Company Name (hereinafter referred to as the “Company”) establishes and discloses the following personal information processing guidelines in accordance with Article 30 of the Personal Information Protection Act in order to protect the personal information of the information subject and to promptly and smoothly process complaints related thereto.
Article 1 (Purpose of personal information processing)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be taken.
1. Website membership registration and management
Personal information is processed for the following purposes: confirmation of intent to register as a member, identification and authentication of the individual in accordance with the provision of membership services, maintenance and management of membership qualifications, identity verification in accordance with the implementation of the limited identity verification system, prevention of unauthorized use of services, confirmation of consent of the legal representative when processing personal information of children under the age of 14, various notifications, notices, and complaint handling.
2. Provision of goods or services
We process personal information for the purposes of delivering goods, providing services, sending contracts and invoices, providing content, providing customized services, verifying identity, verifying age, paying and settling fees, and collecting debts.
3. Complaint Handling
Personal information is processed for the purposes of verifying the identity of the complainant, verifying the complaint, contacting and notifying for fact-finding, and notifying the processing results.
Article 2 (Processing and Retention Period of Personal Information)
① The company processes and retains personal information within the retention and use period of personal information stipulated by law or the retention and use period of personal information agreed upon by the information subject when collecting personal information.
② The processing and retention periods of each personal information are as follows.
1. Website membership registration and management: Until withdrawal from the business/organization website
However, in the following cases, until the end of the reason
1) In the case of an investigation or inquiry due to violation of relevant laws and regulations, until the end of the investigation or inquiry
2) In the case of remaining claims and debts due to website use, until the settlement of the claims and debts
2. Provision of goods or services: Until the completion of the supply of goods or services and completion of payment and settlement of fees
However, in the following cases, until the end of the relevant period
1) Records of transactions such as display and advertisement, contract contents and performance in accordance with the Act on Consumer Protection in Electronic Commerce, etc.
- Records of display and advertisement: 6 months
- Records of contract or subscription withdrawal, payment, supply of goods, etc.: 5 years
- Records of consumer complaints or dispute resolution: 3 years
2) Retention of communication fact confirmation data in accordance with Article 41 of the Act on Protection of Communication Secrets
- Subscriber telecommunication date and time, start and end time, other party subscriber number, number of uses, and base station location tracking data: 1 year
- Computer communication, Internet log records, access location tracking data: 3 months
Article 4 (Entrustment of Personal Information Processing)
① In order to smoothly process personal information, the company entrusts personal information processing as follows. - Entrusted work content
- Trustee: Imweb Co., Ltd. - Entrusted work content: Provision of system for shopping mall hosting service, mobile app service, marketing service and additional, affiliate service provision, and notification talk, friend talk, text message sending agency service, etc.
- Trustee: OOO PG
- Entrusted work content: Payment and escrow work
- Trustee: OOO Courier
- Entrusted work content: Product delivery work
- Trustee: OOO Customer Center
- Entrusted work content: Customer consultation work
- Trustee: OOO
- Entrusted work content: Identity verification work
- **Sub-entruster**
- **Sub-entrustee: Imweb Co., Ltd. → Infobib (Co., Ltd.)**
- **Entrusted work content: Text message sending, KakaoTalk notification talk (informational message) sending work**
- **Sub-entrustee: (주)아임웹 → (주)루나소프트**
- **Contents of the entrusted work: Sending text messages, sending KakaoTalk notifications (informative messages) and friend talk messages**
② When concluding a consignment contract, the company states in a contract or other document matters related to responsibilities such as prohibition of processing personal information for purposes other than the performance of the consigned work, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and compensation for damages in accordance with Article 25 of the Personal Information Protection Act, and supervises whether the consignee safely processes personal information.
③ In the event that the content of the consigned work or the consignee changes, we will disclose it without delay through this personal information processing policy.
Article 5 (Rights of Data Subjects and Legal Representatives and Methods of Exercising Them)
① Data subjects may exercise the following rights related to personal information protection against the company at any time:
1. Request to view personal information
2. Request for correction in case of errors, etc.
3. Request for deletion
4. Request for suspension of processing
② The rights under Paragraph 1 may be exercised against the company in writing, by phone, e-mail, facsimile (FAX), etc., and the company will take action without delay.
③ If the data subject requests correction or deletion of personal information due to errors, etc., the company will not use or provide the personal information until the correction or deletion is completed.
④ The rights under Paragraph 1 may be exercised through an agent, such as the data subject's legal representative or authorized person. In this case, a power of attorney in the format of Appendix 11 of the Enforcement Decree of the Personal Information Protection Act must be submitted. ⑤ The information subject shall not infringe upon the personal information or privacy of the information subject or others that the company is processing by violating the Personal Information Protection Act or other related laws.
Article 6 (Personal information items being processed)
The company is processing the following personal information items.
1. Website membership registration and management
Required items:
Optional items:
2. Provision of goods or services
Required items:
Optional items:
Article 7 (Destruction of personal information)
① When personal information becomes unnecessary due to the expiration of the personal information retention period, achievement of the processing purpose, etc., the company destroys the relevant personal information without delay.
② When the personal information retention period agreed upon by the information subject has expired or the processing purpose has been achieved, but personal information must be retained in accordance with other laws, the personal information is transferred to a separate database (DB) or stored in a different location.
③ The procedures and methods for destroying personal information are as follows. 1. Destruction Procedure
The company selects personal information for which a reason for destruction has occurred and destroys the personal information with the approval of the company's personal information protection officer.
2. Destruction Method
The company destroys personal information recorded and stored in electronic files so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incineration.
Article 8 (Measures to Ensure the Security of Personal Information)
The company is taking the following measures to ensure the security of personal information.
1. Administrative measures: Establishment and implementation of an internal management plan, regular employee training, etc.
2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, etc., installation of security programs
3. Physical measures: Access control to computer rooms, data storage rooms, etc.
Article 9 (Matters regarding the installation, operation, and refusal of automatic personal information collection devices)
① The company uses 'cookies' to store and periodically retrieve usage information in order to provide customized services to users. ② Cookies are small pieces of information that the server (http) used to operate the website sends to the user's computer browser and are stored on the user's PC or mobile device.
③ The information subject can set the web browser options to allow or block cookies. However, if cookie storage is refused, it may be difficult to use customized services.
▶ Allow/Block Cookies in Web Browser
- Chrome: Web Browser Settings > Privacy & Security > Delete Internet Usage History
- Edge: Web Browser Settings > Cookies & Site Permissions > Manage & Delete Cookies & Site Data
▶ Allow/Block Cookies in Mobile Browser
- Chrome: Mobile Browser Settings > Privacy & Security > Delete Internet Usage History
- Safari: Mobile Device Settings > Safari > Advanced > Block All Cookies
- Samsung Internet: Mobile Browser Settings > Internet Usage History > Delete Internet Usage History
④ The company collects and uses information about the visits and usage patterns, popular search terms, and secure access status of each service and website visited by the user during the service use process to provide optimized information to the user.
Article 10 (Personal Information Protection Officer)
① The company is responsible for the overall management of personal information processing, and has designated a personal information protection officer as follows to handle complaints and provide remedies for damages from information subjects related to personal information processing.
▶ Personal Information Protection Officer
Name: OOO
Position: OOO
Contact: , ,
※ Connects to the personal information protection department.
▶ Personal Information Protection Department
Department name: OOO Team
Contact: , ,
② Information subjects may inquire about all personal information protection-related inquiries, complaints, remedies, etc. that arise while using the company's services (or business) to the personal information protection officer and the department in charge. The company will respond to and process inquiries from information subjects without delay.
Article 11 (Request to view personal information)
The data subject may request to view personal information in accordance with Article 35 of the Personal Information Protection Act to the department below. The company will endeavor to promptly process the data subject's request to view personal information.
▶ Department in charge of receiving and processing requests to view personal information
Department name: OOO
Contact information: , ,
Article 12 (Methods of redressing infringement of rights)
The data subject may inquire about redress for damages and consultations regarding infringement of personal information to the following organizations. 1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
4. National Police Agency: (without area code) 182 (ecrm.police.go.kr/minwon/main)
Article 13 (Implementation and Change of Personal Information Processing Policy)
This personal information processing policy is effective from 20XX. X. X.