Privacy Policy
Muzlive Co., Ltd. (hereinafter referred to “Company) has complied and would comply with the personal information protection regulations under the related laws and regulations that information and communication service providers shall comply with including the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., the Protection of Communication Secrets Act, and the Telecommunications Business Act and is making best efforts to protect the rights and interests of users by establishing the privacy policy.
In accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses the privacy policy to protect the personal information of data subjects and to handle related grievances promptly and smoothly as follows. Unless otherwise separately described herein, it applies to all personal information files processed by the Company. However, if any separate privacy policy is enacted and implemented in other service platforms directly operated by the Company for processing of the Company’s business affairs, it shall be followed and posted on the website operated by the applicable platform.
○ This Privacy Policy shall come into effect from September 1, 2021.
Article 1 (Purpose of Collection/ Use of Personal Information)
The Company ('www.kitalbum.com' hereinafter 'KiTAlbum.com') collects the minimum personal information required in the process of sign-up, service, use of customer center, event participation, fax/phone inquiries, etc. and should obtain consent to it by giving a notice in advance.
The Company processes personal information for the purposes as described below. The personal information to be processed shall not be used for purposes other than those below and, if the purpose of use is changed, the Company would take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
- Website sign-up and management
- Personal information is processed for the purpose of confirming the intention to sign up as a website member (hereinafter referred to as “member”), identifying and verifying the identity according to the membership service, maintaining and managing membership, preventing illegal use of services, various public notification and notices, and handling grievances.
- Providing goods or services
- Personal information is processed for the purpose of delivering goods, providing services, providing contents, and customized services.
- Use in marketing and advertising
- Personal information is processed for the purpose of developing new services (products), providing customized services, event/advertising information and participation opportunities, providing services according to demographic characteristics, posting advertisements and so on.
- Service improvement, etc.
- Service use records, IP addresses, cookies, connected device model names, OS information, etc. are automatically generated and collected, and used for prevention of illegal use of the service, confirmation of use history, access frequency and usage statistics, handling of customer inquiries, service improvement, etc.
Article 2 (Processing and Retention Period of Personal Information)
The Company shall destroy the personal information of the data subject without delay when the purpose of collection/use of personal information, such as membership withdrawal, is achieved. However provided, personal information of members shall be retained for each of the reasons and periods below exceptionally:
- ① Internal policy of the Company
- 1. Prevention of re-signup by bad users, prevention of illegal use, billing of charge to customers who failed to pay for the service, and response to other complaints
- Retention period: 6 months after membership withdrawal (However, when payment is made in full in case of unpaid billing and when the complaint is resolved in case of responding to complaints)
- Retained information: ID, name, e-mail, mobile phone number, encrypted identification information (CI), date of sign-up and withdrawal
- ② When the data subject directly requests preservation of personal information or when the Company obtains the consent of the data subject individually
- Retention period and information: Retained for the applicable period only for items/periods for which the data subject's request or consent was obtained
- ③ When it is decided to preserve without a consent of the user in accordance with laws and regulations.
Ground laws | Information to be preserved | Retention period |
Act on Consumer Protection in Electronic Commerce, etc. | Records on contracts or withdrawal of subscription | 5 years |
Act on Consumer Protection in Electronic Commerce, etc., Commercial Act, Framework Act on National Taxes, Income Tax Act, Corporate Tax Act, Value Added Tax Act | Records on payment and supply of goods, commercial books and business slips, documentary evidences | 5 years |
Act on Consumer Protection in Electronic Commerce, etc. | Records on consumer complaints or dispute resolution | 3 years |
Protection of Communication Secrets Act | Records on site visits | 3 months |
- ④ In accordance with the Personal Information Validity Period System, the Company informs members who have not used the service for 1 year at least 30 days before the expiration date and separately stores personal information and destroys the personal information separately kept without delay after 4 years.
Article 3 (Use of Collected Personal Information and Provision to Third Parties)
① The Company shall inform the data subject of personal information through the Terms of Use, the privacy policy, etc. and use it within the scope of obtaining consent and does not use it or provide it to a third party beyond this scope. When providing personal information to a third party, the Company shall inform the data subject of the recipient, items to be provided, purpose of providing personal information, period of retention and use in advance, request consent/agreement and, if the member does not agree, shall not provide the personal information. However, if the data subject does not provide personal information to a third party when using the tie-up service, it shall be notified there may be disadvantages including the tie-up service not available and benefits of the tie-up service in using the tie-up service.
② However, when set forth in laws such as the Personal Information Protection Act, the personal information of the data subject may be used or provided to a third party without the consent of the member in following cases:
- If necessary for settlement of the price and charge according to the service
-
When otherwise set forth in other laws including - Protection of Communication Secrets Act, Framework Act on National Taxes, Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., Telecommunications Business Act, Local Tax Act, Criminal Procedure Act, etc.
However, the personal information of the member shall not be provided unconditionally, even if there is a special provision in the law and it is required by the administrative agency or investigative agency for administrative or investigation purposes but may be provided only when it can be confirmed that it is the data required by the laws including warrant or document sealed by the head of the agency as prescribed by laws.
Article 4 (Entrustment of Processing the Personal Information)
The Company entrusts the processing of personal information to an external specialized service provider, which shall hold the personal information of the members to the extent required during the contract period in principle but for the statutory period set forth in the related laws against such service providers, if any.
Name of the service provider | Descriptions on the service | Period of service entrustment |
CJ Korea Express | Delivery of goods | Until expiration or termination of the entrustment contract |
Article 5 (Rights of Information Subjects and Legal Representatives and Method of Exercise)
① The data subject may exercise the right to inspection, correction, deletion and processing suspension of personal information to the Company at any time. If a member intends to inspect and correct personal information on the website operated by the Company, it is possible to directly inspect or correct by clicking ‘Change Member Information’.
② The rights under clause 1 may be exercised against the Company in writing, e-mail, fax, etc. in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act and the Company shall take measures thereto without delay. In addition, only if it is difficult to directly correct or delete personal information (withdrawal of membership) due to unavoidable reasons, it is possible to request correction or deletion in writing, e-mail, fax, etc., and the Company shall take measures accordingly without delay.
③ The Company is taking protective measures to ensure children and their legal representatives are not disadvantaged due to personal information provided by children under 14 years old (hereinafter referred to as “children”).
- The consent of the legal representative of the children is required when it is intended to collect personal information for children's service subscription, to use or provide the personal information of children beyond the scope of the consent obtained in sign-up.
- The minimum necessary information such as the legal representative's name and contact information may be requested to obtain the consent of the legal representative. In this case, the purpose of collection, use or provision of personal information and the effect that a consent of a legal representative is required shall be notified to the children in plain language to ensure the children may easily understand.
- The personal information on the legal representative collected to obtain the consent of the legal representative shall not be used or provided to a third party for any purpose other than to confirm the consent of the legal representative.
- The legal representative may withdraw consent to the collection, use or provision of personal information of children under 14 years old and may request to inspect the personal information or correct errors in the personal information provided by children under 14 years old.
④ The rights under clause 1 and clause 2 may be exercised through an agent such as a legal representative of the data subject or a person who has been authorized. In this case, a power of attorney in the form of Attachment No. 11 of the “Notice of Personal Information Processing Method (Personal Information Protection Commission’s Notification No. 2020-7, enacted on August 11, 2020)”.
⑤ The right to request to inspect and suspend processing of personal information may be restricted in the following cases and, in such cases, the reasons of the postponement or restriction/rejection for such a request are guided through e-mail filled by the member or the customer support center;
- Where the inspection and processing are prohibited or restricted by the laws
- Where there is a risk of harming the life or body of another person or unfairly damaging/infringing the property and other interests of another person
- Where it is technically significantly difficult to delete only the image information of a specific data subject
⑥ On request of inspection, correction, deletion or processing suspension by the data subject, Muzlive Co., Ltd. may the request of inspection etc. of the data subject is the genuine intent or the person requested it is the duly authorized representative by conformation of the subject and receiving power of attorney proving the agency relationship, certificates of seal impression, copies of ID cards and other documents.
Article 6 (Obligations of Members)
① Members shall prevent unexpected accidents in advance by entering their personal information up to date and accurately to ensure they can receive information on important matters such as securing the right to self-determination on personal information and change, suspension/termination of the Company’s service, etc. timely. Members shall be responsible for the results due to entry of incorrect information and, if false information is entered due to illegal use of information on others, may lose their membership and be punished in accordance with related laws and regulations.
② Members have the obligations to protect themselves and not to infringe the information of others along with the right to receive personal information protection. Members shall carefully manage personal information including their IDs and passwords to ensure they are not leaked and pay attention not to damage the personal information and reputation of others, including postings. If any member fails to fulfill these obligations and damage information of others, such a member may be punished by the related laws and regulations such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
③ Members are obligated to protect their personal information, and the Company shall not be responsible for any matter caused due to leakage of personal information arisen from matters on the internet beyond control of the Company even of the Company has exercised reasonable case, including hacking using the method or technology which cannot be blocked with the security measure under the related laws or the negligence of the members not attributable to the Company.
④ Members are obliged to cooperate to periodic activities for security in accordance with the Company's privacy policy.
Article 7 (Public Notification or Notice Method of the Privacy Policy)
① The privacy policy may be changed according to changes in related laws and guidelines, internal operation policies, etc. If there is any addition, deletion or modification of the privacy policy, the reason for the change and its contents shall be notified through the 'Notices' on the website at least 7 days prior to the revision. However, if there is a significant change in the member's rights in collection/use of personal information, it shall be notified at least 30 days before.
② In the event of transferring all or part of the business or transferring the rights and obligations due to merger or inheritance, the members shall be individually notified in writing or by e-mail, etc. and such a fact shall be notified by posting on the initial screen of the website for identification more than 30 days. However, a notice in writing/e-mail or other means may be made through posting on more than 2 central daily newspapers (the daily newspaper circulated in the region when most of customers live in a specific region) more than once when the contact information on the customers is not available without a mistake or there is otherwise any proper reason of not providing the notice including natural disaster.
**Article 8 (Preparation of Personal Information Items to Be Processed)**
① Personal information collected from members and used in the course of sign-up and service use is as follows;
[Required Collection Items]
Joining with the community
- Email account, password (encrypted and stored to ensure it cannot be decrypted), nickname,
- Automatically created information
- Purpose of collection and use: Service use and counseling, identification/prevention of illegal use, statistics and analysis
- Collection and use items: Cookies, service use records (visit date, IP, bad use records, etc.), device information (unique device identification value and OS version), APP version, language, country or region of residence and time zone
- Retention period: 3 months after withdrawal from service or the period according to related laws
Purchase and delivery of goods
- Purpose of collection and use: Buyer confirmation, delivery of goods and operations
- Collection/ use items:
- (Buyer confirmation) Name, date of birth and phone number
- (Supply and delivery of goods) Name, date of birth, phone number and address
- (Operation) Name, date of birth, phone number and SNS account
- Retention period: 1 year after purchase
Participating in events and prize winning
- Purpose of collection/ use: Confirmation of applicants in the events, provision and delivery of giveaway, and operations
- Collection/ use items:
- (Confirmation of applicants) Name, date of birth and phone number
- (Providing and delivery of giveaway) Name, date of birth, phone number and address
- (Operation) Name, date of birth, phone number and SNS account
- Retention period: Keeping for 1 year after the end of the event. However, information on non-winning participants shall be destroyed within 7 days after the winner is announced.
[Optional collection items]
- Advertising information
- Purpose of collection/use: Transmission of service-related advertising information
- Collection/use items: email and App Push
- Retention period: 3 months after withdrawal from service or the period according to related laws
② The Company collects personal information of members as above. However, sensitive personal information (race and ethnicity, ideology and creed, place of birth and domicile, political orientation and criminal record, health status and sex life, etc.) and unique identification information that may infringe upon members' basic human rights are not collected.
③ When using the service through the mobile application, access to terminal information shall be notified and approved. The right to access terminal information through the mobile application is required or selectively requested from the user whenever necessary and the authority may be changed through “Set-up” in the terminal.
Article 9 (Destruction of Personal Information)
① Muzlive Co., Ltd. destroys the personal information without delay when the personal information becomes unnecessary, such as expiration of the personal information retention period or achievement of the purpose of processing.
② If it is necessary to continue to preserve the personal information in accordance with other laws even when the personal information retention period agreed by the data subject is over or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or preserved at the different storages.
③ The procedure and method of personal information destruction are as follows.
- Destruction procedure
- Destruction method
- The Company selects the personal information to be destroyed and destroys the personal information after obtaining the approval of the Company's privacy officer.
- Information in a form of electronic files is destroyed using a technical method that does not allow reproduction of records. Personal information printed on paper is shredded with a shredder or destroyed through incineration.
Article 10 (Measures to Ensure Safety of Personal Information)
The Company is taking the following measures to ensure the safety of personal information;
- Minimizing and training of the personnel handling personal information: The Company is implementing the measures to manage the personal information by designating and minimizing/limiting the staffs handling personal information to the applicable staffs.
- Technical measures against hacking: In order to prevent leakage and damage of personal information caused by hacking or computer viruses, the Company installs security programs, periodically updates and inspects them, installs the systems in areas where access is controlled from outside and performing the technical/ physical monitoring and blocking.
- Encryption of personal information: User's personal information is stored and managed with encrypted passwords, which allows only the user can know it and important data are used after separate security functions such as encrypting files and transmission data or using a file lock function.
Article 11 (Installation, Operation and Rejection of Automatic Personal Information Collection Devices)
① The Company uses cookies to store and retrieve the use information from time to time to provide users with individually customized services.
② “Cookie” is a small amount of information sent by the server (http) used to operate the website to the user's computer browser and are also stored on the hard disk of the user's computer.
- a. Purpose of using cookies: Cookies are used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by the users, popular search terms, secured access, etc.
- b. Installation, operation, and rejection of cookies: Any member may refuse to store cookies by setting options in the Tools>Internet Options>Personal Information Menu at the top of the web browser. However, if the member or data subject refuses to store cookies, there may be inconveniences in using the service or difficulties in providing the service.
- c. Cookies are expired in case of browser exit or log out.
Article 12 (Link Site)
① Links to other companies' websites or data/materials may be provided to members through the website of the Company. In this case, the Company does not take responsibility for or guarantee the usefulness of services or data/materials provided from external sites.
② If the member clicks a link included in the website and move to a page on another site, the Privacy Policy of the Company no longer applies to the use of those sites.
Article 13 (Privacy Officer)
① The Company has designated the privacy officer who is responsible for overall handling of personal information for handling of complaints and damage relief of the data subject related with processing of personal information as follows:
- ▶ Privacy Officer
- Name: Park, Jong-sung
- Contact: +82-2-376-9775, js.park@muzlive.com
※ The member will be connected to the department in charge of personal information protection.
- ▶ Department in charge of personal information protection
- Title: Personal Information Manager
- Person in charge: Park, Jong-sung
- Contact: +82-2-376-9775, js.park@muzlive.com
② The data subject may inquire about all personal information protection related inquiries, complaint handling, damage relief, etc. to the privacy officer and department in charge. The Company will respond and handle the inquiries of the data subject without delay.
Article 14 (Request for Access to Personal Information)
The data subject may file a request for access to personal information iaw Article 35 of the Personal Information Protection Act to the following departments. The Company will make every effort to promptly process the personal information access request of the data subject.
- ▶ Personal information access request reception/processing department
- Title: Personal Information Manager
- Person in charge: Park Jong-sung
- Contact: +82-2-376-9775, js.park@muzlive.com,
Article 15 (Remedies for Infringement on Rights)
The data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of Korea Internet & Security Agency, etc. in order to receive relief from personal information infringement. In addition, for other personal information infringement reports and counseling, please contact the following organizations.
- Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center of Korea Internet & Security Agency: (without area code) 118 (privacy.kisa.or.kr)
- Cyber Crime Investigation Department of Supreme Prosecutor's Office: (without area code) 1301 (www.spo.go.kr)
- Cyber Investigation Bureau of National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
A person who is infringed of the rights or benefits due to disposition or inaction of the head of a public institution against a request pursuant to Article 35 (Inspection on Personal Information), Article 36 (Correction/Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing, etc.) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.
※ Please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr) for more information on administrative appeal.
Article 16 (Change in Privacy Policy)
① This Privacy Policy shall come into effect from September 1, 2021.
② Any important change in the personal information rights of the date subject shall be notified through the notices of the Company at least 14 days before. If any other changes occur, it shall be notified through the notices at least 7 days prior to the implementation of the change.