Privacy Polish

Privacy Policy

---

ABLEOPTION (hereinafter “Company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. The Company has also established the Guideline on Processing Personal Information in accordance with relevant statutes and protects the rights and interests of users. As the Company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the Company’s policies, customers are recommended to pay frequent visits to our website and check details.

The Company’s Guideline on Processing Personal Information includes the following sections:

1. Personal Information Items Collected and Collection Method;
2. Purpose of Collecting and Using Personal Information;
3. Provision of Personal Information;
4. Outsourcing of Personal Information Processing;
5. Period of Retention and Use of Personal Information;
6. Procedure and Method for Destroying Personal Information;
7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;
8. Measures for Ensuring the Security of Personal Information;
9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;
10. Chief Privacy Officer and Personal Information Handling Employees
11. Notices

 

1. Personal Information Items Collected and Collection Method;

A.Personal information items collected

① The Company shall not collect any sensitive personal information which may lead to the infringement of human rights of users, including their race, ethnicity, ideas and creeds, place of birth and legal domicile, political orientations and criminal records, health status, and sexual life.

② The Company shall collect and use the following essential personal information:

1)Verification of a user’s identity and his/her willingness to obtain membership

- General Members: Name, ID, password, passport number (only for foreigners), alien registration number (foreigners residing in Korea), mobile phone number, e-mail address, country of birth, security password

- corporate members: name of company, name of representative, business registration number, contact telephone number, place of workplace address, e-mail address, password, country of operation, cell phone number, secure password

2) Self-authentication for payments and funds withdrawals

- name, date of birth, account number, a copy of an identification card (any remaining information masked except for date of birth), cell phone number, secure password.

3)Self-authentication for level up

- cell phone number, e-mail address, i-pin number, a copy of an identification card (any remaining information masked except for date of birth), Bank account no. for withdrawals, address , Connected information(CI), Duplicate membership verifying information (DI)

- The mobile phone number uses a mobile phone number certified by NICE Information Service Co., Ltd.

4)Secure password initialization

- name, e-mail address, cell phone number, a copy of an identification card (any remaining information masked except for date of birth), a facial photo

5)Prevention of use by fraudulent members and prevention of unauthorized use

- users’ IP address and date and time of their visit to the Company’s website

6) Verification of users’ real name

- name, date of birth, gender

③ The following information may be created and collected in the process of using or processing services:

Records on using services, payment records, records on the suspension and termination of services, access logs, cookies, users’ IP address, records on fraudulent or abnormal uses of services.

B.Collection method

The Company shall collect personal information through the following methods:

- homepage, cell phone applications, cell phone web page, fax, telephone, consumer bulletin board, e-mail, and event application

- Collection of personal information through a tool for collecting created information

2. Purpose of Collecting and Using Personal Information;

The Company shall collect and use customers’ personal information for the following purposes:

A.Member management

- Self-authentication for the use of membership-based services, verification of individuals’ identity

- Prevention of use of services by fraudulent members and of unauthorized use

- Verification of users’ willingness to obtain membership and limitation on membership and the number of obtaining membership

- Identification of minors

- Records retention for consulting with customers, acceptance and handling of customers’ complaints and disputes resolution

- Delivery of notices

B.Performance of agreements on the provision of services and payment of charges

- Provision of services and contents, as well as tailored-made services

- Payment and settlement of fees

- Notification of the result of winning prizes at events/giveaways and delivery of products

C.Use for marketing and advertisements

- Providing optimized services for customers

- Developing and specializing in new services (products)

- Providing services and posting advertisements according to demographic traits

- Identifying the frequency of access to the Company’s homepage

- Statistics on the use of services

- Mailing periodicals and offering guidance on new products or services

- Planning web services and events that meet customers’ interests

- Delivering information on advertisements, such as giveaways and events, Company News and operation of member communities

- Conducting customer questionnaire based survey

3. Provision of personal information and transfer abroad

The Company shall neither use nor provide customers’ personal information for any third party beyond the scope of which customers are notified upon collection of their information or the scope that is specified at the terms and conditions of the use of services, unless the customers agree or except for the following cases:

1. Partnership: The Company may provide customers’ personal information for its partners or share such information with its partners for the provision of better services. In case the Company does the foregoing acts, individual customers shall be notified in advance of who are our partners, what kinds of personal information items are provided or shared and why such personal information should be provided or shared and until when such information should be protected and managed, either in writing or e-mail, and give their consent to the provision and sharing of their personal information. If customers do not agree, the Company shall neither provide for its partners nor share their personal information with its partners. If there is any change in or termination of the Company’s partnership, the Company shall notify customers of such change or termination or seek their consent through the same procedure as described above.
2. Sale and merger and acquisition: If the Company sells its business, in whole or in part, or transfers and assumes the rights and obligations of any service providers, due to mergers and inheritances, the Company shall be sure to notify customers of such mergers and inheritances to guarantee customers their right related to the protection of their personal information.
3. Customers’ personal information is required for the performance of an agreement on the provision of services but it is significantly difficult to obtain customers’ ordinary consent due to economic and technological reasons.
4. Customers’ personal information is required for payments of fees in return for services
5. There is a special provision in other laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act. However, even if there is a special provision in laws compelling the provision of customers’ personal information and customers’ personal information is requested by an administrative or investigation agency for administrative or investigative purposes, the Company shall not provide such personal information unconditionally but only do so in accordance with legal procedures, including by way of a writ or a written request affixed with a seal of head of such agency as stipulated in laws.
6. A user inflicts mental and physical damage on others using the Company’s services and therefore, the Company has sufficient grounds to determine that such user’s personal information should be disclosed for the Company to take legal action against such infliction of harm.
7. Outsourcing of Personal Information Processing;

The Company may entrust the management of personal information to other entities to a limited extent to provide smooth and improved services. The following is a list of companies which are entrusted with the processing of personal information for the performance of service agreements with members. The Company stipulates matters required for the secure management of personal information upon execution of outsourcing agreements in accordance with relevant statutes.

 

 

5. Period of Retention and Use of Personal Information;

A.Customers’ personal information shall be retained and used during a period when the Company provides services for customers. Upon a user’s withdrawal of membership, such user’s personal information shall be destroyed to ensure that his/her/its personal information is neither accessed nor used. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.

1) Act on Consumer Protection in Electronic Commerce

- Records on payments and the supply of goods : three (5) years

- Records on payments and the supply of goods : three (5) years

- Records on the handling of customers’ complaints and disputes: three (3) years

2) Electronic Financial Transactions Act

- Records on electronic banking : (5) years

3) Communication Secret Protection Act

Login history: 3 months

B.If a customer demands access to transaction information that has been retained by the Company after obtaining the consent of such a customer, the Company shall immediately take a step to ensure that such information can be accessed and checked by such a customer.

1. In case of withdrawal of membership, repeated membership registration, termination of membership, etc., to receive economic benefits such as discount coupons and event benefits provided by the Company, such as illegal or illegal use or impersonation in the process In order to prevent such illegal and illegal acts, the member's name, date of birth, ID, and password identification information will be kept for one month after the member withdraws.

 

Once the objectives of the collected personal information are fulfilled, Company will destroy or store separately without hesitation said information according to the storage or usage terms. The process, time frame, and methods are as follows.

A.Procedure and Timing for Destroying Personal Information

- The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled, including termination of services, and a retention period of such information as stipulated by its internal guidelines and other relevant statutes (please, refer to the above period of retention and use of personal information) has elapsed. In general, if there is no remaining creditor and debtor relationship, the Company shall, upon withdrawal of membership, immediately delete any personal information that has been collected by the Company at the time of obtaining membership and afterwards managed in the form of electronic files.

-In general, if there is no remaining bond or debt relationship, personal information collected when signing up for “Company” and managed in the form of an electronic file will be deleted immediately at the time of withdrawal from membership.

1. Destruction method

Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights
8. ABLEOPTION protects your rights as follows.

① You can search and modify your personal information at any time.

② You can request the withdrawal of membership / cancellation of membership at any time.

③ We do not collect personal information of children under 19 years old. However, if required by a legal representative, the legal rights are guaranteed. (View, Correction and Deletion of Children's Personal Information, Right to Request Personal Information Processing)

④ When requesting correction of personal information, user's personal information will not be used or provided until the correction is completed to use and provide accurate personal information. If it is already provided to a third party, we will notify the person provided without delay so that modifications can be made.

1. You can directly view, correct or withdraw by clicking on "Withdrawal" in the service to change your "My Profile" in the service to inquire or modify your personal information.
2. Measures for Ensuring the Security of Personal Information

The Company takes the following administrative, technical, and physical measures to ensure safety so that personal information is not lost, stolen, leaked, tampered with or damaged in the handling of personal information of users.

1. Password Encryption

-The user's password is encrypted and stored and managed, so only the person knows it, and personal information can only be verified by the person who knows the password.

1. Countermeasures against hacking

- ABLEOPTION is committed to protecting your personal information from being compromised or compromised by hacking or computer viruses. We are backing up our data from time to time in case of damage to personal information. And the latest vaccine program is used to prevent the leakage or damage of users' personal information or data. We also securely transmit personal information over the network through encrypted communication. It also uses intrusion prevention system to control unauthorized access from outside. And we strive to equip all possible technical devices to ensure systemic security.

1. Minimization and Training of Handling Staff

-ABLEOPTION is limited to employees who handle personal information, and it is regularly updated by assigning a separate password for it.

1. Personal ID and Password Management

-In principle, the username and password used by the user are only for the user. ABLEOPTION is not responsible for any problems caused by the leakage of personal information such as ID, password, mobile phone number, etc. due to the user's personal carelessness and the risk of the basic internet. Change your password frequently with a security awareness of your password, and take special care not to leak any personal information when logging in from a public PC.

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;
10. The Company may install and operate cookies that store and frequently retrieve customers’ information through Internet services provided by the Company. Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server. If a customer accesses the Company’s website, the Company may read the contents of cookies stored at such a customer’s web browser and provide services by searching for additional information, without requiring such a customer to enter such additional information, including his/her/its name.
11. The Company may use customers’ information collected through cookies for the following purposes:

① Providing different information depending on individuals’ interests

② Identifying users’ tastes and interests by analyzing the access frequency or staying time of members or non-members, and using them for target marketing.

③ Tracing the contents that users read attentively and providing tailor-made services in his/her next visit to the Company’s website.

④ Providing guidance on a use period in using paid services.

⑤ Analyzing customers’ habits and using them as a measure for the reshuffling of services.

1. All customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed, by clicking “Tools>Internet Options> Personal Information > Advanced on the upper menu bar of a web browser. However, if a customer rejects the installation of cookies, he/she/it may have inconvenience or difficulty in using services.
2. Cookies expire at the termination of a web browser or when users log out of services.
3. Chief Privacy Officer and Personal Information Handling Employees
4. The Company values the protection of customers’ personal information highly and does its best to ensure that their personal information is not damaged, compromised or leaked. However, the Company shall not be responsible for the information damaged by unexpected accidents that arise from basic dangers inherent at networks and all kinds of disputes that arise from postings made by visitors to the Company’s website, even though the Company has taken technological security measures.
5. The Company’s customer center offers swift and sincere replies to customers’ inquiries about the protection of their personal information. In addition, customers who wish to contact the chief privacy officer at the Company may contact him/her at the below telephone number or by e-mail. We will answer your inquiries on the protection of personal information swiftly and sincerely.

You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.

① Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499

② Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 02-3480-3573

③ Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 1566-0112

④ Personal Information Response Center (http://privacy.kisa.or.kr): 118

11. Notices

Guideline that is caused by changes in the government’s policies or security technologies on the Notices menu on its homepage seven (7) days before the effectuation of such addition, deletion or modification.

Addenda

Date of effectuation: 2020.07.15

 

---