TOAST File Collection of personal information

NHN Corp. (the “Company”) has abided by regulations for telecommunications providers related to protection of personal information, such as Act on Promotion of Information and Communications Network Utilization and Information Protection, Personal Information Protection Act, Protection of Communications Secrets Act, and Telecommunications Business Act, so as to make the best efforts in protecting user’s rights by specifying privacy policy in accordance with relevant regulations.

The Privacy Policy shall be applied to TOAST File Service (the “Service”), and includes the following:

  1. 1. Collecting Items and Methods of Personal Information
  2. 2. Purpose of Collecting and Using Personal Information
  3. 3. Sharing and Disclosing of Personal Information
  4. 4. Assignment of Personal Information
  5. 5. Retention and Usage Period of Personal Information
  6. 6. Procedure and Method of Disposal of Personal Information
  7. 7. Rights of Users and Legal Representatives and How to Exercise
  8. 8. Installation/Operation and Rejection of Automatic Collecting Device of Personal Information
  9. 9. Customized Online Ads
  10. 10. Technical/Administrative Protection of Personal Information
  11. 11. Contact of Privacy Manager
  12. 12. Others
  13. 13. Obligation of Notification

1. Collecting Items and Methods of Personal Information

  1. A. Personal Information Items to Collect

    • Following personal information is provided for the use of services via external platform accounts:
      • – For PAYCO users: PAYCO ID (email or mobile phone number), PAYCO user number
      • – For Facebook Users: User number of Facebook/ (optional) Email
      • – Naver Users: User number of Naver/ (optional) Email
      • – APPLE Users: User number of APPLE/ (optional) Email
    • User information shall be collected as follows in the process of subscription:
      • - Service ID, Email
    • Information as below may be created and collected in the process of service use:
      • - IP Address, cookies, date and time of visit, record of use, record of bad use, device information for mobile service (e.g. device model, OS type, telecom provider, hardware ID, ad ID, and basic statistics for service use), history of application installation and use, record of payment and purchase, user’s location information with the consent of Terms of Use for location-based service
    • Following information may be collected, with user’s consent, for each service:
      • - When it was agreed to collect further personal information by the user
  2. B. Methods of Personal Information Collection

    • The Company shall collect personal information in the following methods:
      • - On website or mobile devices, in a written format, by fax or phone, via bulletin, email, application for events, or request for delivery
      • - As provided by partner companies
      • - Via collecting tool of created information

2. Purpose of Collecting and Using Personal Information

  • The Company shall use collected personal information for the following purposes:

    • - To provide services as promised; authenticate with service provided; purchase and pay prices; process refunds; deliver products and services; and for other general customer services.
    • - To manage members: confirm intent of subscription, check age and get consent of legal representatives; confirm identity of users and legal representatives; identify users; confirm intent of withdrawal; and process inquiries or complaints.
    • - To protect users and safely operate services; restrict service use of the members who violate relevant laws and Terms of Services; prevent and sanction activities that block flawless service operations, including unjust uses and unauthorized activities; prevent theft of account and illegal transaction; deliver notification; and, to retain records for the mediation of conflicts.
    • - To provide services based on features of demographic statistics, analyze frequency of access, improve functions, draw statistics on the service use, and to provide new services (including recommendations for customized products) by reflecting user’s tendency for product purchase and service use, interest, and analysis upon records of service use, on the back of service analysis and statistics.
    • - Also to provide information on events or advertisement, as part of event and promotional purposes.

3. Sharing and Disclosing of Personal Information

The Company shall use personal information of its users as specified in “2. Purpose of Collecting and Using Personal Information” and shall not use it without user’s prior consent or not disclose it on principle. Nevertheless, exceptions shall be applied for the following cases:

  • - When it is required to pay for services
  • - When it is demanded by an investigative agency according to legal regulations, or to the procedure and method set by law, for investigation

4. Assignment of Personal Information

  •  The Company shall assign personal information as below for service enhancement and specify requirements to safely manage personal information when it is assigned by contract. Following companies are assigned with personal information, and the details are as follows:

    Consignment of personal information processing
    Assigned Company Assigned Tasks Retention and Usage Period of Personal Information
    NHN Service (Corp.) Support for customer service, Purchase and deliver event gifts, Test services, and provide technical support On withdrawal of membership or
    expiration of assignment contract
    AmtWelb Inc.,
    LogisLink Inc,
    SmartCon
    Supply and deliver event gifts
    Bridgetec Inc. Operate customer service system
    NHN ST Develop customer service system
    InfoBank, BizTalk (re-assignee for Kakao Alimtalk of InfoBank) Deliver text or Kakao Alimtalk messages
    NHN ACE Analyze logs
    NHN PAYCO Corp. Operate payment with PAYCO and billing system. Operate CMS auto-transfers
    SCI Information Service Inc. I-PIN authentication Not saved additionally, since such information is already owned or available at each company
    NHN KCP Corp.,
    Hyosung FMS Inc.
    Registration and payment with Credit Cards/Bank Transfer
  • Following are assigned to NHN Entertainment’s foreign corporation stationed outside of Korea:

    • - Assignee: NHNST (NHN Service Technology Corp.)
    • - Country of Assignee: China (大连慧搜网络技术有限公司 大连市高新园区火炬路3号纳米大厦18楼)
    • - Business Hours and Method of Operations: Access systems in time for consultation system development
    • - Information Manager: cho_woosung1@nhn-st.com
    • - Assigned Personal Information Items: ID, contact, and email of customers processed for customer services
    • - Purpose of Assignment: Developing consultation system for customers
    • - Retention and Usage Period of Personal Information: No personal information shall be retained by assignees but retrieved until assignment contract is terminated

5. Retention and Usage Period of Personal Information

The Company, on principle, shall retain user’s personal information until user’s withdrawal. Following information shall be retained during specified periods due to following reasons, even after member withdraws.

  1. A. Cause of Retention in Accordance with Relevant Acts

    The Company shall retain user’s information, if required, during specific periods set by relevant acts, in accordance with regulations, including Act on Consumer Protection in Electronic Commerce, etc. In this case, the Company shall use such information for the sole purpose of retention during the following periods:

    • - Log Records on Service Use
      Cause of Retention: Protection of Communications Secrets Act
      Retention Period: 3 Months
    • - Records on Handling Consumer Complaints or Conflicts
      Cause of Retention: Act on the Consumer Protection in Electronic Commerce, Etc.
      Retention Period: 3 Years
    • - Records on Cancellation of Contracts or Applications
      Cause of Retention: Act on the Consumer Protection in Electronic Commerce, Etc.
      Retention Period: 5 Years
    • - Records on Payment and Supply of Products
      Cause of Retention: Act on the Consumer Protection in Electronic Commerce, Etc.
      Retention Period: 5 Years

6. Procedure and Method of Disposal of Personal Information

Personal information, on principle, shall be immediately disposed once the purpose of its collection and use is attained. Nevertheless, the Company shall dispose of or separately save personal information of the members who have no records of service use for a year, according to ‘Valid Period of Personal Information’.
The procedure and method of disposal are as follows:

  1. A. Procedure of Disposal

    User information entered for subscription shall be relocated to a separate database (a separate document container, for papers), after the purpose is attained, to be saved for certain periods in terms of protection of information (see Retention and Usage Period), according to internal policy and relevant acts. Such personal information shall not be used for other purposes than retention due to regulations.

  2. B. Method of Disposal

    Personal information printed on papers shall be shredded or burned.
    Its electronic versions shall be deleted by technological methods to prevent playing records.

7. Rights of Users and Legal Representatives and How to Exercise

Users and legal representatives of children below 14 years are entitled to retrieve or modify registered personal information at any time, and may reject the consent or request for subscription cancellation (withdrawal), if they do not agree with the Company for processing of personal information. However, in such cases, partial or the whole service may not be available.

To retrieve or modify users or children below 14 years, users shall identify themselves to ‘Change Personal Information (or, ‘Modify Member Information’), or “Withdraw from Membership” to cancel subscription (Withdraw Consent), and then open, modify or withdraw, respectively.

Contact our privacy manager by phone, email or in person, for immediate response.

In case a user requests for correction of personal information, such information shall not be used or provided until it is corrected. Furthermore, if invalid personal information has already been shared with a 3rd party, result of correction shall be immediately notified to the 3rd party to apply such correction.

The Company shall handle cancelled or deleted personal information, at the request of users or legal representatives, in accordance with “5. Retention and Usage Period of Personal Information”, and shall prevent inspection or use of such information for other purposes.

8. Installation/Operation and Rejection of Automatic Collecting Device of Personal Information

  1. A. What is a Cookie?

    The Company makes use of “cookies” to save and import user information any time, so as to provide personalized and customized services. Cookies refer to very small text files sent by a server used to operate a website, to a user’s browser, and they are saved in a hard drive on user’s computer.

  2. B. Purpose of Use

    Cookies are applied to analyze each service of a company, used by a user, as well as the use type, and to provide the user with the most customized information.

  3. C. Installation/Operation or Rejection of Cookies

    A user has an option to install cookies or not. With the option setting on a web browser, cookies may be allowed or rejected for saving at all times, or confirmed every time to be saved.
    Nevertheless, the rejection of cookie saving may cause difficulties in using some services requiring logins.
    How to Enable Cookie Installation

    1. ① For Internet Explorer: Go to [Tools] > [Internet Option] > [Personal Information] > Change [Settings]
    2. ② For Chrome: Go to Menu on the top right: [Settings] > [Advanced] > [Content Setting] > Enable [Cookies]
  4. D. Installation/Operation of Cookies for Mobile Services

    The Company may use “cookies” on mobile devices (e.g. smart phones, or tablet pc) to provide same or similar internet environments as pc. However, the Company shall not randomly collect cookies of 3rd parties, including personal information, without user’s explicit consent. You can still select to allow cookies on mobile devices with the setting of a web browser. In most cases, cookies may be allowed in Settings of a mobile web browser or deleted as a whole, although it may differ from operating systems or web browsers of each device. In any case, when cookies are rejected from saving, service use may be restricted when login is required.

    1. ① For Chrome: Go to Menu on the top right: [Settings] > [Site Setting] > Enable [Cookies]
    2. ② For Safari: [Settings] > [Safari] > [Block Cookies] > Settings

9. Customized Online Ads

  • The Company allows the advertisers as below, to collect online user’s activities through an analysis tool for information created within company services and use them to deliver customized ad services.

    • - NHN Ace Corp. and Google

10. Technical/Administrative Protection of Personal Information

The Company is coming up with technological/administrative means to secure safety in processing personal information so that it shall not be lost, stolen, leaked, or damaged.

  1. A. Encryption of Personal Information

    The Company encrypts personal information, such as password, as required by acts, and takes additional security measures for important data, by encrypting files and data transfer, so as to protect user’s personal information.
    Password of member ID shall be encrypted for saving and management, hence kept to the owner only, and its confirmation and change shall also be made available only by the owner.

  2. B. Measures against Hackings

    The Company is striving hard not to cause member’s personal information to be leaked or damaged by hackings or computer viruses. To prepare against damage of personal information, data backup is randomly executed while the most updated vaccine program is applied not to leak or damage user’s personal information or data; encrypted communication is used to safely transmit personal information through networks. In addition, unauthorized access from outside is controlled by intrusion blockage system, while all possible technological means are to be equipped to attain security systematically.

  3. C. Minimization and Training of Personnel

    Privacy policy shall be dealt with by restricted number of personnel with password provided for the sole purpose, while training is provided at all times to emphasize the obedience of privacy policy.

  4. D. Operation of Specialized Privacy Team

    The Company is running a specialized privacy team to track execution of Privacy Policy and obedience by privacy managers so as to immediately correct any problems or wrongdoings. However, the Company shall not take any responsibilities whatsoever for any issues arising out of exposure of personal information, such as ID or password, due to user’s negligence or internet errors.

11. Contact of Privacy Manager

  • The Company has specified a representative for the protection of personal information who collects opinions and handles complaints related to personal information. You may contact our representative or relevant department to report all issues related to personal information which may arise while using the service. The Company shall respond with speed and sufficient feedbacks to your needs.

    Representative of Personal Information Protection Name: Sunyoung Hwang
    Team/Position: Legal Policy Group/ Managing Director
    Email: privacy_ne@nhnent.com
    Phone Number: 1544-6859
  • To report or ask for consultation on intrusion of personal information, contact the following institutions:

    • - Privacy Intrusion Report Center of Korea Internet & Security Agency (http://privacy.kisa.or.kr, or118)
    • - Cyber Investigation Team, of Supreme Prosecutor’s Office (http://www.spo.go.kr, or 1301)
    • - National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr, or 182)

12. Others

Please be informed that this Privacy Policy shall not be applied to the web pages which are linked to services provided by the Company, for their collection of personal information.

13. Obligation of Notification

In case the current version of Privacy Policy needs to be added, deleted, or modified, it shall be notified via “Notification” on the website at least 7 days before revision. However, if there is any significant change in user’s rights, such as collecting and using, or sharing personal information with 3rd parties, it shall be notified at least 30 days before.

Version : v11.0
Notified Date : July 22, 2020
Effective Date : July 29, 2020