provision of Personal Information to Third Parties

  • Orchestra processes the personal information of the data subject only within the scope specified for the purpose of processing the personal information, and does not provide the personal information of the data subject to a third party only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the data subject or special provisions of the law, and otherwise does not provide the personal information of the data subject to a third party.
  • Orchestra does not currently provide personal information to third parties.
  • Orchestra may provide personal information to related organizations without the consent of the information subject in the event of an emergency, such as a disaster, infectious disease, an event or accident that poses an imminent danger to life or body, or an imminent loss of property, in accordance with the “Guidelines for the Handling and Protection of Personal Information in the Event of an Emergency” jointly announced by the relevant government departments. For more information, please click here*.

In this case, Orchestra will only provide the minimum amount of personal data required under the applicable law and will not provide it for a purpose other than that for which it is intended.

Information and Communication Service Provider
A person who provides information or mediates the provision of information using the telecommunications services of a telecommunications carrier for commercial purposes with a telecommunications carrier pursuant to Article 2 (8) of the Telecommunications Business Act.

Outsourcing the processing of personal data

  • Orchestra outsources personal information processing as follows to ensure the smooth handling of personal information.
    Custodian (Trustee) Entrusted Business Retention and Usage Period
    Stevie Corporation Sending and managing emails Until withdrawal of membership or termination of consignment contract (consigned only when the user uses the service)
  • In accordance with Article 26 of the Personal Information Protection Act, when entering into a consignment contract, Orchestra specifies in the contract and other documents the prohibition of processing personal information for purposes other than the performance of the consignment, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and liability for damages, and supervises the consignee to ensure that the personal information is handled safely.
  • If the content of the consignment or the trustee changes, we will disclose it through this privacy policy without delay.

Destruction of personal information

  • Orchestra destroys personal information without delay when it becomes unnecessary, such as the expiration of the personal information retention period or the fulfillment of the purpose of processing.
  • If the personal information retention period agreed to by the information subject has expired or the purpose of processing has been achieved, but the personal information must continue to be retained in accordance with other laws and regulations, the personal information shall be moved to a separate database (DB) or stored in a different place.
  • The procedures and methods for destroying personal information are as follows: 1) Destruction Procedure Orchestraselects the personal information for which the reason for destruction has occurred, and destroys the personal information with the approval of the personal information protection officer of <Personal Information Processor>. 2) Destruction Method Orchestra destroys personal information recorded and stored in electronic files so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incineration.

Rights and obligations of information subjects and legal representatives and how to exercise them

  • You may exercise your rights to access, correct, delete, or request suspension of processing of your personal information at any time by contacting <and>.
  • The exercise of rights may be made in writing, email, facsimile transmission (FAX), etc. to <personal information processor>in accordance with Article 41, Paragraph 2 of the Enforcement Decree of the Personal Information Protection Act, and Orchestra will take action without delay.
  • You can also exercise your rights through a representative, such as a legal representative of the information subject or a person who has been authorized. In this case, you must submit a power of attorney in the form of Attachment 11 of the “Notification on the Method of Processing Personal Information (No. 2023-12)”.
  • Requests for access to personal information and suspension of processing may be limited by Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.
  • A request for correction or deletion of personal information cannot be made if the personal information is subject to collection under another law.
  • Orchestra will verify that the person making the request is the individual or his/her authorized representative in the event of a request for access, correction, deletion, or suspension of processing in accordance with the rights of the data subject.

Measures to ensure the safety of personal information

Orchestra takes the following measures to ensure the safety of your personal information.

  • Management measures: establishment and implementation of internal management plan, operation of dedicated organization, regular employee training
  • Technical measures: management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and renewal of security programs
  • Physical measures: Access control to computer labs, archives, etc.

Installation, operation and rejection of automatic personal information collection devices

  • Orchestra uses ‘cookies’ that store and retrieve usage information from time to time to provide individualized services to the information subject.
  • Cookies are small amounts of information sent to your computer’s browser by the server (http) used to run the website and are sometimes stored on your PC’s hard disk. 1) Purpose of use of cookies We use cookies to store your preferences and other settings to provide you with a faster web experience and to improve our services for your convenience. This makes it easier for you to use our services. 2) Installation, operation and rejection of cookies You can reject the storage of cookies through the tools at the top of your web browser>Internet Options>Privacy menu. 3) If you refuse to save cookies, you may experience difficulties in using customized services.

Privacy officers and requests for access to personal information

  • Orchestra is responsible for the overall handling of personal information, and designates a personal information protection officer as follows to handle complaints and damage relief of information subjects related to the handling of personal information.
  • The information subject may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following departments. Orchestra will endeavor to promptly process the information subject’s request for access to personal information.
    Category Full name, etc. Contact
    Privacy Officer Title : CEO Name : Kim Minjun, Kim Young Kwang Phone : 02-6080-0029 Email : info@okestro.com
    Personal Information Protection Department Personal Information Request Department Name : Customer Support Center Phone : 02-6080-0029 Email : info@okestro.com
  • The information subject may inquire about all personal information protection-related inquiries, complaints, damage relief, etc. arising from the use of Orchestra’s services (or business) to the personal information protection officer and the department in charge. Orchestra will respond to and handle inquiries from the information subject without delay.

Infringement remedies

Orchestra guarantees the right of self-determination of personal information of the information subject and strives to provide counseling and damage relief due to personal information infringement, and if you need to report or consult, please contact the department in charge below.

Grievance Department
Department : Business Planning
Accountants : Sumin Choi
Contact : <Phone +82-2-6080-0029> <Email info@okestro.com> <Fax +82-2-6080-0029>

The information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of the Korea Internet & Security Agency to receive relief from personal information infringement. For other reports and consultations on personal information infringement, please contact the following organizations.

Changes to your privacy policy

This Privacy Policy is effective as of May 20, 2024.