CJ ENM Co., Ltd. (the “Company”) gives priority to protection of personal information and it is always doing its utmost to protect personal information of users.
A. Items of personal information to be collected and methods of collection
The Company collects and utilizes the minimum amount of personal information of the user required for the purpose of authentication of user, payment of services, shipment and provision of the customized service to the user by utilizing the personal information as marketing materials for statistics and analysis. Specifically, users may sign in Mwave mobile application or website only through a third-party social media service account only.
1. Items of personal information to be collected and the purpose of collection
2. Description of information to be collected
3. The method of collection
B. The purpose of using personal information
The Company utilizes the personal information collected for the following purposes.
1. The Company’s legitimate interests
2. Users management
For user authentication of membership service, personal identification, prevention of illicit use or unauthorized use by fraudulent user, confirmation of a user's intent to join, enrollment or limitation of the number of enrollment, maintenance of records for conflict resolution, customer service including recourse and redress, and sending notification
3. Fulfillment of a contract
For performance of the Company’s contractual obligations to users, including (without limitation) delivery of purchased albums or other goods
C. Consent to collection of personal information
D. Consent to disclosure of the collected personal information to authorized third parties
However, personal information can be provided without the user’s consent according to relevant provisions in the laws in the following cases:
E. Entrustment of the handling of personal information
The Company delegates the handling of personal information necessary for payment and customer service to external companies for the Company’s service as described below.
|Entrusted Company||Entrusted Operations||Entrusted Purposes||Shared Information|
|Reve Co.Ltd||Customer guidance and CS customer service systems operation||Customer service center operation||Social media account information, address|
|Reve Co.Ltd||Shipping agency services||Delivery of goods for the event||Social media account information, address|
|PayPal||Payment processing for the purchase of a paid product||Payment processing & prevention of payment misappropriation||Social media account information, address|
|KG Inisis||Payment processing for the purchase of a paid product||Payment processing & prevention of payment misappropriation||Social media account information, address|
F. The period of retention and the procedures and method of destruction of personal information
When personal information becomes obsolete due to the achievement of the purpose of collecting and handling personal information, the Company shall immediately destroy such information.
1. The list of information to be destroyed
2. However, the personal information of a user can be retained even after the purpose was achieved in exceptional cases required by the Commercial Law or other laws
3. The method of destruction
G. The right of user and his or her legal representative and the method of exercising such right
1. Accessing the account information and the method of modification of information users
If users request correction of error in the account information, the Company will not use or provide the personal information to others before such information is modified. In case where the Company already provided the personal information with error to a third party, it will immediately notify the third party of the modified information. However, if there is reasonable ground to refuse a user's access or request for correction of part or all of the personal information, the Company may immediately notify users of such refusal and provide its basis for such refusal.
In the following exceptional cases, however, the Company may refuse users to access or modify the personal information without notice.
2. Retraction of users’ consent and the method of withdrawal from membership
Users may anytime retract their consent to the collection, use, and provision of personal information that they provided at the time of signing up membership. Retraction of consent and withdrawal from membership may limit use of certain feature of Mwave mobile application or website. When users wish to retract their consent (or withdraw from membership), they can click on the “withdrawal from membership” option on the company's website and directly apply for withdrawal. (For Mwave application, click “Settings” and then click “withdrawal from membership” button on the bottom of the screen.) Or, they may contact the person in charge of managing personal information by phone or electronic mail, and then the Company shall immediately commerce with necessary measures.
H. Collection of personal information by cookie
The Company manages “cookie” which frequently saves and finds personal information of users.
Cookie is a small text file sent by the server used to run the website or mobile services of the Company to the browser of users and it is saved in the hard disk of users’ devices (PC Smartphone, tablet PC, etc).
Cookie may contain the information of websites that users visited and users’ personal information. Users have the right to choose the installation of cookie. By setting the options on web browsers, users may enable cookies completely, request it to ask the consent whenever cookies save data or disable cookies completely so that they are always blocked.
However, if users disabled cookies completely, they might experience some difficulty in fully utilizing the Company’s services.
1. Allowing installation of cookie (Internet Explorer)
2. Viewing cookies (Internet Explorer)
3. The purpose of using cookie
The personal information gathered through cookie is used in providing customized information tailored to the users’ interest areas, target marketing by analyzing users’ preferences and interest areas through frequency of access and length of use by members and non-members, and customized service through users’ habits in utilizing the Company’s service, improving the Company’s service tailored to users’ preferences and posting on bulletin board.
I. Personal data protection for children under 14 years of age
The Company will make every efforts to comply with legal requirements regarding protection of underage users. Children under 14 years of age (so called ‘minor’) shall need consent from a legal representative (parent) to create and use social media accounts which are necessary to sing-in the Company’s Mwave mobile application or website. For more information, please contact the customer center of each social media service company. (In addition and without prejudice to the foregoing, the Company will comply with the applicable laws and regulations to protect juveniles from media products harmful to juveniles. In this regard, please refer to the Company’s Youth Protection Policy separately posted on Mwave mobile application or website.)
J. Technical and managerial measures for protection of personal information
The Company implements technical and managerial measures for protection of personal information. It also provides its employees with education about personal information protection and does its utmost to prevent the loss from leakage of personal information by limiting the minimum number of employees who can access to the personal information
1. Technical measures
In managing the personal information, the Company takes the following technical measures to prevent loss, theft, leakage, falsification, or destruction of personal information and to secure the safety of its user's personal Information:
2. Managerial measures
K. Person in charge of protection of personal information
In order to protect users’ personal information and handle their complaints related to the Company’s use of personal information, the Company designates the relevant department and Personal Information Management Officer as below. If you have any complaints in regards to personal information while using the service, please report it to the Personal Information Management Officer or Personal Information Protection Officer and we will get back to you right away.
- Personal Information Management Officer
- Personal Information Protection Officer
L. Report of privacy infringements
Contact the aforesaid person in charge of personal information by means of telephone or electronic mails to discuss or report any invasion of personal information, or contact the organizations shown below to file reports or seek consultation for other privacy infringements:
- Invasion of Personal Information Complaint Center, Korea Internet and Security Agency (KISA)
- ePRIVACY Mark Certification Commission
- Supreme Prosecutors’ Office High-Tech and Financial Crimes Investigation Division
- National Police Agency Cyber Terror Response Center
M. Effective date; Obligation to notify any change