- Users’ rights to personal information and method of exercise
- Obligations of users
- Installation and rejection of automatic personal information collection device
- Personal information items to be collected and the purpose of collecting and using personal information
- Disclosure of personal information to third parties
- Commissioning of personal information
- Retention and period of use of personal information
- Procedures and methods on destruction of personal information
- Protection measures on personal information
- Information on data protection officer and user complaints handling
1. User’s rights to personal information and method of exercise
① Users can always request to view, correct, withdraw consent, or delete their stored personal information and can request to view, provide, correct, withdraw consent, delete(withdrawal of membership), suspend processing, and object on details as follows:
1) Personal information of users held by the Company
2) Status of the Company’s use of users’ personal information or provision of it to a third party
3) Status of users’ consent to the collection, use, and provision of personal information
– Access and modification: Log in to My Page > Modify profile
– Deletion and membership withdrawal: Log in to My page > Membership withdrawal
– Withdrawal of consent(Reception of event information) : Log in to My page > Change settings
4) The Company operates a separate user center to handle inquiries and complaints, and will take action without delay if the user contacts the data protection officer by email or phone.
② When a request is made by a user to correct any errors in personal information, the subject personal information will not be used or provided until the correction is completed. If any incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the third party may also make corrections accordingly.
2. Obligations of users
Users are obligated to protect their personal information, and the Company is not responsible for problems caused by users’ carelessness, such as sharing ID/password without any attributable reasons by the Company’s intention or negligence or leaving while logged in. ① Users must keep their personal information up-to-date, and users are responsible for problems caused by their provision of incorrect information. ② In principle, a user’s ID/password must be used exclusively by the user and cannot be transferred or lent to a third party. If a user steals another person’s ID or their personal information for membership registration, the user may lose the membership and may be punished in accordance with related laws and regulations. ③ After using the Company’s service, users must log out of the account and exit the web browser program.
3. Installation and rejection of automatic personal information collection device
The Company installs and operates ‘cookie’ to provide users with customized services. The purpose and rejection of cookies are as follows:
① Definition of cookie: Cookies are very small text files to be sent to the browser of the users by the server used for operation of the websites of the Company and will be stored in the users’ computer. ② Purpose of cookie: Cookies are used to provide customized services to users by analyzing user access frequency and visit time, identifying usage type and areas of interest, tracking traces, identifying the degree of participation in various events, target marketing through analysis on visit history, etc. ③ Installation, operation, and rejection of cookies
1) Users have an option for cookie installation. Users may either allow all cookies by setting options in the web browser, make each cookie checked whenever it is saved, or refuse all cookies to be saved. Users may save cookie settings as follows:
– Internet Explorer: Tools > Internet Options > Privacy tab > Privacy level settings
– Chrome: Settings > Advanced Settings > Privacy-Content Settings > Cookie Level Settings
– Firefox: Options > Privacy > Visit History – Custom Settings > Cookie Level Settings
– Safari : Settings > Privacy tab > Cookie and website data level settings
2) If users decline cookies, there may be limitations in using some services such as those that require logging in.
4. Personal information items to be collected and the purpose of collecting and using personal information
① The Company collects and uses minimum personal information that is necessary to provide its service and does not refuse to provide services even when a user does not provide further information other than the minimum necessary personal information. The collected personal information is not used for any purpose other than for which consent was obtained, and is collected and used as follows depending on the type of service provided by the Company.
<Membership registration and service use>
|Collection methods||Collected Items||Purpose of collection and use|
|Membership registration||[Required] Name, e-mail address, mobile phone number, password identification||confirmation of intention to join, consultation and inquiry handling, notice delivery and complaint handling, etc.|
|Edit member information||[optional] Nickname, profile picture||User identification and relationship formation between users, community activation|
|In the event of purchase||[Required] Recipient information (name, mobile phone number, address), cash receipt issuance information (mobile phone number)||Order/payment and product delivery (exchange, return) service, cash receipt issuance|
<Automated collection and generation information for service use>
|Collected Items||Purpose of collection and use|
|– Cookies, IP, date of visit, service use record – Device information (device_id, OS type and version, device type, advertisement identifier) – Additional mobile device information (UUID, push token) when using the app||Service usage statistics, access management, provision of usage environment for each user, identification of activity information, confirmation of event and promotion statistics, provision of customized information|
② The Company accesses the following information and functions in users’ smartphone for mobile app service. Necessary access items are guided and agreed upon when installing or initially running the app, and optional access items are agreed upon separately when using the service. (There is no restriction on basic service use due to rejection of the options.)
|Category||Accessed items||Purpose of access|
|Required access rights||[IOS] UUID
|Optional access rights||[IOS] Camera, photo, microphone
[Android] Storage space (photo/media/file), camera
|Registering files (photos, videos) when writing comments|
③ The Company may collect personal information in the following ways, and when collecting personal information that can personally identify a user, the Company shall obtain consent from the user. If a user clicks the consent button or enters and saves additional personal information collected by modifying member information, it is considered that the user has agreed to provide personal information. 1) Website, mobile app, written form, fax, phone, user center inquiry, event participation
2) Automated collection using tools for collection of created information
Disclosure of personal information to third parties
① Under no circumstances does the Company use or provide your personal information to any other company/agency beyond the scope stipulated in 『4. Personal information items to be collected and the purpose of collecting and using personal information』, except the cases as follows: 1) If a user is using the service free of charge for a specific project, the user may provide only the minimum of personal information necessary to operate the project to the stakeholders affiliated with managing/hosting organizations.
|Recipient of provision||Purpose of provision||Retention||period of use of items provided|
|Participating project organizer/host Stakeholder project||Progress rate of participating companies and other business issues||Check recipient information (name, contact information, course status)||Within the participating project period|
2) If an investigative agency requests personal information according to the procedures and methods prescribed by laws and regulations for the purpose of investigation. 3) If personal information in a form that cannot identify a user is provided to advertisers, partners, research organizations, and the likes for the purpose of statistics, academic research, or market research.
② Users may disagree with or withdraw their consent to the provision to a third party at any time. However, the user may be limited in using some services such as those based on third party provision. (Membership registration services are available.)
6. Commissioning of personal information
To provide the Service, the Company commissions external professional agents (hereinafter referred to as “Subcontractors”) to process personal information as follows. In order to secure the safety of personal information, the Company supervises Subcontractors and ensures that they safely process personal information.Also, personal information commissioned is limited to the minimum extent necessary for the provision of services.
|Name of Subcontractors||Details of consigned business|
|To be updated in the future||To be updated in the future|
|To be updated in the future||To be updated in the future|
|Name of subcontractors||Country of subcontractors||Retention periods and methods||Personal information items to be commissioned||Purpose and period of use|
7. Retention and period of use of personal information
① The Company retains and uses personal information items, notified and agreed upon by users, until the purpose of its collection and use is achieved or users request to withdraw their membership. However, if it is necessary for the Company to preserve personal information due to specific reasons as follows, corresponding information to a separate DB or table that cannot be accessed from the outside. 1) Information on membership registration to provide online/mobile service : until membership withdrawal 2) Retention of personal information required by laws and regulations
|Relevant Laws and Regulations||Personal Information Items To Be Retained||Retention Period|
|Communication Secret Protection Act||Internet log record data||3 months|
|Consumer Protection Act in E-commerce, etc.||Records on indications and advertisements||6 months|
|Records on contract or subscription withdrawal||5 years|
|Records on payment and supply of goods||5 years|
|Records on consumer complaints or dispute resolution||3 years|
|Value-added tax law||Value-added tax tax base and tax amount report data, etc.||5 years|
② Term of validity: Dormant user accounts 1) The information on membership registration of users who did not use the Company’s service for more than one year will be stored and retained separately from other active users in accordance with Article 29 of Information and Communication Network Act. 2) The Company shall notify users in advance at least 30 days before the date of conversion to a dormant account through email. 3) Personal information stored separately shall not be used or provided unless otherwise required by relevant laws and regulations. 4) Order, payment, and CS information will be deleted after being stored for a retention period under relevant laws and regulations.
8. Procedures and methods on destruction of personal information
① In principle, once the purpose of its collection and use is fulfilled, users’ information is deleted without delay. However, in accordance with 『7. Retention and period of use of personal information』 and other related laws and regulations, the Company shall transfer corresponding information to a separate DB and retain those information safely for a certain period. Personal information transferred to a separate DB will not be used for any other purpose unless required by related laws and regulations.
② Method of destruction
1) The Company deletes personal information stored in the form of an electric file by using a technological method rendering that information to not be recoverable.
2) The Company destroys hard copies of personal information by shredding with a pulverizer or incinerating it.
9. Protection measures on personal information
In order to ensure safety and prevent users’ personal information from being lost, stolen, leaked, altered, or damaged while processing, the Company is taking technical and managerial protection measures in compliance with relevant laws and regulations including 『Information and Communication Network Act』 and 『Personal Information Protection Act』.
10. Information on data protection officer and user complaints handling
① Users may contact the Data Protection Officer or User Center in regards to all kinds of privacy protection inquiries and complaints that occurred while using the service of the Company, and the Company will respond to and take actions on users’ inquiries without delay.
|Data Protection Officer (DPO)||User Center|
|Name : Minsu Kim (Director)
Contact : firstname.lastname@example.org
|Contact : (+82) 070-4256-0916|
② If users need help on reporting or consulting about other infringement on personal information, users may contact the institution below..
1) Korea Internet & Security Agency’s Personal Information Infringement Report Center : http://privacy.kisa.or.kr / 118 without area code
2) Cybercrime Investigation Division, Supreme Prosecutors’ Office, Republic of Korea : http://www.spo.go.kr / 1301 without area code
3) Cyber Investigation Bureau, Korean National Police Agency : http://cyberbureau.police.go.kr / 182 without area code