Privacy policy



Article 1 (General Rules)

Blue Beaker Co., Ltd. (hereinafter referred to as the 'Company') values ​​its members' information and does its best to protect it safely, and complies with the Personal Information Protection Act and government guidelines.

The company collects the member's personal information to the minimum extent as necessary and uses the collected information only within the scope of the prior notice, and does not use or exceed the scope without prior consent.

However, the minimum information may be provided without consent through internal procedures only when requested according to the procedures and methods prescribed by the law for investigation or investigation purposes, or pursuant to the provisions of the law.

The company has enacted and adhered to the 'Personal Information Processing Policy' to inform the members of measures to use and protect personal information, and to comply with relevant laws and regulations.

The company's 'Personal Information Processing Policy' may be revised due to changes in related laws and guidelines or changes in the internal operating policy.

If the 'Personal Information Processing Policy' changes, we will notify you of the change through contact information such as a notice or email.

If you have any questions about changes, you can always check with the department in charge or visit the website.

In the case of contents related to personal information in the privacy policy and terms of use, the terms of use take precedence.



Article 2 (Collection, Use and Retention of Personal Information)

The Company collects and uses personal information for the following purposes in order to provide optimized services, and does not use it for any purpose other than the purpose for which it was agreed or does not provide it to third parties without consent.

The company may collect information by notifying the user in advance when collection and storage of resident registration numbers and bank account numbers is inevitable in accordance with relevant laws such as the Consumer Protection Act in Electronic Commerce, National Basic Tax Act, and Electronic Financial Transaction Act.

The company does not collect information, such as race, place of origin, ideology, political tendency, criminal record, health status, etc., that may infringe the basic human rights of users.

1. How to collect personal information

Company can collect personal information in the following ways.

   - Homepage, mobile web page,Bluebeaker Microsoft Office add-in, written, fax, telephone, contact customer service, event application

   - Automatic collection through creation information collection tool

2. Purpose of collecting and using personal information

The company collects and uses personal information for the following purposes. The collected personal information will not be used for any purpose other than the following, and if the purpose of use is changed, prior consent is requested.

The collected personal information is retained and used within the period of retention and use of personal information pursuant to laws and regulations, or within the period of use and retention of personal information agreed upon when collecting personal information from the information subject.

1) Platform membership and service usage management

Confirmation of membership intention, identification / certification by provision of membership service, maintenance and management of membership, identification by enforcement of limited identity verification system, prevention of illegal use of service, various notices / notifications related to service use, grievance handling, and dispute settlement. We process personal information for the purpose of record keeping, etc

2) Complaint handling

We process personal information for the purpose of verifying the identity of the complainant, confirming the complaint, contacting and notifying for fact investigation, and notifying the result of processing.

3) Providing goods or services

We process personal information for the purpose of delivery of goods, service provision, billing, content provision, personalized service provision, identity verification, age verification, bill payment and settlement, and debt collection.

4) Use in marketing and advertising

Development of new services (products) and provision of customized services, provision of event and advertisement information and participation opportunities, provision of services and advertisements according to demographic characteristics, validation of services, identification of access frequency, statistics of members' use of services, etc. For the purpose of processing personal information.

3. Collection and retention of personal information

In the process of using the service provided by the company, the rights and responsibilities related to personal information and posts voluntarily disclosed by the member themselves belong to the author.

Please note that voluntarily disclosed information is difficult to protect and may be collected or processed without permission by others, and any losses or problems arising from this are entirely at your disposal. Please take great care not to disclose personal information in the process of using the service.

The company does not use personal information other than the following purposes, and if the purpose of the service provided by the company changes, it takes necessary measures, such as obtaining separate consent.

Information collected when using the service and retention period are as follows.

Classification

Type

Purpose of collection and use

Collection and use items

Retention and use period

Essential information

User identification
(member registration)

User identification / Notice and consultation on service use, complaint handling / illegal use confirmation and prevention management

[Individual members]
Email, password, name, mobile phone number
[Sales Member]
E-mail, password, social security number (in accordance with Article 32 of the VAT Act)

Delete immediately upon withdrawal of membership

- Information to prevent illegal use (ID, illegal use records) is deleted from the withdrawal DB after 6 months

- Records of complaints or disputes are kept for 3 years (Act on Consumer Protection in Electronic Commerce, etc.)

Order / payment

Confirmation / prevention management of notice / false use, such as payment of product orders, refund / contract details, and order history information

[Collection according to payment method selection]
Credit card: name on card, card number, expiration date
Mobile phone: mobile phone number, telecommunication company name
Account transfer: bank name, account number
Deposit without bankbook: bank name, depositor name
Cash receipt issuance information: mobile phone number, cash receipt card information, and resident (businessperson) number


- In order to preserve transaction records, payment, cancellation, and refund information are kept for 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

Cancellation / refund

Name of account holder, bank name, account number

Service

Usage record

Quality management, such as statistical analysis of service usage records, compliance with legal obligations for consumer protection / confirmation of illegal use ∙ prevention management / checking of shipping information for product (gift) shipment

Cookies, service usage record (date and time of visit, IP, illegalbad use record, etc.), device information (unique device identification value, OS version)
IP address, cookie, access date, mobile device information (UDID, advertisement identifier, etc.), message ID, and other service usage records

Delete immediately upon withdrawal of membership

- Service usage records are kept for 3 months
(Communication Secret Protection Act)

Additional Information

Tax Adjustment

Tax Invoice

Business type, item, E-mail for electronic tax invoice, business site or contact information

Delete immediately upon withdrawal of membership
Deleted immediately after the tax office is reported

Optional

Marketing

Marketing for members
Provide customized information
Service usage statistics and surveys

Email, contact information (mobile phone number), gender, use of other services, transaction records

Delete immediately upon withdrawal of use agreement



Article 3 (Installation and Operation of Automatic Personal Information Collection Device)

In order to provide personalized service, the company uses 'cookies' that store and retrieve usage information from time to time.
Cookies are a small amount of information that the server used to operate the website or app sends to the user's computer browser, and are also stored on the hard disk in the user's PC computer.
   - Purpose of use of cookies: It is used to provide optimized information to users by identifying visits and usage patterns, popular search terms, and secure access to each service and websites or apps visited by users.
   - Installation, operation and rejection of cookies: You can refuse to save cookies by setting options in the Tools > Internet Options > Privacy menu at the top of your web browser.
   - If you refuse to save cookies, you may have difficulty using customized services.

The following information may be automatically generated and collected during service use or business processing.

   - IP address, date of visit, service usage record: prevention of illegal use, prevention of unauthorized use, development of new service and provision of customized service, etc.



Article 4 (Rejection of Consent to Collection of Personal Information)

Members have the right to refuse consent to the collection and use of personal information, and there is no penalty for rejecting consent.
However, if you refuse to agree to the required consent, you may not be able to use the service or there will be restrictions on the provision of the service according to the purpose of the service.
If you refuse to agree to the matters, all or part of the services that can be provided may be restricted by using the personal information item of the optional consent.



Article 5 (Provided by a third party of personal information)

In principle, the company does not provide the member's personal information to third parties or disclose it to the outside. However, the following cases are exceptions.

1) When members agree to disclosure in advance

2) In accordance with the provisions of the statute, or when there is a request from an investigative agency for the purpose of investigation according to the procedures and methods prescribed in the statute



Article 6 (Personal Information Destruction Procedures and Methods)

In principle, members' personal information is destroyed without delay when the purpose of collecting and using personal information is achieved.
The company's personal information destruction procedure and method are as follows.

1. Procedure and method of destroying personal information

1) Destruction procedure
The information entered by the member for the use of the service is transferred to a separate DB after the purpose is achieved (in the case of paper, a separate document) according to the internal policy and other relevant laws and regulations (refer to retention and usage period). After the period is saved, it is destroyed.
Personal information transferred to a separate DB will not be used for any other purpose unless required by law.

2) Destruction
When the retention period of the personal information has elapsed, the user's personal information is provided within 5 days from the end date of the retention period, when the personal information becomes unnecessary, such as the achievement of the purpose of processing personal information, the abolition of the service, and the termination of the business. The personal information is destroyed within 5 days from the date when it is deemed unnecessary.

3) How to destroy
   - Personal information printed on paper: shredded or incinerated
   - Personal information stored in the form of an electronic file: deleted using a technical method that cannot reproduce the record

However, the following information is retained for the period specified for the following reasons.

2. Exceptional storage

1) Reason for retaining information according to related laws and company policies
If it is necessary to preserve it in accordance with the provisions of the relevant laws and regulations, the personal information of the users will be kept for a certain period of time as prescribed by the laws and regulations.
In this case, the company uses the information it keeps only for the purpose of storage and the retention period is as follows.

Item

Reason for preservation

Retention period

Records of contract or withdrawal of subscription

Article 6 of the Consumer Protection Act in Electronic Commerce, and Article 6 of the Enforcement Decree

5 years

Records on payment and supply of goods, etc.

Article 6 of the Consumer Protection Act in Electronic Commerce, and Article 6 of the Enforcement Decree

5 years

Records of consumer complaints or disputes

Article 6 of the Consumer Protection Act in Electronic Commerce, and Article 6 of the Enforcement Decree

3years

Connection records

Article 15-2 of the Communication Secrets Protection Act and Article 41 of the Enforcement Decree

3 months

Fraudulent records

Management of fraudulent transactions

6 months

※ Fraudulent use: Fraudulent use refers to the following cases.
   - Transactions of methods or contents that violate the law or the terms of use between the company and users
   - Transaction of methods or contents that infringe on the rights or interests of other companies, members or othersbr />   - Dealing with methods and contents that harm public order and morals

※ Preservation items for fraudulent use: ID, mobile phone number, email address, reason for fraudulent transaction, membership status at the time of withdrawal, etc.

2) The period of retention and use of the collected personal information is the termination of the service use contract (including withdrawal application and withdrawal of authority) from the conclusion of the service use contract (member registration). In addition, upon withdrawal of consent, the company destroys the user's personal information for a certain period of time in accordance with the reasons for retaining the information specified above, without delay, and when the personal information is entrusted to a third party, instructs the trustee to also destroy it.

3) Personal information of users who do not use the service is preliminarily notified to the user based on the Article 29 of the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc., and personal information is destroyed or stored separately and managed. However, if it is necessary to preserve it in accordance with the provisions of related laws such as the Communications Secret Protection Act and the Consumer Protection Act in e-commerce, personal information is kept for a certain period of time as stipulated in the related laws. However, even if you do not have long-term access when you sign up for membership, the member who chooses to maintain your account will not be dormant even if you become a long-term unused member, and will retain your personal information until you apply for withdrawal.



Article 7 (How to exercise rights and obligations of users and legal representatives)

1. Rights of users (or legal representatives)

The user (or legal representative) can exercise the following rights as a personal information subject.

1) The information subject can exercise the right to view, correct, delete, or stop processing personal information at any time to the company, and withdraw the consent for the use of personal information through the membership withdrawal process. At this time, the company verifies whether the person making the above request is the person or a legitimate agent.

2) The exercise of the rights pursuant to paragraph 1 may be made to the company through written, e-mail, fax transfer, etc. in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act. However, the member ID (ID), name, and resident registration number cannot be corrected, and a change in name due to renaming and a change in resident (business) registration number due to administrative problems may be permitted.

3) If the request for suspension of personal information processing by the user (or legal representative) falls under the following, the request for suspension of processing may be rejected.
   - If there are special regulations in the law or it is inevitable to comply with the statutory obligations
   - If you are in danger of harming the life or body of another person or you may be infringing on another person's property and other interests
   - When the personal information is not processed, it is difficult to fulfill the contract, such as the inability to provide contracted services with the information subject. If the information subject does not clearly indicate the intention to terminate the contract

4) The exercise of the rights pursuant to paragraph 1 can be done through a legal representative of the data subject or an agent such as a person who has been delegated. In this case, you must submit a power of attorney in accordance with Appendix 11 of the Enforcement Rules of the Personal Information Protection Act.

5) Requests for access to personal information and suspension of processing may be restricted in accordance with Article 35 (5) and Article 37 (2) of the Personal Information Protection Act.

6) Requests for correction and deletion of personal information cannot be requested if the personal information is specified for collection in other laws and regulations. In addition, if a request for correction of personal information errors is made, the relevant personal information will not be used or provided until the correction is completed, unless a request is made to provide personal information in accordance with other laws. If incorrect personal information has already been provided, we will notify the third party of the result of the correction process so that the correction can be made.

2. How to withdraw and refuse to provide personal information

The scope of access and correction of personal information, withdrawal of consent, exercise of the right to refuse consent to the transmission of advertising information, and the method of withdrawal of membership are as follows.

1) Scope of viewing and correcting personal information
   - Personal information of users held by the company
   - Personal information used by the company or provided to third parties
   - Consent status of collection, use and provision of personal information

2) How to exercise the right to refuse consent to the revision of personal information, withdraw consent, and to transmit advertising information
   - Homepage (web / application): www.bluebeaker.co
   - Customer Center: info@bluebeaker.co

3) Withdrawal of membership
   - Request to withdraw from the customer center email address (info@bluebeaker.co)

In addition to the above measures, the subject of personal information can be requested through the website of the “Personal Information Protection Comprehensive Support Portal” (www.privacy.go.kr) of the Ministry of Public Administration and Security.

3. User (or legal representative) obligations

Users (or legal representatives) are the subject of personal information and are obliged to protect themselves along with the right to be protected.

1) Members must keep their personal information up to date at all times, and the customer is responsible for any problems caused by incorrect information entered by the customer.

2) A method or mechanism that cannot be blocked by the user's negligence or security measures by relevant laws and regulations, such as transfer, rental, loss of ID, password, access medium, etc., without a cause attributable to the company, or withdrawal while logged in. The company is not responsible for any problems caused by the leakage of personal information due to problems on the Internet that the company cannot control despite considerable caution, such as hacking.

3) Members should be careful not to leak personal information such as IDs, passwords, and access media, and cannot transfer or rent them to third parties. The company is not responsible for any damage caused by the member's negligence.

4) In the case of transactions such as goods by stealing another person's personal information or stealing a resident registration number, it may be punished in accordance with the Resident Registration Act.

5) Members are obliged to cooperate with the regular change of password for security in accordance with the company's privacy policy.

6) Members must comply with other personal information laws, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Act on Personal Information Protection, and the Resident Registration Act.



Article 8 (Technical and Administrative Protection Measures for Personal Information)

In accordance with Article 29 of the Personal Information Protection Act, the company is taking the necessary technical and administrative measures to ensure safety.

The company limits the company's personal information controller to a minimum, and recognizes the importance of protecting personal information through management measures such as training for the personal information controller.

1. Technical measures
1) The member's personal information is protected by a password, and important data is protected through a separate security function by encrypting file and transmission data or by using a file lock function.

2) The member's password is stored and managed by one-way encryption, and verification and change of personal information is possible only by the person who knows the password.

3) The company is taking measures to prevent the damage caused by computer viruses by using the vaccine program. The vaccine program is updated regularly and in the event of a sudden virus, personal information is prevented from being violated by providing it immediately after the vaccine is released.

4) The company has adopted a security device (SSL, etc.) that can safely transmit personal information on the network using a cryptographic algorithm.

5) In preparation for external intrusion such as hacking, the company is committed to security by using an intrusion prevention system and vulnerability analysis system for each server

2. Administrative action
1) The company restricts the BlueBeaker employee’s access to personal information to the minimum number. The minimum number of employees is as follows.
   - A person who directly conducts marketing activities against users
   - Personal information protection officer and person in charge of personal information protection
   - A person inevitably handling personal information for other business purposes

2) Regular in-house training and external consignment training are provided for employees who handle personal information regarding the acquisition of new security technologies and the obligation to protect personal information.

3) We have prepared internal procedures to prevent information leakage by humans in advance through a security pledge upon entering the company, and to audit the compliance of personal information protection regulations and compliance with employees.

4) The takeover of personal information-related handlers is carried out thoroughly while security is maintained, and the responsibility for personal information accidents after entering and leaving the company is clarified.

5) The company is not responsible for personal information-related problems that arise without personal error or the company's fault. Each member must properly manage his / her ID and password and take responsibility for protecting his / her personal information.

6) In the event of loss of personal information, leakage, tampering, or damage due to other manager's mistakes or technical management accidents, the company will immediately notify the facts and take appropriate measures and compensation.



Article 9 (Personal Information Protection Officer)

The company is responsible for the handling of personal information, and has designated the person in charge of protection of personal information as follows to handle complaints and remedy of information subjects related to personal information processing. In the event of an accident, the Personal Information Protection Officer takes full responsibility for protecting personal information.

However, despite technical supplementary measures, we are not responsible for any damages to information caused by unexpected accidents caused by basic network risks such as hacking and various disputes caused by visitors' postings.

The person in charge of personal information protection is as follows, and we respond promptly and faithfully to inquiries related to personal information.

Namevvvvvvvvvvvvvv

Chanhyoung Lee

Title

CTO

Department

Development team

Contact

info@bluebeaker.co

If you need to report or consult about other personal information infringement, please contact the following organizations.



Article 10 (Remedy for Infringement of Rights and Interests)

The following organizations are separate from the company. If you are not satisfied with the company's own personal information complaint handling and damage recovery results, or if you need further assistance, please contact us.

1. Agency information

A place of inquiry

Contact

Website

Personal Information Infringement Report Center

+82-118

privacy.kisa.or.kr

Personal Information Dispute Mediation Committee

+82-1833-6972

www.kopico.go.kr

Supreme Prosecutors' Office Cybercrime Division

+82-2-3480-3573

www.spo.go.kr

National Police Agency Cyber ​​Safety Bureau

+82-182

http://cyberbureau.police.go.kr

2. Measures against stolen personal information

When the user finds out that he or she has used another person's personal information to sign up for membership, he / she takes necessary measures, such as suspension of service for the ID or withdrawal of membership, without delay. At this time, as a method of verifying the identity of the user who claims that the personal information is being stolen, use the authenticity verification service of the resident registration card implemented by the electronic government.



Article 11 (Obligations of Notice)

This policy may be added, deleted, or modified as the policy of the government or company changes. In this case, it is notified through the website, add-in or e-mail 7 days before the implementation, and if it is difficult to notify in advance, notify without delay.

In addition, the Company will collect and utilize personal information, provide information to third parties, and promote or use the information and communication network and protect information, and in accordance with relevant laws and regulations that require additional consent from customers, if the contents are added or changed, Follow the customer's separate consent.

This policy is effective from the date of notification.

- Privacy Policy Version Number: v.20201120
- Privacy Policy Announcement Date: 2020.20
- Privacy Policy Application Date: 2020.11.23