Personal Information Processing Policy

 

MBZ Company Co., Ltd. (hereinafter the Company) complies with the Personal Information Protection Act and the relevant laws and regulations to protect the freedom and rights of users and processes and manages the personal information legally and safely. The Company informs users of the procedure and the basis of processing the personal information. In order to address complaints related to the personal information promptly and effectively, we have stipulated and disclose the personal information processing policy as follows:

 

1. Personal Information Items to be Processed

The Company processes the following items of the personal information:

1. User identification and verification of identity: (Information collected when the person joins the membership) Name, e-mail, mobile phone number, ID, password
2. Communication and instructions for member information management: Name, e-mail, mobile phone number
3. Preventing illegal, illicit or unauthorized use, providing safe payment service, record preservation for dispute mediation and resolution, data and analysis with the product and service use information, improving products and services: ID, name, birthdate, gender, CI, DI, IP address, time and date of visit, service use record (personal information automatically generated)
4. Information for payment service: Credit card number, period of validity, name, birthdate, gender, first two digits of credit card password, proving the relationship with the service user (if a credit card in the name of another person is used), bank account number, person who makes the payment, bank, mobile phone number
5. Partnership service: Name, e-mail, mobile phone number, ID
6. Event participation and receiving a prize: Name, e-mail, mobile phone number, ID

 

2. Purpose of Processing Personal Information

The Company processes the personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following purposes. If the purpose of using the personal information changes, necessary measures will be taken such as obtaining separate consent from the user.

1. Service provision
2. User identification, age verification and obtaining consent of a legal guardian, member management (verifying identities of user and a legal guardian, etc.)
3. Preventing and sanctioning an act which interferes with the effective provision of the service, including account misappropriation and illegal use of the service.
4. Demographic analysis, analysis of use record and service use, service improvement through statistical analysis, providing customized service
5. User protection and service operation, including delivery of notices, preservation of records for dispute resolution and handling of requests and complaints
6. Purchase and sale of paid products and payment processing, confirmation and payment of expenses and settlement amounts, tax settlement
7. Verifying evet participation and preventing award of two or more prizes to the same person
8. Provision of affiliate services, delivery and payment of products
9. Building a service use environment where users can use the service reliably in terms of security, privacy and safety

 

3. Processing of Personal Information and Period of Retaining Personal Information

In principle, the Company destroys users’ personal information promptly upon termination of the membership or after the purpose of using the personal information has been achieved. If the Company otherwise obtains consent from the user regarding the retention period of the personal information, or if there is a statutory obligation to retain the information for a certain period, however, the Company may safely retain the personal information for that period.

 

1. If the personal information is stored with the separate consent of the user, the periods of the retention shall be as follows:

- Authentication record collected for identity and age verification (mobile phone number, information on mobile network operator): 1 year from the date of verifying the identity of the user

- Information on a legal guardian: Stored until the child turns 14 or becomes an adult

- A file sent to the customer center: Retained for 1 month from the date of receiving the inquiry

- Event participation and prize award: Personal information is stored for up to 6 months from the date of information collection or the last date of the event

- Advertising and business partnership: Destroyed after the inquiry has been processed

- Submitting work: 5 years from the submission date

- Storing user ID to prevent fraudulent use: Retained for 6 months after the service termination

 

2. For the records below, the Company retains the information until the end of the relevant period.

- Act on Consumer Protection in Electronic Commerce, etc.

   · Record on contract, termination of a request for contract, etc.: 5 years

   · Record on payments and supply of products, etc.: 5 years

   · Record on processing of a complaint or a dispute of a customer: 3 years

- Communications Secret Protection Act

   · Log-in record: 3 months

- Basic Act on National Tax, Corporate Tax Act

   · Books and supporting documents for all transactions under the tax law: 5 years

 

4. Procedure and Method of Destroying Personal Information

In principle, a user's personal information is promptly destroyed when the purpose of collection and use of personal information is achieved or the retention period has expired. The Company's personal information destruction procedure and method are as follows:

 

1. Method of Destruction

- Personal information collected during the service subscription, etc. is stored for a certain period and then destroyed pursuant to the internal policy and other relevant laws after the purpose of the collection has been achieved.

- Information whose preservation is required by the law will be destroyed without delay after the relevant period has elapsed and will be destroyed in a manner which makes the recovery of the information not possible.

2. Method of destroying the Information

- The personal information printed on paper is destroyed by shredding or incineration.

- The personal information stored in an electronic file is deleted by a technical method which makes the record unrecoverable.

3. System of the Personal Information Expiration Date

- The Company manages the personal information of members who have not used the service for 1 year by separately storing it, or deleting it in accordance with the system of the personal information expiration date.

 

5. Consignment of Collected Personal Information

In order to improve the service, the Company may consign the collection, processing, and management of your personal information to an external party in compliance with the statutory requirements (obtaining user consent, etc.) if necessary, and may provide the personal information to a third party. The Company consigns the following works in relation to the processing of the personal information, and stipulates the necessary matters to ensure that personal information is safely managed when the Company enters into a consignment contract in accordance with the relevant laws and regulations. The information shared is limited to the minimum extent necessary to achieve the purpose.

 

Information processors                  Consigned works

KG Inicis Co., Ltd.                         Payment service

Danal Co., Ltd.                              Verifying identity of a user

 

The above terms do not apply to the following instances:

1. Users provided prior consent.
2. The information is collected in accordance with the law, or an investigative agency require the information in accordance with the procedure and method set forth in the law for the purpose of investigation.
3. In providing the personal information, or consigning the processing of the personal information, a user will be notified in advance of the matters regarding the consignee, the scope of consignment and the scope of the shared information and will be notified in writing, e-mail, phone, or through the website.

 

6. Rights of Users and legal Guardians and Method of Exercising the Rights

- A user and a legal guardian of a child under the age of 14 may exercise their rights and may request viewing, correction, deletion, or suspension of processing, of personal information at any time. A user may exercise his or her rights in writing, by phone, or e-mail, and the Company will act promptly.

- Additionally, users may withdraw their consent to the collection and the use of personal information at any time by cancelling the service.

- If there are otherwise restrictions under the law, the exercise of rights may be restricted.

- A user may exercise rights through an agent such as a user's legal guardian or a person with the authority to exercise the rights. The Company verifies the identity of the person making a request (e.g. a request for viewing, correction, deletion, or suspension of processing, of personal information in accordance with the user rights) and verifies whether the person making a request is the user himself or herself, or his or her valid agent.

 

7. Matters Related to Installation, Operation and Refusal of a Device to Automatically Collect Personal Information

The Company uses cookies to store the usage information and retrieve it from time to time in order to provide individualized services to users. Cookies are a small amount of information which the server (http) which is used to run the website sends to the user's browser and are sometimes stored on a hard disk of the user's PC.

 

1. Purpose of Using Cookies

- Cookies are used to identify the identify the information such as users' visit and usage patterns and how many users visit the website and to provide users with optimized and customized information, including advertisements.

2. Installing, Operating and Rejecting cookies

- Users have an option of installing cookies. You can refuse to store cookies through your web browser's settings. The method of setting an internet environment varies depending on the type of a web browser.

3. If you refuse to store cookies, you may have difficulty using some services which require log-in.

 

8. Staff Member in Charge of Personal Information Protection

The Company is responsible for the overall management of personal information processing, and has designated a staff member in charge of personal information protection as follows to address user complaints and provide a remedy for damages related to the personal information processing. A user may contact the staff member in charge of the personal information protection regarding all the personal information protection-related inquiries, how complaints are addressed, damage relief, etc. which arise while using the Company service, and the Company will promptly respond and process user inquiries.

 

9. How to Obtain a Remedy for Infringement of Rights

To obtain a remedy for infringement of personal information, a user Personal Information Dispute Mediation Committee, Personal Information Infringement Report Center at Korea Internet and Security Agency or other agencies for dispute mediation or consultation. For other reports, or consultation regarding the personal information infringement, please contact the organizations below.

 

1. Personal Information Dispute Mediation Committee (kopico.go.kr / (no area code) 1833-6972)
2. Personal Information Infringement Report Center (privacy.kisa.or.kr / (no area code) 118)
3. Supreme Prosecutors’ Office (www.spo.go.kr / (no area code) 1301)
4. National Policy Agency (ecrm.police.go.kr / (no area code) 182)

 

The Company makes efforts to guarantee the users' right to make a decision on their own personal information and provide consultation and a remedy for damage caused by personal information infringement. If you need to report something or need consultation, please contact the staff member in charge of the personal information protection.

 

10. Obligation of Notice

If there is any addition, deletion or modification of the terms of the current personal information processing policy due to changes in the government policy or the security technology, it will be notified in the Notice section on the website.

 

- Date when the personal information processing policy enters into force: November 15, 2023

- Date when the personal information processing policy is amended: November 15, 2023