1. Purpose of the collection and use of personal information
The Company collects only the minimum amount of personal information for the purpose of providing services for the following, and shall not disclose it to the outside parties such as providing it to a third party, or use the collected information outside the purpose without user's consent.
① Contract fulfillment on service provision and implementation of service function
② Membership management: authentication, personal identification, confirmation of decision to register, prevention of violation of Terms of Service and fraudulent use of the Service, handling of complaints, delivery of notices, etc.
③ Use for new service development and marketing advertisement: provision of new service development and customized service, provision of the Service and ad serving based on statistical characteristics, verification of the service validity, provision of event and advertisement information and opportunities to participate, assessment of frequency of access, statistics on the service use of the Members
2. Personal information to collect and collection method
The Company collects personal information in the following cases:
Purpose of Collection
Information to be Collected
Retention and Use Period
Authentication and consent to the use of the Service at the time of registration
Mobile phone number
Encrypted information will be deleted when not in use for 1 year.
Basic information required for using the Service
Nickname, email address, gender, age, profile image
Will be immediately deleted at the time of membership withdrawal.
Social account UUID or encrypted phone number will be retained for 20 days until destroyed to prevent fraudulent use.
Account information of Kakaotalk, Facebook, Google+, Twitter
Each social media channel account
Retained. Will be deleted at the time of membership withdrawal.
Use of Service
To recommend other users nearest to your location
Retained. Will be deleted at the time of membership withdrawal.
Use of Service
To handle complaint and grievance
Information of payment and final access
Will be immediately deleted at the time of membership withdrawal. Payment information will be permanently retained for refund and prevention of fraudulent use.
Use of Service
To respond to bad users (spam) and perform CS
Login IP and cookies
Login IP and cookies
Use of Service
Technical purposes for resolving service errors
Terminal type, OS, service distribution version
Will be immediately deleted at the time of membership withdrawal. Member ID, IP, log records will be retained for 1 year to prevent fraudulent use.
Use of Service
To detect bad users (spam) and restrict their use
Will be retained for 3 weeks for the purpose of monitoring and deleted.
* As those are the minimum personal information required to provide the 1km service, the users can only use the Service after they consent.
3. Provision of personal information to third parties
The Company does not disclose personal information to the outside without prior consent of the user. However, the Company provides personal information.in the case where the user directly consents to the provision of personal information in order to use the services of the external affiliate, or the obligation to submit the personal information to the Company in accordance with relevant laws and regulations is imposed, or there is an immediate danger to the user's life or safety requiring a resolution.
Subject to be Provided
Purpose of Provision
Information to be Provided
Retention and Use Period
To detect and block use of bad users in the Talk use
Will be retained for 2 years
For free charge features of "cm" (points)
User number, user name, age, gender, profile picture
Gift N Co., Ltd
To offer information to the users using gift features
Handling with page rendering
* The users are not obliged to consent to the provision of personal information to third parties, and may withdraw their consent at any time. The users may use the registration service even if they refuse to consent, but may be restricted from using some of the related services operated based on the third-party provision.
4. Commissioned processing of personal information
A. The Company may entrust the processing of personal information to others for seamless and improved service. In this case, the Company will inform the user in advance of all the following matters and obtain consent. The same shall apply when any of the following items are changed:
(1) The person/company who is entrusted with personal information processing
(2) Items entrusted to such person/company for personal information processing
B. In case the Company is required to use the contract for the provision of information and communication services and to enhance the convenience of the users, the Company may entrust processing of personal information to others without the notification and consent procedure by disclosing the items of each subparagraph of A above.
C. The Company entrusts the following tasks related to the processing of personal information and takes necessary measures to ensure that personal information is securely managed upon entrustment contract, in accordance with related laws and regulations. The Company takes into consideration the ability of the trustee to protect the personal information at the time of the entrustment contract, and periodically confirms whether the obligation is fulfilled, such as the safe management and destruction of personal information. Also, the information entrusted is limited to the minimum information needed to provide a seamless service.
Data storage/management including personal information with use of Google cloud server
5. Transfer of personal information overseas
The Company does not transfer personal information overseas without the prior consent of the user. However, if the user directly consents to the transfer of the personal information overseas in order to use the Company service, the personal information will be transferred to the outside of the country.
A. The Company shall notify the users of all the following matters in entrusting the personal information processing of the user outside the country in accordance with the related laws when it is necessary for the implementation of the contract on the provision of the information and communication service or for the improvement of the convenience of the user.
(1) Personal information items to be transferred
(2) Country, date and time of transfer of personal information
(3) The name of the person to whom the personal information is transferred (in the case of a corporation, the name and contact information of the personnel in charge)
(4) Purpose of personal information use of the person to whom the information is transferred and the period of use and retention of such information
B. In case the Company is required to use the contract for the provision of information and communication services and to enhance the convenience of the users, the Company may transfer the personal information overseas without the notification and consent procedure by disclosing the items of each subparagraph of A above.
C. The Company transfers the following information for the processing of personal information, and takes necessary measures to ensure that personal information is managed safely when transferred outside the country in accordance with the relevant laws and regulations. The Company shall take into consideration and check periodically the ability of the person to be transferred when transferring the information overseas.
Personal information items transferred
Country to which the information is transferred
Transfer date and time
Purpose of personal information use of the recipient
Retention and use period
Images registered through 1km, Say posts, profile images
ID, access log and activity information
Paid item purchase information, etc.
United State of America (USA)
Using Google Cloud servers
To transfer data of the service use to Google cloud server to provide safer and faster service
Retained until the end of service and membership withdrawal of the users
* Contact information pf the recipient: www.cloud.google.com
6. Retention and use of personal information
A. The Company retains and uses the personal information of the user for the period of notice and agreement in principle, and destroys without any delays if the purpose of collection and use of personal information is achieved or there is a request from the users. However, the following information will be retained for the period specified below for the following reasons.
Related laws and policies
Information to be collected
Protection of Communications Secrets Act
To provide upon request by the investigating agency through a court warrant
Service access record, IP, etc.
Information and Communication Network Act
Nickname, email address, mobile phone number, last access IP, last access environment, last access date, APP version, device identification ID, device classification type
until the end of service
To prevent fraudulent use
Illegal use record (posting record of bad or abnormal, obscene and harmful content), member ID, IP, log record
B. Beginning August 18, 2015, based on Article 29 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Company notifies the user in advance and destroy, or separately store and manage the personal information when the user have not used the Service for a year. If requested by the user, the above period may be set differently. However, if it is necessary to store the personal information of the users based on the related laws such as the Protection of Communications Secrets Act and Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, etc., such information will be retained for a certain period of time as specified in the pertinent laws.
C. The Company shall notify the users of the following through a notice, email, etc: the fact that their personal information will be destroyed or separately stored/managed up to 30 days before the expiration date in the subparagraph B above, the expiration date, and items of such personal information. To this end, the user must provide/correct the contact information to the Company.
7. Procedures and methods of personal information destruction
In principle, if the purpose of processing personal information is accomplished, the Company destroys the personal information without any delays using the following procedure and method as follows:
① Destruction procedure
After the purpose of collection has been achieved, the information entered by the user for membership registration and the information recorded during the use of the Service will be destroyed either immediately or after being transferred to a separate DB and then stored in the DB for a certain period based on the internal policy and other related laws. In this case, the personal information transferred to a separate DB will not be used for any purpose other than by law.
② Destruction method
- The information in the form of an electronic file will be deleted using a technical method that cannot reproduce the record.
- Personal information printed on paper will be shredded by a shredder or destroyed by incineration.
8. Application and rejection of cookies
A. Purpose of cookies
① In order to provide a customized service, the Company uses a 'cookie' which stores and loads the information of the user on a frequent basis. A cookie is a small amount of information that a website server sends to the user's web browser and is stored on the hard disk of the computer of the user.
B. Installation/application and rejection of cookies
① The users have the option to install cookies. Therefore, the users can allow or reject all cookies by adjusting the options in their web browser, or can have the cookies checked every time they are saved.
- Following is how to adjust the setting to allow cookies (for Internet Explorer):
From the Tools menu, select Internet Options.
Click the Privacy tab.
Adjust the slider to block or allow all cookies
② If the users refuse to store cookies, some services provided by the Company, such as customized services, may be difficult to use.
9. Rights and practices of users and legal representatives
The users or the legal representatives may exercise their privacy rights at any time for themselves or for children under the age of 14. If the users or the legal representative do not consent to the processing of the Company's personal information processing, they may withdraw from the consent or request membership withdrawal. However, in this case, some or all part of the Service may be restricted to use.
① Personal information can be edited by pressing "Edit personal information" (or "Edit member information"), and membership withdrawal can be made through "Unregister" tab in the app, and it will be completed after a certain authentication process.
② When the users contact the person in charge of personal information management in writing, by phone or email, the Company takes action without delay.
③ When the users request correction of an error of their personal information, their personal information will not be used or provided until the correction is completed. Also, if wrong personal information has already been provided to a third party, the Company will notify the third party without delay and correct the processing.
④ The personal information that has been revoked or deleted at the request of the users or legal representatives will be handled in accordance with "6. Retention and use of personal information" and will not be used or viewed for any other purposes.
10. Technical and administrative protection measures of personal information
In handling personal information of the users, the Company takes the following technical and administrative protection measures to ensure the safety of personal information so as to prevent loss, theft, leakage, alteration or damage of personal information.
A. Encryption of personal information
The passwords of the users are stored and managed in one-way encryption. Only the person who knows the password can confirm or change the personal information. A password generation rule has been established and applied so that passwords do not contain numbers that are easy for others to guess, such as the user's birthday and phone number. Personal information such as social security numbers, alien registration numbers, bank account numbers, and credit card numbers are encrypted and stored and managed using a secure password algorithm.
B. Measures against hacking
The Company operates an intrusion detection and prevention system 24 hours a day to prevent the personal information from being leaked by intrusion in the Company information networks such as hacking. In case of emergency, all Intrusion Detection System and Intrusion Prevention System are configured and operated with redundancy, and sensitive personal information is transmitted securely over the network through encrypted communication.
C. Minimization and training of personnel in charge of personal information
The Company limits the number of personnel in charge of personal information of the Company to a minimum, and recognizes the importance of protecting personal information through administrative measures such as educating the personnel in charge of personal information processing.
D. Operation of department in charge of privacy protection
In order to protect the personal information, the Company is operating a dedicated department for protecting personal information, checking execution of personal information processing policy and compliance of the personnel in charge, and making effort to correct any problems in an immediate manner when they are found.
11. Responsibility for website links
12. Personnel and department in charge of personal information protection
The Company is doing its best to ensure that the users use the Service safely. The users can report all personal information protection complaints related to the Service use to the department in charge, and the Company responds promptly and faithfully to such report.
A. Personnel responsible for personal information protection
Name: Kim Yeongho
B. Personnel in charge of personal information protection
Name: Choi Chi-woong
To report or consult about other personal information infringement, please contact the following organizations.
Personal Information Dispute Mediation Committee Tel: (no area code) 118
Personal Information Infringement Report Center Tel: (no area code) 118
Supreme Prosecutors' Office, Advanced Criminal Investigation Center Tel: 02-3480-2000
Korean National Police Agency Cyber Bureau Tel: (no area code) 182
If there is a change in the personal information processing policy, the Company will notify the users through in-app or website announcements, or emails at least 7 days before the effective date of the revised personal information processing policy.
14. Revision history
The current personal information processing policy may be changed according to the policy of the government or the Company. If there is any addition, deletion or modification of the content, advance notice shall be made on the website or email 7 days prior to enforcement. This policy will be enforced from the date of notification. However, if important matters such as the purpose of collection and use of personal information, third party company provided with personal information, etc. are added, deleted or modified, it will be notified 30 days in advance and it will be implemented after 30 days. In addition, in the event that there is any addition or change related to the matters requiring separate consent of the users in accordance with the related laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., including Collection and Utilization of Personal Information, and the Third Party Provision, the Company shall receive separate consent from the users.
Notice date: October 1, 2016
Effective date: October 9, 2016