Personal information processing policy

From the planning to the end of the service, the etiquette of the Todo Mate is strictly controlled by the laws and regulations on personal information protection in Korea, such as the Act on Promotion of Information Network Usage and Information Protection, etc. Compliance. We also provide services in compliance with international standards such as the OECD's privacy guidelines.

- Information and Communication Network Act: http://www.law.go.kr/lsInfoP.do?lsiSeq=167388&efYd=20150421#0000
- Personal Information Protection Act: http://www.law.go.kr/lsInfoP.do?lsiSeq=173223&efYd=20150724#0000
- OECD Guideline (EN version): http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm

1. Significance of personal information processing policy
We tried to write this personal information processing policy based on the information and communication network law, but to explain the state of the user's personal information processing in Todo Mate as much as possible in an easy to understand and detailed way.
The privacy policy has the following important meanings.
What kind of information is collected, how to use the collected information, how to share it with others ('consignment or provision') as needed, and when and how to destroy information that achieves the purpose of use. We will provide you with the information related to "
As an information entity, the user has certain rights to his / her personal information and how and in what manner he / she can exercise it. We will also show you what rights your legal representative (parents, etc.) can exercise to protect the privacy of children under the age of 19.
In the event of a privacy violation, we will notify you of any further harm you may have and contact you to help us recover any damage that may have occurred.
Above all, it is a means to guarantee the user's right to self-determination of personal information by stipulating the relationship between the exercise of Todo Mate and the rights and obligations between users in relation to personal information.

2. Personal Information We Collect
Todo Mate collects the minimum amount of personal information needed to use the service.
The personal information collected from the users of the Todo Mate at the time of membership is as follows.
When you register, you will collect 'ID, Password, Email' as a required item. If you are a child under 19, you can collect additional legal representative information (legal representative's name, date of birth, sex, duplicate registration information (DI), mobile phone number). And you can collect your email address as a choice.
Personal information collected from users during the use of the service is as follows.
Additional personal information may be collected only by the users of the service during the individual service use, event application and prize application process in Todo Mate. In addition, when collecting personal information, we inform and inform the user at the time of collecting the personal information about the personal information items to be collected, purpose of collection and use of personal information, and storage period of personal information.
During the use of the service, records of service use such as IP address, cookie, date of visit and bad use, and device information may be generated and collected.
Specifically, 1) an information and communication service provider generates and stores information about a user in an automated manner in the course of using the service, 2) converts the unique information of the user's device into a secure Means collecting after you have collected.
We collect personal information through the following methods of memorization.
In the process of using the service and using the service, if the user agrees to collect personal information and enters the information directly, the personal information is collected.
Personal information of users can be gathered through web page, e-mail, fax, telephone, etc. during the consultation process through CS contact person.
Personal information may be collected in writing at events, seminars, etc. that take place offline.
In this case, according to the Information and Communications Network Act, the affiliate company provides the user with the consent to provide personal information after the consent of the user.
Generated information, such as device information, can be automatically generated and collected during the process of using the PC web or mobile web / app.

3. Use of collected personal information
We use personal information only for the following purposes such as member management, service development, provision and improvement of the service, and establishment of safe internet use environment.
We will use personal information to confirm membership, to confirm age, to proceed with legal representative agreement, to verify the identity of users and legal representatives, to identify users, and to confirm the withdrawal of membership.
In addition to providing existing services (including advertising), such as content, it is important to understand the new service elements, such as demographic analysis, service visit and usage history analysis, personal information and interest-based user relationship building, We will use your personal information to discover and improve existing services.
The laws and regulations of the memorandum, the restrictions on the use of members who violate the Terms of Use, the prevention and sanction of acts that hinder the smooth operation of services including fraudulent use, the prevention of account theft and illegal transactions, We use personal information for the protection of users and the operation of services, such as forwarding of information, preservation of records for dispute settlement, and handling of complaints.
If paid service is available, we use personal information for authentication, purchase and payment, and delivery of goods and services.
We use personal information for marketing and promotional purposes, such as providing event information and participation opportunities, and providing advertisement information.
We use personal information such as service use record and access frequency analysis, statistics on service use, analysis of service and customized service according to statistics, and advertisement.
We use personal information to build a service utilization environment that users can safely use in terms of security, privacy, and safety.

4. Providing and consigning personal information
As a rule, we do not provide personal information to the outside without consent of the user.
We do not provide personal information to the outside without prior consent of the user. However, if the user directly consents to the provision of personal information in order to use the services of the external affiliate, and if the obligation to submit personal information is based on the relevant laws and regulations, We are providing personal information only when it is confirmed and to solve it.

5. Destruction of personal information
In principle, the Company discards the user's personal information without permission upon withdrawal from membership.
However, if the user obtains consent to the personal information retention period or imposes the obligation to keep the information for a certain period in the statute, the personal information will be kept safely during that period.
The following are the cases where the user has obtained separate consent for the storage period of personal information.
Records of fraudulent use such as fraudulent enrollment and disciplinary records are kept and destroyed for six months from the time of collection to prevent unauthorized enrollment and use.
The personal information for which the purpose of collecting and using personal information has been accomplished, such as the withdrawal of membership, the end of service, the arrival of the period of personal information agreed to by the user, is destroyed in a way that is impossible to reproduce.
The information that imposes conservation obligation under the Act shall also be destroyed in a way that can not be reproduced without delay after the expiration of the applicable period.
In the case of electronic file format, it is safely deleted by technical method to prevent recovery and playback, and the output is destroyed by crushing or incineration.
For reference, we keep separate personal information of members who have not used the service for one year according to the 'personal information expiration system'.

6. Rights and practices of users and legal representatives
You can view your personal information at any time in 'I> Personal Settings'. Modifications are available at https://www.facebook.com/todomateapp.
You may withdraw your consent to collect and use your personal information at any time by withdrawing your membership.
For children under the age of 19, the legal representative has the right to withdraw the right to view or modify the child's personal information, and to withdraw his / her consent to use and collect.
If you request correction of errors in your personal information, we will not use or provide the personal information until you have completed the correction. Also, if wrong personal information has already been provided to a third party, we will notify the third party without delay and correct the result of the correction.

7. Effort of Todo Mate of privacy for privacy protection
We will do our best to manage your personal information safely and protect your personal information beyond the level required by the Information and Communications Network Act and the Personal Information Protection Act.
We are encrypting your personal information.
Passwords, unique identification information, and e-mail addresses that require encryption are further encrypted and stored in the statute.
Securely manage personal information from internal and external security threats.
In order to prevent leakage or damage of personal information of members by hacking or computer virus, we install system in the area where access from outside is controlled. We are backing up the data from time to time in order to prevent damage to personal information. We use the latest vaccine program to prevent personal information or data from being leaked or damaged. We securely send and receive personal information over the network through encrypted communication.
We keep the personal information handler to a minimum.
Minimize the number of employees handling personal information, and reduce the possibility of leakage of personal information by separating the internal network from the external internet network for employees' PCs that can download personal information from the personal information processing system. In addition, we constantly emphasize that the protection of personal information of our members is the most important value of the Todo Mate through the regular education for the personal information handler, the occasional education and campaign for the employees of the company.

8. Personal Information Protection Officer and Person in Charge
We have designated the person in charge of personal information protection and the person in charge as below for the inquiry related to user's personal information and complaint handling.
Contact person: Kang Yoon Sik
Mail: mail.guide@gmail.com
If you need to report or consult about other personal information infringement, you can contact the following organizations.
Privacy Infringement Notification Center (privacy.kisa.or.kr)
Cyber ​​Investigation Department of Supreme Prosecutors' Office (www.spo.go.kr)
Cyber ​​Security Bureau of the National Police Agency (www.ctrc.go.kr)

9. Scope of this Privacy Policy
This Privacy Policy applies to one of the brands of the Company, Todo Mate and related services (including mobile web / apps), and may be subject to separate privacy policies for services offered on other brands .
When collecting personal information from websites of other companies linked to Todo Mate, this Privacy Policy does not apply after personal information is provided by the user's consent.

10. Duty to notify before revision
If there is any addition, deletion, or modification of this Privacy Policy, we will notify you through the "Notice" at least 7 days before the revision.
However, if significant changes are made to the user's rights, such as items of personal information to be collected, changes in the purpose of use, etc., at least 30 days notice shall be given.

Announcement date: July 11, 2017
Effective date: July 11, 2017