Privacy Policy

Article 1 (Purpose)

Komachine Inc. (hereinafter referred to as the 'Company') protects the personal information of the information subject in accordance with Article 30 of the "Personal Information Protection Act", (hereinafter referred to as the 'law') and enables you to quickly and smoothly handle grievances related to this. We disclose the Privacy Policy as follows. The Company may revise the personal information processing policy from time to time in accordance with changes in related laws and guidelines or changes in internal operating policies, and the change will be notified according to circumstances.

Article 2 (Principle of Personal Information Processing)

In accordance with personal information related laws and this Policy, the Company may collect Users' Personal Information The collected Personal Information may be provided to third parties only with the User's consent. However, the collected Personal Information may be provided to third parties without the User's prior consent in cases where it is legally mandated by the provisions of relevant laws.

Article 3 (Disclosure of this Policy)

The Company discloses this Policy through the Platform so that Users can easily view and check it at any time.

Article 4 (Changes to this Policy)

This Policy may be amended due to changes in relevant laws, guidelines, public announcements, or the Company's service policies or content.

  1. When amending this Policy pursuant to Paragraph 1, the Company shall provide notification through one or more of the following methods:

    • Notification through announcements or separate windows on the Platform operated by the Company.
    • Notification to the User by written notice, email, or a similar method.
  2. The Company shall provide notification of the amendment pursuant to Paragraph 2 at least 7 days prior to the effective date of the amended Policy. However, if there are material changes to the User's rights or obligations, the Company shall provide notification at least 30 days in advance.

Article 5 (Personal Information Items to be Processed)

The company processes the following personal information items.

  1. Membership Registration and Management

    • Required information: Name, Email address, Mobile Phone Number, Office Phone Number

  2. Information for Payment Services

    • Required information: Card Number, Card PIN, Expiration Date, 6-digit Date of Birth (YY/MM/DD), Bank Name, and Account Number

  3. Information for Cash Receipt Issuance

    • Required information: Name of Cash Receipt Issuer, Mobile Phone Number, and Cash Receipt Card Number

Article 6 (Information for Service Use and Verification of Fraudulent Use)

  1. The Company collects the following information for statistical analysis based on the user's service use and for the verification and analysis of fraudulent use:

    • Mandatory Collection Information: Service usage records, cookies, access location information, and device information.
  2. Fraudulent Use refers to actions that interfere with the smooth operation of the Service, including: repeatedly re-applying for the Service after termination to illegally obtain economic benefits such as discount benefits provided by the Company; actions prohibited by the Terms of Service; and illegal activities such as identity theft.

Article 7 (Methods of Personal Information Collection)

  1. The Company collects the user's personal information through the following methods:

    • The method by which the user inputs their personal information on the Company's website.
    • The method by which the user inputs their personal information through services other than the website provided by the Company, such as applications.
    • The method by which the user receives and inputs their personal information via an email or external link sent by the Company.
    • The method by which the user inputs personal information while using the Company's services, such as through the customer center (Channel Talk, email, etc.) or activities on bulletin boards.

Article 8 (Use of Personal Information)

  1. The Company uses personal information in the following cases:

    • For necessary operations of the Company, such as the delivery of notices.
    • For improving services for users, such as replying to inquiries and handling complaints.
    • For providing the Company's services.
    • For developing new services.
    • For marketing purposes, such as providing information on events and promotions.
    • For demographic analysis, analysis of service visits and usage records.
    • For preventing and sanctioning acts that interfere with the smooth operation of the service, including measures to restrict the use of members who violate laws and the Company's Terms and Conditions, and fraudulent use.

Article 9 (Retention and Use Period of Personal Information)

  1. The Company shall retain and use the user's personal information for the period necessary to achieve the purpose of its collection and use.
  2. Notwithstanding the preceding paragraph, the Company may retain records of fraudulent service use for a maximum of one year from the time of the user's service termination, in accordance with internal policies, for the purpose of preventing fraudulent sign-ups and use.

Article 10 (Processing and Retention Period of Personal Information)

  1. The Company retains and uses personal information as follows, in accordance with relevant laws and regulations:

  2. Retention information and retention period according to the Act on Consumer Protection in Electronic Commerce, etc.

    • Records on contracts or withdrawal of offers: 5 years
    • Records on payment and supply of goods, etc.: 5 years
    • Records on consumer complaints or dispute resolution: 3 years
    • Records on indication/advertisement: 6 months

  3. Retention information and retention period according to the Protection of Communications Secrets Act

    • Website log records: 3 months

  4. Retention information and retention period according to the Electronic Financial Transactions Act

    • Records on electronic financial transactions: 5 years

  5. Act on the Protection and Use of Location Information

    • Records on personal location information: 6 months

Article 11 (Destruction of Personal Information)

  1. When the personal information becomes unnecessary, such as the elapse of the personal information retention period and the achievement of the processing purpose, the personal information will be destroyed without delay.
  2. If the personal information retention period agreed by the information subject has elapsed or the purpose of processing has been achieved, if personal information is to be kept in accordance with other laws and regulations, the personal information may be transferred to a separate database (DB) or the storage location may be changed. To preserve.

  3. The procedure and method of personal information destruction are as follows.

    • Destruction procedure: The Company selects the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the Company's personal information protection manager.
    • Destruction method: Personal information recorded and stored in the form of electronic files is destroyed using methods such as Low Level Format so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.

Article 12 (Measures for the Transmission of Commercial Advertising Information)

  1. The Company shall obtain the explicit prior consent of the user when transmitting commercial advertising information using electronic transmission media. However, prior consent is not required in any of the following cases:

    • Where the Company collects the recipient's contact information directly through a transaction relationship for goods and services, and intends to transmit commercial advertising information about goods of the same kind that the Company handled and traded with the recipient within six months from the date of the transaction's termination.
    • Where the solicitation is for telephone marketing pursuant to 「the Act on Door-to-Door Sales, etc.,」 the recipient is notified of the source of personal information collection, and the right to refuse reception is granted.
  2. Notwithstanding the preceding paragraph, if the recipient expresses an intention to refuse reception or withdraws prior consent, the Company shall not transmit commercial advertising information and shall notify the recipient of the result of processing the refusal of reception or the withdrawal of consent.
  3. Notwithstanding Paragraph 1, the Company shall obtain separate consent from the recipient when transmitting commercial advertising information using electronic transmission media between 9:00 PM and 8:00 AM the following day.

  4. When transmitting commercial advertising information using electronic transmission media, the Company shall clearly specify the following matters in the advertising information:

    • Company name and contact information
    • Matters concerning the expression of intent to refuse reception or withdraw consent

  5. The Company shall not take any of the following measures when transmitting commercial advertising information using electronic transmission media:

    • Measures that evade or obstruct the recipient's refusal of reception or withdrawal of consent for commercial advertising information.
    • Measures to automatically generate the recipient's contact information, such as phone numbers or email addresses, by combining numbers or characters (including those intended to protect numbers).
    • Measures to automatically register phone numbers or email addresses for the purpose of transmitting commercial advertising information.
    • Any measure to conceal the identity of the sender of commercial advertising information or the source of the advertising transmission.
    • Various measures to deceive the recipient and induce a response for the purpose of transmitting commercial advertising information.

Article 13 (Rights and Duties of the Information Subject and Legal Representative and How to Exercise the Rights)

  1. The information subject can exercise the following rights related to personal information protection at any time to the company.

    • Request to view personal information
    • Request for correction in case of errors
    • Request for deletion(However, if the personal information is specified as the object of collection in other laws and regulations, the deletion cannot be requested.)
  2. The exercise of the rights pursuant to Paragraph 1 can be done in writing, telephone, e-mail, fax, or other means to the Company, and the Company will take action without undue delay.
  3. If the information subject requests correction or deletion of errors in personal information, the company will not use or provide the personal information until the correction or deletion is completed.
  4. The information subject must not infringe on the personal information and privacy of the information subject or others handled by the company by violating related laws such as the Personal Information Protection Act.

Article 14 (User Obligations)

  1. The user must update and maintain their personal information accurately; problems arising from the user's inaccurate information input shall be borne by the user themselves.
  2. A member who has stolen another person's personal information may lose their user qualifications or be subject to punishment under relevant personal information protection laws and regulations.
  3. The user is responsible for thoroughly securing their email address, password, etc., and may not transfer or lend them to a third party.

Article 15 (Measures to Ensure the Safety of Personal Information)

  1. The following measures are taken to ensure the safety of personal information.

  2. Administrative measures

    • Establishment and implementation of internal management plans, regular employee training, etc.

  3. Technical measures

    • The Company installs, regularly inspects, and updates security programs to protect Users' Personal Information from hacking and computer viruses. It has established a system in an area which is strictly isolated from the outside and monitored it technically and physically.

  4. Restrictions on Access to Personal Information

    • The Company has taken necessary actions to control access to users' personal information by granting, changing or cancelling their rights to get access to personal information database. It has also regulated unauthorized access from the outside through an intrusion prevention system.

  5. Locks for Document Security

    • The documents and storage devices including users' personal information are kept in a safe and secure place with a lock.

Article 16 (Measures to Address Personal Information Leakage)

  1. Upon becoming aware of the loss, theft, or leakage (hereinafter referred to as 'Leakage, etc.') of personal information, the Company shall immediately notify the relevant users of all the following matters and report the Leakage, etc. to the Korea Communications Commission or the Korea Internet & Security Agency:

    • Items of personal information that have been leaked, etc.
    • The time when the Leakage, etc. occurred.
    • Measures the user can take.
    • Corresponding measures taken by the information and communication service provider, etc.
    • Department and contact information where users can report or inquire.

Article 17 (Exceptions to Measures for Personal Information Leakage)

  1. Notwithstanding the preceding article, the Company may take measures to substitute the notification of the preceding article by posting the notice on the Company's website for 30 days or more in cases where there is a justifiable reason, such as the inability to ascertain the contact information of the users.

Article 18 (Protection of Personal Information Transferred Overseas)

  1. As a general rule, the Company shall not transfer personal information to other business operators abroad without the user's prior consent.

  2. The Company may transfer personal information overseas in the following cases, and this information will be securely transferred by applying technical protective measures:

    • Where the user has given separate consent to the overseas transfer of personal information.
    • Where the consignment or storage of personal information is necessary for the provision of the Service to the user, and the matters concerning overseas transfer have been disclosed in the Privacy Policy or communicated to the user via email, written document, or other means.
  3. When the Company transfers personal information overseas after obtaining consent in accordance with the main text of Paragraph 2 of this Article, the Company shall take protective measures as prescribed by relevant laws and regulations, such as the Presidential Decree of the Personal Information Protection Act.

Article 19 (Installation and Operation of Automatic Personal Information Collection Device)

  1. The Company uses cookies to provide personalized services and enhance user experience on its website. These cookies store and retrieve usage information to tailor the website to individual users.
  2. Cookies are small amounts of information that a website's server (http) sends to your browser and may be stored on your computer or mobile device.
  3. You can configure your web browser settings to allow or block cookies. However, disabling cookies may limit your access to certain personalized services.

Article 20 (Request for Access to Personal Information)

  1. The Company has designated the person in charge of personal information protection as follows to take full responsibility for the handling of personal information and to handle complaints and relief from damages of the information subject related to personal information processing.

  2. Personal Information Protection Officer

    • Name: Kirby
    • Department: Data team
    • Tel: +82 31-275-9901
    • E-mail: data@komachine.com
  3. The information subject can inquire to the person in charge of personal information protection and the department in charge of all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's service (or business). The company will respond and handle inquiries from the information subject without delay.

Article 21 (Remedy for Infringement of Rights and Interests)

  1. The information subject may contact the following organizations for damage relief, consultation, etc. for personal information infringement.

    • Personal Information Dispute Mediation Committee: (Without area code) 1833-6972 (www.kopico.go.kr)
    • Personal Information Infringement Report Center: (Without area code) 118 (privacy.kisa.or.kr)
    • Supreme Prosecutors' Office Cyber Crime Investigation Division : (without area code)1301 (www.spo.go.kr)
    • National Police Agency Cyber Safety Guardian: (without area code)182 (ecrm.cyber.go.kr)

  2. Those whose rights or interests are infringed due to the punishment or omission of the governor concerning the request made pursuant to Articles 35 (Access to Personal Information), 36 (Rectification or Erasure of Personal Information) and 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act, they may request administrative appeals in accordance with the Administrative Appeals Act.

    • Administrative Appeals Commission : (without area code) 110 (www.simpan.go.kr)

[Amendment]

  1. The Privacy Policy comes into force on May 9, 2024.