WitchCompany. (hereinafter referred to as the "Company”) has established and is disclosing the following guidelines to protect the privacy of the data subjects and to quickly and smoothly address the related difficulties pursuant to the Act on the Promotion of Information and Communications Network Utilization and Information Protection, Etc. and the Personal Information Protection Act.
This policy shall take effect from July 5, 2021.
Article 1 (Privacy)
The Company processes the personal information for the following purposes. The personal information processed shall not be used for the purposes outside the following purposes and shall obtain prior consent, etc. when the purpose of use changes, pursuant to the relevant laws.
1. Homepage membership subscription and management.
Personal information is processed for the purposes of verifying the intention of subscribing to the membership, personal identification and authentication for the provision of the membership services, maintenance and management of member qualification, personal verification pursuant to the implementation of the limited identity verification system and prevention of illegal use of the services, etc.
2. Provision of goods and/or services.
Personal information is processed for the purposes of goods delivery, service provision, transmission of contracts and invoices, provision of contents, provision of customized services, personal authentication, fees payment and settlement, debt collection, etc.
3. Complaint processing.
Personal information is processed for the purposes of verifying the identity of the complainants, verification of complaints, contact/notification for factual investigation, notification of results of the processing, etc.
4. Marketing and advertising purposes.
Personal information is processed for the purposes of delivering marketing information, such as events, etc., determining the connection frequency and/or statistics on the service use by the members, etc.
Article 2 (Processing and Retention Period of Personal Information)
① The Company shall process and/or retain the personal information within the retention and/or use period pursuant to the relevant laws or as consented to by the data subject at the time of collecting the personal information.
② Processing and retention period for each type of personal information are as follows.
1. Homepage membership subscription and management: within the consented personal information retention and use period. Provided, until completing the applicable reasons when applicable to any of the following reasons.
1) Until completion of the applicable investigation and/or inquiry for investigation and/or inquiry, etc. pursuant to violation of relevant laws.
2) Until settlement of applicable debt/liability relationships when debt/liability remains pursuant to the use of the homepage.
2. Provision of goods and/or services: Until completion of goods and/or services provision and fee payment and/or settlement.Provided, until completing the applicable reasons when applicable to any of the following reasons.
1) Records on transactions, such as marks, advertisement, contract terms and performance, etc. pursuant to the Act on the Consumer Protection in Electronic Commerce, Etc.
- Records on Marks and Advertisements: 6 Months
- Records on Contract or Withdrawal of Contract, Fee Payment and Provision of Goods, Etc.: 5 Years
- Records on Consumer Complaints and Dispute Processing: 3 Years
2) Retention of communication confirmation data pursuant to Article 41 of the Protection of Communications Secrets Act
- Date of telecommunications by subscribers, starting and ending time, subscriber number of the other party, frequency of use, data on tracing location of connectors: 1 Year
- Computer communication, data on internet log records, data on tracing a location of connection: 3 Months
Article 3 (Entrustment of the Processing of Personal Information)
① The Company entrusts the processing of the personal information for smooth processing of the personal information as follows.
Purpose of Use of the Recipient: Transportation of artworks and goods
Items of Personal information Provided: Name, Address, Goods information
Retention and Use Period of the Recipient: Within 7 days after completing delivery
② The Company shall stipulate the prohibition of the processing of the personal information outside the purposes of performing the entrusted responsibilities, technical and administrative protection measures, restriction on re-entrustment, management and supervision of trustees, and indemnification, etc. in the entrustment contract pursuant to Article 25 of the Personal Information Protection Act, and the Company shall supervise the trustees to safely process the personal information.
Article 4 (Rights and Obligations of the Data Subjects and the Method of Exercise)
① The data subjects may exercise the rights on each of the following personal information protection against the Company at any time.
1. Request to access the personal information
2. Request to correct errors, etc.
3. Request for deletion
4. Request to suspend processing
② The rights pursuant to Paragraph 1 may be exercised through the submission of writing, telephone, electronic mail, facsimile (FAX), etc. to the Company, and the Company shall take such measures without delay.
③ In the event the data subject requests correction or deletion on the errors, etc. in his/her personal information, the Company shall not use nor provide the concerned personal information until the correction or deletion is complete.
④ The rights pursuant to Paragraph 1 may be exercised through a representative, such as the legal guardian or a delegated person, etc. of the data subject. In such a case, a power of attorney pursuant to the attached form no. 11 of the Enforcement Rule of the Personal Information Protection Act shall be submitted.
⑤ The data subject shall not infringe on the personal information or privacy of him/herself or others being processed by the Company in violation of the relevant laws, including the Personal Information Protection Act.
Article 5 (Personal Information Items Processed)
The Company processes the following personal information items identical to Twitter Account Policy requires,
① Required Items: Display name, Username, Password, E-Mail Address or phone number.
② The following personal information items may be automatically generated and collected during the process of using the internet services.
․IP Address, Cookie, MAC Address, Service Use Record, Visit History, Defective Use Record, Etc.
Article 6 (Destruction of Personal Information)
① The Company shall destroy the personal information when the concerned personal information is no longer necessary, such as expiration of the personal information retention period or achieving the purpose of processing, etc.
② When the personal information must be retained after expiration of the retention period of the personal information consented to by the data subject or achieving the purpose of processing pursuant to other laws, the concerned personal information shall be moved to a separate database (DB) or the storage location shall be changed.
③ The procedures and methods of destroying the personal information are as follows.
1. Procedure for Destruction
The Company shall select the personal information with grounds for destruction and destroy the personal information with an approval of the privacy officer of the Company.
2. Method of Destruction
The Company shall destroy the personal information recorded and stored in an electronic format by using low level format, etc. in such a way that renders it unrecoverable, and the personal information in the form of a physical document shall be destroyed by a paper shredder or shall be incinerated.
Article 7 (Measures to Ensure the Safety of Personal Information)
The Company takes the following measures to ensure the safety of the personal information.
1. Managerial Measures: establishment, implementation of internal management plan and regular employee education, etc.
2. Technical Measures: Access control management of personal information processing system, installation of access control system, encryption of personally identifiable information, etc., installation of security program
3. Physical Measures: Access control of computer room and data storage room, etc.
Article 8 (Matters Concerning the Installation, Operation and Refusal of the Automated Personal Information Collection Devices)
② A cookie is a small quantity of information sent by the server used in operating a website to the computer browser of a user and can be stored on the hard disk of a computer of the users.
A. Purpose of Using Cookie: Used for providing information optimized for the users by determining each services visited by the users, the types of visits and usages, popular search terms and the use of secure connections, etc.
B. Installation, Operation and Refusal of Cookie: May refuse to store the cookie by selecting Tool > Internet Option > Privacy menu from the top section of a web browser.
C. You may experience difficulty in using a customized service when refusing to store the cookie.
Article 9 (Privacy Officer)
① The Company designated the following privacy officer to be responsible for overall tasks related to the processing of personal information and processing and remedying the complaints of the data subjects related to the personal information processing.
▶ Privacy Officer
Name: Kim, JeongBeom
Department Name: Engineering
※ Directed to the privacy department.
▶ Business Development
② All inquiries, complaints, damage relief, etc. concerning all personal information protection that arise in the course of using the services (or business) of the Company can be directed to the privacy officer or the privacy department. The Company shall provide replies to such inquiries without delay.
Article 10 (Request to Access the Personal Information)
The data subjects may request to access the personal information pursuant to Article 35 of the Personal Information Protection Act to the following department. The Company shall make every effort to quickly process the requests to access the personal information by the data subject.
▶ Department for Receipt and Processing the Request to Access the Personal Information
Department Name: Engineering
Name: Kim, JeongBeom
Article 11 (Remedy for Rights Infringement)
The data subjects may inquire on the remedy, consultation, etc. on infringement of personal information to the following agencies.
'The following agencies are separate from the Company and should be contacted when not satisfied with the complaints processing or remedy of the Company or require more detailed assistance.'
▶ KISA Privacy Center (Operated by Korea Internet & Security Agency)
- Responsible Duties: Reporting personal information infringement, request consultation
- Homepage: privacy.kisa.or.kr
- Telephone: (No Area Code) 118
- Address: (58324) KISA Privacy Center, 3F, 9, Jinheung-gil, Naju-si, Jeollanam-do (301-2, Bitgaram-dong)
▶ Personal Information Dispute Mediation Committee - Responsible Duties: Application for personal information dispute mediation, collective dispute mediation (civil resolution) - Homepage: www.kopico.go.kr - Telephone: (No Area Code) 1833-6972 - Address: (03171) 4F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul
▶ Supreme Prosecutors’ Office of the Republic of Korea – Cyber Crime Investigation Unit: +82-2-3480-3573 (www.spo.go.kr)
▶ Cyber Terror Response Center: 182 (http://cyberbureau.police.go.kr)