アイドキ(idoki) Privacy Policy
INFOBANK CO LTD (hereinafter referred to as 'the Company') protects the personal information of the information subjects who use the mobile application idoki (www.idoki.app, hereinafter "Service") in accordance with the Personal Information Protection Act.
In accordance with the "Personal Information Protection Act," to guide the information subjects on the procedures and standards for personal information processing and to swiftly and smoothly handle related grievances, the following personal information processing policy is established and disclosed:
1. Purpose of Processing Personal Information, Collected Items, Retention and Use Period
1. The Company processes the personal information of the information subjects as follows:
|
Category |
Linked Channel |
Purpose of Collection |
Collected Items |
Retention and Usage Period |
|
Mobile Application SNS Simplified Member Registration |
Line |
Providing membership services, personal identification, prevention of misuse by malicious members and unauthorized use, confirmation of intent to join, limitation on registration and number of registrations, record preservation for adjustment, complaint handling, delivery of notices and notifications, confirmation of intent to withdraw membership, record purposes for members whose service use has been suspended. |
[Required] Email address, username, profile picture, SNS ID |
Until the member withdraws However, for the purpose of preventing use by withdrawn members and for dispute adjustment, the following items will be retained for 1 year: Retention Items: Email address, username, profile picture, SNS ID |
|
|
||||
|
Apple |
||||
|
Date of Birth, Gender |
Entered at the time of idoki registration |
For providing services and placing advertisements based on demographic characteristics |
[Optional] Date of Birth, Gender |
After member
withdrawal for 1 year |
|
1:1 Inquiry |
LIne |
For confirming the person in charge and securing a smooth communication path due to service consultation request |
[Required]Username, Email address
|
1 year |
2. In the process of using the service or during the process of handling service provision tasks, the following information may be automatically generated or additionally collected:
- IP address, device information, access log, visit date and time, payment and purchase information, service usage records, bad usage records, advertising identifiers
3. Personal information is processed for the purposes of developing new services (products) and providing customized services, providing event and advertising information and opportunities for participation, providing services and placing advertisements based on demographic characteristics, verifying the effectiveness of the service, identifying access frequency, or for statistics on members' service usage.
<Information Required by Relevant Laws>
In cases where it is necessary to preserve information according to the provisions of related laws such as the Commercial Act, the Act on Consumer Protection in Electronic Commerce, etc., the company will retain member information for a certain period as prescribed by the related laws.
In such cases, the company will use the stored information only for the purpose of its preservation, and the retention period is as follows:
|
Basis for Preservation |
Contents of Preservation |
Retention Period |
|
Act on Consumer Protection in Electronic Commerce, Etc. |
Records related to payment and supply of goods, etc. |
5 years |
|
Records related to contracts or withdrawal of subscriptions, etc. |
5 years |
|
|
Records related to consumer complaints or dispute resolution |
3 years |
2. Provision of Personal Information to Third Parties
The company uses the members' personal information within the scope of the consent obtained and does not, in principle, provide users' personal information to third parties beyond the scope of this privacy policy without the prior consent of the members. However, personal information may be provided to third parties only in cases that correspond to Article 17 of the Personal Information Protection Act, such as with the consent of the member or under special provisions of the law.
3. Consignment of Personal Information Processing
When the company consigns the processing of users' personal information for the fulfillment of the service, it will notify the contents of the consignment and the consignee, and stipulate necessary matters in the consignment contract to ensure that personal information can be managed safely, complying with related laws and supervising it. The company's personal information consignment processing organizations and the contents of the consigned tasks are as follows:
|
Consignee |
Contents of Consignment Work |
|
WithPlant Co., Ltd. |
Service development, maintenance, and operation |
|
AMP Co., Ltd. |
Service marketing, content production, and customer service (CS) response |
4. Procedure and Method for Destruction of Personal Information
The company will destroy personal information without delay once the purpose of collecting and using the personal information has been achieved, ensuring that the personal information cannot be recovered or regenerated. The destruction procedure and method are as follows:
a. Destruction Procedure
Information entered by members for registration, etc., is transferred to a separate DB after its purpose has been achieved (paper records are transferred to a separate document box) and is destroyed after being stored for a certain period according to internal policies and other relevant legal reasons (refer to the retention and usage period). Personal information transferred to a separate DB will not be used for any purpose other than retention unless required by law. However, if there is a need to retain the information for a certain period due to regulations of the Commercial Act and other relevant laws for the verification of transaction-related rights and obligations, it will be retained for such period.
b. Destruction Method
Personal information stored in electronic file format is permanently deleted in a way that makes regeneration impossible. Personal information printed on paper is destroyed by shredding or incineration.
5. Destruction of Personal Information of Inactive Users
a. The company converts users who have not used the service for a year into dormant accounts and stores their personal information separately. Separately stored personal information is destroyed without delay after being stored for one year.
b. The company notifies users scheduled to be converted into dormant accounts about the separate storage of personal information, the scheduled date of dormancy, and the items of personal information to be stored separately by email or other possible methods to the user, at least 30 days before the conversion to a dormant account.
c. If you do not wish to convert to a dormant account, you can prevent this by logging in to the service before the conversion to a dormant account. Also, even if converted to a dormant account, you can restore the dormant account and use the service normally according to the user's consent by logging in.
6. Rights and Obligations of the Information Subject and Legal Representative and How to Exercise Them
a. The information subject can exercise rights such as requesting access to, correction, deletion, or suspension of processing of personal information to the company at any time.
b. The exercise of rights can be done in writing, via email, or fax (FAX) to the company, and the company will take action without delay.
c. The exercise of rights can also be done through a legal representative or an agent authorized by the information subject. In this case, a power of attorney according to the form No. 11 of the enforcement rule of the Personal Information Protection Act must be submitted.
d. Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
e. The company verifies whether the person making the request for access, correction, deletion, or suspension of processing is the information subject or a legitimate representative when such requests are made.
7. Measures to Ensure the Safety of Personal Information
The company takes the following measures to ensure the safety of personal information:
- Administrative Measures: Establishment and implementation of an internal management plan, regular training for employees, collection of pledges.
- Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation, and updating of security programs.
8. Personal Information Protection Officer and Department for Handling Requests for Access to Personal Information
1. The company has designated a Personal Information Protection Officer to oversee the overall personal information processing tasks, and to handle complaints and remedy damages related to the processing of personal information as follows:
2. Information subjects can request access to personal information to the department below. The company will strive to ensure that requests for access to personal information by information subjects are processed promptly.
|
Category |
Personal Information Protection Officer |
Request for Access to personal Information |
|
Department Name |
iAccel Division |
Information Security Team |
|
Name |
Representative Jongcheol Hong |
Hyunjae Jeon |
|
Contact Information |
- |
Phone:1588-2460 |
3. Information subjects can contact the Personal Information Protection Officer and the responsible department for all inquiries, complaints handling, and remedy for damages related to personal information protection that arise while using the company's services. The company will respond and address the inquiries of the information subjects without delay.
9. Remedies for Infringement of Information Subject's Rights
1. The company is committed to ensuring the self-determination rights of information subjects regarding their personal information and strives to provide consultation and remedy for damages due to personal information infringement. If you need to report or consult, please contact the department below.
- Personal Information Department
- Department Name: Information Security Team
- Person in Charge: Ha Dong Shin
- Contact: 1588-2460 / privacy1@infobank.net
2. Information subjects can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc., to seek remedy for personal information infringement. For other reports and consultations on personal information infringement, please contact the following institutions:
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
- National Police Agency: 182 (ecrm.cyber.go.kr/minwon/main)
3. Those who have suffered infringement of their rights or interests due to dispositions or inactions by the head of a public institution in accordance with the provisions of the "Personal Information Protection Act" may file for administrative adjudication in accordance with the Administrative Adjudication Act.
- Central Administrative Appeals Commission: 110 (www.simpan.go.kr)
10. Matters Concerning Changes to the Personal Information Processing Policy
1. This personal information processing policy will be applied from December 17, 2023.