Private Information Protection/ Service Terms
SuperPass Policy on Handling Private Information
Infovine Co., Ltd. (hereinafter “The Company”), to protect the information provider’s private information based on the laws on the promotion of use of information and communication network and the information protection and the Code regarding Private Information Protection and to process immediately and seamlessly any relevant difficulty to such protection, establishes the Policy on Handling the Private Information as followings:
The Company has defined the necessary procedure to revise the Policy on Handling the Private Information for its continuous improvement. And in case of any revision on the Policy on Handling the Private Information, the revised content of the policy will be available for later verification or review by members with the assigned version number, effective date and others.
In case of a revision of any important provision in the Policy on Handling the Private Information, the reason and description of the revision shall be notified to members through this service (Smartphone Application implemented through the mobile communication network) and/or other means before the activation of the revised policy.
This policy shall become effective on April 1, 2015.
Article 1 (Collected Private Data and Collection Method)
The Company classifies and collects the data to provide basic service and the data suitable to service required for each member’s preference and necessity of the information complying with the criteria of each of following provisions:
① Collected Data of Private Information
1. Membership Sign-Up
- Mandatory Data: e-Mail Address, Mobile Number, Terminal Device ID, Service Use information
- Optional Data: None
2. Customer Center
- Mandatory Data: Mobile Number, Terminal Device Type (Android/iOS)
- Optional Data: APP Version
3. Automatic Creation/Collection in the Process of Service Use or Business Performance
- Service Visit Date, Use Record, Cancellation and Access Records
② Private Information Collection Method
1. The Company collects the private information by following methods:
Collection through the website and/or the smartphone application, Inquiry phone call to Customer Center, Consultation Posting Board
Article 2 (Private Information Collection and Use Purpose)
The Company processes the private information for the following purposes. The processed private information shall not be used for any purpose other than the following purposes. In case of a revision of use purpose, all necessary measures including the additional agreement according to laws will be taken.
① Membership Sign-Up and Management
Confirmations of Membership Service Use and Member, Personal Identification, Use Restrictions for the Members Violating the Service Terms, Restrictions on Activities Interfering the Fluent Service Operation and Illegal Uses, Record Preservation for Dispute Resolution, Member Complain Process, Announcement Delivery
Confirmation of Intention to Withdrawal the Membership
② Utilization for New Service Development or Marketing Advertisement
New Service Development, Customized Service Provision, Service Provision and Advertisement Posting according to Statistical Characteristics, Confirmation on Service Effectiveness, Provisions of Event Information and Participation Opportunity, Advertising Information Provision, Statistics for Access Frequency Check and others
Article 3 (Private Information Preservation and Use Periods)
① Each member’s private information shall be preserved and used by The Company during the provision period of the service. On the service cancellation, the relevant member’s private information shall be destroyed and disposed to prevent any review or use. However, such information shall be preserved according to the applied regulation if the preservation is required by the laws.
② If the preservation is required by any regulation of Commerce Law, Electronic Commerce Code, Law regarding Consumer Protection and/or other relevant laws, The Company shall preserve the member information for the period of time specified by any of the applied regulations.
1. Ledges and Proof Documents on Transactions: 5 years
2. Records on Payments and Product and/or Money Supplies: 5 years
3. Records on Specifications/Advertisements: 6 months
4. Records on Handlings of Consumer Complain or Dispute: 3 years
5. Records on Contract Entrances, Cancellations and others: 3 years
③ When a member cancels the service, the entire private information of the member excluding the information required to preserve according to the applied laws shall be deleted.
Article 4 (Private Information's Destruction Procedure and Method)
The Company shall immediately destroy the collected private information according to the specified preservation and use periods after the use purpose is achieved.
The procedure, methods and time for such destruction shall be as followings:
① Destruction Procedure
The information entered by a member for the membership sign-up and the service use shall be destroyed after the specific period by The Company policy or other relevant laws (refer Preservation and Use Periods) after the purpose is achieved.
② Destruction Methods
1. The private information stored in a form of electronic file shall be deleted by any technical mean preventing any reuse of such data.
2. Any private information printed on paper shall be destroyed by shredding using a shredder or incinerating.
Article 5 (Rights and Their Exercise Methods of Member and Legal Representative)
① Any member or his/her legal representative may review and revise his/her registered private information at any time. If any member does not agreement on The Company’s private information process, the member may refuse the agreement or request the membership cancellation (withdrawal) to The Company. However, in such case, partial or entire use of service may become difficult.
② For a member’s membership cancellation (agreement withdrawal), after completing the personal identification process by requesting to Customer Center, the direct review, correction or withdrawal becomes available.
③ If a member requests the correction for any error in the private information, the corresponding private information shall not be used or provided until the completion of the correction.
④ Any canceled or deleted private information by the request of a member or his/her legal representative shall be disposed within the preservation and use periods for the collection by this service and prevented for any other review or use than the specified.
Article 6 (Automatic Private Information Collection Device Installation/Operation and Refusal of the Device)
① The Company automatically collects the member information or saves such information in the member’s mobile device and manages such information in The Company’s server(s). Any member can refuse such activities of The Company by refusing to agree on the private information collection.
② The automatically collected information includes Mobile Number, App Version, Mobile OS Version, Terminal Device ID and Final Access Time of the member.
Article 7 (Technical and Managerial Protection Measures for Private Information)
The Company considers technical and managerial measures as followings to secure the stability to prevent any loss, theft, leak, alteration or damage of the member’s private information during its handlings.
① Private Information Encryption
All data including the password of the collected information is safely managed as encrypted and stored separately in the member’s smartphone and the server.
② Technical Measures Preventing Hacking and others
The Company does its best to prevent any leak or damage of the private information by hacking or external virus. The periodical backup of the member’s private information and transaction record is performed. The newest vaccines are distributed through the app. And with the encrypted communication between the app and the servicer, the member’s private information is safely transmitted over the network. Also, the fault tolerant server & network monitoring system blocks any external penetration. And The Company prevents infringe accidents and secures the stability of service by checking checks the impact to the system from the weakness detected by performing the periodical hacking simulation and establishing the security measure on the detected weakness,
③ Access Restriction to Private Information Processing System
The Company conducts the complete required measures to control the access to the private information by establishing criteria on the assignment, revision, termination and others for the database system structured to process the private information and defining the creation process, the change period and others of password.
④ Training of Private Information Handling Staffs
The Company limits the task to handle the private information to the specific employees and periodically updates the separate passwords given to such employees. Also, the safety training is frequently conducted for such staffs.
⑤ Operation of the Exclusive Organization for Private Information Protection
The Company makes efforts to correct any detected issue by checking the performance of Policy on Handling Private Information and the compliance status of each responsible staff through its exclusive organization for the private information protection. However, The Company shall not be subjected to any responsibility regarding any issue caused by the leaked password or private information due to the member’s own negligence.
Article 8 (Contact Information of Senior and Working Staffs Responsible for Private Information Management)
Members may complain or report related to any issue on the private information protection occurred while The Company’s service to a staff or the department responsible for the private information management.
The Company shall immediately respond with sufficient answers for the report filed by users.
Senor Private Information Manager: Director Kim, Jae Su, Technology Research Center
Address: Taeyeong Building 5F, 144 Mapodae-ro, Mapo-gu, Seoul
E-mail Address: email@example.com
Private Information Manager: Team Leader Kim,Bok Ki, Technology Research Center
Address: Taeyeong Building 5F, 144 Mapodae-ro, Mapo-gu, Seoul
E-mail Address: firstname.lastname@example.org
In case any report or consultation is required on other infringement of private information, please contact any of following authorities:
- Private Information Violation Report Center (www.118.or.kr / 118)
- Information Protection Mark Certification Commission (www.eprivacy.or.kr / 02-580-0533~4)
- Advanced Crime Investigation Department, Supreme Prosecutors' Office (www.spo.go.kr / 02-3480-2000)
- Cyber Terror Response Center, National Police Agency (www.ctrc.go.kr / 02-392-0330)
Article 9 (Duty of Announcement)
This Policy on Handling Private Information shall be applied from April 01, 2015. In case of any addition, deletion and/or revision on any provision according to any change in the national laws and/or policy and/or the security technology, such matter shall be announced not later than 7 days before the enforcement date of such case via Announcement of the mobile application implemented through the mobile communication network.
Announcement Date: Jul 03, 2015
Effective Date: Jul 13, 2015