Privacy Policy
Privacy Policy
Effective Date: March 10, 2023
KOCHET (hereinafter, the “Company”) collects, uses, and manages users’ personal information in accordance with the following principles, and complies with the relevant laws and regulations of the Republic of Korea and applicable personal information protection guidelines for information and communications service providers.
Through this Privacy Policy, the Company explains how and for what purposes users’ personal information is used, and what measures are taken to protect such information. This Privacy Policy includes the following:
1. Purpose of collection and use of personal information
2. Items and methods of personal information collected
3. Retention and use period of personal information, and procedures and methods of destruction
4. Provision of personal information to third parties
5. Outsourcing of personal information processing
6. Rights of users and legal representatives and how to exercise those rights
7. Installation, operation, and refusal of automated collection devices for personal information
8. Technical and managerial measures for the protection of personal information
9. Operation of a dedicated personal information organization
10. Other policies related to personal information processing
11. Duty of notice
1. Purpose of collection and use of personal information
The Company collects and uses personal information for the following purposes:
a. Member management
User identification and verification, confirmation of membership intention, prevention of fraudulent or unauthorized use by delinquent members, verification of legal representative’s consent when collecting personal information of children under the age of 14, handling complaints and customer service, delivery of notices, confirmation of membership withdrawal, verification of identity when legal representatives exercise their rights.
b. Use of services and settlement of fees
Provision of content, purchase and payment, delivery of goods or invoices, and collection of fees related to service use.
c. Use for marketing and advertising
Development and specialization of new services, delivery of event and promotional information, provision of services and advertisements based on demographic characteristics, analysis of access frequency and statistics on service usage.
d. Others
Verification of service effectiveness, provision of smooth and high-quality services and educational content.
2. Items and methods of personal information collected
For the purposes in Article 1, the Company collects personal information according to the following principles.
a. Items of personal information collected
Information essential for the core functions of the service is collected as mandatory information. If users do not provide such information, the use of services may be restricted. Additional information collected to provide more specialized services is treated as optional, and not providing such information does not restrict service use.
The Company collects the following information depending on the use of services:
<Common information at the time of membership registration>
Name, login ID, password, mobile phone number, date of birth, gender, email address, access logs, IP address
<When using services>
CI (Connecting Information), DI (Duplication Information), payment records, bank account number, contact information
<When processing refunds>
Bank account information (bank name, account number, account holder name)
<Additional information for business members>
Business registration number, trade name, representative’s name, business address, type of business, business category, business phone number, business fax number, business verification documents (such as copy of business registration certificate, copy of partnership agreement)
<Reseller members>
Resident registration number (for issuing withholding tax receipts related to commission payments)
The Company does not collect sensitive information that may clearly infringe users’ rights, interests, or privacy, such as political opinions, beliefs, or past medical history.
b. Methods of collection
The Company collects personal information through membership registration on the website, inquiry forms, written forms, participation in events or promotions, provision by partner companies, and automatically through generated information collection tools.
c. User consent
When collecting personal information or changing the items collected, the Company notifies users in advance and obtains their consent. However, the Company may collect and use personal information without separate consent in cases where it is necessary to provide the requested service and obtaining ordinary consent is clearly difficult for economic or technical reasons, where it is required for fee settlement, or where permitted by applicable laws.
3. Retention and use period of personal information, and procedures and methods of destruction
a. Retention and use period and destruction
The Company destroys personal information without delay when the purpose of collection and use has been achieved, when the retention and use period agreed by the user has expired, or when the business is closed. Electronic files are deleted using technical methods to prevent recovery or restoration, and records on paper are shredded or incinerated.
b. Exceptional retention of personal information
(1) With user consent
Even after the purposes in the preceding paragraph are achieved, the login ID may be retained for one year to prevent improper duplicate registration or fraudulent use of services.
(2) Retention under applicable laws
Certain information is retained for a specified period under relevant laws. Examples include records related to communications, transactions, consumer protection, tax, and commercial laws. Retention periods follow the durations stipulated in those laws.
c. Destruction of dormant accounts
If there is no login or service use for at least 12 months, the user’s ID and related personal information may be managed as a dormant account and stored separately. The Company will notify the user of such separation, the expiration date, and the items of personal information by email or other available contact method at least 30 days before separation.
4. Provision of personal information to third parties
The Company uses personal information within the scope stated in Article 1, and does not provide personal information to third parties without the user’s prior consent, except where required by law or upon lawful request by investigative agencies.
5. Outsourcing of personal information processing
For management efficiency and improved service quality, the Company may outsource certain tasks to third-party service providers. In such cases, personal information necessary for the outsourced work may be entrusted to the service providers, and the Company will disclose the name of the entrusted party, the scope of work, and the retention period through the KOCHET website. If new outsourcing or changes occur, the Company will notify users and, where necessary, obtain additional consent.
6. Rights of users and legal representatives and how to exercise those rights
The Company protects the following rights of users and legal representatives:
a. Users may view and correct their personal information at any time.
b. Users may withdraw consent to the collection and use of personal information or request membership cancellation at any time.
c. Legal representatives of children under 14 may exercise their statutory rights regarding the child’s personal information, including access, correction, deletion, and suspension of processing.
Requests for access, correction, or deletion may be made through the KOCHET website after login and identity verification. When information has already been provided to third parties, the Company will notify them without delay so that the requested corrections can be made.
7. Installation, operation, and refusal of automated collection devices for personal information
The Company uses cookies and sessions to store and retrieve user information, support faster and more convenient website use, and provide customized services.
a. Purpose of cookies and sessions
Cookies and sessions store users’ preferences and settings, help improve services, and support a more convenient browsing experience.
b. Refusing cookies
Users can choose to accept all cookies, confirm each time a cookie is stored, or refuse all cookies through browser settings. However, refusing cookies may cause inconvenience in website use and limit access to certain services requiring login.
c. Sessions
Sessions are created and managed automatically when users log in to services. Users cannot selectively disable sessions for logged-in services.
8. Technical and managerial measures for the protection of personal information
The Company takes the following measures to protect personal information:
a. Establishment and implementation of an internal management plan in accordance with relevant standards.
b. Minimizing the number of personnel handling personal information and providing regular training.
c. Restricting access to personal information through access control systems and recording access history.
d. Storing access logs and preventing forgery or loss of such records.
e. Encrypting personal information during transmission and storage, including one-way encryption of passwords.
f. Installing and updating security programs and systems to prevent hacking, viruses, or unauthorized access.
g. Physically controlling access to systems and locations where personal information is stored.
9. Operation of a dedicated personal information organization
The Company operates a dedicated organization responsible for personal information protection, compliance with this Privacy Policy, and handling user complaints related to personal information. Contact details for the responsible department and officer will be posted on the KOCHET website.
Users may also contact the following external organizations for consultation or to file complaints regarding personal information:
– Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
– Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
– Supreme Prosecutors’ Office Cybercrime Division (www.spo.go.kr / 1301)
– National Police Agency Cyber Bureau (cyberbureau.police.go.kr / 182)
10. Other policies related to personal information processing
a. Management and misuse of personal information
Login information is intended to be used only by the relevant user. The Company is not responsible for problems arising from the user’s negligence in managing ID, password, or other personal information, or from allowing third parties to use such information. If a user is found to have used another person’s personal information to register or make purchases, the Company may terminate the service unilaterally, and legal penalties may apply under applicable laws.
b. Scope of application
This Privacy Policy does not apply to services that require separate membership registration on other sites linked from KOCHET, or to third-party services that collect personal information independently.
11. Duty of notice
This Privacy Policy was established on March 10, 2023. If any additions, deletions, or modifications are made due to changes in government policy or security technology, the Company will notify users by posting a notice on the KOCHET website at least seven days prior to the effective date of such changes.