Privacy Policy

Privacy Policy

Rebellions Inc. (“the Company” or “we”) processes and securely manages personal information in compliance with the「Personal Information Protection Act」 and related laws. In accordance with Article 30 of the 「Personal Information Protection Act」, we have established and publicly disclosed this privacy policy to guide our employees and job applicants ("Employees etc.") on the procedures and standards for personal information processing and to promptly and handle any related grievances.

1. Purpose of processing personal information, collected information, retention and usage period

The personal information processed by the Company is not used for any purposes other than those for which it was collected. Should the purpose of use change, the Company shall obtain separate consent or take necessary measures as required by Articles 18, 15(3), and 17(4) of the 「Personal Information Protection Act」.

1. The Company processes and retains personal information within the period of retention and use consented to by Employees, etc., or as required by law. 
2. The categories, purposes, and periods of retention and use of the personal information processed by the Company are as follows:
   • Employees

     Collected/Used Information		Collection/Usage Purpose	Retention/Usage Period
     [General]	[Name, Phone Number, Email, Date of Birth, Address, Nationality, Cover Letter, Resume, Educational Background, Work Experience, Military Service Details, Qualifications, Foreign Language Scores, Photo]	[Human Resource Management, Job Development and Talent Cultivation, Administrative Support]	[During the period of the employee's employment with the company and up to 3 years after leaving the company]
     [HR]	[Employee Number, Date of Joining/Leaving, Job Role, Position, Rank, Department Name, Leave of Absence, Rewards and Disciplinary Actions, Internal/External Training Information]
     [Financial]	[Bank, Bank Account No]	[payroll, welfare benefits]	[Same as above]
     [Family]	[Family Status, Name, Resident Registration Number]	[Welfare Benefits, Dependent Registration]	[Same as above]
     [Identification Numbers]	[Resident Registration Number, Passport Number, Driver's License Number, Alien Registration Number]	[Compliance with obligations under the Labor Standards Act, Income Tax Act, National Tax Basic Act, Occupational Safety and Health Act, and Worker's Retirement Benefit Guarantee Act]	[Same as above]

   • Job Applicants

     Collected/Used Information		Collection/Usage Purpose	Retention/Usage Period
     Information required for job applications	(Required) Name, Phone Number, Email, Resume, Field of Application (Optional) Date of Birth, Address, Cover Letter, Educational Background, Photo, Video, Qualifications, Work Experience, Portfolio, Career Description, Applied Field, Expected Salary, Previous Salary, Referrer, Application Route, and other unstructured information uploaded directly by the applicant or through attachments that can identify the individual	Guidance related to recruitment, delivery of announcements, contacts related to recruitment and website use, basis for assessing recruitment suitability and for document review/interviews, utilization of talent databases, etc.	For 3 years after application submission, but promptly discarded upon request for deletion by the information subject.

   • Website Inquirers

     Collected/Used Information		Collection/Usage Purpose	Retention/Usage Period
     Information required for inquiries	(Required) Name, Email Address, Related Field, Inquiry Content (Optional) Affiliation	Response to inquiries and history management	For 3 years after submission, but promptly discarded upon request for deletion by the information subject.

     Records that must be retained by law
     Documents related to health examinations	3 years (Occupational Safety and Health Act, Article 164, Paragraph 1, Subparagraph 7)
     Documents for employment contracts and verification of employees' work experience	3 years (Labor Standards Act, Article 42 and Enforcement Decree of the Same Act, Article 22, Subparagraphs 1 and 4)
     Documents for legal reporting of wage claims, income tax, etc.	5 years from the date the statutory reporting period expires (7 years for transactions conducted offshore) (National Tax Service Act, Article 85-3, Paragraph 2)

3. Circumstances under which the company can process personal information without the consent of Employees, etc., according to the Personal Information Protection Act and other laws, are as follows:

   Basis for processing personal information	Information
   In cases where there is a specific provision in the law or it is necessary to comply with legal obligations (Personal Information Protection Act, Article 15, Paragraph 1, Subparagraph 2).	[Name, Resident Registration Number, Alien Registration Number, Family Relationship, Family Members' Names, Family Members' Resident Registration Numbers]
   In cases necessary for the execution of a contract with the information subject or to take actions in accordance with the information subject's request in the process of entering a contract (Personal Information Protection Act, Article 15, Paragraph 1, Subparagraph 4).	[(At the time of employment contract signing) Resume, Diploma, Transcript, Work Experience, Place of Residence, etc.]
   In cases where it is recognized as necessary for the urgent interests of the life, body, or property of the information subject or a third party (Personal Information Protection Act, Article 15, Paragraph 1, Subparagraph 5).	[Family Relationship, Name, Resident Registration Number, Address, Contact Information, Location Information]
   In cases necessary for achieving the legitimate interests of the personal information processor, where it clearly takes precedence over the rights of the information subject (Personal Information Protection Act, Article 15, Paragraph 1, Subparagraph 6).	[Video stored in the company's video information processing devices]
   In cases urgently needed for public safety and well-being, such as public health (Personal Information Protection Act, Article 15, Paragraph 1, Subparagraph 7).	[Name, Contact Information, (In case of an epidemic) Outbreak Log, Movement Trajectory]

2. Outsourcing of Personal Information Processing

1. The Company outsources the following tasks to ensure smooth processing of personal information.

   Service Provider	Outsourced task
   Labor Law Firm Cho & Jung	Payroll service
   Doodlin	Recruitment management service
   Flex	HR management service

2. The Company ensures that the outsourcing contract includes provisions for prohibiting personal information processing beyond the scope of the outsourcing purpose, technical and administrative protection measures, limitations on re-outsourcing, management and supervision of the subcontractor, and liability for damages in accordance with Article 26 of the「Personal Information Protection Act」.
3. The Company shall promptly disclose any changes to the content of the outsourced work or the subcontractor through this privacy policy. 

3. Rights, Obligations, and Exercise thereof by Information Subjects (Employees etc.)

As information subjects, Employees may exercise the following rights:

1. Right to request access, correction, deletion, or suspension of processing of their personal information at any time.
2. The rights in paragraph (1) can be exercised through written, email, or Fax in accordance with Article 41 of 「Personal Information Protection Act」, to which the Company shall respond promptly.
3. The rights may be exercised through a legal representative or an agent. In such case, the subject is required to submit a letter of delegation as specified in the attached Form 11 of the  「Enforcement Rule of the Personal Information Protection Act」. 
4. An information subject’s request for permission to access his/her personal information or suspend processing thereof may be rejected under Article 35 (4) or 37 (2) of the 「Personal Information Protection Act」.
5. Correction, deletion of personal information may not be requested if the said information is subject to collection under other statutes.
6. Upon request of access, correction, deletion, the Company shall verify the person making the request is the information subject or his/her legitimate representative.

4. Disposal of Personal Information

1. The Company shall, upon the expiration of the retention period or the achievement of the purpose of processing such information, promptly discard the said information.
2. Notwithstanding the expiration of the personal information retention period consented to by Employees etc. or the achievement of the purpose for which the personal information was processed, if there is a requirement to continue retaining the personal information in accordance with other laws, the Company shall transfer such personal information to a separate database (DB) or preserve it in a different storage location.
3. The Company shall identify personal information for which a reason for destruction has occurred and shall destroy such personal information upon obtaining approval from the Company's Chief Privacy Officer.
4. The Company shall discard personal information recorded and stored in electronic file format in such a manner that the records cannot be reproduced, and personal information recorded and stored on paper documents shall be discarded by shredding.

5. Personal Information Security Measures

The Company undertakes the following measures to ensure the safety of personal information.

Administrative Measures	Establishment and operation of internal management plans for personal information protection Operation of a Personal Information Protection Committee Minimization and education of employees handling personal information
Technical Measures	Access control management for personal information processing systems Use of encryption or file locking functions for personal information Establishment of technical measures against hacking, installation of security programs, and regular updates and checks Installation of systems in areas controlled against external access, technically and physically monitored and blocked
Physical Measures	Access control of personal information by granting, changing, and deleting access rights to PCs and files processing personal information

6. Installation, Operation, and Disabling of Automatic Information Collection Tool

1. The Company may use “cookies” to store and retrieve information of Employees etc.
2. Cookies are small data files that are sent from the server (http) of the website to the users’ computer, sometimes stored on the hard disc within the users’ PC.
   • Purpose of cookies: Cookies help website remember information about users’ visit, which enhances convenience and usability.
   • Installation, operation, disabling of cookies: Cookies can be disabled in the settings of browser options.
     • Edge: Settings at the top right > Cookies and site permissions > Manage and delete cookies and site data
     • Chrome: Settings at the top right > Privacy and security > Cookies and site data
3. Disabling cookies may limit the users’ ability to use the service. 

7. Installation and Operation of Image Processing Devices

1. The Company has installed and is operating image processing devices as below:
   1. Reason and Purpose of Installation: [Crime/fire prevention, security] 
   2. Number/Location/Scope of Devices: [9 across the main office properties, encompassing the surrounding areas] 
   3. Jeongja Office 7F: 1, 8F: 3, 1F: 1, Pangyo Office: 4
   4. Responsible Department and Person: [Cruise Team, Yumi, Bae]
   5. Recording Time, Retention Period/Location, and Processing Method
      • Recording Time: Conditional 24-hour recording (only when motion is detected)
      • Retention Period: Up to 60 days from the time of recording
   6. Retention Location and processing Method: Stored and processed in control rooms on each floor (videos from the 7th and 8th floors are stored and processed on the 8th floor) 
   7. Process and Location for Video Information Verification: [Inquire the responsible person (Cruise Team, Yumi, Bae)] 
   8. Actions Regarding Requests for Access to Video Information by the Subject: [Application must be made via a Personal Video Information Access/Existence Verification Request Form, and access is permitted only in cases where the subject is recorded in the video, or it is clearly necessary for the protection of the subject’s life, body, or property]
   9. Documents related to health examinations Technical, Managerial, and Physical Measures for the Protection of Video Information: [Establishment of an internal management plan, access control and restriction of access rights, application of secure storage and transmission technology for video information, maintenance of processing records and measures against alteration, provision of storage facilities and installation of locks]

8. Chief Privacy Officer

1. The Company has designated a Chief Privacy Officer responsible for protecting personal information of Employees etc. as well as handling complaints and infringements related thereto.

   Chief Privacy Officer	CFO / Seongkyu Shin
   Responsible Department	Cruise Team
   Contact	070-4104-8890

2. Employees etc. may request access to his/her personal information to the Responsible Department mentioned in Paragraph 1 in accordance with Article 35 of 「Personal Information Protection Act」. 
3. Employees etc. may submit inquiries, complaints, infringements related to his/her personal information to the Chief Privacy Officer and the Responsible Department.

9. Personal Information Protection Institutions

Should those affected not be satisfied with how the Company handled infringements or damages related to personal information, they may seek further assistance from below institutions.

• Personal Information Infringement Report Center (operated by KISA)
  • Duties: Reporting personal information infringements and consultation requests
  • Homepage: privacy.kisa.or.kr / www.privacy.go.kr
  • Phone: 118
  • Address: (58342) 9 Jinheung-gil, Bitgaram-dong, Naju-si, Jeollanam-do, KISA Personal Information Infringement Report Center

• Personal Information Dispute Mediation Committee
  • Duties: Application for personal information dispute mediation, collective dispute mediation
  • Homepage: www.kopico.go.kr
  • Phone: 1833-6972 
  • Address: (03171) 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul

• Cyber Security Division, National Police Agency: 182 (ecrm.police.go.kr)
• Cybercrime Investigation Division, Supreme Prosecutor’s Office: 1301 (www.spo.go.kr)

10. Changes to the Privacy Policy

This Privacy Policy is applied from March 5, 2024. Any further modifications to the statutes will be notified via this Privacy Policy.