Privacy
REBUY (hereinafter referred to as the “Company”) complies with the personal information protection regulations of the relevant laws and regulations that information and communication service providers must comply with, such as the Communications Secrets Protection Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, and does its best to protect the rights and interests of users by establishing a privacy policy in accordance with the relevant laws and regulations.
1. Items of personal information to be collected and collection method
A. Items of personal information to be collected
The Company collects the following personal information for membership registration, counseling, content purchase, service application, etc.
Required: ID, password, forgot password question and answer, e-mail address, nickname
Optional: Name, phone number
In addition, the following information may be automatically generated and collected in the course of service use or business processing.
IP Address, cookies, access logs, service usage records, bad usage records, payment records.
B. Method of collecting personal information
The Company collects personal information in the following ways
Homepage registration, consultation bulletin board, email, event application, delivery request
Provision from partner companies
Collection through generated information collection tools
2. Purpose of collecting and using personal information
A. Fulfillment of contracts for service provision and settlement of fees for service provision
Provision of content, purchase and payment of fees, and collection of fees
B. Member management
Identification, personal identification, prevention of unauthorized use and unauthorized use by rogue members, confirmation of intention to subscribe, limitation of the number of subscriptions and subscriptions, confirmation of consent of legal representative when collecting personal information of children under 14 years of age, identification of legal representative later, record keeping for dispute settlement, handling of complaints such as complaints, and delivery of notices.
C. Development of new services and utilization for marketing and advertising
Development and specialization of new services (products), identification of access frequency, or delivery of advertising information such as statistics, events, etc. on members' use of the service.
3. Sharing and Provision of Personal Information
The Company uses the user's personal information within the scope notified in “2. Purpose of Collection and Use of Personal Information” and does not use it beyond the scope without the prior consent of the user or disclose the user's personal information to the outside world in principle. However, the following cases are exceptions.
If the user has consented to the disclosure in advance
In accordance with the provisions of laws and regulations, or when requested by an investigative agency in accordance with the procedures and methods prescribed by laws and regulations for the purpose of investigation.
4. Entrustment of Personal Information
The Company does not entrust the handling of personal information to an outside company without the consent of the user. If such a need arises in the future, the Company will notify the customer of the entrusted person and the contents of the entrusted work and obtain prior consent if necessary.
5. Retention and use period of personal information
In principle, personal information of users is destroyed without delay after the purpose of collecting and using personal information is achieved. However, the following information shall be retained for the period specified for the following reasons.
A. Reasons for retaining information in accordance with the company's internal policies
Records of unauthorized use.
Reason for retention: Prevention of unauthorized use
Retention period: 1 year
B. Reasons for retention of information under relevant laws and regulations
If it is necessary to preserve the information in accordance with the provisions of the relevant laws, such as the Commercial Act, the Act on Consumer Protection in Electronic Commerce, etc. In this case, the Company shall only use the information for the purpose of retention and the retention period is as follows.
Records related to commercial transactions
Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.
Retention period: Records on contract or withdrawal of subscription: 5 years
Records on payment and supply of goods: 5 years
Records on consumer complaints or dispute handling: 3 years
Records on identification
Reason for retention: Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
Retention period: 6 months
Records of visits
Reason for retention: Protection of Communications Secrets Act
Retention period: 3 months
6. Procedures and methods for destroying personal information
In principle, personal information of users is destroyed without delay when the purpose of collecting and using personal information is achieved.
The Company's personal information destruction procedures and methods are as follows.
7. Rights of users and legal representatives and how to exercise them
Users and their legal representatives may view or modify their personal information or that of their children under the age of 14 at any time, and may request to cancel their membership.
To view or modify the personal information of a user or a child under the age of 14, click “View Member Information” (or “Edit Member Information,” etc.), and to cancel membership (withdraw consent), click “Unsubscribe” to view, modify, or unsubscribe directly.
If a user requests the correction of errors in personal information, the Company will not use or provide the personal information until the correction is completed. In addition, if the Company has already provided incorrect personal information to a third party, the Company will notify the third party of the correction without delay so that the correction can be made.
The Company handles personal information that has been terminated or deleted at the request of the user or legal representative as specified in “5. Retention and Use Period of Personal Information” and does not allow it to be viewed or used for any other purpose.
8. Installation/Operation and Rejection of Automatic Personal Information Collection Devices
In order to provide personalized and customized services, the Company uses 'cookies' that store and retrieve user information from time to time. Cookies are very small text files that the server used to operate the website sends to the user's browser and are stored on the hard disk of the user's computer.
A. Purpose of using cookies
Cookies are used to provide optimized information to users by identifying the type of visit and use of each service and website visited by users, popular search terms, secure connection, news editing, user scale, etc.
B. Installation/Operation and Rejection of Cookies
You have the option to install cookies. Therefore, you can allow all cookies, check each time a cookie is saved, or refuse to save all cookies by setting options in your web browser.
However, if you refuse to save cookies, you may have difficulty using some services that require you to log in.
9. Technical and administrative protection measures for personal information
The Company takes the following technical and administrative measures to ensure the safety of personal information so that it is not lost, stolen, leaked, altered or damaged when handling personal information of users.
A. Technical measures
Your personal information is protected by a password, and important data is protected through separate security functions by encrypting files and transmission data or using a file lock function (Lock).
We take measures to prevent damage caused by computer viruses by using antivirus programs. The antivirus program is updated regularly, and in the event of a sudden virus outbreak, we apply the antivirus as soon as it is available to prevent personal information from being compromised.
We have adopted a security device (SSL or SET) that uses a cryptographic algorithm to securely transmit personal information on the network.
In order to prevent your personal information from being leaked due to hacking, we use a device that blocks intrusion from the outside, and we install an intrusion detection system on each major server to monitor intrusion 24 hours a day.
B. Administrative Measures
In addition to the above efforts, you must also take care to prevent the disclosure of your passwords to third parties, and in particular, always make sure that your passwords are not leaked through a PC installed in a public place. We recommend that only you use your ID and password, and that you change your password frequently.
The Company strictly limits the employees who handle personal information to those who perform personal information management tasks and those who are required to handle personal information in the course of their work, emphasizes compliance with this policy through frequent training for the employees in charge, and checks the implementation of this policy and the compliance of the employees in charge through the implementation inspection of the security department, and takes immediate corrective measures if any problems are found.
10. Contact Information of Personal Information Manager
You may report any complaints related to personal information protection arising from the use of the Company's services to the person in charge of personal information management.
The Company will provide a prompt and sufficient response to your report.
Personal Information Manager
Name : 000
Telephone number : 02-0000-0000
Email : 0000@0000.com
If you need to report or consult about other personal information infringement, please contact the following organizations.
Personal Information Infringement Report Center (www.cyberprivacy.or.kr / 1336)
Supreme Prosecutors' Office Internet Crime Investigation Center (http://sppo.go.kr / 02-3480-3600)
National Police Agency Cyber Terrorism Response Center (www.ctrc.go.kr / 02-392-0330)
11. Duty to Notify
If there are any additions, deletions, or modifications to the current Privacy Policy, we will notify you through the “Notice” on the homepage at least 7 days before the revision.
Notice date: November 30, 2023
Enforcement Date: November 30, 2023
Modification date: November 30, 2023