Personal Information Processing Policy
Chapter 1 General Provision
Article 1 (Basic principle)
App Doctor, Inc. (hereinafter referred to as the "company") complies with the privacy regulations under the relevant statutes for information and communication service providers, such as the Information and Communications Network Promotion and Information Protection Act, the Confidential Information Protection Act, the Telecommunications Business Act, and the Personal Information Protection Act, and does its best to protect members'rights and interests by defining a policy for managing personal information under the relevant statutes.
Chapter 2.Contents and Collection Methods of Personal Information
Article 2 (Personal Information Collected at the Membership Registration)
The company collects e-mail addresses, IDs, passwords, mobile phone numbers, names, birth dates, and genders from members at the time of signing up initial membership for registration and efficient management of complaints and other various services.
Article 3 (Information Additionally Generated and Collected During the UseofServices)
1. In the process of using a membership service, the company may collect information such as wireless signal data from wireless devices close to information and communication devices installed and operated by members, IP Address, cookies, date and time of visit, service usage history, device information, credit card information, bank account information, and payment records.
2. If a member purchases a service-related product (annual voucher, etc.), information such as name, date of birth, gender, credit card information, bank account information, payment history, etc. may be collected by the company.
Article 4 (Prohibition of Collection of Sensitive Personal Information, etc.)
The company does not collect sensitive personal information (race, ideology and creed, political orientation, criminal records, medical information, etc.) that may cause fundamental human rights violations of its members.
Article 5 (Personal Information Collection Method)
The company collects personal information as the following:
A. Collection through voluntary provision of members during subscription or use of services
B. Automatically collected by running or using a service program provided by a company
Chapter 3.Collection and Use of Personal Information
Article 6 (Purpose of Collection and Use of Personal Information)
The company collects and uses the personal information of its members for the following purposes:
A. Registration and management of membership: Confirmation of membership, identification and certification of identity according to the provision of membership-based services, maintenance and management of membership, identification byperformance of a limited identification system, prevention of fraudulent use of services, various notices and notification, etc.
B. Provision of services: The purpose of providing content, providing services, sending contracts or invoices, providing customized services, personal identification, age certification, payment of fees, settlement, collection of bonds, etc.
C. Handling complaints: The purpose of verifying the identity of a civil petitioner, verifying civil petitions, contacting and notifying for fact-finding, notifying the results of processing, etc.
D. Utilization for marketing and advertising: Development of new services (or products) and provision of customized services, provision of event and advertising information and provision of opportunities for participation, confirmation of the validity of services, identification of the frequency of access, statistics on the use of services by members, etc.
Chapter 4.Sharing and Providing Personal Information
Article 7 (Basic Principles for Sharing and Providing Personal Information)
The company shall use the personal information of a member within the scope notified in Article 6, and shall not use it in excess of the same scope without the prior consent of the member, or, in principle, disclose the personal information of the member to the outside or provide it to a third party. However, exceptions are made in the following cases:
A. In case a member agrees in advance;
B. In case personal information is processed and provided in a form in which a specific individual is not recognizable for the purpose of compiling statistics; or
C. In case there is a request from an investigative agency in accordance with other Acts and subordinate statutes or in accordance with the procedures and methods prescribed by Acts and subordinate statutes for the purpose of investigation
Chapter 5. Entrustment of Handling Personal Information
Article 8 (Entrustment of Handling Personal Information)
1. In principle, the company shall not entrust the handling, etc. of the personal information of its members to a third party.
2. Notwithstanding paragraph(1), the company may entrust part of its personal information processing affairs as follows for the efficient processing of personal information affairs, and shall ensure that personal information is managed safely in accordance with the relevant statutes at the time of entrustment:
|Trustee||Entrusted Work||Period of use and possession of personal information|
Chapter 6. Period of Possession and Use of Personal Information
Article 9 (Basic Principles for the Period of Possession and Use of Personal Information)
In principle, a member's personal information will be destroyed without delay when the purpose of collecting and using personal information is achieved.
Article 10 (Possession of Personal Information under the Company's Internal Policy)
Notwithstanding Article 9, the company shall keep information related to membership and management on a separate DB (in separate documents in the case of information recorded on paper) in accordance with the company's internal policies to prevent service-related disputes, and shall use it only within the scope of its purpose:
A. Principle: Until membership withdrawal
B. In case of investigation or investigation, etc. is underway for a member in violation of the relevant statutes: Until the completion of the relevant investigation or investigation
C. In case the bond and debt relationship remain between the company and its members: Until the settlement of the relevant bond and debt relationship is completed
Article 11 (Possession of Personal Information under Relevant Statutes)
A company shall transfer and keep the relevant personal information of a member on a separate DB (in separate documents in cases of information recorded on paper) for the following periods in accordance with the relevant Acts and subordinate statutes, and shall use it only within the scope of its purposes:
A. Records on identification: Preserve for 6 months in accordance with the Act on the Promotion of Use of Information and Communications Networks and Information Protection, etc.
B. Records concerning the date and time of telecommunications, the time of commencement and termination, the subscriber number, the number of uses, and the location tracking data of the transmission base station: Preserve for 1 year pursuant to the Communications Secrets Protection Act
C. Computer communications, internet log records, access tracking data: Preserve for 3 months in accordance with the Communications Secrets Protection Act
D. Records concerning contracts, withdrawal of subscriptions, etc.: Preserve for 5 years under the Consumer Protection Act on Electronic Commerce, etc.
E. Records concerning the payment of money and the supply of goods, etc.: Preserve for 5 years in accordance with the Consumer Protection Act on Electronic Commerce, etc.
F. Records on consumer complaints or dispute settlement: Preserve for 3 years in accordance with the Consumer Protection Act on Electronic Commerce, etc.
G. Records concerning display and advertising: Preserve for 6 months in accordance with the Consumer Protection Act on Electronic Commerce, etc.
Chapter 7. Destruction of Personal Information
Article 12 (Procedures and Methods of Destruction of Personal Information)
1. Within 5 days from the expiration of the retention period of personal information under Articles 9 through 11, and where personal information, such as the achievement of the purpose of processing personal information, the abolition of the relevant service, the termination of the business, etc. becomes unnecessary, the company shall destroy the relevant personal information in accordance with paragraph(3) of this Article within 5 days from the date on which the processing of personal information is deemed unnecessary.
2. The company selects the personal information that caused the destruction and destroys the personal information with the approval of the company's personal information protection officer.
3. The company destroys personal information as the following:
A. Personal information recorded and stored on paper: Destroy through shredder or incineration
B. Personal information stored in the form of an electronic file: Delete using a technical method to prevent the playback of records
Chapter 8: Rights of Members
Article 13 (Withdrawal of Consent to the Collect, Use, and Provide Personal Information)
A member may withdraw his/her consent to the collection, use, and provision of personal information at any time through membership, etc.
Article 14 (Request for Perusal, Certification, and Correction of Personal Information)
1.In case a member requests the perusal, certification, or correction of personal information, the company shall not use or provide the relevant personal information until it completes the correction or deletion, faithfully respond to the member's request, and where it is deemed necessary to correct or delete personal information, such as proving that there is an error in personal information or that the preservation period has expired, etc., such measures shall be taken without delay.
2. If a member requests perusal or verification by wire or in writing, the company receives a certificate such as a copy of the identification card of the applicant for his/her identification to confirm whether the request is his/her true intention.
Article 15 (Restrictions on the Company's Access and Use of Personal Information)
1. Personal information terminated, deleted or corrected at the request of a member shall be processed as prescribed in Articles 9 through 11, and shall not be accessed or used for other purposes.
2. Members can inquire or modify their registered personal information at any time and request the cancellation of their subscription.
Article 16 (Method of Exercising Rights)
A member may exercise his/her rights to the company by means of writing, e-mail, facsimile (FAX) or other means.
Article 17 (Exercising Agent's Rights)
A member may exercise his/her rights through his/her legal representative or attorney. In this case, a member shall submit a power of attorney under the Act and subordinate statute related to the Personal Information Protection Act to the company.
Chapter 9. Measures for Technical/Managemental Protection of Personal Information
Article 18 (Minimization and Education of Handling Staff)
Article 19 (Formulation and Implementation of an Internal Management Plan)
The company has established and implemented an internal management plan for the safe processing of personal information.
Article 20 (Encryption of Personal Information, etc.)
Members'personal information is encrypted, stored and managed, so they can know it only by themselves, and for important data, separate security and technical devices are applied, such as encrypting file and transfer data or using file locking functions.
Article 21 (Restriction on Access to Personal Information)
The company is taking the necessary measures to control access to personal information by granting, changing and deleting access to a database system that processes personal information, and uses an intrusion-blocking system to control unauthorized access from the outside.
Article 22 (Operation of Exclusive Organization for Personal Information Protection)
The company tries to correct problems immediately by checking the implementation of personal information handling policies and compliance with the person in charge through in-house personal information protection organizations. However, the company shall not be held responsible for any problems caused by the release of personal information due to the member's carelessness or Internet problems.
Article 23 (Personal Information Protection Officer and Person in Charge)
Members can use the company's services and report all complaints related to personal information protection to the following persons in charge. The company will promptly give sufficient answers to Members'reports.
- Name: Seok-gyun Huh
- Title: CEO
- Position: Representative
- Phone: 02-6490-1770
- Email: @appdr.com
Article 24 (Request for Access to Personal Information)
Members may file a request for access to personal information with the following department. The company will try to expedite the member's request for access to personal information.
- Name: Seok-gyun Huh
- Title: CEO
- Position: Representative
- Phone: 02-6490-1770
- Email: @appdr.com
Chapter 10. Miscellaneous
Article 25 (Methods of Notification and Notification Related to Personal Information Handling Policies)
1. In case there is an addition, deletion, or modification of the current personal information processing policy, the company shall notice the reason for the change and its contents through 'notices' such asan electronic bulletin board managed and operated by the company (including bulletin boards in the company's website or application, the company's SNS bulletin board, etc.) at least 7 days prior to the amendment. However, if there is an important change in user rights in the collection and utilization of personal information, it shall be notified at least 30 days in advance.
2.In casethe company intends to obtain additional consent from a member to use the personal information beyond the consent of the member or to entrust it to a third party, the company shall notify the member of the relevant matters individually in writing, e-mail, telephone, etc. in advance.
3. In case the company entrusts the collection, storage, processing, use, provision, management, destruction, etc. of personal information to a third party, it shall notify the member of such fact through the service terms and conditions, personal information handling policies, etc.
Article 26 (Remedy for Infringement of Rights and Interests)
Members may inquire the following institutions about relief, counseling, etc. against personal information infringement. The following organization is separate from the company, so please contact us if you are not satisfied with the company's own personal information complaints and damage relief results or need more detailed help
A. Personal Information Infringement Report Center (Korea Internet & Security Agency Operation)
- Type of work: Reporting personal information infringement, requesting counseling
- Homepage: privacy.kisa.or.kr
- Phone#: 118 (without local code)
- Address: (138-950)135, Jungdae-ro,Songpa-gu, Seoul, IT Venture Tower, Korea Internet & Security Agency Personal Information
- Infringement Reporting Center
B. Personal Information Dispute Settlement Committee (Korea Internet & Security Agency Operation)
- Type of work: Filing for dispute settlement of personal information, class dispute settlement (civil settlement)
- Homepage: www.kopico.or.kr
- Phone#: 02-405-5150
- Address: (138-950) 135, Jungdae-ro, Songpa-gu, Seoul, IT Venture Tower Korea Internet & Security Agency Personal Information
Dispute Settlement Committee
C. The Cyber Investigation Division of the Supreme Prosecutors'Office: 02-3480-3570 (cybercide.spo.go.kr)
D. The Cyber Security Bureau of the National Police Agency: 182 (cyberbureau.police. go.kr)
E. Information Security Mark Certification Committee: 02-580-0533~4 (www.eprivacy or.kr)
This Personal Information Processing Policy is valid as of September 1, 2018.