Personal Information Processing Policy

 

Illuni Co., Ltd. (hereinafter referred to as the “Company”) values Personal Information of Users, and as a Provider of Information and Communication Services, shall comply with Act on Promotion of Information and Communications Network Utilization and Information Protection, Personal Information Protection Act, Protection of Communications Secrets Act, Telecommunications Business Act and other relevant laws / regulations. According to such laws and regulations, the Company has established Personal Information Processing Policy and is safely managing Personal Information. Furthermore, the Company has kept disclosing this Policy for Users to easily check anytime.

 

Article 1. Collection and Use of Personal Information

Article 2. The Period for retaining and using Personal Information

Article 3. The Right of Data Subjects to deny consent and disadvantages, if any, resulting from the denial of consent

Article 4. Outsourcing of Personal Information Process

Article 5. Provision of Personal Information to a Third Party

Article 6. The Rights and Obligations of Data Subjects and their Legal Representatives and How to Execute Such Rights

Article 7. Protection of Personal Information of Data Subjects aged under 14

Article 8. Installation and Operation of an Automatic Collection Tool for Personal Information and the denial thererof

Article 9. Destruction of Personal Information

Article 10. Technical and Managerial Safeguards of Personal Information

Article 11. Link Site

Article 12. Extraction of Posts and Videos

Article 13. Gathering Opinions and Handling Grievances

Article 14. Facial Data Storage, Use, and Retention Period

Article 15. Privacy Officer

Article 16. Obligation to Notify

 

Article 1. [Collection and Use of Personal Information]

The Company collects and processes all Personal Information for the following purposes such as member management, development / provision / improvement of services and safe mobile use environment. Personal Information that has been processed shall not be used for purposes other than the followings and if such purposes are changed, the Company will seek prior consents from the Users.

 

1       The Purposes of the collection and use of Personal Information and relevant items

The services provided by the Company are freely accessible without a separate membership registration. Personal Information collected and used for membership services of the Company will not be used for purposes other than the followings, and as explained above, necessary measures such as obtaining separate consents if the purposes are changed, shall be executed.

1.1       Execution of contracts about provision of services, provision and purchase and payment of contents about fee settlements according to provision of services, delivery of goods or billing address, etc., identity verification for financial transaction and other financial services

1.2       Member management identification for services provided by the Company, Personal identification, Prevention of illegal and unauthorized usage by defective/faulty members, confirmation of intent for registration of membership, confirmation of age, complaint handling and delivery of notices

1.3       Statistics on access frequency or Users’ usage of services, the Company automatically collects and transfers Users’ advertisement identification information (ADID / IDFA) when running services by utilizing Singular (Marketing Efficiency Analysis Tool). This information shall not be combined with personally identifiable information.

1.4       Development and Specialization of new services (products) to be utilized for marketing and advertisement, delivery of advertising information such as coupons and events, provision of services according to demographic characteristics as well as advertisements (Optional, and the Company does not provide personalized advertisements to anyone aged under 14)

2       The Company only uses Users’ Personal Information within the notified purposes under 「 The Purposes of the collection and use of Personal Information and relevant items」 and the Company shall not use such Personal Information outside the aforementioned purposes and provide it to a third party. However, the Company may provide Users’ Personal Information to a third party in the following cases.

2.1       Cooperation Relationship: The Company may provide Personal Information of Users to affiliates for provision of better services. In this case, the Company shall obtain consents from Users in advance after explaining about items of Personal Information to be provided, the purposes and period of provision, as well as protection measures. If Users do not consent, the Company shall not provide Personal Information to affiliates and notify to Users any changes or terminations of relevant Cooperation Relationship. When a Cooperation Relationship is terminated, and Users do not consent about provision of their Personal Information, that information already provided shall be destroyed without delay, Users can always withdraw their consent about provision of their Personal Information at any time.

2.2       Consignment: For smooth business operation and to provide better services to Users, the Company can consign processing of Users’ Personal Information to third parties. In this case, the Company shall notify to Users about names of consignees, purposes of consignment, scopes of Personal Information to be consigned, consignment periods in advance.

2.3       Disposal of Business, Mergers and Acquisitions: If the rights and obligations of the Service Provider are succeeded or transferred, this must be notified in advance, and Users’ option to withdraw their consents about personal information shall be given.

2.4       If there are special provisions in relevant laws and regulations. if it is necessary for fee settlements, if a transaction is made through the Service provided by the Company, for smooth communication and transaction between parties to a transaction and if it is necessary to provide information relevant to delivery within the required range, the Company may provide Personal Information to a third party.

3       Items of Personal Information for collection: Information Users directly enter for using services provided by the Company such as User ID, Face data(FaceAnalyzer API is used, and when using photos, videos and cameras, facial recognition and face coordinates are recognized, and those contents are provided based on recognized information), photos, voice data, users’ play data, passwords, addresses of delivery, mobile phone number, e-mail address, Facebook account information, KaKaoTalk account information, Naver account information, encrypted user verification value (CI), bank account information, Business registration number, name of business, name of representative of business, service use records, access logs, cookies, access IP information, payment records, etc.

4       Methods of collecting Personal Information

4.1       Via Homage (membership registration, profile editing, account setting, etc.)

4.2       Automatically collected through running or using service programs provided by the Company

4.3       Collection through voluntary provision of Personal Information by Users during service subscription or usage

 

Article 2. [The Period for retaining and using Personal Information]

1     The Company processes and retains Personal Information within the period agreed by Users when collected

1.1       Membership Information: up to 90 days after membership withdrawal

1.2       Non-Membership Information: Until purposes of business are achieved

Nevertheless, the Company may retain Personal Information until cases are closed if an investigation is in progress about violations of laws and regulations by a particular User, and until the time of settlement if there remains a claim-obligation relationship due to that User’s usage of services.

2     In accordance with Article 29 of 『Act on Promotion of Information and Communications Network Utilization and Information Protection』, if there has been no record of usage of services for 1 year, such User will be notified in advance and Personal Information shall be separated and retained for 1 year from the date of conversion to a dormant account.

3     To prevent members from doing expedient or illegal actions such as re-joining or arbitrarily cancelling memberships after withdrawal or suspension of memberships to obtain economic benefits e.g. discount coupons and event benefits provided by the Company, or using others’ names without permission, the Company shall retain Users’ Personal Information for 90 days after withdrawal of membership.

4     The Company may retain Personal Information for a certain period of time by moving it to a separate database (DB) or by changing the storage location with the provisions of relevant laws and regulations such as Act on the Consumer Protection in Electronic Commerce.

 

Article 3. [The Right of Data Subjects to deny consent and disadvantages, if any, resulting from the denial of consent]

Users have the right to refuse consent to collection and use of Personal Information. Nevertheless, in the case of refusal to consent to collection and use of minimum Personal Information necessary for conclusion and execution of the contract, services cannot be used. In the case of refusal to consent to collection and use of Personal Information and/or selective collection and use of Personal Information for marketing activities and public relations, there may be disadvantages, for instance, not being able to receive information about events and benefits, be provided with free gifts and promotional materials, use affiliated services, discounts, and accumulate points.

 

Article 4. [Outsourcing of Personal Information Process]

1       The Company consigns Personal Information processing tasks for smooth handling of Personal Information as follows.

2       The Company consigns only some of tasks necessary for provision of services to external companies. When consigning contracts are concluded, prohibiting provisions of processing Personal Information other than the purposes of performing consigned tasks, technical and administrative protection measures, restrictions on reconsignment, management and supervision of consignees, compensation for damages shall be specified in consigning contracts in accordance with relevant laws and regulations. The Company shall regulate, manage, and supervise matters necessary for consignees to safely process Personal Information in accordance with relevant laws and regulations.

 

Article 5. [Provision of Personal Information to a Third Party]

1       The Company processes Users’ Personal Information only within the scope specified below, and only provides such Information to a third party when there is a consent from Data Subjects or a special provision of relevant laws and regulations. Without a User’s prior consent, the Company shall not use his/her Personal Information outside the scope of given consent or provide Personal Information to a third party in principle.

2       Currently, the Company does not provide Personal Information to a third party except cases necessary for performance of consignment tasks in the preceding article. If Personal Information is provided to a third party other than for the purpose of performing consigned tasks, the Company shall seek consent from Users with regard to ① the Person receiving Personal Information, ② the purposes of using Personal Information by such Person, ③ items of Personal Information to be provided, ④ Retention and period of usage of Personal Information, as well as the fact that Users have the right to refuse consent to provision of their Personal Information and following disadvantages arising out of refusal of consent, etc. 

 

Article 6. [The Rights and Obligations of Data Subjects and their Legal Representatives and How to Execute Such Rights]

１      Users can exercise the following rights related to their Personal Information protection against the Company at any time.

a) The right to request access to Personal Information

b) The right to request a correction if there is an error, etc.

c) The right to request an erasure

d) The right to request suspend the processing of Personal Information

２      Users may exercise the rights specified in the preceding Paragraph in writing, by phone, e-mail, fax, etc., and the Company will handle the issues within 10 business days according to its internal procedures.

３      If a User requests correction or deletion of errors with regard to his/her Personal Information, the Company shall not use the relevant Personal Information before requested correction or deletion.

４      Users may exercise the rights specified in Paragraph 1 of this Article via an agent such as a legal representative or delegate, and the agent can exercise all the above rights on behalf of a particular user.

５      Users shall not infringe on Personal Information and privacy of themselves, or third parties processed by the Company in violation of relevant laws and regulations such as Act on Promotion of Information and Communications Network Utilization and Information Protection, and Personal Information Protection Act.

６      Users have rights to view, correct, or withdraw their Personal Information through 『Settings』 at any time.

７      If any User wishes to withdraw from membership, the User can click 『Settings』-> 『Withdrawal of Membership』 or contact the person in charge of Personal Information Protection by fax, mail, phone. Then, the Company shall take necessary measures such as deletion of Personal Information after retention of that information, for 90 days from the application for withdrawal of membership.

８      Users shall prevent any unexpected accidents or incidents by entering or notifying their Personal Information up to date to the Company.

９      Users are responsible for any accidents or incidents that occur due to inaccuracies of information provided or entered by Users, and provision of services may be restrained if false information such as a non-relevant person’s information is entered.

１０   Users have the right to be protected from infringement of their Personal Information and the duty to protect themselves / not to infringe Personal Information of others. Users shall also be careful not to leak and damage other Users’ Personal Information. If a User fails to fulfill the above responsibilities and somehow damages Personal Information and dignity of others, he/she may be subject to punishment under 「Act on Promotion of Information and Communications Network Utilization and Information Protection」, 「Personal Information Protection Act」.

 

Article 7. [Protection of Personal Information of Data Subjects aged under 14]

To protect Personal Information of persons aged under 14, the Company shall now allow registration of membership of those children aged under 14. 

 

Article 8. [Installation and Operation of an Automatic Collection Tool for Personal Information and the denial thereof]

1       When using services provided the Company, service usage records and connected device information such as cookies (text files sent by the server used in the Company service to Users’ browser and saved on the hard disk of Users’ device), IP address etc., are automatically created and stored.

2       The purpose of using Cookies is as follows, and bulletin board post registration Cookies expire when the browser is closed or logged out.

1 

2 

a) By analyzing frequency of access or usage of time spent, etc., Users’ preferences and interests are identified and used for targeted marketing (this is not combined with information that can identify Users)

b) Measures such as service reorganization and etc. by analyzing Users’ habitual behaviors

3       Users can refuse to install cookies (IE standard setting method: Tools at the top of the browser > Internet Options > Personal Information > Site Blocking). Nevertheless, if a User refuses to install cookies, it may be difficult to use a number of services that require login.

1 

2 

3 

 

Article 9. [Destruction of Personal Information]

The Company shall destroy all Personal Information without delay, after the purpose of collecting and using the above information is achieved. Personal Information recorded and stored in electronic format should be destroyed so that it cannot be reproduced. Personal Information recorded and stores in written format (paper) should be shredded or incinerated.

 

Article 10. [Technical and Managerial Safeguards of Personal Information]

About handling Users’ Personal Information, the Company shall implement the following protective measures to ensure safety so that Personal Information will not be lost, stolen, leaked, altered or damaged.

1.     Technical Safeguards

a) Users’ Personal Information is protected by a password, and important data is protected through separate security functions by encrypting files and transmitted data or using file Lock function.

b) The Company has taken various measures to prevent damage caused by computer viruses by using vaccine programs. Those programs are updated periodically, and in the event of a sudden virus outbreak, the programs shall be provided as soon as they are released in order to prevent infringement of Personal Information.

c) The Company adopts a security device (SSL) that can safely transmit Personal Information within the network utilizing a cryptographic algorithm.

d) The Company, in preparation for external intrusions such as hacking, each server uses an intrusion prevention system and a vulnerability analysis system to ensure security.

2.     Managerial Safeguards

a) The Company limits the right of access to Users’ Personal Information to a minimum number of people and those are as follows.

① A person who performs marketing tasks directly for Users (limited to cases where Users agree upon such marketing tasks)

② A person who handles complaints and inquiries about usage of services from customers

③ A person who carries out Personal Information Protection such as Privacy Officers

④ A person who should handle Personal Information due to his/her job description

b) The Company has prepared internal procedures to prevent leakage of information by employees through security pledges at the time of joining the Company, and to audit the implementation of Personal Information Processing Policy as well as compliance of such Policy by employees.

c) The transition of duties and responsibilities of Personal Information-related person in charge is carried out thoroughly, and the Company clarifies responsibilities for Personal Information accidents after the above person joins and leaves the Company.

d) The Company is not liable for any occurrences caused by Users’ personal mistakes or basic Internet risks. Each User must properly manage his/her ID and password to protect Personal Information and shall bear full responsibilities about such management.

e) In the event that Personal Information of Users is lost, leaked, altered or damaged due to mistakes by internal managers of the Company or accidents with regard to technical management, the Company will immediately notify Users and take appropriate countermeasures and compensation processes.

 

Article 11. [Link Site]

The Company may provide Users with links to websites or materials of other companies. In this case, since the Company has no control over external sites and materials, the Company cannot be held responsible for or guarantee the usefulness of services or materials from other companies. If a User clicks on a link included in the Company and move to another site, Personal Information Processing Policy of that website is irrelevant to the Company. A User should review that policy of the newly visited site.

 

Article 12. [Extraction of Posts and Videos]

1.      A Post refers to something a User has posted through 『Share』 function, so that it can be viewed by others.

2.      The Company values every post and does utmost endeavors to protect those from falsification, damage, or deletion. However, the above does not apply in the following cases.

1)     Spam posts and commercial posts (e.g.: chain letters, advertisements of specific sites, etc.)

2)     Posts that may result in defamation of another person by disclosing a false information for the purpose of slandering him/her

3)     Disclosure of other people’s Personal Information without consent, contents that infringe third parties’ rights such as copyrights, and posts that is irrelevant to topics in bulletin boards

3.      To invigorate a desirable bulletin board culture, the Company ensures that there is no misunderstanding by revealing movement of certain parts when identities of others are disclosed without consent. In other cases, the above parts shall be deleted after an explicit or individual warning.

4.      Fundamentally, all management rights and responsibilities related to postings belong to individual authors. The face and voice data provided by Users while using services will be disclosed to other Users through 『Share』 function. Information that has been voluntarily disclosed through postings may be used by a third party through recording and illegal leakage. The Company shall not bear responsibilities for such incidents so that Users must carefully consider disclosure of their Personal Information through 『Share』 function.

5.      Extraction of Videos refers to extracting the story composed by a User within the Service to outside in the form of a video. The Company does not have management responsibilities and access rights for such extracted videos, and is not liable even if Personal Information stored in extracted videos is misused by a third party and accordingly the User suffers damage from this.

 

Article 13. [Gathering Opinions and Handling Grievances]

1.      The Company values opinions of Users and they have the right to always receive sincere responses from their questions.

2.      The Company operates a Customer Center for smooth communication with Users, and the contact information is as follows.

 

3.      The Company is obliged to respond in good faith after having received a User’s consultation request. However, if such request is received after working hours of a business day, or on weekends and holidays, the Company shall handle the matters on the next day or the first business day after weekends or holidays have elapsed.

4.      If any User requires consultation about Personal Information issues, he/she can inquire through the above e-mail address of the Company. Further, if a User wishes to report or consult with government institutions, he/she can use contact information listed below.

 

Article 14 [Facial Data Storage, Use, and Retention Period]

1.     Data Sharing and Storage
- Sharing with Third Parties: User data is strictly not shared with third parties.
- Storage Security: User data is securely stored as encrypted binary data, ensuring privacy protection and security.

2.     Facial Data Policy:
- Storage Period: Facial data is stored only during the user's use of the service. It is promptly deleted when the user deletes the data or withdraws from the service.
- Facial Data Use: In accordance with our FaceAnalyzer API, we provide relevant content based on facial recognition and coordinates when using photos, videos, and camera for facial recognition.

3.     Accessibility to Privacy Policy:
- Users can access detailed information about our privacy practices in the privacy policy section within the settings.

4.     Detailed Privacy Policy Regulations:
- Collected Personal Information: User ID, facial data, photos, voice data, game play data, password, delivery address, contact information (phone number, email), social media account information (Facebook, KakaoTalk, Naver), encrypted user verification value (CI), financial information (bank account details), and business information (business registration number, business name, representative name) are included.
- Usage Data: Service usage records, access logs, cookies, access IP information, and payment information are also collected for user experience and service quality improvement.

 

Article 15. [Privacy Officer]

1.      The Company does its utmost endeavor to protect Users’ Personal Information. About protection of Personal Information, Privacy Officer specified below shall bear all responsibilities in the event of accident that is against notices received by Users. Nevertheless, although technical supplementary measures have been taken, the Company shall not be liable for damage to Personal Information and disputes arising from posts uploaded by Visitors caused by basic network risks such as hacking.

2.      The Person in charge of, and responsible for handling Users’ Personal Information is as follows, and such person will promptly and faithfully respond to any inquiries related to Personal Information issues.

[Privacy Officer]

 

Article 15. [Obligations to Notify]

In the case of addition, deletion, or modification of this Policy due to Government policy or changes in security technologies, it shall be notified on ‘Notice’ section of the website operated by the Company or via e-mail at least 7 days before (However, if important contents are to be altered, the period shall be 30 days before). If there are material changes in Users’ rights, they shall be notified at least 30 days in advance.

• Date of Notice: 2022. 01. 10.

• Date of Implementation: 2022. 01. 10.