1. Purpose of Processing Personal Information
1.1 The Company collects and uses personal information for the following purposes.
- (a) Subscription and maintenance of membership: confirmation of intent to subscribe for membership, authentication of identity and age, maintenance and management of member qualification, prevention of fraudulent use of service
- (b) Provision of goods or services: provision of services, delivery of contract/invoice, verification of identity, age verification, bill payment and settlement, debt collection, etc.
- (c) Managing user complaints: identification of the user, confirmation of complaints, contact/notification for fact-finding, and notification of processing results
- (d) Marketing and advertising: provision of customized advertisements, opportunities to participate in events, provision of information regarding events
- (e) Service improvements and development: improvement of existing services and development of new and customized services
- (f) Utilization of pseudonymized information: pseudonymizing, processing and use of pseudonymized information for statistical preparation, scientific research, and preservation of records in the public interest.
2. Items of Personal Information Processed
2.1 The Company collects and processes the following personal information of service users.
- (a) Information collected during the use of services: Google account information (including email address), Globally Unique Identifier (GUID), hostname
- (b) Information collected when using paid service
- (i) When paying by credit card: credit card information such as the name of the card company and card number
- (ii) In case of bank transfer: bank account information such as the name of the account holder, account number, and bank holding the account
- (iii) When paying by mobile phone number: payment information such as phone number and telecommunication company
- (iv) In case the payer is an entity: name of the person in charge
- (c) When using the service, the following personal information items are collected automatically: user activity log, access authentication value, usage records, such as access and login records
- (d) For managing user complaints: collects and processes necessary information among the above and other necessary information required to resolve the complaints from the user
3. Period of Retention and Use for Personal Information
3.1 The Company will, without delay, delete and destroy the user’s personal information when it achieves the purpose of collection and use of personal information. In the above cases, personal information shall be deleted or destroyed regardless of the user’s request. Nevertheless, the following personal information is retained for reasons stated below:
- (a) If there is an ongoing investigation regarding a violation of relevant laws and regulations, the personal information shall be retained until the completion of the respective investigation
- (b) If any debts or debt relationships pursuant to the use of the services remain unsettled, the personal information shall be retained until the relevant debts are settled
3.2 Notwithstanding the foregoing, the following information is retained for the period specified for the reasons stated below:
- (a) Personal information related to use of service (log records): 3 months
- (b) Records on withdrawal of contract or subscription, etc., and records on payment and supply of goods: 5 years
- (c) Records on handling consumer complaints or disputes: 3 years
- (d) Books and evidentiary documents for all transactions prescribed by tax laws: 5 years
3.3 The Company shall separately store or delete personal information of users who have not used the service for a period of one (1) year or any other period set forth by the user.
4. Provision of Personal Information to Third Parties
4.1 The Company may provide personal information to third parties only with the consent of the user or when there are special provisions in the Personal Information Protection Act or other laws.
5. Processing Personal Information Subsequent to Outsourcing of Work and Overseas Transfer
5.1 The Company entrusts the following personal information processing tasks for smooth personal information processing.
|Channel Corp.||Response to customer inquiries and communication of processing results|
|Amazon Web Service, Inc.||Provision of membership verification and service|
5.2 The Company The Company will not transfer any personal information outside Korea.
6. Use and Provision of Personal Information within the Scope Reasonably Related to the Purpose of Collection
6.1 The Company may use or provide personal information to a third party without the consent of the user, considering each of the following criteria within a reasonable scope and the original purpose of collection.
- (a) Whether or not it is related to the original purpose of collection: judgment based on whether the original purpose of collection and the purpose of additional use and provision are related in terms of their nature or tendency;
- (b) Whether or not the further use or provision of personal information is predictable considering the circumstances in which the personal information was collected or the processing practices: judgment based on the relationship between the personal information controller and the user, the level of technology and the rate of development, and general circumstances (practice) established over a substantial amount of time, etc.;
- (c) Whether the interests of the user have unreasonably infringed: judgment based on whether the interests of the user are substantially infringed in relation to the additional purpose of use and whether the infringement of the interests is unreasonable, etc.; and
- (d) Whether measures necessary to secure safety, such as pseudonymization or encryption, have been taken: judgment by considering whether safety measures are taken in consideration of the possibility of infringement, etc.
7. User’s and Legal Representatives’ Rights and Methods for Exercising the Rights
- 7.1 The user can exercise the right to read, correct, delete and suspend processing their personal information against the Company at any time.
- 7.2 The exercise of the rights pursuant to Section 7.1 can be made to the Company in writing, by phone, or by e-mail, and the Company will take action without delay.
- 7.3 The exercise of rights pursuant to Section 7.1 may be done through an agent such as a legal representative of the user or a person who has been delegated. In this case, a power of attorney must be submitted to the Company that confirms such delegation.
- 7.4 In accordance with relevant laws such as the Personal Information Protection Act, the exercise of the user's right to access, correct, delete, or suspend the processing of personal information may be restricted.
- 7.5 Request for correction and deletion of personal information cannot be requested if the information is required to be collected according to other laws.
- 7.6 The Company shall confirm whether the person who made the request, such as a request for reading, correction, or deletion, or request for suspension of processing, holds such right or is a legitimate agent.
8. Destruction of Personal Information
8.1 The Company destroys the personal information without delay when the personal information becomes unnecessary, such as in the cases of the expiration of the personal information retention period, or achievement of the purpose of processing.
8.2 If personal information needs to be preserved in accordance with the laws and regulations even when the personal information retention period agreed by the user has elapsed or the purpose of processing has been achieved, the personal information will be moved to a different place or stored in a separate database (DB).
8.3 The destruction procedures and methods are as follows:
- (a) Destruction procedures: The Company selects the personal information that needs to be destroyed and destroys the personal information with the approval of the Company's personnel for management of personal information.
- (b) Destruction method: The Company destroys personal information recorded and stored in electronic file format using technical methods so that the information cannot be reproduced, and personal information recorded and stored on paper documents is destroyed by crushing or incineration with a shredder.
9. Measures to Ensure Safety of Personal Information
9.1 Company is taking the following measures to ensure the safety of personal information
- (a) Administrative measures: establishment and implementation of internal management plans for personal information, regular employee training, etc.
- (b) Technical measures: technical countermeasures against password hackings, etc., encryption of personal data, storage access records, and prevention of forgery, etc.
- (c) Physical measures: Access control to server rooms, data storage rooms, etc.
10. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
10.1 The Company may use 'cookies' to store and frequently retrieve usage information to provide users with individually customized services. Cookies are a small amount of information sent to the user's PC browser by the server (HTTP), which are used to operate the website, etc., and are also stored in the user's hard disk in the computer.
- (a) Purpose of using cookies: saving access authentication value, security management and improving services, developing new services, and providing customized services and advertisements by analyzing access frequency and access time of users, etc., identifying the patterns of service usage and tracking traces, secure access status, and the number of users.
- (b) Installation, operation, and rejection of cookies: Users have their right to choose the installation of cookies. Therefore, the users may refuse to save all cookies by changing their Internet browser options.
- (c) However, if you refuse to store cookies, it may be difficult to use some services of the Company.
11. Rights Protected under the California Consumer Protection Act (“CCPA”)
11.1 This Section shall apply to California residents only. Under the California Consumer Privacy Act (the “CCPA”), California users have the right to request that the Company discloses what personal information the Company has collected from them, to delete the information, to opt-out of the sale of user’s personal information, and the right not to be discriminated against for exercising the user’s California privacy rights. The Company shall not sell the user’s personal information and will not discriminate against any users in response to their privacy right requests.
- (a) Right to Disclosure – right to see what information the Company has collected regarding the user over the past 12 months, including
- (i) information that the Company collected about the user;
- (ii) categories of sources from which the personal information was collected;
- (iii) business or commercial purpose for collecting or selling the user’s personal information;
- (iv) categories of third parties with whom the Company has shared the user’s personal information; and
- (v) specific pieces of personal information the Company has collected.
- (b) Right to Delete – The user has the right to delete any personal information the Company has about the user and the user’s devices.
11.2 Shine the Light Law – The Company does not share the user’s personal information with third parties for the purpose of direct marketing.
11.3 Do Not Track – The Do Not Track feature is turned off by default except in Private Browsing.
11.4 Exercising the user’s rights – If the user wants to exercise the user’s California privacy rights or if the user has any questions regarding the Company’s practices, please get in touch with email@example.com. The Company may take reasonable steps to verify the user’s request and will fulfill the request to the extent the request does not violate any applicable laws. In the event the Company denies the user’s request, the Company shall provide the reason(s) for denying the request.
12. Children and Parental Rights
12.1 If the user is a child resident of the United States under the age of 13, the user is protected by the Children’s Online Privacy and Protection Act (“COPPA”). In accordance with the COPPA, the Company shall obtain the consent of the parent or legal representative of the user before they knowingly collect the personal information of the child. Furthermore, the Company shall only collect the personal information to the extent that is reasonably necessary to provide the services. The parent or legal representative of the user shall have the right to review the personal information collected and used by the company, to amend any personal information of the user, to receive a copy of any information held by the Company, to delete any personal information, and to restrict processing of your information to the extent it does not violate any applicable laws. Parents and legal representatives may exercise their rights by contacting firstname.lastname@example.org.
12.2 If the user is under the age of 13, the user must provide the email address of a parent or a legal representative in order for the Company to obtain their consent.
13. Personnel for Management of Personal Information
13.1 The Company has designated the person in charge of personal information management and handling complaints about personal information, and the contact information is as follows.
Personal Information Manager
- Name: Dong Eon, Goo
- Title: Head of Operations Division
- Email Address: email@example.com
13.2 The user can inquire about all personal information protection-related inquiries, handling complaints, damage relief, etc., that occurred while using the Company's service (or business) to the person in charge of personal information protection and the following department in charge.
- Department Name: Corpdev Team, Operations Divison
- Email Address: firstname.lastname@example.org
15. Language Difference