Privacy Policy
Uppin (hereinafter referred to as the “Company”) has established and disclosed the following privacy policy to protect the personal information of data subjects in accordance with Article 30 of the Personal Information Protection Act, and to promptly and smoothly address any related concerns.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for any purposes other than those stated below. In the event that the purpose of use is changed, the Company will take necessary measures, including obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.
1. Website Membership Registration and Management
Personal information is processed for the purpose of confirming the intention to register as a member, identifying and verifying the member for the provision of membership services, maintaining and managing membership status, verifying the identity of the member in accordance with the limited identity verification system, preventing fraudulent use of the service, confirming the consent of a legal guardian when processing the personal information of children under the age of 14, sending notifications and notices, and handling complaints.
2. Provision of Goods or Services
Personal information is processed for the purpose of product delivery, service provision, sending contracts and invoices, providing content, offering personalized services, identity verification, age verification, payment and settlement of charges, and debt collection.
3. Complaint Handling
Personal information is processed for the purpose of verifying the identity of the complainant, confirming the complaint details, contacting and notifying for fact-finding purposes, and notifying the outcome of the resolution.
Article 2 (Processing and Retention Period of Personal Information)
① The Company processes and retains personal information within the retention and usage period specified by law or the period consented to by the data subject at the time of collection.
② The retention and processing periods for each category of personal information are as follows.
1. Membership Registration and Management on the Website:
Until the member (business/organization) withdraws from the website.
However, in the following cases, the information will be retained until the reason for retention no longer applies.
1) In cases where an investigation or inquiry is ongoing due to a violation of relevant laws, until the investigation or inquiry is concluded.
2) In cases where there are remaining obligations arising from the use of the website, until such obligations are fully settled.
2. Provision of goods or services: Until the supply of goods or services is completed and payment and settlement are finalized.
However, in the following cases, the data will be retained until the relevant period has expired:
1) Records related to transactions such as labeling/advertising, contract details, and fulfillment in accordance with the Act on the Consumer Protection in Electronic Commerce, etc.
– Records on labeling and advertising: 6 months
– Records on contracts or withdrawal of offers, payments, and supply of goods, etc.: 5 years
– Records related to consumer complaints or dispute resolution: 3 years
2) Retention of communication data in accordance with Article 41 of the Telecommunications Secret Protection Act.
– Subscriber telecommunication times, start/end times, the other party’s subscriber number, usage frequency, and location tracking data of the originating base station: 1 year
– Computer communication, internet log data, and access location tracking data: 3 months
Article 3 (Provision of Personal Data to Third Parties)
① The company processes personal data only within the scope specified in Article 1 (Purpose of Personal Data Processing), and provides personal data to third parties only in cases where the data subject’s consent is obtained, or in accordance with special provisions of law, as stipulated in Article 17 of the Personal Information Protection Act.
② The company provides personal data to third parties as follows.
– Recipient of the personal data:
– Purpose of use of personal data by the recipient:
– Personal data provided:
– Retention and use period of personal data by the recipient:
Article 4 (Rights of Users and Legal Representatives and How to Exercise Them)
① The data subject may, at any time, exercise the following rights related to personal information protection with the company.
1. Request to access personal information
2. Request for correction of errors (rectification)
3. Request for deletion
4. Request for suspension of processing
② The rights under paragraph ① may be exercised by the data subject through written request, telephone, email, or fax, and the company will take prompt action accordingly.
③ When a data subject requests correction or deletion of their personal information due to errors, the company will not use or provide the relevant personal information until the correction or deletion is completed.
④ The rights under Paragraph 1 may be exercised through the data subject’s legal representative or an authorized agent. In such cases, a power of attorney must be submitted using Form No. 11 prescribed in the Enforcement Rules of the Personal Information Protection Act.
⑤ The data subject must not violate the Personal Information Protection Act or other related laws, and must not infringe upon the personal information and privacy of themselves or others that the company is processing.
Article 5 (Personal Information Items Processed)
The company processes the following personal information items.
1. Website Membership Registration and Management
Required items:
선택항목 : <예) 결혼 여부, 관심 분야>
2. Provision of Goods or Services
Required items: e.g., Name, Date of Birth, ID, Password, Address, Phone Number, Gender, Email Address, i-PIN Number
Optional items:Areas of interest, Past purchase history
3. The following personal information items may be automatically generated and collected during the use of internet services
IP address, cookies, MAC address, service usage records, visit history, records of fraudulent usage, etc.
Article 6 (Destruction of Personal Information)
① The company will immediately destroy personal information when the retention period has expired, the purpose of processing has been achieved, or when the information is no longer necessary.
② Even if the retention period of personal information obtained with the consent of the data subject has expired or the purpose of processing has been achieved, if the information must be retained according to other laws, the company will move the relevant personal information to a separate database (DB) or store it in a different location for preservation.
③ The procedure and method for the destruction of personal information are as follows.
1.Destruction Procedure
The company selects the personal information for which the reason for destruction has occurred and destroys it with the approval of the company’s personal information protection officer.
2.Destruction Method
The company will destroy personal information stored in electronic files by using methods such as low-level formatting, which makes the data unrecoverable. Personal information stored in paper documents will be destroyed either by shredding or incineration.
Article 7 (Measures to Ensure the Security of Personal Information)
The company takes the following measures to ensure the security of personal information.
Technical measures: Encryption of sensitive data, installation of security programs, and management of access control systems for personal information processing systems.
2. Technical measures: Access control management for personal information processing systems, installation of access control systems, management of unique identification information, etc
...
3. Physical measures: Access control for computer rooms, data storage rooms, and other sensitive areas.
Article 8 (Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
① The Company uses “cookies” to store and retrieve usage information from time to time in order to provide users with personalized services.
② A cookie is a small piece of data sent by the server (HTTP) used to operate the website to the user’s web browser, and it may be stored on the hard drive of the user’s computer.
A. Purpose of Cookie Use: Cookies are used to analyze the user’s visit and usage patterns on various services and websites, popular search terms, and secure connection status in order to provide users with optimized information.
B. Installation, Operation, and Refusal of Cookies: Users can refuse the storage of cookies by configuring the settings in their web browser under Tools > Internet Options > Privacy menu.
(c) If you refuse to allow cookies to be stored, you may have difficulty using personalized services.
Article 9 (Personal Information Protection Officer)
① The Company is responsible for overseeing tasks related to the processing of personal information and has designated the following Personal Information Protection Officer to handle complaints and provide relief related to the processing of personal data.
▶ Personal Information Protection Officer
Name : OOO
Position : OOO
Contact:
※ You will be connected to the department in charge of personal information protection.
▶ Department in Charge of Personal Information Protection
Department:
Name:
Contact:
② Data subjects may contact the Personal Information Protection Officer and the responsible department for any inquiries, complaints, or requests for relief related to personal information protection that arise while using the company’s services (or business). The company will respond to and handle such inquiries without delay.
Article 10 (Request for Access to Personal Information)
A data subject may request access to personal information pursuant to Article 35 of the Personal Information Protection Act through the department listed below. The company will make every effort to promptly process the data subject’s request for access to personal information.
▶ Department for Receiving and Processing Personal Information Access Requests
Department:
Name:
Contact:
Article 11 (Remedies for Infringement of Rights and Interests)
The data subject may contact the following organizations for damage relief, consultation, and other inquiries related to personal data breaches.
▶ Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)
– Jurisdiction: Reporting personal information infringements and requesting consultations
– Website: privacy.kisa.or.kr
– Phone: 118 (toll-free, no area code required)
– Address: 3rd Floor, Personal Information Infringement Reporting Center, 9, Jinheung-gil, Naju-si, Jeollanam-do, 58324, South Korea
▶ Personal Information Dispute Mediation Committee
– Responsibilities: Personal data dispute mediation applications, collective dispute mediation (civil resolution)
– Website: www.kopico.go.kr
– Phone: (No area code) 1833-6972
– Address: 4th Floor, Government Seoul Office, 209 Sejong-daero, Jongno-gu, Seoul, 03171, South Korea
▶ Supreme Prosecutors’ Office Cyber Crime Investigation Division: 02-3480-3573 (www.spo.go.kr)
▶ National Police Agency Cyber Safety Bureau: 182 (http://cyberbureau.police.go.kr)
Article 13 (Implementation and Modification of Privacy Policy)
This Privacy Policy is effective as of October 18, 2024.
