Article 1 (General provisions)
Article 2 (Collection and use of the personal information)
The “personal information” is the information about a living individual, such as a real name, that can identify each employee of the company (including the information that can easily identify a person by combining it with other information even if the information in question cannot identify the person). The company uses the collected personal information for the following purposes.
1. Handling matters related to the use contract such as service sign-up/change/cancellation, and inquiries related to the A/S.
2. Settlement, payment, and collection of the service charge, identity authentication, and providing the location-based service and customized service.
3. Determining whether the charge discount is applicable or not, and providing other services.
4. Introducing a new product that the company provides directly or through business alliances with other companies, guiding events, customer attraction and management, service site usage statistics, sending newsletters, and various marketing activities including a customer survey. Shipping goods, billing, identity authentication of the legal representative, and archiving for dispute settlement.
6. Commissioning of duties necessary for the fulfillment of the contract such as service provision to the trustee notified in this processing policy.
Article 3 (Personal data items to collect and collection method)
The company collects only the minimum amount of personal information needed for service subscription, consultation, and service provision. The company doesn’t collect any personal information that has a concern about violating the human rights of the customer significantly, such as race and ethnicity, ideology and creed, hometown and birthplace, political propensity and criminal records. However, exceptions apply if the customer agrees to collection.
1. The following personal data shall be collected.
A. Name/ID/password/business registration number/name of the contact person (for corporate member, etc.): For identification and demographic analysis when using, modifying, canceling the service.
B. E-mail address/land phone number/mobile phone number/address/fax, etc.: For billing, delivery of goods, delivery of notices, confirming own intention, processing of customer complaints and requests, new service or event, and introduction of new product.
C. Bank account information/credit card information/mobile phone information/payment history: For use fee payment and charge payment related to service use.
D. Service use record/billing and settlement/use suspension record, access log/cookie/connection IP/PC information: For service use fee payment and providing the location-based service and personalized service
2. The company collects the personal information using the following methods.
A. Collecting the personal information provided by the customer for sign-up (e.g., application form, Internet service site, phone, fax), consultation over the phone or Internet, applying for giveaway events, delivery request, or provided by related parties. Gathering the information generated while using the service or processing the business, or collected by the tool.
Article 4 (Method of agreeing to the collection and use of the personal information)
Article 5 (Retention and use period of the personal information)
The retention and use period of customer’s personal information are as follows.
1. The company retains and utilizes the collected personal information of the customer only for the period during which the customer uses the service (from the date of sign-up to termination) or the dispute settlement period (retention period). However, if specially stipulated in the law, the personal information will be retained according to the relevant laws and regulations.
2. The information will be retained for 6 months after termination to prepare for a dispute over charge settlement or incorrect charge. If there is default or payment in excess and the dispute over the charge continues, the information will be retained until the dispute is settled down. However, if there are special regulations in laws and ordinances, they are kept in accordance with relevant laws and regulations.
3. The following information items of the withdrawn customer will be kept in accordance with Article 85-3 of the Framework Act on National Taxes.
A. Retaining items: Name, ID, password, telephone number, e-mail address, address, department information, legal representative information, service use record, access log, access IP information, charge details (charge amount, VAT amount, paid amount, charge date, paid date), payment record, name of payer, use service, reduction amount and reasons, billing address, etc.
B. Retention period: 5 years
A. Log data, IP address, etc. required when providing the communication fact confirmation data: 3 months (Protection of Communications Secrets Act)
B. Date and time of subscriber’s telecommunication that is needed when providing the communication fact confirmation data, telecommunication start/end time, subscriber number of other party such as telecommunication number, and location tracking data of the information and communication device connected to the communication network: 12 months (Protection of Communications Secrets Act)
C. Display/Advertisement records: 6 months (Act on the Consumer Protection for Electronic Commerce, etc.)
D. Records about the contract or subscription withdrawal: 5 years (Act on the Consumer Protection for Electronic Commerce, etc.)
E. Records about payment and goods supply: 5 years (Act on the Consumer Protection for Electronic Commerce, etc.)
F. Records about consumer complaints and dispute processing: 3 years (Act on the Consumer Protection for Electronic Commerce, etc.)
G. Records about the collection/processing and use of the credit information: 3 years (Credit Information Use and Protection Act)
Article 6 (Procedure and method of personal information destruction)
In principle, the company will destroy the user’s personal information without delay once the purpose of collecting and using the personal data are achieved. The procedure and method of personal information destruction are as follows.
1. Destruction procedure
A. In principle, the information provided by the customer is retained for a certain period of time based on the internal policy and reasons for retention according to the related laws and regulations after achieving the purpose of collection and use.
B. Information to destroy: The personal information of the customer whose retention period has expired according to the prescribed use and retention period and related laws.
2. Destruction method
A. Personal information stored in an electronic file format such as DB: Delete using the technical method that purges the data permanently.
B. Personal information printed on paper (written): Destroy by crushing or incineration.
Article 7 (Providing the personal information to the third party)
Unless agreed by the customer or stipulated by relevant regulations, the company shall not use the personal information of the customer or provide it to a third party beyond the scope stated in the “Purpose of collection and use of the personal information” in any case. However, the personal information can be provided without customer’s consent in the following cases in accordance with the relevant laws and regulations.
1. When needed for the settlement of fees after service provision.
2. When it is remarkably difficult to obtain the usual consent for economic and technical reasons as the personal information is required to implement the contract on service provision.
3. When it is needed for statistics compilation, academic research, or market survey, and the personal information is provided in a form that cannot identify a certain individual.
4. When requested by relevant authorities for the purpose of investigation under relevant laws and regulations.
5. The personal data that is provided according to legal proceedings, as stipulated by the law, if there are special provisions in the relevant laws and regulations.
Article 8. Entrusting personal information processing
The company entrusts personal information processing to the outsourcing company to provide customer convenience and manage signing up for membership, service use contract, A/S provision, and business incidental.
|Outsourcing company||Consignment details|
|Danal Co., Ltd.||Payment service|
|KG INICIS Co., Ltd.||Payment service|
|Korea Credit Information||Debt collection service|
|NICE Information Service Co., Ltd.||Identity authentication|
|Stibee Co., Ltd.||Mailing|
Article 9 (Retrieval and correction of the personal information)
The customer can demand the retrieval or error correction of the customer’s personal information at any time, and company shall take necessary measures without delay. In addition, if there is a request for error correction, the company shall not use the information until it is corrected. If the user retrieves or corrects error using the Internet, the user can modify the personal data using the [User Info] menu after logging in by entering the ID and password. However, if there is a separate change application form depending on the type of service, the user can fill in the form and fax it to the company for update.
Article 10 (Revoking the consent)
The user can cancel the consent about personal information collection, use, and provision during sign-up at any time, using the privacy manager’s e-mail address (firstname.lastname@example.org). Upon receiving the request, the company shall take actions without delay after confirming the user’s identity.
Article 11 (Matters concerning the installation and operation of automatic personal information collection device and its refusal)
The company operates a “cookie” to find and store information if needed for site service operation. A cookie is a small text file sent to user’s web browser by the server used to run the company’s service site. The cookie is saved in user computer’s hard disk. The user can decide to refuse information collection using a cookie by setting the security policy of the web browser.
1. Information collected by a cookie and use purpose.
A. Collecting information: Service use information such as the ID, access IP, access log, used contents, etc.
B. Purpose of use: Used to analyze the access frequency and visit time of members and non-members, understand the preferences and interested areas of the user, analyze number of hits and frequency of event participation, and used as the data for conducting target marketing and service reorganization, and providing customized services.
2. The user has the right of choice on cookie installation. Therefore, the user can adjust the level of information gathering by cookies, by setting options in user’s web browser.
A. The user can determine the level of information collection by cookies by selecting [Internet Options] -> [Security] -> [Custom level] from the [Tools] menu of the web browser.
B. The user can use the above menu to check every time a cookie is saved, or the user can refuse to save any cookies. However, if the user refuses to install cookies, there may be difficulties in providing the service.
Article 12 (Technical and administrative protection of the personal information)
The company provides the following technical and administrative measures to ensure the safety of customers’ personal information in order to prevent them from being lost, stolen, leaked, altered or damaged.
1. Technical protection measures
A. Personal information is protected by a password, and important data is protected by separate security features, such as encrypting file and transfer data, or using a file lock function (lock).
B. To prevent a personal information leak by hacking or the like, the system is installed in an area where access from outside is controlled.
2. Administrative protection measures
A. The company limits the number of persons who can process the personal information of customers to a minimum, manages access rights, and ensures compliance with laws and policies through education. Those who handle the personal information of the customer are as follows.
a. Those who perform marketing for the customer directly or indirectly.
b. Those who manage the personal information and those who are in charge of protecting personal information such as the privacy manager and personal information manager.
c. Those who have to process personal information inevitably.
B. The information leak by employees (including personal information) is prevented in advance by requiring new employees to sign on a non-disclosure agreement when hired.
C. The business change-over of the personal information handler is thoroughly performed while security is maintained, and the responsibility for personal information breach incidents after leaving the company is clearly defined.
D. The company controls access by setting the computer room and data storage room as a controlled area.
E. The company takes measures needed to check the identity of the customer when collecting the payment information such as the customer’s payment bank account or credit card number or providing the information to the customer, in order to enter into the service use contract or provide the service.
F. The company is not responsible for any mistakes made by the customer or the basic risks of the Internet. The customer should manage their ID and password thoroughly and take responsibility, to protect their personal information.
G. If the personal information is lost, leaded, altered, or damaged due to mistakes or technical management mistakes by the internal manager, the company shall inform the customer immediately and takes appropriate measures.
Article 13 (Privacy manager information, and customer opinion and complaint handling)
If the customer has any inquiries about privacy such as opinions or complaints, the customer can send them to the privacy manager or person in charge that are specified below. Then, the company will receive it and take actions quickly and inform the customer of the result.
1. Privacy manager
A. Manager: Lee Youngsu, CEO
B. Person in charge of management Seo Younggyo, director
C. Phone number: +82-10-9068-7906
D. E-mail: email@example.com
2. Please contact the following government agency if you need to report or consult about personal information infringement.
A. Personal Information Dispute Mediation Committee: www.1336.or.kr / 1336
B. ePrivacy Mark Committee: www.eprivacy.or.kr / 02-580-0533~4
C. Cybercrime Investigation Team, Supreme Prosecutors’ Office: icic.sppo.go.kr / 02-3480-3600
D. Cyber Bureau of the National Police Agency: www.netan.go.kr / 02-393-9112
Article 1 (Enforcement date)