Privacy Policy

RST Co., Ltd values your privacy and complies with the Personal Information Protection Act and other relevant laws. This Privacy Policy explains how we collect, use, and protect your personal information.

Privacy Policy

RST Co., Ltd (hereinafter "Company") values customer personal information and complies with the 「Personal Information Protection Act」, 「Act on Promotion of Information and Communications Network Utilization and Information Protection」, 「Consumer Protection in Electronic Commerce Act」, GDPR (General Data Protection Regulation), and other relevant laws. The Company informs customers about how personal information provided is used and what measures are taken to protect personal information through this Privacy Policy.

Article 1 (Items and Methods of Personal Information Collection)

① The Company collects the following personal information:

Required items: Name, affiliation (company name), email, phone number
Optional items: Position, department, address, service interests, service usage records, payment/tax invoice information

② Personal information collection methods include website (membership registration, inquiries, applications), email, phone, contract execution, seminar/training registration, online forms, etc.

Article 2 (Purpose of Personal Information Collection and Use)

The Company uses collected personal information for the following purposes:

Service provision and contract fulfillment including certification, verification, consulting
Customer management: consultation response, complaint handling, service-related guidance
Accounting and tax processing including fee settlement and tax invoice issuance
Marketing and promotion including seminars, newsletters, new service announcements (only with consent)
Legal compliance and dispute resolution

Article 3 (Retention and Use Period of Personal Information)

① The Company, in principle, destroys personal information without delay after the purpose of collection and use is achieved.

② However, the following cases are exceptions:

Contract and service fulfillment purpose: 3 years after service termination
Tax/accounting purpose: Retention period according to relevant laws (usually 5 years)
Marketing purpose: Until consent withdrawal

Article 4 (Destruction Procedures and Methods of Personal Information)

① Destruction procedure: After collection purpose is achieved, destroyed when retention period expires according to internal policies and laws.

② Destruction method:

Electronic file format: Permanent deletion by unrecoverable technical methods
Paper documents: Shredding or incineration

Article 5 (Provision of Personal Information to Third Parties)

① The Company, in principle, does not provide customer personal information to third parties.

② However, the following cases are exceptions:

When customer has given prior consent
When required by law
When necessary for service fulfillment such as joint verification with overseas certification bodies

Article 6 (Consignment of Personal Information Processing)

The Company may consign personal information processing tasks as follows for smooth service provision:

Cloud server operation: AWS, Google Cloud, etc.
Tax and accounting processing: External accounting firms
Marketing and newsletter delivery: Email service agencies

Management and supervision obligations for personal information protection are specified in contracts when consigning.

Article 7 (Rights of Data Subjects and Exercise Methods)

① Customers can request access, correction, deletion, and processing suspension of their personal information at any time.

② Consent withdrawal and marketing opt-out are reflected immediately.

③ Rights can be exercised via email (privacy@rstcert.com) or in writing.

Article 8 (Measures to Ensure Personal Information Security)

The Company safely manages personal information through the following measures:

Administrative measures: Establishment of internal management plans, regular employee training
Technical measures: Access control, encryption, security program installation, SSL implementation
Physical measures: Access restriction to computer rooms and document storage areas

Article 9 (Use and Rejection of Cookies)

① The Company may use cookies to provide customized services.

② Customers can refuse cookie storage through browser settings.

Article 10 (International Transfer of Personal Information)

Some of the Company's services are provided through overseas cloud servers.

Transfer countries: United States, Singapore
Transfer recipients: Cloud server providers (AWS, Google Cloud)
Transfer purpose: Stable data storage and service provision

Article 11 (Personal Information Protection Officer)

Name: Lee Hyun-ju
Position: CEO
Contact: support@rstcert.com / 02-3663-1347

Article 12 (Remedy for Rights Violations)

Customers can receive consultation on personal information violations through the following institutions:

Personal Information Infringement Report Center (118 without area code)
Personal Information Dispute Mediation Committee (www.kopico.go.kr)
GDPR applicable customers: Can report to relevant national supervisory authorities

Article 13 (Changes to Privacy Policy)

This Privacy Policy may be changed according to laws, government policies, and company internal policies. Changes will be announced through website notices or individual emails.

Effective date: September 1, 2025
Last revised: September 1, 2025

Personal Information Protection Officer

CEO Lee Hyun-ju

Personal Information Protection Manager

Department: Management Team

Contact Information

Phone: +82(2)3663-1347

Email: support@rstcert.com

Address: #807 Building B, 401, Yangcheon-ro, Gangseo-gu, Seoul, Republic of Korea

Remedy for Rights Violations

• Personal Information Protection Commission: privacy.go.kr (182 without area code)

• Personal Information Protection Comprehensive Support Portal: privacy.go.kr

• Personal Information Infringement Report Center: privacy.go.kr (182 without area code)

Effective Date

This Privacy Policy is effective from January 1, 2025.