Policy is intended to inform users that Flownine Corp. considers users’ personal information important, and to inform users of the purposes and methods of Company’s use of personal information, as well as measures taken by Company to protect and safeguard personal information.
Policy is effective from 18 July 2016 and, in the case of modification thereof, Company will make public notice of any revisions by prominently displaying on Company’s website, or through direct, individual notice via post, fax, or email.
1. Information to be Collected and Methods of Collection
(1) Personal information items to be collected. Personal information to be collected by Company are as follows:
• Information provided by users
• Company may collect information directly provided by users. This includes name, password, company names, email addresses, identification numbers, telephone numbers, addresses, country of origin, Facebook and Instagram accounts, payment information including, but not limited to account numbers and debit or credit card numbers.
• Information collected during use of service
In addition to information directly provided by users, Company may collect information resulting from users’ use of the services provided by company. This includes:
• Equipment identifier, operating system, hardware version, equipment set-up, and telephone number
• Log data, usage time, search queries inputted by users, internet protocol (IP) addresses, cookies and web beacons
• Device location information including, but not limited to specific geographic location information obtained via GPS, Bluetooth or Wi-Fi (limited to regions permissible by law)
(2) Methods of collection. Company collects user information using the following criteria:
• Webpages, written forms, fax, telephone calling, e-mail, dedicated tools for the collection of information created by user, and as made available by affiliate companies
2. Use of collected information
Company uses collected user information for the following purposes:
• Member management and identification
• Detection and deterrence of unauthorized or fraudulent use or abuse of service
• Enforcement of contract provisions and service fee settlement regarding the provision of services demanded by users
• Improvement of existing services and development of new services
• Giving notice of changes to company websites’ or applications’ functions or matters of policy change
• Helping users connect with other users they may already know and, with permission, to allow other users to connect with one another
• To compile statistics concerning user’s service usage, to provide services and place advertisements based on statistical analysis
• To provide information concerning promotional events and to notify user of opportunities to participate
• To comply with applicable laws or legal obligations
• Other uses, as requested and with prior consent (for example, use of marketing advertisement)
If Company wishes to use information for purposes other than those expressly stated in this Policy, Company agrees that it will obtain prior consent from users.
3. Sharing collected information
Personal information will not be shared with any third party except as follows:
If Company shares information with affiliates, partners and service providers;
• If Company affiliates, partners and service providers carry out services such as bill payment, order execution, product delivery, or dispute resolution (including disputes on payment and delivery) for or on behalf of Company
• If users consent to sharing in advance;
- If user chooses to receive product and service information from third parties by sharing his or her personal information with said third parties.
- If user chooses to allow his or her personal information to be shared with third party websites or platforms, such as social networking services
- Other cases in which user gives prior consent for sharing his or her personal information
• If sharing is required by law
- If required to be disclosed by laws and regulations; or
- If required to be disclosed to government agencies pursuant to an investigation, in accordance with the procedures and methods prescribed by laws and regulations
4. Commission for collected personal information
In order to provide services, Company commissions external companies, otherwise known as “subcontractors,” to process personal information as follows. These operations are commissioned for the processing of personal information by the relevant subcontractor only if they are deemed necessary for the provision of service.
During the commissioning process, in order to guarantee the security of users’ personal information, Company supervises and ensures that, as provided by contract, subcontractors will safely process personal information in strict compliance with personal information protection procedures, including the principle of safeguarding the secrecy of personal information, abstention from the disclosure of personal information to any third party, and the assumption of liability for accidental destruction or dissemination of personal information upon the termination of commission or processing.
5. Period of retention and use of personal information
In principle, Company destroys users’ personal information when the purpose of its collection and use has been achieved, legal or management needs are satisfied, or upon user request. If it is still necessary to retain information due to applicable laws and regulations, Company will retain member information as designated by relevant laws and regulations. Information to be retained as required by relevant laws and regulations include, but is not necessarily limited to the following:
• Records concerning contract or withdrawal of subscription: 5 years (Consumer Protection in Electronic Commerce Act)
• Records on the payment and supply of goods: 5 years (Consumer Protection in Electronic Commerce Act)
• Records on customer complaint or dispute treatment: 3 years (Consumer Protection in Electronic Commerce Act)
• Records concerning the collection, processing, and use of credit information: 3 years (Use and Protection of Credit Information Act)
• Records concerning banner advertisements: 6 months (Consumer Protection in Electronic Commerce Act)
• Logs and records of user activity, including location data (The Protection of Communications Secrecy Act)
• Other data concerning communication history: 12 months (The Protection of Communications Secrecy Act)
6. Procedure and method of destruction of personal information
In principle, Company destroys users’ personal information when the purpose of its collection and use has been achieved, legal or management needs are satisfied, or upon user request. If it is still necessary to retain information due to applicable laws and regulations, Company will retain member information as designated by relevant laws and regulations. In such a case, information will be stored and managed separately, and will not be used for other services. Company destroys physical copies of personal information by shredding, pulverizing, or incineration, and destroys electronically stored information using digital means, in a manner that said information cannot be restored.
7. Cookies and Similar Technologies
Company may collect general and impersonal information through ‘cookies.’ Cookies are very small text files sent to users’ browsers and used for the operation of Company’s websites, and stored on the hard disk of users’computer. These functions are used for evaluating, improving, and refining services in order to optimize users’ experiences.
8. Users’ right to access and option
Users or their legal representatives, as the legal agents of users’ personal information, may exercise the following options regarding the collection, use and sharing of personal information by Company:
• The right to access user’s personal information;
• Make corrections or deletion;
• Temporary suspend handling of personal information; or
• Request the withdrawal of previously provided consent
If, in order to exercise the above options, user navigates the ‘Account Settings’ menu or contacts Company using the general telephone number, post, e-mail, or contacting the responsible department or manager via telephone, Company will ensure that appropriate measures are taken promptly and without delay, provided that Company may reject user requests if there exists a proper cause, as prescribed by applicable laws or contracts.
Company considers the security of personal information to be very important. Company uses the following security measures to protect users’ personal information from any unauthorized access, release, use, or modification:
• Encryption of personal information
- Transmission of users’ personal information using encrypted media
- Use of encryption during storage of important information, such as passwords
• Countermeasures against hacking
- Installation of a system which regulates external access as to prevent the leaking or dissemination of users’ personal information by hacking or computer virus
• Establish and execute internal management plan
• Install and operate access control system
• Measures to prevent forging or alteration of access records
10. Modification of Privacy Protection Policy
Company has the right to amend or modify this Policy when deemed appropriate and, in such cases, Company will post a public notice via the pop-up page or bulletin board on its website, or through individual notices such as written documents, faxes or e-mail, and obtain consent from users as required by relevant laws.
• Data transmission
- As it engages in global business operations, Company may provide users’ personal information to companies located in other countries for purposes expressly stated in this Policy. Depending on location of personal information transmission, retention, or processing, Company may take reasonable measures for protecting personal information.
• Third party websites and services
- Company’s website, product, or service may include links to those of a third party, and the privacy protection policy of third party websites may differ. Users are advised to also check the privacy policies of any third party websites linked to Company.
12. Responsible department of Company
Company tasks the following department and staff with the processing of personal information in order to protect customers’ personal information and process complaints.
Service Team is responsible for privacy protection and customer service, and can be contacted at:
• Address: 18 Dasan-ro 14gil Jung-go Seoul, Korea
• Tel.: +82-2-535-2808/ +82-2-535-2818
• E-mail: email@example.com
• The latest update date: 18 July, 2016
Staff is the staff member responsible for managing personal information, and can be contacted at:
• Name: Jinwoo, Yoo
• Dept. : Service Planning
• Tel. : +82-2-535-2808
• Contact : firstname.lastname@example.org