Article 1. Purpose
1. Prompt Inc. (Hereinafter “Company”) shall highly value the personal information of its users regarding the provision of the Starcon service (Hereinafter “Service”) and shall do its best in managing and protecting the personal information of the users in an effective manner. Furthermore, the Company shall obey the regulations on privacy described on the acts on privacy including the Act on Promotion of Information and Communications, Network Utilization and Information Protection, etc.
Article 2. Items and Ways of Collecting Personal Information
The company collects the following information for the identification of its members at the initial signing-up procedure or the use of the service and for the provision of optimized service to the users. However, the Company does not require the users to provide personal information such as ethnicity, race, ideology, place of birth and others which may bring the issue of human rights violations. Optional questions will be utilized to find out the current status of the service and as basic data for marketing activities of the Company.
[What personal information we collect]
1. Members who joined via E-mail: (Required) Name, E-mail Address, Password
2. Members who joined via SNS account: (Required) SNS Identification Information (SNS Type, Member Number, ID and Others), E-mail Address, Profile Name, / (Selective) Profile Photo, Sex, Date of Birth
[Information for the Use of the Service]
The following information may be collected under the consent of the users during the process of the use of the service.
1. Terminal Information: Manufacturer, Model Name, OS version, Resolution, Unique ID Number of the Device (UUID, APNs Token), Location Information of the Terminal, Meta Information contained in the pictures and photos of the terminal of the user where the service gets installed (GPS location information, Date and others)
The following information may be created and collected during the process of the use of the service or during the process of managing the business.
2. History of the Use of the Service: History of the Use of the Service, Cookie, Access Log, IP Address, Error History, Country Code, Time Zone, Membership, Event (Application), Service Q&A, Deliver Request, Item Purchase, Payment History and Others.
In case of payment scenarios, credit card information, telecommunications company information and other payment-related information may be collected.
[Ways of Collection of Personal Information]
The Company collected personal information in the following manner.
1. The company collects the history of the use of the service during the process of running or using Starcon App.
2. The affiliated companies provided personal information to the Company.
3. The Company collects personal information through the tool for collecting generated personal information.
Article 3. Purposes of Collecting and Using Personal Information
The Company utilizes the collected personal information for the following purposes.
1. Finding user’s password
– For the purpose of sending temporary password to the user’s e-mail address in accordance at the request of the user
2. Fulfillment of Contract on the Provision of the Service
– For the purpose of paying and charge frees occurring at the provision of contents, delivery of goods, purchase of goods, and the use of premium service.
3. Membership Management
– For the purposes of providing membership service, identification of the user, prevention of illegal use of the service by bad users in accordance with the use of the membership service, confirmation of the intention of joining the service, retention of history for the mediation of conflicts, customer service and delivery of announcements.
4. Utilization of Personal Information for the Development of New Service, Functional Improvement, and Marketing and Promotion of the Service
– For the purposes of developing new service and providing customized service, functional improvement, providing service in accordance with statistical features and posting of advertisements, confirmation on the validity of the service, understanding the frequency of access, providing statistics on the use of the service by the members, providing information on events and promotional information and providing opportunities to participate in those events.
Article 4. Retention and Destruction of Personal Information
In principle, the Company shall destroy the personal information after achieving the purpose of collecting and using the personal information without delay. However, the personal information shall be retained during the period specified below due to the reasons including: Corporate policy, consent from the member, related laws and regulations.
1. Personal Information Related with Transaction
1) Retention Item: Transaction History
2) Retention Reason: The Act on Consumer Protection in Electronic Commerce and Others
3) Retention Period
– History on Contract, Cancellation of Subscription and Others: 5 years
– History on Payment and Supply of Goods and Others: 5 years
– History on Customer Complaints or Management of Conflicts: 3 years
2. Personal Information related with Log History
1) Retention Item: Access History
2) Retention Reason: Protection of Communications Secrets Act
3) Retention Period: 3 months
3. Transaction Information
1) Retention Item: All the ledgers on transactions and evidential documents defined but the Tax Act
2) Retention Reason: Framework Act on National Taxes
3) Retention Period: 5 years
The collected personal information will be deleted completely if the member leaves the service or if the member’s ID was deleted for falsely entering the personal information. Thus, the personal information is processed so that the Company may not use the personal information for any purpose.
Article 5. Sharing and Provision of Collected Personal Information
In principle, the Company uses the collected personal information for the purposes described on the Purposes of Collecting and Using Personal Information, and does not share the collected personal information with third parties without the prior consent from the user. However, the following cases are exceptions.
1. When users agreed in advanced
The Company shall provide information on the business partners of the company, the scope and the reason for the provision or the sharing of the information, the period and the method of the protection and the management of the information before the collection of the provision of the information to the users, and shall receive consent from the user in advance. The company shall not collect additional information or share the collected personal information with its business partners if the user does not provide consent on the terms and conditions.
2. In accordance with laws and regulations and when the investigative agency requires sharing of the information for the purpose of investigation through the legal procedures
3. When the collected information is required for the payment and the calculation of the fees requested by the user
4. When the collected information is required for the delivery of free gifts and the management of the prizewinners at the occurrence of the winning of an event.
Article 6. Process and Ways of Destroying Personal Information
In principle, the Company shall destroy the personal information after achieving the purpose of collecting and using the personal information or after reaching the period of retaining or using personal information without delay. The personal information will not be used for other purposes except its retention unless there are other laws on this (Act on Promotion of Information and Communications, Network Utilization and Information Protection, etc.) The ways and the process of destroying personal information are as follows.
1. Ways of Destruction
1) The printouts of the personal information shall be shredded by the paper shredder or incinerated.
2) The electronic forms of the personal information shall be deleted by using a technology making it impossible to reproduce or recover the records.
Article 7. Rights of Users and Legal Representatives and Ways of Exercising the Rights
1. The Company does not collect the age of the users. However, if the Company confirms that the user is a juvenile under 14, the Company will receive consent from the legal representative of the child. The user and the legal representative may check or modify the registered personal information of him or herself or the juvenile below 14 at all times, and may request for the cancellation of the membership or the suspension of the handling of the personal information. However, the use of the service may be restricted in whole or in part in such cases.
3. If users request the correction of their personal information, the personal information will not be used or provided until the correction is completed. In addition, if the wrong personal information is already provided to the third party, corrected results of the personal information will be notified to the third parties in accordance with the Article 5.
4. The Company deals with the personal information cancelled or deleted according to the request of the users of their legal representatives, following “The Period of Retaining and Using the Personal Information that the Company Collects” and handles it not be used for other purposes.
Article 8. Technical and Managerial Measures for the Protection of Personal Information
The Company is devising the following technical and managerial measures for the purpose of securing safety of the personal information against the loss, robbery, leakage, falsification or damage of the personal information regarding the handling of the personal information.
1. Technical Measures
1) The Company has been protecting the personal information through security functions in accordance with the related laws and regulations and corporate policy for the purpose of preventing the loss or the damage of the personal information against hacking or computer virus.
2) The company has been back-upping the data against the possible damage or the loss of the personal information, and has been preventing the leakage or the damage of the personal information or data of the users by using up-to-date computer vaccine program. The Company has been storing and handing user passwords through encryption, and has been using security device for the safe transfer of the personal information on network system.
3) The Company has been controlling the breaking and entering from the outside environment by using firewall system, and has been trying hard to procure all possible technical devices for the purpose of securing systematic security.
2. Managerial Measures
Article 9. Managers of Personal Information and Consultation/Reporting)
The company has been designating the Personal Information Manager collecting opinion on personal information and handling user complaints. Please contact the manager if you have any inquiry on the personal information.
1. Personal Information Managers
Name (Position): Suk-Hyun Kim (Department Head)
TEL : +82-2-3463-6700
FAX : +82-2-3463-6701
2. Working Hour
– Weekdays: 9:30~16:30
– The manager does not work on weekends and national holidays
3. Organizations or Institutions related with the Infringement of Personal Information
– Center for Reporting Infringement of Personal Information of the Korea Internet and Security Agency (http://www.118.or.kr / +82-118)
– High Tech and Financial Crimes Investigation Division of the Supreme Prosecutor’s office (http://www.spo.go.kr / +82-2-3480-2000)
– Cyber Terror Response Center of the National Police Agency (http://www.ctrc.go.kr / +82-2-392-0330)
Article 10. Changes in the Corporate Policy of Handling Personal Information and the Notification of the Changes in the Corporate Policy of Handling Personal Information