Privacy Policy
EBIT Co., Ltd. (hereinafter referred to as the "Company") establishes and discloses this privacy policy to protect the personal information of data subjects in accordance with the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and to process any related grievances promptly and efficiently.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent under Article 18 of the Personal Information Protection Act will be taken.
Sign up and Account Management: For identity verification, account maintenance, and service provision, prevention of fraudulent use, verification of legal representative consent for processing personal information of children under the age of 14, and for notification purposes.
Handling Civil Complaints: To verify the identity of the complainant, contact and notify for fact verification, and notify the results of the processing.
Provision of Goods or Services: To deliver goods, provide services, verify identity and age, process payments, and settle fees.
Marketing and Advertising: To develop new services (products), provide tailored services, provide event and promotional information, give participation opportunities, and perform statistics on service usage for service improvement and targeted advertising.
Article 2 (Processing and Retention Period of Personal Information)
The Company processes and retains personal information within the retention and use period consented to by the data subject or as required by law.
The specific retention periods are as follows:
Sign up and Account Management: Personal information is retained for 5 years from the date of consent for collection and use.
Handling Civil Complaints: Personal information related to civil complaints is retained for 3 years.
Provision of Goods or Services: Personal information related to service provision is retained for 5 years.
Marketing and Advertising: Personal information related to marketing is retained for 1 year.
Article 3 (Personal Information Items Processed)
The Company processes the following personal information items:
Sign up and Account Management:
Required items: Email, password, login ID, access log, cookie, IP access information.
Provision of Goods or Services:
Required items: Email, gender, birth date, name, service usage records, access logs, cookies, IP access information, payment records.
Optional items: Credit card information, bank account information.
Handling Civil Complaints:
Required items: Email, login ID, name.
Optional items: Mobile phone number.
Creator Registration:
Required for individuals: Resident registration number, name, account information, supporting documents (ID copy, bankbook copy), contact information.
Required for corporations: Business registration number, business name, representative name, taxation type, account information, supporting documents (business registration copy, bankbook copy), contact information.
Article 4 (Consignment of Personal Information Processing)
The Company may consign personal information processing tasks to the following companies for the smooth handling of personal information.
Consignee | Task |
Outlier Inc. | Applicant Information / Basic Information |
U Transfer | Payment Information for payments |
In the event of any changes or additions to the consignee or the content of the consignment, it will be disclosed immediately through this privacy policy.
When entering a consignment contract, the Company specifies and supervises, in writing, matters concerning the prohibition of personal information processing for purposes other than those intended, technical and managerial protective measures, limitations on subcontracting, management and supervision of the consignee, and compensation for damages, to ensure that the consignee safely processes personal information.
Article 5 (Processing of Personal Information of Children Under the Age of 14)
The Company restricts membership registration to users aged 14 or older to protect the personal information of children under the age of 14.
Notwithstanding paragraph 1, if the user is found to be under the age of 14, the Company will immediately destroy the user's personal information and restrict their use of services.
Article 6 (Destruction of Personal Information)
The Company will promptly destroy personal information when it becomes unnecessary, such as when the retention period has expired, or the processing purpose has been achieved.
If personal information must be retained due to other legal requirements, it will be stored separately from other data in a different database or storage location.
The procedures and methods of personal information destruction are as follows:
Destruction Procedures: Personal information that is no longer needed will be selected for destruction, and the Company's personal information protection officer will approve the destruction.
Destruction Methods: Electronic files containing personal information will be deleted using technical methods that make recovery impossible.
Article 7 (Rights of Data Subjects and Legal Representatives, and How to Exercise Them)
Data subjects can exercise their rights to request access, correction, deletion, and suspension of processing of their personal information at any time.
The exercise of rights under paragraph 1 may be conducted in writing, by email, or by fax, following Article 41, paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will promptly act upon such requests.
The exercise of rights can also be done through a legal representative or a delegated person. In this case, a power of attorney must be submitted in accordance with the format provided in the "Notice on Methods of Processing Personal Information (No. 2020-7)."
The right to access and suspension of processing may be restricted under Articles 35 and 37 of the Personal Information Protection Act.
The right to request correction and deletion may not apply if the personal information is specified as a collection item by other laws.
The Company verifies the identity of the requester or their legal representative when they exercise the rights to access, correct, delete, or suspend the processing of personal information.
Article 8 (Measures to Ensure the Security of Personal Information)
The Company takes the following measures to ensure the security of personal information:
Minimization and training of personal information handlers: The Company designates and restricts the personnel who handle personal information to the minimum necessary and implements measures to manage personal information.
Establishment and implementation of an internal management plan: The Company establishes and implements an internal management plan for the safe handling of personal information.
Technical measures against hacking: The Company installs security programs to prevent the leakage and damage of personal information due to hacking or computer viruses, regularly updates and inspects them, and installs systems in restricted areas to technically and physically monitor and block unauthorized access.
Encryption of personal information: The user's personal information and password are encrypted and stored, ensuring that only the user knows them. Important data is protected through encryption or the use of file-locking features.
Access control: The Company implements necessary measures for access control by granting, changing, or deleting access rights to the database system handling personal information, and controls unauthorized access from outside using an intrusion prevention system.
Article 9 (Installation, Operation, and Rejection of Automated Data Collection Devices)
The Company uses "cookies" to provide users with personalized services by storing and retrieving user information.
Cookies are small amounts of information that the server sends to the user's computer browser and may be stored on the user's hard disk.
a. Purpose of cookie use: Cookies are used to provide optimized information by analyzing visit and usage patterns, popular search terms, and security access.
b. Installation, operation, and rejection of cookies: Users can reject cookie storage through browser settings, such as Tools > Internet Options > Privacy settings.
c. If cookie storage is refused, users may experience difficulties in using customized services.
Article 10 (Collection, Use, Provision, and Rejection of Behavioral Information)
1. <Personal Information Controller> collects and uses behavioral information during the service usage process to provide the data subject with optimized, personalized services and benefits, including online targeted advertising.
2. The <Personal Information Controller> collects behavioral information as follows:The types of behavioral information collected, the method of collection, the purpose of collection, the retention and use period, and subsequent data processing are as follows. Behavioral information, such as service usage history, payment history, and purchase history, is automatically collected during service usage. This information is collected to provide services and display advertisements based on the user’s interests and preferences. The information is immediately deleted upon termination of service use or once it is no longer needed.
<Where third parties (e.g., online advertisers) are allowed to collect and process the user’s behavioral information for online targeted advertising>
3. The <Personal Information Controller> collects only the minimum amount of behavioral information necessary for online targeted advertising and does not collect sensitive behavioral information that could significantly infringe on personal rights, such as beliefs, family and relative relationships, educational background, medical history, or other social activities.
4. The <Personal Information Controller> does not collect behavioral information for personalized advertising purposes from children under the age of 14, nor does it provide personalized advertising to children known to be under 14 years old.
5. The <Personal Information Controller> collects and uses advertising identifiers in mobile apps for online targeted advertising. Data subjects can block or allow personalized ads by changing the settings on their mobile device:
· For Android: Settings → Privacy → Ads → Reset Advertising ID or Delete Advertising ID
· For iPhone: Settings → Privacy → Tracking → Disable Allow Apps to Request to Track※ The menu and methods may differ depending on the version of the mobile operating system.
6. Data subjects can block or allow online targeted advertising by adjusting their browser's cookie settings. However, changing cookie settings may affect the use of certain services, such as automatic login to websites.
· Blocking/Allowing Online Targeted Advertising via App Browser
Article 11 (Criteria for Additional Use and Provision of Personal Information)
The Company may use and provide personal information without the consent of the data subject in accordance with Article 15, Paragraph 3, and Article 17, Paragraph 4 of the Personal Information Protection Act. The following factors are considered:
Whether the purpose of additional use or provision is related to the original purpose of collection
Whether additional use or provision was foreseeable based on the circumstances of collection
Whether additional use or provision infringes upon the interests of the data subject
Whether necessary security measures, such as pseudonymization or encryption, have been taken
Article 12 (Personal Information Protection Officer)
The Company designates the following person as the personal information protection officer responsible for overseeing personal information processing and handling complaints related to personal information:
Personal Information Protection Officer
Department:
Contact Person:
Email:
Personal Information Handling Department
Department:
Contact Person:
Email:
Data subjects may contact the personal information protection officer or the department in charge for all inquiries, complaints, or damages related to personal information. The Company will respond promptly to such inquiries.
Article 13 (Remedies for Rights Infringement)
Data subjects can apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, and other institutions for remedies for personal information infringement.
Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
National Police Agency: 182 (ecrm.cyber.go.kr)
In accordance with Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing) of the Personal Information Protection Act, if a person's rights or interests are infringed due to a decision or omission by the head of a public institution in response to a request made under these provisions, the person may file an administrative appeal in accordance with the provisions of the Administrative Appeals Act.
※ For more details on administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).
Article 14 (Effectiveness of the Privacy Policy)
This privacy policy takes effect on the date of implementation. If there are any additions, deletions, or modifications due to changes in the law or policies, such changes will be announced 7 days prior to implementation or promptly if prior notification is difficult.
Announcement Date: April 23, 2024
Implementation Date: April 23, 2024
