Privacy Policy of N30 Foundation Limited
N30 Foundation Limited (the “Foundation”) collects, uses and provides personal information based on users’ consent and actively guarantees the users’ right (the right to self-determination regarding personal information). The Foundation establishes and discloses the Privacy Policy as provided below, seeking to protect personal information of data subjects and resolve any complaints timely and smoothly in accordance with Article 30 of the Personal Information Protection Act and Article 27-2 of the Act on Promotion of Utilization of Information and Communications Network (the “Communications Network Act”) of Korea and the EU’s General Data Protection Regulation (“GDPR”), and Personal Data Protection Act(“PDPA”) in Singapore. This ‘Privacy Policy constitutes the guidelines which the Foundation shall comply with, designed to ensure that members can use the services safely by protecting the members’ valuable personal information.
This Privacy Policy shall be applicable to NTH Service (“NTH” or the “Service”).
Article 1 (Purpose and Categories of Personal Information Processed, and Period of Retention and Use)
① The Foundation handles personal information for the following purposes, and processes and uses personal information within the period of retention and·use of personal information under the laws and regulations or to which data subjects consent upon collection of personal information. Personal information in processing will not be used for the purpose other than those set forth below, and in the event of any change in the purpose of use, relevant necessary measures will be taken, for example, by obtaining additional consent under Articles 15 and 18 of the Personal Information Protection Act and Article 22 of the Communications Network Act, and Article 13, Article 14, Article 15, Article 16 and Article 17 of the PDPA. The foundation does not intentionally collect personal data about minors under the age of 14 is verified to be registered, all services for the person concerned can be discontinued and personal data can be destroyed.
Purpose of Processing |
Categories of Data to be Processed |
Period of Retention and Use |
Grounds for Processing |
Membership registration and management:
Confirmation of intent of joining the membership; personal identification and authentication for provision of membership services, maintenance and management of qualification for the membership, personal identification (for the purposes of implementing a limited scope of personal identification procedure),
prohibition of wrongful use of services, confirmation of consent of a legal representative for processing of personal information of children under 14 (or as otherwise defined under applicable law), various public announcements and notices, resolution of complaints, etc.
|
Essential information: NTH subscription phone number, email address, nickname, name of device model, OS of device, device serial number
Optional information: gender, date of birth, nationality, religion, final education occupation, transportation, type of residence, pets, GPS, selective behavior
|
Until membership is cancelled. However, in the case of occurrence of the following events, until the relevant event exists.
1. If any investigation or inspection arising out of breach of relevant laws continues, until such investigation; or inspection is completed.
2. If any debt claim or obligation remains, until the relevant debt claim or obligation is settled; or
3. If otherwise required by applicable law, until such time as required by such law.
|
- Users’ consent;
- Necessary for entering into, and performance of agreements;
- Legitimate interests of the Foundation (membership registration and management)
|
Providing services: Provision of services, issuance of contracts and bills, provision of content, provision of personalized services, authentication, proof of age, payment and settlement of service fees, debt collection, etc.
|
Essential information: NTH subscription phone number, email address, nickname, name of device model, OS of device, device serial number
Optional information: gender, date of birth, nationality, religion, final education occupation, transportation, type of residence, pets, GPS, selective behavior
|
Until service provision, payment and settlement are completed. However, in the case of occurrence of the following events, until the relevant event exists.
1. If any investigation or inspection arising out of breach of relevant laws continues, until such investigation; or inspection is completed.
2. If any debt claim or obligation remains, until the relevant debt claim or obligation is settled; or
3. If otherwise required by applicable law, until such time as required by such law.
|
- Users’ consent
- Entering into, and performance of agreements
- Legitimate interest of the Foundation (membership registration and management)
|
Resolution of complaints: Confirmation of complainants’ identity, confirmation of content of complaints, communication and notice for fact finding, notification of resolution results, etc.
|
Essential information: NTH subscription phone number, email address, nickname, name of device model, OS of device, device serial number
Optional information: gender, date of birth, nationality, religion, final education occupation, transportation, type of residence, pets, GPS, selective behavior
|
Until the resolution of complaints is completed.
However, location information used or provided and materials for fact finding will be automatically recorded and retained in order to settle service fees with other service providers or customers and handle complaints, and such information and materials will be kept for one year, or if a longer period of retention is required by applicable law, for such period as required by such law.
|
- Users’ consent
- Legitimate interest of the Foundation
|
② Notwithstanding Paragraph ① above, in the event of the following, the Foundation may retain and use the relevant personal information until the relevant period of retention and use is expired:
1) Records on transactions such as indication, advertisements, and content of agreements and performance of agreements under the Consumer Protection in Electronic Commerce Act of Korea, as provided below.
- Records of description of the products and services, and advertisements: six (6) months
- Records of agreements or cancellation of order, payment, supply of goods, etc.: five (5) years
- Records of consumers’ complaints or dispute resolution: three (3) years
2) Preservation of data for confirmation of the fact of communications under Article 41 of the Enforcement Decree of the Protection of Communications Secrets Act of Korea, as provided below.
- Data regarding date and time of a subscriber’s telecommunication, time of commencement and completion, the number of the other party, frequency of use, and location tracking by a transmitting base station: one (1) year
- Data regarding computer communication, Internet log, and connecting location tracking: three (3) months
③ The Foundation transfers overseas and processes personal information as follows. Transfer is possible only if the customer agrees to the personal data protection policy when registering in membership.
Categories of Personal Information To Be Transferred |
Destination Country of Personal Information Transfer |
Date and Method of Transfer |
Information items to be collected and used as specified in Paragraph ① |
Singapore |
- Immediately after obtaining consent for collection and use of personal information
- Transmission via communications network
|
Article 2 (Provision of Personal Information to Third Party)
① The Foundation will handle personal information of data subjects within the scope set forth in Article 1 (Purpose and Items of Personal Information Processing and Period of Retention and Use), and provide any third party with such personal information only with consent of data subjects and special legal provisions in accordance with Article 17 of the Personal Information Protection Act and Article 24-2 of the Communications Network Act.
② The Foundation transfers the following personal information to a third party:
Receiving Party |
Purpose of Use by Receiving Party |
Categories of Personal Information To Be Transferred |
Period of Retention and Use by Receiving Party |
N30 Foundation Limited |
Provision of services through business partnership |
Essential information: NTH subscription phone number, email address, nickname, name of device model, OS of device, device serial number
Optional information: gender, date of birth, nationality, religion, final education occupation, transportation, type of residence, pets, GPS, selective behavior
|
Until the purpose of use is achieved, however, if a longer retention period is required by applicable law, until such period provided by such law.
|
Article 3 (Entrustment of Processing of Personal Information
① The Foundation entrusts services regarding personal information for smooth performance of personal information tasks as follows:
Trustee |
Entrusted Service |
Categories of Personal Information Items to be Processed |
Period of Retention and Use by Trustee |
N30 Foundation Limited |
Service (including marketing service), development, operation, maintenance, etc. |
Essential information: NTH subscription phone number, email address, nickname, name of device model, OS of device, device serial number
Optional information: gender, date of birth, nationality, religion, final education occupation, transportation, type of residence, pets, GPS, selective behavior
|
Until the entrustment agreement is terminated, however, if a longer retention period is required by applicable law, until such period provided by such law.
If customer requests withdrawal of consent, stop the retention and destroy personal data
|
② Upon the execution of the entrustment agreement, the Foundation shall specify in the agreement matters regarding liabilities, including prohibition of processing of personal information for any purpose other than the performance of the entrusted services, technical and organizational protection measures, restriction on re-entrustment, management∙and supervision of the trustee, and indemnification and monitoring whether the trustee handles personal information securely in accordance with Article 25 of the Personal Information Protection Act and Article 25 of the Communications Network Act and PDPA.
③ In the event of any change in the entrusted services or the trustee, the Foundation will disclose such change in this Privacy Policy without delay.
④ The Foundation entrusts/re-entrusts to an overseas third party with the following personal information:
Trustee |
Purpose of Use and Period of Retention and Use by Trustee |
Categories of Personal Information To Be Transferred |
Destination Country of Personal Information Transfer |
Date and Method of Transfer |
Amazon Web Services, Inc. |
Operation and management of cloud server / until the expiration of the cloud service entrustment agreement |
NTH subscription information (e-mail address , information of device),
Current location data (latitude, longitude, time)
|
United States (Server is located in Korea)
service use and activation / transmission to cloud storage facilities via network
|
Transmission to cloud storage facilities via network
|
Article 4 (Rights and Obligations of Data Subjects and Method of Exercise of Rights)
① Data subjects may exercise the following rights regarding protection of personal information at any time against the Foundation:
1. Request for access to personal information
2. Request for correction of mistakes (if any)
3. Request for deletion
4. Request for suspension of processing
② If a data subject is a resident in the EU, such data subject may exercise the following rights regarding protection of personal information against the Foundation in accordance with the GDPR:
1. Request for the right to be informed
2. Request for access to information
3. Request for correction
4. Request for the right of deletion and the right to be forgotten
5. Request for restriction on processing
6. Request for transfer of personal information
7. Request for objection to personal information processing
8. Request for objection to being subject to automated decision making such as profiling
③ Where the data subject is a resident of Singapore, the data subject may exercise the following rights concerning personal data protection for the foundation in accordance with PDPA. For request of access to personal data and request of withdrawal of consent for personal data, please complete the Access/correction/withdrawal requisition form (see 042. Guidelines to handling access requests) and send it to the Data Protection Officer (DPO) by e-mail.
1. Access request based on Article 21 of the PDPA
2. Correction request based on Article 22 of the PDPA
3. Withdrawal of request based on Article 16 of the PDPA
④ The rights under Paragraphs ①, ② and ③ above may be exercised by notifying the Foundation in writing, by telephone, email, fax, etc. and the Foundation will make relevant responses without delay (within ten (10) days).
(1) In the event of exercising the right under Paragraph ①,
▶ Department receiving and handling cases of data subjects’ rights
Name of Department : Information Security Team, N30 Foundation Limited
In-charge Personnel : K-Rok Suh
Contact Information :
cs@publox.io,
(2) In the event of exercising the right under Paragraph ②
▶ Department receiving and handling cases of data subjects’ rights
Name of Department: Information Security Team, N30 Foundation Limited
In-charge Personnel: K-Rok Suh
Contact Information :
cs@publox.io,
⑤ If a data subject requests the Foundation to correct or delete any mistake in personal information, the Foundation will not use or provide the relevant personal information until the correction or deletion is completed. If wrong personal information has already been provided to any third party, the Foundation will notify the third party of correction results immediately to ensure that correction is completed.
⑥ Any representative such as a data subject’s legal representative or delegated person may exercise the right set forth in Paragraph ① above. In this case, the power of attorney in Form No. 11 attached to Schedule of the Enforcement Regulation of the Personal Information Protection Act needs to be submitted.
⑦ A data subject should not infringe upon personal information and privacy of other data subjects whose personal information is being processed by the Foundation or of another person in breach of the relevant laws including the Personal Information Protection Act.
⑧ The Foundation will handle any personal information withdrawn or deleted by request of any user or its legal representative in accordance with Article 1 (Purpose and Items of Personal Information Processing and Period of Retention and Use) and Article 25 of PDA and make sure that such information is not accessed or used for the purpose other than the purpose set forth in Article 1.
Article 5 (Destruction of Personal Information)
① The Foundation destroys personal information without delay when it becomes unnecessary due to the expiration of the period of retention of personal information and/or the achievement of the purpose of processing, etc.
② When a user requests withdrawal of membership or deletion/destination of personal information regarding the Google Play 'NTH' application user's account and personal information linked to the account, the Foundation deletes/destroys the personal information and notifies the user of the results. To request deletion/destination, the user sends an email request to the DPO by filling out the email ID used for membership, whether membership has been canceled, and whether linked data has been deleted. The foundation will respond via email with the results of your request within 10 days. All data is deleted with no data deleted or archived. However, the email address sent must be the same as the email ID used for membership registration.
③ If preservation of personal information is required by other laws even after the period of retention consented by data subjects is expired or the purpose of processing is achieved, such personal information will be moved to a separate database or be kept in another storage facility.
④ The procedures and method of destruction of personal information are as follows:
1) Procedures of Destruction
The information entered by users for membership registration will be moved to a separate database (or to a separate filing cabinet in case of physical documents) after the purpose of entry is achieved and will be destroyed after it is stored for a fixed period in accordance with the Foundation’s internal data protection policies and the applicable laws (see the “period of retention and use” section under Article 1 above). Such personal information moved to a separate database, unless otherwise required by the laws, will not be used for any purpose other than retention of personal information.
2) Time Limit for Destruction
In the event the period of retention of personal information is expired, the relevant personal information will be destroyed within five (5) days from the expiration date of the period of retention; and in the event personal information becomes unnecessary due to achievement of the purpose of processing of personal information, discontinuance of the relevant service, closing of the business, etc., the relevant personal information will be destroyed within five (5) days from the date when processing of personal information is deemed unnecessary.
3) Method of Destruction
Personal information printed on paper will be shredded using a paper shredder or incinerated, and personal information stored in the form of electronic files will be deleted using a technical method ensuring that the information cannot be reproduced.
4) Destruction of Personal Information of Long-term Dormant Users
For a member who has not accessed the service after membership registration and who has failed to log in for 12 months or longer, such member’s ID and personal information will be destroyed immediately after the expiration of the availability period or be stored separately.
No later than 30 days prior to the expiration of the 12 month period specified above, the Foundation will notify such member of the separate storage and management of his/her personal information, the expiration date of the storage period and the categories of relevant personal information by using any one of the following methods: email, written notice, fax, telephone or any other similar method.
If the member fails to log in or access the service within the period specified above, he/she may lose his/her membership.
In the event of loss of membership, the member’s personal information including ID and service use information will be destroyed and deleted.
Article 6 (Measures Ensuring Security of Personal Information)
The Foundation takes the following measures to ensure security of personal information:
1) Establishment and implementation of internal management plan and provision of regular training for the employees regarding safe processing of personal information
2) Installation of access control system and management of access authority in respect of personal information
3) Encryption of unique identification information and implementation of security measures using encryption technology for securely storing and transmitting personal information
4) Retention of access records and implementation of measures preventing forgery
5) Installation and updating of security programs such as installation and operation of anti-virus software
6) Implementation of physical security measures such as installation of locking devices for data processing room, data storage room, etc.
Article 7 (Matters Regarding Installation and Operation of / Refusal to Automatic Collection of Personal Information)
① The Foundation may restrict or suspend the use of the Service by the Member in the event of the following circumstances:
② Cookie is a very small text file which the server (http) uses for the operation of the website and sends to users’ browser. It is also saved in the hard disk of users’ computer.
1) Purpose of use of cookies: A cookie is used to identify patterns in which a user accesses and uses services and websites, most frequently searched words, whether the user conducts secure access in order to provide optimized information for the user.
2) Installation and Operation of / Rejection to Cookies: A user can reject storage of cookies by clicking Internet Options on Tools menu in the top of web browser and setting up Personal Information Management Level.
3) If a user rejects storage of cookies, he/she may have difficulties in using personalized services.
③ In the course of using Internet services, the following personal information items can be automatically created and collected in addition to cookies. Further details about the use of location information which is collected and stored when location-based services are used are provided in the Terms and Conditions of NTH Location Based Service
- IP address, MAC address, device information (OS, version and device-specific information), user location information (GPS), service use record, record of visits, record of bad use, etc.
Article 8 (DPO)
① The Foundation designates a DPO to take responsibility for personal information-related matters, resolve data subjects’ complaints and handle remedy for damages in connection with processing of personal information.
▶ DPO
Name : K-Rok Suh
Contact Information :
cs@publox.io
You will be connected to the privacy protection department.
▶ Privacy Protection Department
Name of Department : Information Security Team, N30 Foundation Limited
In-charge Personnel : K-Rok Suh
Contact Information :
cs@publox.io
② Data subjects may ask a DPO and the privacy protection department about matters regarding personal information protection, resolution of complaints, access to personal data, correction and withdrawal of consent and remedy for damages arising out of the use of the Foundation’s service (or business). The Foundation will respond to and handle any inquiries raised by data subjects without delay.
Article 9 (Remedy for Infringement of Rights and Interests of Data Subjects)
① Data subjects can ask the agencies provided below for matters such as infringement of personal information and relevant consultation.
(The following are agencies independent of the Foundation and if you are not satisfied with the results of resolution of complaints and remedy for damages implemented by the Foundation regarding personal information or you need additional support, please contact those agencies.)
▶ Personal Data Protection Commission(PDPC) of Singapore
Remit: Complaints, DNC-related inquiries, and application of personal data protection breach report
Homepage:
https://www.pdpc.gov.sg/Individuals/Complaints-and-Reviews
Phone: +65 6377 3131
FAX: +65 6577 3888
Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City Singapore 117438
▶ Report Center for Infringement of Personal Information (operated by Korea Internet & Security Agency)
Matters to be handled: report of infringement of personal information, application for consultation
Website:
privacy.kisa.or.kr
Telephone: (without an exchange number) 118
Address: 3th floor Korea Internet & Security Agency, Report Center for Infringement of Personal Information, Jinheung-gil 9 (bitgaram-dong 301-2),Naju-city, Korea (58324)
▶ Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
Matters to be handled: Application for mediation of personal information-related disputes, mediation of collective disputes (civil resolution)
Website :
privacy.kisa.or.kr
Telephone: (without an exchange number) 118
Address: 3th floor Korea Internet & Security Agency, Report Center for Infringement of Personal Information, Jinheung-gil 9 (bitgaram-dong 301-2),Naju-city, Korea (58324)
▶ Cyber Crime Investigation Team of the Supreme Public Prosecutor’s Office: 0234802000
(
www.spo.go.kr,
cybercid@spo.go.kr)
▶ Cyber Security Bureau of the National Police Agency: 182 (
cyberbureau.police.go.kr)
If any data subject’s rights or interests are infringed upon by any disposition or omission of the head of a public organization with respect to the request for access to, correction and deletion of personal information and suspension of processing, the relevant data subject may file for an administrative appeal in accordance with the Administrative Appeals Act.
☞ Refer to the telephone directory of the Central Administrative Appeals Commission (
www.simpan.go.kr)
② If a data subject is a resident in the EU, the data subject may raise complaints to the data protection authority in his/her place of residence or the local area in the EU where the relevant personal information infringement case occurs. For specific details on the local data protection authority, please see the link provided below.
http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Article 10 (Duty to Notify)
① The Privacy Policy was enacted on May 30, 2021 and in the event the policy is added, deleted and modified pursuant to changes in the government policy or security technology and services, such addition, deletion and modification will be announced in the website’s ‘Public Announcement’ at least seven (7) days prior to such amendment. However, in the event of any material change in respect of users’ rights such as collection and utilization of personal information and provision of personal information to a third party, it will be notified on the website, by email or through application program at least 30 days prior to such change.
Date of Public Notice of the Privacy Policy: May 30, 2021
Date of Enforcement of the Privacy Policy: May 30, 2021