|Category||Purpose of collecting and using personal data||Personal data collected and used|
|Sign-up||Signing up for Weverse Account and Weverse, service usage, customer service, confirmation and prevention of fraudulent usage, and refund and exchanges||Account (e-mail), password, name, and whether you are a South Korean resident or foreigner|
|Using membership services||Identification of users to confirm or prevent usage of multiple memberships||Name, mobile phone number, and gender (optional)|
|Auto-generated information||Service usage, customer service, confirmation and prevention of fraudulent usage, and analysis and statistics||Cookies, service usage history (date of log-in, IP address, fraudulent usage, etc), device information (unique device identifiers and OS version)|
|Promotional information||Sending promotional information regarding the service||Email and push notifications|
|Event||Confirmation of raffle entries and shipping of event prizes for the event operation||(Confirmation of raffle entries) Name, date of birth, and mobile phone number
(event prize shipping) Name, date of birth, mobile phone number, and address
(Operation) Name, date of birth, mobile phone number, and social media account
③ The Company collects personal data of the Members as above, but it does not collect sensitive personal data (e.g., race and ethnicity, ideology and beliefs, birthplace and domicile, political views and criminal record, health status and sex life) that may infringe upon the basic human rights of the Members and particular identification data.
④ The Company asks for permission to access the stored data or functions within a Member’s mobile device when the Members use the Service through a mobile application. When required, the Company asks for such permission in the form of either access that is necessary no matter what to provide the Service and access that is not, which can later be changed by the Member through the “Settings” option on their mobile device.
⑤ The Service is not intended for children (i.e., under 14 years old for Koreans and under 16 years old for foreigners). If the Company becomes aware that the collected personal data is from a child, we will delete the personal data and close the subject user’s account. If you believe that the Company has collected personal data from a child, please contact firstname.lastname@example.org.
② The Company can provide the personal information for the Members’ service usage by getting the Members’ consent or by other legal means as below.
② In accordance with the restrictions and requirements under the relevant laws and regulations, the Members may exercise their rights relating to their personal data against the Company. For example, in Korea, a Member may request the Company to suspend its processing of his/her personal data, delete his/her personal data, and/or revoke consent to the Company’s collection/use of his/her personal data.
③ The Members can request to revise the personal information provided, if there are errors with it. However, if there are no errors with the personal information before the revision and the Members misuse this process, the Company will notify the Members the grounds for not revising the personal information without delay.
④ Data subjects may exercise their rights set forth in this Article by contacting email@example.com or firstname.lastname@example.org
Personal information kept and the period of keeping the personal information, in accordance with the relevant laws, are as below.
(1) Procedures for destroying personal data
① In the event that data provided by a Member when he/she signed up for membership must be retained or is permitted to be retained under an applicable law or regulation even after the purpose of collection/use is achieved, the data will be transferred to a separate database (if the data is provided in the form of a paper document, a separate filing cabinet), and destroyed after being retained for a certain period under the Company’s internal policy and other relevant regulations (see Article 4 (Retention/use period of personal data) above).
② The personal data that is moved to the separate database will not be used for purposes other than required or permitted by law.
(2) Methods for destroying personal data
① If stored in the form of electronic files, the personal data will be destroyed by technical means so that the records cannot be reproduced.
② If printed on paper, the personal data will be destroyed by shredding or incinerating the paper documents.
(3) Methods for destroying personal data of inactive accounts
The Company will notify Members at least 30 days prior to terminating an inactive account, and the notice will contain the following information:
- The fact that the Member’s personal data will be destroyed or separately stored
- Date and time of destruction
- The items of personal data to be destroyed
Notifications may be sent through email or other similar method.
As an exception, the information below may be maintained even after a year of inactivity.
- Where a Member and an information and communications service provider (e.g., the Company) enters into a separate agreement regarding the period of retention of personal data.
- Where the retention is required by applicable law or regulation
- For the prevention of fraudulent activities, emails of the deleted accounts will be encrypted with one-way password that renders decryption impossible and will be kept for 3 months, during which sign-ups are restricted.
- Once the 3-months period as explained above is over, the emails will be destroyed immediately.
(1) Operation of cookies
① Provide differentiated information depending on the individual’s area of interest.
② Engage in targeted marketing by determining the Members’ preferences and areas of interesting based on an analysis of how often Members and non-Members visited the website and/or used the Service.
③ Provide personalized service to Members on their next visit/use by tracking content that the Members showed an interest in.
④ Use as criteria in deciding whether and how to improve the Service by analyzing the customers’ habits.
(2) Members’ options regarding cookies
By adjusting the web browser, the Members can choose whether to accept all cookies, to be notified when cookies are installed, or deny all cookies; provided, however, if a Member refuses to install cookies, he/she cannot use some of the services that require the Member to log in.
Below are the steps for changing the settings for installation of cookies on Internet Explorer:
① Under the [Tools] menu, select [Internet Options].
② Click the [Privacy] tab.
③ In the [Settings] section in the [Privacy] tab, the user can select the cookies setting by moving the slider. (Moving the slider to the top will block cookies from all websites and moving the slider to the bottom will allow cookies from all websites.)
(3) Cookies will expire once the user closes the browser or logs out of the browser.
① A Member’s personal data is protected by password and encrypted information. Even with these safety measures, there is still a high possibility that a Member’s password or personal data may be leaked to others if a Member accesses the Internet in a public area or through other means. As such, what is most important is to thoroughly protect the personal data of the Members as much as possible. Therefore, all Members should also be careful not to leak or provide their personal data to others, and take responsibility in managing their personal data. The Company is not responsible for problems that may arise from the Member’s own negligence or the inherent dangers of using the internet.
② Fundamentally, the Members’ personal data is protected by password and encrypted information. Files and transferred data are encrypted and important data is protected by separate security features.
③ The Company uses anti-virus software to prevent damages that arise from computer viruses and regularly updates the software.
④ To prevent leakage or damage of Members’ personal data from hackings, computer viruses, and other sources of intrusion, the Company maintains a 24-hour intrusion detection and intrusion prevention system that monitors possible threats from outside sources.
In Korea, if a dispute arises between the Member and the Company with respect to personal data-related matters, the Member may contact any one of the following agencies and seek consultation regarding a possible privacy violation.
|Korea Internet & Security Agency||http://privacy.kisa.or.kr||118|
|Personal Information Dispute Mediation Committee||http://www.kopico.go.kr||1833-6972|
|Cyber Criminal Investigation, Supreme Prosecutor’s Office||http://www.spo.go.kr||1303|
|Cyber Terror Response Center of the National Police Agency||http://cyber.go.kr||182|
Any Member who has any questions, comments, or complaints relating to his/her personal data, please reach out to one of the contacts listed below through email or by phone. The Company will make every effort to respond promptly and with sincerity.
|Chief Privacy Officer|
|Name||Ryeo Sung Koo|
|Department responsible for processing complaints|
|Name of Department||Platform Service Department|
Effective date: 2021.03.10