April7 Inc. (hereinafter referred to as "the Company") abides by the related statutes of the privacy protection act and the law regarding the promotion of information and communication network use and protection of information. As an IT service provider, the Company also abides by the relevant matters of the personal information protection laws. Further, the Company is protecting the user's interests to the Company's best of abilities by defining this Privacy Policy.
This Privacy Policy applies to Datalk service (hereinafter referred to as "services") provided by the Company. This Privacy Policy details how the user's personal information is collected, used and what steps the Company is taking for the protection of the user's personal information.
If the user does not want to collect, use, provide, or entrust personal information, consent may be denied. However, if the user refuses to consent, we will inform you that all or part of the service cannot be used.
1. How we collect and use your information
The user's personal information is used to distinguish the user inside one of the Company's services (including partly provided information which can be cross-referenced with other information in order to establish a distinguished user profile). The collected personal information is used by the Company for the following purposes:
A. Providing services and payment collections
•
gifting items, meet with other users, purchase and payment of items, notification services
B. User management
•
User authentication for the use of the service, distinction of user for the provided service, identification and prevention of misconduct members and bot-abuse, intent to join, intent to withdraw, authentication and archiving for the sake of conciliation of disputes, complaint and civil affairs handling, delivering matters subject to notification
C. Development of new services, use for advertising and marketing purposes
•
Offering newly developed services, targeted services and advertisements, checking the validity of the service, offering information on events, advertisements and a chance to participate, retention data, general statistics on the use of the relevant service
2. Provision and collecting method of personal information
A. Provision of personal information
1) For the sake of an optimized service, the Company may receive and collect the following information from the platform provider when the service is used.
•
The user's nickname (name), member identification number, friend list, profile picture which is used in the platform provider's service
2) During use of the service or transactions process, the following information may be collected.
•
nickname, birth, gender, mobile number, Identity verification information, location information, notification settings, personal profile, History of service use, connection log, history of misconduct, carrier information, OS and device information, purchase history, connection IP information, cookies
•
Location information may be collected during the service use, and the location-based service provided by Datalk is regulated in detail in the “Terms of Location-Based Service”.
B. Collection method of personal information
The Company collects the personal information using the following methods:
•
Homepage, application, written form, fax, phone, customer support message board, email, event participation
•
From partner companies
•
Collection via a generated information collection tool
3. Providing and sharing of personal information
The Company will use the user's personal information only within the boundaries defined in "How we collect and use your information", and will neither extend beyond said boundaries nor disclose the user's personal information without the explicit consent of the user. However, in the cases below, the personal information may be carefully used or provided to external parties.
A. The user explicitly gives the Company his/her consent
Prior to the collection or offering of the user's information, the user is informed of the collection, which partner his/her information will be provided to, what information is required and how long the information will be stored. The user's consent will be requested, and he/she has the right to refuse, in which case the additional information will neither be collected nor made available publicly.
B. A specific legal regulation or the legal request of an investigative agency to disclose the information, following the correct legal procedures
4. Storage and use duration of personal information
As a general rule, the user's personal information is destroyed without delay once the purpose of the collected data has been fulfilled. However, the following information is stored for a specified time due to reasons detailed below, and the information is used for this purpose only.
A. Record of agreement and/or withdrawal from the agreement
•
Reason of storage: legally obligated to store the information, based on the e-commerce consumer protection laws
•
Duration: 5 years
B. Purchase payment item providing records
•
Reason of storage: legally obligated to store the information, based on the e-commerce consumer protection laws
•
Duration: 5 years
C. Customer complaint and dispute records
•
Reason of storage: legally obligated to store the information, based on the e-commerce consumer protection laws
•
Duration: 3 years
D. Service usage history, access log, connection IP information
•
Reason of storage: Protection of communication secrets act
•
Duration: 3 months
E. The Company's internal data storage policy
•
Stored data: misconduct records
•
Reason of storage: Prevention of misconduct
•
Duration: 1 year
5. Long-term unused members' personal information separately stored
Under the Personal information validity period system, users who have not used the service for one year will be converted to dormant accounts and personal information will be kept separately. The company informs users of the fact that members who are scheduled to be dormant 30 days before the transition will be separated, the date of their dormancy, and personal information items to be stored separately, such as e-mail, SMS, and App push. However, if information about the means of notification is not available or there is an error, you can notify the user afterwards about discarding or separately storing the information when logging in instead of the contents of the privacy policy. Personal information stored separately is destroyed without delay after 4 years of storage.
A. Separate storage items
•
idx, device token, device id, year of birth, gender, mobile number, point & payment history
B. Deleted items
•
Message, Nickname, Country/Region
If you do not wish to convert to a dormant account, please log in to the service before transferring to a dormant account. In addition, if you log in even if you switch to a dormant account, you can restore the dormant account with the consent of the user and use the normal service.
6. Deletion procedure of personal information
As a general rule, the user's personal information is destroyed without delay once the purpose of the collected data has been fulfilled; the procedure of said deletion is as follows. A. Deletion procedure
•
Once the purpose of the provided user information has been fulfilled, the information is transferred to a separate database, where it is being stored for a specified time in accordance with the Company's internal policy and the relevant statutes, until the information is destroyed. Unless legally requested, the storing of the information serves no other purpose than being stored as records.
B. Deletion method
•
Personal information on paper will be either destroyed with a shredder or manually ripped to pieces, while electronic information will be permanently deleted.
7. Rights and exercise method of the user or the legal representative
The user has the right to view or/and make changes to their own personal information at all times, via the platform or app store provider. Also, the agreement may be withdrawn from at all times by accessing the "withdraw" function in the settings of the App.
The user's personal information can be accessed. By selecting "delete account", the user can view, edit his/her information or choose to withdraw from the service. Should the company wish to access personal information it does not possess, the company must be able to compare its data with the registration records and personal information of the platform- or app store provider in order to verify a user's identity.
Should an user request a correction of his/her faulty personal information, the company will refrain from using or providing said information until the correction has been completed.
Withdrawn or destroyed personal information of the user is processed in accordance with "4. Storage and use duration of personal information", and are kept with no possibility to neither view nor use.
8. Handling of personal information
In order to provide professional customer support, the Company entrusts the management of the users' personal information to external service providers, as shown below. When the company signs a contract with such a service provider, the contract contains detailed obligations of the service provider, explicitly forbidding the disclosure of personal information and clearly defining liabilities in case of a mistake.
< Entrusted Company: Amazon Web Services, Inc., Google Inc. >
•
Entrusted Operations: Service operation.
•
Retention and Usage Period of Personal Information: Until the member withdraws membership or the entrustment agreement term has expired
< Entrusted Company: NHN Cloud Corp. >
•
Entrusted Operations: Send SMS/LMS/OTP.
•
Retention and Usage Period of Personal Information: the entrustment agreement term has expired
< Entrusted Company: NURIGO Corp. >
•
Entrusted Operations: Send SMS/LMS/OTP.
•
Retention and Usage Period of Personal Information: the entrustment agreement term has expired
9. Installation of the automated collection of personal information/Matters of operation and refusal
A. In order to provide a personalized and tailored service, the Company reserves the right to use cookies, which save the user's information and gain access to it constantly. Cookies are very small text files which are sent from the servers to the user's browser, and are saved on the computer's hard disk while operating websites. When the user revisits the website, the website server gains access to the cookie, reads the text file and maintains the user's settings and provides the user with a personalized service.
B. Cookies do neither actively nor automatically collect the user's distinctive information, and the user may refuse the storing of cookies or delete them completely at any given time. However, deleting the cookies may restrict or completely block the user from using the Company's service.
C. For "Internet Explorer", the settings of cookies can be found here.
"Tools" -> "Internet options" -> "Personal information tab" -> "Personal information settings"
10. Policy on administrative and technical protection of personal information
To protect the user's personal information and keep it from being lost, stolen, leaked, falsified or damaged in any way, the Company takes the following technical/administrative measures.
A. Technical measures
•
The Company protects the user's personal information by applying security measures in accordance with the related statutes and the Company's internal policy.
•
The Company uses an antivirus program to prevent damages caused by virus infections. The anti-virus program is kept up-to-date regularly, and is also subject to hotfixes, should a new virus emerge, keeping the personal information safe from external access.
•
The Company safely stores and manages the user's personal information, and has security measures in place for safe transmission of personal information through the network.
•
The Company uses protective software to prevent and defend against external invasive actions in order to protect the user's personal information, and always monitors the software for potential invasion.
B. Administrative measures
•
The Company has created a set of rules (framework) on the creation of passwords, changing it and access rights for the "database and the personal information system" so the responsible employee of the Company can act according to said rules.
•
The Company strictly monitors and restricts the employee responsible for the personal information, and regularly trains said employee in the conduct of the Company's Privacy Policy.
11. Contact of the personal information administrator
The user has the right to file a "personal information protection" related civil complaint while using the Company's service. The Company will reply quickly and earnestly to such complaints.
[Personal information administrator]
•
Name: Jinhwan Kim
•
Position: CEO / Chief executive officer
•
Phone: +82-2-2294-0407
•
email: help@april7.co.kr
[Additional clause]
Should the Privacy Policy be changed in any way, the Company will inform the user of the reasons of said changes, along with the effective date at least 7 days prior to the effective date. The information will be posted until 1 day before the effective date in the relevant service. Should grave changes regarding the users rights and/or obligations occur, the user will be notified at least 30 days in advance.
Should the user not express his/her refusal when the Company announces the changes to its Privacy Policy in accordance to 1. until the effective date, it will be regarded as the user's consent to the changes of the Privacy Policy.
Should the Company wish to collect additional information from the user or wish to provide the user's information to a third party despite 2., the Company will request consent of the user separately
These terms and conditions will be effective on June 30, 2022.