- 1. Procedure on providing consent for the collection and use of personal information
- 2. Personal information items to be collected and the purpose of collecting and using personal information
- 3. Retention, period of use, and destruction of personal information
- 4. Installation, operation, and rejection of automatic personal information collection device
- 5. Users' rights to personal information and method of exercise
- 6. Chief Privacy Officer and customer center
- 7. Consent for providing and sharing personal information to a third party
- 8. Consent to the consignment of personal information processing
- 9. Withdrawal of consent for collecting and providing personal information
- 10. Information on the collection of personal information of children under the age of 14
- 11. Technical and administrative protection of personal information
- 12. Duty to notify
1. Procedure on providing consent for the collection and use of personal information
2. Personal information items to be collected and the purpose of collecting and using personal information
The Company collects and uses minimum personal information that is necessary to provide its service. The collected personal information is not used for any purpose other than for which consent was obtained. In the event the purpose of using personal information is changed, necessary measures, such as obtaining consent from the owner of personal information, will be taken.
- (1) Method of collection
- Collection of information by using the Company’s website services via PC and/or mobile
- Collection of information generated by using a log analysis program
- Collection of information by using internet cookies
- (2) Collected items, purpose, and retention period
- A. Contact Us
|Purpose of collection and use||To use Contact Us service, receive and handle inquiries, notify processing results and respond to the inquiries, and improve website quality through data analysis|
|Collected items||Name, email address, mobile phone number, department, occupation, country name|
|Retention period||Within one (1) year from the date of completion of inquiry processing, or within five (5) days from the date of request for withdrawal by the owner of personal information|
- B. Fact Sheet
|Purpose of collection and use||To download the Fact Sheet service|
|Collected items||email address, occupation, company, country|
|Retention period||Within one (1) month from the collection date or within five (5) days from the date of request for withdrawal by the owner of personal information|
- C. To provide customized information and utilize website improvement
|Purpose of collection and use||To provide data related to the fact sheet and customized information, analyze website statistics, and use for service improvement|
|Collected items||Name, email address, mobile phone number, department, occupation, country name|
|Retention period||Within one (1) year from the collection date or within five (5) days from the date of request for withdrawal by the owner of personal information|
- (3) Information generated and collected during the use or process of service
The following information may be generated and collected to provide personalized services during the use or process of service.
- Frequency of use, service usage time, and usage records
- Access log and access IP information, cookies, usage records, session information, terminal information, and MAC address
3. Retention, period of use, and destruction of personal information
- (1)) Period of use and retention period
The Company retains and uses personal information only for the period agreed upon by the user (period of use) to provide services and handle inquiries.
- (2) Storage and preservation period of personal information
If it is necessary for the Company to preserve personal information based on the personal information owner’s consent or pursuant to laws or other related laws and regulations, the Company shall keep and preserve the personal information for a certain period as required.
- Records related to visitor access (logs) and tracking data that can confirm the location of information and communication devices: Three (3) months (Protection of Communications Secrets Act); respective period for each type of communication confirmation data pursuant to Article 15-2 of the Communications Secret Protection Act and Article 41 of the Enforcement Decree of the same Act
- Other storage and preservation periods: Applicable when consent from the owner of the personal information was separately obtained
- (3) Procedure and method of destroying personal information
- A. Destruction procedure
The information provided by a user for the use of service is transferred to a separate DB after its purpose is achieved, stored for a certain period in accordance with the Company’s internal policy and other related laws and regulations, and then destroyed by the method specified in Item C below. Personal information transferred to a separate DB will not be used for any other purpose unless it is preserved pursuant to related laws and regulations.
- B. Information subject to destruction
Information for which the retention period and the preservation period have expired in accordance with related laws and regulations
- C. Destruction method
- Personal information in written and/or printed form: To be shredded or incinerated
- Personal information stored in the form of electronic files such as DB: To be deleted using technology that does not allow restoration or recovery of records
4. Installation, operation, and rejection of automatic personal information collection device
Cookies, records of service usage, and information accessed from the connected device may be generated automatically and collected in the process of using Company services and handling user inquiries.
Cookies are data that websites send to the users’ web browsers (Internet Explorer, Chrome, Firefox, etc.). When a user visits the Company's website and uses its service through a cookie, the Company reads the details of the cookies stored in the user’s PC and analyzes information such as visit records and services used, service connection time and frequency, and information generated or provided (entered) in the process of using the service to improve services, prevent illegal use, and check user errors
- Strictly necessary cookies
|CookieConsent||Stores the user's cookie consent status||HTTPcookies||1 day||cjenm.com|
|_ga||Registers a unique ID that is used to generate statistical data about how visitors use the website||HTTPcookies||2 years||google|
|_gat||Used by Google Analytics to control the request speed||HTTPcookies||1 day||google|
|_gid||Registers a unique ID that is used to generate statistical data about how visitors use the website||HTTPcookies||1 day||google|
|_lang||Remembers the website language version the user has selected||HTTPcookies||Immediately after closing the browser||cjenm.com|
- - Notice of Cookies ,Effective Scope, Third-Party Cookies
Notice of cookies is only valid in http://cjenm.com. The user may also receive third-party cookies from the Company’s service providers when using the website. However, the cookies collected by the Company are not provided to third parties. The Company will notify the user when it collects cookies and provide an option to decline cookies. However, if the user declines cookies, there may be limitations in using some services.
- - Right to decline cookies
- 1) For Chrome: Settings > Security and Privacy> Cookies and other site data
- 2) For Internet Explorer: Tools > Internet Options > Privacy > Advanced
5. Users' rights to personal information and how to exercise them
Users can always visit the Company website and request to view, correct, or delete their stored personal information.
- (1) Users may request to view or verify personal information through the Company website or customer center.
- (2) When a user requests to view or verify his or her own personal information, the user must present his or her ID (copy) such as a resident registration card, passport, driver’s license, or other forms of IDs for proof of identification.
- (3) When a user’s delegate requests to view or verify the user’s personal information, the delegate must present proof of identification, a POA (power of attorney) indicating the relationship between the user and the delegate, a seal certificate of the user, and the ID of the delegate.
- (4) When a request is made by a user to correct any errors in personal information, the subject personal information will not be used or provided until the correction is completed. If any incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the third party may also make corrections accordingly.
- (5) However, the viewing and correction of personal information may be restricted in the following cases:
- A. Existence of a risk of significantly harming the life, body, property, or rights and interests of the user or a third party
- B. Existence of a risk of significantly impairing the service provider’s work
- C. Violation of any laws and/or regulations
6. Chief Privacy Officer and Customer Center
The Company has designated a Chief Privacy Officer and a department in charge as provided below and operates a consultation counter for smooth communication with users in relation to personal information inquiries and requests.
- - Chief Privacy Officer
- Department/Name: Kang Bong-kwan, Information Security Team, CJ ENM Entertainment Div.
- Phone number: 02-371-5501
- - Customer Center
- Phone number: 02-371-5501
Please contact the Chief Privacy Officer by phone or contact any of the institutions below for any advice on, or to report any instance of, infringement of personal information.
7. Consent for providing and sharing personal information to a third party
8. Consent to the consignment of personal information processing
The Company consigns personal information processing work to the consignment companies listed below for purposes including the operation and maintenance of services and provision and management of user convenience . The Company manages the consignment companies by entering into service agreements which require the consignment companies to be and remain in compliance with related laws, regulations, and guidelines, protect personal information and comply with confidentiality provisions, and return and destroy personal information immediately upon the expiration or termination of the service agreement.
|Consignment company||Purpose of consignment work|
|MEDIA4THONE Inc.||Website construction/operation and management, maintenance|
|CJ OliveNetworks Co., Ltd.||Website maintenance|
9. Withdrawal of consent for collecting and providing personal information
Users may always visit the Company’s website and request to view, correct, or delete their stored personal information.
- · Users may always request to view, correct, or delete their personal information at any time. To view, correct, or delete personal information, please contact the Chief Privacy Officer or the customer center by phone, and the Company will take action without delay after completing the identification verification process.
However, viewing may be restricted or rejected in the following cases:
- · Existence of special provisions in any laws and/or regulations that restrict or prohibit access to the personal information
- · Existence of risks of significantly harming the life or body of another person or unfairly infringing on the property and other interests of another person
- · Existence of a risk of significantly impairing the service provider’s work
- · Users may request to withdraw their consent for the collection and use of personal information and to delete or stop the processing of the personal information.
To submit such request, please contact the Chief Privacy Officer, and the Company will process it immediately after completing the identity verification process
10. Information on the collection of personal information of children under the age of 14
- (1) In principle, the Company does not collect personal information of children under the age of 14. However, in the inevitable case of collecting personal information for the purpose of providing services, the Company requests the consent of the LAR (legally authorized representative) of the child as a mandatory procedure.
- (2) In order to obtain the consent of the LAR (e.g. parent), the Company collects from the child a minimum amount of personal information such as the name and phone number of the LAR. The LAR may view, correct, and delete the child’s personal information, and if they wish to do any of the foregoing, the LAR can make a request to the Chief Privacy Officer by phone or email and the Company will take necessary measures.
11. Technical and administrative protection of personal information
The Company is preparing the following technical and administrative safety measures to ensure that users’ personal information is not lost, stolen, leaked, altered, or damaged.
- (1) Technical protection measures
A. Personal information is protected by a password, and important data is protected by using separate security features such as encrypting files and transmitted data or setting a lock on the file.
B. The Company is taking measures to prevent damage caused by computer viruses by using an antivirus program. Antivirus programs are updated regularly, and in the event a virus unexpectedly appears, the Company applies the antivirus program immediately to prevent infringement of personal information.
C. The Company uses a Secure Sockets Layer (SSL) device to safely transmit personal information in the network.
D. The Company has installed the antivirus program in an area where access is restricted from outside users and is using a device that blocks attacks and unauthorized access to prevent leakage of users’ personal information from events such as hacking.
(2) Administrative protection measures
A. The Company has prepared the necessary procedures for managing and accessing users’ personal information so that officers and employees become familiar and comply with such procedures. The Company periodically conducts compliance checks to ensure compliance of such procedures.
B. The Company limits the number of people who can process users’ personal information to a minimum and manages access rights, and ensures compliance with laws and policies through internal trainings. The people who process users’ personal information is as follows.
Person whose work involves direct or indirect communication with users
Person whose work involves the management and protection of personal information, such as the Chief Privacy Officer
Person whose work involves inevitable access to personal information
C. The Company prevents any leakage of information (including personal information) by requiring new hires and employees to sign the information protection pledge, reminding them of their obligations to protect personal information as often as necessary, and preparing internal procedures for compliance auditing.
D. The handover of work by the personal information manager is carried out securely, and the responsibility of each onboarding and offboarding employee for any case of personal information infringement is clearly provided in the Company’s internal policy.
12. Duty to notify
- Notification date: March 7, 2022 / Implementation date: March 14, 2022