PERSONAL DATA PROTECTION POLICY
The Company gives priority to protection of personal information and it is always doing its utmost to protect personal information of members. The Company observes the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (the “Communications Network Act”), other rules and regulations related to protection of personal information and “Policy on Protection of Personal Information” which was enacted by Ministry of Information and Communications. Personal Data Protection Policy allows the Company to inform members of the purpose and method of using their personal information and the measures for protection of the personal information. This personal data protection policy will be posted on an online site (http://mwave.interest.me) so that the customers can refer to it anytime.
The Company’s Personal Data Protection Policy includes the following contents.
- Items of personal information to be collected and methods of collection
- The purpose of using personal information
- Customers’ consent on collecting personal information
- Customers’ consent on proving (or sharing) a third party with personal information
- Consignment of the handling of personal information
- The period of retention and the procedures and method of destruction of personal information
- The right of user and his or her legal representative and the method of exercising such right
- Collection of personal information by cookie
- Technical and managerial measures for protection of personal information
- Person in charge of protection of personal information
- Obligation to notify any change in policy
- A. Items of personal information to be collected and methods of collection
The Company collects and utilizes the minimum amount of personal information of the member required for the purpose of authentication of user access, payment of services, shipment and provision of the customized service to the member by utilizing the personal information as marketing materials for statistics and analysis.
First: Items of personal information to be collected and the purpose of collection
- Name, ID, and password: These are used in the process of authentication of user access to membership service
- Email address and contact number: These are used as communication channels through which the Company gives notification, timely responds to customers’ complaints and sends the information on new service, new products, and events.
- Information on financial transactions such as bank account and credit card number: These are used for payment of a fee-charging service and products.
- Address: It is used to ship products or giveaways.
- Favorite singers or genre: These are used to provide customized services.
- Consent on receiving emails: It is used to confirm whether the member wishes to receive the email including the information on affiliated service, events and up-to-date information.
Second: Items of personal information to be collected
- Required items: Name, ID, password, address, telephone number, email address, birthday and etc.
- Optional items: Anniversary, interested areas, favorite brands and other additional items necessary to provide customized services.
- Other information on transaction and personal preference collected during the process of members’ using the service or Company’s doing the business, data of access log, cookie, IP address, and records of payment, suspension of membership, withdrawal from the membership and etc.
Third: The method of collection
- The personal information is collected through homepage, written document, telephone, Q&A bulletin board, registration for giveaway event, shipping request and etc.
- The personal information is provided by the Company’s affiliated partners.
- The personal information is collected through a program which analyzes the log.
- The personal information is collected through cookie.
- B. The purpose of using personal information
The Company utilizes the personal information collected through the mwave.interest.me website for the following purposes.
First: For the Performance of Service Contract and Calculation of Payment of the Service
For provision of contents, shipment of giveaways, user authentication in financial transaction, purchase of a fee-charging product, and payment of fees.
Second: Members Management
For user authentication of membership service, personal identification, prevention of illicit use or unauthorized use by fraudulent member, confirmation of a member’s intent to join, enrollment or limitation of the number of enrollment, maintenance of records for conflict resolution, customer service including recourse and redress, and sending notification.
Third: For Marketing and Advertisement Purpose
For provision of service and placement of advertisement based on demographic characteristics, statistics and analysis of service usage and access frequency, selection of a sample of members for the new service and provision of events
- C. Customers’ consent on collecting personal information
The Company collects the minimum amount of personal information required for the execution and performance of service use agreements by using legal and fair methods. When the Company collects user’s identification information, it must receive the user’s prior consent according to the following legal procedures. As to the collection of personal information, the Company gives notification to the users through Personal Information Protection Policy of mwave.interest.me or Personal Information Handling Policy. When the member clicks on “agree” button, it is considered as the member’s consent to collection of personal information. The Company studies distribution of members and their interest and pattern of behavior based on server log file of mwave.interest.me or its own research. The purpose is to learn more about its members and provide high-quality service to members. The information of these studies is thoroughly collected and analyzed, but does not contain the information which can recognize the identification of individual member.
- D. Customers’ consent on proving (or sharing) a third party with personal information
The Company shall not utilize the personal information or provide it to the third party, other companies, or organizations beyond the purpose stipulated in the policy, except for cases where the member’s consent is already obtained or the disclosure of personal information is inevitable for the purpose of taking legal measures due to their violation of the Company’s policy and management regulations, or responding to the request from the relevant governmental institutions. If the Company wishes to provide (or share) additional personal information beyond the designated purpose of Personal Information Protection Policy, it shall give a notification to the member by User Policy, Personal Information Protection Policy, email or a written document about to whom or to which business the information is provided, the items of personal information to be provided, the purpose of provision of personal information and receive the prior consent from the member.
However, personal information can be provided without the member’s consent according to relevant provisions in the laws in the following cases.
First, where it is necessary for charge of payment for the service
Second, where it is necessary for statistics, academic studies or market research, but the information shall be edited as unidentifiable form.
Third, where it is allowed in special provisions in Law of Real Name Financial Transaction, the Use and Protection of Credit Information Act, Telecommunications Basic Act, Telecommunications Business Act, Local Taxes Law, Customers Basic Act, Law of Bank of Korea, Criminal Procedure Code.
- E. Consignment of the handling of personal information
The Company consigns the handling of personal information necessary for payment and customer service to external company (“consignee”) for the service of mwave.interest.me as described below.
First, handling payment service: When customers purchase fee-charging products, the consignee handles the payment process for the Company.
Second, managing customer service and handling A/S: The consignee manages customer service to improve the efficiency of consulting task.
Third, handling shipment: The consignee handles shipment of products following the events
Fourth, CP service: The consignee provides the movie and application service (i.e. sounds/ring tone/text message/wall paper)
Fifth, the consignee sends SMS/MMS to the customers to notify the prize of events and gift con.
- F. The period of retention and the procedures and method of destruction of personal information
When personal information becomes obsolete due to the achievement of the purpose of handling personal information, the Company shall immediately destroy such information.
First: The list of information to be destroyed
- Information provided when signing up for membership: It should be destroyed when the member withdraws from his membership with the website or whose membership is revoked.
- Information such as bank account number: If such information other than the membership information was collected for the purpose of payment or refund, it should be destroyed after the payment or refund.
- Information on delivery address: If different delivery address was collected other than the address provided in signing up for membership for the purpose of survey or events, it should be destroyed after the purpose is achieved.
However, the personal information of a member can be retained even after the purpose was achieved in exceptional cases required by the Commercial Law or other laws.
- Where retention is inevitable due to the provisions in Commercial Law and other laws.
- Where the Company already notified the member of the period of retention through proper procedures
- Where the Company received consent from an individual member
- Where the Company retains the information for thirty days to consult with customers or to prevent additional loss to customers
Second: The method of destruction
- Personal information printed in document: It shall be destroyed by shredder.
- Personal information saved as electronic file: It shall be destroyed with technical method which disables the recovery or reproduction of such personal information.
- G. The right of user and his or her legal representative and the method of exercising such right
First: Accessing the account information and the method of modification of information
Members may at any time open their account information saved in “my account” and modify any change. If members wish to access or modify the personal information, they may click on “the account information”, go through the process of user identification, and access to the account information and modify the personal information. Or, they may contact the person in charge of managing personal information by phone or email, and then the Company will immediately help you to modify the personal information. If a proxy of a member visits the Company to access to the member’s personal information or ask for modification of such information, the Company may ask the proxy to prove such proxy’s relationship between the member and the proxy.
If members request correction of error in the account information, the Company will not use or provide the personal information to others before such information is modified. In case where the Company already provided the personal information with error to the third party, it will immediately notify the third party of the modified information. However, if there is reasonable ground to refuse members’ access or request for correction of the part of the information or the total information, the Company may immediately notify members of such refusal and provide explanation.
In the following exceptional cases, however, the Company may refuse members to access or modify the personal information.
- Where there is a risk of remarkable harm to the third party’s life, body, property or right.
- Where there is a chance of remarkable interruption to the service provider’s business
- Where there is a violation of laws and regulations
Second: Retraction of members’ consent and the method of withdrawal from membership
Members may anytime retract their consent to the collection, use, and provision of personal information that they provided at the time of signing up membership. Retraction of consent and withdrawal from membership at one of the Company’s websites applies to all of the Company’s websites. When members wish to retract their consent (or withdraw from membership), they can click on “withdrawal from membership” and directly apply for withdrawal. Or, they may contact the person in charge of managing personal information by phone or email, and then the Company will immediately help you to proceed with necessary measures.
- H. Collection of personal information by cookie
The Company manages “cookie” which frequently saves and finds personal information of members. Cookie is a small text file sent by the server used to run mwave.interest.me website to the browser of members and it is saved in computer hard disk of members. Cookie may contain the information of websites that members visited and members’ personal information. Members have the right to choose the installation of cookie. By setting the options on web browsers, members may enable cookies completely, request it to ask the consent whenever cookies save data or disable cookies completely so that they are always blocked. However, if members disabled cookies completely, they might experience some difficulty in fully enjoying the service.
First: Allowing Installation of Cookie
- Click “Internet Options” under “Tools” menu.
- Click “Privacy Tab”.
- Set “Personal Information Protection Level”
Second: Viewing Cookies
- Click “Tools” menu in task bar
- Click “Internet Options”
- Click “Settings” in general tab.
- Select “View Objects or View Files”
Third: The Purpose of Using Cookie
The personal information gathered through cookie is used in providing customized information tailored to the members’ interest areas, target marketing by analyzing customers’ preferences and interest areas through frequency of access and length of use by members and nonmembers, and customized service through customers’ habits in using the service, improving the service tailored to customers’ preferences and posting on bulletin board.
- I. Technical and managerial measures for protection of personal information
The Company implements technical and managerial measures for protection of personal information. It also provides its employees with the education of personal information protection and does its utmost to prevent the loss from leakage of personal information by limiting the minimum number of employees who can access to the personal information.
- Technical measures
In managing the personal information, the Company takes following technical measures to prevent loss, theft, leakage, falsification or destruction of personal information and secure the safety.
- Customers’ personal information is being controlled by the internal network which cannot be accessed or invaded by external network.
- The important data is strictly protected through individual security function such as encrypting a file or data or using lock function.
- The Company is using vaccine programs to protect its system from computer virus. Vaccine programs are updated periodically. If a sudden virus appears, the Company immediately installs a new vaccine program in order to prevent invasion of personal information.
- The Company adopts security system which allows personal information to be safely transmitted on network through cryptographic algorithm.
- The Company first encrypts the important personal information of members such as passwords and stores them.
- The Company is strengthening security by installing access-control system in each server of mwave.interest.me.
- Managerial Measures
- To securely protect personal information, the Company operates under the authorization of its information protection management system and other authorizations, provided by external specialized agencies for its major system and facilities.
- The Company prepares the necessary procedures for its employees’ access to personal information and management of personal information so that its employees can fully understand and conform to the procedures.
- The Company limits the minimum number of employees who can deal with personal information of customers. Those who can deal with customers’ personal information are limited to the lists below.
- Those who directly or indirectly deal with the customers and perform marketing tasks.
- Those who are in charge of personal information management tasks (i.e. Personal Information Management Officer or Personal Information Protection Officer)
- Those who inevitably have to deal with personal information due to other tasks
- When the Company handles customers’ personal information through the computer, it designates a person who is authorized to access to personal information, assigns identifiable signal (IDs) and passwords and periodically renews passwords.
- For employees who deal with personal information, the Company provides regular internal education programs and external commissioned educations on new security technology and their obligations to protect personal information.
- When the Company hires new employees, it obligates them to sign on Information Protection Pledge or Personal Information Protection Pledge in order to prevent potential leakage of information by the new employees. It also prepares internal procedures to check implementation of Personal Information Protection Policy and supervise whether the employees comply with the Policy.
- When employees leave the Company, the Company obligates them to sign on Secrecy Declaration and to prevent them from destroying, invading, or disclosing customers’ personal information they learned from their work at the Company.
- Duties and responsibilities of a person who dealt with personal information are transferred to a new person under strictly secured condition. The Company clearly stipulates employees’ responsibility for any disclosure of personal information after joining with the company and leaving the company.
- Data processing room and data storage room are designated as specially protected areas and the Company implements access management procedures such as the control of access to such areas.
- If the Company collects or provides payment information such as customers’ credit card numbers or bank account numbers to customers in order to enter into the Service Contract with customers or offer the service to them, it takes necessary measure to authenticate customers’ identity by checking their IDs, passwords, or requiring electronic signatures.
- J. Person in charge of protection of personal information
In order to protect members’ personal information and handle their complaint related to Company’s use of personal information, the Company designates the relevant department and Personal Information Management Officer as below. If you have any complaint with regard to personal information while using the service, please report it to the Personal Information Management Officer or Personal Information Protection Officer then we will immediately reply to you.
☞ Personal Information Management Officer
Name : Ki-Hoon Keum (the director of headquarter) of Digital Media Headquarter
☞ Personal Information Protection Officer
Name : Mi-Hu Kim, of Digital Media Headquarter
- K. Obligation to notify any change in policy
This Personal Information Protection Policy may be frequently modified by amendment of relevant laws and government policy and Company’s internal policy for mwave.interest.me. In case when the Personal Information Protection Policy of mwave.interest.me is amended, the Company notifies customers of amended policy at each website which mwave.interest.me provides service to, at least 7 days before the enforcement of amended policy. If you have any question with regard to amendment of the policy, you may ask Personal Information Management Officer or Personal Information Protection Officer or the customer service at mwave.interest.me website.
- Notice date of Personal Information Protection Policy: August 2, 2010
- Enforcement date of Personal Information Protection Policy: September 1, 2010