[Privacy Policy]
Dunamu Inc. (hereinafter referred to as "the Company") places a high significance on the user's personal information and strives to comply with「the Act on Promotion of Information and Communications Network Utilization and Information Protection」and「the Personal Information Protection Act」.
The following indicates how and for what purpose the Company uses the personal information provided by the user in accordance with its personal information management policy and what measures are being taken to protect personal information.
0. General Provisions
"Personal information" refers to any information about an individual who is alive, and information that can identify the individual based on the name, resident registration number (including the information that can be combined with other information for the identification of the individual even if the individual cannot be identified by the given information alone).
In order to continuously improve the personal information management policy, the company has established the procedures required to revise the personal information management policy. If and when the Company revises its personal information management policy, it shall provide a version number to the revision so that one can easily find out what has been revised.
This policy shall be enforced from April 30, 2019, and if and when it is revised, the revision shall be announced through the website (or separate notifications in writing or via email, phone or SMS).
1. Types of Personal Information Items to Be Collected and How to Collect
(1) Types of Personal Information Items
The Company collects the following personal information from the user when the user signs up for the website for the first time or uses the service.
|
Type |
Personal Information Items To Be Collected |
|
For Participation at the Upbit Developer Conference (UDC) |
Name, affiliation, title, cell phone number, email address, nationality, country of residence |
|
For payment/settlement |
Credit card, Kakao Pay, bank account number, account holder information, etc. |
※ The company does not collect sensitive information (information on ideologies and orientation, beliefs, whether the user joined or left the union or political party, political views, health, sex life, etc.)that may seriously infringe on the privacy of users.
※ In principle, the company does not collect personal information if the user is under 14 years old. When the company inevitably has to collect the personal information of persons under the age of 14 for the purpose of using the service, it shall obtain the consent of the legal representative of that person beforehand, destroy the obtained personal information without delay as soon as the related service terminates and thoroughly manage the personal information during the service provision period.
(2) How to Collect Personal Information
- Collection through the website or written documents
※ The Company has established the procedures for the user to select "Agree" or "Disagree" for each of the contents of the Company's personal information collection and usage agreement.
2. Purposes of Collection and Use of Personal Information
The Company uses the collected personal information for the following purposes.
|
Purpose |
Details |
|
(1) Operations of the 2019 Upbit Developer Conference |
To confirm the individual’s attendance at the Upbit Developer Conference, inform the individual of the event program at the conference |
|
(2) Promotion for the events hosted by Dunamu Inc. |
To promote related promotional events organized by Dunamu Inc. and execute related activities |
3. Period of Use and Retention of Personal Information
In principle, the company shall destroy the information immediately after the purpose of collecting and using personal information is achieved.
However, when it is necessary to retain it in accordance with the relevant laws and regulations, the Company shall retain the personal information of the user for a certain period set forth in the related laws and regulations. In such cases, the Company shall transfer the personal information to a separate database(DB) or store it in a different storage location.
|
Personal Information To Be Retained |
Retention Period |
Legal Ground |
|
Records related to withdrawal of contract or subscription |
5 years |
The Act on Consumer Protection in Electronic Commerce |
|
Record of payment and goods supply |
5 years |
The Act on Consumer Protection in Electronic Commerce |
|
Records of consumer complaints or disputes |
3 years |
The Act on Consumer Protection in Electronic Commerce |
|
Records on the collection, processing and use of credit information |
3 years |
The Act on the Use and Protection of Credit Information |
|
Record of display/advertisement |
6 months |
The Act on Consumer Protection in Electronic Commerce |
|
User's Internet log record/user's access point and other communication confirmation data (check whether item is needed) |
3 months |
The Communication Confidentiality Protection Act |
4. Procedures and Methods for the Destruction of Records Containing Personal Information
The procedures and methods for the destruction of records containing personal information are as follows.
(1) Destruction Procedures
After the purpose of collecting personal information is achieved, the user's personal information shall be transferred to a separate DB (a separate storage location in the case of paper) and stored for a certain period of time according to the internal policy and other relevant laws and regulations (refer to the table on the personal information items to be retained and retention period). Personal information transferred to a separate DB shall not be used for any purpose other than the one specified under the law unless it is required by law.
(2) Destruction Method
The personal information stored in the form of electronic files shall be deleted using a technical method that prevents the data to be recovered. On the other hand, the personal information printed on paper shall be shredded by a paper shredder or destroyed by incineration.
5. Consignment of the Collected Personal Information
The Company shall entrust the following personal information processing tasks to an external professional contractor for the performance of service. Personal information processing consignment is performed for each external professional contractor only when necessary for the performance of each service.
In the case of entrusting the processing of personal information, the commands and orders made in relation to personal information protection shall be fulfilled strictly, confidentiality of personal information shall be maintained completely, the provision of personal information to the third party shall be strictly prohibited and liability at the time of accident, consignment period and the return or destruction of personal information after the consignment period shall be clearly stipulated in order to safeguard the privacy of personal information. In addition, the Company shall supervise the external professional contractor to make sure it handles personal information safely.
The Company shall notify the user through the website announcement (or individual notification by written document, email, phone or SMS) if the content of the consignment agreement is changed.
|
External Professional Contractor |
Task |
|
INTERCOM Convention Services, Inc. |
Pre-event and on-site operation of the Upbit Developer Conference |
|
KG INICIS Inc. |
Settlement/payment for the participation of the Upbit Developer Conference |
|
Infobank Inc. |
Message service on event information Developer Conference |
6. Provision of Personal Information to a Third Party
In principle, the Company does not provide the user's personal information outside. However, the exceptions occur in the following cases.
- If there is a request by the law enforcement agency or other investigation agency in accordance with the relevant laws or relevant legal procedures and methods prescribed in the Act for the purposes of investigation
- When necessary for the settlement of charges due to the provision of paid service
- When the information is processed in a form of non-personally identifiable information in case of statistical writing, academic research, or market research
- When the users have agreed in advance
The companies listed above may change in the future. If and when the company is changed or the users’ personal information has to be provided or shared in addition to the cases listed above, the Company shall obtain the consent of users separately.
7. Rights of Users and Legal Representatives and How to Exercise the Right
Users and legal representatives may request to view/correct/ delete/ suspend/ withdraw the consent for the collection and usage of personal information at any time with respect to the registered user or the personal information of the user under 14 years old.
To this end, the Company shall take appropriate measures without delay if the user or legal representative contacts the person in charge of personal information protection in writing, by phone or email.
The Company may refuse the request of the user or legal representative to view/correct or delete any or all of the personal information in the following cases.
- When viewing is prohibited or restricted by law
- If there is a risk of harming another person's life or body, or there is a risk of unjustly infringing the property or other interests of another person.
If the user or legal representative request correction of errors in personal information, the Company shall not use that personal information or provide it to a third party until the correction is completed. In addition, the Company shall notify the third party without delay when the Company has already provided incorrect personal information to the third party.
The Company shall carry out the procedures for the personal information that has been deleted or suspended at the request of the user or legal representative in accordance with “3. Period of Use and Retention of Personal Information” and prohibit the usage of such personal information from being viewed or accessed for any other purposes.
The user or legal representative shall be asked to enter their personal information in the most accurate state. The responsibility of the accident caused by the incorrect information entered by the user or legal representative falls on the user. Also, when the user inputs false information such as identify theft, that user’s membership shall become void.
The user has the right to be protected of his or her personal information and the obligation not to infringe on the information of others. The user shall be careful not to leak personal information of other users including password, and do not damage personal information of others including their posting. If the user fails to fulfill such responsibilities and damage the information and dignity of others, he or shall may be punished under「the Act on Promotion of Information and Communications Network Utilization and Information Protection」.
8. Other Policy Measures Governing Personal Information
(1) Technical and Administrative Measures to Protect Personal Information
The Company shall take the following technical and administrative measures to ensure the safety of personal information in order to prevent loss, theft, leakage, alteration or damage of personal information in handling the user's personal information.
- Establishment and enforcement of internal management plan
ㆍ The Company has established and implemented an internal management plan for the safe handling of personal information.
ㆍ The company confirms the person in charge’s compliance with personal information protection measures through the in-house personal information protection organization, and promptly takes corrective measures when a problem is found.
- Installation and operation of access control devices
ㆍ The company controls the unauthorized access from the outside by using the intrusion prevention system and strives to have all possible technical devices in place to ensure security in systems.
- Measures to prevent forgery and tampering of access records
ㆍ The company archives and manages the records of access to the personal information processing system, and uses the security function to prevent forgery and tampering of the access records.
- Encryption of personal information
ㆍ User's personal information is protected by password. It is stored and managed by encrypting file and transmission data or using file lock function. Important data is protected by separate security function.
- Measures against hacking
ㆍ The company uses a vaccine program to take measures to prevent damage from computer viruses. The vaccine program is updated periodically, and if a virus suddenly emerges, the vaccine program provides protection immediately to prevent personal information from being compromised.
ㆍ The company adopts the security device (SSL) which can securely transmit personal information on the network safely using the encryption algorithm.
ㆍ In preparation for external intrusion such as hacking, the Company uses the security and intrusion blocking system and vulnerability analysis system for each server to ensure security.
ㆍ Personal information and general data are not stored in a separate server but stored separately.
(2) Link Provision Policy
The Company may provide users with a link another company’s website or recourses, and may use the products and services developed by a third party through the website.
In such cases, the Company has no control over the third party's sites, resources, products and services, and therefore shall not and cannot assume responsibility for the usefulness of the products and services or resources provided. If the user clicks a link to another company’s website and visits that website, the personal information management policy of the Company shall not be applied and the user shall examine the personal information management policy of the website he or she visits.
(3) Prohibition of Unauthorized Collection of Email Addresses
The Company prohibits unauthorized collection of published email addresses using an email collecting program or other technical devices. In case of violation, the entity that collects email addresses may be punished under「the Act on Promotion of Information and Communications Network Utilization and Information Protection」.
(4) Transmission of Advertisement
The Company shall not transmit ads for commercial purposes against the request of the user not to receive any ads.
If the user agrees to receive product information, newsletters, and other emails, the Company shall make the following items visible in the email subject and body so that the user can easily notice them.
- The email subject line may not display the word advertisement and displays the main contents of the email body.
- In the email body, the name, email address, and telephone number of the sender shall be specified and how the user can easily choose to stop receiving advertisement emails shall be described.
If the Company sends ads for commercial purposes through faxes, mobile phones and texts other than email, it shall take necessary measures such as displaying "advertisement" at the beginning of the contents according to the relevant laws and regulations.
9. Information on the Person in Charge of Personal Information Protection and the Customer Service Department
In order to protect the personal information of the user and to deal with complaints related to personal information, the Company has designated the relevant department and the person in charge of personal information protection as follows.
(1) Customer Service Department
Customer Service Department: UDC Secretariat (INTERCOM Inc.)
Secretariat Tel: 02-6242-2827
Contact: udc_reg@upbit.com (Inquiry on Upbit Developer Conference)
(2) Person in Charge of Personal information Protection
Person in Charge of Personal information Protection: Jong-Hyun Cha
Department: Information Security Team(Dunamu Inc.)
Tel: 1588-5682 (Customer Service)
Contact: cs@dunamu.com
(3) Other Organizations
The user may notify all personal information protection complaints that occur while using company's services to the person in charge of personal information protection or the relevant department. The company shall respond promptly to the users' complaints promptly.
If you need to report or consult about other personal information infringement, please contact the following organizations.
- Privacy Infringement Reporting Center (privacy.kisa.or.kr / 118 without area code)
- Cyber Investigation Department, Science Prosecutor's Office, Supreme Prosecutor's Office (www.spo.go.kr / 1301 without area code)
- Cyber Safety Bureau, National Police Agency (cyberbureau.police.go.kr / 182 without area code)
- Personal Information Dispute Resolution Committee (www.kopico.go.kr / 1833-6972)
Enforcement Date of Personal Information Management Policy: April 30, 2019