the Company to process the personal information, and shall protect the personal information, rights and interests of
the Users in accordance with Article 30 of the Personal Information Protection Act.
Article 1. Purpose of Processing the Personal Information
① The Company collects and manages the personal information for the following purposes. The processed personal
information shall not be used for purposes other than the following and, in the case of change in such purposes, the
Company shall take necessary actions, such as obtaining a separate consent in accordance with Article 18 of the
Personal Information Protection Act.
- Membership: Confirmation of intention to sign up as a member, verification of qualification for granting
access to membership services, retention and maintenance of membership qualification, compliance with the
enforced limited identification, prevention of unauthorized use of services, verification of legal
representative for processing of personal information of children under the age of 14, notification of
important matters regarding services and management of claims.
- Services: Providing services, delivering agreement and invoices, verifying identity, settling payments.
- Supports: Verification of claimant’s identity, confirmation of the claims, communication and notification of
verification purposes, and notification of processing status.
Article 2. Processing and Retention Period of the Personal Information
① When collecting the personal information from the Users or during the retention period of the personal
information in accordance with the Personal Information Protection Act, the Company shall process and retain the
personal information within the processing and retention period consented by the Users.
② The processing and retention period of the personal information shall be as follows:
- Personal information regarding registration and management of the membership: Until the termination of the
membership. However, the personal information shall be retained until the circumstances are resolved for the
A. Investigation in association with violation of laws: Until the investigation is completed
B. Accounts payable outstanding from use of the services: Until the outstanding amounts are paid in entirety
- Personal information regarding use of the services: Until the payment for the
services are settled and the services are provided. However, the personal information shall be retained until
the circumstances are resolved for the following cases:
A. Records related to transactions at the homepage including representations, advertisements, terms and
conditions of the transactions, and performance of such terms and conditions in accordance with the Consumer
Protection Act in Electronic Commerce.
• Records on representations and advertisements: Six(6) months
• Record on agreements, withdrawal, payment, relevant services associated with the transactions: Five(5)
• Records on user complaints or dispute settlements: Three(3) years
B. Records related to verification of communications in accordance with Article 41 of the Communication Secret
• Records on date and time of telecommunication of the members, counterparty’s registration number, frequency
of use, location tracking data of distribution station: One(1) year
• Records on communications by computers, internet log data, access point tracking data: Three(3) months
Article 3. Providing the Personal Information to the Third Party
① The Company processes the personal information of the User in accordance with Article 1 hereof, and provides the
personal information of the User to the third party only in accordance with Article 17 of the Personal Information
Article 4. Entrustment of the Personal Information Processing
① The Company entrusts processing of the personal information to third parties for enhanced usability as follows:
② The Company specifies certain conditions in the entrustment agreements including prohibition of processing the
personal information for the purposed other than entrustment, technical and administrative protection measures,
restriction on re-entrustment, management protocol of the trustee and responsibility of indemnification, and
supervises the trustee accordingly.
Article 5. Rights and Duties of the Users Providing the Personal Information
① The User providing the personal information can exercise the following rights in association with the protection
of the personal information at any time:
- Inspection of the personal information provided
- Correction, modification or deletion of the personal information provided
- Deletion of the personal information provided
- Suspension of processing the personal information provided
② The User providing the personal information can exercise its rights in accordance with Section 1 above by way of
submitting the requesting document via mail, email or fax, and the Company shall take necessary actions without
③ If the User providing the personal information requests correction, modification or deletion of the personal
information provided, the Company shall not use or provide the personal information to third parties until such
correction, modification or deletion is completed.
④ The User providing the personal information may delegate the exercise of its rights provided in Section 1 above to
a legal representative or an agent by submitting the power of attorney in accordance with Annex 11 of the
Enforcement Ordinance of the Personal Information Protection Act.
Article 6. Items for Processing the Personal Information
① The Company processes the following items of the personal information:
- Registration and management of the membership
A. Required items: name, date of birth, ID, password, address, phone number, gender, email address
B. Optional items: marital status, area of interest
- Delivery of the services
A. Required items: name, date of birth, ID, password, address, phone number, gender, email address, payment
information such as credit card number or bank account information
B. Optional items: area of interest, previous purchase history
② The following personal information may be automatically produced and collected during the use of internet
- IP address, cookies, MAC address, record of services used, visit log and defective usage record
Article 7. Procedures and Methods of Destroying the Personal Information
① The Company, in principle, shall delete the personal information without delay, if the purpose of processing the
personal information is achieved.
② Nevertheless, if the personal information needs to be preserved pursuant to relevant laws and regulations, the
Company shall transfer such information to a separate storage space for preservation.
③ The procedures and methods of destroying the personal information are as follows:
- Procedures: The Company shall destroy any unnecessary personal information under the responsibility of the
person in charge of the personal information.
- Methods: Electronic data shall be destroyed through technical methods making it impossible to be restored.
Paper documents containing the personal information shall be shredded or incinerated.
Article 8. Measures to Secure Safety of the Personal Information
- Administrative measures: Establishment of an administrative manual and education of the staff with the
- Technical measures: Restriction of access to the personal information, encryption of the personal
information, and installation and maintenance of computer security software
- Physical measures: Control of physical access to the storage facility
Article 9. Installation, Operating or Rejection of Automatic Data Collecting System
customized for each User.
② A cookie is a fragmented piece of data sent from an organization’s web server to the User’s web browser, and can
be stored in the User’s computer hard drive.
any additional data input by the User.
menus in sequence at the top of the internet browser and changing options selected.
③ The User may not be able to customize user experiences in using the services provided by the Company, if choosing
Article 10. Personnel Responsible for Protecting the Personal Information
① The Company designated the following person as the information security officer taking charge of protecting the
personal information and communicating with the Users regarding relevant matters:
Name: Sang-Hoon Jin
Title: CTO, Information Security Officer
Email: email@example.com (directed to the Department of Information
② The Users providing the personal information may contact the Information Security Officer or Department of
Information Security for any question, claim and/or indemnification in association with matters related to the
personal information in using the services provided by the Company.
Article 11. Request for Inspection of the Personal Information
① Pursuant to Article 35 of the Personal Information Protection Act, the User providing the personal information
may request inspection of the personal information provided directly to the following contact of the Company. The
Company shall handle the request without delay.
Article 12. Remedies for Infringed Rights or Interests
① The User providing the personal information may consult with the following organizations for remedies regarding
the infringement of the personal information.
- Personal Information Infringement Report Center
A. Scope: Report infringement on the personal information and request for consultation to resolve
B. Website: privacy.kisa.or.kr
C. Phone: +82-118 (without area code)
D. Address: 3F Personal Information Infringement Notification Center, 9 Jinheung-gil, Naju, Jeollanan-do,
Republic of Korea 58324
- Personal Information Dispute Mediation Committee
A. Scope: Mediate the personal information dispute or collective disputes
B. Website: www.kopico.go.kr
C. Phone: +82-1833-6972
D. Address: 3F, Government Complex in Seoul, 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea 03171
- Supreme Prosecutors’ Office, Cybercrime Investigation
A. Phone: +82-2-3480-3573
B. Website: www.spo.go.kr
C. Email: firstname.lastname@example.org
- Korean National Police Agency, Cyber Security Bureau
A. Phone: +82-182 (without area code)
B. Website: cyberbureau.police.go.kr
Article 13. Effective Date