Article 1 (Purpose and Use of Personal Information, Collected Information and Method of Collection)
- Collection of Personal Information
The collected personal information by the Company from the users is as follows.
- The “collection” of personal information refers to the acquisition of all types of personal information concerning the information subject as well as the provision of the name, address and telephone number directly from the information subject.
- The personal information manager can collect personal information as shown below and can be used within the scope of the purpose of the collection.
- Collect “ID, password, name, date of birth, sex, e-mail address and mobile phone number” as mandatory items when registering as a member. The member’s address is collected as a selection.
- The user collects account numbers or online financial information only when purchasing or paying in the Company’s Service.
- Personal information such as IP addresses and cookies can be generated and collected by the Company from the users in the process of using the records of service use, transaction information, payment and settlement records, and copyright fee information service.
- How to Collect Personal Information
The Company collects personal information in the following ways:
- In the process of membership registration and Service use, the personal information is collected when the information is directly entered after obtaining prior consent from the information subject.
- Personal information can be provided by a Company affiliated with the Company, and personal information can be collected through consultation process through the customer center, event contest, etc.
However, when handling collected personal information, the members shall inform the information within three days from the member’s request (excluding holidays and non-business days) unless there is a justifiable reason.
- Purpose of Using and Collecting Personal Information
The Company uses the members’ personal information only for the following purposes, including managing, developing, providing, and enhancing general Service (including Web/Mobile Web/ Apps) related to www.wextown.com
- Personal information is used for member management, such as identification of member doctors, age verification, user identity, identification of users, membership withdrawal, etc.
- Personal information is used to perform Service such as self-certification, purchase, and payment in accordance with paid content and Service provision.
- Personal information is used for user protection and Service operation, such as prevention and sanctions against acts that interfere with the smooth operation of the Service, delivery of notices such as contract performance and revision of the terms and conditions, preservation of records for identification dispute settlement, and handling of complaints.
- Personal information is used for marketing and promotion purposes, such as providing event information, participation opportunities, and advertising information.
- Personal information is used to analyze Service use records and frequency of access, statistics on Service use, analysis and statistics of users, Service analysis, provision of customized Service according to statistics, and publication of advertisements.
Article 2 (Provide Third Party of Personal Information)
The Company does not provide personal information to the public without the prior consent of the members.
However, personal information can be provided to a third party if the member directly agrees to provide personal information to use the Service of other platforms or affiliates connected to the Company’s Service. However, personal information can be provided to a third party without the consent of the members in any of the following cases:
- In case there is a special provision in the Act or it is inevitable to comply with the Act.
- In the event that public institutions are forced to perform their duties as prescribed by statutes, etc.
- In case the information subject or its legal representative is unable to express his/her opinion or obtain prior consent due to an unknown address, it is clearly recognized that it is necessary for the immediate benefit of life, body or property of the informant or a third party;
Article 3 (Consignment of Processing of Personal Information)
The company may entrust some of the tasks necessary to provide the service to external companies.
The company and the trustee sign a consignment contract by document. In addition, the company manages and supervises trustees to process personal information only for the purpose of consignment work, not to process personal information of users beyond that purpose, and to safely process personal information. In the event that the contents of the consignment service or the trustees are changed, we will disclose it through this personal information processing policy without delay.
1. The company entrusts the following personal information processing business for smooth personal information business processing.
Trustee: Samjung Data Service Co., Ltd.
Contents of consigned work: email sending service, SMS sending service
Retention period: When the member withdraws or ends the consignment contract
Trustee: NICE evaluation information
Contents of consigned work: identity verification
Retention period: Not held separately
Consignee: KG Mobilians, Eximbay
Contents of consigned work: Payment (credit card, bankbook, real-time account transfer, paper voucher and other payment methods)
2. When signing a consignment contract, the company shall specify in the documents such as contracts the matters related to responsibilities such as prohibition of processing personal information, technical management protection measures, restrictions on re-trust, management oversight of trustees, compensation for damages, etc. We supervise the safe handling of personal information.
Article 4 (Period of Retaining, Using and Destructing Personal Information)
- Period of Retaining and Using Personal information
The Company destroys the personal information without delay unless there are legitimate reasons, such as when the personal information retention period has expired or the business is closed, when the user requests to destroy the personal information or withdraws consent to collect and use it. Exceptions shall be made in the following cases:
- In the event that a Service contract is terminated due to a member’s application for withdrawal from the Service contract, the Company shall keep the minimum information necessary for the operation, such as ID (including e-mail), name or name, contact details, transaction details, and performance data of the agreement for one year after termination of the Service contract, provided that it is deemed reasonable to protect investors and to avoid any restrictions set in this Agreement.
- For members whose Service contract has been terminated by the Company or who have been restricted from using the Service, the minimum necessary information, such as ID (including e-mail), name or name, contact number, address, termination and membership suspension, shall be kept for one year after termination of the Service contract for the purpose of verifying the reason for refusal to accept the Service contract.
- In order to prevent fraudulent use of the Service, the member’s fraudulent use records are kept for one year from the time of the fraudulent use. On the other hand, if the Act stipulates the storage of information for a certain period of time, the personal information shall be kept accordingly, and this information shall not be used for any other purpose.
Act on Consumer Protection in Electronic Commerce, etc.
- Records on contracts or withdrawal of subscriptions: Storage for 5 years
- Records on payment and supply of goods: Storage for 5 years
- Records on consumer complaint or dispute handling: Storage for 3 years
Electronic Financial Transaction Act
- Records on e-finance: Storage for 5 years
Protection of Communications Secrets Act
- Login history: 3 months
- In the event that the personal information manager needs to preserve it without destroying it, the personal information or files concerned are stored and managed separately from other personal information.
- Procedure and Method of Destructing Personal Information
The procedures and methods for destroying personal information are as follows.
A. Destruction Procedure
The Company selects personal information for reasons of destruction and destroys personal information 30 days before the expiration of the member’s personal information storage institution by e-mail, written, telephone or similar, informing the user of the fact that the personal information is destroyed, expiration date, and items of personal information that are destroyed by the member’s personal information protection manager.
B. How to Destroy
Personal information recorded and stored in electronic file form is destroyed so that records cannot be recovered and replayed. Personal information recorded in paper documents is destroyed by grinding or incineration with shredder.
Article 5 (Rights of Users and Legal Representatives and How to Exercise Them)
The members may not agree to collect, use or provide personal information of the Company. However, the use of all or part of the related Service may be restricted in this case. The members may withdraw their consent at any time, even if they have already agreed to collect, use or provide personal information. In addition, the member may ask the Company to review or provide the following matters concerning him or her, and in the event of an error, the member may request the Company to correct them.
- The personal information of the member in question held by the Company.
- The status of the Company using the members’ personal information or providing it to a third party.
- Status of collecting, using and providing personal information to the Company
The above rights may be exercised through written, e-mail, or fax, and the Company will take necessary actions without delay. In the event a member requests correction of personal information errors, etc., the Company does not use or provide the personal information until the correction is completed. However, personal information can be used or provided when requested to provide personal information in accordance with other laws. If the wrong personal information is already provided to a third party, the correction result will be notified to the third party without delay so that the correction can be made. Such members’ rights may be exercised through their legal representatives or agents, such as those entrusted with them. In this case, you must submit a letter of attorney.
Article 6 (Matters Regarding Installation, Operation and Rejection of Automatic Collection Device of Personal Information)
The Company installs and operates cookies that store and retrieve members’ information from time to time. “Cookies” are small document files installed on your web browser, computer hard drive, or mobile device to help you remember webWebsite visitors from within the Website, and cookies contain information sent to your computer hard drive.
- Purpose of cookie use: Efficient management of the Website, such as analyzing the frequency of connections between members and non-members, identifying the users’ tastes and interests, tracking their tracks, and identifying the degree of participation in various events and number of visits, and providing personal Service.
- Installing, operating, and rejecting cookies: The members have the option of installing cookies. Therefore, the member may allow all cookies by setting options in a web browser, check each time the cookies are saved, or refuse to save all cookies. However, if a member refuses to install cookies, there may be a restriction on the use of some Service.
Article 7 (Technical and Administrative Protection Measures of Personal Information)
In handling the members’ personal information, the Company takes the following technical and administrative measures in accordance with Article 28 of the Information and Communications Network Act to ensure safety in order to prevent personal information from being lost, stolen, leaked, tampered with or damaged.
- Establishing and implementing an internal management plan to safely handle personal information
- Installation and operation of access control devices, such as intrusion prevention systems, to block illegal access to personal information
- Measures to prevent forgery and modification of access records
- Security measures using encryption technology to safely store and transmit personal information
- Measures to prevent infringement by computer virus, such as installation and operation of antivirus software
- Other protective measures required to secure personal information safety
The members can contact the personal information protection manager and the person in charge for all personal information protection inquiries, complaint handling, damage relief, etc. generated when using the Company’s. The Company will respond and process the user’s inquiries without delay.
Article 9 (Enactment and Amendment of Personal Information Processing Policy)
Revision Date: This Agreement was revised on May 15, 2020.
Effective Date: The amendment will take effect on May 22, 2020.