Article 2 (Collection and use of the personal information)
The “personal information” is the information about a living individual, such as a real name, that can identify each employee of the company (including the information that can easily identify a person by combining it with other information even if the information in question cannot identify the person). The company uses the collected personal information for the following purposes.
1. Handling matters related to the use contract such as service sign-up/change/cancellation, and inquiries related to the A/S.
2. Settlement, payment, and collection of the service charge, identity authentication, and providing the location-based service and customized service.
3. Determining whether the charge discount is applicable or not, and providing other services.
4. Introducing a new product that the company provides directly or through business alliances with other companies, guiding events, customer attraction and management, service site usage statistics, sending newsletters, and various marketing activities including a customer survey. Shipping goods, billing, identity authentication of the legal representative, and archiving for dispute settlement.
6. Commissioning of duties necessary for the fulfillment of the contract such as service provision to the trustee notified in this processing policy.
Article 3 (Personal data items to collect and collection method)
The company collects only the minimum amount of personal information needed for service subscription, consultation, and service provision. The company doesn’t collect any personal information that has a concern about violating the human rights of the customer significantly, such as race and ethnicity, ideology and creed, hometown and birthplace, political propensity and criminal records. However, exceptions apply if the customer agrees to collection.
1. The following personal data shall be collected.
A. Name/ID/password: For identification and demographic analysis when using, modifying, canceling the service.
B. E-mail address /mobile phone number etc.: For billing, delivery of goods, delivery of notices, confirming own intention, processing of customer complaints and requests, new service or event, and introduction of new product.
C. Bank account information/credit card information/mobile phone information/payment history: For use fee payment and charge payment related to service use, trial plan activation
D. Service use record/billing and settlement/use suspension record, access log/cookie/connection IP/PC information: For service use fee payment and providing the location-based service and personalized service
2. The company collects the personal information using the following methods.
A. Collecting the personal information provided by the customer for sign-up (e.g., application form, Internet service site, phone, fax), consultation over the phone or Internet, applying for giveaway events, delivery request, or provided by related parties. Gathering the information generated while using the service or processing the business, or collected by the tool.
Article 4 (Method of agreeing to the collection and use of the personal information)
Article 5 (Retention and use period of the personal information)
The retention and use period of customer’s personal information are as follows.
1. Member's personal information will be destroyed when the purpose of collecting personal information or the purpose for which it was received is achieved. If a member withdraws from membership or is dismissed from membership ID due to misrepresentation of personal information, the collected personal information will be completely deleted and will not be used for any purpos
2. Member's personal information will be destroyed without delay when the purpose of collecting and using personal information is achieved, but if it falls under each of the following items, it can be kept for the specified period and not used for other purposes. (1) In case of users who have caused a disgrace to the service due to the use of the unhealthy service, they may keep the personal information for one year for the purpose of requesting investigation by the judicial authorities or protecting other members. (2) When it is necessary to keep in accordance with the provisions of related laws and regulations, the Company may keep the personal information of the member for a certain period determined by the relevant laws and regulations after collecting and using the personal information.
A. Records on contract or withdrawal of subscription: 5 years
B. Record of payment and supply of goods: 5 years
C. Records of consumer complaints or disputes: 3 years
D. Indications, record of advertising: 1 year
E. Website Visits: 1 year
Article 6 (Procedure and method of personal information destruction)
In principle, the company will destroy the user’s personal information without delay once the purpose of collecting and using the personal data are achieved. The procedure and method of personal information destruction are as follows.
1. Destruction procedure
A. In principle, the information provided by the customer is retained for a certain period of time based on the internal policy and reasons for retention according to the related laws and regulations after achieving the purpose of collection and use.
B. Information to destroy: The personal information of the customer whose retention period has expired according to the prescribed use and retention period and related laws.
2. Destruction method
A. Personal information stored in an electronic file format such as DB: Delete using the technical method that purges the data permanently.
B. Personal information printed on paper (written): Destroy by crushing or incineration.
Article 7 (Providing the personal information to the third party)
Unless agreed by the customer or stipulated by relevant regulations, the company shall not use the personal information of the customer or provide it to a third party beyond the scope stated in the “Purpose of collection and use of the personal information” in any case. However, the personal information can be provided without customer’s consent in the following cases in accordance with the relevant laws and regulations.
1. When needed for the settlement of fees after service provision.
2. When it is remarkably difficult to obtain the usual consent for economic and technical reasons as the personal information is required to implement the contract on service provision.
3. When it is needed for statistics compilation, academic research, or market survey, and the personal information is provided in a form that cannot identify a certain individual.
4. When requested by relevant authorities for the purpose of investigation under relevant laws and regulations.
5. The personal data that is provided according to legal proceedings, as stipulated by the law, if there are special provisions in the relevant laws and regulations.
Article 8 (Retrieval and correction of the personal information)
The customer can demand the retrieval or error correction of the customer’s personal information at any time, and company shall take necessary measures without delay. In addition, if there is a request for error correction, the company shall not use the information until it is corrected
Article 9 (Revoking the consent)
The user can cancel the consent about personal information collection, use, and provision during sign-up at any time, cancelation of consent is accompanied by withdrawal from membership.
Article 10 (Matters concerning the installation and operation of automatic personal information collection device and its refusal)
The company operates a “cookie” to find and store information if needed for site service operation. A cookie is a small text file sent to user’s web browser by the server used to run the company’s service site. The cookie is saved in user computer’s hard disk. The user can decide to refuse information collection using a cookie by setting the security policy of the web browser.
1. Information collected by a cookie and use purpose.
A. Collecting information: Service use information such as the ID, access IP, access log, used contents, etc.
B. Purpose of use: Used to analyze the access frequency and visit time of members and non-members, understand the preferences and interested areas of the user, analyze number of hits and frequency of event participation, and used as the data for conducting target marketing and service reorganization, and providing customized services.
2. The user has the right of choice on cookie installation. Therefore, the user can adjust the level of information gathering by cookies, by setting options in user’s web browser.
A. The user can determine the level of information collection by cookies by selecting [Internet Options] -> [Security] -> [Custom level] from the [Tools] menu of the web browser.
B. The user can use the above menu to check every time a cookie is saved, or the user can refuse to save any cookies. However, if the user refuses to install cookies, there may be difficulties in providing the service.
Article 11 (Technical and administrative protection of the personal information)
The company provides the following technical and administrative measures to ensure the safety of customers’ personal information in order to prevent them from being lost, stolen, leaked, altered or damaged.
1. Technical protection measures
A. Personal information is protected by a password, and important data is protected by separate security features, such as encrypting file and transfer data, or using a file lock function (lock).
B. To prevent a personal information leak by hacking or the like, the system is installed in an area where access from outside is controlled.
2. Administrative protection measures
A. The company limits the number of persons who can process the personal information of customers to a minimum, manages access rights, and ensures compliance with laws and policies through education. Those who handle the personal information of the customer are as follows.
a. Those who perform marketing for the customer directly or indirectly.
b. Those who manage the personal information and those who are in charge of protecting personal information such as the privacy manager and personal information manager.
c. Those who have to process personal information inevitably.
B. The information leak by employees (including personal information) is prevented in advance by requiring new employees to sign on a non-disclosure agreement when hired.
C. The business change-over of the personal information handler is thoroughly performed while security is maintained, and the responsibility for personal information breach incidents after leaving the company is clearly defined.
D. The company controls access by setting the computer room and data storage room as a controlled area.
E. The company takes measures needed to check the identity of the customer when collecting the payment information such as the customer’s payment bank account or credit card number or providing the information to the customer, in order to enter into the service use contract or provide the service.
F. The company is not responsible for any mistakes made by the customer or the basic risks of the Internet. The customer should manage their ID and password thoroughly and take responsibility, to protect their personal information.
G. If the personal information is lost, leaded, altered, or damaged due to mistakes or technical management mistakes by the internal manager, the company shall inform the customer immediately and takes appropriate measures.
Article 12 (Privacy manager information, and customer opinion and complaint handling)
If the customer has any inquiries about privacy such as opinions or complaints, the customer can send them to the privacy manager or person in charge that are specified below. Then, the company will receive it and take actions quickly and inform the customer of the result.
1. Privacy manager
A. Manager: cha dongkyu, CEO
B. E-mail: firstname.lastname@example.org
2. Please contact the following government agency if you need to report or consult about personal information infringement.
A. Personal Information Dispute Mediation Committee: www.1336.or.kr / 1336
B. ePrivacy Mark Committee: www.eprivacy.or.kr / 02-580-0533~4
C. Cybercrime Investigation Team, Supreme Prosecutors’ Office: icic.sppo.go.kr / 02-3480-3600
D. Cyber Bureau of the National Police Agency: www.netan.go.kr / 02-393-9112
Article 1 (Enforcement date)