Privacy Policy
Oct 15, 2024
Privacy Policy
Article 1 (Purpose)
Blueroom Co., Ltd. (hereinafter referred to as the 'Company') has established the following privacy policy (hereinafter referred to as 'this Policy') to protect the personal information (hereinafter referred to as 'Personal Information') of individuals (hereinafter referred to as 'Users' or 'Individuals') who use the services provided by the Company (hereinafter referred to as 'Company Services'). This is to comply with the laws related to personal information protection such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as 'Information Network Act'), ensure the swift and smooth handling of users’ concerns related to privacy protection.
Article 2 (Principles of Handling Personal Information)
In accordance with relevant laws on personal information and this Policy, the Company may collect users' personal information. Collected personal information can be provided to third parties only with the individual's consent. However, if required by laws and regulations, the Company may legally provide collected personal information to third parties without prior consent from the individual.
Article 3 (Publication of this Policy)
The Company makes this Policy available so that users can easily check it at any time through the first screen of the Company's homepage or a linked screen.
When publicizing this Policy according to Paragraph 1, the Company utilizes font size, color, etc., so that users can easily check it.
Article 4 (Changes to this Policy)
This Policy may be revised according to changes in personal information-related laws, guidelines, notifications, or policies/content changes of the government or Company Services.
When revising this Policy as per Paragraph 1, the Company will notify users using one or more of the following methods.
Notification in the announcement section on the first screen of the Company's website or through a separate window
Notification to the user through written communication, fax, email, or similar methods
The notification in Paragraph 2 will be made at least 7 days prior to the implementation date of this Policy revision. However, if there are significant changes to user rights, notification will be made at least 30 days in advance.
Article 5 (Information Required for Membership Registration)
To register users for Company Services, the Company collects the following information.
Required Information: Email address, password, name, nickname, date of birth, and mobile phone number
Article 6 (Information for Identity Verification)
To verify users’ identity, the Company collects the following information.
Required Information: Mobile phone number, email address, name, date of birth, gender, personal identification values (CI, DI), telecom carrier, I-PIN information (for I-PIN verification), and nationality
Article 7 (Information for Providing Company Services)
The Company collects the following information to provide services to users.
Required Information: ID, email address, name, date of birth, and contact information
Article 8 (Information for Using and Reviewing Unlawful Use of Services)
The Company collects the following information for statistics, analysis based on users' use of services, and confirmation and analysis of unlawful use. (Unlawful use refers to actions such as repeated re-registration after withdrawal, purchase and refund of products, illicit and illegal acts gaining economic benefits like discount coupons, event benefits provided by the Company, actions prohibited by terms and conditions, identity theft, etc.)
Required Information: Service usage records, cookies, connection location information, and device information
Article 9 (Methods of Collecting Personal Information)
The Company collects users' personal information through the following methods.
Input of personal information by users on the Company's website
Users inputting their personal information through services other than the Company's homepage like applications provided by the Company
Collection through responses to the Company's surveys
Article 10 (Use of Personal Information)
The Company uses personal information for the following cases.
For company operations such as delivering notices
For answering inquiries, handling complaints, and improving services for users
For providing Company services
For imposing usage restrictions on members who violate laws or company terms, preventing and penalizing actions that hinder the smooth operation of services, including unlawful use activities
For developing new services
For marketing purposes such as event and campaign announcements
For analyzing demographic analysis, service visiting, and usage records
For forming user relationships based on personal information and interests
Article 11 (Provision of Personal Information Based on Prior Consent)
Despite the prohibition on providing personal information to third parties, the Company may provide personal information to third parties if users have consented in advance to disclose or agree to any of the following matters. However, even in this case, the Company provides personal information to the minimum extent allowed by related laws.
Providing information collected for membership and service use as a reference for test result analysis to test-providing companies
The Company will notify and seek consent from users following the same procedure in case of changes in the relationship of providing personal information to third parties or when the third-party provision relationship ends.
Article 12 (Retention and Use Period of Personal Information)
The Company retains and uses users' personal information for the period necessary to achieve the purpose of personal information collection/use.
Despite the above, the Company retains records of unlawful use to prevent improper registration and use for up to one year from the date of membership withdrawal based on internal policies.
Article 13 (Retention and Use Period of Personal Information According to Laws)
The Company retains and uses personal information as follows according to related laws.
Information subject to retention and period according to the Consumer Protection Act in electronic commerce, etc.
Records of contracts or withdrawal of subscription, etc.: 5 years
Records of payment and supply of goods, etc.: 5 years
Records of consumer complaints or dispute handling: 3 years
Records concerning display and advertisement: 6 months
Information subject to retention and period according to the Protection of Communications Secrets Act
Website log records: 3 months
Information subject to retention and period according to the Electronic Financial Transactions Act
Records relating to electronic financial transactions: 5 years
Law on the protection and use of location information
Records of personal location information: 6 months
Article 14 (Principles of Destroying Personal Information)
The Company, in principle, destroys the relevant information without delay when it is no longer needed for purposes like achieving the processing objectives of users' personal information, or due to the lapse of retention/use period.
Article 15 (Procedures for Destruction of Personal Information)
Information entered by users for membership registration is transferred to a separate database (in the case of paper, a separate file cabinet) after achieving the purpose of personal information processing and stored for a certain period according to internal policies and other related laws (refer to retention/use period) before being destroyed.
Personal information is destroyed through approval procedures by the personal information protection officer when the reason for destruction arises.
Article 16 (Methods of Destroying Personal Information)
The Company deletes personal information stored in electronic file format using technical methods that prevent record reproduction, and shreds or incinerates printed personal information.
Article 17 (Measures for Sending Advertising Information)
The Company shall obtain the user’s explicit prior consent when transmitting advertising information for commercial purposes using electronic transmission media. However, prior consent is not required in the following cases:
When the Company collects the recipient's contact information directly through a transaction and intends to send advertising information for commercial purposes related to similar goods or services within six months from the end of the transaction.
When a telemarketing salesperson under the "Door-to-Door Sales Act" verbally notifies the recipient of the source of their personal information during the call.
Notwithstanding the foregoing, the Company shall not transmit advertising information for commercial purposes if the recipient expresses an intention to opt out or withdraw prior consent. The Company shall also notify the recipient of the results of processing such requests.
For sending advertising information for commercial purposes between 9 PM and 8 AM the next day, the Company shall obtain separate prior consent from the recipient regardless of the provisions in Paragraph 1.
The Company shall clearly include the following information in the advertising content transmitted for commercial purposes:
Company name and contact information
Information on how to opt out or withdraw consent to receive such communications
The Company shall not engage in any of the following actions when transmitting advertising information for commercial purposes:
Avoiding or obstructing the recipient's opt-out or withdrawal of consent
Automatically generating recipients’ contact information, such as phone numbers or email addresses, by combining numbers, symbols, or characters
Automatically registering phone numbers or email addresses to send advertising information for commercial purposes
Taking actions to conceal the identity of the sender or the source of the advertisement
Deceptively inducing the recipient to reply for the purpose of sending advertising information for commercial purposes
Article 18 (User Obligations)
Users shall maintain the accuracy of their personal information, and the Company shall not be held responsible for issues arising from inaccurate information provided by the user.
Users who register using another person’s personal information may lose their user qualifications and face penalties under relevant privacy laws.
Users are responsible for maintaining the security of their email addresses, passwords, and other credentials. These credentials must not be transferred or rented to third parties.
Article 19 (Management of Personal Information by the Company)
The Company shall implement technical and administrative measures to ensure the safety of users' personal information, preventing loss, theft, leakage, alteration, or damage.
Article 20 (Processing of Deleted Information)
Personal information that is terminated or deleted upon the user's or legal representative's request shall be processed as specified in the "Retention and Use Period of Personal Information" and shall not be accessed or used for any other purpose.
Article 21 (Password Encryption)
Users’ passwords are stored and managed using one-way encryption. Only the user, who knows the password, can access or change personal information.
Article 22 (Measures Against Hacking and Other Threats)
The Company actively protects personal information against breaches such as hacking and computer viruses:
Utilizing the latest antivirus programs to prevent the leakage or damage of personal data.
Employing an intrusion prevention system to safeguard against unauthorized access.
Using encrypted communication to securely transfer sensitive personal information over networks.
Article 23 (Minimization and Education for Personal Information Handling)
The Company limits the number of personnel handling personal information and emphasizes compliance with laws and internal policies through education and management measures.
Article 24 (Measures for Personal Information Breaches)
If a breach (e.g., loss, theft, leakage) occurs, the Company shall immediately notify the affected users and report to the relevant authority. The notification will include:
The categories of breached information
The time of occurrence
Steps users can take to mitigate harm
Measures taken by the Company
Contact details for user support
Article 25 (Exceptions to Notifications for Breaches)
If the Company cannot contact the affected users due to valid reasons, notifications may be replaced by posting on the Company website for at least 30 days.
Article 26 (Protection of Transferred Personal Information Abroad)
The Company shall not enter into international agreements that violate privacy laws regarding users’ personal information.
The Company shall obtain users’ consent when transferring personal information abroad for storage, processing, or other purposes. However, if disclosed through methods prescribed by law, consent may not be required.
Article 27 (Cookies)
The Company uses cookies to provide personalized services. Users may choose to allow, confirm, or block cookies via browser settings. However, blocking cookies may affect the functionality of services requiring login.
Article 28 (Cookie Settings)
Users can manage cookie settings through browser options:
Edge: Settings > Cookies and Site Permissions > Manage and Delete Cookies
Chrome: Settings > Privacy and Security > Cookies and Other Site Data
Whale: Settings > Privacy > Cookies and Other Site Data
Article 29 (Personal Information Protection Officer)
The Company designates a Personal Information Protection Officer to address user concerns and ensure data safety:
Name: Sangwan Kim
Position: CEO
Phone: +82-10-5156-7693
Email: sangwan.kim@earningbirds.com
Article 30 (Relief for Rights Infringement)
Users may seek assistance from the following organizations in case of privacy disputes or concerns:
Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)
Cyber Bureau, National Police Agency: 182 (ecrm.cyber.go.kr)
Supplementary Provision
This policy shall take effect on October 16, 2024.