Privacy Policy
| 공고일자 | |
|---|---|
| 시행일자 | |
| 버전 | 2 |
Zourney (hereinafter referred to as the "Company") complies with the relevant legal regulations regarding personal information protection that information and communication service providers must comply with, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the "Information and Communications Network Act"), the Personal Information Protection Act, the Communication Secrets Protection Act, and the Electric Communications Business Act. The Company has established a privacy policy in accordance with the relevant laws and regulations on personal information processing to protect the rights and interests of users.
The Company formulates and enforces a privacy policy to protect the personal information of users and to smoothly handle user complaints related to personal information. In the event of a revision to the privacy policy, the Company will announce it through the notice section (or individual notice) of the website and mobile application (hereinafter referred to as the "Platform") operated by the Company.
Article 1 Purpose of Collecting and Using Personal Information
Unless there is consent from the user or it is required by law, the company will not use the user's personal information beyond the scope notified in this article. The purposes of collecting personal information are as follows:
- Membership Management: Verification of identity, personal identification, prevention of improper use and unauthorized use by malicious members, confirmation of intent to join, limitation of the number of times of joining, record keeping for future legal agent identification and dispute resolution, age verification, complaint handling, notification of latest information, and other customer service.
- Customized Service Development: Development and specialization of new services and products, improvement of advertising information such as events, satisfaction surveys, provision of service and advertisement according to demographic characteristics, extraction of statistics on frequency of access or service usage by users, development and provision of services according to usage type.
- Pseudonymization for statistical analysis, scientific research, and public record keeping.
- Marketing and Advertisement Provision (when receiving consent for marketing information): Notification of events, service information, benefit provision, reward provision, and coupon provision guidance.
Article 2 Collection Items and Methods of Personal Information
1. Items of collected personal information
- Required items
- Email address
- Name
- Optional items
- Location information
- Advertising identifier (ADID)
- Google Advertising ID (GAID) for Android devices
- Advertising Identifier for iOS devices (IDFA)
Additionally, the following information may be collected during the user's platform usage or business processing:
- When using wired or online consultations: consultation history (service usage history, wired/online consultation recording, etc.)
- When using the platform: device and environment information (IP address, cookies, visit date and time, device information, etc.)
- When using paid services:
- Required items: name, date of birth, gender, address, phone number
- When paying with a credit card: card number (partial), card company name, etc.
- When paying with a mobile phone number: mobile phone number, payment approval number, etc.
2. Methods of Collecting Personal Information
he company collects personal information through the following methods:
- Membership registration, application for sub-services, and information collection through the platform
- Collection through payment services
- Collection through personal identification services
- Use of phone or online counseling services
- Participation in events, prize draws, and delivery requests
- Automatic collection through generated information collection tools
- Automatic collection during the process of using the service
- Complaints or reports filed by oneself or others.
Article 3. Processing and Retention Period of Personal Information
The personal information processed by the company is processed within the scope of the purpose of collection and use, and the processing purpose, retention period, and items of personal information files that are registered and disclosed in accordance with the Personal Information Protection Act and related laws are separately specified according to the characteristics of each personal information file. Personal information is generally destroyed after achieving the purpose of collection and use, but it may be retained for a certain period of time depending on the case.
Members' personal information is destroyed without delay once the purpose of collection and use has been achieved. However, the company retains member information even when a member withdraws as follows to provide smooth service and prevent the use of illegal services.
- Reason for retention: To prevent confusion in managing illegal service members and service sign-ups and usage.
- Retention period: 1 year.
If it is necessary to retain member information under the provisions of relevant laws and regulations, the company retains member information for a certain period of time prescribed by the relevant laws and regulations. In this case, the company only uses the information being retained for the purpose of retention.
Records related to contracts or withdrawals of subscriptions:
- Reason for retention: Consumer protection laws related to e-commerce, etc.
- Retention period: 5 years.
Records related to payment of fees and supply of goods, etc.:
- Reason for retention: Consumer protection laws related to e-commerce, etc.
- Retention period: 5 years.
Records related to consumer complaints or dispute resolution:
- Reason for retention: Consumer protection laws related to e-commerce, etc.
- Retention period:
Records related to advertising/marketing:
- Reason for retention: Consumer Protection Act in electronic commerce and other related laws
- Retention period: 6 months
Records related to identity verification:
- Reason for retention: Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
- Retention period: 6 months
Website visit records:
- Reason for retention: Protection of Communications Secrets Act
- Retention period: 3 months
Records related to electronic financial transactions:
- Reason for retention: Electronic Financial Transactions Act
- Retention period: 5 years
Article 4. Right to Refuse Consent and Disadvantages of Refusal
Users have the right to refuse consent for the collection and use of personal information. However, if the user refuses to consent to the minimum collection and use of personal information necessary for service use, certain location-based functions (such as recording current location and searching for current location) cannot be used. If the user refuses to consent to the collection and use of personal information for marketing activities and promotions or optional collection and use, they may not receive information about events or benefits, or receive gifts or promotional items, use affiliated services, apply discounts or accumulate credits.
Article 5. Procedures and Methods for Personal Information Destruction
The company will, in principle, promptly destroy the relevant personal information once the purpose of its collection and use has been achieved. However, in cases where personal information must be retained in accordance with applicable laws and regulations, the information will be destroyed in an irretrievable manner without delay after the expiration of the retention period. The company's procedures and methods for personal information destruction are as follows:
1. Personal information destruction process
The information provided by the user is moved to a separate database (or filing cabinet in the case of paper) after the purpose of collection and use is achieved, and is stored for a certain period of time in accordance with internal regulations and other relevant laws and regulations, or immediately destroyed. In this case, personal information transferred to the database will not be used for any other purpose unless permitted by law.
2. Personal information destruction deadline
If the retention period of personal information has expired, the information will be destroyed without delay (within five business days, unless there is a justifiable reason) from the date on which it is deemed unnecessary for processing purposes, such as the achievement of the purpose of processing personal information, termination of the relevant service, or the end of the business.
3. Personal information destruction method
Electronic files are destroyed using technical methods that prevent recovery or regeneration, such as replacing data with null or random values in the case of databases, or low-level formatting in the case of storage devices. Personal information printed on paper is destroyed by shredding or incineration.
Article 6. Rights of Users and Methods of Exercise thereof
- Users can access and modify their personal information at any time and request access to their own personal information.
- Users can request to suspend the processing of their personal information at any time, and in cases where there are special legal provisions, the request for suspension of processing may be refused.
- Users can withdraw their consent to the collection and use of their personal information at any time after going through the identity verification process on the "Withdraw Membership" screen.
- In case a user requests correction of their personal information, the information will not be used or provided until the correction is completed. Furthermore, if incorrect personal information has already been provided to a third party, we will notify the third party of the correction results without delay to ensure that the correction is made.
- Personal information that has been terminated or deleted at the user's request is processed in accordance with the provisions of Article 3 and cannot be accessed or used for any other purpose.
- Users can directly exercise their rights on the "Settings" screen. However, for cases where direct processing is not possible, users can request the relevant department responsible for personal information protection by submitting a request in writing, by phone, or by email, and we will notify them of the method or results of exercising their rights within the period prescribed by law.
- If a user wishes to delegate their rights under this clause to another person, they must obtain a delegation from the user and submit it to the company.
Article 7. Provision of Personal Information to Third Parties Collected
The company uses the personal information of users within the scope notified in Article 1, and generally does not use or disclose the personal information of users to third parties beyond the scope of consent without prior consent. However, the following exceptions apply.
- In case the user has given prior consent for the provision of personal information to a third party.
- When it is necessary for payment and fee settlement in accordance with the service provided.
- When there is a request from an investigative or supervisory agency in accordance with the procedures and methods set forth in the law for investigation or inquiry purposes under the regulation of the law.
- When it is necessary for statistical compilation, academic research, or market research purposes, provided that it is processed in a form that cannot identify a specific individual.
In addition, if it is necessary to provide personal information to a third party for better service provision, the company obtains the user's consent by clearly stating the person receiving the personal information, the purpose of using the personal information of the person receiving it, the items of personal information provided, the period of retention and use of the personal information of the person receiving it, the right to refuse consent, and the disadvantage of refusing consent.
Article 8 Measures for Ensuring Security of Personal Information
The company takes the following measures to ensure the safety of personal information:
1) Access control to personal information The company takes necessary measures to control access to personal information by granting, changing, and revoking access rights to the personal information processing system that processes personal information, and controls unauthorized external access using an intrusion prevention system.
2) Retention of access records The company retains and manages records of accessing the personal information processing system for at least six months.
3) Encryption of personal information Personal information is stored and managed securely through encryption, and important data is encrypted when stored and transmitted using separate security functions.
4) Installation of security programs and regular inspections and updates The company installs security programs and regularly inspects and updates them to prevent leakage and damage of personal information caused by hacking, computer viruses, etc.
Article 9. Department in charge of personal information protection and personal information manager
The company designates the relevant department and personal information manager responsible for protecting users' personal information and handling complaints related to personal information. Users can report any privacy-related grievances that occur while using the company's services to the personal information management manager or the department in charge. The company will promptly provide sufficient answers to the user's reported issues. Personal Information Manager
- Name : Seon Namkung
- Position: Head of Service
- Contact: seon@zourney.io
If you need to report or consult on other personal information infringements, please contact the following organizations.
- Personal Information Dispute Mediation Committee (http://www.kopico.go.kr/)
- Personal Information Protection Center (http://privacy.kisa.or.kr/)
- Cyber Safety Bureau of the National Police Agency (http://cyberbureau.police.go.kr/)