b.stage provides templates for the purpose of assisting you in publishing the basic items. These are based on the composition of the service and the scope of the provided service. Please refer to these examples and revise accordingly for your business needs and scopes.
Following Privacy Policy has been established and published to protect the personal information of members (hereinafter referred to as "member") using b.stage (hereinafter referred to as "services") offered by [Your Compnay Name]. (hereinafter referred to as "company") is compliant with Article 30 of the Personal Information Protection Act and process pertinent concerns smoothly and seamlessly.
1. Purpose of collection and utilization of personal information
The Company processes the personal information for the following purposes. Personal information processed is not used other than the purpose specified below, and in case of a change in the specified purpose, we intend to take necessary measures compliant to Article 18 of the Personal Information Protection Act, including obtaining separate consent for such changes in the purpose of utilization.
| Type | Purpose of collection and utilization |
| Member management | Identifying user and verifying identity, confirmation of the intention to sign up, prevention of the abuse by a delinquent member, processing of customer requests such as complaints, conveyance of notifications, confirmation of the intention to withdraw membership |
| Utilization of the Services and calculation of the fees for usage | Provision of contents, payment of service fees, sending invoices and fee collections |
| Use in marketing and advertisements | Development of new services and specialization of services, conveyance of promotional information including events, provision of services and exposure to advertisements based on demographic characteristics, obtaining information on access frequency and statistics on a member's use of Services |
| (Additional entry if necessary) |
2. Personal information items collected and method of collection
- The Company collects the following types of personal information.
| Type | Collected and utilized items |
| Upon signing up | (Required) Name, User ID (e-mail), mobile phone number, password |
| Upon buying a product or service. |
(Required) Order information (name, contact information), recipient information (name, contact information, address), and payment information. (Optional) Profile picture, (additional collection items) Name, phone number, date of birth, SNS to connect to) |
| (Additional entry if necessary) |
Additional personal information may be collected in the process of utilizing an individual service; notice shall be given and the consent of the user shall be obtained at the point of collection hereunder.
Information such as Service usage logs, visitation logs, abusive usage logs, IP addresses, cookies, device information may be generated automatically and collected.
The Company collects personal information through the following means.
- If the user provides consent for the collection of personal information and enters the information in process of membership registration and utilization of services, such information provided directly shall be collected.
- The personal information of a user may be collected through the webpage, e-mail, facsimile, or telephone during consultation via the customer service center.
- The personal information may be provided from external companies or organizations partnered with the Company; in such a case, the personal information is handed to the Company after the partnering company obtains consent on providing the personal information from the user in accordance with the Personal Information Protection Act.
- Information generated such as device information may be automatically generated and collected in the process of utilizing the Services on a PC or mobile web environment.
3. Duration of utilization and retention of personal information and method to destroy the personal information
In principle, the Company shall destroy the provided personal information upon fulfilling the purpose of collection or provision of the personal information thereof without delay. However, if separate consent has been obtained in continuous retention and utilization, or the personal information is required to be retained under applicable law, such personal information shall be securely stored and utilized within the scope of the prescribed purpose.
The duration of retention of the personal information by the Company is as follows.
- Withdrawal of membership: Member information is retained for 30 days after the withdrawal of membership (to minimize the risk of damages from indiscreet repetition of signing up and withdrawal, and handle the request to restore due to the change of mind after membership withdrawal).
- For a dormant member who does not have any record of utilizing the services for the past one (1) year, the member information shall be separately stored in accordance with Article 39-6 of the Personal Information Protection Act and Article 48-5 of the Enforcement Decree of the Act.
- The period of retention has been otherwise specified in the applicable law.
| Type | Applicable law | Period of retention |
| Records on contracts and cancellation of subscriptions | The Act on the Consumer Protection in Electronic Commerce, etc. | 5 years |
| Records on payments and supply of the goods, etc. | 5 years | |
| Records on processing customer complaints or disputes | 3 years | |
| Records on labeling and advertisements | 6 months | |
| Ledgers on all transactions as prescribed by the Acts on taxation, and their supporting documents | Framework Act on National Taxes | 5 years |
| Service visitation records | Protection of Communications Secrets Act | 3 months |
The Company shall destroy the information in the following methods based on how the information has been stored:
- Information printed on paper: shred with a shredder or incinerate
- Information stored in the form of electronic files: destroy through initializing or repeated overwriting to render the data irrecoverable
4. Provision of the personal information to a third party (If provided by a third party, it is necessary to write it down)
The Company shall not provide personal information to any external party without the prior consent of a user. However, the personal information may be provided if the user provided the consent on the provision of the personal information to utilize the services from external partner companies; the Company is compelled to submit personal information as required by the applicable law, or imminent danger to the user's life or safety has been identified and provision of personal information is necessary to resolve the situation.
5. Entrusting the processing of the personal information
The Company commissions the processing of personal information as follows to ensure smooth personal information processing.
| Name of the Company (subcontractor) | Description of commissioned duties |
| bemyfriends Co., Ltd. | b.stage system operation and failure response |
| (Additional entry if necessary) |
When the Company enters a commission contract, the Company is adding explicit provisions on the prohibition of processing the personal information on any other purposes than performing the commissioned duties, technical and managerial measures, restriction on re-subcontracting, and responsibility on control, supervision and compensation for damages in writing for contract documents, etc., in accordance with Article 26 of the Personal Information Protection Act, and supervising the subcontractor on secure processing of the personal information.
If the details of commissioned duties or the subcontractor are changed, the Company shall disclose such information through this privacy policy without delay.
6. Instructions for members and their legal representatives to exercise their rights and responsibilities
A member may exercise their right of perusal, revision, deletion and request to cease the processing of the personal information at any time.
Such rights may be exercised in writing, through e-mail, facsimile (FAX), and other means of communications in accordance with Article 41, paragraph 1 of the Enforcement Decree for the Personal Information Protection Act, and the Company shall process any related request without delay.
A member may exercise their rights through an agent, such as a legal representative or a delegated person. In such a case, the letter of attorney is required conforming the Appendix form 11 on the Public Notice on the methods to process personal information (No. 2020-7).
The request to review, or cease the processing of personal information may result in the restriction on the privileges as a member, in accordance with Article 35, paragraph 4 and Article 37, paragraph 2 of the Personal Information Protection Act.
For the request to amend or remove the personal information, the removal shall not be requested if other applicable laws require the item of personal information to be collected.
The Company shall verify the person who tends the request to review, amendment, removal, or cessation of processing of the personal information is the requester themselves, or with a valid power of attorney.
7. Measures to secure the safety of the personal information
The company is exercising the following measures to ensure the safety of personal information.
- Managerial measures: Establish and implement internal management plan, regular education sessions for employees, etc.
- Technical measures: Control the authority to access the system to process personal information, install an access control system, encryption of unique identifying information, and install security programs
- Physical measures: Control the access to computer rooms, offices, and document storage rooms, etc.
8. Matters regarding installation and operation of the device to collect the personal information automatically and refusals
The Company uses "Cookie," that stores and frequently retrieves usage information in order to personalized services to a member. The Cookie is a minuscule piece of information that the server used to operate the website transmits to the browser of the user's computer, and may be stored in the computer hard disk of the user.
The Cookie is utilized to provide optimal sets of information through identifying visitation and usage habits for the websites and services the user has accessed, top searches, use of the secured connection, etc.
A user has an option to opt-in or opt-out of installing the Cookie. Therefore, a member may configure to allow all Cookies or provide confirmation for each instance the Cookie is stored, or reject to save any Cookie, through web browser settings.
Instruction to configure Cookie installation preferences and how to refuse the Cookie installation is presented below.
- How to configure the Cookie preferences on Internet Explorer View
- How to configure the Cookie preferences on Safari View
- How to configure the Cookie preferences on FireFox View
- How to configure the Cookie preferences on Chrome Browser View.
If the installation of Cookie is refused, difficulties may arise in utilizing personalized services.
9. The staff in charge of protection of the personal information
The Company is designating the staff in charge of protection of the personal information in the following to oversee the affairs on personal information processing, and respond to the complaints of the members and provide remedies for the infringement of a member's rights pertaining to the personal information processing.
| The staff in charge of protection of the personal information |
Department responsible for personal information protection |
|
Name: Position: Phone number: e-mail: |
Name of Department: Phone number: e-mail: |
A user may direct any inquiries on the protection of personal information while using the Services offered by the Company, processing of the complaints and remedies for the infringement of rights to the officer and department responsible for personal information protection. The Company will provide a response to an inquiry of the member without delay.
10. Instructions on requesting remedies for the infringement of rights
A member may request a consultation or dispute resolution to Personal Information Dispute Mediation Committee, Korea Internet & Security Agency and Personal Information Infringement Report Center to get remedies for personal information infringement. Please direct the inquires and reports on personal information infringement to the agencies listed below.
| Agency | Contact | Webpage |
| Personal Information Dispute Mediation Committee | (Without area code) 1833-6972 | www.kopico.go.kr |
| Personal Information Infringement Report Center | (Without area code) 118 | privacy.kisa.or.kr |
| Supreme Prosecutors' Office | (Without area code) 1301 | www.spo.go.kr |
| National Police Agency | (Without area code) 182 | cyberbureau.police.go.kr |
11. Obligation to provide notice upon amendment
If the content is added, deleted or modified from this Privacy Policy, the Company shall notify of the changes in advance no later than 7 days before the date of the amendment through the "Notice" bulletin board. Notwithstanding, if the changes include significant changes in the users' rights, such as the items of personal information to be collected, and changes in the purpose of utilization, etc., the notice shall be provided no later than 30 days prior to the amendment date.
- Effective Date: DATE
<%= heading %>