The Company gives priority to protection of personal information and it is always doing its utmost to protect personal information of members.
The Company observes the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and other rules and regulations related to protection of personal information and “Policy on Protection of Personal Information.”
Personal Data Protection Policy allows the Company to inform members of the purpose and method of using their personal information and the measures for protection of the personal information.
This personal data protection policy will be posted on the Service provided by the Company so that the customers can refer to it anytime.
The Company's Personal Data Protection Policy includes the following contents:
A. Items of personal information to be collected and methods of collection
The Company collects and utilizes the minimum amount of personal information of the member required for the purpose of authentication of user, payment of services, shipment and provision of the customized service to the member by utilizing the personal information as marketing materials for statistics and analysis.
1. Purpose of personal information collection
2. Items of personal Information to be collected
|Division||Items to be collected|
|Required items||SNS (Facebook, Twitter, Kakao, Weibo, Instagram, Goolge+, Naver, Tumblr, Line, WeChat and etc) : ID for separate use, name and profile photo|
|Optional items||Birth year, Gender, Country, Interests, Email address, Nickname, profile photo, address and , mobile phone number|
|Other information on transaction and personal||service using record, data access log, cookie, IP address, records of payment|
|preference collected during the process of members' using the service or Company's doing the business||suspension of membership and withdrawal from the membership|
|Mobile phone information while using the mobile service||Carrier information, mobile phone model name, hardware ID, version of OS(Android/iOS), Push token, mobile phone access date, session ID, AD Id, mobile phone MAC address
The mobile phone information is in a format that cannot be used for personal identification and the Company does not participate in any activities to identify individuals using the collected data
3. The method of collection
B. The purpose of using personal information
The Company utilizes the personal information collected for the following purposes.
1. For the performance of service contract and calculation of payment of the service
For provision of contents, shipment of giveaways, user authentication in financial transactions, purchase of a paid product and payment of fees
2. Members management
For user authentication of membership service, personal identification prevention of illicit use or unauthorized use by fraudulent member, confirmation of a member's intent to join, enrollment or limitation of the number of enrollment, consent from a legal representative (parent) to collect personal information of children under 15 years of age, further personal verification of a legal representative, maintenance of records for conflict resolution customer service including recourse and redress, and sending notification
3. For marketing and advertisement purpose
Providing services and advertisements based on demographic characteristics. Identifying access frequency and statistics of users using the service. To provide customized advertisements and information based on users characteristic. To provide events and extract target users when new service is launched.
C. Customers’ consent on collecting personal information
The Company collects the minimum amount of personal information required for the execution and performance of service use agreements by using legal and fair methods. When the Company collects a user’s identification information, it must receive the user’s prior consent according to the following legal procedures. As to the collection of the personal information, the Company gives notification to the users through the Personal Information Protection Policy of the Company or the Personal Information Handling Policy. When the member clicks on the “agree” button, it is deemed as the member’s consent to the collection of personal information. The Company studies the distribution of members and their interests and patterns of behavior based on server log files of the Company or its own research. The purpose is to learn more about its members and provide high-quality service to members. The information from these studies is thoroughly collected and analyzed, but does not contain the information, which can recognize the identification of individual member.
D.Customer consents to disclosure of the following customer’ personal information to third parties authorized by Company
The Company shall not utilize the personal information or provide it to a third party, other companies, or organizations beyond the purpose stipulated in the policy, except for cases where the member’s consent is already obtained or the disclosure of personal information is inevitable for the purpose of taking legal measures due to their violation of the Company’s policy and management regulations, or responding to a request from the relevant governmental institutions. If the Company wishes to provide (or share) additional personal information beyond the designated purpose of the Personal Information Protection Policy, it shall give a notification to the member by means of the User Policy, the Personal Information Protection Policy, electronic mails or a written document about to whom or to which business the information is provided to, the items of personal information to be provided, the purpose of provision of personal information and receive the prior consent from the member.
However, personal information can be provided without the member’s consent according to relevant provisions in the laws in the following cases :
Social networking sites– If you link your account on the Property to other social networking sites (e.g., Facebook, Instagram, Snapchat, Twitter, etc.), we may exchange or otherwise provide information about you with these social networking sites, with your consent
|The third party||The purpose of usage||Provided personal information||The period of retention and usage|
|Payletter||Payment processing for the purchase of a paid product||ID, item information, purchase order number, biller, payment amount, cell phone number, carrier||Follows “F. The period of retention and the procedures and method of destruction of personal information”|
|CJ OliveNetworks||Payment processing for the purchase of a paid product||ID, buyer’s name, item information, transaction number, card number, expiration date, first 2 digits of password number, cell phone number, carrier, telephone number, account number, bank code, pin number of arts gift card, pin number of books gift card||Follows “F. The period of retention and the procedures and method of destruction of personal information|
|KB Kookmin Card
Kwang Ju Card
|Paid item purchase(credit card payment)||ID, transaction number, transaction date, fee amount, buyer’s name, card number, expiration date, first 2 digits of password number||Follows “F. The period of retention and the procedures and method of destruction of personal information|
|Mobilians||Paid item purchase(payment using cell phone / telephone / arts gift card / books gift card)||- Common: ID, buyer’s name, transaction number, transaction date, fee amount
- cell phone payment: transaction number, cell phone number, carrier
- telephone payment: transaction number, telephone number arts gift card payment: arts gift card pin number bookstore gift card payment: books gift card pin number
|Follows “F. The period of retention and the procedures and method of destruction of personal information|
|LG U+||Paid item purchase(online transfer payment)||Transaction number, account number, bank code(If a customer makes a purchase: customer’s name and information regarding the purchased item are additionally disclosed)|
|Galaxia||Paid item purchase(cell phone payment)||Cell phone number, payment amount, transaction item, ID, name, carrier, purchase order number|
|Danal||Paid item purchase(cell phone payment)||Cell phone number, payment amount, payment item, SMS number of authorization, buyer’s company purchase order number, payer name, unique price of transaction., ID|
|SK Planet||Payment processing for the purchase of a paid product||item information, purchase order number, card number, expiration date, first 2 digits of password number, cell phone number, carrier, telephone number||Follows “F. The period of retention and the procedures and method of destruction of personal information”|
|infobank||- Text voting service provision in connection with Mnet.com data
- Operation of SMS, MMS transmission system related to event promotion
|Cellular phone number||Complies with “F. The period of retention and the procedures and method of destruction of personal information”.|
E. Management of Personal Information Consignment
The Company consigns the handling of personal information necessary for payment and customer service to external company (“consignee”) for the Service as described below.
|Consignment Alliance||Consignment Task||Consignment Areas||Shared Information|
|CJ Telenix||Customer guidance and CS customer service systems operation||Customer service center operation||Membership information, payment information|
|T&C International||Shipping agency services||Delivery of goods for the event||Name, telephone number, address|
|CJ OliveNetworks||Customer information, promotion, Event-related services||text message delivery system||ID, mobile phone number|
|GLOSSYBOX KOREA||Customer service, Shipping agency service||Customer service center operation and product shipping||Name, phone number, address|
|NICE Information Service Co., Ltd.||Personal identification service via mobile||Identification process||Name, sex, date of birth(Y-M-D), nationality, cellular phone number, service carrier|
F. The period of retention and the procedures and method of destruction of personal information
When personal information becomes obsolete due to the achievement of the purpose of collecting and handling personal information, the Company shall immediately destroy such information
1. The list of information to be destroyed
2. However, the personal information of a member can be retained even after the purpose was achieved in exceptional cases required by the Commercial Law or other laws
3. The method of destruction
G. The right of user and his or her legal representative and the method of exercising such right
1. Accessing the account information and the method of modification of information Members
If members request correction of error in the account information, the Company will not use or provide the personal information to others before such information is modified. In case where the Company already provided the personal information with error to a third party, it will immediately notify the third party of the modified information. However, if there is reasonable ground to refuse a member's access or request for correction of part or all of the personal information, the Company may immediately notify members of such refusal and provide its basis for such refusal.
In the following exceptional cases, however, the Company may refuse members to access or modify the personal information without notice.
2. Retraction of members’ consent and the method of withdrawal from membership
Members may anytime retract their consent to the collection, use, and provision of personal information that they provided at the time of signing up membership. Retraction of consent and withdrawal from membership at one of the Company’s websites applies to all of the Company’s websites. When members wish to retract their consent (or withdraw from membership), they can click on the “withdrawal from membership” option on the company's website and directly apply for withdrawal. Or, they may contact the person in charge of managing personal information by phone or electronic mail, and then the Company shall immediately commerce with necessary measures.
H. Collection of personal information by cookie
The Company manages “cookie” which frequently saves and finds personal information of members.
Cookie is a small text file sent by the server used to run the website or mobile services of the Company to the browser of members and it is saved in the hard disk of members’ devices (PC Smartphone, tablet PC, etc).
Cookie may contain the information of websites that members visited and members’ personal information. Members have the right to choose the installation of cookie. By setting the options on web browsers, members may enable cookies completely request it to ask the consent whenever cookies save data or disable cookies completely so that they are always blocked.
However, if members disabled cookies completely, they might experience some difficulty in fully utilizing the Services.
1. Allowing installation of cookie (Internet Explorer)
2. Viewing cookies (Internet Explorer)
3. The purpose of using cookie
The personal information gathered through cookie is used in providing customized information tailored to the members’ interest areas, target marketing by analyzing customers’ preferences and interest areas through frequency of access and length of use by Members and non-Members, Ticketing advertisement, and customized service through customers’ habits in utilizing the Service, improving the Service tailored to customers’ preferences and posting on bulletin board.
I. Personal data protection for children under 14 years of age
Protecting children’s privacy is especially important to us. We do not knowingly collect any Personal Information from children under the age of fourteen (14). Children under 14 are expressly prohibited from providing any Personal Information to us through use of the Property. In the event that we learn that we have inadvertently collected Personal Information from children under the age of 14, we will take reasonable measures to promptly remove such information from our records. It is our policy to comply with the Children’s Online Privacy Protection Act of 1998 and any other applicable laws.
At various places on the Property, we may ask users for their age. By using the Property and its services, you agree to respond truthfully about your age. If you have any reason to believe that a child has provided personal information to the Property, please contact us and we will make reasonable efforts to delete the provided information or otherwise protect the user.
J. Technical and managerial measures for protection of personal information
The Company implements technical and managerial measures for protection of personal information. It also provides its employees with education about personal information protection and does its utmost to prevent the loss from leakage of personal information by limiting the minimum number of employees who can access to the personal information
1. Technical measures
In managing the personal information, the Company takes the following technical measures to prevent loss, theft, leakage, falsification, or destruction of personal information and to secure the safety of Its member's personal Information :
2. Managerial measures
K. Person in charge of protection of personal information
In order to protect members’ personal information and handle their complaints related to the Company’s use of personal information, the Company designates the relevant department and Personal Information Management Officer as below. If you have any complaints in regards to personal information while using the service, please report it to the Personal Information Management Officer or Personal Information Protection Officer and we will get back to you right away.
Personal Information Management Officer
Personal Information Protection Officer
L. Advise and reporting in regards to invasion of personal information
Contact the person in charge of personal information by means of telephone or electronic mails to discuss or report any invasion of personal information, or report it to the invasion of personal information complaint center of the Korea Internet and Security Agency (KISA), which is the affiliate public organization of the Ministry of Information and Communication
Invasion of Personal Information Complaint Center
ePRIVACY Mark Certification Commission
Supreme Prosecutors’ Office High-Tech and Financial Crimes Investigation Division
National Police Agency Cyber Terror Response Center
M. Pursuant to Company’s Obligation to Notify Change in Policy Changed
This Personal Information Protection Policy may be frequently modified by amendment of relevant laws and government policy and the Company’s internal policy. In cases where the Personal Information Protection Policy of the Company is amended, the Company notifies customers of the amended policy at the website operated by the Company for at least 10 days or by other methods. If you have any questions in regards to an amendment of the policy, you may ask the personal Information Management Officer or Personal Information Protection Officer or the customer service at the Company’s website.