Privacy Policy
Law Firm Chowol (the "Firm") has established and publicly discloses this Privacy Policy to protect the rights and personal data of data subjects and to promptly and effectively handle any related concerns, in accordance with the Personal Information Protection Act of Korea.
Article 1: Purpose of Collection and Use, and Personal Information Collected
The Firm collects and processes personal data for the following purposes. The scope and content of data may vary depending on the type of position or relationship with the Firm.
1. Personal Information Collected
Professional Positions (e.g., Attorneys)
Purpose: To verify identity, academic and professional background, manage previous applications, decide on recruitment, issue notifications, and confirm future interest in employment
Items: Name, photograph, date of birth, gender, address, phone number, email address, academic background, certifications, employment history, military service, language proficiency, awards and disciplinary records, and any other personal data provided in submitted documents such as resumes, personal statements, and transcripts
Administrative Staff Positions
Purpose: Same as above
Items: Same as above, including evaluation results from Firm assessments
Clients
Purpose: To provide legal advice and communicate with the client, notify of legal updates and developments, and share information about seminars or events hosted or attended by the Firm
Items: Name, contact information (phone number and email address), name and address of company or organization, department and position, and any additional data provided by the client or generated in the course of providing legal services and related communications
2. Unique Identifiers (Optional)
Applicants (including foreigners)
Purpose: To verify identity
Items: Foreigner registration number, passport number
3. Sensitive Information (Optional)
Administrative Staff Applicants
Purpose: To review eligibility for recruitment
Items: Health-related data
Article 2: Retention and Disposal of Personal Information
Unless otherwise required by applicable laws, the Firm retains your personal data only for the period necessary to fulfill the above purposes. Once these purposes are achieved, your data will be securely deleted without undue delay.
Article 3: Provision of Personal Data to Third Parties
The Firm handles personal data only within the scope specified in this Policy. Personal data will only be shared with third parties with the prior consent of the data subject or where required by applicable laws. The Firm currently does not share personal data with any third parties.
Article 4: Outsourcing of Personal Data Processing
1. The Firm outsources personal data processing tasks as follows. Any changes to vendors or the scope of outsourced services will be publicly disclosed through this Policy:
Vendor | Outsourced Task |
Channel Corporation | Operation of client consultation system (ChannelTalk) |
FORCS Co., Ltd. | Execution of electronic contracts and notifications (eformsign) |
Dropbox, Inc. | Storage of data generated or provided during legal services |
Asana Inc. | Task management |
2. The Firm also outsources certain tasks to overseas entities for efficient processing:
Vendor / Contact | Country | Transferred Items | Purpose | Method & Timing | Retention Period | Right to Refuse and Consequences |
Dropbox, Inc. (privacy@dropbox.com) | USA | Same as above | Data storage | Transmitted via network at the time of creation | Same as this Policy | You may request refusal via the DPO, but service access may be restricted |
Asana Inc. (privacy@asana.com) | USA | Same as above | Task management | Same as above | Same as this Policy | Same as above |
3. The Firm ensures that its contracts with processors comply with applicable laws by specifying responsibilities, safeguards, restrictions on further use, and supervisory measures.
Article 5: Rights of Data Subjects and How to Exercise Them
1. Data subjects may request access to, correction, deletion, or suspension of the processing of their personal data, as permitted by law.
2. These rights may be exercised by a legal representative or authorized agent, with appropriate documentation.
3. The Firm will respond promptly and in accordance with the applicable legal procedures.
Article 6: Destruction of Personal Data
1. The Firm promptly destroys personal data that is no longer necessary for its intended purposes.
2. When legal retention is required, such data is stored separately.
3. The Data Protection Officer authorizes all destruction activities.
4. Electronic data is permanently deleted in a non-recoverable manner, while physical documents are shredded or incinerated.
Article 7: Inquiries and Complaints
For any inquiries, complaints, or requests related to the handling of personal data, please contact:
- Data Protection Officer: Attorney Jaewoo Park
Email: jwpark@chowol.co.kr
- Data Protection Team
Contact Person: Manager Inhye Yang
Department: Administration
Email: zihyang@chowol.co.kr
Article 8: Measures to Ensure the Security of Personal Data
The Firm takes the following measures to ensure the security of personal data:
- Administrative: Implementation of internal privacy policies and regular training for staff
- Technical: Access control for systems, encryption of unique identifiers, installation of security software
- Physical: Restricted access to server rooms and document archives
Article 9: Amendments to This Policy
This Privacy Policy may be updated in accordance with changes in laws, regulatory guidelines, or the Firm’s internal policies. Any revisions will be announced through appropriate channels as required by law.
Effective Date: January 6, 2025.
