At KPOPCON, we put all efforts in protecting personal information of our users.
Therefore, we regulate any protection policy relevant to personal information, listed as below.
Holding company of KPOPCON, Bestone E&C (known from now on as"company") will put on effort to comply with personal information protection law, promoting usage of information network system along with any acts related to in protecting information, communications privacy act, telecommunication service act and legal matters that information and communication service provider must follow in order to comply with personal information protection regulations and has set a policy in protecting personal information in accordance to related ordinance and has worked to put an effort in protecting the rights of users.
Personal information processing policy of the company holds following contents.
1. Personal information item that is being processed 2. Motive for processing personal information 3. Providing 3rd party personal information 4. Sharing and consigning personal information 5. Processing of personal information and storing period 6. Destroying process of personal information and method 7. Rights and obligations of information agent and its exercising method 8. Actions taken to secure safety of personal information 9. Protecting personal information of a minor 10. Contacts of personal information protection director and person in charge 11. Etc. 12. Change of personal information processing policy
1. Personal information item that is being processed
The company (KPOPCON), is gathering personal information listed below, to provide service to members(users).
- Required information: E-mail (ID), password (PIN), date of birth, gender, nationality. And during the course of using service or during the business handling process, such information listed below can be automatically generated and be collected.
- Type of user's browser and OS, visited record (IP address, access time), cookie buster and similar technology. The company may collect personal information using web page(http://www.kpopcon.net) through web document with the method of inputting user, and there may be cases where partial information may be gathered, in the form of print out document or through E-mail.
2. Motive for processing personal information
A. For company to provide stable service and expansion.
B. Requisition of partnership offer and replying to process outcome.
C. Receiving consultation/report of corporation ethics consultation center and replying to outcome of the process.
D. Partnership line registering and responding to process outcome (advertiser and other partners)
3. Providing 3rd party personal information
The company will use the personal information only within the notified range of the policy and will not use or publicize without the prior consent from the information source and will not go over the exceeding limit. But it will be exception for the cases listed below.
- When there is prior consent from the source of information.
- When ordinance regulations are in accordance and request from the investigative agents, with proper procedure and method within the set limit of ordinance with the sole purpose of investigation.
- When it is determined that other company needs it.
(fraud, illegal act/to prevent bodily harm, government investigation, to prevent potential violation of this term and policy, hindering service of the company or when needed, etc.)
4. Sharing and consigning personal information
The company will not lend or sell information of the members to outsider(or group that belongs to the company) without the consent of the member, except for when it is stated in the policy.
A. The subject that can share the information of the members
ⓐ The same company group that KPOPCON lawfully belongs to or part of the relevant group company("affiliated company"). The affiliated company uses member's information to provide analyzed information, and are able to use to provide service and improvements.
ⓑ Information that occurs from member's cookie, log file and devices such as data identifier, can be shared with outer business ("service providing business").
ⓒ Specialized information such as cookie data, can be shared with outside advertising partners.
ⓓ Deleting part of the data, that can distinguish the member, it can be shared with outsider under anonymous name. Also without any association with the member, combining with other information along with member's information, it can be shared by generalizing the information.
B. The subject that the member selects to share their user contents.
ⓐ Member's nationality and photos that the member voluntarily post, the name will be open to all and the contents that the member post, can be set up with the range of member's preference. At the time, range of open is, divided into open to all, friends only, confidential and open to all is publicized to everyone including visitors, friends only is for those permitted by the member, confidential is for only the member themselves. When the restricted contents of member is shared by another user, then set it up as open to all or when it is shared in 3rd party's site, the relevant contents can be shared by all.
ⓑ Depending on the profile and the range of openness, the information of member that has been made public and contents, can be search by another user, and it is possible to use depending on the company's API.
ⓒ Even if the member deletes information that has been posted on the service, it is possible to view the copy from the service cash or at archive page, or in cases where another user or other company that uses company's API, may have copied or saved it.
C. When changing control
When part of or in whole of the company or assets are sold or transfer to another group(example : M&A, bankruptcy, disperse or liquidated) name, E-mail address, user contents and other collected information along with information of members can be sold or transferred. Those that have purchased or received transfer must abide by the contents that is stated in personal information protection policy.
ⓑ The affiliated company and service provider that gathers personal information and any information collected relating to member, can be delivered to all over the world or country where the member's jurisdiction data protection law is not the same.
ⓒ When the member registers for the service or use the service, it is considered that they are consenting to and understand that their information can be delivered to other country all over the world, affiliated company or service providing company.
ⓓ The company uses safety measure and maintains member's information collected through service safely, and by requesting inherent password they verify the identity before approaching member's account. But the company does not verify the security of the transmitted information or guarantees the safety of information during service of usage, open, modify or does not guarantee that it will not be destroyed.
ⓔ The open range or storing period of member's information can be influenced by the service change of the 3rd party site that is linked to company. The company will not be responsible for functions, personal information protection or security measure of other company, other than its own company.
ⓐ Reason for holding information according to policy within the company
º Reason for holding: Illegal registration and prevent usage
º Holding period: 6 months
- Record of payment through illegal transaction
º Holding item: ID, name, mail, IP address, cookie, device information
º Reason for holding : To prevent illegal transaction
º Holding period: 3 years from the date of actual transaction
※ 'Record of illegal use' means illegally registering and record of usage restriction from the company, due to posting articles that violate the operation policy and 'record of payment through illegal transaction' means record of credit theft or laundering credit cards and violating related laws, terms of service and violating member's or other's right or benefit.
ⓑ Reason for holding information due to related laws
The company holds member's information for certain period of time that the related law requires due to related laws of consumer protection from the commercial law or electronic transaction and when needed to hold for regulations of related laws.
- Records relating to withdrawal from the contract or subscription
º Reason for holding: Laws in consumer protection relating to electronic transaction
º Holding period: 5 years
- Record of payment and supplying goods
º Reason for holding: Laws in consumer protection relating to electronic transaction.
º Holding period: 5 years
- Records of electronic financial transaction
º Reason for holding: Electronic financial transaction act
º Holding period: 5 years
- Record of complaints from consumer or processing of dispute
º Reason for holding: Laws in consumer protection relating to electronic transaction
º Holding period: 3 years
- Record of website visits
º Reason for holding: Communication privacy protection act
º Holding period: 3 months
ⓒ Besides the above, when it is hindering the operation of site and hindering maintaining of the site, or various restrictions of the law or any other reason that the company determines that it is needed, the personal information of the members can be stored for certain period of time.
6. Destroying process of personal information and method
The information that has been entered by information agent, will be moved to DB after it has reached its motive (in the case of paper, it will be in separate filing cabinet), and with the reason of protecting information within company's policy and other related laws, it will be stored for certain period of time, then destroyed.
B. Method of destroying
Personal information that hasbeen printed out in paper, will be shredded with paper shredder or destroyed through incinerator. Personal information that has been stored with form of electronic file will be destroyed with technical method that cannot regenerate any records.
7. Rights and obligations of information agent and its exercising method
A. The information agent can check or modify their own personal information that is registered anytime and can request deleting of information or request to stop the process. When they want to delete information or stop the process, they may contact person- in- charge of personal information protection, in writing or telephone or by e-mail, then it will be immediately handled.
B. The information agent may not violate personal information or privacy of user or others that is being processed according to personal information processing policy, due to violating personal information protection act and other related laws.
C. The member needs to maintain inherent password along with account information's security and has the responsibility to always control access rights of exchanged e-mail between the company and the member.
D. The company will not be liable for any personal information protection of member, who is being restricted from service usage. Please refer to Article 19, of KPOPCON terms for reference.
8. Actions taken to secure safety of personal information
The followings are protection measurement that the company provides to secure safety of personal information to prevent loss, stolen, expose, alter or damage when processing.
A. Encrypt password
The password that has been set up during service usage is encrypted then stored and maintained, therefore it is known only by the user, and to verify personal information along with changing the password, is possible only by the user.
B. Steps to prepare for hacking
The company is working hard to prevent leakage or damage to personal information from hacking or computer virus. To prepare for the damage of personal information, the data is frequently backed-up, and uses newest vaccine program to prevent personal information from being leaked or damaged, and through encrypted communication, enables transmitting personal information safely in the network. And controlling access with firewall system, and working onto get as much as possible in technological devices to secure, security with other systems.
C. Minimize personal information handling staff and education
The company has limited company's personal information staff to the manager and for this they have granted separate password, renewing it periodically, performing frequent education to the person-in-charge and is emphasizing to protect personal information.
D. Operating of personal information protection exclusive facility.
We are putting effort into correctly modifying the company's personal information processing policy performance list and to see if the person-in-charge is abiding by it and to resolve it immediately. When the company has done the obligation of the personal information protection but accidents and lost that results from user's negligent or when it is not in the domain of the company's maintenance and not a attributed fault of the company, the company will not be responsible.
9. Other website and service
The information and content of the members that use the service can be shared with 3rd party site that is linked or interlocked with the company or other company's website. The company's personal information protection policy does not apply to 3rd party site, other company's website or service. Also, the company will not be responsible for the other company that has approved access to user's content and does not have the control over it. When the member permits access to his or her user contents to another company, the risk that follows is the sole responsibility of the member.
10. Contacts of personal information protection director and person in charge
For questions regarding personal information protection policy or service, please refer to appropriate supporting channel within the company's website, that you are able to reach us at.
- Personal information maintenance director
NAME: Lay Jung
AFFILIATE : Personal information protection department
POSITION : CEO/President
E-mail : firstname.lastname@example.org
11. Change of personal information processing policy
A. Depending on the circumstances, the company may revise or modify this personal information processing policy, and depending on the situation there may be additions with appropriate method that will provide revision or modifying with announcement. When the member continues to use the service of the company, even after this personal information protection policy has been revised, it will be regarded as accepting of this revision.
B. When there is addition, deleting and modifying of content in current personal information protection policy, there will be notification at least 7 days prior to the actual revision on the domain of operator within the web page. But in the instances where an important change is made to rights of users, such as collecting and usage of personal information or providing information to 3rd party, it will be notified at least 30 days prior.
- Date of notice: October 1, 2015
- Date of enforcement: October 1, 2015