Last update: June 2021
◼ Methods of collecting and using the personal information
◼ Methods of providing and entrusting the personal information
◼ Destruction of the personal information
◼ Rights of users and legal representatives
◼ Company’s effort to protect the personal information
◼ Methods of handling cross border transfer of the personal information
◼ Duty of notification prior to amendment
Ⅱ. Regulations on the Collection and Use of Personal Information
1. Personal Information Collected by the Company
If the user desires to use the Company’s Fantrie service, the user shall provide each of the following required information to the Company and permit the Company to collect it through a separate consent letter, etc. The Company shall collect the user’s personal information to the minimum extent necessary for the use of Fantrie service. The personal information to be collected from the user in relation to Fantrie service is as follows:
Purpose Personal information collected Period of retention and use
Signing up for Fantrie account and Using the service ● Required: email address, password, name (nickname), profile picture, subscription list, contact information, service use history, purchase and payment history in the service
● Optional: date of birth, gender, access region Until withdrawal of Fantrie service membership (provided, until the deadline prescribed by law if there is a statutory duty to preserve the personal information; refer to paragraph Ⅳ; the same shall apply hereinafter)
Verification ● If consented by a user him/herself: name, gender, date of birth, mobile number, telecommunications service provider, whether he/she is a local or foreigner, encrypted user identification value (CI), duplication information (DI)
● If consented by legal representative: information of the legal representative (name, gender, date of birth, mobile number, telecommunications service provider, encrypted user identification value (CI), duplication information (DI)) Until withdrawal of Fantrie service membership (provided, until the deadline prescribed by law if there is a statutory duty to preserve the personal information)
Use and Settlement of Paid Service ● Payment by credit card: card number (partial), card company name, etc.
● Payment by mobile number: mobile number, payment approval number, etc.
● Payment by wire transfer: name of beneficiary, account number, bank, etc.
● In case of using a gift certificate: number of the gift certificate, ID of the relevant website
● Settlement by other methods: name of beneficiary, account number, bank, etc. Until withdrawal of Fantrie service membership (provided, until the deadline prescribed by law if there is a statutory duty to preserve the personal information)
Refund Bank, account number, name of beneficiary, email Until withdrawal of Fantrie service membership (provided, until the deadline prescribed by law if there is a statutory duty to preserve the personal information)
Issuance of cash receipts Mobile number, cash receipt card number Until withdrawal of Fantrie service membership (provided, until the deadline prescribed by law if there is a statutory duty to preserve the personal information)
※ Notice on the disadvantages in case of refusal of consent to the collection of the personal information which is essentially required for joining and using the service
For users who refuse to consent to the collection and use of the personal information which is essential for joining and using the Fantrie service, the Company may not provide the Fantrie service inevitably. The Company hereby notifies such disadvantages and is getting the consent on the collection and use of the personal information.
※ Notice on the personal information collected by users in the course of their using the service
Information such as device information (OS, screen size, device ID, phone model, device, and model name), IP address, cookies, visit time, unjust use record, and service use record may be automatically created for collection during the course of using PC web and mobile web/app.
※ Notice on the collection of personal information for marketing purposes such as provision of event information and participation opportunities, and advertisement information
The Company may collect the user’s personal information for the purpose of informing marketing and promotional activities related to newly launched services as well as various events, marketing and promotional activities related to Fantrie services; provided, however, that in such a case an explicit consent by the user is required, which is only an optional consent, thus, the Company shall not refuse to provide the Fantrie service on the grounds that the user has not consented to the collection and use of the personal information for the above purposes.
2. Use of the Collected Personal Information
The Company uses the personal information collected by users for the purpose of managing members, providing and improving the services, and developing new services, etc. Detailed information shall be as follows. The purpose of using the collected personal information will be separately instructed through individual consent letters, etc. which specify the purpose of using the personal information.
● Identifying members/confirming intent of joining, conducting self/age verification, and preventing unjust use
● Confirming whether a legal representative has consented or not in case of collecting personal information of a child under the age of 14, and conducting verification in case of exercising the right of legal representative
● Provision of functions of transmitting messages, and adding and recommending friends
● Providing functions such as informing an activity record to friends, user search and registration, etc.
● Developing new services, providing various services, handling inquiries or complaints, and delivering notice
● Delivering and transmitting contents, etc. or settling fees in case of using paid services
● Preventing and taking action against acts interfering with the smooth operation of services (including account stealing and unjust use)
● Recommending customized contents by analyzing demographic nature, and the interest, taste, and inclination of users, and utilizing for marketing
● Improving voice command and recognition, and providing personalized services
● Establishing record on the use of services, statistics on access frequency and the use of services, and environment in terms of privacy protection, and utilizing for service improvement
3. Methods of Consenting to the Collection and Use of the Personal Information
The Company collects and uses the personal information through the following methods:
● The personal information is collected when users consent to the use of personal information and directly enter the information in the course of signing up for membership and using the services.
● In the course of consulting through the customer center, personal information of users may be collected through web pages, e-mails, faxes, telephones, etc.
● The personal information may be collected in written forms at offline events and seminars, etc.
● The personal information may be provided from external companies or organizations partnered with the Company, in which case the partners provide the personal information to the Company after obtaining the consent on the provision of the personal information from users in accordance with the PERSONAL INFORMATION PROTECTION ACT.
● Created information such as device information may be automatically created and collected during the use of PC web and mobile web/app.
Ⅲ. Provision and Entrustment of Personal Information
1. Provision of Personal Information
The Company, in principle, does not provide (including sharing and disclosing; hereinafter, “providing”) the user’s personal information to a third party without the consent of the user. However, only in the limited cases such as where the user has directly consented to the provision of the personal information to use the external partner’s services; any duty to submit the personal information has occurred to the Company pursuant to relevant laws of the Republic of Korea; or any urgent danger has been confirmed against the user’s life or safety and thus it is required to provide the personal information to ease such danger, the personal information is provided to a third party.
The Company provides or may provide the user’s personal information to the party(-ies) mentioned below for the purpose of providing the Fantrie services under the user’s explicit consent. For users who do not use the following services, their personal information is not provided.
2. Overseas Entrustment of Personal Information
The Company entrusts some part of its personal information processing works required for the provision of the Fantrie services to the following overseas external company, and provides necessary regulations, directs and supervises the entrusted company to handle the personal information safely in accordance with the PERSONAL INFORMATION PROTECTION ACT. In case of not using the services involved in the business entrusted by the Company to the entrusted company, the user’s personal information will not be provided to the entrusted company.
[Overseas Entrustment of Personal Information]
Name of overseas entrusted company
(Contact information of information management officer) Amazon web service
Purpose of entrustment and period of retention/use Operation of services
Use for the period of service operation
Items of personal information subject to overseas entrustment All personal information to be collected in Fantrie services
Country where entrustment of personal information processing takes place United States of America (U.S.A.)
Date of transferring personal information for entrustment and methods of transferring Transferred automatically upon signing up for membership
Ⅳ. Destruction of Personal Information
The Company, in principle, destroys the personal information of the user if the user withdraws from Fantrie service; provided, however, that if separately consented by the user concerning the retention period of the personal information, or otherwise stipulated by law to maintain a specific period of retaining the information, the personal information is safely stored for that specific period of time.
[If stipulated by law to store the information for a specific period of time]
● ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC.
- Record on agreement or cancellation: kept for 5 years
- Record on payment and supply of goods, etc.: kept for 5 years
- Record on consumer complaints and dispute resolution: kept for 3 years
● FRAMEWORK ACT ON ELECTRONIC DOCUMENTS AND TRANSACTIONS
- Record on distribution of electronic documents through certified electronic address: kept for 10 years
● PROTECTION OF COMMUNICATIONS SECRETS ACT
- Log-in history: 3 months
The Company destroys the personal information of which the purpose of use and collection has been achieved such as withdrawal of membership, termination of service, and the lapse of retention period consented by the user, in a way it cannot be reproduced. For the information with the required retention period stipulated by law //Information for which retention duty is imposed by laws and regulations is stored separately from other personal information and then destroyed without delay in a way it cannot be reproduced after the lapse of such retention period.
Methods that make it impossible to reproduce the information shall mean the following methods:
● In the case of electronic files: Safely delete using technical methods to prevent recovery and reproduction
● In the case of printouts: destroy in the methods of pulverization or incineration
Ⅴ. Company’s Effort to Protect Personal Information
The Company adopts security measurement required to comply with the industry standards in order to protect the personal information provided by users, and protect the information from any unauthorized access, disclosure, use or modification, or loss or damage. The Company will take all reasonable and practical measures to protect the users’ personal information.
(ii) Action Against Information Security Incidents
In case of security incidents such as data leaks, etc., the Company will notify users of the following matters without delay:
- Summary of the situation and potential effects of the security incident;
- Actions taken or expected to be taken;
- Measures that users may take to minimize or prevent risks; and
- Remedy measures for users
The Company will notify the users without delay of the information related to the relevant incident by email, mail, telephone, push notification, etc. If it is impossible to individually notify every principal of the personal information, the above matters will be notified through reasonable and effective methods such as announcement on the website.
In addition, the Company will proactively report to regulatory authorities that deal with the personal information security incidents.
Ⅵ. Rights of Users and Legal Representatives
The Company guarantees that users can exercise the following rights in relation to the users’ personal information. The following rights of legal representatives may be claimed by direct processing on “my account”, “my profile” pages, etc. or through email (email@example.com).
(i) Access to the User’s Personal Information
Unless otherwise provided by law, a user has a right to access to his/her personal information. In the case the user desires to exercise the right to access the information, the user may access the relevant information by clicking specific service items in “My Account” box on the webpage (or application). For other personal information created by the user while using the Company’s products and services, the Company will make the information available to the user unless accompanied by excessive requests.
(ii) Modification of the User’s Personal Information
When the user detects any error in the user’s personal information handled by the Company, the user has the right to request the modification thereof to the Company. The Company will timely respond to the user’s request for modification.
(iii) Deletion of the User’s Personal Information
The user may contact the Company to request a deletion of the user’s personal information. If the Company decides to respond to the user’s request for deletion, the Company will immediately delete the personal information unless otherwise stipulated by law. Further, the Company will notify the institutions that have been provided the user’s personal information from the Company of such request for deletion, and request the institutions to delete the relevant information without delay, unless the deletion is prohibited by law or such institutions have otherwise received consents from the user.
(iv) Inactivation of the User’s Account
The user may, at any time, inactivate his/her account on the Company’s website by clicking “Inactivate” button on “My Account”. In case of account inactivation, the Company will suspend the provision of goods or services to the user.
(v) User’s Cancellation of Consent to the Collection, Use, and Provision of the Personal Information and Request for Correction
The user may, at any time, cancel his/her consent to the collection, use, and provision of the personal information provided to the Company, and the Company shall respond to this request for cancellation. In addition, if the user requests correction for the errors in the personal information, the Company immediately makes the correction possible, and does not use and provide the relevant information until completion of such correction. In the event where the incorrect personal information has already been provided to a third party, the result of correction is notified to the third party without delay so that the information can be corrected.
(vi) Rights of Legal Representatives
In case of the personal information of a child under the age of 14 which was collected under consent of his/her parents, the Company will disclose such information only in cases where explicit consent of the child’s parents or guardian has been obtained, or it is necessary to protect the child from urgent life and safety danger.
If it is found that the Company has collected the personal information of a minor without obtaining verifiable consent of his/her parents in advance, the Company will delete the relevant information as quickly as possible.
In case of a child under the age of 14, a legal representative may exercise the rights on the access to the child’s personal information, modification, deletion, inactivation, suspension, and cancellation thereof, and the request for correction, etc.
Ⅶ. Cross Border Transfer of Personal Information
The Company does not provide to other business operators abroad the personal information of Korean users who use the Fantrie services.
However, to the minimum required extent for the smooth provision of the Fantrie services, the Company may provide the following personal information to a third party abroad under the user’s explicit consent. The personal information transferred abroad through the aforementioned process will be protected in accordance with protective measures as stipulated by law. In the case where any person who is transferred the personal information transfers again such personal information to a third country, the user’s separate consent must be obtained.
Name: Junmin Lee
Affiliation: Frank Store, Inc.
Position; CPO / DPO
Email: firstname.lastname@example.org Name: Seungjae Baek
Affiliation: Frank Store, Inc.
For other reports or consultation on the infringement of personal information, you may also inquire of the following institutions:
● Personal Information Infringement Report Center (privacy.kisa.or.kr/118 without area code)
● Cyber Crime Investigation Unit of Supreme Prosecutor's Office (www.spo.go.kr/1301 without area code)
● Korean National Police Agency Cyber Bureau (police.go.kr/182 without area code)
● Date of announcement: 8. 1. 2021
● Date of enforcement: 8. 1. 2021