[Upbit Developer Conference (UDC) Privacy Policy]

Dunamu Inc. (hereinafter referred to as "the Company") places a high significance on the user's personal information and strives to comply withthe Act on Promotion of Information and Communications Network Utilization and Information Protectionandthe Personal Information Protection Act.

The following indicates how and for what purpose the Company uses the personal information provided by the user in accordance with its personal information management policy and what measures are being taken to protect personal information.

In order to continuously improve the personal information management policy, the company has established the procedures required to revise the personal information management policy. If and when the Company revises its personal information management policy, it shall provide a version number to the revision so that one can easily find out what has been revised.

 

 

1. Types of Personal Information Items to Be Collected

 

(1) Types of Personal Information Items

 

The Company collects the following personal information from the user when the user signs up for the website for the first time or uses the service.

 

Type

Personal Information Items To Be Collected

For Sign-up for the Upbit Developer Conference (UDC)

Name, affiliation, mobile phone number, email address, password, previous UDC attendance, occupation, influx channel

For UDC promotional events

Name, mobile phone number, email address, SNS account information etc.

Items automatically generated during using service.

Device information (OS, model name, carrier, device identification number, language information), IP address, service records, cookies

The company does not collect sensitive information (information on ideologies and orientation, beliefs, whether the user joined or left the union or political party, political views, health, sex life, etc.)that may seriously infringe on the privacy of users.

In principle, the company does not collect personal information if the user is under 14 years old. When the company inevitably has to collect the personal information of persons under the age of 14 for the purpose of using the service, it shall obtain the consent of the legal representative of that person beforehand, destroy the obtained personal information without delay as soon as the related service terminates and thoroughly manage the personal information during the service provision period.

(2) How to Collect Personal Information

- Collection through the website or written documents

The Company has established the procedures for the user to select "Agree" or "Disagree" for each of the contents of the Company's personal information collection and usage agreement.

 

2. Purposes of Collection and Use of Personal Information

 

The Company uses the collected personal information for the following purposes.

 

Purpose

Details

Operations of the Upbit Developer Conference

To inform the individual of the event program at the Upbit Developer Conference

Operations of UDC promotional events

To send prizes or gifts by mail or parcel service and confirm the reception

 

3. Period of Use and Retention of Personal Information

 

The company uses the collected personal information within the period of retention in accordance with laws and regulations or within the period of retention agreed when collecting personal information from users.

Each period of use and retention of personal information is as follows.

 

(1)Period of Use and Retention of Personal Information for operating Upbit Developer Conference

Type

Purpose

Retention Period

For Sign-up for the Upbit Developer Conference (UDC)

To identify the individual for the use of online services, provide conference information and facilitate communication

Upon withdrawal of consent

To provide promotional information after the conference

3 years after the conference

For UDC promotional events

Personal information identification, event participation confirmation, to facilitate communication

3 years after the conference

 

(2) Preservation by law in accordance with the provision of goods or services.

Personal Information To Be Retained

Retention Period

Legal Ground

Records related to withdrawal of contract or subscription

5 years

The Act on Consumer Protection in Electronic Commerce

Record of payment and goods supply

5 years

The Act on Consumer Protection in Electronic Commerce

Records of consumer complaints or disputes

3 years after completion

of conference

The Act on Consumer Protection in Electronic Commerce

Records on the collection, processing and use of credit information

3 years

The Act on the Use and Protection of Credit Information

Record of display/advertisement

6 months

The Act on Consumer Protection in Electronic Commerce

User's Internet log record/user's access point and other communication confirmation data (check whether item is needed)

3 months
6 months

The Communication Confidentiality Protection Act

 

4. Procedures and Methods for the Destruction of Records Containing Personal Information

 

The company shall destroy the information immediately after the purpose of collecting and using personal information is achieved.

 

(1) Destruction Procedures

 

After the purpose of collecting personal information is achieved, the user's personal information shall be transferred to a separate DB (a separate storage location in the case of paper) and stored for a certain period of time according to the internal policy and other relevant laws and regulations (refer to the table on the personal information items to be retained and retention period). Personal information transferred to a separate DB shall not be used for any purpose other than the one specified under the law unless it is required by law.

Personal Information Items To Be Transferred

Name, affiliation, mobile phone number, email address, password, previous UDC attendance, occupation, influx channel

 

 

(2) Destruction Method

 

The personal information stored in the form of electronic files shall be deleted using a technical method that prevents the data to be recovered. On the other hand, the personal information printed on paper shall be shredded by a paper shredder or destroyed by incineration.

 

5. Consignment of the Collected Personal Information

 

The Company shall entrust the following personal information processing tasks to an external professional contractor for the performance of service. Personal information processing consignment is performed for each external professional contractor only when necessary for the performance of each service.

 

In the case of entrusting the processing of personal information, the commands and orders made in relation to personal information protection shall be fulfilled strictly, confidentiality of personal information shall be maintained completely, the provision of personal information to the third party shall be strictly prohibited and liability at the time of accident, consignment period and the return or destruction of personal information after the consignment period shall be clearly stipulated in order to safeguard the privacy of personal information. In addition, the Company shall supervise the external professional contractor to make sure it handles personal information safely.

 

The Company shall notify the user through the website announcement (or individual notification by written document, email, phone or SMS) if the content of the consignment agreement is changed.

 

External Professional Contractor

Task

INTERCOM Convention Services, Inc.

Pre-event and on-site operation of the Upbit Developer Conference

 

 

6. Provision of Personal Information to a Third Party

 

In principle, the Company does not provide the user's personal information outside. However, the exceptions occur in the following cases.

 

- If there is a request by the law enforcement agency or other investigation agency in accordance with the relevant laws or relevant legal procedures and methods prescribed in the Act for the purposes of investigation

- When necessary for the settlement of charges due to the provision of paid service

- When the information is processed in a form of non-personally identifiable information in case of statistical writing, academic research, or market research

- When the users have agreed in advance

 

The companies listed above may change in the future. If and when the company is changed or the users’ personal information has to be provided or shared in addition to the cases listed above, the Company shall obtain the consent of users separately.

7. Rights of Users and Legal Representatives and How to Exercise the Right

Users and legal representatives may request to view/ correct/ delete/ suspend/ withdraw the consent for the collection and usage of personal information at any time with respect to the registered user or the personal information of the user under 14 years old.

To this end, the Company shall take appropriate measures without delay if the user or legal representative contacts the person in charge of personal information protection in writing, by phone or email.

The Company may refuse the request of the user or legal representative to view/correct or delete any or all of the personal information in the following cases.

- When viewing is prohibited or restricted by law

- If there is a risk of harming another person's life or body, or there is a risk of unjustly infringing the property or other interests of another person.

If the user or legal representative request correction of errors in personal information, the Company shall not use that personal information or provide it to a third party until the correction is completed. In addition, the Company shall notify the third party without delay when the Company has already provided incorrect personal information to the third party.

The Company shall carry out the procedures for the personal information that has been deleted or suspended at the request of the user or legal representative in accordance with “3. Period of Use and Retention of Personal Information” and prohibit the usage of such personal information from being viewed or accessed for any other purposes.

The user or legal representative shall be asked to enter their personal information in the most accurate state. The responsibility of the accident caused by the incorrect information entered by the user or legal representative falls on the user. Also, when the user inputs false information such as identify theft, that user’s membership shall become void.

The user has the right to be protected of his or her personal information and the obligation not to infringe on the information of others. The user shall be careful not to leak personal information of other users including password, and do not damage personal information of others including their posting. If the user fails to fulfill such responsibilities and damage the information and dignity of others, he or shall may be punished underthe Act on Promotion of Information and Communications Network Utilization and Information Protection.

8. Other Policy Measures Governing Personal Information

 

(1) Technical and Administrative Measures to Protect Personal Information

 

The Company shall take the following technical and administrative measures to ensure the safety of personal information in order to prevent loss, theft, leakage, alteration or damage of personal information in handling the user's personal information.

 

- Establishment and enforcement of internal management plan

The Company has established and implemented an internal management plan for the safe handling of personal information.

The company confirms the person in charge’s compliance with personal information protection measures through the in-house personal information protection organization, and promptly takes corrective measures when a problem is found.

 

- Installation and operation of access control devices

The company controls the unauthorized access from the outside by using the intrusion prevention system and strives to have all possible technical devices in place to ensure security in systems.

 

- Measures to prevent forgery and tampering of access records

The company archives and manages the records of access to the personal information processing system, and uses the security function to prevent forgery and tampering of the access records.

 

- Encryption of personal information

User's personal information is protected by password. It is stored and managed by encrypting file and transmission data or using file lock function. Important data is protected by separate security function.

 

- Measures against hacking 

The company uses a vaccine program to take measures to prevent damage from computer viruses. The vaccine program is updated periodically, and if a virus suddenly emerges, the vaccine program provides protection immediately to prevent personal information from being compromised.

The company adopts the security device (SSL) which can securely transmit personal information on the network safely using the encryption algorithm.

In preparation for external intrusion such as hacking, the Company uses the security and intrusion blocking system and vulnerability analysis system for each server to ensure security.

Personal information and general data are not stored in a separate server but stored separately.

(2) Link Provision Policy

The Company may provide users with a link another company’s website or recourses, and may use the products and services developed by a third party through the website.

In such cases, the Company has no control over the third party's sites, resources, products and services, and therefore shall not and cannot assume responsibility for the usefulness of the products and services or resources provided. If the user clicks a link to another company’s website and visits that website, the personal information management policy of the Company shall not be applied and the user shall examine the personal information management policy of the website he or she visits.

(3) Prohibition of Unauthorized Collection of Email Addresses

The Company prohibits unauthorized collection of published email addresses using an email collecting program or other technical devices. In case of violation, the entity that collects email addresses may be punished underthe Act on Promotion of Information and Communications Network Utilization and Information Protection.

(4) Transmission of Advertisement

The Company shall not transmit ads for commercial purposes against the request of the user not to receive any ads.

If the user agrees to receive product information, newsletters, and other emails, the Company shall make the following items visible in the email subject and body so that the user can easily notice them.

- The email subject line may not display the word advertisement and displays the main contents of the email body.

- In the email body, the name, email address, and telephone number of the sender shall be specified and how the user can easily choose to stop receiving advertisement emails shall be described.

If the Company sends ads for commercial purposes through faxes, mobile phones and texts other than email, it shall take necessary measures such as displaying "advertisement" at the beginning of the contents according to the relevant laws and regulations.

9. Cookies And Other Tracking Technologies.

We may also collect specific information through the use of "cookies" and other tracking technologies. Cookies are small files that Applicant / User's browsers place on their computers.

(1) Purpose of Using Cookies

Cookies support more rapid web environments for users by storing users' preferred settings and are used for the improvement of services to allow for the more convenient use of Services. By doing so, cookies allow Users to use services more easily.

 

(2) Installation, Operation and Rejection of Cookies

Applicants / Users have an option to either install cookies, refuse to accept/store cookies or delete them at any time. By doing so, Applicants / Users access or use of the Services may be adversely affected.

 

(3) How to block the storage of Cookies

- Internet Explorer: Select Tool Menu > Select Internet Options > Click Personal Data Tab > Setting the Level of Handling Personal Data

- Chrome: Select Settings Menu > Select Indicate Advanced Settings> Select Personal Data-Content Setting > Set-Cookie Level

- Safari: Select Environmental Setting Menu > Click Personal Data Tab > Setting the Level of Cookie and Website Data

10. Information on the Person in Charge of Personal Information Protection and the Customer Service Department

In order to protect the personal information of the user and to deal with complaints related to personal information, the Company has designated the relevant department and the person in charge of personal information protection as follows.

(1) Customer Service Department

Customer Service Department: UDC Secretariat (INTERCOM Inc.)

Secretariat Tel: 02-3453-2937

Contact: udc_reg@upbit.com (Inquiry on Upbit Developer Conference)

(2) Person in Charge of Personal information Protection

Person in Charge of Personal information Protection: SungBae Kim

Department: Information Security Team(Dunamu Inc.)

Tel: 1588-5682 (Customer Service)

Contact: cs@upbit.com

(3) Other Organizations

The user may notify all personal information protection complaints that occur while using company's services to the person in charge of personal information protection or the relevant department. The company shall respond promptly to the users' complaints promptly.

If you need to report or consult about other personal information infringement, please contact the following organizations.

- Privacy Infringement Reporting Center (privacy.kisa.or.kr / 118 without area code) 

- Cyber Investigation Department, Science Prosecutor's Office, Supreme Prosecutor's Office (www.spo.go.kr / 1301 without area code) 

- Cyber Safety Bureau, National Police Agency (cyberbureau.police.go.kr / 182 without area code) 

- Personal Information Dispute Resolution Committee (www.kopico.go.kr / 1833-6972)

11. Responsibility of Links to Other Websites

The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and Affiliates. If you follow or click on a link to any of these websites, please note that these websites have their privacy policies and that we have no control over how they may use your Personal Data.

 

Enforcement Date of Personal Information Management Policy: Nov. 6, 2020

You can find the previous version of Privacy Policy by clicking the link below.

 

Privacy Policy V1.2 (May 22, 2019 ~ Nov 5, 2020)

Privacy Policy V1 (Apr 30, 2019 ~ May 21, 2019)