Article 1 (Purpose)
Planning Co., Ltd. (hereinafter referred to as "the Company") establishes this PrivacyPolicy (hereinafter referred to as "this Policy") to protect the personal information of individuals (hereinafter referred to as "Users" or "Individuals") using the services provided by the Company (hereinafter referred to as "Company Services"). The Companycomplies with relevant laws, including the Personal Information Protection Act and the Acton Promotion of Information and Communication Network Utilization and InformationProtection (hereinafter referred to as the "Information and Communication Network Act"),and aims to promptly and smoothly address complaints related to the protection of personal information of service users.
Article 2 (Principles of Personal Information Processing)
In accordance with personal information-related laws and this Policy, the Company may collect personal information of Users and may provide the collected personal information to third parties only with the consent of the individual. However, in cases where the Company is legally compelled to do so by laws and regulations, the Company may provide the collected personal information to third parties without the individual's consent.
Article 3 (Publication of this Policy)
1. The Company makes this Policy easily accessible for Users to review at any time by disclosing it on the first screen of the Company's website or through a linked screen to the first screen.
2. The Company ensures that Users can easily check this Policy by using font size, color, and other means when disclosing this Policy as mentioned in the preceding paragraph.
Article 4 (Amendment of this Policy)
1. This Policy may be amended in accordance with changes in personal information-related laws, guidelines, notifications, or changes in government policies or the content of Company Services.
2. When amending this Policy in accordance with the preceding paragraph, the Companyshall notify Users through one or more of the following methods:
1. Announcement on the first screen or a separate window of the Company's website.
2. Notification to Users through written documents, facsimile transmission, email, orsimilar methods.
3. The Company shall notify Users as mentioned in paragraph 2 at least seven (7) days before the effective date of the Policy amendment. However, in cases of significant changes to Users' rights, the Company shall provide notice at least thirty (30) days inadvance.
Article 5 (Information for Membership Registration)
The Company collects the following information for user membership registration for Company Services:
1. Mandatory information: Email address, password, and nickname.
2. Optional information: Profile picture.
Article 6 (Information for Identity Verification)
The Company collects the following information for user identity verification:
1. Mandatory information: Email address and name.
Article 7 (Information for Payment Services)
The Company collects the following information to provide payment services to users:
1. Mandatory information: Card number, card PIN, expiration date, six-digit date of birth
(yy/mm/dd), bank name, and account number.
Article 8 (Information for Cash Receipt Issuance)
The Company collects the following information to issue cash receipts to users:
1. Mandatory information: Cash receipt recipient's name, cash receipt recipient's date of birth, cash receipt recipient's address, mobile phone number, and cash receipt card number.
Article 9 (Information for Providing Company Services)
The Company collects the following information to provide Company Services to users:
1. Mandatory information: ID, email address, name, date of birth, and contactinformation.
Article 10 (Information for Service Usage and Detection of Unlawful Activities)
The Company collects the following information to confirm and analyze user service usage and the detection of unlawful activities, including but not limited to fraudulent use:
1. Mandatory information: Service usage records, cookies, connection locationinformation, and device information.
※ Unlawful activities refer to actions such as repeatedly rejoining after membership withdrawal, canceling purchases after product acquisition, and engaging in actions thatillegally gain economic benefits, such as discounts, coupons, and event benefits offeredby the Company, as well as actions prohibited in the terms of service, and unlawfulactivities such as identity theft. The collected information may be used for statistic alanalysis related to the use of Company Services.
Article 11 (Methods of Personal Information Collection)
The Company collects the user's personal information through the following methods:
1. User input of personal information on the Company's website.
2. User input of personal information through services provided by the Company otherthan the Company's website, such as applications.
3. User input of personal information after receiving an email sent by the Company.
Article 12 (Use of Personal Information)
The Company uses personal information in the following cases:
1. When necessary for the operation of the Company, such as delivering announcements.
2. When responding to user inquiries, handling complaints, and improving services forusers.
3. When providing Company Services.
4. When developing new services.
5. For marketing purposes, such as event and promotion notifications.
6. For demographic analysis and analysis of service visit and usage records.
7. To prevent and sanction actions that disrupt the smooth operation of the service,including imposing usage restrictions on members who violate laws and Company termsand preventing and sanctioning unlawful activities.
Article 13 (Provision of PersonalInformation Based on Prior Consent)
1. Notwithstanding the prohibition of providing personal information to third parties, theCompany may provide personal information to third parties if the user has publiclydisclosed it in advance or has agreed to the following matters. However, even in thiscase, the Company provides the minimum amount of personal information as required byrelevant laws.
1. Provide the information collected for membership registration and service usage toVivaripublica Co., Ltd. for payment processing when using the services.
2. When there are changes in the third-party relationship mentioned in the precedingparagraph or when the third-party relationship terminates, the Company notifies andobtains consent from the user through the same procedure.
Article 14 (Retention and Use Period of Personal Information)
1. The Company retains and uses personal information for the period required to achievethe purpose of collecting and using personal information.
2. Notwithstanding the preceding paragraph, the Company retains records of fraudulentservice usage in accordance with internal policies for up to one year from the time ofmember withdrawal for the purpose of preventing fraudulent registration and use.
Article 15 (Retention and Use Period of Personal Information According to Laws)
The Company retains and uses personal information in accordance with relevant laws asfollows:
1. Information and retention period under the Act on Consumer Protection in Electronic Commerce, etc.
1. Records related to contracts or subscription withdrawals: 5 years
2. Records related to payment and supply of goods, etc.: 5 years
3. Records related to consumer complaints or dispute resolution: 3 years
4. Records related to display and advertising: 6 months
2. Information and retention period according to the Act on the Protection ofCommunication Secrets
1. Weblog data: 3 months
3. Information and retention period according to the Electronic Financial Transactions Act
1. Records related to electronic financial transactions: 5 years
4. Information according to the Location Information Protection and Use Act
1. Records related to personal location information: 6 months
Article 16 (Principles of Personal Information Disposal)
The Company, in principle, promptly disposes of personal information when it is no longer needed for the purpose of processing personal information, or when the retention anduse period has expired.
Article 17 (Processing of Personal Information for Non-Users of the Service)
1. The Company, in principle, provides prior notice to users and disposes of or separatelystores the personal information of users who have not used the Company's service forone year.
2. The personal information of long-term non-users is securely stored separately, andnotification to such users is sent to their email addresses at least 30 days before theseparation and storage process is initiated.
3. Long-term non-users can continue to use the service by logging in on the website(including the mobile app) before the Company separates the non-user database.
4. Long-term non-users can restore their accounts with their consent by logging into thewebsite.
5. The Company disposes of the separately stored personal information after retaining itfor four years.
Article 18 (Method of Personal Information Disposal)
1. Information provided by users for membership registration, etc., is transferred to as eparate database (or paper documents in the case of paper) after the purpose ofprocessing personal information is achieved, and it is retained for a certain period according to internal policies and other relevant laws (refer to the retention and useperiod) before being destroyed.
2. The Company disposes of personal information for which disposal reasons have arisenthrough the approval process of the personal information protection officer.
Article 19 (Method of Personal Information Disposal)
The Company uses technical methods that make it impossible to reproduce electronicfiles to delete personal information stored in electronic form. Personal information printedon paper is destroyed using a shredder or incineration, etc.
Article 20 (Measures for the Transmission of Promotional Information)
1. When the Company transmits commercial promotional information for profit usingelectronic transmission methods, it obtains explicit prior consent from the user. However,it does not require prior consent in the following cases:
1. When the Company sends promotional information for commercial purposes relatedto goods, etc., similar to those traded by the Company within 6 months from the date thetransaction ends, provided that the user's contact information has been directly collectedfrom the recipient.
2. When a telemarketer according to the Act on Door-to-Door Sales, etc., informs the recipient of the source of personal information collection and conducts telemarketing.
2. The Company does not send promotional information for profit if the recipientexpresses their refusal to receive it or withdraws their prior consent, and it notifies theresult of the recipient's refusal and consent withdrawal.
3. When sending commercial promotional information for profit using electronictransmission methods from 9:00 PM to 8:00 AM on the following day, the Companyobtains separate prior consent from the recipient, regardless of the provisions in the firstparagraph.
4. When sending commercial promotional information for profit using electronictransmission methods, the Company explicitly discloses the following details in thepromotional information: 1. Company name and contact information 2. Instructions on expressing refusal to receive or withdrawing consent
5. The Company does not take the following measures when sending commercialpromotional information for profit using electronic transmission methods:
1. Measures to evade or obstruct the recipient's refusal to receive or consentwithdrawal.
2. Measures that automatically generate the recipient's contact information, such asphone numbers or email addresses, by combining numbers, symbols, or characters.
3. Measures to automatically register the recipient's phone number or email address forthe purpose of sending commercial promotional information for profit.
4. Measures to hide the identity of the sender of commercial promotional information orthe source of transmission.
5. Measures to deceive the recipient for the purpose of inducing a response to thecommercial promotional information.
Article 21 (Access to Personal Information and Withdrawal of Consent)
1. Users and legal guardians may request to view and modify their registered personalinformation and request withdrawal of their consent to collect personal information atany time.
2. Users and legal guardians can contact the Company in writing, by phone, or via emailto the personal information protection officer or responsible party to withdraw theirconsent for the collection of personal information. The Company will promptly takeaction.
Article 22 (Change of Personal Information)
1. Users can request the correction of errors in their personal information to the Companythrough the method in the preceding article.
2. Until the correction of personal information is completed, the Company will not use orprovide the incorrect information, and if incorrect personal information has already beenprovided to a third party, the Company will promptly notify the third party of thecorrection results to ensure that the correction is made.
Article 23 (User's Obligations)
1. Users are responsible for maintaining their personal information in the most up-to-datestate, and they are responsible for problems that arise due to incorrect information input.
2. In cases of using another person's personal information for membership registration,users may lose their user status or be subject to penalties according to related personalinformation protection laws.
3. Users are responsible for maintaining the security of their email addresses andpasswords and cannot transfer or lend them to third parties.
Article 24 (Management of Personal Information by the Company)
The Company takes technical and managerial protective measures to ensure the safetyof personal information, such as preventing personal information from being lost, stolen,disclosed, altered, or damaged when processing personal information.
Article 25 (Handling of Deleted Information)
The Company processes personal information that has been terminated or deleted at therequest of users or legal guardians in accordance with the "Retention and Use Period of Personal Information" collected by the Company and takes measures to prevent it frombeing viewed or used for other purposes.
Article 26 (Password Encryption)
User passwords are stored and managed using one-way encryption. Verification andmodification of personal information can only be done by the user who knows thepassword.
Article 27 (Measures Against Hacking)
1. The Company takes the best possible measures to prevent users' personal informationfrom being exposed or damaged due to hacking, computer viruses, or other intrusionsinto the information and communication network.
2. The Company uses the latest antivirus programs to prevent the leakage or damage ofusers' personal information or data.
3. The Company makes every effort to ensure security through intrusion preventionsystems to prepare for any unforeseen situations.
4. The Company encrypts sensitive personal information (if collected and stored) andsecurely transmits it over the network through encrypted communication to ensure thesafe transmission of personal information.
Article 28 (Minimization of Personal Information Processing and Education)
The Company restricts the number of individuals responsible for personal information-related processing and emphasizes compliance with laws, internal policies, and morethrough administrative measures, including education for personal informationprocessors.
Article 29 (Actions Regarding Personal Information Leaks, Etc.)
When the Company becomes aware of the loss, theft, or leakage of personal information(hereinafter referred to as "leaks, etc."), it will promptly notify the affected user of all ofthe following and report to the Korea Communications Commission or the Korea Internet& Security Agency:
1. The types of personal information that were leaked, etc.
2. The time when the leak, etc., occurred
3. Measures that the user can take
4. Measures taken by information and communication service providers
5. The department and contact information for users to inquire or file complaints
Article 30 (Exceptions to Actions Regarding Personal Information Leaks, Etc.)
Notwithstanding Article 29, in cases where the Company cannot determine the user'scontact information or has valid reasons, the Company may replace the notificationrequired in Article 29 by posting the notification on its website for more than 30 days.
Article 31 (Protection of Personal Information Transferred Abroad)
1. The Company does not enter into international agreements containing provisions thatviolate the related regulations, such as the Personal Information Protection Act, withrespect to the user's personal information.
2. In order to transfer, entrust processing, or store (hereinafter referred to as "transfer")user's personal information overseas, the Company obtains the user's consent. However,if the information is publicly disclosed in accordance with related regulations, or if theCompany notifies the user through methods such as email specified by presidentialdecree regarding all the matters listed in Article 31, paragraph 3, consent procedures forpersonal information processing, entrustment, or storage may not be required.
3. To obtain consent as mentioned in the preceding paragraph, the Company must notifythe user in advance of all of the following matters:
1. The types of personal information transferred
2. The country where the personal information is transferred, the date and method oftransfer
3. The name of the recipient of the personal information (in the case of a corporation, itsname, and the contact information of the person responsible for informationmanagement)
4. The purpose of use, and the retention and usage period of the personal information bythe recipient4. When the Company transfers personal information abroad with the consent as perparagraph 2, it shall take protective measures as specified by related regulations, suchas the Personal Information Protection Act.
Article 32 (User's Choice Regarding Cookie Installation)
1. Users have the choice of whether to install cookies. Therefore, users can allow allcookies, ask for confirmation each time a cookie is stored, or refuse the storage of allcookies by configuring the options in their web browser.
2. However, if users refuse the storage of cookies, it may be difficult to use some of theCompany's services that require login.
Article 33 (Method for Designating Permission for Cookie Installation)
The method for designating permission for cookie installation (in the case of InternetExplorer) is as follows:
1. Select [Internet Options] from the [Tools] menu.
2. Click on the [Privacy] tab.
3. Set your preferences in the [Advanced] settings.
Article 34 (Designation of Company's Personal Information Protection Manager)
1. The Company designates the following department and personal information protection manager to protect user's personal information and handle complaints related to personal information:
1. Personal Information Protection Manager:
- Name: Shin Jinwook
- Phone Number: 02-6949-5511
- Email: info@planningo.io
Supplementary Provisions
This policy will be effective from October 12, 2023.
