LogIn

Privacy Policy

 Home / Privacy Policy

Article 1 (Purpose of Processing Personal Information)


ATTO INTERNET processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use is changed, we will take necessary measures, including obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

1. Service provision, member management - Provision of services, delivery of necessary information for service use, etc.

2. Fee settlement and contract fulfillment - Provision of services, sending invoices, delivery of information necessary for payment or settlement, etc.

3. Use for marketing and advertising - Provision of event and advertising information and delivery of information necessary for service use, etc.

Article 2 (Processing and Retention Period of Personal Information)


ATTO INTERNET processes and retains personal information within the period specified in accordance with the law or the personal information consent received from the data subject at the time of collecting personal information.

  • • Personal information will be retained and used for the above purposes from the date of consent to collection and use.
  • • Grounds for retention: Certification service related
  • • Related laws: 1) Records on payment and supply of goods, etc.: 5 years
                          2) Books and supporting documents related to transactions: 5 years (Framework Act on National Taxation, Corporate Tax Act, Value Added Tax Act, etc.)
                          3) Log record data, IP address, etc., required to provide data confirming the fact of communication: 3 months (Protection of Communications Secrets Act)
                          4) Records on display and advertisement: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)
                          5) Records on contract or withdrawal of subscription: 5 years
                          6) Important documents and slips related to commercial books and business: 10 years
                          7) Records on consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
                          8) Records on collection, processing, and use of credit information: 3 years (Act on the Use and Protection of Credit Information)

Article 3 (Provision of Personal Information to Third Parties)


ATTO INTERNET processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases where it is in accordance with the consent of the data subject, special provisions of the law, or as stipulated in Articles 17 and 18 of the Personal Information Protection Act.

ATTO INTERNET provides personal information to third parties as follows.

  • • Recipients of personal information: Digicert, Sectigo, Certum, Entrust, Globalsign Certification Authority
  • • Purpose of use of personal information of the recipient: E-mail, mobile phone number, name, company phone number, position, department, company information, etc.
  • • Retention by the Recipient.Period of use: Period set by the Certification Authority.

Article 4 (Rights and Obligations of Information Subjects and Legal Representatives and Methods of Exercising Them)


① The information subject may exercise the right to access, correct, delete, or suspend the processing of personal information at any time with respect to ATTO INTERNET.

② The exercise of the rights pursuant to paragraph (1) may be made in writing or by e-mail in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and ATTO INTERNET will take action without delay.

③ The exercise of rights pursuant to paragraph (1) may be made through an agent, such as a legal representative of the information subject or a person authorized by authority. In this case, you shall submit a power of attorney in accordance with the form of “Notice on How to Process Personal Information (No. 2020-7)" Appendix No. 11.

④ Requests for access to or suspension of processing of personal information may be restricted by the rights of the information subject in accordance with Article 35(4) and Article 37(2) of the Personal Information Protection Act.

⑤ Requests for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.

⑥ ATTO INTERNET requests access, correction, and correction in accordance with the rights of the information subject. When requesting deletion or suspension of processing, check whether the person who made the request is the person or a legitimate representative.

Article 5 (Creation of Items of Personal Information to be Processed)


ATTO INTERNET processes the following personal information items.

  • • Required items: E-mail, mobile phone number, name, company phone number, position, department, company name, address, representative name, business information, service use record, access log, cookies, access IP information, payment record
  • • Optional items: e-mail, name, contact information, company information related to customer inquiry.

Article 6 (Destruction of Personal Information)


ATTO INTERNET destroys personal information without delay when personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the purpose of processing.

If the personal information retention period agreed by the information subject has elapsed or the purpose of processing has been achieved, but the personal information shall be kept in accordance with other laws and regulations, the personal information may be transferred to a separate database (DB) or stored in a different storage location.

The procedure and method of destroying personal information are as follows.

  • • ATTO INTERNET selects the personal information for which the reason for destruction has occurred, and destroys the personal information with the approval of the person in charge of personal information protection
  • • The destruction method uses a technical method that does not allow the recording of information in the form of an electronic file to be reproduced.
  • • In accordance with the 'Personal Information Expiration Date', the personal information of users who have not used the service for one year is stored separately or destroyed.

Article 7 (Measures to Ensure Safety of Personal Information)


ATTO INTERNET takes the following measures to ensure the safety of personal information.

  • • Minimization and training of staff handling personal information: We implement measures to manage personal information by designating employees who handle personal information and minimizing it by limiting them to the person in charge.
  • • Establishment and implementation of internal management plan: We establish and implement an internal management plan for the safe processing of personal information.
  • • Technical measures against hacking, etc.: ATTO INTERNET installs a security program to prevent leakage and damage of personal information due to hacking or computer viruses, etc., and periodically updates it. During inspections, the system is installed in an area that is closed from the outside, and technically and physically monitored and blocked.
  • • Storage of access records and prevention of forgery or alteration: We store and manage records accessed to the personal information processing system for at least 6 months, and use security functions to prevent forgery, alteration, theft or loss of access records.
  • • Restriction of access to personal information: We take necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and control unauthorized access from the outside using an intrusion prevention system.
  • • Access control for unauthorized persons: We have a separate physical storage place where personal information is stored, and we establish and operate access control procedures for this.

Article 8 (Matters concerning the installation, operation and rejection of automatic personal information collection devices)


ATTO INTERNET uses 'cookies' to store and retrieve usage information from time to time in order to provide users with personalized services.

Cookies are a small amount of information sent by the server used to operate the website to the user’s computer browser and may be stored on the hard disk of the user’s PC computer.

  • • Purpose of use of cookies: It is used to provide optimized information to users by identifying the types of visits and uses of each service and website visited by the user, popular search terms, secure access, etc.
  • • Installation, operation, and rejection of cookies: You can refuse to store cookies through the option settings in the Tools >Internet Options>Privacy menu at the top of the web browser.
  • • If you refuse to store cookies, you may experience difficulties in using customized services.

Article 9 (Personal Information Protection Officer)


ATTO INTERNET is responsible for the processing of personal information, and designates a person in charge of personal information protection as follows to handle complaints and remedy damages of information subjects related to the processing of personal information.(Refund dates may vary depending on the certification authority CA policy.)

    Person responsible for personal information protection
  • • Name : EUNKUYOUNG, JEONG
  • • E-mail : help@letsbessl.com
  • Personal Information Protection Division
  • • Department : SSL Operation Team
  • • E-mail : help@letsbessl.com

The information subject may contact the person in charge of personal information protection and the department in charge of personal information protection regarding all personal information protection-related inquiries, complaint handling, and damage relief arising from the use of ATTO INTERNET's services (or business). ATTO INTERNET will answer and handle any inquiries from data subjects.

Article 10 (Remedies for Infringement of Rights and Interests)


In order to receive relief due to personal information infringement, the information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of the Korea Internet & Security Agency. For other personal information infringement reports and consultations, please contact the following organizations.

1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)

2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)

3. Supreme Prosecutor's Office: (without area code) 1301 (www.spo.go.kr)

4. Cyber Investigation Bureau, National Police Agency: 182 (ecrm.cyber.go.kr)

A person whose rights or interests have been infringed due to the disposition or omission of the head of a public institution in response to a request pursuant to the provisions of Article 35 (Access to Personal Information), Article 36 (Correction or Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may request an administrative appeal as stipulated by the Administrative Appeals Act.

Article 11 (Amendment of Privacy Policy)


The contents of this privacy policy can be viewed through the website at any time, and may be revised to amend related laws or provide better services, so please visit the website regularly to check it. ATTO INTERNET will notify you of any revision of the privacy policy through the website of each service.

• This Privacy Policy shall be effective from July 10, 2021

• The previous privacy policy can be found below.