- 1. How to consent to the collection/use of personal information
- 2. Items and Purpose of Collection/Use of Personal Information
- 3. Period of retention and use, and disposal of personal information
- 4. Installation, operation and rejection of automatic personal information collection devices
- 5. Customers’ rights regarding personal information and the exercise of such rights
- 6. Personal information manager and customer service department
- 7. Consent to the provision and sharing of personal information to third parties
- 8. Consent to the consignment of personal information processing
- 9. Withdrawal of consent to the collection, use or provision of personal information
- 10. Data collection of children under age 14
- 11. Technical and administrative protection of personal information
- 12. Duty of notification
1. How to Consent to Collection/Use of Personal Information
2. Items and Purpose of Collection/Use of Personal Information
The Company collects and uses the minimum personal information required for service delivery. It shall not be used for any purpose other than the one for which consent was provided, and if the purpose of use changes, the Company shall take necessary measures including obtaining consent from the information subject.
- (1) Collection method
- Information collection through the use of PC or mobile website services
- Collection of information generated via a log analysis program
- Collection of information via cookies
- (2) Items, purpose, and retention period of collected personal information
- a. Biz-Contact
|Purpose of collection and use||Use of Biz-Contact service, receipt and processing of inquiries, and notification of processing results|
|Collected items||Email address, mobile phone number, company name, country|
|Retention period||Up to 1 year from the date of receipt or up to 1 month from the time of processing completion|
- b. FACT SHEET
|Purpose of collection and use||Use of FACT SHEET service |
|Collected items||Username, email address, mobile phone number, affiliation, type of occupation|
|Retention period||Up to 1 year from the date of receipt or up to 1 month from the time of processing completion|
- (3) Information generated and collected during service use or processing
During service use or processing, the following information may be generated and collected to deliver personalized services.
- Frequency of use, service use duration and usage record
- Access log and access IP information, cookie, usage record, session information, terminal information and MAC address
3. Period of Retention and Use, and Disposal of Personal Information
- (1) Period of use and retention
The Company shall retain and use personal information only during the period (usage period) to which the customer has provided consent for the purpose of service delivery and inquiry processing.
- (2) Period of storage and retention of personal information
In the case that the Company needs to preserve personal information with the consent of the information subject or in accordance with the provisions of other relevant laws, the Company shall store such personal information for a certain period as stipulated in the relevant laws.
- Visitor log records/Location tracing data capable of confirming the location of information and telecommunication equipment: three (3) months (Protection of Communications Secret Act), and for such other preservation periods pursuant to Article 15-2 of the Act thereof and Article 41 of the Corresponding Enforcement Decree for each Communication Confirmation Data
- Other storage and preservation period: In cases where consent has been obtained separately from the information subject
- (3) Procedure and method of personal information disposal
- a. Disposal procedurebr />
The information provided by the customer for service delivery is transferred to a separate database after the given purpose is achieved, stored for a certain period according to the reason for retention in accordance with internal policies and other relevant laws, and then disposed in the manner specified in subparagraph “c. Disposal Method” below. Personal information transferred to a separate database will not be used for any other purpose, unless it is retained for legal reason.
- b. Disposal subject
Information for which the retention period and the preservation period have expired in accordance with relevant laws and regulations.
- c. Disposal method
- Personal information on handwritten or printed media: Shredding or incineration
- Personal information stored in an electronic file format such as a database: Deleted irreversibly using a technical method.
4. Installation, Operation, and Rejection of Automatic Personal Information Collection Device.
During the usage of the Company’s service or inquiry processing, etc., cookies, service use records, and user device information may be automatically generated and collected.
A “cookie” refers to data that a website sends to the user’s web browser (Internet Explorer, Chrome, Firefox, etc.). The Company accesses the cookies saved on customers’ PCs from their visits to the website, analyzes the information stored on the cookies, such as browsing history, information of services used, time and frequency of service use, and other information generated or provided (entered) by customers during their use of the website and utilizes the results to provide better services, deter fraudulent use, and identify user errors.
Customers have the right to allow all cookies, request notifications whenever cookies are stored, or to block all cookies by selecting the relevant option through the “Internet Options” tab on the tool bar at the top of the web browser. However, blocking cookies may cause inconvenience in terms of service use.
5. Customer’s Rights regarding Personal Information and the Exercise of Such Rights
A customer can visit the Company’s website and submit a request for correction, deletion, or access regarding his/her personal information that is stored by the Company at any time.
- (1) A customer may request access and verification via the website and the Company’s customer service center.
- (2) When a customer requests access and verification of his/her personal information, the customer must provide his/her identity based on the identification (or copy thereof) such as a resident registration card, a passport, or a driving license (new version) for the Company to verify the identity.
- (3) When a customer wishes to designate an agent to access and gain a verification of his/her personal information, the customer must provide proof for the power of attorney, the certificate of registered seal in the customer’s name, and proof of identity for the agent, for the Company to verify the identity of the agent as necessary.
- (4) If a customer requests the correction of his/her personal information, the Company must neither use the relevant personal information nor provide it to third parties before the update is completed. If incorrect information has already been provided to third parties, the Company shall immediately notify the relevant third parties with the corrected information to ensure that the necessary correction is made.
- (5) However, the Company can exceptionally restrict access and correction of personal information in cases as follows:
- a. If it is likely to cause substantial damage of the life, body, property or rights and interests of the principal or third parties.
- b. If it is likely to cause substantial interference to the operation of the service provider.
- c. If it violates laws or regulations.
6. Personal Information Manager and Customer Service Department
The Company has designated a personal information manager and a department responsible for personal information protection as follows and also operates a consultation channel for personal information protection to ensure clear communication with customers.
|CJ ENM ENTERTAINMENT Division, IT Service Planning Team||Byung-ah Park||1670-1525|
To report or seek consultation on the breach of privacy, please contact the personal information manager by phone or email, or contact the following institutions:
|Name of institutions||URL||Contact information|
|KISA Personal Information Infringement Report Center||http://privacy.kisa.or.kr||118 without an area code|
|Supreme Prosecutor’s Office of the Republic of Korea Forensic Science Investigation Department Cybercrime Investigation Division||http://www.spo.go.kr||1301 without an area code|
|National Police Agency of the Republic of Korea||http://cyberbureau.police.go.kr||182 without an area code|
|Personal Data Dispute Mediation Committee||http://kopico.go.kr||1833-6972 without an area code|
7. Consent to Provision and Sharing of Personal Information to Third Parties
8. Consent to the Consignment of Personal Information Processing
The Company externally entrusts personal information processing to operate and maintain its service, and to manage and provide convenience for customers. The Company manages the consignee by contractually obligating its compliance with the relevant laws and guidelines, information protection and confidentiality, and obligation to return/destroy personal information immediately after the expiration of the entrustment period, etc.
|Consignee||Purpose of consignment|
|CJ OliveNetworks Co., Ltd||Establishment, operation, management, and maintenance of the Company’s website.|
9. Withdrawal of Consent to the Collection, Use or Provision of Personal Information
- (1) Customers may request to access, correct or delete personal information at any time. To access, correct, or delete personal information, contact the personal information manager or customer service in writing, e-mail, or phone, and appropriate actions shall be taken without delay following the identity verification process.
However, requests for personal information access may be restricted or refused in the following cases:
- If there are special regulations under the law or when access is prohibited or restricted by law.
- If there is a risk of harming another person’s life or body, or unjustly infringing another person’s property and other interests.
- If it is likely to cause substantial interference to the operation of the service provider.
- (2) Customers may request the withdrawal of consent to the collection and usage of personal information, and request the deletion, or suspension of processing regarding such data. Contact the personal information manager, and appropriate actions shall be taken without delay following the identity verification process.
10. Data Collection of Children Under Age 14
- (1) In principle, the Company does not collect personal information of children under the age of 14 (hereinafter referred to as “Children”). However, in cases of unavoidable collection of such information for service delivery, the Company shall seek consent from the legal representative of the Children concerned.
- (2) In order to obtain the consent of the legal representative (parent), the Company collects minimum personal information such as the name and contact information of the legal representative (parent) from Children. The legal representative (parent) can access, correct, and delete Children’s personal information. Call the personal information manager or contact customer service to request access, correction or deletion regarding Children’s personal information, and then necessary actions shall be taken.
11. Technical and Administrative Protection of Personal Information
The Company has implemented the following technical and administrative measures to ensure security by preventing the loss, theft, leakage, tampering or damage of personal information.
- (1) Technical protection measures
a. Personal information is protected by a password, and critical data is protected with additional security functions such as encryption of files and transmitted data or using a file locking function.
b. The Company aims to prevent damage caused by computer viruses through the use of antivirus software. The Company deters privacy infringement by regularly updating the antivirus software and ensuring the immediate installation of updates in line with the identification of new computer viruses.
c. The Company adopts a security system for the secure transmission of personal information over its networks.
d. In order to prevent the leakage of customers’ personal information by various intrusion methods (e.g., hacking), the Company installs its systems in a controlled area with restricted external access and use of intrusion-blocking devices.
(2) Administrative protection measures
a. The Company has implemented a procedure for managing and accessing customers’ personal information, ensuring understanding and compliance among employees, and carrying out regular inspections on the compliance status.
b. The Company minimizes the number of employees who handle personal information and manages access authority, while providing training on compliance with laws and regulations. The employees who handle customers’ personal information are as follows:
Those in direct or indirect customer-facing roles
Those in charge of the management and protection of personal information including personal information manager or personal information officer
Other employees who unavoidably access personal information when carrying out work-related tasks
c. When hiring new employees, the Company prevents the leakage of information (including personal information) by employees by requiring them to sign a pledge of information security, while providing frequent reminders of obligations for personal information protection and implementing an internal procedure to audit their compliance.
d. The handover of responsibilities by a personal information handler is conducted while ensuring strict security and clearly-defined liability against cases of personal information infringement when joining or leaving the Company.
12. Duty of Notification
- Notification date: September 27, 2021 / Effective date: October 4, 2021