SK Communications (hereinafter, referred to as “the Company”) regards the privacy of users as highly important and complies with all regulations concerning the protection of personal information as required by any applicable laws and regulations concerning privacy, including the Personal Information Protection Act, the Act on Promotion of Utilization of Information and Communications Network, as well as the Act on the Protection and Use of Location Information.
By stating its privacy policy as shown below, the Company hereby informs the user of how and why the personal information provided by the user to the Company is used and what measures are taken by the Company for the protection of their personal information. The Company’s privacy policy is subject to change in accordance with any subsequent changes in the laws, regulations, and notifications, or the Company’s Terms of Service and internal policies. When the privacy policy is amended, the Company shall publish the changes on a service page or notify the user.
The user may choose not to accept the following details concerning the collection, use, provision, consignment, or any other use, of their personal information. However, it should be noted that, if the user does not accept the privacy policy, they may not be given access to the service in whole or in part.
The user should check the privacy policy from time to time as they continue to use the service.
- Purposes of the Collection and Use of Personal Information
- Types of Personal Information Collected and Methods of Collection
- Periods of Storage and Use of Personal Information Collected
- Procedure and Method for Destruction of Personal Information
- Provision and Sharing of Personal Information
- Consignment Process for Personal Information
- Refusal to Install/Operate Mechanisms That Automatically Collect Personal Information
- Technical/Administrative Measures for the Protection of Personal Information
- Rights of Users and Methods of Exercising Rights
- Privacy Officers, Inquiries, and Reporting
- Supplementary Provisions
1. Purposes of the Collection and Use of Personal Information
Personal information is any information about a living person that allows the identification of that person (including any information that may not provide identification of a specific person, by itself, but may provide easy identification when combined with other information). Personal information collected by the Company is used for the following purposes:
1) Provision of service
Providing content, delivering goods, recommending / inviting friends and purchasing/paying contents/charges by collecting and using the user’s mobile phone number and the mobile phone numbers and names of the third parties stored in the address book of the user’s device.
2) User management
Providing membership services, personal identification verification, record keeping for preventing abuse by bad users and dispute resolution, processing complaints, delivering notices, etc.
3) Development of new services, improvements to service, marketing, and advertising
Developing and specializing new services (products), providing customized services, improvements to service, providing services and advertising exposure based on demographic characteristics, measuring access frequency and statistics concerning the user’s use of the service, providing advertising information, including promotional events and offering opportunities to participate in events, etc. (The user’s personal information is not provided to the individual or organization requesting the placement of such advertisements.)
2. Types of Personal Information Collected and Methods of Collection
[Types of personal information collected]
- 1)At initial member sign-up and when using the Service, the Company collects the following information for member identification and the provision of optimized service.
<Members who sign up with an email address>
- - Required: Name, email address, password
- - Optional: Profile image
<Members who sign up with their Facebook account>
- - Required: Facebook user id number, name, email address, profile image
(If you do not have a profile image registered to your Facebook account, it will not appear in the Service.) - - Optional: List of friends who are member of Cymera.
<Members who sign up with their Google account>
- - Required: google user id number, name, email address, friends list(google user id number), profile image,
(If you do not have a profile image registered to your Google account, it will not appear in the Service.)
- 2) While using the service, the following information may be collected with the user’s consent.
- - Mobile phone numbers and names stored in the address book of the device, the member’s phone number, location information of the device, and photos and meta information (GPS location information, time and date photographed, etc.) contained in photos in the user’s device on which the service is installed.
- 3) While using the service, or during the operation of the business, the following information may be generated and collected.
- - Service usage records, cookies, access logs, IP addresses, abuse records, country code, time zone, device information (manufacturer(company name), model name, screen resolution, app speed, OS version)
[Methods of collection]
The Company collects personal information using the following means:
- 1) Collected at member sign-up, through event participation, by fax, by phone, by email, through on/offline websites and applications, through the customer center, and when requesting deliveries
- 2) Collected from partner companies
- 3) Collection through tools that compile generated information
3. Periods of Storage and Use of Personal Information Collected
By principle, the Company destroys, without delay, any personal information whose purpose and use has been accomplished. However, the Company preserves the following information for specified periods of time with the member’s consent or when the stipulations of relevant laws and regulations require such preservation.
- 1) Personal information preserved concerning commercial transactions
- (1) Information preserved: commercial transaction records
- (2) Basis for preservation: Law concerning consumer protection in Commercial Law, E-commerce, etc.
- (3) Period of preservation: - records concerning contracts, subscription withdrawals, etc.: 5 years
- records concerning provision on payments, services, etc.: 5 years
- records concerning consumer complaints and dispute settlements: 3 years
- 2) Personal information preserved concerning log records
- (1) Information preserved: Access records
- (2) Basis for preservation: Protection of Communications Secrets Act
- (3) Period of preservation: 3 months
4. Procedure and Method for Destruction of Personal Information
On principle, the Company destroys, without delay, any personal information when its purpose and use has been accomplished or when its period of preservation or use has expired. Procedures and methods for the destruction of personal information are as follows.
- 1) Procedure for the destruction of personal information
Any personal information entered by the user for membership sign-up, or any other purpose, after such purpose and use has been accomplished, is stored for a specified period of time in accordance with internal policies and reasons for information protection as stipulated by relevant laws and regulations (see Periods of Storage and Use of Personal Information Collected), and then it is destroyed. This personal information is not used for any purpose other than preservation, unless otherwise required by applicable laws and regulations.
- 2) Method of destroying personal information
Any personal information printed out on paper (printed, letters, etc.) is destroyed with a shredder or by incineration. Any personal information stored in electronic files is permanently deleted using methods with no possible means of restoration.
5. Provision and Sharing of Personal Information
On principle, the Company only uses the user’s personal information for the purpose of collection and use, and does not disclose it to other persons, enterprises, or organizations. However, the following exceptions may apply:
1) When prior consent is given by the user
The Company obtains user consent by informing the user who the business partners are, which information is required, why it is required, as well as how long, and through what means, it is protected/managed before the information is collected or provided. If the user does not give consent, no additional information shall be collected or shared with any business partners.
2) When required by stipulations in laws and regulations, or when requested by law enforcement agencies for investigation purposes through the procedures and methods stipulated by laws and regulations
6. Consignment Process for Personal Information
For providing professional customer support and service, the Company consigns the following personal information processing tasks to third parties.
To ensure the complete protection of personal information when establishing consignment contracts, the Company clearly states the details in the consignment contracts concerning strict compliance with instructions for the protection of personal information, the non-disclosure of personal information, and liability for any accidents.
[Service contractors]
- - Contractor : MPC Ltd, BSH Co., Ltd.
- - Consigned task : MPC Ltd(Customer center operations), BSH Co., Ltd.(Service operations, Public relations , CS operations)
- - Period of storage and use of : Until membership cancellation, Until expiration of consignment contract
7. Refusal to Install/Operate Mechanisms That Automatically Collect Personal Information
[Use of cookies]
The Company may use any mechanisms that automatically collect personal information (cookies, etc.).
When you visit the Service, we may use cookies to automatically store and import your information for the provision of your personalized and customized service. These are small data files that your browser places on your computer.
- 1) We may use both session cookies and persistent cookies to better understand how you interact with our services, to monitor aggregate usage by our users and web traffic routing on our services, and to improve our services.
- 2) Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
* How to unset a cookie (with Internet Explorer)
: click tools on your web browser > go to internet options > go to personal information
(You may unset cookies, provided that you agree there may be certain difficulties in using log-in services of websites.
[An App-log analysis by Google Analytics]
The Service use by users is analyzed by Google Analytics
[App error analysis using Crashlytics]
Realization of a report by Crashlytics about the application error analysis.
8. Technical/Administrative Measures for the Protection of Personal Information
- 1) Technical measures
- (1) The Company safely protects the user’s personal information using security features in accordance with relevant laws and regulations, and internal policies.
- (2) The Company makes every effort to prevent damage/loss by computer viruses by using secure antivirus programs. In order to ensure the protection of personal information, antivirus programs are updated regularly, and if there is a sudden virus outbreak, the antivirus programs are updated as soon as effective countermeasures have been made available.
- (3) The Company stores and manages the user’s password in an encrypted form and employs security measures for safely transmitting personal information over the network.
- (4) The Company also uses security measures for blocking outside intrusions and monitors the system for intrusion on a 24/7 basis in order to prevent any leakage of the user’s personal information by hacking, etc.
- 2) Administrative measures
- (1) The user must take precautions not to lose their device or disclose their password to third parties. Particularly, if the device is lost without any self-protection (locking mechanism) in place, third parties may use the user’s personal information with malicious intent. Also, the user’s ID and password should not be shared with others and the password should be changed regularly.
- (2) The Company strictly limits the handling of personal information to be done only by those performing administrative tasks related to personal information and those who absolutely need to access personal information due to the nature of their work. The Company also provides regular training to such employees to emphasize the importance of complying with the privacy policy.
9. Rights of Users and Methods of Exercising Rights
- Children under the age of 14 may not sign up for, or use, the service. If any child under the age of 14 is found to have signed up and to be using the service, the Company may suspend the underage user from the service.
- Children under the age of 14 who signed up for the service may request the Company to terminate their membership or to cancel their membership using the Service Settings menu.
- Any user may view or edit their registered personal information and request the termination of their membership at any time.
Any user may view or edit their personal information by clicking ‘Settings’ within the application and may cancel their membership by clicking ‘Settings ’.
10. Privacy Officers, Inquiries, and Reporting
The Company employs privacy officers who are responsible for the protection of the users’ personal information and the handling of complaints concerning their personal information. For any questions concerning a users’ personal information, please contact the Principal Privacy Officer, or the Deputy Privacy Officer, below:
- Principal Privacy Officer
- Kim Moon-Soo (Management & Planning Division) ㅣ +82 1599-7983 ㅣ nate_privacy@nate.com
- Deputy Privacy Officer
- Lee Gyeong-A (Security Team) ㅣ +82 1599-7983 ㅣ nate_privacy@nate.com
Inquiries concerning the infringement of personal information may be directed to the Personal Information Infringement Report Center, the Cybercrime Investigation Center of the Supreme Prosecutors’ Office, the Cyber Terror Response Center of the Korean National Police Agency, etc.
- [Personal Information Infringement Report Center]
- +82 118 ㅣ URL : http://privacy.kisa.or.kr/
- [Cybercrime Investigation Department of the Supreme Prosecutors’ Office]
- +82 (0)2-3480-3571 ㅣ cybercid@spo.go.kr
- [Cyber Terror Response Center of the Korean National Police Agency]
- +82 1566-0112 ㅣ URL : http://www.ctrc.go.kr/
11. Supplementary Provisions
- 1) In the case of an amendment to this privacy policy, the Company shall announce the reason for the amendment, and the effective date of the amendment, along with the current, effective privacy policy on a service page starting from 10 days in advance of the effective date and up to one day in advance of the effective date.
However, when there are changes to significant details concerning the rights and obligations of the user, the announcement shall be made at least 30 days in advance. - 2) If the user does not explicitly express their refusal, despite the Company’s announcement that the user’s acceptance would be deemed as expressed unless the user clearly expresses their refusal before the effective date of the amendment, as the Company announces the amendment in accordance with Paragraph 1, the user will be deemed as having accepted the amendment.
- 3) Despite Paragraph 2, if the Company needs to collect additional personal information from the user, or provide additional personal information to third parties, the Company shall obtain additional consent to do so directly from the user.
This privacy policy shall enter into effect on March 21, 2016.
Change Announcement date of this privacy policy: March 11, 2016
Enforcement date of this privacy policy: March 21, 2016