Items of Personal Information Collected
The Company collects the minimum personal information necessary for membership registration, the provisioning of the Services and smooth customer consultation on the basis of the information provided by the customers.
A. At the time of membership registration o Customer’s ID (email), password, name
B. While using the Services o There may be an additional collection of personal information that is limited to the users of applicable Services while they use the Services. o IP address, Services usage logs, equipment information, browser types, operating systems, access hours and web storage may be created and collected while the Services are being used. o When collecting additional personal information, explanations with respect to the ‘items of personal information subject to collection, the purpose of collection and use of personal information, the retention period of personal information’ are provided to the users and their consent is sought.
Ways of Collecting Personal Information
The Company collects personal information in the following ways:
A. Collection by procuring consent of the users at the time of subscription for the Services or while the Services are being used. B. In the case of a customer who logs in using the IDs of customer’s choosing such as the Naver and Google, collection from the applicable company after procuring the customer’s consent. C. Information created such as equipment information, Service usage logs, etc. is automatically collected while the Services are being used.
Purpose of Collection and Use of Personal Information
The Company collects personal information of customers to serve the following purposes. A. Membership Management o Verifying ID for using the membership Services, identifying members, confirming intent to join, restricting the subscription and the frequency of subscriptions, securing smooth communications channels, responding to questions from the customers, introduction of new information and relaying notices, preventing unauthorized use and illegal use by bad members, keeping the records for ID verification and dispute resolution, for handling civil affairs, including complaints. B. Providing Service Functions o In addition to the existing Services such as contents, personal information is used for the purpose of developing new Service elements and enhancing the existing Services, including demographic analytics, Service access and use records analytics, the offering of personalized Services based on personal information and interests. C. Enhancing Services and Developing New Services o Used for developing new Services and enhancing the existing Services, including demographic analytics, Service access and use records analytics, the offering of personalized Services based on personal interests, fostering relationships between the members based on personal information and interests. D. Performance of Contract for Offering Services and Payment Settlement for Offering the Charged Services, if needed o Used for communicating notices including amendments to the Terms of Services, settling the purchase and payment for the charged Services, delivering the products and Services. E. Offering Marketing and Advertising Information o Used for performing under and complying with the laws and regulations, carrying out obligations as prescribed under applicable laws and regulations, preventing wrongful use that could harm the users in violation of applicable laws and regulations or the Terms of Services, including, introducing new functions, guiding usage methods and benefits, posting and providing advertising information and opportunities to participate in all types of events, offering outside of statistical data with respect to responses to advertisements.
Retention and Use Period for Personal Information The Company handles and retains personal information within the retention and use period for personal information the customers consented at the time personal information was collected or within the retention and use period for personal information according to the laws and regulations. Generally, personal information of the customers will be destroyed immediately upon realization of the purpose of collection and use of personal information. With respect to the following information, however, they will be retained during the stipulated period for the reasons stated below. A. Records related to contracts or withdrawals of subscription o Basis for Retention: Act on the Protection of Consumers in Electronic Commerce, etc. o Retention Period: 5 years B. Records on the supply of goods and services and settlement of payments o Basis for Retention: Act on the Protection of Consumers in Electronic Commerce, etc. o Retention Period: 5 years C. Records on consumer complaints or dispute resolution o Basis for Retention: Act on the Protection of Consumers in Electronic Commerce, etc. o Retention Period: 3 years D. Records on the Service usage o Basis for Retention: Protection of Communication Secrets Act o Retention Period: 3 months E. Fraudulent use and records Records on the fraudulent joining and use will be retained for six months from the time they are collected to prevent further fraudulent joining and use. Personal information in relation to the records on fraudulent use includes records of the authentication of subscription and emails for authentication at the time the settlements are applied for. Records on the fraudulent transactions (email, name, IP address, web storage, equipment information) in relation to the settlement services will be retained for 3 years from the time they are collected in order to secure safe transactional environment, to prevent further illegal trading and to protect other innocent users.
Rights and Obligations of Customers and Their Legal Representatives and Ways of Exercising Thereof The customer may always access, elect to disclose or not to, or modify his/her own personal information and may request for deletion and destruction thereof. A. Accessing and Requesting for Modifying Personal Information The customer and his/her legal representative may always access and modify his/her own registered personal information or the registered personal information of a minor who is younger than 14 years of age. To access and modify applicable personal information, the customer or the legal representative may directly access or modify the registered personal information including accounts by clicking the My Page menu in the Services page. B. Deletion of Personal Information (Withdrawal of Membership) If the customer or the legal representative of a minor younger than 14 years of age desires to withdraw the membership, he/she may do so directly by logging in through the website or mobile application and clicking “My Page – Withdrawal”. If it is difficult to withdraw directly, the customer or the legal representative may contact the customer service center by letter, telephone or email, and the Company will immediately take measures therefor.
Destruction of Personal Information
Generally, personal information of the customers is immediately destroyed once the purpose of collecting and using personal information is achieved. Company’s destruction process and methods of personal information are as follows: A. Destruction Process Information provided by the customers to subscribe for the Services is destroyed after being moved to a separate DB or storage and retained for a certain period according to the reasons for information protection (see, Article 4 Retention and Use Period for Personal Information) pursuant to internal policy and applicable laws and regulations. Personal information that is separately retained as above will not be used for any purpose other than the stated purpose. B. Destruction Methods Personal information printed on the papers will be shredded by a shredder or destroyed by incineration. Personal information retained in the form of electronic mails will be deleted using technical means to disable the regeneration of records.
Matters pertaining to Providing Personal Information to Third Parties A. The Company does not provide customer’s personal information to any third party without the prior consent by the customer. B. If customer’s personal information is to be provided to or shared with a third party, the Company will notify the customer personally via site, email, letter or application as to the person to whom the information will be provided or shared with, the items of personal information that will be provided or shared, the purpose for providing or sharing personal information, the retention and use period, etc. and thereafter will seek separate consent with respect thereto. C. However, if stated otherwise under applicable laws and regulations, it may be possible to provide personal information without the customer’s consent.
Matters pertaining to Installation and Operation of Facilities that Automatically Collect Personal Information and Refusal Thereof In order to offer personalized services that fit the customer, the Company uses a Web Storage for storing and often retrieving the information being used. The Web Storage supports storing data on the client instead of the server. There are local Storage, session Storage, cache Storage and Cookie in the Web Storage. Each of local Storage, session Storage, cache Storage and Cookie has its own unique characteristics and is selectively used as necessary. Data is stored using the browser’s session Storage and local Storage. Session Storage is for temporary storage, but local Storage is permanent. User may delete data in the local Storage by deleting the browser records. Cache Storage is used when the same requests are made after files once requested in a browser are stored, and users may erase data by deleting the browser records. Cookie is a small piece of data sent from a server (http) used in operating a website to the user’s computer browser and may be stored in the hard disk on the user’s computer. If the customer desires to refuse the storage of Cookie, it may be done by going to the top of the web browser Tool>Internet Options>Personal Information Menu and setting options thereunder.
Personnel in Charge of Protecting Personal Information Personnel in charge of protecting personal information: Kim, Seung-hyun Relevant Department: CTO Contact: email@example.com / 070-4215-3541