Privacy Policy
- ① Kigle Co., Ltd. (hereinafter “the Company”) is in compliance with the relevant personal information protection regulations, which information and communication service providers must comply with, such as the Protection of Communications Secrets Act, Telecommunications Business Act, Act on Promotion of Information and Communication Network Utilization and Information Protection, and Act on the Protection, Use, Etc. of Location Information. The Company is also committed to protecting user rights by establishing a privacy policy in accordance with the relevant laws.
- ② The Company has posted this Privacy Policy on the website (http://kiglestudio.com/privacy_policy/eng) or the service screen so that it is accessible by the users at any time.
- ③ This Privacy Policy is subject to change due to changes in the relevant laws and guidelines, changes in the Company’s internal policies, etc. In the event of changes to the policy, the Company immediately announces the reason and contents of the change on the website or service screen.
1. Collection and Utilization Purpose of Personal Information
A. Performance regarding service agreement and payment therein
- Providing of contents, providing of certain customized service, delivery of goods or sending invoice, etc., identity verification, purchase and fee payment, fee collection
B. Member management
- Membership service access and identity confirmation for limited identity confirmation mechanism, identity verification, preventing wrongful and non-approved usage by poor members, confirming intention to sign-up, limiting sign-up & the number thereof, confirming whether legal agent agrees on collecting personal information of under 14 years old, identity confirmation for legal agent thereafter, record keeping for the purpose of dispute resolution, civil support such as complaints procedure etc., delivery of public notice matter
C. Customer service
- Identification of customer service recipient, confirmation of service content, contact/notification for investigation of fact, notification of processing result, etc.
D. Development of new service and utilization in marketing/advertisement
- Development of new services and providing customized service, providing service according to statistical characteristics and display of advertisement, confirmation of service effectiveness, providing event and advertisement information and providing participation opportunity, identification of access frequency, statistics on member’s service usage
2. Personal Information Items to be Collected
First, the Company may collect the following personal information for first time service users for the purpose of membership application, sound customer service, or various services.
- ① Mobile device information (model name, OS type and version, serial number, etc.), service usage and visiting record, authentication record, payment record, application version
- ② In the event of user participating in an event, contact, address, etc. may be collected for the delivery of winning prize.
Second, the following information may be generated and collected during the process of service usage.
- - Status information of membership user (account name, nickname, store name being used), photo, cookie, visiting date/time, service usage record, poor usage record, unique Kakao/Facebook ID (in terms of Kakao/Facebook interface service)
Third, location information.
- - The Company does not collect, store, or utilize information that can identify the location of individuals. However, for partial Smart Study services that include advertisement banners, etc., the location-aware advertisement of advertisement service providers may collect location information and temporarily utilize the information without storing the information such as information on actual location (i.e. GPS signal sent from mobile device) or nearby Wi-Fi access point and sensor data of device that can provide information of the base station.
3. Personal Information Collection Method
The Company collects personal information via the following methods.
- ① Automatic collection through execution or use of the “Company’s” program
- ② Collection through user’s voluntary provision during service subscription, service usage, or customer service
4. Sharing and Providing Personal Information
The Company utilizes user’s personal information within the scopes set forth in “1. Collection and Utilization Purpose of Personal Information,” and unless there is prior consent from the user or relevance to Article 17 & 18 of the Personal Information Protection Act, the Company does not use personal information outside such scope and does not disclose user’s personal information in principle. However, exceptions shall be made for the following cases.
- A. When the users have given prior consent to disclosure
- B. When prescribed by law or when requested by the investigating agency in accordance with the procedures and method prescribed by law for the purpose of investigation
5. Consignment of Collected Personal Information Processing
A. The Company consigns personal information as below to improve services and regulates necessary measures for safe management of personal information upon entering consignment contract in accordance with the relevant laws. The Company’s consigned personal information processing agency and the contents of consigned work are as follows.
- - Consigned agency :Kigle Co., Ltd.
- - Contents of consigned work : Implementation and operation of system for providing services
- - Personal information retention and use period : Until the end of service, withdrawal from membership, or end of consignment contract
B. Through the consignment contract, this service regulates and implements compliance to obligations such as compliance to laws related to protection of personal information, confidentiality related to personal information, prohibition of disclosure to a third party, liability in case of an accident, consignment period, return or destroying of personal information after the completion of processing.
6. Personal Information Retention and Use Period
In principle, the user’s personal information is destroyed without delay when the purpose of collection and use of personal information has been achieved. However, the following information can be retained for a set period for reasons set forth below.
A. Reason for information retention in accordance with the Company’s internal policies
- - Record of misappropriation
- Reason for retention : Prevention of misappropriation
- Retention period : 1 year
B. Reason for information retention in accordance with the relevant laws
If information needs to be retained in accordance with the regulations of relevant laws such as the Commercial Code and Act on the Consumer Protection in Electronic Commerce, Etc., the Company retains the member’s information for the period set forth in the relevant laws. In such a case, the Company uses the information only for the purposes of the retention, and the personal information retained in accordance with laws and the relevant laws are as follows.
- Retained items: Records related to agreement, subscription withdrawal, etc.
- Relevant statutory provisions: Act on the Consumer Protection in Electronic Commerce, Etc.
- Retention period: 5 years
- Retained items: Records on provision of payment, goods, etc.
- Relevant statutory provisions: Act on the Consumer Protection in Electronic Commerce, Etc.
- Retention period: 5 years
- Retained items: Records related to agreement, subscription withdrawal, etc.
- Relevant statutory provisions: Act on the Consumer Protection in Electronic Commerce, Etc.
- Retention period: 5 years
- Retained items: Records on consumer complaint or dispute processing
- Relevant statutory provisions: Act on the Consumer Protection in Electronic Commerce, Etc.
- Retention period: 3 years
- Retained items: Records related to markings/advertisements
- Relevant statutory provisions: Act on the Consumer Protection in Electronic Commerce, Etc.
- Retention period: 6 months
- Retained items: Ledgers and documentation related to all transactions regulated by tax law
- Relevant statutory provisions: Framework Act on National Taxes
- Retention period: 5 years
- Retained items: Records related to electronic banking transactions
- Relevant statutory provisions: Electronic Financial Transactions Act
- Retention period: 5 years
- Retained items: Service history
- Relevant statutory provisions: Protection of Communications Secrets Act
- Retention period: 3 months
7. Destroying and separate retention of personal information
In principle, the user’s personal information is destroyed without delay when the purpose of collection and use of personal information has been achieved. The Company’s procedure and method for destroying personal information are as follows.
A. Destroying procedure
- - The information entered by the user for the purpose of membership application shall be transferred to a separate DB (i.e. In the case of paper, separate document cabinet) and be destroyed after a certain period for record keeping based on information protection reasons (i.e. Refer to Personal Information Retention and Use Period) pursuant to the internal policy & other relevant laws and regulations.
- - The aforementioned personal information will not be used for other purposes than maintaining record in accordance with the relevant laws.
B. Destroying method
- - Personal information in hardcopy shall be destroyed by way of utilizing paper shredder or incineration.
- - Personal information in softcopy shall be deleted technically to prevent any restoration.
8. Technical/Managerial Measures regarding Personal Information Protection
The Company is taking the following technical/managerial protection measures in order to ensure safety from loss, theft, leak, forgery, or damage of personal information during processing.
A. Encryption of personal information
- As the user’s password is stored and managed through encryption, only the relevant member can recognize it, and separate security functions are being used for important data such as encryption of files & transmitted data or file locking function.
B. Measures against hacking, etc.
- The Company is making the best efforts to prevent leak or damage of user’s personal information caused by hacking, computer viruses, etc. The Company is conducting frequent backups to prepare for any damage to personal information, uses the latest vaccine programs to prevent leak or damage to user’s personal information, and implements safe network transmission of personal information through encrypted communication. In addition, the Company restricts unauthorized external access by using a firewall system and is committed to installing all technical equipment as much as possible to secure other system safety.
C. Minimization and training of processing staff
- The Company limits the accessing authority of staff carrying out personal information processing tasks to the person in charge and a special password is given and regularly updated for such purpose, and at alltimes through training with personal information handling staffs, it emphasizes the relevant compliance with Kigle’s Privacy Policy.
D. Operation of dedicated personal information protection organization
- Through an internal organization dedicated to personal information protection, there are efforts to confirm the implementation of Kigle’s Privacy Policy and compliance by the person in charge in order to immediately correct issues upon discovery. However, the Company shall not be liable in any way for issues arising from personal information leakage caused by the user’s negligence or online issues.
9. Contact for Person in Charge of Personal Information Management
You can report to the person or department in charge of personal information management with respect to all complaints on personal information protection, which has occurred by using the Company’s services. The Company is committed to fast and satisfactory reply regarding such matters.
- Person in charge of personal information management
- Name : Kim Yong-su
- Affiliation :Kigle Co., Ltd.
- Position : CEO
- Email : biz@kiglesutio.com
If you want to file a report or require consultation on other personal information infringements, please contact the following agencies.
- - - Center for Reporting Personal Information Infringement (privacy.kisa.or.kr/kor/main.jsp / 118)
- - ePrivacy Mark Certifying Committee (www.eprivacy.or.kr / 02-580-0533~4)
- - - Internet Crime Investigation Center, Supreme Prosecutors’ Office (www.spo.go.kr / 02-3480-2000)
- - Cyber Terror Response Center, Korean National Police Agency (www.ctrc.go.kr / 02-392-0330)
10. Duty of Notification
In the event of changes to the Privacy Policy, they shall be separately notified.
If the current Privacy Policy is changed, the contents of the changes shall be notified via a popup window on Kigle’s application, which shall follow a set enforcement date.
- Notice date: October 10, 2017
- Enforcement date: October 12, 2017