Privacy Policy
CJ MezzoMedia Inc. (hereinafter referred to as the "Company"), the operator of the TARGETPICK (hereinafter referred to as the "Service"), actively protects the personal information of its members and complies with all relevant laws such as the Act on Promotion of Information and Communication Network Utilization and Information Protection, Etc. In this regard, we, the “Company”, have established and comply with personal information processing policy for the benefit of the members (the " Privacy Policy"). The Privacy Policy stated below will inform our users of how and for what purpose their personal information is used and what measures are taken to protect their privacy. This Privacy Policy is posted on the “Service” operated by the “Company” and the “Company” ensures that users can always find it easily.
The contents of this Privacy Policy are as stated below:
1. PERSONAL INFORMATION TO BE COLLECTED AND METHOD OF COLLECTION
2. PURPOSE OF COLLECTING AND USING PERSONAL INFORMATION
3. RETENTION AND USAGE PERIOD OF PERSONAL INFORMATION
4. PROVISION AND ENTRUSTMENT OF PERSONAL INFORMATION
5. PROCEDURE AND METHOD OF DESTRUCTION OF PERSONAL INFORMATION
6. TECHNICAL AND MANAGERIAL MEASURES TO PROTECT PERSONAL INFORMATION
7. RESTRICTION ON MEMBERSHIP REGISTRATION FOR CHILDREN UNDER 14
8. PERSONAL ID AND PASSWORD MANAGEMENT
9. RIGHTS OF USERS AND LEGAL REPRESENTATIVES AND EXERCISING THOSE RIGHTS
10. COLLECTION OF PERSONAL INFORMATION BY COOKIES
11. INFORMATION MANAGEMENT OFFICER AND RESPONSIBLE PERSONNEL
12. OBLIGATION TO NOTIFY PRIOR TO POLICY CHANGES
1. PERSONAL INFORMATION TO BE COLLECTED AND METHOD OF COLLECTION.
① The "Company" collects the minimum personal information necessary to provide the “Service”.
The “Company” collects personal information set out below. The information is collected as confirmed by the user under this Privacy Policy, and when collection of additional personal information of the user is necessary, the “Company” will notify the user of such need and obtain the users’ prior consent.
A. Information provided by the users (Required for membership)
- Individual member : E-mail, Mobile phone number, telephone number
- Business member : E-mail, Mobile phone number, telephone number, Business type, Business registration number, Company name, Company address, Representative name, Business license
B. Information generated / collected by the automatic collection device during the “Service” use or business processing
- Service usage records, access logs, cookies, access IP information, payment records, dormant records, withdrawal records
C. Collection items by the “Service” type
- Developer Service : Deposit account, bankbook copy, ID copy (for individual members)
- Advertiser Service : Deposit account, bankbook copy
② The “Company” does not collect sensitive information.
The “Company” does not collect sensitive information (such as race, ideology and creed, political propensity or criminal record, medical information, etc.) that may infringe on the valuable human rights of users. If the collection of such information is inevitable in accordance with the obligations prescribed by the relevant law, the “Company” will obtain the prior consent of the user.
2. PURPOSE OF COLLECTING AND USING PERSONAL INFORMATION
The “Company” will use users’ personal information only for the following purposes, and if the purpose is changed, the “Company” will ask for users’ consent in advance.
① It is used to identify users who have registered as members, to check the intent to sign up and age of members and to prevent illegal use of fraudulent members.
② It is used to provide the service of the "Company" to the user, to handle the user’s inquiries and complaints, and to send notices.
③ It is used to provide promised services to users and to settle charges in the event that advertising or media services are used.
④ It is used for announcement of or marketing and advertising to inform events participation opportunities or launch of new services.
⑤ It is used to analyze user’s service usage, access frequency and statistics on service usage, and provide customized service and service improvement in relation thereto.
⑥ The “Company” has the following policy in place to monitor and control processing of personal information collected from users of advertisement available through the “Service” (“AD Inventory”) and the way of providing personalized advertising.
A. European Economic Area, the United Kingdom and Switzerland (GDPR)
a. Consent: A Publisher Partner member providing personalized advertising to customers in the European Economic Area, the United Kingdom, or Switzerland must first obtain the prior consent of such customers. Some Publisher Partner members may be required to obtain the prior consent of their customers for this purpose even if the customers are located outside of these regions. If the Publisher Partner member obtained such consent, the “Service” and our Advertising Demand Partner members will collect, use, share, and otherwise process all of the personal information described above for the purposes of serving personalized advertising.
If a Publisher Partner member does not wish to offer personalized advertising, then we will not process personal information of its customers for this purpose. That is, we will not collect, use, or share such customers’ iOS Identifier for Advertising or Android Advertising Identifier, precise location data, or their demographic or interest information. However, contextual advertising, such as advertisements targeted to the content or type of app the customers are using (for example, serving an ad for a video game to a gaming app), may still be served to such customers.
b. Withdrawal of Consent: Publisher Partner members shall ensure that their customers may withdraw their consent to personalized advertising experience at any time. Publisher Partner members may provide a way for their customers to withdraw the consent previously given directly from the Ad Inventory. If a customer withdrew its consent from within the Ad inventory, we will no longer collect, use, share, or otherwise process personal data from such Ad Inventory to personalize the customer’s advertising experience. Also, Publisher Partner members shall ensure that a customer may change his/her device settings to withdraw the consent to personalized advertising experience for all apps on that device. On iOS, a customer can do so by enabling the “Limit Ad Tracking” setting. On Android devices, a customer may do so by enabling the “Opt out of Ads Personalization” setting. A customer may reject cookies or delete them at any time by change settings on the customer’s mobile or PC browser. However, a customer may not be able to use certain function in respect of the “Service” if the customer rejects use of cookies. After the customer enabled the respective settings on the device as provided above, we will no longer collect, use, share, or otherwise process personal information from that device for personalized advertising experience. Unless we have another legal basis for keeping the customer’s personal data, we will delete or de-identify the personal information we have collected about such customer within 30 days from the date on which the customer applied one of the above methods to withdraw consent. Even if the customers of Ad Inventory do not consent to a personalized advertising experience, or later withdraw their consent, we will still process personal information about the customers when and as necessary to comply with applicable laws or to support our legitimate interests.
c. Legal Requirements: We will process personal information as necessary to comply with applicable laws. For example, we may collect from the customers of Ad Inventory, IP addresses to identify a country location so that we know whether such customers are located in the European Economic Area, the United Kingdom, or Switzerland, but we will not share the customers’ full IP addresses or retain the same internally. Similarly, if the customers consent to personalized advertising experience, but later withdraw such consent, we will continue to retain a record of the iOS Identifiers for Advertising or Android Advertising IDs of their devices for the purpose of recording when they consented and withdrew their consent to processing of personal information. As part of processing the customers’ withdrawal of consent requests, we may share the iOS Identifiers for Advertising or Android Advertising IDs of the withdrawing customers’ devices to Publisher Partner members and Advertiser Partner members of the “Service”.
B. Children Under the Age of 14
a. Publisher Partner members acknowledges and agree that the “Company” is not permitted to collect information from Ad Inventory directed to children under the age of 14 for purposes of personalized advertising. The “Service” may, however, collect information from Ad Inventory directed to children for other purposes, such as serving advertisements based on contextual information, like the content or type of app they are using (for example, serving an ad for a video game to a gaming app). In addition, if a customer resides in the European Economic Area, the United Kingdom, or Switzerland, then Publisher Partner members shall ensure that the customer must be at least 16 years of age to give his/her consent to the personalized advertising experience in respect of the “Service”. The “Service” does not collect or otherwise process personal data from individuals in the European Economic Area, the United Kingdom, and Switzerland whom we know are under the age of 16, except to comply with apply laws or to support our legitimate interests.
b. The “Company” adheres to the Children’s Online Privacy Protection Act (COPPA) and do not permit Publisher Partner members to knowingly use of personal information of children under the age of 14 for purpose of personalized advertising under our “Service.” The Publisher Partner members must ensure if a customer resides in United States, customer must be at least 14 years of age to give his/her consent to the personalized advertising experience in respect of the “Service.” The “Service” does not knowingly collect or otherwise process personal data from individuals under the age of 14 residing in the States, and complies with the applicable law related to COPPA.
3. RETENTION AND USAGE PERIOD OF PERSONAL INFORMATION
Personal information will be retained by the “Company” and used for the service while the member receives the service provided by the “Company”.
However, if a member requests the withdrawal of membership or withdraws the member’s consent to the collection and use of personal information, or if the purpose of collection and use is achieved or the retention and use period is expired or terminated, such personal information will be immediately destroyed.
① Retention of personal information in accordance with the “Company”’s internal policy
- Retained items: service subscription, usage history
- Reasons for retention: Prevention of confusion in service use
- Retention period: 6 months after membership withdrawal
If it is necessary to preserve the information in accordance with the relevant laws and regulations, the “Company” keeps the member’s personal information for a certain period of time as follows:
② Reasons for Retaining Information According to Related Laws
- Retained items: Record of contract or withdrawal
- Reasons for retention: Act on the Consumer Protection in Electronic Commerce, Etc.
- Retention period: 5 years
- Retained items: Record of payment and supply of goods
- Reasons for retention: Act on the Consumer Protection in Electronic Commerce, Etc.
- Retention period: 5 years
- Retained items: Records of consumer complaints or disputes resolution
- Reasons for retention: Act on the Consumer Protection in Electronic Commerce, Etc.
- Retention period: 3 years
- Retained items: Record on display/advertisement
- Reasons for retention: Act on the Consumer Protection in Electronic Commerce, Etc.
- Retention period: 6 months
- Retained items: Books and documents for all transactions regulated by tax law
- Reasons for retention: Framework Act on National Taxes, Corporate Tax Act
- Retention period: 5 years
- Retained items: Records on Electronic Financial Transactions
- Reasons for retention: Electronic Financial Transaction Act
- Retention period: 5 years
- Retained items: Personal information related to service use (login record)
- Reasons for retention: Protection of Communications Secrets Act
- Retention period: 3 months
4. PROVISION AND ENTRUSTMENT OF PERSONAL INFORMATION
① 3rd party provision
The "Company” does not provide personal information to third parties without obtaining consent from the user.
② Entrustment management
In order to improve the service, we entrust the collection, handling, and management of a user’s personal information to the third party business, and such entrusted company is and will be contractually bound by its entrustment agreement to safely process personal information in accordance with the relevant laws.
- Information on entrusted company, scope of entrusted business, and etc. will be notified via postal service, e-mail, telephone or post on homepage.
- In the entrustment agreement, the entrusted company’s obligations, including duty to follow privacy protection instructions, the confidentiality treatment of personal information, the prohibition of the provision to third parties, the entrusted company’s liability in case of breach of its obligations, the entrustment period, and the return or destruction of personal information upon expiration or termination of entrustment, shall be specified and the “Company” will keep the content of such entrustment agreement, physically or electronically.
Entrusted company | Entrusted business | Personal Information Retention and Usage Period |
Daou Technology Inc. | SMS | Until withdrawal of membership or expiration or termination of entrustment agreement |
Korea Mobile Certification | Identity verification service | Not applicable (the relevant information is already in the possession of the entrusted company, as identity verification agency) |
5. PROCEDURE AND METHOD OF DESTRUCTION OF PERSONAL INFORMATION
① Destruction procedure
The “Company” will immediately destroy the personal information when the period specified in retention and usage period of personal information has passed. However, the “Company” may retain and use the user’s personal information for as long as necessary even after the transaction is terminated or the contract is terminated in order to prevent rejoining of fraudulent users, resolve legal disputes, cooperate criminal investigations, handle complaints, and fulfill legal obligations.
② Destruction method
A. Personal information printed on paper: shredded by shredder.
B. Personal information stored in the form of electronic files: deleted using a technical approach to prevent it from being restored or regenerated.
③ Validity period of personal information
In accordance with the provisions of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., if the member has not used the service or has no record of activity for a year (hereinafter referred to as "Validity Period"), the “Company” will delete or separately store and manage such user’s personal information with prior notice to the user to protect the personal information and prevent damage pursuant to Article 29 of the aforesaid Act. The “Company” will provide advance notice to the email address entered in the Member Information menu 30 days prior to the expiration date of the “Validity Period”. However, in the following cases, the member’s personal information, even if its “Validity Period” has expired, may be retained and managed as the case may be:
A. If there is specific consent of each member such as request for extension of the “Validity Period” or request for renewal of the “Validity Period”, retainable as consented by the member.
B. In case retention period is set separately in other laws, retainable as required by the relevant laws.
6. TECHNICAL AND MANAGERIAL MEASURES TO PROTECT PERSONAL INFORMATION
The “Company” has established and implemented technical and managerial measures to protect personal information.
① Technical measures
A. The user’s personal information is managed using the internal network which is impossible to access and invade from the external network.
B. By encrypting files and transmitted data or using the file lock function, important data is thoroughly protected through a separate security function.
C. The “Company” takes measures to prevent damage caused by computer viruses by using vaccine programs. The vaccine program is updated regularly, and if a sudden virus appears, it is applied immediately after the vaccine is released to prevent personal information from being infringed.
D. The “Company” adopts a security device that can safely transmit personal information over the network through the use of cryptographic algorithms.
E. The “Company” encrypts for storage the user’s important personal information, such as passwords.
F. The “Company” strengthens security by installing an access control system for each server.
② Managerial measures
A. The “Company” has established procedures for accessing and managing users’ personal information and ensures that its employees are well-informed of and comply with such procedures.
B. The “Company” limits the number of employees who can handle personal information of users as least as possible. Those who can handle personal information of users are as follows:
a. Person who performs marketing business directly or indirectly with users;
b. Person who performs personal information management/protection work such as personal information manager and personal information protection officer; and
c. Others who has inevitable need to handle personal information for the business of the “Company”.
C. If the “Company” processes users’ confidential information with computers, it designates an employee who has access to personal information, assigns identification code (ID) and a password to such employee and regularly update such password.
D. Regular internal or external training is provided to employees who handle personal information regarding the acquisition of new security technologies and the duty to protect personal information.
E. The handover and takeover of personal information management/protection tasks is carried out under thorough security, and the responsibility for personal information infringement incidents will be intensively investigated for the duration after entering and leaving the company.
F. Computer rooms and data storage rooms are designated as highly restricted areas and access management procedures, including access control, are implemented.
7. RESTRICTION ON MEMBERSHIP REGISTRATION FOR CHILDREN UNDER 14
The "Company" does not accept membership of children under 14 years old.
8. PERSONAL ID AND PASSWORD MANAGEMENT
In principle, the ID and password each member uses are only for such member. In the absence of any intentional misconduct or negligence by the “Company”, the “Company” shall not be liable for any problems caused by the fraudulent use of the member’s ID and password or other unauthorized use thereof by third parties. Under no circumstances should each member tell anyone its password and the members shall take special care not to leak their personal information to others around them while logged on the “Service”. Upon verification of fraudulent membership registration or purchase using a third party’s personal information, the service contract may be terminated unilaterally, and the offender may be subject to imprisonment for not more than three years or a fine not exceeding 10 million won pursuant to the Resident Registration Act, as the case may be.
9. RIGHTS OF USERS AND LEGAL REPRESENTATIVES AND EXERCISING THOSE RIGHTS
① How to access and correct members’ personal information
Members can access or correct their personal information provided for the registration at any time. In case that a member desires to access or correct its own personal information, click [Edit Member Information] to go through the identification procedure and then read or correct the member’
s personal information. Also, members can make requests for corrections by calling or e-mailing a person in charge of personal information, which requests will be processed without undue delay. If a member’s representative visits and requires access or correction, the member’s representative may be required to present proof of a representative relationship to confirm that he or she is a true representative of the member.
If a member requests correction of an error in personal information, the personal information will not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, such third party will be informed about the result of the correction without undue delay and requested for corresponding correction. However, if there is a valid reason not to allow a member to access or correct all or part of its personal information, the member will be notified of such disallowance without undue delay and the reason will be explained.
In the following cases, however, the access and correction of personal information may be restricted:
A. In case that there is a risk of serious damage to a member’s or a third party’s life, body, property or interests;
B. In case of a significant disruption to the “Company”’s or its service provider’s work; and
C. In case prohibited by applicable laws
② How to withdraw consent and membership
Members can withdraw their consent regarding the collection, use and provision of personal information at any time. If a member wants to withdraw the consent (withdrawal of membership), the member can apply directly by clicking [Withdrawal of membership] or contact the person in charge of personal information by phone or e-mail to request for such withdrawal, which request will be processed without undue delay.
10. COLLECTION OF PERSONAL INFORMATION BY COOKIES
The “Company” operates cookies that store and find members’ information from time to time. Cookies are tiny text files that are sent to members’ browser by a server used to run our website or mobile services and are stored on the hard disk of members’ device such as PC, smartphone, tablet PC, and etc. Cookies may contain the website usage information and members’ personal information, so members have the option to control installation of cookies. By setting options in the web browser of the member device, the member can allow all cookies, check each time whenever a cookie is saved, or refuse to save all cookies. However, if the member refuses to install cookies, it may cause difficulty in providing the service.
① How to specify whether to allow installation of cookies (For Explorer)
A. Select [Internet Option] in [Tool] menu.
B. Click [Privacy tab]
C. Set up [Privacy Level]
② How to view received cookies (For Explorer)
A. Click [Tool] in [Task bar]
B. Select [Internet Option]
C. Click [Setting] in the [General Tab (Basic Tab)]
D. Select [View file]
③ Purpose of using cookies
Personal information collected through cookies will be used for analyzing the types of visits and usage, number of users and time of usage regarding the company’s website users visited. It may also be used to understand users’ tastes and interests for target marketing, targeting advertising provision, and service reorganization criteria.
11. PERSONAL INFORMATION MANAGEMENT OFFICER AND RESPONSIBLE PERSONNEL
The “Company” designates relevant departments and personal information managers as follows to protect personal information of users and to handle complaints related to personal information. By using the service, you can report any complaints related to personal information protection to the personal information manager or the customer center.
The “Company” will promptly and fully respond as possible to the report of users:
- Personal Information Manager Name: Kim Kyung Sik
- Phone Number: 02-6484-3973
If you need to report or consult about other personal information infringement, please contact the following organizations:
- Personal Information Dispute Mediation Committee (www.kopico.go.kr/ 1833-6972)
- E-Privacy Mark Certification Committee (www.eprivacy.or.kr / 02-550-9500)
- Cyber Crime Investigation Unit, Supreme Public Prosecutors’ Office (http://www.spo.go.kr / 1301)
- Cyber Terror Response Center, National Police Agency (www.ctrc.go.kr / 182)
12. OBLIGATION TO NOTIFY PRIOR TO POLICY CHANGES
If there are any additions, deletions, or modifications to the current Privacy Policy, we will notify users through the "Notice" on the website at least 7 days before the revision. This Privacy Policy will be effective from 2020.JULY.2nd