개인정보 처리방침
Privacy Policy (PayApp) UDID Inc. (“the Company” hereafter) is a company whose primary purpose is providing electronic payment gateway service, regards personal information of the users as important, observes the Electronic Financial Transaction Act, the Act on Promotion of Information and Communications Network Utilization and Protection of Information, the Act on Consumer Protection in Electronic Commerce, the Telecommunications Business Act, the Act on the Protection of Personal Information and administrative guidelines by administrative agencies, and protects the users’ rights by establishing privacy policy based on relevant laws and regulations. 1. The purposes of collecting and using personal information (1) Collection of personal information including the payment information regarding the provision of electronic financial transaction services * To make payments of the goods or services purchased by users * To respond to and check when personal identification, identity authentication, verification of a user’s real name and a user’s transactional information are demanded during the payment process * To provide services related to electronic commerce, such as cancellation or refund of the transaction paid by users, and delivery of goods * To bill and receive payments made by users * To deter illegal use by the users who cannot use electronic financial transactions and telecommunications billing services(minors, etc.) and badㆍfraudulent users * To confirm users’ intention, such as consent or withdrawal, which are necessary for the provision of services and management of related business * To send e-mails provided by the Company about the Act on Consumer Protection * To handle customers’ complaints and civil petitions (2) Utilization for the development of new services, marketing and advertisement * To investigate frequency of utilization, to provide services depending on marketing characteristics, and for the use of CRM * To develop new services and provide customized services, to provide services based on statistical characteristics and place advertisements * To check the effectiveness of services, to provide information on events and promotions(in the e-mails noticing payments) as well as opportunities to participate, to grasp the frequency of access, and to make statistics on the members’ use of services 2. Personal information items to be collected and methods of collection (1) Personal information items to be collected A. Information items to be collected regarding the performance of electronic financial transaction services * A user’s unique identification number * A user’s credit card information or account information of a financial institution to pay through * A user’s mobile or wire phone number and telecommunication company in membership * A user’s gift card number, gift card membership ID, password and etc. * A user’s point card information to make a payment with * A user’s access IP * A user’s e-mail address * A user’s goods or service transaction information B. Information items to be collected regarding member registration * Name, date of birth, gender, ID, password, contact information(e-mail address, mobile phone number), registration authorization information * For users under 14, legal representatives’ information, registration authorization information * For foreign users, foreign registration number C. The information automatically or manually created and collected in the procedure of using or processing services * Users’ IP or address, cookies, date and time of access to services, records of service use, records of faulty or abnormal use, transaction records (2) Methods of collection * Users directly enter data into a website run by the Company or payment windows provided by the Company * In the course of using or processing the information telecommunication services provided by the Company, cookies, service access log and others are automatically created and collected 3. Provision of information The Company uses users’ personal information only within the range notified in this privacy policy, doesn’t use it beyond the identical range without users’ prior consent, and doesn’t provide users’ personal information to the third party. Provided that, if personal information is required to be disclosed by the laws or regulations, or by investigative agencies in accordance with the procedure and methods as prescribed in the laws and regulations, the Company can make exceptions. The Company provides personal information to the third party for the practice of its services in the following cases: - Payment with a credit card (transaction information (BC card: including IP)) * KB, BC, Lotte, Samsung, NH, Hyundai, Shinhan, Hana * 4 city banks: Shinhan, SC, City, Hana * 8 special banks : NH, IBK, KB, Savings, NFFC, NACUFOK, Korea Post, KFCC * 7 local banks : Daegu, Busan, Kyongnam, Kwangju, Jeonbuk, Chohung, Jeju * 1 credit card company : Woori * 11 VAN companies: Kovan, KIS VAN, NICE I&T, VP, KOCES, First Data Korea, KSNET, Star VAN, JTNet, KICC, Smartro - Payment by remittance (transaction information) * KFTC * Kyongnam/Kwangju/KB/IBK/NH/Daegu/Busan/KD/KFCC/ NFFC/Shinhan/NACUFOK/KE/Woori/Korea Post/Jeonbuk/Jeju/Hana/City/SC/NFCF * Yuanta/Hyundai/Mirae Asset/Korea Investment/Woori Investment/Hi Investment/HMC Investment/SK/Daishin/Hana Financial Investment/Shinhan Finance/Dongbu/Eugene Investment/Meritz/Shinyoung/Samsung/Hanhwa/Daewoo Securities - Payment with a virtual account (transaction information) * KB/NH/Woori/Shinhan/Hana/IBK/KOREAPOST/KE/Busan/Kyongnam/Daegu/ NFFC/City/Samsung Securities/SC/Kwangju/Jeonbuk - Payment charged on the mobile phone (transaction information, mobile phone number, unique identification information) * SKT, KT, LGU+, MVNO provider, Mobilians, Danal - Overseas cards (including global services)(transaction information) * VISA, MASTER, JCB, Diners, Unionpay, Paypal, Alibaba, Tencent - Issue of a cash receipt (transaction information, unique identification information, mobile phone number, card number) * National Tax Service - Authorization for identification (unique identification information, identification verification information) * Nice Information Service, KIS, KCIS, SKT, KT, LGU+, Kovan, KIS VAN, NICE I&T, VP, KOCES, First Date Korea, KSNET * KB/BC/Lotte/Samsung/NH/Hyundai/KE/Shinhan/ Kyongnam/Kwangju/IBK/Nonghyup/Daegu/Busan/KD/KFCC/NFFC/Shinhan/ NACUFOK /KE/Woori/Korea Post/Jeonbuk/Jeju/Hana/City/SC Period for retention and use: 5 years for each payment exceeding 10,000 KRW, 1 year for each payment of 10,000 KRW or less 4. Period for retention and use of personal information In principle, users’ personal information is immediately destructed without delay after the purposes of its collection and use have been achieved. Provided that, if it is required to retain the information by relevant laws and regulations, such as the Electronic Financial Transaction Act, and the Act on Consumer Protection in Electronic Commerce, the Company will retain the personal information for certain period as designated by relevant laws and regulations. In such event, the Company uses the information to be retained only for the purpose of retention, and retention periods are as in the following: (1) Record on the electronic financial transactions with each payment exceeding 10,000 KRW * Ground for retention: the Electronic Financial Transaction Act * Retention period: 5 years (2) Record on the electronic financial transactions with each payment less than 10,000 KRW * Ground for retention : the Electronic Financial Transaction Act * Retention period : 1 year (3) Record on contract or withdrawal of subscription * Ground for retention : the Act on Consumer Protection in Electronic Commerce Transactions * Retention period : 5 years (4) Record on payment and supply of goods and etc. * Ground for retention : the Act on the Consumer Protection in the Electronic Commerce Transactions * Retention period : 5 years (5) Record on consumer complaints or dispute treatment * Ground for retention : the Act on the Consumer Protection in the Electronic Commerce Transactions * Retention period : 3 years (6) Record on identification verification * Ground for retention: the Act on Promotion of Information and Communications Network Utilization and Protection of Information * Retention period : 6 months 5. Procedure and methods of destruction of personal information In principle, the Company immediately destructs users’ personal information without delay after the purposes of its collection and use have been achieved. The procedure and methods of destruction of personal information by the Company are as in the following: (1) Procedure of destruction * The information that users enter in for the purpose of membership registration or others is transferred to separate DB after its purposes have been fulfilled, retained for certain period as required for the reasons of information protection by the internal policy and other relevant laws and regulations, and then destructed. (In case of paper, it is stored in separate filing cabinets.) * The identical personal information above will never be used for the purposes other than retention, if not required otherwise by the law. (2) Methods of destruction * Hard copies of persona l information is destructed by being shredded with a pulverizer or incinerated. * Personal information stored in the form of electric file is deleted with a technological method making the information not restorable. 6. Contents of the commission for personal information processing and external professional companies The Company doesn’t commission external professional companies to process users’ personal information without users’ consent. 7. Users’ or legal representatives’ rights and ways to exercise the rights (1) Users can always demand access to their own personal information and corrections of any errors, and regarding which, the Company will take necessary measures without delay. In addition, when users ask for the correction of errors, the Company will not use the relevant information concerned until the amendment is completed, and when requested, the Company will destruct the information immediately and not use it for any purposes. (2) When contacting the Company customer service center(070-7828-2090) or visiting the Company, users can apply to get access to information/correct information/withdraw membership after their identification is verified. (3) The Company provides only information intermediation services at the requests of banks, credit card companies, Internet shopping malls and others, so the Company doesn’t do any actions to collect separate personal information. (4) Users are responsible for the security of all passwords, and the Company doesn’t ask for users’ financial information through e-mails or others except for the case when providing financial services, so please be careful about the leakage of passwords. (5) The Company does not collect any personal information from the children under 14(“children” hereafter). Provided that, when the Company needs to collect their personal information, the Company certainly asks for their legal representatives’ consent. To get legal representatives’ consent, the Company can ask children for minimum information, such as a legal representative’s name and contact number. Children’s legal representatives can demand the access to, correction of, and deletion of the children’s personal information by sending a document, e-mails or a fax or using telephone, and regarding this request, the Company will take necessary measures without delay. 8. Installment, operation and rejection of an automatic information collector of personal information The Company installs and operates ‘cookies’ that frequently store and find users’ information. Cookies are small text files sent to users’ browser by the server used for the operation of the Company website, and will be stored in hard-disks of users’ computer. The Company uses cookies and others for the following purposes: (1) Purposes of using cookies and others Cookies are used mainly for the following purposes: * To analyze website users’ frequency of access, visit time, and etc. * To figure out users’ preference and interests and follow traces * To provide target marketing and individually customized service by grasping participation in different events and number of visits Users have an option for cookie installation. So, they may either allow all cookies by setting option in web browser, make each cookie checked whenever it is saved, or refuse all cookies to be saved. (2) Methods to reject the setting-up of cookies As the methods to reject the setting-up of cookies, users may either allow all cookies by setting option in web browser, make each cookie checked whenever it is saved, or refuse all cookies to be saved. * Set-up example (with Internet Explorer) : tools at the top of web browser > Internet option > personal information (3) Provided that, if a user rejects the installation of cookies, it may be difficult for that user to use services. 9. Staff responsible for personal information protection and a grievance department The Company designates the following department in charge, staff responsible for personal information protection, and staff in charge of personal information protection in order to protect users’ personal information and deal with complaints related to personal information. [Staff responsible for personal information protection] * Name: Yu Jae-yun * Telephone number: 070-7828-2090 * Position: director * E-mail: payapp@udid.co.kr [Staff in charge of personal information protection] * Name: Kim Mi-jeong * Telephone number: 1800-3772 * Position: assistant manager * E-mail: jsson@udid.co.kr Users can file all kinds of civil complaints related to personal information protection, which occur while using services of the Company, to the staff responsible for managing personal information or the department in charge. The Company will give quick and sufficient responses regarding users’ reports. In case you need to report any other infringement of personal information or need any advice, please contact the agencies below. * Korea Internet & Security Agency ( http://privacy.kisa.or.kr | 1336 ) * National Police Agency Cyber Bureau ( http://www.ctrc.go.kr | 02-392-0330 ) 10. Others In case the current privacy policy is supplemented, deleted or corrected, the Company will make public notice of it through posting it on the bulletin board of Company’s website at least 7 days before the modification. * Date of announcement: May 10, 2016 * Date of enforcement: May 17, 2016
Close