INTIN Co., Ltd. (hereinafter referred to as the “Company”) processes and safely manages personal information in accordance with the provisions of the Personal Information Protection Act and related laws. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the following processing policies are established and disclosed to protect users’ personal information and rights and to smoothly handle users’ grievances related to personal information.
1. Purpose of processing personal information
The company processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following, and if the purpose of use is changed, separate prior consent will be sought in accordance with Article 18 of the Personal Information Protection Act.
A. Membership registration and management
Personal information is processed for the purpose of confirming the intention to sign up, maintaining and managing membership qualifications, preventing fraudulent use of services, and preserving records for dispute settlement.
B. Provision of goods or services
The company processes personal information for the purpose of service provision, content provision, data collection for statistics, customized service provision, and self-identification.
C. Use for marketing and advertising
Personal information is processed for the purpose of developing new services and providing customized services, providing event and advertising information and participation opportunities, providing services and advertising based on demographic characteristics, validating services, identifying access frequency, or statistics on users’ service use.
2. Items of personal information to be processed
The company is processing the following personal information items.
A. Membership registration and management
– Required items: password, date of birth, login ID, mobile phone number, name, email
– Optional items: physical information, medical information (dose, disease name, hospital information)
B. Provision of goods or services
– Required items: Payment information such as name, date of birth, ID, password, address, phone number, email address, iPin number, credit card number, bank account information, etc
– Optional items: Interests, past purchases
C. Use for marketing and advertising
– Optional items: email address, mobile phone number
3. Matters concerning the processing of personal information of children under the age of 14
A. When collecting personal information for children under the age of 14, the company collects minimum personal information (the name of the legal representative, relationship with the child, contact information) necessary to perform the service with the consent of the legal representative.
B. When collecting children’s personal information for the company’s service-related promotion, the company obtains separate consent from their legal representative.
C. When obtaining the consent of the child’s legal representative regarding the processing of personal information, the company verifies that the legal representative has agreed in one of the following ways.
(1) A method of having a legal representative indicate the consent on an app or Internet site where the consent was posted and notifying the personal information controller of the consent by a mobile phone message of the legal representative
(2) A method of having a legal representative indicate the consent on an app or Internet site where the consent was posted, and verifying the identity of the legal representative through mobile phone personal identity verification
(3) Method of sending an e-mail with the contents of consent and receiving an email with the expression of intention of consent from a legal representative
(4) Other methods of informing the legal representative of the consent and confirming the expression of intention of consent in the same manner as above
4. Processing and retention period of personal information
The company processes and retains personal information within the period of retention and use of personal information or the period of use agreed upon when collecting personal information from the data subject under the Act.
A. The period for processing and holding personal information for each purpose is as follows.
(1) Membership registration and management: Until the end of service use
(2) Provision of goods or services: Until the completion of service supply and payment and settlement of charges
(3) Use in marketing and advertising: 1 year (However, it can be extended with the consent of the user)
Provided, That if the minimum preservation period is stipulated in the following Acts and subordinate statutes, the relevant period or more
- Act on Consumer Protection in Electronic Commerce, etc
- Records of marking and advertising: 6 months
- Record of supply of contract or subscription withdrawal, payment, goods, etc.: 5 years
- Records of consumer complaints or dispute settlement: 3 years
- Basic Law on Electronic Documents and Electronic Transactions
- Records on the distribution of electronic documents through authorized electronic addresses: 10 years
- Communications Secrets Protection Act
- Log-in records, tracking data of access destinations: 3 months
B. Personal information that has achieved the purpose of collecting and using personal information, such as withdrawal of membership, termination of service, and arrival of personal information retention period agreed by users, is destroyed in a non-restorable manner.
C. Information imposed by laws and regulations is also destroyed in a manner that cannot be reproduced without delay after the expiration of the relevant period. In the case of electronic files, they are safely deleted using technical methods to prevent recovery and playback, and outputs are destroyed by crushing or incineration.
D. The personal information of users who have not used the service for one year is separately stored or deleted.
5. Provision of personal information to third parties
A. The company shall provide personal information to a third party only if it falls under Article 17 or 18 of the Personal Information Protection Act, such as with the consent of the information subject or if there are provisions based on the law.
B. The company provides personal information to third parties as follows. (Updated in case of further occurrence)
|Purpose of Use
|Retention and use period
6. Entrustment of personal information processing
A. When signing a personal information consignment contract, the company performs consignment work in accordance with Article 25 of the Personal Information Protection Act.
B. The company entrusts the following personal information processing tasks for smooth processing of personal information.
|The consigned company
|Retention and use period
|CJ Korea Express
|product delivery service
|5 years from date of delivery
C. According to Article 25 of the Personal Information Protection Act, the company stipulates the prohibition of personal information processing, technical and management protection measures, restrictions on re-entrustment, management and supervision of the trustee, and supervises the safe handling of personal information.
D. The company will disclose the contents of the entrusted work or the trustee through this personal information processing policy without delay.
7. Rights and obligations of the information subject and how to exercise them
Users can exercise the following rights as personal information subjects.
A. Users can exercise the following personal information protection-related rights against the company at any time.
– Request for personal information access
– Request correction if there is an error, etc
– Delete Request
– Processing stop request
B. The exercise of rights under paragraph A. may be conducted in writing, e-mail, fax, etc. in accordance with attached Form 8 on how to process personal information, and the company will take action without delay.
C. If a user requests correction or deletion of personal information errors, etc., the company will not use or provide the personal information until the correction or deletion is completed.
D. The exercise of rights under paragraph (a) may be carried out through a legal representative of the information subject or an agent such as a person who has been delegated. In such cases, a power of attorney under attached Form 11 shall be submitted for notice on the method of processing personal information.
8. Destruction of personal information
In principle, if the purpose of processing personal information is achieved, the company destroys the personal information without delay. The procedure, time limit, and method of revocation are as follows.
A. Procedures for Destruction.
The information entered by the user is transferred to a separate DB after achieving the purpose (a separate document in the case of paper) and stored for a certain period of time in accordance with the internal policy and other related laws and regulations, and then immediately destroyed. At this time, the personal information transferred to the DB is not used for any other purpose except in the case of law.
B. Time limit for destruction
The user’s personal information shall be destroyed within five days of the end of the retention period, and if the personal information becomes unnecessary, such as the purpose of processing the personal information, abolition of the service, and business termination.
C. Method of destruction
Information in the form of an electronic file uses a technical method in which records cannot be reproduced. Personal information printed on paper is destroyed by crushing with a shredder or incineration.
9. Measures to ensure the safety of personal information
In accordance with Article 29 of the Personal Information Protection Act, the company takes technical, administrative and physical measures necessary to ensure safety as follows.
A. Password encryption
The password of the member’s email address (ID) is encrypted and stored and managed, so only the person who knows the password can check and change personal information.
B. Countermeasures against hacking, etc
The company is doing its best to prevent members’ personal information from being leaked or damaged by hacking or computer viruses. Data is backed up frequently in preparation for personal information damage, users’ personal information or data is prevented from being leaked or damaged using the latest vaccine program, and personal information can be safely transmitted on the network through encryption communication. The company uses intrusion prevention systems to control unauthorized access from outside, and is equipped with all the other technological devices available to ensure system security.
C. Minimization and training of handling staff
The company’s personal information processing staff is limited to the person in charge, and a separate password is assigned for this purpose, and the company always emphasizes compliance with the company’s personal information processing policy through occasional training.
D. Restriction of access to personal information
The company takes necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and uses the intrusion prevention system to control unauthorized access from outside.
E. Operation of a dedicated organization for personal information protection
The company tries its best to check the implementation of the company’s personal information processing policy and the compliance of the person in charge through an in-house personal information protection organization so that if a problem is found, it can be corrected and corrected immediately. However, the company is not responsible for any problems caused by the leakage of personal information such as ID, password, and resident registration number due to the user’s carelessness or Internet problems.
10. Matters concerning the collection, use, provision, refusal, etc. of behavioral information
A. In the process of using the service, the company collects and uses behavioral information to provide customized services, benefits, and online customized advertisements to the information subject.
B. The company collects behavioral information as follows.
|Behavior information items to collect
|Behavioral Information Collection Method
|Purpose of collecting behavioral information
|Period of retention and use and the method of processing information afterwards
|User’s website and app service visit history, search history, payment history, purchase history
|– Installation and operation of cookies that store users’ information and find it from time to time
– Automatic collection and transmission through the information collection tool generated when a user visits a web/app site
– Automatic collection and transmission through the user’s generation information collection tool when running the app
|– Provide personalized information (including advertisements) optimized to users by analyzing each service and usage type of the company used by users
– Provide differentiated information and personalized services based on individual interests
– Other user behavior information can be analyzed and used as a measure of new product development and service reorganization
|Hold and delete for 2 years from collection date
C. The company allows online customized advertising operators to collect and process behavioral information as follows.
– Advertisers who want to collect and process behavioral information (will update the terms and conditions at the time of selection)
– Behavioral information collection method: Automatic collection and transmission when users visit our website or run an app
– Behavioral information items collected and processed: user’s web/app visit history, search history, and purchase history
– Holding and use period: 2 years
D. The company collects only the minimum behavioral information necessary for online customized advertisements, and does not collect sensitive behavioral information that may clearly infringe on individual rights, interests, or privacy, such as thoughts, beliefs, family and relatives, academic background, and other social activities.
E. The company does not collect customized advertising behavioral information from online services that mainly use children under the age of 14 or children under the age of 14, and does not provide customized advertisements to children under the age of 14.
F. The company collects and uses advertisement identifiers for online customized advertisements in mobile apps. The information subject can block and allow customized advertisements of the app by changing the settings of the mobile terminal.
‣ Block/allow ad identifiers on your smartphone
(1) (Android) Settings → Personal Information Protection → Advertising → ③Advertising ID or Delete Advertising ID
(2) (iPhone) Settings → Privacy → Tracking → Allowing apps to request tracking
※ The menu and method may vary slightly depending on the mobile OS version.
G. Users can block and allow customized online advertisements collectively by changing cookie settings on their web browsers. However, changing cookie settings may affect the use of some services, such as automatic website login.
‣ Block/allow customized advertisements through a web browser
(1) Internet Explorer (Internet Explorer 11 for Windows 10)
– In Internet Explorer, select the Tools button, and then select Internet Options
– Select the Privacy tab, select Advanced under Settings, and then select Block or Allow Cookies
(2) Microsoft Edge
– Top right ‘…’ on edge…’ Click Show, and then click Settings.
– Click ‘Personal Information, Search and Services’ on the left side of the settings page, and then click ‘Track Protection’ in the ‘Track Protection’ section
Select a level.
– Select whether to ‘Always use ‘Strict’ Tracking Protection when searching for InPrivate’.
– In the “Personal Information” section below, select “Send No Tracking Request”.
(3) Chrome browser
– In Chrome, click Show ‘⋮’ in the upper right corner (Chrome Customization and Control) and then click Show Settings
– Click “Show Advanced Settings” at the bottom of the Settings page, and click Content Settings in the “Privacy” section.
– In the Cookies section, select the checkbox for Block third-party cookies and site data.
11. Matters concerning the processing of pseudonym information
The company processes personal information collected for scientific research (including industrial research) under pseudonyms so that certain individuals cannot be recognized as follows.
A. Matters concerning the processing of pseudonym information
|Retention and use period
|Personalized Health Care Study
|Region, gender, age, physical information,
time of use, measurement results,
medical information, habits,
and hobbies information
|By the end of the study and analysis
B. Matters concerning measures to ensure the safety of pseudonym information
– Management measures: Establishment and implementation of internal management plans and regular employee training
– Technical measures: Management of access rights to alias information, control of access, prevention of re-identification, and installation of security programs
– Physical measures: Designation and access control of computer rooms, data storage rooms, etc.
12. Person in charge of personal information protection
– Person in Charge: Lee Yujin
– Address: 52, Cheombok-ro, Dong-gu, Daegu
– Phone: 053-963-7575
If you need to report or consult other personal information infringement, please contact the institution below.
– Personal Information Infringement Reporting Center (http://privacy.kisa.or.kr , 118, without country number)
– Cyber Investigation Division of the Supreme Prosecutors’ Office (http://www.spo.go.kr , 1301 without national number)
– Cyber Security Bureau of the National Police Agency (http://www.cyberbureau.police.go.kr , 182 without a country code)
13. Obligation to notify
If the contents of the current personal information processing policy are added, deleted, or revised, it will be notified through the “Notice” on the website at least seven days before the revision. However, if there is an important change in user rights, such as collection and utilization of personal information or provision of third parties, it will be notified at least 30 days in advance.
※ This personal information processing policy will take effect on May 18, 2023.