The Korea Digital Exchange Co., Ltd. (hereinafter referred to as the 'Company') has the following handling policy to protect users' personal information and rights and interests under the Personal Information Protection Act and to handle users' complaints related to personal information smoothly.
If the company revises the privacy policy, it will be notified through the website notice (or individual notice).
1. Personal information collection items
A. Personal information collection items
Purpose |
Classification |
Collected items
|
|
Join membership |
essential |
E-mail (ID), password |
|
Mobile phone identity verification |
essential |
Name, phone number, agency, birthday, gender |
|
Account Verification |
essential |
Name of an account holder, name of a financial institution, account number |
|
proof of residence |
essential |
Copy of ID (excluding last 7 digits), proof of residence |
|
Customer inquiry |
essential |
E-mail (ID) |
|
optional |
Name, phone number, account information, deposit and withdrawal information, and other information necessary for consultation |
|
|
Event Payment |
essential |
E-mail (ID) |
|
optional |
Name, phone number |
|
|
Inquiry for listing |
essential |
Representative name, applicant name, applicant phone number, applicant email address |
|
Refund process |
essential |
Copy of ID (excluding last 7 digits), Copy of remittance confirmation (deposit holder, account number, bank) |
|
OTP Initialization |
essential |
Copy of ID (excluding last 7 digits) (name, address, birthday) |
|
Usage History |
automatic selection |
Service use record, deposit and withdrawal record, transaction record, access log, visit date and time, access IP, cookie |
|
Customer tax utility bill report |
essential |
Name, E-mail (ID), Copy of ID |
The company collects personal information through the following methods. me. collection method
B. collection method
① Collection of personal information agreed by users for each item of membership registration and service use
② Collection through chatting, e-mail, telephone, etc. for handling customer inquiries, events, and taxes ③ Automatic collection of usage records through the system
2. Purpose of processing personal information
The company processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following, and prior consent will be sought when the purpose of the use is changed.
A. Membership registration and management
Personal information is processed to confirm the intention to join as a member, identifying and authenticating the person under the provision of membership service, maintaining and managing membership, preventing illegal use of services, various notices and notifications, handling grievances, and keeping records for dispute resolution
B. Provision of goods or services
Personal information is processed to provide services, provide content, providing customized services, and verifying identity.
C. Use in Marketing and Advertising
Development of new services (products) and provision of customized services, provision of event and advertisement information and participation opportunities, provision of services and advertisements according to demographic characteristics, verification of service effectiveness, identification of access frequency or statistics on member service use. etc. We process personal information for this purpose.
D. Personal information is processed by providing data upon request for a legitimate and legitimate investigation under hacking/fraud-related accident investigations and fulfillment of other legal obligations.
3. Processing and retention period of personal information
The company processes and retains personal information within the period of retention and use of personal information under laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
A. The period of retention and use of personal information
Purpose |
Classification |
Collected items
|
Retention period |
|
Join membership |
essential |
E-mail (ID), password |
Until membership withdrawal |
|
Mobile phone identity verification |
essential |
Name, phone number, agency, birthday, gender |
Until membership withdrawal |
|
Account Verification |
essential |
Name of an account holder, name of a financial institution, account number |
Until membership withdrawal |
|
proof of residence |
essential |
Copy of ID (excluding last 7 digits), proof of residence |
Until membership withdrawal |
|
Customer inquiry |
essential |
E-mail (ID) |
Until membership withdrawal |
|
optional |
Name, phone number, account information, deposit and withdrawal information, and other information necessary for consultation |
||
|
Event Payment |
essential |
E-mail (ID) |
Destroy within 90 days of event completion |
|
optional |
Name, phone number |
||
|
Inquiry for listing |
essential |
Representative name, applicant name, applicant phone number, applicant email address |
Destroy within 90 days of receiving inquiries |
|
Refund process |
essential |
Copy of ID (excluding last 7 digits), Copy of remittance confirmation (deposit holder, account number, bank) |
Until membership withdrawal |
|
OTP Initialization |
essential |
Copy of ID (excluding last 7 digits) (name, address, birthday) |
Until membership withdrawal |
|
Usage History |
automatic selection |
Service use record, deposit and withdrawal record, transaction record, access log, visit date and time, access IP, cookie |
Until membership withdrawal |
|
Customer tax utility bill report |
essential |
Name, E-mail (ID), Copy of ID |
Until membership withdrawal (at the time prescribed by the Act) |
| Optional |
Address |
B. Notwithstanding the company's personal information processing policy, the information to be kept under the relevant statutes as follows shall be kept for the period prescribed by the statute:
Classification |
Relevant laws |
Retention period |
|
Records on contract or withdrawal of subscription |
Act on Consumer Protection in Electronic Commerce, Etc. |
5years |
|
Records of payment and supply of goods |
5years |
|
|
Records of consumer complaints or disputes |
3years |
|
|
Records of Marking/Advertising |
6months |
|
|
Tax utility bill payment record |
Basic National Tax Act |
5years |
|
Personal information related to service use (login records) |
Communication Secret Protection Act |
3months |
4. Provision of personal information to third parties
A. The company processes the personal information of the information subject only within the scope specified in Article 1 (Purpose of processing personal information), and the personal information is processed only in the case of consent of the information subject and Articles 17 and 18 of the Personal Information Protection Act. give it to you. However, exceptions may be made in the following cases.
① Personal information necessary for the implementation of the contract for the provision of services for economic and technical reasons When it is remarkably difficult to obtain ordinary consent
② In case it is necessary for the settlement of fees for service provision
③ If there are special provisions in other laws
5. Consignment of personal information processing
A. The company entrusts the following personal information processing tasks for smooth personal information processing.
<Personal information processing consignment company - Domestic>
Trustee
|
Contents of entrusted work
|
Useage & Retention period |
|
NICE Evaluation Information Co. Ltd. |
Mobile phone identification and SMS authentication service |
Until membership withdrawal or end of the consignment contract |
|
Mail Link Co. Ltd. |
SMS and e-mail sending service |
|
|
NHN Co. Ltd. |
SMS sending service |
|
|
SureM Co. Ltd. |
SMS sending service for overseas only |
|
|
Kucon Co. Ltd. |
Deposit and Withdrawal Service |
|
|
Amazon |
Data storage and system operation |
|
|
Kt Alpha Co. Ltd. |
e-gift sending service |
|
|
LG U PLUS |
Telephone consultation history recording |
B. When the company provides personal information to a consigned company, the company manages and supervises so that the entrusted company does not violate the laws related to personal information protection.
C. The company entrusts some of the personal information to be processed abroad as follows for the smooth service provision and convenience enhancement of users.
<Personal information processing consignment company - Overseas>
Trustee
|
Country & contact number |
Personal information items
|
Purpose |
Date and method of consignment
|
Retention period |
|
Zendesk |
- Country: USA |
Email, name, contact information, consultation details |
customer service |
- Date: the time of member's service use - Method: Network transmission every time the service is used |
Destroy within 180 days after the end of the consultation |
|
|
- Country: USA - Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043 - Tel: (650) 253-0000 |
Email, Telegram ID, Twitter ID |
Fill out the event questionnaire |
- Date: the time of member's service use - Method: Network transmission every time the service is used |
Destroy within 90 days after the end of the event |
|
Gleam |
- Country:Australia, Melbourne - E-MAIL : privacy@gleam.io |
Email, Telegram ID, Twitter ID, Nickname |
Fill out the event questionnaire |
- Date: the time of member's service use - Method: Network transmission every time the service is used |
Destroy within 90 days after the end of the event |
|
Docusign |
- Country: USA - Address : 221 Main Street, Suite 1550, San Francisco, CA 94105 - E-MAIL : privacy@docusign.com - Tel: 65-9623-0690 |
email Name, address, resident registration number (excluding the last 7 digits), Contact number, bank, account number, copy of ID (excluding last 7 digits) A certified copy (name, address, date of birth) |
digital signature (Change of account and mobile phone number, recovery of wrong deposit, tax and utility bills) |
- Date: the time of member's service use - Method: Link via email every time you use the service |
Destroy within 90 days after the end of the event |
Users can exercise the following rights as a subject of personal information.
A. The information subject can exercise the following privacy-related rights against the company at any time.
① Request to view personal information
② Request for correction if there is an error, etc.
③ Request for deletion
④ Request to stop processing
B. The exercise of rights pursuant to Paragraph 1 can be done in writing or by e-mail in accordance with Form 8 of the Enforcement Rule of the Personal Information Protection Act to the company, and the company will take action without delay.
C. If the information subject requests correction or deletion of personal information errors, the company will not use or provide the personal information until the correction or deletion is completed.
D. The exercise of rights pursuant to Paragraph 1 can be done through an agent such as the legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in the form of Attachment No. 11 of the Enforcement Regulations of the Personal Information Protection Act.
7. Destruction of personal information
In principle, if the purpose of processing personal information is achieved, the company shall destroy the personal information without delay. Procedures, deadlines, and methods of destruction are as follows.
A. Destruction procedure: The information entered by the user is transferred to a separate DB after the purpose is achieved (a separate document in the case of paper) and stored for a certain period in accordance with the internal policy and other relevant laws, or immediately destroyed. At this time, the personal information transferred to the DB will not be used for any other purpose except in cases pursuant to the law.
B.Destruction deadline: When the retention period of personal information of users has elapsed, within 5 days from the end of the retention period, the personal information will become unnecessary In this case, the personal information is destroyed within 5 days from the date when the processing of personal information is deemed unnecessary.
C. Destruction method: Information in the form of electronic files uses a technical method that cannot reproduce the record. Personal information printed on paper is shredded with a shredder or destroyed through incineration.
8. Matters concerning the installation, operation, and rejection of automatic personal information collection devices
A. Cookies are used to provide users with faster and more convenient website use and to provide customized services.
B. Users have the option of installing cookies. Therefore, the user may allow all cookies by setting the options in the Tools > Internet Options > Personal Information menu at the top of the web browser, check each time a cookie is saved, or refuse to save all cookies.
C. If you refuse to install cookies, web use becomes inconvenient and there may be difficulties in using some services that require login.
9. Securing the safety of personal information
Under Article 29 of the Personal Information Protection Act, the company is taking the following technical/administrative, and physical measures necessary to secure safety.
A. Establishment and implementation of an internal management plan
The company establishes and implements an internal management plan for the safe handling of personal information.
B. Technical measures against hacking
to prevent leakage and damage of personal information caused by hacking or computer viruses, the company installs security programs, periodically updates and checks install systems in areas where access is controlled from outside, and technically monitors and blocks them.
C. Encryption of personal information
Member's sensitive personal information and passwords are encrypted and stored and managed. So the only member knows them and uses separate security features, such as encrypting files and transmission data or using file locking.
D. Storage of access records and prevention of forgery and falsification
The records of access to the personal information processing system are kept and managed for at least 6 months, and security functions are used to prevent forgery, alteration, theft, or loss of access records.
E. Restrict access to personal information
We take necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information and use an intrusion prevention system to control unauthorized access from outside.
F. Use of locks for document security
Documents and auxiliary storage media containing personal information are stored in a safe place with a lock.
G. Access control for unauthorized persons
A separate physical storage place for personal information is established and access control procedures are established and operated.
10. Personal Information Protection Officer
A. The company is responsible for the overall handling of personal information and has designated a person in charge of personal information protection as follows to handle complaints and damage relief from information subjects related to personal information processing.
▶ Person in charge of personal information protection
Name: Kim Seokjin
Position: CEO
Email: privacy@flybit.com
▶ Department in charge of personal information protection
Department Name: Information Security Team
Email: privacy@flybit.com
B. The information subject can inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that occurred while using the company's service (or business) to the person in charge of personal information protection and the department in charge. The company will respond and handle inquiries from information subjects without delay.
11. How to remedy human rights violations
The following organizations are separated organizations from the company. If you are not satisfied with the company's own personal information complaint handling and damage relief results or you need more detailed help, please contact us.
▶ KISA Personal Information Infringement Report Center
Responsibilities: Report personal information infringement, apply for counseling
Website: privacy.kisa.or.kr
Phone: (without area code) 118
▶ Personal Information Dispute Mediation Committee
Responsibilities: Information on personal information dispute mediation procedures, application, mediation (civil settlement)
Website: www.kopico.go.kr
Tel: (without area code) 1833-6972
▶ Prosecutor's Office
Responsibilities: Criminal cases, crime reporting, etc.
Website: www.spo.go.kr
Phone: (without area code) 1301
▶ National Police Agency Cyber Security Bureau
Responsibilities: Provision of personal information infringement, hacking, virus, game fraud, spam, prevention information, etc.
Website: cyberbureau.police.go.kr
Phone: (without area code) 182
12. Change of Privacy Policy
This personal information processing policy is effective from the effective date, and if there are additions, deletions, or corrections of changes according to laws and regulations, we will notify you through a notice 7 days before the implementation of the changes.
A. This Privacy Policy is effective from July 23, 2021.
B. The previous privacy policy can be found in the upper left corner.