○ This policy is effective starting Jan. 1, 2008.
■ Collected personal data items The company collects the following personal data below for membership registration and customer feedback. ο Collected data: Name, date of birth, gender, ID, password, phone, address, mobile, and email ο Collection: Via website (i.e. membership registration, feedback submission)
■ Purpose of collection and usage of personal data The company uses the collected personal data for the following purposes. ο Fulfillment of contracts about service provision and charging content due to service provision ο Membership management/identification, personal identification, prevention of fraudulent members, and prevention of unauthorized usage ο Marketing and advertisement, sending information such as events used for advertisement
■ Retention and usage period of personal data Following the principle, customers' personal data is deleted immediately after the purpose of personal data collection and usage is achieved. Note, however, that the following data shall be retained for the specified period for the following reasons: Stored data: Name, date of birth, gender, ID, password, phone, address, mobile, and email Legal basis: Credit and Information Use and Protection Act Storage period: 1 year
If necessary due to relevant laws and regulations, the company keeps the user data for a certain time period upon laws and regulations Records about payment and supply of goods and etc: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.) Records about consumer complaints and conflicts: 3 years (Act on the Consumer Protection in Electronic Commerce, Etc.) Records about collecting and processing of credit information: 3 years (Credit Information Use and Protection Act)
■ Personal data destruction process and method Following the principle customers' personal data is deleted immediately after the purpose of personal data collection and usage is achieved. The process and method are as follows:
ο Destruction process After the purposes are achieved, your personal data provided for membership registration and etc. is moved to separate database (in case of actual paper information, it moves to separate cabinet). It is then destroyed after being saved for certain time period following the internal policies and other relevant laws (refer to retention and usage period). Your data transported to the separate database will not be used except when legally necessary
ο Destruction method - Personal data in electronic format is destroyed by using a technical method that makes the data unreadable.
■ Provision of personal data The company does not provide personal data for external usage. Cases below are the exceptions: -When users agree in advance - When we get a request from an investigative agency through certain procedure and method complying with the law
■ Consignment of personal data The company does not entrust your information to other companies unless you agree. If needed in the future, we will definitely notify you about the company and contents and get your prior consent
■ Rights of users and legal representatives, and how to exercise said rights Users and legal representatives can always view/modify their own or minor's (under 14), and it is also available to request termination of membership service. To view/modify user's or minor's (under 14) personal data, click on ‘Modify account.’ To cancel your membership, click on ‘Unsubscribe.’ Then you can go through the identity verification process, and will be able to view/modify/unsubscribe directly. Also, you can always contact the person in charge of personal information via letter, phone, or email, and we will take immeidate action. If you request modification of your personal information, we will not use or provide it until the modification is done. If we ever provide incorrect personal information to a third party, we will quickly provide the modification as well so that it can be corrected shortly. The company manages personal information that is unsubscribed or deleted following the ‘retention and usage period of personal information collected,’ and that information cannot be viewed or used for other purposes.
■ Matters about installation, operation, and rejection of automatic collection of personal data We do not operate any of automatic personal information collecting device which collects automatically created personal information while using internet service such as cookies.
Complaints regarding personal data You can always report any personal information protection related complaints while using the company’s service to the person in charge or the department in charge. The company will provide sincere and sufficient answers to your report.
If necessary to report or consult about other personal information infringement, please contact the following organizations below.
1. KISA Privacy Center (privacy.kisa.or.kr / +82-118) 2. OPA Privacy Center (eprivacy.or.kr / +82-2-580-0533; 0534) 3. SPO Cyber Crime Center (icic.sppo.go.kr / +82-2-340-3600) 4. NPA Cyber Terror Center (ctrc.go.kr / +82-2-392-0330)