Privacy Policy

General Provisions

Tatum Co., Ltd. (hereinafter "Tatum") makes every effort to protect your personal information safely and complies with the relevant laws and regulations of South Korea that information and communication service providers must adhere to, as well as privacy protection regulations and guidelines.
The privacy policy may be changed due to changes in laws or to provide better services. In such cases, Tatum will provide prior notice through announcements on the website or via email. The privacy policy is displayed in bold at the bottom of the main homepage screen.

Article 1 Collection and Use of Personal Information

The company collects and uses the user's personal information for the following purposes. The personal information being processed will not be collected or used for any purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent will be taken in accordance with Article 18 of the Personal Information Protection Act.


1. The collection and use of personal information is necessary for the use of Tatum's CSPM service provided by Tatum. If you refuse to collect personal information, your use of Tatum services may be restricted.

Article 2 Items of Personal Information Collected and Collection Method

1. The company collects only the minimum personal information necessary for service provision. When collecting the user's personal information, the company informs the user beforehand and seeks consent.

  • Demo application, product consultation

    Required items: Name, Phone Number, Email, Company Name, Department, Title


  • Information automatically collected during service use
    Collection items: Access IP information, Cookies, Visit History, Service Usage Records

2. During the process of consultation, suggestions, inquiries, etc., through web page services, emails, or phone calls, the user's personal information may be collected.

3. Information that is automatically collected during the use of the service may be generated and collected automatically during the use of PC and mobile web.

Article 3 Retention and Use Period of Personal Information

The company processes and retains personal information collected from users in accordance with the retention and use periods prescribed by law or personal information consent received when collecting personal information.

1. Inquiries
a. Record of customer consultation handling: 1 year

2. Electronic Commerce Act
a. Records related to contract or withdrawal of subscription: 5 years

b. Records related to payment and supply of goods: 5 years

c. Records related to consumer complaints or dispute resolution: 3 years

3. Protection of Communications Secrets Act
a. Visit records related to service use: 3 months

Article 4 Outsourcing of Personal Information

The company stipulates necessary matters to ensure the safe management of personal information during outsourcing contracts in accordance with relevant laws.

Article 5 Provision of Personal Information to Third Parties

The company processes personal information only within the scope of user consent and provides personal information to third parties only in special cases specified in Articles 17 and 18 of the Personal Information Protection Act.

Article 6 User Rights and How to Exercise Them

Users can always view or modify their personal information and can withdraw their personal information through the member withdrawal process.
If you wish to modify your personal information or withdraw membership, you can proceed as follows:

1. Users can modify all input information except for their ID on the 'Change Member Information' page.

2. Users can also request modifications and deletions through 02-6949-2446 or ask@tatumsecurity.com. However, to verify the identity of the requester as the information subject, the regulatory agency may require a separate standard form for identity verification.

3. If a user wishes to withdraw from the homepage, they can click the 'Membership Withdrawal' button on the 'Change Member Information' page of the Tatum homepage to proceed with account withdrawal.

4. Users can exercise their rights through the customer center, and can submit a request for personal information inspection, correction, deletion, or processing cessation in writing or via email in accordance with the standard form specified in Article 8 of the Enforcement Decree of the Personal Information Protection Act.

5. Users can exercise their rights to personal information through an agent; in this case, an additional power of attorney in accordance with the standard form specified in Article 11 of the Enforcement Decree of the Personal Information Protection Act must be submitted.

6. Even if a user requests withdrawal of consent to personal information, deletion, or processing cessation, if required by other laws, the retention period according to those laws may take precedence.

Article 7 Destruction of Personal Information

The company will promptly destroy personal information that has become unnecessary due to the expiration of the retention period or the achievement of the processing purpose.

1. If the retention period of personal information agreed upon by the information subject has expired or the purpose of processing has been achieved, and it must continue to be retained under other laws, the respective personal information will be transferred to a separate database (DB) or retained in a different location.

2. The process and method for destroying personal information are as follows:
a. Destruction process: The company selects the personal information for which a reason for destruction has occurred and receives approval from the person in charge of personal information protection to destroy the personal information.
b. Destruction method
– Printed personal information will be destroyed by shredding or incineration.
– Personal information stored in electronic file format will be deleted using methods that cannot recover or restore records.

c. Personal information validity period system (dormant account policy)
– The company differentiates long-term inactive customers (dormant accounts) who have not logged in or used the service for one year (including password changes and registration information updates).
– The company provides prior notice to the registered email of the customer 30 days before the point at which the customer is converted to a dormant account.
– Personal information of customers categorized as dormant accounts will be promptly destroyed once the purpose of collecting and using personal information has been achieved. However, if special provisions are stated in the relevant laws specified in Article 3 regarding the retention and use period of personal information, the period specified will be observed.

Article 8 Measures to Ensure the Safety of Personal Information

The company takes technical and managerial measures to ensure that the personal information of users is not lost, stolen, leaked, altered, or damaged.

1. Managerial/Technical measures
a. The company establishes and implements internal management plans for the safe handling of personal information.
b. Through an internal dedicated organization for personal information protection, the company confirms the implementation of personal information protection measures and the compliance of responsible persons, and immediately makes improvements when problems are found.
c. The company limits the number of people who can handle your personal information to the necessary minimum and regularly checks the internal security status to prevent personal information from being leaked. Regular training is provided regarding personal information protection obligations for personnel handling personal information.

2. Technical measures
The company has established and prepared necessary technical measures to ensure that your personal information is not lost, stolen, leaked, altered, or damaged due to hacking, etc.

Article 9 Installation and Operation of Automatic Personal Information Collection Devices and Refusal

1. The company uses 'cookies' to store user information in order to provide individual tailored services and retrieve them frequently.

2. Users have the option to choose regarding cookie installation. Therefore, users can set their web browser options to allow all cookies, check each time a cookie is stored, or refuse to store all cookies.

3. Methods for refusing cookie settings are as follows:
a. Internet Explorer: Select tools menu > Choose Internet Options > Click Privacy tab > Advanced privacy settings > Set cookie level
b. Chrome: Select settings menu > Choose to Show advanced settings > Privacy and security > Choose content settings > Set cookie level
c. Safari: Select preferences menu > Choose Privacy tab > Set cookie and website data level

4. Refusing cookie settings may cause difficulties in providing services.

Article 10 Personal Information Protection Officer and Person in Charge

The company has appointed a person in charge and responsible department as follows to protect users' personal information and handle complaints related to personal information.

1. Personal information protection responsible department and officer

  • Personal Information Protection Office - Operation Contact: 02-6949-2446, ask@tatumsecurity.com

  • Personal Information Protection Officer - Ha Hee-hun, Contact: 02-6949-2446, ask@tatumsecurity.com

2. Users can contact the personal information protection officer and responsible person for all inquiries, complaints, and damage relief related to personal information protection arising while using the company’s services (or business). The company will respond to and handle users' inquiries without delay.

3. For other reports or consultations related to personal information infringement, the following institutions can be contacted:
– Personal Information Infringement Reporting Center: (without area code) 118 / URL: privacy.kisa.or.kr
– Cyber Investigation Division of the Supreme Prosecutors' Office: (without area code) 1301 / URL: www.spo.go.kr
– Cyber Investigation Bureau of the National Police Agency: (without area code) 182 / URL: ecrm.cyber.go.kr
– Personal Information Dispute Mediation Committee: (without area code) 1833-6972 / URL: www.kopico.go.kr

Article 11 Obligation to Notify Changes to the Personal Information Processing Policy

This personal information processing policy was first established on October 26, 2020, and if there are any additions, deletions, or modifications due to changes in laws, policies, or security technology, it will be notified through the company's 'Notice' at least 7 days prior.
However, in cases where there are significant changes to user rights such as changes in the items of collected personal information or the purpose of use, it will be announced at least 30 days in advance and, if necessary, user consent will be obtained again.

– Date of initial implementation of personal information processing policy: October 26, 2020
– Date of last modification of personal information processing policy: December 21, 2022

TatumSecurity

© 2024

TatumSecurity

© 2024