Privacy Policy
Article 1 (Purpose)
This privacy policy is established to protect the personal information of users in accordance with the Personal Information Protection Act and to inform users about the purpose and method of use of personal information provided by users and what measures are being taken to protect personal information.
This privacy policy takes effect from the date of announcement, and when there are additions, deletions, and modifications to the contents, it will be notified through notices starting 7 days before the revision takes effect.
Article 2 (Collection and Use of Personal Information)
The company collects and uses personal information for the following purposes:
-
Service provision and improvement
- Providing customized services and content
- Service usage statistics and analysis
- Service quality improvement and new service development
-
Member management
- Member identification and authentication
- Prevention of illegal use and unauthorized use
- Confirmation of membership intention and age verification
- Record keeping for dispute mediation
-
Marketing and advertising use
- Event and advertising information delivery
- Participation opportunities and result notification
- Service introduction and usage recommendations
The company collects the following personal information:
-
Required information
- Name, email address, password
- Mobile phone number
- Service usage records, access logs, cookies, access IP information
-
Optional information
- Profile picture, nickname
- Interests and preferences
- Additional contact information
The company collects personal information through the following methods:
- Collection through website membership registration
- Collection through mobile app installation and use
- Collection through customer service and consultation processes
- Collection through event participation and surveys
- Collection through partner companies
Article 3 (Provision of Personal Information to Third Parties)
The company does not provide users' personal information to third parties without users' consent. However, exceptions apply in the following cases:
- When users have given prior consent
- When there are provisions in laws
-
When necessary for investigation purposes by investigative agencies according to procedures and methods stipulated in laws for investigation purposes
-
When necessary for statistics compilation, academic research, or market research, and provided in a form that cannot identify specific individuals
When providing personal information to third parties, the company notifies users in advance of the recipient, purpose of provision, items of personal information provided, and retention and use period of the recipient and obtains consent.
Article 4 (Consignment of Personal Information Processing)
The company may consign personal information processing to external companies for service improvement. When consigning personal information processing, the company notifies users in advance of the consignee and consigned work contents and obtains consent.
The company stipulates necessary matters in contracts to ensure that personal information is safely managed when consigning personal information processing and supervises whether the consignee safely processes personal information according to relevant laws.
Currently consigned work:
-
Customer service and consultation
- Consignee: [Company name to be specified]
- Consigned work: Customer inquiry response and consultation
- Retention and use period: Until consignment contract termination
-
System operation and maintenance
- Consignee: [Company name to be specified]
- Consigned work: Server operation and system maintenance
- Retention and use period: Until consignment contract termination
Article 5 (Rights and Obligations of Users and Legal Representatives and Exercise Methods)
1. Rights of Users
Users may exercise the following rights regarding personal information processing:
- Right to request access to personal information
- Right to request correction and deletion
- Right to request suspension of processing
- Right to request damage compensation
2. Exercise Method
Users may exercise the above rights by submitting written requests, phone calls, or emails to the company, and the company will take action without delay.
When users request correction or deletion of personal information errors, the company does not use or provide the relevant personal information until correction or deletion is completed.
3. Rights of Legal Representatives
Legal representatives of users under 14 years of age may exercise all rights regarding the child's personal information and may withdraw consent given for the child's personal information collection.
Article 6 (Items of Personal Information Collected and Retention Period)
1. Retention Period
The company retains and uses personal information during the period of achieving the purpose of personal information collection and use, and immediately destroys personal information when the purpose is achieved.
However, personal information is retained for the period specified below when there are provisions in related laws:
-
Records related to contract or subscription withdrawal
- Retention reason: Act on Consumer Protection in Electronic Commerce
- Retention period: 5 years
-
Records related to payment and supply of goods
- Retention reason: Act on Consumer Protection in Electronic Commerce
- Retention period: 5 years
-
Records related to consumer complaints or dispute processing
- Retention reason: Act on Consumer Protection in Electronic Commerce
- Retention period: 3 years
-
Records related to identity verification
- Retention reason: Act on Promotion of Information and Communications Network Utilization and Information Protection
- Retention period: 6 months
-
Visit records
- Retention reason: Communications Secret Protection Act
- Retention period: 3 months
2. Destruction Procedure and Method
The company destroys personal information according to the following procedures and methods:
-
Destruction Procedure
- Information entered by users for membership registration is transferred to a separate DB after achieving the purpose and stored for a certain period according to internal policies and other related laws and then destroyed
- Personal information transferred to separate DB is not used for other purposes except when required by law
-
Destruction Method
- Personal information stored in electronic file format is deleted using technical methods that make records unrecoverable
- Personal information printed on paper is destroyed by shredding or incineration
Article 7 (Technical, Administrative, and Physical Measures for Personal Information Protection)
The company implements the following technical, administrative, and physical measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged:
1. Technical Measures
-
Personal information encryption
- Passwords are encrypted and stored and managed, and only the person who knows them can check and change them
- Important data uses separate security functions such as file and transmission data encryption
-
Access control
- Access control systems are operated to control access to personal information processing systems
- Access rights are granted with minimum privileges and access records are maintained and managed
-
Security program installation and update
- Security programs are installed to prevent leakage and damage of personal information due to hacking or computer viruses and are regularly updated
2. Administrative Measures
-
Establishment and implementation of internal management plans
- Internal management plans are established and implemented for safe processing of personal information
- Regular training is conducted for employees handling personal information
-
Minimization and training of personal information handling staff
- Personal information handling staff is minimized and separate passwords are assigned and regularly changed
- Regular training is conducted for personal information handling staff
-
Regular inspection
- Regular self-inspections are conducted for compliance with personal information handling-related laws and internal management plans
3. Physical Measures
-
Access control to computer rooms and data storage rooms
- Physical access control is implemented for computer rooms and data storage rooms where personal information is stored
-
Document security
- Documents and auxiliary storage media containing personal information are stored in secure locations with locking devices
Article 8 (Personal Information Manager and Contact Information)
The company designates a personal information manager to be responsible for overall personal information processing and to handle complaints and damage relief related to personal information processing.
- Name: [Name to be specified]
- Position: [Position to be specified]
- Contact: [Phone number to be specified]
- Email: [Email address to be specified]
- Name: [Name to be specified]
- Contact: [Phone number to be specified]
- Email: [Email address to be specified]
Users may report all personal information protection-related complaints that occur while using the company's services to the personal information manager or the department in charge. The company will provide prompt and sufficient responses to users' reports.
Article 9 (Remedy for Rights Infringement)
To receive relief for personal information infringement, users may apply for dispute mediation and collective dispute mediation to the Personal Information Dispute Mediation Committee and report to the Personal Information Protection Commission. In addition, please contact the following organizations for other reports and consultations regarding personal information infringement:
-
Personal Information Dispute Mediation Committee: privacy.go.kr, (without area code) 1833-6972
-
Personal Information Protection Commission: privacy.go.kr, (without area code) 02-2100-2500
-
Supreme Prosecutors' Office Cybercrime Investigation Unit: spo.go.kr, (without area code) 1301
-
National Police Agency Cyber Safety Bureau: cyberbureau.police.go.kr, (without area code) 182
Article 10 (Changes to Privacy Policy)
This privacy policy takes effect from the date of announcement. When there are additions, deletions, and modifications to laws, policies, or company internal policies, it will be notified through notices starting 7 days before the changes take effect.
- Announcement date: [Date to be specified]
- Effective date: [Date to be specified]
Article 11 (Cookie Operation and Refusal)
1. Purpose of Cookie Use
The company uses cookies to provide customized services by storing and retrieving users' usage information.
Cookies are small text files sent to users' browsers by the server used to operate websites and are stored on users' computer hard drives.
2. Cookie Installation and Operation and Refusal
-
Cookie installation and operation
- The company operates cookies for the following purposes:
- Analysis of visit frequency and visit time of each service and website
- Analysis of users' tastes and interests and tracking of traces
- Grasping the degree of participation in various events and number of visits
- Identification of popular search terms
- Secure connection maintenance
-
Cookie refusal method
- Users have choices regarding cookie installation. Users may allow all cookies, confirm each time cookies are saved, or refuse to save all cookies by setting options in web browser settings.
-
Setting method examples
- Internet Explorer: Tools menu > Internet Options > Privacy tab > Settings
- Chrome: Settings > Advanced settings > Privacy and security > Content settings > Cookies
However, when users refuse to install cookies, there may be difficulties in using some services that require login.
This privacy policy is effective from [Date to be specified].