Privacy Policy

Oct 15, 2024

Privacy Policy

 

Article 1 (Purpose)

Blueroom Co., Ltd. (hereinafter referred to as the 'Company') has established the following privacy policy (hereinafter referred to as 'this Policy') to protect the personal information (hereinafter referred to as 'Personal Information') of individuals (hereinafter referred to as 'Users' or 'Individuals') who use the services provided by the Company (hereinafter referred to as 'Company Services'). This is to comply with the laws related to personal information protection such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as 'Information Network Act'), ensure the swift and smooth handling of users’ concerns related to privacy protection.

 

Article 2 (Principles of Handling Personal Information)

In accordance with relevant laws on personal information and this Policy, the Company may collect users' personal information. Collected personal information can be provided to third parties only with the individual's consent. However, if required by laws and regulations, the Company may legally provide collected personal information to third parties without prior consent from the individual.

 

Article 3 (Publication of this Policy)

  1. The Company makes this Policy available so that users can easily check it at any time through the first screen of the Company's homepage or a linked screen.

  2. When publicizing this Policy according to Paragraph 1, the Company utilizes font size, color, etc., so that users can easily check it.

 

Article 4 (Changes to this Policy)

  1. This Policy may be revised according to changes in personal information-related laws, guidelines, notifications, or policies/content changes of the government or Company Services.

  2. When revising this Policy as per Paragraph 1, the Company will notify users using one or more of the following methods.

    1. Notification in the announcement section on the first screen of the Company's website or through a separate window

    2. Notification to the user through written communication, fax, email, or similar methods

  3. The notification in Paragraph 2 will be made at least 7 days prior to the implementation date of this Policy revision. However, if there are significant changes to user rights, notification will be made at least 30 days in advance.

 

Article 5 (Information Required for Membership Registration)

To register users for Company Services, the Company collects the following information.

  1. Required Information: Email address, password, name, nickname, date of birth, and mobile phone number

 

Article 6 (Information for Identity Verification)

To verify users’ identity, the Company collects the following information.

  1. Required Information: Mobile phone number, email address, name, date of birth, gender, personal identification values (CI, DI), telecom carrier, I-PIN information (for I-PIN verification), and nationality

 

Article 7 (Information for Providing Company Services)

The Company collects the following information to provide services to users.

  1. Required Information: ID, email address, name, date of birth, and contact information

 

Article 8 (Information for Using and Reviewing Unlawful Use of Services)

The Company collects the following information for statistics, analysis based on users' use of services, and confirmation and analysis of unlawful use. (Unlawful use refers to actions such as repeated re-registration after withdrawal, purchase and refund of products, illicit and illegal acts gaining economic benefits like discount coupons, event benefits provided by the Company, actions prohibited by terms and conditions, identity theft, etc.)

  1. Required Information: Service usage records, cookies, connection location information, and device information

 

Article 9 (Methods of Collecting Personal Information)

The Company collects users' personal information through the following methods.

  1. Input of personal information by users on the Company's website

  2. Users inputting their personal information through services other than the Company's homepage like applications provided by the Company

  3. Collection through responses to the Company's surveys

 

Article 10 (Use of Personal Information)

The Company uses personal information for the following cases.

  1. For company operations such as delivering notices

  2. For answering inquiries, handling complaints, and improving services for users

  3. For providing Company services

  4. For imposing usage restrictions on members who violate laws or company terms, preventing and penalizing actions that hinder the smooth operation of services, including unlawful use activities

  5. For developing new services

  6. For marketing purposes such as event and campaign announcements

  7. For analyzing demographic analysis, service visiting, and usage records

  8. For forming user relationships based on personal information and interests

 

Article 11 (Provision of Personal Information Based on Prior Consent)

  1. Despite the prohibition on providing personal information to third parties, the Company may provide personal information to third parties if users have consented in advance to disclose or agree to any of the following matters. However, even in this case, the Company provides personal information to the minimum extent allowed by related laws.

    1. Providing information collected for membership and service use as a reference for test result analysis to test-providing companies

  2. The Company will notify and seek consent from users following the same procedure in case of changes in the relationship of providing personal information to third parties or when the third-party provision relationship ends.

 

Article 12 (Retention and Use Period of Personal Information)

  1. The Company retains and uses users' personal information for the period necessary to achieve the purpose of personal information collection/use.

  2. Despite the above, the Company retains records of unlawful use to prevent improper registration and use for up to one year from the date of membership withdrawal based on internal policies.

 

Article 13 (Retention and Use Period of Personal Information According to Laws)

The Company retains and uses personal information as follows according to related laws.

  1. Information subject to retention and period according to the Consumer Protection Act in electronic commerce, etc.

    1. Records of contracts or withdrawal of subscription, etc.: 5 years

    2. Records of payment and supply of goods, etc.: 5 years

    3. Records of consumer complaints or dispute handling: 3 years

    4. Records concerning display and advertisement: 6 months

  2. Information subject to retention and period according to the Protection of Communications Secrets Act

    1. Website log records: 3 months

  3. Information subject to retention and period according to the Electronic Financial Transactions Act

    1. Records relating to electronic financial transactions: 5 years

  4. Law on the protection and use of location information

    1. Records of personal location information: 6 months

 

Article 14 (Principles of Destroying Personal Information)

The Company, in principle, destroys the relevant information without delay when it is no longer needed for purposes like achieving the processing objectives of users' personal information, or due to the lapse of retention/use period.

 

Article 15 (Procedures for Destruction of Personal Information)

  1. Information entered by users for membership registration is transferred to a separate database (in the case of paper, a separate file cabinet) after achieving the purpose of personal information processing and stored for a certain period according to internal policies and other related laws (refer to retention/use period) before being destroyed.

  2. Personal information is destroyed through approval procedures by the personal information protection officer when the reason for destruction arises.

 

Article 16 (Methods of Destroying Personal Information)

The Company deletes personal information stored in electronic file format using technical methods that prevent record reproduction, and shreds or incinerates printed personal information.

 

Article 17 (Measures for Sending Advertising Information)

The Company shall obtain the user’s explicit prior consent when transmitting advertising information for commercial purposes using electronic transmission media. However, prior consent is not required in the following cases:

  1. When the Company collects the recipient's contact information directly through a transaction and intends to send advertising information for commercial purposes related to similar goods or services within six months from the end of the transaction.

  2. When a telemarketing salesperson under the "Door-to-Door Sales Act" verbally notifies the recipient of the source of their personal information during the call.

Notwithstanding the foregoing, the Company shall not transmit advertising information for commercial purposes if the recipient expresses an intention to opt out or withdraw prior consent. The Company shall also notify the recipient of the results of processing such requests.

For sending advertising information for commercial purposes between 9 PM and 8 AM the next day, the Company shall obtain separate prior consent from the recipient regardless of the provisions in Paragraph 1.

The Company shall clearly include the following information in the advertising content transmitted for commercial purposes:

  1. Company name and contact information

  2. Information on how to opt out or withdraw consent to receive such communications

The Company shall not engage in any of the following actions when transmitting advertising information for commercial purposes:

  1. Avoiding or obstructing the recipient's opt-out or withdrawal of consent

  2. Automatically generating recipients’ contact information, such as phone numbers or email addresses, by combining numbers, symbols, or characters

  3. Automatically registering phone numbers or email addresses to send advertising information for commercial purposes

  4. Taking actions to conceal the identity of the sender or the source of the advertisement

  5. Deceptively inducing the recipient to reply for the purpose of sending advertising information for commercial purposes

Article 18 (User Obligations)

  1. Users shall maintain the accuracy of their personal information, and the Company shall not be held responsible for issues arising from inaccurate information provided by the user.

  2. Users who register using another person’s personal information may lose their user qualifications and face penalties under relevant privacy laws.

  3. Users are responsible for maintaining the security of their email addresses, passwords, and other credentials. These credentials must not be transferred or rented to third parties.

Article 19 (Management of Personal Information by the Company)

The Company shall implement technical and administrative measures to ensure the safety of users' personal information, preventing loss, theft, leakage, alteration, or damage.

Article 20 (Processing of Deleted Information)

Personal information that is terminated or deleted upon the user's or legal representative's request shall be processed as specified in the "Retention and Use Period of Personal Information" and shall not be accessed or used for any other purpose.

Article 21 (Password Encryption)

Users’ passwords are stored and managed using one-way encryption. Only the user, who knows the password, can access or change personal information.

Article 22 (Measures Against Hacking and Other Threats)

The Company actively protects personal information against breaches such as hacking and computer viruses:

  1. Utilizing the latest antivirus programs to prevent the leakage or damage of personal data.

  2. Employing an intrusion prevention system to safeguard against unauthorized access.

  3. Using encrypted communication to securely transfer sensitive personal information over networks.

Article 23 (Minimization and Education for Personal Information Handling)

The Company limits the number of personnel handling personal information and emphasizes compliance with laws and internal policies through education and management measures.

Article 24 (Measures for Personal Information Breaches)

If a breach (e.g., loss, theft, leakage) occurs, the Company shall immediately notify the affected users and report to the relevant authority. The notification will include:

  1. The categories of breached information

  2. The time of occurrence

  3. Steps users can take to mitigate harm

  4. Measures taken by the Company

  5. Contact details for user support

Article 25 (Exceptions to Notifications for Breaches)

If the Company cannot contact the affected users due to valid reasons, notifications may be replaced by posting on the Company website for at least 30 days.

Article 26 (Protection of Transferred Personal Information Abroad)

  1. The Company shall not enter into international agreements that violate privacy laws regarding users’ personal information.

  2. The Company shall obtain users’ consent when transferring personal information abroad for storage, processing, or other purposes. However, if disclosed through methods prescribed by law, consent may not be required.

Article 27 (Cookies)

The Company uses cookies to provide personalized services. Users may choose to allow, confirm, or block cookies via browser settings. However, blocking cookies may affect the functionality of services requiring login.

Article 28 (Cookie Settings)

Users can manage cookie settings through browser options:

  • Edge: Settings > Cookies and Site Permissions > Manage and Delete Cookies

  • Chrome: Settings > Privacy and Security > Cookies and Other Site Data

  • Whale: Settings > Privacy > Cookies and Other Site Data

Article 29 (Personal Information Protection Officer)

The Company designates a Personal Information Protection Officer to address user concerns and ensure data safety:

  • Name: Sangwan Kim

  • Position: CEO

  • Phone: +82-10-5156-7693

  • Email: sangwan.kim@earningbirds.com

Article 30 (Relief for Rights Infringement)

Users may seek assistance from the following organizations in case of privacy disputes or concerns:

Supplementary Provision

This policy shall take effect on October 16, 2024.