A. Performance regarding service agreement and payment therein

• Providing of contents, providing of certain customized service, delivery of goods or sending invoice, etc., identity verification, purchase and fee payment, fee collection

B. Member management

• Membership service access and identity confirmation for limited identity confirmation mechanism, identity verification, preventing wrongful and non-approved usage by poor members, confirming intention to sign-up, limiting sign-up & the number thereof, confirming whether legal agent agrees on collecting personal information of under 14 years old, identity confirmation for legal agent thereafter, record keeping for the purpose of dispute resolution, civil support such as complaints procedure etc., delivery of public notice matter

C. Customer service

• Identification of customer service recipient, confirmation of service content, contact/notification for investigation of fact, notification of processing result, etc.

D. Development of new service and utilization in marketing/advertisement

• Development of new services and providing customized service, providing service according to statistical characteristics and display of advertisement, confirmation of service effectiveness, providing event and advertisement information and providing participation opportunity, identification of access frequency, statistics on member’s service usage

First, the Company may collect the following personal information for first time service users for the purpose of membership application, sound customer service, or various services.

Second, the following information may be generated and collected during the process of service usage.

• - Status information of membership user (account name, nickname, store name being used), photo, cookie, visiting date/time, service usage record, poor usage record, unique Kakao/Facebook ID (in terms of Kakao/Facebook interface service)

Third, location information.

• - The Company does not collect, store, or utilize information that can identify the location of individuals. However, for partial Smart Study services that include advertisement banners, etc., the location-aware advertisement of advertisement service providers may collect location information and temporarily utilize the information without storing the information such as information on actual location (i.e. GPS signal sent from mobile device) or nearby Wi-Fi access point and sensor data of device that can provide information of the base station.

The Company collects personal information via the following methods.

The Company utilizes user’s personal information within the scopes set forth in “1. Collection and Utilization Purpose of Personal Information,” and unless there is prior consent from the user or relevance to Article 17 & 18 of the Personal Information Protection Act, the Company does not use personal information outside such scope and does not disclose user’s personal information in principle. However, exceptions shall be made for the following cases.

• A. When the users have given prior consent to disclosure
• B. When prescribed by law or when requested by the investigating agency in accordance with the procedures and method prescribed by law for the purpose of investigation

A. The Company consigns personal information as below to improve services and regulates necessary measures for safe management of personal information upon entering consignment contract in accordance with the relevant laws. The Company’s consigned personal information processing agency and the contents of consigned work are as follows.

• - Consigned agency :Kigle Co., Ltd.
• - Contents of consigned work : Implementation and operation of system for providing services
• - Personal information retention and use period : Until the end of service, withdrawal from membership, or end of consignment contract

B. Through the consignment contract, this service regulates and implements compliance to obligations such as compliance to laws related to protection of personal information, confidentiality related to personal information, prohibition of disclosure to a third party, liability in case of an accident, consignment period, return or destroying of personal information after the completion of processing.

In principle, the user’s personal information is destroyed without delay when the purpose of collection and use of personal information has been achieved. However, the following information can be retained for a set period for reasons set forth below.

A. Reason for information retention in accordance with the Company’s internal policies

• - Record of misappropriation
• Reason for retention : Prevention of misappropriation
• Retention period : 1 year

B. Reason for information retention in accordance with the relevant laws

If information needs to be retained in accordance with the regulations of relevant laws such as the Commercial Code and Act on the Consumer Protection in Electronic Commerce, Etc., the Company retains the member’s information for the period set forth in the relevant laws. In such a case, the Company uses the information only for the purposes of the retention, and the personal information retained in accordance with laws and the relevant laws are as follows.

In principle, the user’s personal information is destroyed without delay when the purpose of collection and use of personal information has been achieved. The Company’s procedure and method for destroying personal information are as follows.

A. Destroying procedure

• - The information entered by the user for the purpose of membership application shall be transferred to a separate DB (i.e. In the case of paper, separate document cabinet) and be destroyed after a certain period for record keeping based on information protection reasons (i.e. Refer to Personal Information Retention and Use Period) pursuant to the internal policy & other relevant laws and regulations.
• - The aforementioned personal information will not be used for other purposes than maintaining record in accordance with the relevant laws.

B. Destroying method

• - Personal information in hardcopy shall be destroyed by way of utilizing paper shredder or incineration.
• - Personal information in softcopy shall be deleted technically to prevent any restoration.

The Company is taking the following technical/managerial protection measures in order to ensure safety from loss, theft, leak, forgery, or damage of personal information during processing.

A. Encryption of personal information

• As the user’s password is stored and managed through encryption, only the relevant member can recognize it, and separate security functions are being used for important data such as encryption of files & transmitted data or file locking function.

B. Measures against hacking, etc.

• The Company is making the best efforts to prevent leak or damage of user’s personal information caused by hacking, computer viruses, etc. The Company is conducting frequent backups to prepare for any damage to personal information, uses the latest vaccine programs to prevent leak or damage to user’s personal information, and implements safe network transmission of personal information through encrypted communication. In addition, the Company restricts unauthorized external access by using a firewall system and is committed to installing all technical equipment as much as possible to secure other system safety.

C. Minimization and training of processing staff

• The Company limits the accessing authority of staff carrying out personal information processing tasks to the person in charge and a special password is given and regularly updated for such purpose, and at alltimes through training with personal information handling staffs, it emphasizes the relevant compliance with Kigle’s Privacy Policy.

D. Operation of dedicated personal information protection organization

• Through an internal organization dedicated to personal information protection, there are efforts to confirm the implementation of Kigle’s Privacy Policy and compliance by the person in charge in order to immediately correct issues upon discovery. However, the Company shall not be liable in any way for issues arising from personal information leakage caused by the user’s negligence or online issues.

You can report to the person or department in charge of personal information management with respect to all complaints on personal information protection, which has occurred by using the Company’s services. The Company is committed to fast and satisfactory reply regarding such matters.

If you want to file a report or require consultation on other personal information infringements, please contact the following agencies.

In the event of changes to the Privacy Policy, they shall be separately notified.

If the current Privacy Policy is changed, the contents of the changes shall be notified via a popup window on Kigle’s application, which shall follow a set enforcement date.