Personal Information Processing Policy
<WORKUP Co., Ltd.>('https://www.workup.plus/'WORKUP' (hereinafter referred to as 'WORKUP')) has established and disclosed the following personal information processing policy in order to protect the personal information of information owners and to promptly and smoothly handle complaints related thereto in accordance with Article 30 of the Personal Information Protection Act. Article 1 (Purpose of processing personal information) The purpose of processing personal information files registered and disclosed by <WORKUP Co., Ltd.> in accordance with Article 32 of the Personal Information Protection Act is as follows.
Personal information items processed: <WORKUP Co., Ltd.> processes the following personal information items.

Name, date of birth, address, phone number, email address, credit card number, bank account information, etc.
The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.


  • Member registration and management
    Confirmation of intention to become a member, identification/authentication of person according to provision of membership service, maintenance/management of membership, prevention of misuse of service, confirmation of consent of legal representative when processing personal information of children under 14 years of age, various notices/notifications, handling of grievances We process personal information for this purpose.
  • Cloud HR solution service provided
    Personal information is processed for the purposes of providing cloud HR solution services such as HR and Organization management, payroll management, attendance management, recruitment management, and evaluation management, providing content, providing customized services, and identity verification and age verification.
    Collection method: website, written form, phone/fax, sweepstakes, delivery request, receipt from affiliates, collection through generated information collection tool

    Retention period:

    <ISU SYSTEM Co., Ltd.> processes and retains personal information within the personal information retention period pursuant to the law or the personal information retention period agreed upon when collecting personal information from the information owner. The processing and retention periods for each personal information are as follows.
    • Membership registration and management: Until withdrawal from the website, however, in the case of the following reasons, until the end of the relevant reason
      • If an investigation, investigation, etc. is in progress for violation of relevant laws and regulations, until the end of the investigation or investigation,
      • If any claims/debt relationships remain due to use of the website, until the relevant claims/debt relationships are settled.
    • Service provision: Until service supply is completed and fee payment/settlement is completed. However, in the following cases, until the end of the relevant period:
      • Records of transactions, including labeling and advertising, contract details and performance, in accordance with the Act on Consumer Protection in Electronic Commerce, etc.
        • Records of labeling and advertising: 6 months;
        • Records of consumer complaints or dispute resolution: 3 years;
        • Records of payment and supply of goods, etc.: 5 years;
        • Records of contracts or subscription withdrawals, etc.: 5 years
      • Records of credit information processing in accordance with the Act on Use and Protection of Credit Information
        • Records of collection/processing and use of credit information: 3 years
Article 2 (Provision of personal information to third parties)
  • In principle, the supplier uses personal information or provides it to a third party within the scope notified in “Collection and Use of Personal Information” and does not use it or provide it to a third party beyond this scope.
    However, in the following cases, personal information may be provided without consent as an exception.
    • When the end user consents in advance
    • When there is a request from an investigative agency or supervisory authority in accordance with the provisions of the law or in accordance with the procedures and methods set forth in the law for the purpose of investigation or investigation.
    • When necessary for fee settlement
    • When consent cannot be obtained even though it is necessary for the urgent benefit of the life, body, or property of the end user or a third party
  • The status of third party provision is as follows.

Recipients Purpose of recipients Items provided Retention period of the recipient
User operator and end users authorized by the user operator Viewing profilesin the WORKUP Services (viewing and managing for Administrators) Name, email, phone number (optional), location information (optional) Until deleted by the Company
Article 3 (Matters regarding entrustment of personal information processing)
  • <ISU SYSTEM Co., Ltd.> entrusts personal information processing tasks as follows to ensure smooth personal information processing.

    • User Consigned work
    - PortOne Co., Ltd
    - NCP
    - Modu Sign Co., Ltd.    		 -Settlement of usage fees
    -Data storage and infrastructure management
    -Provision of E-contracts API

  • When concluding a consignment contract, <ISU SYSTEM Co., Ltd.> prohibits the processing of personal information other than for the purpose of performing consignment duties, technical/administrative protection measures, restrictions on re-entrustment, management/supervision of the trustee, and compensation for damages in accordance with Article 26 of the Personal Information Protection Act. Matters related to responsibilities are specified in documents such as contracts, and supervise whether the trustee handles personal information safely.
  • If the details of the entrusted work or the trustee changes, the Company shall disclose it through this personal information processing policy without delay.
Article 4 (Destruction Procedures and Methods of Personal Information)
  • <ISU SYSTEM Co., Ltd.> destroys the personal information without delay when the personal information becomes unnecessary, such as when the personal information retention period has elapsed or the purpose of processing has been achieved.
  • In cases where personal information must continue to be preserved pursuant to other laws and regulations despite the expiration of the personal information retention period agreed to by the information owner or the purpose of processing has been achieved, the personal information may be transferred to a separate database (DB) or stored in a different storage location. and preserve it.
  • The procedures and methods for destroying personal information are as follows.
    • a. Destruction procedures
      <ISU SYSTEM Co., Ltd.> selects personal information that is grounds for destruction and destroys the personal information with the approval of the personal information protection officer of <ISU SYSTEM Co., Ltd.>.
    • b. Destruction methods
      <ISU SYSTEM Co., Ltd.> uses technical methods that render the records unrecoverable when destroying information in the form of electronic files.<ISU SYSTEM Co., Ltd.> destroys personal information printed on paper by shredding it with a shredder or incinerating it.
Article 5 (Matters Regarding the Rights and Obligations of the Information Owner and Legal Representative and Methods of Exercising Them)
  • The information owner may exercise the rights to view, correct, delete, or suspend processing of personal information at any time against ISU SYSTEM Co., Ltd.
  • The information owner may exercise his/her rights under Paragraph 1 through writing, e-mail, facsimile (FAX), etc., in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act to ISU SYSTEM Co., Ltd. In this case, ISU SYSTEM Co., Ltd. shall take necessary action immediately.
  • The exercise of rights under Paragraph 1 may be done through an agent, such as the information owner's legal representative or a person authorized to do so. In this case, you must submit a power of attorney in the form of Appendix No. 11 of the “Notice on Personal Information Processing Methods (No. 2020-7).”
  • The information owner's rights to request viewing and suspension of processing of personal information may be restricted pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
  • Requests for correction or deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.
  • <ISU SYSTEM Co., Ltd.> confirms whether the person who made the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing according to the rights of the information owner, is the person or a legitimate agent.
Article 6 (Matters Regarding Measures to Ensure the Safety of Personal Information) <ISU SYSTEM Co., Ltd.> takes the following measures to ensure the safety of personal information.
  • Regular self-audits
    <ISU SYSTEM Co., Ltd.> conducts self-audits on a regular basis (once a quarter) to ensure the stability of personal information handling.
  • Minimization and training of employees handling personal information
    <ISU SYSTEM Co., Ltd.> designates employees who handle personal information and implements measures to manage personal information by limiting it to the person in charge.
  • Establishment and implementation of internal management plan
    <ISU SYSTEM Co., Ltd.> establishes and implements an internal management plan for the safe processing of personal information.
  • Technical measures against hacking, etc.
    <ISU SYSTEM Co., Ltd.> ('WORKUP') installs security programs and conducts periodic updates and inspections to prevent leakage and damage of personal information due to hacking or computer viruses, and installs the system in an area where access from the outside is controlled. /Physically monitor and block.
  • Encryption of personal information
    <ISU SYSTEM Co., Ltd.> stores and manages users' personal information and passwords by encrypting them. For important data that only you can see, separate security features such as encrypting files and transmission data or using the file lock function are used.
  • Storage of access records and prevention of forgery/modification
    <ISU SYSTEM Co., Ltd.> stores and manages records of access to the personal information processing system for at least one year. However, when <ISU SYSTEM Co., Ltd.> adds personal information about 50,000 or more information owners or processes unique identification information or sensitive information, it stores and manages the information for more than 2 years. In addition, <ISU SYSTEM Co., Ltd.> uses security functions to prevent access records from being forged/altered, stolen, or lost.
  • Restrictions on access to personal information
    <ISU SYSTEM Co., Ltd.> takes necessary measures to control access to personal information by granting, changing, and deleting access rights to the database system that processes personal information, and uses an intrusion prevention system to control unauthorized access from outside. do.
  • Use of locking device for document security
    <ISU SYSTEM Co., Ltd.> stores documents and auxiliary storage media containing personal information in a safe place with a lock.
  • Access control for unauthorized persons
    <ISU SYSTEM Co., Ltd.> establishes and operates access control procedures for a separate physical storage location that stores personal information.
Article 7 (Matters Regarding Installation/Operation and Refusal of Devices that Automatically Collect Personal Information)
  • ISU SYSTEM Co., Ltd. uses ‘cookies’ to store usage information and retrieve it from time to time in order to provide individualized services to users.
  • Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser and are sometimes stored on the hard disk of the user's PC computer.
    • a. Purpose of use of cookies: They are used to provide optimized information to users by identifying visitation and usage patterns, popular search terms, secure access, etc. for each service and website visited by the user.
    • b. Installation, operation and refusal of cookies: You can refuse the storage of cookies through the option settings in the Tools>Internet Options>Personal Information menu at the top of your web browser.
    • c. If you refuse to store cookies, you may have difficulty using customized services.
  • In addition, <ISU SYSTEM Co., Ltd.> does not collect, use or provide behavioral information for online customized advertising, etc.
Article 8 (Matters Regarding Personal Information Protection Officers)
  • ISU SYSTEM Co., Ltd. is responsible for overall management of personal information processing and designates a personal information protection officer as follows to handle complaints and provide relief for damages from information owners related to personal information processing.
    ▶ Personal information protection officer
    Name: Myeongjun Kim
    Position: Team leader
    Contact: 02-6494-2947
    E-mail: sys_kmj@isu.co.kr
  • The information owner may contact the personal information protection officer regarding all personal information protection-related inquiries, complaint handling, damage relief, etc. that arise while using the service (or business) of ISU SYSTEM Co., Ltd. <ISU SYSTEM Co., Ltd.> will respond and process inquiries from the information owner without delay.
Article 9 (Methods of relief for infringement of rights and interests of information owner) The information owner may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc. in order to receive relief from personal information infringement.
For other personal information infringement reports and consultations, please contact the organizations below.
  • Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Reporting Center: (without area code) 118 (privacy.kisa.or.kr)
  • Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
  • National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

A person whose rights or interests have been infringed upon by a disposition or omission by the head of a public institution in response to a request under the provisions of Article 35 (Viewing Personal Information), Article 36 (Correction/Deletion of Personal Information), Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may request an administrative trial in accordance with the Administrative Appeals Act.
- Central Administrative Appeals Commission: (without area code) 110 (www.simpan.go.kr) Article 10 (Changes to the Personal Information Processing Policy) The company's personal information processing policy may be changed at any time due to changes in government laws and guidelines or changes in the company's internal policies, and any changes are notified through the website (https://www.workup.plus)
  • The purpose of processing personal information files registered and disclosed by <WORKUP Co., Ltd.> in accordance with Article 32 of the Personal Information Protection Act is as follows.
    • Personal information items processed: <WORKUP Co., Ltd.> processes the following personal information.
    • Company name, name, contact information, email, date of birth, address, phone number, credit card number, bank account information, etc.
  • The purpose of processing personal information files registered and disclosed by <WORKUP Co., Ltd.> in accordance with Article 32 of the Per2. sonal Information Protection Act is as follows.
    • Personal information collection method: Website (free trial, inquiry)

    Personal information being processed will not be used for purposes other than the following. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

  • Identity verification and personal identification according to application for information use and events
  • Provision of advertising information, statistics on members’ service use data

Consigned operation of the website to provide services (Until free trial and inquiry is completed or the consignment contract ends)
    1. The Company processes personal information deleted at the request of the user and legal representative so that it cannot be viewed or used for any other purpose in accordance with the “Personal Information Destruction Procedure and Method.”

This Personal Information Processing Policy is effective from June 1, 2024.