1. Purpose of Personal Information Collection and Use
The company utilizes collected personal information for the following purposes:
a. Contract Fulfillment for Service Provision and Fee Settlement
Providing services and content, invoice delivery, identity verification, purchase and fee payment, and debt collection.
b. Membership Management
Membership service utilization and identity verification according to the limited self-identification system, personal identification, prevention of fraudulent use by delinquent members and unauthorized use, confirmation of membership intention, restriction of sign-up and number of sign-ups, verification of parental consent when collecting personal information of children under 14 years of age, subsequent parental identity verification, record keeping for dispute resolution, handling complaints and civil affairs, and delivering notices. Providing content, invoice delivery, identity verification, purchase and fee payment, and debt collection.
c. New Service Development and Marketing
Developing new services and providing customized services, providing services and advertising based on statistical characteristics, verifying service validity, providing event and advertising information, identifying access frequency, and statistics on member service usage. (Your personal information is not provided to individuals or organizations requesting advertisements.)
2. Items of Personal Information Collected and Collection Methods
‘Personal information’ refers to information about a living individual that can identify the individual by name, resident registration number, etc. (including information that can be easily combined with other information to identify a specific individual even if the information alone cannot identify a specific individual).
a. Items of Personal Information Collected
-
The company collects the following personal information for membership registration, service viewing, customer consultation, and provision of various services:
- Upon Membership Registration: Name, date of birth, ID, password, email address, phone number (mobile phone number or landline number), legal guardian information (in the case of children under 14 years of age): Name, date of birth, gender, i-PIN number, ID, duplicate sign-up verification information (D.I value), password, email address, phone number (mobile phone number or landline number), legal guardian information (in the case of children under 14 years of age).
- Upon Application for Some Services: Address, business-related information (company name, business registration number (unique number), representative name, business address/phone number/fax number/email address, website address).
- Upon Refund: Account information (bank name, account number, account holder name).
-
The following information may be generated and collected during service use or business processing: User’s browser type and OS, service usage records, access logs, IP address, visit date and time, records of poor usage, payment records, cookies.
b. Personal Information Collection Methods
The company collects personal information through the following methods: Website, fax, phone, consultation bulletin board, email, event application, and collection through generation information collection tools.
3. Sharing and Provision of Personal Information
The company uses users’ personal information within the scope notified in ‘2. Purpose of Collection and Use of Personal Information’ and, in principle, does not use it beyond this scope or disclose users’ personal information to the outside without prior consent. However, exceptions are made in the following cases:
- When users have consented to disclosure in advance.
- When required by laws and regulations or when there is a request from government/investigative agencies according to legal procedures.
- Use and provision of personal information that is consistent with the purpose of use.
- When using member information (name, address, phone number) for business communication purposes.
- When necessary for statistical compilation, promotional materials, academic research, or market research, and provided in a form that does not identify a specific customer.
4. Consignment of Personal Information Handling
The company may entrust the handling of users’ personal information to external specialized companies for service improvement. In the event of entrusting personal information processing, users will be notified of this fact in advance. In addition, through consignment contracts, etc., clear provisions are made regarding service providers’ strict compliance with personal information protection-related instructions, confidentiality regarding personal information, prohibition of provision to third parties, and liability for accidents, and the contents of the contract are stored in writing or electronically to protect users’ rights and interests.
| Consignee | Entrusted Task |
|---|---|
| NICE Credit Rating Information Co., Ltd. | Real name verification |
| (주) AllTheGate | Payment |
| Siren24 | Identity verification |
| CertKorea | Security server |
| Whois | Domain |
| Cafe24 | Partial hosting |
| PayPal | Foreign currency payment |
5. Personal Information Retention and Usage Period
In principle, after the purpose of personal information collection and use is achieved, the company destroys the information without delay. However, for the following information, it is retained for the period specified for the reasons below.
1. Information Retention Reasons According to Company Internal Policy
Even if a member withdraws from membership, the company retains member information as follows to ensure smooth service provision and prevent fraudulent service use.
Name, Date of Birth, Email Address, Phone Number
- Retention Reason: Prevention of confusion in service use, dispute resolution, and cooperation in response to requests from investigative agencies.
- Retention Period: 1 year
Records of Negative/Defective Use (including personal information of negative/defective users)
- Retention Reason: Prevention of negative and defective use of services and prevention of re-registration of negative/defective users.
- Retention Period: 1 year
2. Information Retention Reasons According to Related Laws and Regulations
If it is necessary to preserve information in accordance with the provisions of related laws and regulations such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, etc., the company retains member information for a certain period stipulated by related laws and regulations. In this case, the company uses the stored information only for the purpose of storage, and the retention period is as follows:
Records on Contracts or Withdrawal of Subscription
- Retention Reason: Act on Consumer Protection in Electronic Commerce, etc.
- Retention Period: 5 years
Records on Payment of Fees and Supply of Goods, etc.
- Retention Reason: Act on Consumer Protection in Electronic Commerce, etc.
- Retention Period: 5 years
Records on Consumer Complaints and Dispute Resolution
- Retention Reason: Act on Consumer Protection in Electronic Commerce, etc.
- Retention Period: 3 years
Log Records
- Retention Reason: Protection of Communications Secrets Act
- Retention Period: 3 months
6. Personal Information Destruction Procedures and Methods
In principle, the company destroys personal information without delay after the purpose of collection and use of personal information is achieved. The destruction procedures and methods are as follows:
1. Destruction Procedures
Information entered by members for membership registration, etc., is moved to a separate DB (or separate document box in the case of paper) after the purpose is achieved and is stored for a certain period according to information protection reasons under internal policies and other related laws and regulations (refer to retention and usage period) and then destroyed. This personal information is not used for any purpose other than retention unless required by law.
2. Destruction Methods
① Personal information printed on paper is destroyed by shredding or incineration using a shredder.
② Personal information stored in electronic file format is deleted using technical methods that make it impossible to reproduce records.
7. Rights of Members and Legal Representatives and How to Exercise Them
-
Members and legal representatives may at any time inquire or modify their registered personal information or personal information of children under 14 years of age or request cancellation of membership (withdrawal of consent).
-
To inquire or modify personal information of members or children under 14 years of age, click “Modify Member Information,” and to cancel membership (withdraw consent), click “Membership Withdrawal” to go through the identity verification process and directly view, correct, or withdraw. Alternatively, you may contact the personal information manager in writing, by phone, email, or consultation bulletin board, and we will take action without delay.
-
If a member or legal representative requests correction of errors in personal information, the personal information will not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, we will notify the third party of the correction processing result without delay and ensure that correction is made.
-
Personal information that is terminated or deleted at the request of a member or legal representative is processed in accordance with “Retention and Usage Period of Personal Information Collected by (주) Web Community” and is processed so that it cannot be viewed or used for other purposes.
8. Matters Concerning Installation/Operation and Rejection of Personal Information Automatic Collection Devices
The company uses ‘cookies’ that frequently store and retrieve member information to provide individually tailored customized services to members. Cookies are small text files sent by the server used to operate our website to the user’s browser, stored on the user’s computer hard disk, and identify the user’s computer but do not personally identify the user.
1. Purpose of Using Cookies, etc.
The company uses cookies for the following purposes: Analyzing access frequency or visit times of members and non-members, understanding users’ tastes and areas of interest and tracking traces, understanding participation in various events and number of visits, etc., and providing targeted marketing and personalized services.
2. How to Refuse Cookie Settings
Members have the right to choose cookie installation. Therefore, members may allow all cookies, go through confirmation each time a cookie is saved, or refuse to save all cookies by setting options in the web browser. Example of setting method: (in the case of Internet Explorer) Tools > Internet Options > Privacy at the top of the web browser. However, to access the company’s website and use services, cookies must be allowed, and if refused, it may be difficult to use company services that require login.
9. Technical/Administrative Protection Measures for Personal Information
Members’ personal information is fundamentally protected by members’ IDs and passwords, and the company has prepared the following technical/administrative measures to ensure safety so that personal information is not leaked, altered, or damaged in handling members’ personal information.
1. Technical Measures
① Passwords for member accounts are encrypted and stored, so only the individual knows them. Therefore, personal information verification and modification that requires account login is possible only for the individual who knows the corresponding ID and password.
② The company backs up data frequently in preparation for personal information damage and prevents damage caused by computer viruses by using vaccine programs and malicious code defense software, and the software is updated periodically every day.
③ The company adopts security devices so that personal information can be safely transmitted over the network in cases such as payment.
④ The company is using an intrusion prevention system (firewall) to control unauthorized access from the outside to prevent information leakage due to hacking, etc., and is striving to have all possible technical devices to ensure other systemic security.
2. Administrative Measures
① When handling personal information due to a member’s password request, etc., the company does its best to verify the identity of the individual in the best possible way and ensure that information is processed safely.
② The company limits access to personal information to personal information managers, those who perform personal information management tasks, and others who inevitably handle personal information for business purposes, and always emphasizes compliance with the personal information handling policy through frequent training for employees handling personal information.
In addition to the company’s efforts as described above, members should be careful not to expose their IDs and passwords on the Internet or leak them to others. The company is not responsible for leakage of personal information such as IDs and passwords due to the member’s own carelessness or mismanagement. Therefore, members’ IDs and passwords must be used only by the individual, and it is recommended to change passwords frequently, and it is recommended to use numbers that are difficult for others to guess by mixing letters and numbers. Also, after finishing using the service, it is always recommended to log out and close the web browser. In particular, when sharing a computer with others or using it in a public place, these procedures are more necessary for the security of personal information.
10. Contact Information of Personal Information Manager and Person in Charge
The company designates related departments and personal information managers as follows to protect customer personal information and handle complaints related to personal information.
- Personal Information Manager: Kim Hyung-il / CEO / [email protected]
- Personal Information Manager: Kim Sook-hee / Operations Team Leader / [email protected], [email protected]
Please contact the personal information manager or person in charge for all personal information protection-related complaints arising from using the company’s services. The company will promptly provide sufficient answers to members’ inquiries.
For reporting or consultation on other personal information infringements, please contact the following institutions: Personal Information Infringement Report Center (http://www.cyberprivacy.or.kr, phone 1336) Personal Information Dispute Mediation Committee (http://www.kopico.or.kr, phone 1336) Information Protection Mark Certification Committee (http://www.privacymark.or.kr, phone 02-580-0533) Supreme Prosecutors’ Office Internet Crime Investigation Center (http://www.spo.go.kr, phone 02-3480-3600) National Police Agency Cyber Terror Response Center (http://www.ctrc.go.kr, phone 02-392-0330) National Police Agency (http://www.police.go.kr)
11. Meaning of Notice
In case of addition, deletion, or modification of the contents of the current personal information handling policy, the revised personal information handling policy will be notified through the ‘Notice’ of the website at least 7 days prior.
[Appendix]
- Announcement Date: May 1, 2021
- Enforcement Date: May 1, 2021
