1. Purpose of Processing Personal Information
Company collects and uses personal information for the following purposes.
(1) Membership registration and management: confirmation of membership intent, identification/authentication, maintenance and management of membership, prevention of illegal use of services, sending various notices, etc.
(2) Provision of goods or services: provision of service, delivery of contract/invoice, provision of basic service and customized service, verification of identity, age verification, bill payment and settlement, debt collection, etc.
(3) Managing consumer complaints: identification of the data subject, confirmation of complaints, contact/notification for fact-finding, and notification of processing results
(4) Marketing and Advertising: provision of customized advertisements, opportunities to participate in events, statistics on the use of services by data subjects, etc.
(5) Improvement of existing services and development of new and customized services
(6) Processing of pseudonymized information for statistical preparation, scientific research, and preservation of records in the public interest.
2. Items of Personal Information Processed
|Registration Method||Obtained Information|
|Registration through Kakaotalk||Email, name||Age, gender|
|Registration through Google ID||Email, name, profile image, locale (geography and language)|
|Registration through Apple ID|
|OS Applied to Mobile Phone||Collected Information|
|Android||SMS/app notification and its contents (payment method, payment time, payment destination, withdrawal bank, amount, balance after payment, etc.) of the financial company (bank, credit card company, securities company, payment agency, etc.)|
|iOS||Text messages and its contents (same as above) of the financial company (same as above)|
3. Period of Retention and Use for Personal Information
(2) Notwithstanding the foregoing, the following information is retained for the period specified for the following reasons.
- Personal information related to use of service (log records): 3 months (Communications Secret Protection Act)
- Records on withdrawal of contract or subscription, etc., and records on payment and supply of goods: 5 years (Consumer Protection Act in Electronic Commerce, Etc.)
- Records on handling consumer complaints or disputes: 3 years (Consumer Protection Act in Electronic Commerce, Etc.)
4. Provision of Personal Information to Third Parties
(1) The company may provide personal information to third parties only with the consent of the data subject or when there are special provisions in the Personal Information Protection Act or other laws.
(2) The Company may provide pseudonymized information to a third party, and in that case, the Company shall comply with Personal Information Protection Act.
5. Processing Personal Information Subsequent to Outsourcing of Work and Overseas Transfer
|Trust Companies||Outsourced Work|
|Google Inc. (Google Cloud Platform)||Storage of data, provision of cloud service|
6. Use and Provision of Personal Information within the Scope Reasonably Related to the Purpose of Collection
The Company may use or provide personal information to a third party without the consent of the data subject, considering each of the following criteria within a reasonable scope and the original purpose of collection.
(1) Whether or not it is related to the original purpose of collection: Judgment based on whether the original purpose of collection and the purpose of additional use and provision are related in terms of their nature or tendency;
(2) Whether or not the further use or provision of personal information is predictable considering the circumstances in which the personal information was collected or the processing practices: Judgment based on the relationship between the personal information controller and the data subject, the level of technology, and the rate of development, and general circumstances (practice) established over a substantial amount of time;
(3) Whether the interests of the data subject are unreasonably infringed: Judgment based on whether the interests of the data subject are substantially infringed in relation to the additional purpose of use and whether the infringement of the interests is unreasonable; and
(4) Whether measures necessary to secure safety, such as pseudonymization or encryption, have been taken: Judgment by considering whether safety measures are taken in consideration of the possibility of infringement.
7. User’s Rights and Methods for Exercising the Rights
(1) The user can exercise the right to read, correct, delete and suspend processing his or her personal information against the Company at any time.
(2) The exercise of the rights pursuant to Paragraph 1 can be made to the Company in writing, by phone, or by e-mail, and the Company will take action without delay.
(3) The exercise of rights pursuant to Paragraph 1 may be done through an agent such as a legal representative of the data subject or a person who has been delegated. In this case, a power of attorney must be submitted to the Company.
(4) In accordance with relevant laws such as Article 35(4), Article 36(1), and Article 37(2) of the Personal Information Protection Act, the exercise of the user's right to access, correct, delete, or suspend the processing of personal information may be restricted.
(5) Request for correction and deletion of personal information cannot be requested if the information is required to be collected according to other laws.
(6) The Company confirms whether the person who made the request, such as a request for reading, correction, or deletion, or request for suspension of processing, holds such right or is a legitimate agent.
8. Destruction Procedures and Methods for Personal Information
(1) The Company destroys the personal information without delay when the personal information becomes unnecessary, such as in the cases of the expiration of the personal information retention period, or achievement of the purpose of processing.
(2) If personal information needs to be preserved in accordance with the laws and regulations even when the personal information retention period agreed by the user has elapsed or the purpose of processing has been achieved, the personal information will be moved to a different place or stored in a separate database (DB).
(3) The destruction procedures and methods are as follows:
9. Technical and Administrative Measures to Ensure Safety of Personal Information
For users’ personal information, Company is taking the following technical/administrative measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged.
(1) Administrative measures: establishment and implementation of internal management plans for personal information, regular employee training, etc.
(2) Technical measures: password encryption, security program installation, etc.
10. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
The Company uses 'cookies' to store and frequently retrieve usage information to provide users with individually customized services. Cookies are a small amount of information sent to the user's PC browser by the server (HTTP), which are used to operate the website, etc., and are also stored in the user's hard disk in the computer.
(1) Purpose of using cookies: It is used for security management and improving services, developing new services, and providing customized services and advertisements by analyzing access frequency and visit time of users, identifying the patterns of service usage and tracking traces, secure access status, and the number of users.
(2) Installation, operation, and rejection of cookies: Users have the option with regard to the installation of cookies. Therefore, the users can accept all cookies via options in the mobile device, order to request for confirmation each time a cookie is saved, or refuse to save all cookies.
However, if you refuse to store cookies, it may be difficult to use some services of Company that require login.
11. International Transfer of Personal Information
The Company may store, process, and transmit personal information in the Republic of Korea or other locations outside the European Economic Area (“EEA”). Data may also be stored locally on the devices user uses to access the service. When the Company transfers personal information outside the EEA or the Republic of Korea, the Company will ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
(1) The Company will only transfer personal information to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
(2) Where the Company uses certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
12. Protection of personal information of children
Our service is not directed at children. The Company does not knowingly collect personal information of children under the age of 13 or an equivalent minimum age as prescribed in the laws of the relevant jurisdiction.
13. Personnel for Management of Personal Information
Addendum (November 23, 2021)