통합회원 개인정보 처리방침_20240514 (영어)
Integrated Member Privacy Policy
The company, MAKESTAR Co., Ltd. (hereinafter referred to as the "Company"), establishes and discloses the privacy policy to protect the personal information of integrated members and to promptly and smoothly handle related complaints. The definitions of terms used in the Privacy Policy shall follow relevant laws, the Company's Integrated Member Terms of Service, etc., except as defined herein.
Article 1 (Consent to Handling Personal Information)
The company follows a procedure for obtaining consent to the Privacy Policy at the time of user registration. By pressing the "Agree" button, the user is considered to have read and agreed to the Privacy Policy.
Article 2 (Purpose of Personal Information Processing)
The company processes the personal information of members for the following purposes and will not use it for any other purpose:
- Member management: Identification and verification of members, notification and delivery of notices to members
- Member consultation processing: Receipt of member consultations and complaints, notification of processing results
- Service provision: Providing services and improving service quality, preventing misuse within the service, developing new services/technologies, providing personalized services
- Marketing and advertising promotion: Providing advertising information
- Reward or product delivery
- Product payment, settlement, refund processing
Article 3 (Items and Methods of Collecting Personal Information)
The company collects the minimum personal information necessary for service operation. If additional personal information is required for service use, the company will obtain separate consent from the member before collecting personal information. The specific personal information items and purposes of use are as follows:
| Category | Item | Purpose of Collection |
| During member registration and login | [Required items] General member registration/login: Email address, password [Required items] Social login registration/login: Social media ID, nickname, social media login success status, email address, password | Identification and verification of members, notification and delivery of notices to members, receipt of member consultations/complaints, notification of processing results |
| During service use | [Required items] Service usage records, access logs, access IP, device information | Provision of services and improvement of service quality, prevention of misuse within the service, development of new services/technologies, provision of personalized services |
| During Funding or Product Ordering and Personal Information Registration | [Required items] Name, email address, country of residence, address, phone number, date of birth, social media information (ID) | Identification and verification of members, reward or product delivery |
| During Funding or Product Payment | [Required items] Credit card payment: Card issuer name, card number, CVC Payment, settlement, refund processing | Product payment, settlement, and refund procedures |
| [Required items] Mobile phone payment: Phone number, carrier, email address | ||
| [Required items] Book and culture gift certificate payment: Unique gift certificate number | ||
| During Refund Processing | [Required items] Bank name, account number, account holder name | Refund processing |
| When Registering as STREAMWITH Service Operator | [Required items] Twitter (before change) account name, Instagram account name, number of followers | Identification and verification of members, provision of services, improvement of service quality |
| Utilization for Marketing and Advertising | [Optional items] - MAKESTAR ID, email address, PUSH token - Winner announcement, prize collection related: Participant's name (in Korean), Participant's name (in English), phone number, winner's receiving email, date of birth, phone number, winner's item receiving country and address Information related to services provided by the company, advertising, promotions, advertising, events, benefits | Sending information and marketing-related notices via email and push, SMS, KakaoTalk notification messages Announcement of winners, prize collection guidance |
Article 4 (Retention and Use Period of Personal Information)
① The Company processes and retains personal information within the period agreed upon when collecting personal information from members or the period required by law.
② The Company retains the personal information of members until the termination of the service usage agreement or withdrawal of membership if the user agrees to the terms and conditions and privacy policy upon membership registration. However, in the following cases, the Company may retain the personal information until the relevant reason is resolved:
- In the event of an ongoing investigation due to a violation of relevant laws.
- In the case of remaining claims and obligations related to site usage until settlement.
③ Notwithstanding the provisions of paragraph 2, the Company may retain the personal information of members for up to one year after membership withdrawal to prevent re-registration and block unauthorized usage.
④ The Company may retain personal information in accordance with relevant laws as follows:
| Information Retained | Retention Period | Legal Basis |
| Records related to payment and supply of goods | 5 years | Electronic Commerce Act |
| Records related to contracts or withdrawal of subscription | 5 years | Electronic Commerce Act |
| Records related to consumer complaints or dispute resolution | 3 years | Electronic Commerce Act |
| Records related to display advertising | 6 months | Electronic Commerce Act |
| Records related to electronic financial transactions | 5 years | Electronic Financial Transactions Act |
| Website visit records | 3 months | Telecommunications Basic Act |
| Records related to the collection, processing, and use of credit information | 3 years | Credit Information Use and Protection Act |
Article 5 (Provision of Personal Information to Third Parties)
① The Company may provide or use personal information for purposes other than the intended purpose to third parties only with the consent of the member under Article 17 and 18 of the Personal Information Protection Act and when permitted by relevant laws.
② If the Company needs to provide (including sharing) personal information within a limited scope to business partners or third-party organizations through a partnership agreement or to use the collected personal information for purposes other than the intended purpose, the Company shall notify the members of the following details and obtain prior consent before implementation:
- The recipient of the personal information
- Purpose of using the personal information by the recipient
- Items of personal information provided
- Retention and use period of the personal information by the recipient
- The right to refuse consent and the content of any disadvantages resulting from refusal
③ The following cases allow the Company to use personal information for purposes other than the intended purpose or provide it to third parties without the consent of the member, as permitted by relevant laws:
- When providing personal information in a form that does not identify specific individuals for purposes such as academic research and statistical compilation.
- When necessary for the investigation and prosecution of crimes and the maintenance of prosecution.
- When necessary for the performance of judicial duties by courts.
- When there are specific provisions in laws such as the Personal Information Protection Act, Telecommunications Basic Act, Telecommunications Business Act, and Criminal Procedure Act.
Article 6 (Outsourcing of Personal Information Processing)
① The Company outsources personal information processing tasks as follows for smooth handling of personal information, etc.
| Contractor | Handled Tasks |
| Toss Payments Corporation | Electronic payment services |
| Eximbay Corporation | Electronic payment services |
| PayPal Pte. Ltd. | Electronic payment services |
| Alipay (Hangzhou) Technology Co. Ltd | Electronic payment services |
| ICB, Inc. | Electronic payment services |
| Nice Payments Corporation | Electronic payment services |
| CJ Logistics Corporation | Reward or product delivery |
| Logen Corporation | Reward or product delivery |
| JD Logistics, Inc | Reward or product delivery |
| Hanjin Corporation | Reward or product delivery |
| Korea Post (Post Office) | Reward or product delivery |
| DHL International GmbH | Reward or product delivery |
| Shanghai YTO Express (Logistics) Co., Ltd. | Reward or product delivery |
| Goodsflo Coporation | Reward or product delivery |
| Easy Admin Corporation | Reward or product delivery |
| Google LLC | In-app purchases |
| Apple Inc. | In-app purchases |
② When entering into outsourcing contracts, the Company specifies the following items in the contract documents pursuant to Article 26 of the Personal Information Protection Act and supervises whether the contractor safely manages and processes personal information:
- Prohibition of processing personal information beyond the purpose of the outsourced tasks
- Technical and managerial protective measures
- Restrictions on re-outsourcing
- Management and supervision of the contractor
- Matters regarding liability for damages, etc.
Article 7 (Rights, Obligations, and Methods of Exercising Rights of Data Subjects)
① Members may exercise the following rights related to personal information protection to the Company at any time:
- Request to access personal information
- Request correction if there are errors in personal information
- Request deletion of personal information
- Request suspension of processing personal information
② The exercise of rights under paragraph 1 by members may be made to the Company through written, telephone, electronic mail, fax, etc., and the Company promptly takes action thereon.
③ If a member requests correction or deletion of personal information due to errors, etc., the Company shall not use or provide such personal information until the correction or deletion is completed.
④ If a member is under 14 years of age, the legal guardian may request access to the child's personal information from the Company.
⑤ Members must not infringe upon the personal information and privacy of themselves or others processed by the Company in violation of related laws, including the Personal Information Protection Act.
Article 8 (Destruction of Personal Information)
① When the retention period of personal information has expired, or when personal information becomes unnecessary for the purpose of processing, the Company promptly destroys the relevant personal information.
② If personal information must be preserved in accordance with other laws despite the expiration of the consented retention period from members or the achievement of the processing purpose, the Company transfers the relevant personal information to a separate database or stores it in a different location.
③ The procedure and method of destroying personal information by the Company are as follows:
- Destruction procedure: The Company selects personal information for destruction and destroys it with the approval of the Company's personal information protection manager.
- Destruction method: Personal information recorded and stored in electronic file form is destroyed using technical methods to prevent reproduction, and personal information recorded and stored on paper documents is destroyed by shredding or incineration.
Article 9 (Measures to Ensure the Security of Personal Information)
① The Company makes its best efforts to securely manage members' personal information and protects personal information beyond the level required by the Information and Communication Network Act and the Personal Information Protection Act in accordance with the methods stipulated in this Article.
② The Company minimally manages employees handling personal information, and continuously emphasizes the importance of protecting members' personal information through regular and ad-hoc education for personal information handlers.
③ The Company installs security programs to prevent personal information leakage and damage caused by hacking or computer viruses and conducts periodic renewal inspections. It also installs systems in areas where access is controlled from external sources and monitors and blocks them technically and physically.
④ The Company stores documents containing personal information and auxiliary storage media in a secure location with locking devices.
⑤ The Company maintains a separate physical storage location for personal information and controls access to it.
Article 10 (Changes to the Privacy Policy)
① In the event of additions, deletions, or modifications to the contents of the privacy policy, the Company shall announce the revised contents through the website or app at least 7 days prior to the effective date of the revised privacy policy.
② In cases where there are significant changes affecting the rights of members, such as third-party provision of personal information, the Company shall announce the revised contents through the website or app at least 30 days prior to the effective date of the revised privacy policy and obtain separate consent from the members.
Article 11 (Transfer of Personal Information due to Business Transfer, etc.)
When transferring personal information to another person through the transfer, merger, etc., of all or part of its business, the Company must inform the affected members in advance through notification or announcement of the following items:
- The fact of transferring personal information
- The name (or corporate name), address, telephone number, and other contact information of the recipient of the transferred personal information
- Methods and procedures for taking action if the information subject does not wish to transfer personal information
Article 12 (Installation, Operation, and Rejection of Automatic Collection Devices for Personal Information)
① The Company uses "cookies" to store and retrieve usage information to provide individualized customized services to users.
② Cookies are small pieces of information that are sent by the server (http) operating the website to the user's computer browser and may be stored on the hard disk of the user's PC computer.
- Usage Purpose of Cookies: Cookies are used to track and analyze the visit and usage patterns of users on various services and websites, including popular search terms and whether secure connections are established, in order to provide users with optimized information.
- Installation, Operation, and Rejection of Cookies:
- Chrome
(Mobile) Select [Settings] from the menu at the top right corner of the web browser -> Go to [Site Settings] in [Advanced Settings] -> Navigate to [Cookies] to choose whether to allow cookies.
- Safari
(macOS) Select [Preferences] from the menu at the top left corner of macOS Safari -> Go to [Privacy] in the [Preferences] window to choose whether to allow cookies.
(iOS) Navigate to [Settings] -> Select [Safari] from the list of apps -> In [Privacy & Security], choose whether to allow cookies.
- Chrome
- If users refuse to store cookies, some services provided by the company may be partially restricted in use.
Article 13 (Personal Information Protection Manager)
① The Company designates the following person as the personal information protection manager responsible for overseeing personal information processing and handling complaints and remedies related to personal information processing:
- Personal information management officer
Name: Young Hyeon Chun
Phone: +82-2-6959-2076
E-MAIL: [yhchun@makestar.com]
② Users may contact the personal information protection manager for any inquiries, complaints, or remedies related to personal information protection arising from the use of the Company's services (or business). The Company will respond to and handle user inquiries promptly.
Article 14 (Remedies for Infringement of Rights)
Information subjects may apply for dispute resolution, counseling, etc., for remedies for personal information infringements to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, and other relevant institutions. For further inquiries regarding reporting or counseling for personal information infringements, please contact the following agencies:
- Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center : 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office : 1301 (www.spo.go.kr)
- National Police Agency : 182 (ecrm.cyber.go.kr)
Addendum
This privacy policy shall be effective from May 14, 2024.