N-tory Mobile Service Privacy Policy
Ntori
Corp. (“Company”) values the importance of personal information and abides by the
Personal Information Protection Act (“PIPA”) and the Act on Promotion of
Information and Communications Network Utilization and Information Protection,
Etc.(“Act”).
This
Privacy Policy informs users (or members) of the purpose and method in dealing
with the personal information and introduces measures adopted to protect the
user's private data.
The
Privacy Policy that includes various matters for personal information protection
pursuant to the Act shall be announced publicly on the official website or in
the service, therefore the users may discover the content.
Any content amended by the Company on
the Privacy Policy shall be updated on the website with the date of revision.
The Company shall ask the users to consent to Terms and Conditions for the
service and to collection and use of the personal information. When a user
consents by clicking ‘Agree’ on the screen, the Company acknowledges that that
user agreed to share the personal information for the Company to use and
collect the personal information of the user.
1. Collection and Collecting Methods
of Personal Information
The
Company may collect the following personal data to provide users the service.
1)
Items of personal data
When
users apply for or use the service, the Company collects user IDs, nicknames,
mobile information (model name, version of the operating system, unit
identifying numbers of mobiles), telecommunication information, store
information, version of the service, mobile numbers, any data created while
using the service, log-in data, cookies, payment data, monetization data, data
of the user participation in event/promotion and gift delivery data
When users use the service via Facebook, the Company
collects Facebook Email IDs, Facebook profiles
When users use the customer service, the Company
collects user mobile numbers, user names, user Emails
2)
Collecting methods of personal data
The
users are asked to consent to provide their personal data in the consent
protocol or system for the Company to collect when the users (1) start to use
the service for the first time after download, (2) access network, (3) purchase
cash, (4) apply for the service, (5) utilize the customer service, (6) take part
in the promotion or event, (7) utilize any content and platform developed by
the Company, (8) utilize any platform affiliated with the Company.
Additional
information shall be collected when the user consent to share additional
information with the Company.
2. Collection and Usage Purpose of
Personal Information
The
Company shall use the collected information exclusively for the following
purposes and take necessary measures to ask the users for another consent under
Article 16 in PIPA when the purpose is amended. However, the Company may
provide the collected personal information to other parties if the users gave
prior consent to provide the personal information to any third party or
otherwise pursuant to the legal basis of the current regulations.
To
fulfill the contract in regard to providing the service and settle payment for
the service
To
announce the prize winners, deliver the presents, provide the content and
settle the purchase and payment of the items
To
identify the multiple accounts of a single user, create statistics, restrict
opening any new account and accessing the service and settle any security issue
and dispute
1)
Member Management
Verification of a user followed by using the service
Restriction on abusing accounts and unauthorized
utilization of the service
Verification of user age
Verification
of legal guardian’s (representative) consent to share the personal information
of underaged Children (age of 14)
Customer
service to settle user complaints
Announcement
Researching user activity on public content in the
service
User analysis to provide customized service per
customer brackets
2)
Marketing, Advertising, Affiliating, and Contracting
Development of new service (product) and specialization
Providing advertising information such as events
Providing any service and advertisement based on demographic
information
Creating statistics on the frequency of user access or
service use
Providing promotion and event
3. Retention and Use Period of
Personal Information
The
Company shall retain and use personal information while membership holds effective
in regard to the information collected under the permission of the Company. The
information shall cease to be available to access or use when the users demand
the cancellation of their membership. However, the Company may retain the
information within any period specified by the service or a maximum of 30 days
(thirty days) from the date of the cancellation to restore damages caused by
personal data theft and protect the victims when any damage is posed to the
personal data. In addition, it is exceptional that the Company retains the
personal information if the users gave consent or otherwise pursuant to the
legal basis with regard to Commercial Act, Act on Consumer Protection in
Electronic Commerce, Etc., or any relevant legislation.
The
Company will take necessary measures to destroy the personal data in order to
protect the personal information of the users whose accounts have not logged in
the service for 1 year (a year) continuously (‘dormant accounts’) provided by
the laws and its enforcement decree pursuant to the Act.
Under
the condition that the Company shall protect the personal information pursuant
to the law, the Company shall retain the information within the maximum period
required by the law. (However, the Company shall retain the records of
restriction on the use of the service during the period of service.)
4. The Protocol of Destroying Personal
Information
The
Company shall destroy the personal information immediately after accomplishing
the purpose of use. The Company shall apply the following protocol.
1)
Destroying Process
If
the personal information that is registered for application should be required
to be retained pursuant to the law after the legitimate period of information
retention or accomplishing its purpose, the Company shall transfer the
information to another database (DB) or storage to destroy. The Company shall
not use the saved personal information for other purposes other than the
purposes pursuant to the law.
2)
Destroying Method
The
personal data stored in electronic files shall be destroyed in a technically
irreparable manner. The information printed on paper shall be shredded or incinerated.
5. Contingency Plan on the Security of
Personal Information
The
Company is preparing a contingency plan to keep the personal data from loss,
robbery, leak, alteration, and damage while processing the data.
1)
Management Measures: the Company is establishing and implementing internal
managerial plans, keeping a minimum number of data controllers and providing
the employees with proper lectures on the security of the personal data on a
regular basis and the data controller with commissioned lectures.
2)
Technical Measures: the Company is managing the approach access such as
personal data processing system, installing an access control system, encoding
unique identification data, installing the latest vaccine and computer security
programs and backing up the data.
3)
Physical Measures: the Company is controlling entry, exit, and approach of a
person(s) to the server room and archival storage room.
However,
the Company is not liable for any damages due, including but not limited to
user negligence or any mishaps beyond control in spite of doing all obligations
required by the Company to protect the personal information.
6. Providing Personal Data to the
Third Party
The
Company shall not provide personal information to a third party. However, the
following cases may apply exceptionally.
1)
Prior consent was received
2)
Settling payment is required after using the service
3) An
inquiry is requested by an investigative agency for investigation pursuant to
the law for investigation regulation
4) An
inquiry is requested by researchers for creating statistics, academic research
and market research, therefore the information shall be provided anonymously
7. Rights of Members and Legal
Representatives and Implementation of the Reserved Rights
1)
The member or legal representative may make an inquiry into and amend the
personal information of the member or the underaged children who are already
registered for the service and request withdrawal of the applications at any
time. The Company shall receive the consent of the legal representatives to
collect, use, provide the personal information of the children. The Company
reserves the right to request the legal representatives to provide the name,
contact and other information necessary to reach an agreement. The collected
personal information of the legal representatives shall not be provided to any
third party except for the verification purpose of that legal representative’s
consent.
2)
The member or legal representative, at any time, shall withdraw the agreement
(membership withdrawal) to provide the personal information. The member may
withdraw the membership by clicking on “withdraw membership” or “delete
account” in the service to reverse the agreement to provide the personal
information. The User or legal representative may make such an inquiry into or
amend the personal information by contacting the customer service center in
writing, or by calling at 1566-4340, or by making a ‘1:1 inquiry’ in the
service. When the inquiry to amend is requested, the Company shall not use or
provide the existing personal information until the revision is made.
3)
The personal information deleted at the request of the users or legal representatives
shall be processed pursuant to Terms of Use and shall not be used or revisited
for any other purpose.
8. Technical, Management, Physical
Protection Measures of Personal Information
The
Company shall establish the technical and management measures to keep the
personal data from loss, robbery, leak, alteration, and damage while processing
the data.
1)
The Company keeps, in the best endeavor, the personal information from leaking
or altering by the hackers or the computer viruses. The data is backed up in
separate storage to keep the data from alteration. The latest vaccine program
ensures that no personal data or information is leaked or damaged. And the
cryptography algorithm safeguards the transfer of the personal data on the
network. In addition, the firewall system controls any unauthorized approaches.
The Company is putting a lot of effort into the installation of every possible
technical program and equipment to make sure of the safety of the systems.
2)
The Company is placing emphasis on compliance with the privacy policy. And the
Company consults with an exclusive institution to inspect the Company’s current
processing of the personal data abiding by the privacy policy and compliance of
the data controllers with the policy and, if any issues are discovered in
inspection, the Company rectifies the issues. However, the Company shall not
hold responsibility for any incident that is caused by the personal data leak
due to the user's negligence or an error on the internet.
9. Customer Service for Personal
Information
The
Company is trying to provide the employees with the education and guidelines on
a regular basis to avoid personal data infringement and improve the data
protection system. A data controller is designated to protect and manage the
personal information of the users and resolve user complaints.
1)
Data controller
Name: Kang, Il-Nam
Email:
info@n-tori.com
, Fax.: 02-861-7780, Tel.: 02-861-7750
Any
complaint with regard to the personal information while using the service of
the Company should be submitted to the data controller or the data control
division of the Company. The data controller will respond to the answer for any
query. When the users should report or consult with regard to personal
information infringement, the following agencies may help.
-
Personal Information Infringement Report Center (Website:
www.privacy.kisa.or.kr
/ Tel.: 188)
-
Personal Information Dispute Arbitration Commission (Website:
www.kopico.go.kr
/ Tel.: 1833-6972)
-
Cyber Investigation Division of the Supreme Prosecutor Office (Website:
www.spo.go.kr
/ Tel.: 1301)
-
Cyber Security Agency of National Police Agency (Website:
www.cyberbureau.police.go.kr
/ Tel.: 182)
10. Duty of Disclosure
The
Company is obliged to notify the members of any updated matters within seven
(7) days from the date on which addition, deletion, and revision is made on the
privacy policy regardless of the fact that the users may take advantage of the
change or suffer any damage by that.
Supplementaries
This Privacy
Policy took effect on October 12, 2018.
->
Addition made on January 24, 2019: Addition of purpose to ‘2. Collection and
purpose of personal information use’ (effective from February 25, 2019)
- To
identify the multiple accounts of a single user, create statistics, restrict
opening the new accounts and accessing the service, settle the security issues
and disputes
->
Revision made on January 24, 2019: Disclosure Date amended on ‘10. Duty of
Disclosure’ (effective from February 25, 2019)
-
Before revision: The Company is obliged to notify the members of any
information within seven (7) days from the date on which addition, deletion,
and revision are made on the privacy policy. Any changes that may be
disadvantageous to the users shall be informed within thirty (30) days from the
date on which the change is made.
-
After revision: The Company is obliged to notify the members of any information
within seven (7) days from the date on which addition, deletion, and revision
are made on the privacy policy regardless of the fact that the users may take
advantage of the changes or suffer disadvantage by that.