개인정보 처리방침
Privacy Policy
VinePlant Inc. (hereinafter referred to as the ‘Company’) shall consider the security of its users’ personal information of utmost importance, and as such the ‘Company’ shall faithfully perform its duty to protect the personal information online provided by the user the moment said user access the services of the ‘Company’s website (hereinafter referred to as the ‘Website’). The ‘Company’ shall act in accordance with the “Personal Information Protection Act”, “Act on Promotion of Information and Communications Network Utilization and Information Protection”, and other privacy policies pertaining to private information.
The Company shall state the Privacy Policy as follows, so as to notify the user what kind of information they are providing for the ‘Company’, how they are being used, and what kind of measures are taken for the protection of personal information. The Company’s Privacy Policy may be subject to change due to changes in Acts, public notices and/or internal policies, and revisions shall be posted on the service page or notified to the user. Please check the Privacy Policy regularly when visiting the Website.
The user may refuse to agree to any terms below regarding the collection, use, consignment, etc. of personal information. However, please note that certain or all services may not be available if the user refuses agreement.
Article 1 (Collection and Use of Personal Information)
- 1. The Company may collect personal information for the following reasons, and shall not use this information otherwise for any other purposes.
-
1) Management of membership
Verification of personal identification for membership service, confirming members’ intent during sign up/management/deletion of account, response to customer inquiries, delivering new information and notices, and confirmations regarding violations of Acts and Terms of Service -
2) Fulfillment of contract regarding the provision of service and adjustment of payment for the use of services
Self-authentication, identification for personalized service of each member, communication between members, purchasing and payment transaction, delivery of product and/or documentary evidence of expenditure, prevention of illegal and unauthorized use -
3) Development of service and use in marketing/advertising
Developing new services, providing personalized service, service guidance and use recommendations, determination of statistics and frequency of user access for service improvement and development of new services, advertisement using statistical characteristics, providing event information and participation opportunities - 4) Statistical analysis to identify industry trends, data analysis for advancing the quality of service
-
1) Management of membership
- 2. The purpose of the use of personal information based on category is as follows:
- 1) Name, ID, password: identification of members for the use of membership services, sign up/maintenance/deletion of account
- 2) Email address, phone number: send notice, means of seamless communication for handling of complaints etc., notification of new services, products and events, etc.
- 3) Credit card information (Name of credit card company, 16-digit card number, card expiry date, name and date of birth of card holder): payment for services and other additional services
- 4) Bank account details: Identification and confirmation of bank account
- 5) Miscellaneous category: Data and marketing needed to provide personalized service
- 6) Voice recordings during customers’ interaction with Customer Service: Improve the standards of customer service
Article 2 (Collected Personal Information)
- 1. The Company may, for the purpose of providing services, collect the following information during the membership sign up process by the user.
-
Corporate Members
- Required: ID, password, email, mobile phone number, business registration number, business name, name of representative, business address
- Optional: main phone and fax number
-
Corporate Members
- 2. The following is the required information collected by the Company when members use and/or receive refund for any paid service:
Name, email, mobile phone number, payment details (credit card payment details: name of credit card company, card number, card expiry date, password, card verification number, etc. and other payment records) Wire transfer: virtual account number, etc. and other payment records - 4. The following information is collected automatically during the use of service or conduction of business:
IP address, cookies, time of visit, service use record, record of bad connection, access log, payment record, Internet environment, phone call record if members used Customer Service - 5. The Company may request the user to enter personal information when joining events and surveys. The information may be used for statistical analysis, giveaways etc. The user can agree to receive advertisement messages by text or other means, and may receive a request for personal information input if participating in event and giveaways provided with the mail sent.
- 6. The Company may not collect information that may infringe upon the basic human rights of the user. When the company has to inevitably collect such information, the company shall ask for the user permission beforehand.
- 7. The Company, for any and all reasons, shall not use nor leak the information submitted by the user for purposes not mentioned beforehand.
Article 3 (Method of Collection)
- 1. The Company may collect personal information through the Website sign up process, the editing of member information, documents, phone and/or fax, use of service, payment, offers from affiliate companies, email, joining events, inquiry to customer support, uploading of posts, etc.
- 2. Regarding the Privacy Policy and Terms of Service provided by the company, the user may express consent to the collection of personal information by pressing the ‘I Agree’ button. The user is deemed to have consented thereof when pressing the ‘I Agree’ button.
Article 4 (The Storage and Use Period of Collected Personal Information)
The user’s personal information shall, by principle, be disposed without delay upon achieving the purpose of use. However, the following data shall be stored for the specified period:
- 1. Storage of data pursuant to the Company’s internal policies
-
- Record of fraudulent use (fraudulent sign up, disciplinary records and other records of service use including suspension of service, and any other violations of the Website operation principle)
Stored data: name, ID, contact details, record of fraudulent use (service use record, login history, cookies, IP connection details)
Purpose of storage: prevention of fraudulent sign up and usage
Period of storage: 6 months
-
- Record of fraudulent use (fraudulent sign up, disciplinary records and other records of service use including suspension of service, and any other violations of the Website operation principle)
- 2. Storage of data due to relevant Acts
- The Company shall store the data when the need arises, as stipulated within the Commercial Act, Act on Consumer Protection in Electronic Commerce, etc., and other relevant Acts, for a period stipulated in the said Acts. In this instance, the company shall use the data only for the purpose of storing the data, and period of storage is as follows:
-
- Records regarding the Agreement, cancellation, etc.
Purpose of storage: Act on Consumer Protection in Electronic Commerce and other relevant Acts.
Period of storage: 5 years -
- Records on payment and supply of goods etc.
Purpose of storage: Act on Consumer Protection in Electronic Commerce and other relevant Acts.
Period of storage: 5 years -
- Records on e-finance transactions
urpose of storage: Electronic Financial Transactions Act
Period of storage: 5 years -
- Records on user complaints and handling of disputes
Purpose of storage: Act on Consumer Protection in Electronic Commerce and other relevant Acts.
Period of storage: 3 years -
- Website visit history
Purpose of storage: Communication Secret Protection Act
Period of storage: 3 months
- 3. For the protection of personal information, the user's account setting, via linkage of email, shall be categorized as a ‘sleeper account’ if the user does not use the Website for one year, and suspend the use of said account. In addition, in accordance with the ‘Personal Information Expiry Policy’, the personal information of members who has not used this service for at least one year shall be stored separately or deleted. In this instance, the Company shall notify the user through email or SMS 30 days before the execution of the measure. After the user verifies his/her identification, the use of the Website shall be available if he/she expresses the intention to use the provided services.
Article 5 (Provision of Personal Information to 3rd Parties)
- 1. The Company shall use the user’s personal information within the scope defined by Article 1, and shall not use said information beyond the scope prescribed in the same Article without the consent of the user. The user’s personal information shall, in principle, not be disclosed to any 3rd parties. However, exceptions are as follows:
- 1) If the user has consented beforehand
- 2) If considered necessary during payment for service
- 3) If the user directly consents to providing personal information to outside affiliate services
- 4) If the Company is obligated to submit personal information in pursuant to relevant Acts
- 5) If the information is made non-specific and shared with advertisers, partners, research organizations, etc. for statistical analysis, academic research, and market research
- 6) If an imminent risk to the life and/or safety of the user is identified and needs to be resolved.
Article 6 (Outsourcing the Processing of Personal Information)
- 1. The Company may outsource some of its tasks to provide a more convenient and improved service. The Company may outsource some of its tasks necessary to provide service, and stipulates necessary matters for the contracted company regarding the safe processing of personal information, pursuant to the Personal Information Protection Act. If the user does not use any services that the contracted company would be tasked with, the user’s personal information shall not be provided to said company.
-
2. Details on the contracted company and outsourced tasks are as follows. The period of storage and use shall be until the deletion of account or the outsourcing contract.
<Domestic and Foreign Companies>
Outsourced task details contracted company period of storage and use Electronic payment service Infinisoft. Co., Ltd.
NICE Payments Co., Ltd.
Danal Co., Ltd.
Kakao Pay Corp.
Viva Republica Co., Ltd.
Naver Financial Corp.Until deletion of account or outsourcing contract Self-authentication service Danal Co., Ltd.
Infinisoft. Co., Ltd.SMS/LMS, email, notification message NHN Co., Ltd.
Biztalk Co., Ltd.Data storage and system management Infinisoft. Co., Ltd.
Article 7 (Personal Information Disposal Process and Method)
The user’s personal information shall, by principle, be disposed without delay upon achieving the purpose of use. The Company’s process and method for the termination of personal information is as follows.
-
1. Disposal Process
- All information entered by the user for sign up, etc. shall be moved to a separate DB (in the case of paper documents, it shall be stored in a separate filing cabinet). For the protection of the information (refer to Period of Storage and Use), it shall be stored for a certain period after which it shall be disposed pursuant to internal policy and other relevant Acts.
- The aforementioned personal information shall not be used for purposes other than storage, unless required by relevant Acts. -
2. Disposal Method
- Personal information printed on paper shall be disposed using a paper shredder or by burning.
- Personal information saved as files shall be deleted using a method as so it cannot be recovered. - 3. The Company shall dispose the information as prescribed in this Article, notwithstanding user requests to edit or delete said information or to delete the account.
- 4. As stated in Article 2 of the Privacy Policy, all personal information stored for temporary purposes (surveys, events, etc.) shall be disposed using method identical to the above when the purpose of said information is achieved.
Article 8 (Installation, Management and Refusal of Automatic Personal Information Collection Device)
- 1. Cookies are sent from the server used for website operation to the user’s browser, after which it is saved on the user’s computer as a very small text file. Cookies are used to support a faster and more convenient use of websites, and also used to provide personalized service.
- 2. The Company uses the cookie method for the verification of members. These shall be automatically deleted and not saved on a computer after logout. Therefore, if you are in public or using a computer that may be used by others, please log out after accessing and using the account of the Website.
- 3. The purpose of cookies are to save and maintain loading of the user’s information in order to provide personalized service. The server reads the contents of the cookies stored on the user's device when the Website is visited to maintain the user's preference and provide personalized service. Cookies help the user to access websites while maintaining the user’s settings for a convenient experience. In addition, it is used to provide optimized advertising and other information personalized to the user’s need using the user’s Internet history and user habit.
- 4. Cookies do not save any names, phone numbers or any other identification information, and the user is always provided options for the use of cookies. Therefore, the user may set the option to allow all cookies in the web browser, be notified each time cookies are saved, or refuse all cookies. However, the web experience may become inconvenient if the user decides to refuse all cookies, and the use of certain services during the login process may become difficult.
-
Examples of cookie settings
1) Microsoft Edge
Tools menu on the top of web browser > Internet options > Personal information > Settings -
2) Google Chrome
Settings menu on the right of web browser > Security and Privacy > Cookies and other site data
Article 9 (Technical and Administrative Measure for Protection of Personal Information)
The user’s personal information shall, by principle, be disposed without delay upon achieving the purpose of use. The Company’s process and method for the termination of personal information is as follows.
- 1. The company shall, in processing the user's personal information, prevent the loss, theft, leakage, external attack, hacking, etc. of information, and take technical/administrative and physical measures for security.
-
2. The following are the technical/administrative and physical measures taken by the company.
- 1) Establish and implement separate internal management plan for the safe processing of personal information.
- 2) Minimize the number of staff handling personal information in order to control access to the information. The staff members in charge receive regular training in regards to security, and are frequently inspected for compliance with this policy.
- 3) The protection of user’s personal information using a password in order to safely store and transmit personal information. By encrypting files and various data, important data is protected using separate security features, and encrypted communication (SSL) is used to transmit personal information safely across the network.
- 4) In order to respond to any infringement of personal information and prevent forgery and falsification, a personal information handler shall access the personal information processing system and save the date accessed, process log, etc. when processing personal information, and will store separately to prevent forgery, theft, loss or disposal.
- 5) The company shall use a vaccine program to prevent any damages to the personal information, and the program shall be updated periodically. The installation and update of security programs for personal information are also monitored.
- 6) To respond to hacking attempts, all data is stored in a high security data center. Access to personal information data is restricted by dividing the access rights.
- 7) For the safe storage of personal information, security equipment is used to block intrusion from outside, and intrusion detection system are installed to detect unlawful entries. The Company is taking additional physical measures such as the use of separate storage facility, installing lock devices, etc.
- 3. The Company shall protect the personal information of the user to the best of its abilities. However, the Company is not responsible for any problems from the leakage of personal information such as email (or other account information set by the user through linkage with external services such as FaceBook, etc.), password, etc. arising from user negligence, as well as those occurring from the inherent risks of the Internet.
Article 10 (Banner and Linked Websites)
The website may host various banners and links. The banners and links are connected to external websites for the purposes of contractual obligation between the Company and advertisement providers, or to reveal the source of its contents. In the case the user click the links hosted on this website to move to an external website, the privacy policy of the external website is unrelated to this Website. Please check the policy of any external websites separately. The Privacy Policy of this Website shall not be effective on any external websites linked on this Website.
Article 11 (User’s Rights and Exercise Method)
- 1. The user and their legal representative may view, disclose, process, modify, or delete any information relating to themselves or any minors at any time. The user and their legal representative may inquire/edit/delete account (withdraw consent) regarding their personal information through 'Manage member information'. By contacting the person in charge of personal information protection through email, the Company shall take action after the identification process.
- 2. The Company shall not use or share any personal information that has been requested for correction until the correction has been made. Moreover, if erroneous personal information has already been provided to any 3rd parties, the Company shall notify those parties without delay as to make the corrections.
- 3. The Company shall, in regards to deleted personal information through the request of the user, process the personal information as prescribed in Article 4 (The Storage and Use Period of Collected Personal Information) and be made inaccessible or otherwise unable to be used for other purposes.
- 4. The Company shall not collect any personal information of minors under the age or 14. However, in the case the personal information of a minor under the age of 14 has been collected, legal rights for a legal representative to process the said personal information is guaranteed.
Article 12 (Compliance to European Union General Data Protection Regulation)
- 1. The Company shall comply with the European Union General Data Protection Regulation and the member states of the European Union. The following may be applied for the user of the service within the European Union.
-
2. The Company shall use the collected personal information only for the purposes prescribed in Article 1, and shall notify the user of this fact in advance, and ask for consent. In accordance to GDPR and other relevant Acts, the Company may process the user’s personal information if applicable to any one of the following.
- - Consent of the subject of information
- - If the data is necessary for entering or performing the contract with subject of information
- - If needed to fulfill legal obligations
- - If processing is required for significant gains of the subject of information
- - For the pursuit of the company’s legitimate interests (except when the interests, rights or freedoms of the subject of information are more important than those interests)
- 3. Guaranteeing the rights of users in the European Union: In accordance with applicable Acts such as GDPR, the user may request to transfer their personal information to another administrator, or refuse the processing of their personal information Furthermore, the user holds the right to file a complaint with the data protection authority. In addition, the Company may use personal information to provide marketing such as events and advertisements, and shall seek the user's consent in advance. The user may withdraw their consent at any time as they wish. Requests relating to the matters above shall be processed without delay. Contact shall be made through Customer Service through written documents, phone or email. The Company shall not use or share any personal information that has been requested for correction until the correction has been made.
Article 13 (Information on Personal Information Manager and Administrator)
The Company shall, for the handling of user inquiries, complaints, etc., designate a personal information manager and administrator as below.
- Name: Hyeong-uk Kim
- Department/Position: Management Department/Manager
- Email: master@podosea.com
- Phone number: 070-7843-0031
Please contact the following organization if you need to report on other miscellaneous infringement of personal information.
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- CyberInvestigation Division, Supreme Prosecutors' Office (www.spo.go.kr / 1301 without area code)
- National Police Agency, CyberInvestigation Bureau (police.go.kr / 182 without area code)
Article 14 (Obligation of Notification Before Revision)
- 1. For any addition, deletion, or modification of the contents of this Privacy Policy, the user shall be notified at least 7 days before the effective date.
-
2. However, for changes concerning the collection of personal information, the purpose of use, or any other significant changes concerning user rights, the user shall be notified at least 30 days in advance, and additional consent may be required if necessary.
Date of Notice: January 10, 2022
Date of Effect: January 17, 2022