<Personal Information Processing Policy>
Tmoney Co., Ltd. (hereinafter referred to as "the
Company") shall protect the Users’ personal information in accordance with
relevant laws such as the Act on the Promotion of Information and Communication
Network Utilization and Information Protection, and the Personal Information
Protection Act. The following personal information processing policy has been
established and disclosed to facilitate the prompt and smooth handling of such
information.
1. Purpose and items of collection and usage of personal information
The personal information collected by the Company from the User
for the purpose of providing the service is as follows:
|
Purpose of
Collection and Use |
Personal
Information |
Retention
Period |
|
Sign Up |
[Required] Member
ID (email address), password, gender, date of birth, nationality, security
question and answer Arbitrarily collected:
phone number, terminal information (IMEI terminal manufacturer, product
number, etc.), Android OS version, MAC Address |
Service subscription
period (date of sign-up until date of termination) |
|
Transaction History
Inquiry |
[Required] Arbitrarily collected:
Tmoney Card number |
|
|
Registration of Child
Youth Discount Card |
[Required] Date of
Birth Arbitrarily collected:
Tmoney Card number |
|
|
Charge via Credit Card |
[Required] Credit card
number, expiration date, CVC, amount Arbitrarily collected:
Tmoney Card number |
|
|
Refund |
[Required]
Information of the credit card used for charging the Card, the amount Arbitrarily collected:
Information of the credit card used for charging the Card (credit card
number, expiration date), Tmoney Card number |
|
|
Loss Report (Website) |
[Required] Member
ID (email address), password, Tmoney Card number |
|
|
Customer Center Consultation |
[Required] User
name, member ID (email address), mobile phone number, Tmoney Card number |
|
|
Statistics, analysis and
utilization of service use status, service improvement, marketing activities
of other customers benefit event information guide |
[Required] Service
usage history, log, IP address, cookie, mobile phone terminal device
identifier |
2. How to collect personal information
The Company collects personal information from Users in the
following ways:
(1) When the User agrees to the collection of personal information
and directly enters his/her information when signing up, using the Service, and
participating in events online and offline.
(2) When provided by business partners (based on consent for
collection only).
(3) When collecting personal information from a consultation
process through the Customer Service Center (website, email, phone, etc.).
(4) When the User’s automatically generated information is
collected when using the Internet.
3. Provision of personal information to a third party
The Company shall use the personal information of the Users
within the scope of the notice stated in "1. Purpose and Items for
Collection and Use of Personal Information" and, in principle, use or
disclose the personal information of the User in excess of the notified scope
without the prior consent of the user. However, exceptions can be made in the following cases:
(1) When the User has consented with the provision of personal
information to a third party
The Company will provide the personal information to a third
party as follows based on the consent of the User:
|
Provided to |
Purpose of
Use |
Provided
Items |
Retention and
Usage Period |
|
BC Card |
Credit card payment for
charging Tmoney |
Credit card number,
expiration date, CVC |
5 years |
(2) When special provisions regarding the third party provision
apply based on other laws
(3) When necessary for the settlement of fees according to the
provision of the Service
(4) When necessary for statistical writing, academic research or
market research and provided after being processed in a way that no specific
individual can be identified
4. Consignment of handling personal information
The Company entrusts some of the tasks required for the
provision of the Service to external companies as follows, and the entrusted
companies manage and supervise the handling of personal information in
accordance with related laws and regulations.
|
Consigned
company |
Consigned
tasks detail |
|
LG CNS Co., Ltd. |
System and application
management |
|
Tmoney CSP Co., Ltd. |
Customer service center
management for customer consultation |
|
Hansol Secure Co., Ltd. |
System and application
management |
|
1330, Co., Ltd. |
Customer service center
management for customer consultation |
5. Retention and usage period of personal information
In principle, the User’s personal information is destroyed
without delay when the purpose of collecting and using the personal information
is achieved. However, in the following cases, all or part of the personal
information exceptionally collected can be retained for a certain period of
time.
(1) In order to handle re-enrollment requests due to a change of
mind after membership withdrawal, member information is kept for a certain
period after membership withdrawal.
(2) The User is notified in
advance of the retention period and agrees to a separate form of consent.
(3) In accordance with the Act on the Promotion of Information and
Communication Network Utilization and Information Protection, the member
information of a User who has not used the Service for more than one year shall
be kept separately
(4) Information retention by statute
|
Retained item |
Applicable laws |
Retention period |
|
History of contract or
withdrawal of subscription |
Consumer Protection Act
in Electronic Commerce etc. |
5 years |
|
History of payment and
goods supply |
5 years |
|
|
History of consumer
complaints or dispute settlements |
5 years |
|
|
History of
display/advertisement |
6 months |
|
|
Books and supporting
documents on all transactions prescribed by the tax law |
National Taxation Act |
5 years |
|
Records on electronic financial
transactions |
Electronic financial
transaction |
5 years |
|
Service visit history |
Communication
Confidentiality Protection Act |
3 months |
6. Procedures and methods of personal information destruction
In principle, the personal information of the User is destroyed
without delay when the purpose of collecting and using the personal information
is achieved. The procedure and method of destroying personal information of
the Company are as follows:
(1) The information entered by the user in order to sign up for
membership is transferred to a separate DB after the purpose has been
accomplished (in the case of paper, a separate document), and stored for a
certain period and then destroyed in accordance with the internal policy and
other information protection reasons ("5. Retention and Usage Period of
Personal Information"). Personal information that is kept separately is not used for
any purpose other than the purpose for which it is kept, except by law.
(2) The personal information printed on paper is crushed or
destroyed by crushing, and the personal information stored in electronic file
format is deleted using a technical method in which it cannot be reproduced or
recovered.
7. The rights of the Users and legal representatives and how they
are exercised
The User and his/her legal representative may exercise the
following rights against the Company regarding their personal information:
(1) Users and their legal representatives who make requests for
viewing, providing, and correcting personal information may ask the Company to
view or provide any of the following information about the Company, and may
request the correction of any errors. However, if the User can view or correct personal information
directly through the Company's website, he/she can directly view, print or
correct the information.
- The User’s personal information owned by the Company
- The status of personal information that the company uses or
provides to third parties
- The status in which the User agrees to collect, use and provide
personal information
(2) The Users and their legal representatives who make requests for
deletion of personal information may require the Company to delete their
personal information. However, when the statute specifies that personal information
is collected, it cannot be requested to be deleted.
(3) The Users and legal representatives who make requests to stop
processing may request the suspension of processing of personal information
through the "withdrawal of membership" function on the website. However,
if any of the following cases apply, the Company may refuse to suspend the
processing of the User and the legal representative.
- If there is any special provision in the law or inevitability
to comply with statutory obligations
- If there is a risk of harming another person's life or body, or
there is a risk of unjustly infringing on the property or other interests of
another person
- If the service is unlikely without handling the personal
information, in which the User or his/her legal representative has not clearly
indicated their intention to terminate the contract
If it is impossible or difficult to exercise rights through the
Company's website, the User or his/her legal representative may request the
handling of personal information to the Company's department that handles
personal information through telephone or email.
8. Matters concerning the installation, operation and rejection of
the automatic collection of personal information
(1) Cookies
In order to provide customized services, the Company uses
“Cookies” to store and retrieve information from the Users.
A cookie is a very small text file sent to the User's browser
by the server used to run the website and stored on the hard disk of the User's
computer. When a User visits the website afterwards, the website server
is used to maintain the user's preferences and provide customized services by
reading the contents of cookies stored on the user's hard disk.
Cookies do not automatically and actively collect information
that identifies any individual, and the User can deny or delete these cookies
at any time.
(2) The purpose of the company's use of cookies
Cookies are used to provide Users with optimized and customized
information, including advertisements, by identifying Users' visits to their
website and related websites.
(3) Installation, operation and denial of cookies
The User can choose to allow the cookies to be installed. Therefore,
the User can allow all cookies by setting options in his/her web browser, check
each time a cookie is saved, or refuse to save any cookies.
However, if the User refuses to save cookies, he/she may
experience difficulty using some services that require a login.
To specify whether to allow cookies to be installed, follow
these steps:
- For Internet Explorer: Click the Settings menu> Internet
Settings> Privacy> Cookies at the top of your web browser.
- For Chrome: Go to the Settings menu> Privacy &
security> Cookies.
9. Technological and administrative protection measures of
personal information
The Company takes the following technical and managerial
measures to ensure the safety of personal information in order to prevent the
loss, theft, leakage, alteration or damage of personal information when
processing the Users’ personal information.
(1) Password encryption
The User's password is encrypted, stored and managed, and is
only exposed to the User.Only the User who knows the password can confirm and
change the personal information.
(2) Measures against hacking
The Company is doing its best to prevent Users’ leakage or
damage of personal information by hacking or computer virus. In
order to protect personal information from damage, the Company is backing up
the data from time to time and using the latest vaccine program to prevent
personal information or data from being leaked or damaged, making sure the
personal information is securely transmitted on the network through encrypted
communication. The Company also uses intrusion prevention systems to control
unauthorized access from outside and to provide all possible technical devices
to ensure system security.
(3) Minimize and educate processing staff
The Company limits the personal information processing staff to
the minimum number and separate passwords are given to be updated periodically.
The Company constantly emphasizes compliance with the Company's personal
information processing policy through on-the-job training.
10. Contacts of the personal information protection officer and
responsible department
In order to protect the personal information of the user and
deal with complaints related to personal information, the Company has
designated the person in charge of protection of the personal information and
the department in charge as follows:
(1) Privacy Officer
- Name: Kim Joon Sung
- Position: Managing Director of Solution Division
(2) Privacy Department
- Department name: Architecture Team
- Phone: 1644-0088
- Email: tmoneyadmin@tmoney.co.kr
11. Infringement of Personal Information Rights and Remedies
If you need to report or consult about other privacy
infringements, please contact the following organizations:
(1) Personal Information Dispute Resolution Committee (www.kopico.go.kr/1833-6972)
(2) Personal Information Infringement Notification Center (http://privacy.kisa.or.kr/ (without area code) 118)
(3) Supreme Prosecutors' Office Cyber Investigation Division
(cid@spo.go.kr (www.spo.go.kr) / (without area code) 1301)
(4) Cyber Security Bureau, National Police Agency (http://cyberbureau.police.go.kr / (without area code) 182)
12. Obligation of notice
If there is any addition, deletion or amendment of the current
personal information processing policy, the Company will notify the User
through a ”Notice” on the Company’s website at least 7 days before the
effective date.
13. Other
Please note that this "Privacy Policy" does not apply
to collecting personal information from websites linked to services provided by
the Company.
These Terms will be effective from June 1, 2019.