HelloWorks Co., Ltd. complies with the personal information protection regulations under the Personal Information Protection Act and related laws, and the personal information processing policy is as follows. This personal information processing policy will take effect from the date of implementation, and in the event of changes, additions, deletions, or corrections based on laws and policies, we will notify you of the changes through a notice 7 days prior to their implementation.
Article 1. Purpose of Personal Information Processing
We process personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use changes, prior consent will be requested.
< Purpose of Processing >
a. Communication and data sharing with applicants (teachers) participating in the Naver Whale Book class experience program
b. Providing information to logistics companies for the transportation of rented devices (Whale Book)
c. Sharing relevant information upon request from Naver
Article 2. Methods of Collecting Personal Information and Retention Period
a. Collection Method: Completion and submission of Naver Form by applicants who accessed through QR and hyperlinks
b. Processing/Retention Period: 1 year after the end of the experience program (at the point of device recovery)
Article 3. Provision of Personal Information to Third Parties
We provide personal information to the following institutions and individuals, and the purpose and scope of the provision are as follows.
a. Recipient of Provision: Internet Post Office
b. Basis and Purpose of Provision: Providing sender and recipient information for the transportation of rented devices (Whale Book)
c. Personal Information Items Provided
– Sender: Name, Address (including postal code), Contact Information (mobile or landline), Email
– Recipient: Name, Address (including postal code), Contact Information (mobile or landline)
d. Retention and Use Period of Personal Information by the Recipient: 5 years (refer to the Internet Post Office Personal Information Processing Policy)
Article 4. Entrustment of Personal Information Processing
Currently, there are no matters entrusted for personal information processing. In the case of an entrusted contract, the compliance with personal information protection regulations, prohibition of third-party provision of personal information, and liability obligations will be clearly specified, and the agreement will be stored both in written and electronic form. We will notify you through notices and the personal information processing policy in case of a change in the contractor.
Article 5. Rights and Obligations of Data Subjects and Methods of Exercising Them
Users have the following rights as data subjects.
a. The personal information files held by HelloWorks Co., Ltd. can be requested for access in accordance with Article 35 of the Personal Information Protection Act (Access to Personal Information). However, the request for access may be restricted as follows in accordance with Article 35, Paragraph 4 of the Act.
– When access is prohibited or restricted by law
– When there is concern that it may harm the life or body of another person or unfairly infringe on the property or other interests of another person
– When it causes significant disruption to public institutions in performing any of the following tasks
– Tasks related to the imposition, collection, or refunding of taxes
– Tasks related to performance evaluation or admission selection in schools under the Elementary and Secondary Education Act and the Higher Education Act, lifelong education facilities under the Lifelong Education Act, and other higher education institutions established under other laws
– Tasks related to tests and qualification evaluations regarding academic background, skills, and employment
– Tasks regarding ongoing evaluations or judgments on compensation amounts and grants
– Tasks regarding audits and investigations ongoing under other laws
b. The personal information files held by HelloWorks Co., Ltd. can be requested for correction or deletion in accordance with Article 36 of the Personal Information Protection Act (Correction and Deletion of Personal Information). However, if such personal information is explicitly stated as collection targets under other laws, deletion cannot be requested.
c. The personal information files held by HelloWorks Co., Ltd. can be requested for suspension of processing in accordance with Article 37 of the Personal Information Protection Act (Suspension of Personal Information Processing). However, the request for suspension of processing may be refused in accordance with Paragraph 2 of Article 37 of the Act.
– When there are special provisions in law or it is unavoidable to comply with obligations under laws and regulations
– When there is concern that it may harm the life or body of another person or unfairly infringe on the property or other interests of another person
– When public institutions cannot perform their duties as stipulated by other laws without processing personal information
– When it is difficult to fulfill a contract if personal information is not processed, and if the data subject has not clearly expressed the intention to terminate the contract
Article 6. Items of Personal Information Processed
a. Required Items: Name, Affiliated Institution Name, Contact Information (Mobile), Email, Address (including postal code)
b. Optional Items: None
Article 7. Procedures and Methods for Destruction of Personal Information
a. Destruction Procedure
– Subject: All collected personal information that has exceeded the retention period or whose purpose has been achieved
– Procedure: Establish a destruction plan ⇨ Perform destruction ⇨ Report completion of destruction
b. Method of Destruction
– Electronic files: Permanently deleted in a way that cannot be restored
– Printed materials, written materials, and other recording media: Shredded or incinerated
Article 8. Measures to Ensure the Safety of Personal Information
HelloWorks Co., Ltd. takes measures to ensure the safety of personal information in accordance with the internal management plan for personal information, and the details are as follows.
1. Management of Personal Information Files
◎ HelloWorks Co., Ltd. stores and manages all personal information files handled at the business site in a separate location (offline: separate space / online: storage media (SSD, external hard drives, etc.)) and encrypts them.
2. Operation of Personal Information Protection Day
◎ Schedule: Every third Wednesday → Cybersecurity Diagnosis Day
◎ Content: Checking encryption measures for personal information files on PCs and verifying supplementary programs
3. Management of Access Rights
◎ Access to personal information processing tasks requires prior approval from the personal information protection officer and will be used after logging.
◎ Access rights to personal information processing tasks will be granted in the minimal scope necessary, and if the job changes, access rights to the personal information processing system will be modified or revoked without delay.
4. Access Control
◎ The personal information processing system, work computers, and mobile devices will not be used by default for P2P and sharing settings unless necessary.
◎ Access control (CMOS, OS password settings, etc.) will be implemented on work PCs.
◎ Access will be controlled with automatic logout if a handler has not processed work for a certain period of time in the personal information processing system.
◎ Measures will be taken against web vulnerabilities to prevent personal information from being leaked through the internet homepage.
5. Encryption of Personal Information
◎ Target for encrypted storage: Unique identification information, passwords
※ Passwords are one-way encrypted and cannot be decrypted.
◎ Method of encryption for work computers (PC)
– Use encryption features provided by Hangul (document encryption), Excel (workbook protection)
◎ Investigate the status and conditions regarding encryption measures monthly.
6. Prevention of Malicious Programs
◎ Security programs such as antivirus programs will be installed and operated to prevent personal information from being lost, stolen, leaked, altered, or damaged through malicious programs.
◎ Security programs will be kept up-to-date using automatic update functions or by performing updates at least once a day.
7. Safety Measures for Management Terminals
◎ To prevent personal information breaches such as leaks, safety measures must be taken for management terminals*.
– Take measures to prevent unauthorized persons from accessing and manipulating management terminals at will
– Take measures to ensure they are not used for purposes other than their original purpose
– Apply security measures to prevent infections from malicious programs
* Management terminals: Terminals that directly connect to systems for managing, operating, developing, and securing personal information processing systems (PCs, storage media, etc.)
8. Physical Access Restrictions
◎ Locations where personal information is stored restrict access by unauthorized persons.
– Maintain a log of access: Accessors, access time, purpose of access, affiliation, etc.
◎ Documents, auxiliary storage media, etc. containing personal information will be stored in a safe location with locking devices.
Article 9. Remedies for Rights Infringement
Data subjects can apply for dispute resolution or consultation at the Korea Internet & Security Agency Personal Information Violation Reporting Center for remedies arising from violations of personal information.
※ Personal Information Violation Reporting Center: Dial 118 without area code
Article 10. Personal Information Protection Officer and Contact Information
a. Personal Information Protection Officer: Choi Moo-geun, Platform Business Planning Team
b. Contact Information
– Email: helloworks@naver.com
– Landline: 02)2202-2335
Article 11. Changes to the Personal Information Processing Policy
a. This personal information processing policy is the initial draft document, and it will take effect from December 30, 2025.
b. If the personal information processing policy is revised, the previous policy can be confirmed through a separate hyperlink provided on this homepage.