Privacy policy

<DEFI>('https://www.donteverforgetit.com/' hereafter referred to as 'https://www.donteverforgetit.com/'), to protect personal information of information subject and to process related grievances quickly and smoothly in accordance with Article 30 of the Personal Information Protection Act, establishes and discloses the privacy policy as follows:

○ This privacy policy will be applied from September 1, 2022.

Article 1 (Purpose of processing personal information)

<DEFI> ('https://www.donteverforgetit.com/' hereinafter referred to as 'https://www.donteverforgetit.com/') processes personal information for the following purpose. The personal information being processed will not be used for any purpose other than the following purpose, and if the purpose of use is changed, necessary measures such as obtaining separate consent in accordance with Article 18 of the 「Personal Information Protection Act」 will be implemented.

1. Website membership registration and management

Personal information is processed for the purpose of confirmation of intention to join membership, identification and authentication of identity in accordance with the provision of membership service, maintenance and management of membership, prevention of illegal use of services, confirmation of consent of a legal representative when processing personal information of children under 14 years of age, various notices and notifications, handling of grievances.

2. Provision of goods or services

Personal information is processed for the purposes of product delivery, service provision, contract/invoice delivery, contents provision, customized service provision, identity verification, age verification, bill payment/settlement, and debt collection.

3. Use in Marketing and Advertising

Personal information is processed for the purpose of development of new services (products) and provision of customized services, provision of event and advertisement information and participation opportunity, provision of services and advertisement according to demographic characteristics, verification of service validity, identification of access frequency, or statistics on member service use, etc.

Article 2 (Processing and Retention Period of Personal Information)

①<DEFI> processes and retains personal information within the period of retention and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.

② Each personal information processing and retention period are as follows.

1.<Website membership registration and management>

Personal information related to <website membership registration and management> is retained and used for the above purpose from the date of consent for collection and use to <5 years>.

Basis for retention: Article 15 (collection and use of personal information) Paragraph ① of the Personal Information Protection Act

Relevant laws and regulations:

1) Records on collection/processing and use of credit information: 3 years

2) Records on consumer complaints or dispute settlement: 3 years

3) Records on payment and supply of goods: 5 years

4) Records on contract or subscription withdrawal: 5 years

5) Records on display/advertisement: 6 months

2.<Provision of goods or services>

Personal information related to <Provision of goods or services> is retained and used for the above purpose from the date of consent for collection and use to <5 years>.

Basis for retention: Article 15 (collection and use of personal information) Paragraph ① of the Personal Information Protection Act

Relevant laws and regulations:

1) Records on collection/processing and use of credit information: 3 years

2) Records on consumer complaints or dispute settlement: 3 years

3) Records on payment and supply of goods: 5 years

4) Records on contract or subscription withdrawal: 5 years

5) Records on display/advertisement: 6 months

Article 3 (Items of personal information to be processed)

① <DEFI> processes the following personal information items.

1< Homepage membership registration and management >

Required items: email, mobile phone number, home address, home phone number, password question and answer, password, login ID, gender, date of birth, name, credit card information, bank account information, service use record, access log, cookie, access IP information, payment record

2< Provision of goods or services >

Article 4 (Matters concerning provision of personal information to a third party)

①<DEFI> processes personal information only within the scope specified in Article 1 (Purpose of Personal Information Processing), and provides personal information to a third party only in case of Article 17 and Article 18 and Articles of the 「Personal Information Protection Act」 such as the consent of the information subject and special provisions of the law. However, personal information has not been provided to a third party until now.

Article 5 (Matters related to consignment of personal information processing)

① <DEFI> has not consigned the processing of personal information until now.

② <DEFI> shall specify the matters related to the responsibilities such as prohibition of the processing of personal information other than the purpose of performing the consigned work in accordance with Article 26 of the 「Personal Information Protection Act」 when concluding the consignment contract, technical and administrative protection measures, restriction on re-consignment, management and supervision of the consignee, and compensation for damage in documents such as contract, and plans to supervise whether the consignee processes personal information safely.

③ If the consignment contract is concluded, or the contents of the consignment work or the consignee is changed, we will disclose it through this personal information processing policy without delay.

Article 6 (Destruction procedure and method of personal information)

① <DEFI> will destroy the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period and achievement of the processing purpose.

② If the personal information retention period agreed by the information subject has elapsed or the personal information has to be kept in accordance with other laws and regulations despite the achievement of the processing purpose, we move the personal information to a separate database (DB) or change the storage location to conserve separately.

③ The procedure and method of personal information destruction are as follows.

1. Destruction procedure

<DEFI> selects the personal information for which the reason for destruction occurred, and destroys the personal information with the approval of the personal information protection officer (responsible person) of <DEFI>.

2. Destruction method

For information in the form of an electronic file, we use a technical method that cannot reproduce the record.

Article 7 (Matters on Right and Duty of Information Subject and Legal Representative and Method of Exercising them)

① The information subject can exercise the right to view, correct, delete, and suspend processing of personal information to DEFI at any time.

② The exercise of right according to Paragraph ① may be done through writing, e-mail, fax, etc. in accordance with Article 41 Paragraph ① of the Enforcement Decree of the 「Personal Information Protection Act」 to DEFI, and DEFI will take a measure to this without delay.

③ The exercise of right according to Paragraph ① may be done through an agent such as the legal representative of the information subject or a person who has been delegated. In this case, a power of attorney in the form of Attachment No. 11 of the “Personal Information Processing Method Notice (No. 2020-7)” shall be submitted.

④ In case of request to view personal information and stop processing, the right of the information subject may be restricted in accordance with Article 35 Paragraph ④ and Article 37 Paragraph ② of the 「Personal Information Protection Act」.

⑤ In case of request for correction and deletion of personal information, the deletion cannot be requested if the personal information is specified as a collection object in other laws and regulations.

⑥ Gashian verifies whether the person who made the request for viewing etc., when requesting to view, correct or delete, suspend processing according to the right of the information subject, is the person directly involved himself(herself) or a legitimate agent.

Article 8 (Matters on Measures to Secure the Safety of Personal Information)

<DEFI> takes the following measures to ensure the safety of personal information.

1. Conduct regular self-audit

In order to secure the safety of personal information handling, we conduct our own audit on a regular basis (once a quarter).

2. Minimize and train personnel handling personal information

We are implementing measures to manage personal information by designating personnel who handle personal information, and limiting & minimizing them to the person in charge.

3. Establish and implement internal management plan

We establish and implement an internal management plan for safe processing of personal information.

4. Encryption of personal information

As the user's personal information is stored and managed with an encrypted password, only the user can know it, and for important data, a separate security function such as encrypting files and transmission data or using a file lock function, is used.

5. Restrict access to personal information

We take necessary measures to control access to personal information through granting, changing, and canceling access right to the database system that processes personal information, and use an intrusion prevention system to control unauthorized access from outside.

6. Use a lock for document security

Document and auxiliary storage media containing personal information are stored in a safe place with a lock.

7. Access control for unauthorized persons

A separate physical storage place for personal information is established and access control procedure is established and operated.

Article 9 (Matters concerning the installation and operation of device that automatically collects personal information and the rejection)

① In order to provide individual customized services to users, DEFI uses 'cookie' that stores and retrieves use information from time to time.

② Cookie is a small amount of information that the server (http) used to operate the website sends to the user's computer browser and is also stored on the hard disk of the user's PC computer.

a. Purpose of use of cookie: It is used to provide optimized information to the user by identifying the type of visit and use, popular search term, secure access, etc. to each service and website visited by the user.

b. Installation, operation, and rejection of cookie: You can refuse to store cookie by setting option in the Tool>Internet Option>Personal Information menu at the top of the web browser.

c. If you refuse to store cookie, you may experience difficulties in using customized service.

Article 10 (Criteria for Judging Additional Use and Provision)

<DEFI> can use and provide additionally personal information taking into account the matters according to Article 14 Paragraph ② of the 「Personal Information Protection Act Enforcement Decree」 without the consent of the information subject in accordance with Article 15 Paragraph③ and Article 17 Paragraph ④ of the 「Personal Information Protection Act」.

<DEFI> has considered the following in order to provide additional use and provision without the consent of the information subject, accordingly.

▶ Whether the purpose of additional use or provision of personal information is related to the original purpose of collection

▶ Whether there is any predictability of additional use or provision in light of the circumstance in which personal information was collected or processing practice

▶ Whether the additional use or provision of personal information unreasonably infringes on the interests of the information subject

▶ Whether measures necessary to secure safety such as pseudonymization or encryption have been taken

※ The criteria for judging considerations in additional use and provision shall be prepared and disclosed by the business provider/organization autonomously.

Article 11 (Matters concerning the person in charge of personal information protection)

① DEFI takes overall responsibilities for processing personal information, and designates a person in charge of personal information protection for complaint handling and damage relief of information subject related to personal information processing as follows:

• ▶ Person In Charge(Officer) Of Personal Information Protection

• Name: Doyeon Kim

• Position: Representative

• Title: Representative

• Contact: 82-10-4785-9363, gasian@gasian.co.kr

② Information subject may inquire about personal information protection related inquiries, complaint handling, damage relief, etc., to the person in charge of personal information protection and the department in charge while using the service (or business) of DEFI. DEFI will answer and handle the inquiries of the information subject without delay.

Article 12 (Department that receives and processes request for viewing personal information)

The information subject may file a request for viewing personal information according to Article 35 of the Personal Information Protection Act to the following departments.

<DEFI> will make every effort to promptly process the personal information viewing request of the information subject.

• ▶ Personal information access request reception and processing department

• Department name: DEFI

• Person in charge: Doyeon Kim

• Contact: 82-10-4785-9363, gasian@gasian.co.kr

Article 13 (Remedies for Infringement of Right and Interest of Information Subject)

The information subject may apply for dispute settlement or consultation to the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency Personal Information Infringement Report Center in order to receive relief from personal information infringement. In addition, for other personal information infringement reports and consultations, please contact the following organizations.

1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)

2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)

3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)

4. National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

A person whose right or interest have been infringed due to a disposition or omission taken by the head of a public institution may file an administrative appeal in accordance with the Administrative Appeals Act in response to requests according to Article 35 (Viewing of Personal Information), Article 36 (Correction/Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the 「Personal Information Protection Act」.

※ Please refer to the website of the Central Administrative Adjudication Committee (www.simpan.go.kr) for more information on administrative appeal.