Hello, this is MAKESTAR. In accordance with Article 30 of the Personal Information Protection Act, the following privacy policy is disclosed to safely protect your personal information and to quickly and accurately deal with related difficulties. This privacy policy will be posted within the MAKETAR service so that it can be accessed anytime while using the service, and should any changes occur, we promise to apply the changes only after getting your consent. Thank you for using the MAKESTAR service.
This privacy policy will take effect from June 2, 2022.
•
Notification date: June 2, 2022
•
Enforcement date: June 2, 2022
Article 1 (Consent to handling personal information)
MAKESTAR Co., Ltd. (hereinafter referred to as ‘Company’) goes through the process of receiving consent to the privacy policy when a user is signing up to the service and it is deemed that the user has read and agreed to the privacy policy by authenticating the email or pressing the "Agree" button.
Article 2 (Purpose of processing personal information)
The company processes the member's personal information for the following purposes and does not use it for any other purpose:
(1) Member management: Member identification and verification, delivering notifications and precautions to the members
(2) Member consultation processing: Member consultation•Reception of complaints, notification of the results
(3) Offer service : Providing service and quality improvement, prevention of fraudulent use within the service, development of new services/technologies, and provision of personalized services
(4) Payment and settlement of product, etc.: Payment, settlement, and refund measures for product, etc
(5) Delivery of reward or product
(6) Marketing and PR: Providing advertising information
Article 3 (Items and methods of collecting personal information)
The company will collect the minimum amount of personal information necessary for the operation of the service, and if additional personal information is needed to use the service, the company will collect personal information after obtaining separate consent from the members.
Article 4 (Period of retention and use of personal information)
1.
The company processes and holds personal information in accordance with laws and regulations of the period of holding and using personal information or within the period in which the company agrees to collect personal information from members.
2.
If a member joins the service after giving consent to the terms and conditions of use and privacy policy, the company retains the member's personal information until the member terminates the service use contract or withdraws from the membership. Provided, that in the following cases, the company may retain personal information until the end of the relevant reason: (1) Where an investigation, etc. is in progress due to a violation of relevant statutes, until the relevant investigation is completed; (2) Where a bond/debt relationship remains due to the use of a site, etc., until the relevant bond/debt relationship is settled
3.
Notwithstanding the main context of paragraph (2), the company may retain the member's personal information for one year from the time of withdrawal to prevent rejoining the membership and to prevent its illegal use.
4.
The company may retain personal information in accordance with the relevant laws and regulations as follows.
Archived
information | Retention period |
Records
of payment and supply of goods, etc | 5 years |
Records
concerning withdrawal of contracts or subscriptions, etc | 5 years |
Records
of consumer complaints or disputes | 3 years |
Records
of advertisement | 6 months |
Records
of Electronic Financial Transactions | 5 years |
Records
of website/app usage | 3 months |
Records
on the collection, processing, use, etc. of credit information | 3 years |
Article 5 (Provision of personal information to third parties)
1.
The company may provide personal information to a third party or use it for other purposes only if the consent of the members is obtained pursuant to Articles 17 and 18 of the Personal Information Protection Act and if it is allowed to provide it to a third party under relevant laws.
2.
If the company partners with a third party, such as a business partner or a business organization, and needs to provide (including sharing) the personal information of a member to a limited extent, or uses the collected personal information beyond its original purpose, the company will provide the following notice to the members: (1) Name of third party to receive personal information (2) Purpose of providing personal information (3) Personal information items provided to the third party (4) Period of retention and use of personal information by a third party who receives personal information (5) If there is a right to refuse to provide information to a third party and if there is a disadvantage due to refusal of consent, the details of the disadvantage shall be notified on the web page and individually notified to the members 30 days before the enforcement date, and shall be implemented after obtaining consent from the members.
3.
In the following cases, it is possible to use personal information for purposes other than the original purpose or to provide it to a third party without the consent of the members according to the relevant laws and regulations: (1) Where necessary for settlement of the price of goods, etc; (2) Where personal information is provided in a form that is not recognizable to a specific individual as necessary for the purpose of academic research, statistics, etc.; (3) Where necessary for the investigation and the filing and maintenance of a crime; (4) Where necessary for the performance of the court's judicial affairs; (5) Where there are special provisions in laws such as the Personal Information Protection Act, the Financial Real Name Transactions and Secrets Act, the Framework Act on Credit Information, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act, and the Criminal Procedure Act
Article 6 (Entrustment of personal information processing)
1.
For smooth processing of personal information, the company entrusts personal information as follows:
Trustee | Entrusted duties |
Toss Payments Co., Ltd | Electronic payment service |
Eximbay Co., Ltd | Electronic payment service |
Alipay | Electronic payment service |
ICB | Electronic payment service |
Nice Pay | Electronic payment service |
PayPal Pte Ltd | Electronic payment service |
CJ Logistics Co., Ltd | Delivery of reward or product |
Hanjin Co., Ltd | Delivery of reward or product |
Logen Co., Ltd | Delivery of reward or product |
Korea Post Information Center (EMS) | Delivery of reward or product |
DHL International GmbH | Delivery of reward or product |
SF Express | Delivery of reward or product |
Google LLC | In app purchase |
Apple Inc | In app purchase |
2.
When signing an entrustment contract, the company stipulates the following items in documents such as contracts in accordance with Article 25 of the Personal Information Protection Act and oversees whether the trustee safely manages and processes personal information.
(1) Prohibition of processing personal information other than the purpose of performing entrusted duties
(2) Technical and administrative protection measures
(3) Restriction on re-entrustment
(4) Management and supervision of the trustee
(5) Matters concerning liability for damages, etc.
Article 7 (Rights, obligations and methods of exercise of information object)
1.
Members may exercise the following personal information protection rights to the company at any time: (1) Request access to personal information (2) Request correction if there is an error in personal information, etc (3) Request to delete personal information (4) Request to stop processing personal information
2.
The exercise of the rights under paragraph (1) of the member may be made to the company in writing, by phone, e-mail, fax, etc., and the company shall take action without delay.
3.
If a member requests correction or deletion of an error in personal information, the company shall not use or provide the personal information until the correction or deletion is completed.
4.
A member shall not infringe on the personal information and privacy of the information object or others handled by the company in violation of related laws, such as the Personal Information Protection Act.
Article 8 (Destruction, etc. of non-users’ personal information)
1.
Users who have not used the service for one year will switch to a dormant account, and their personal information will be kept separately. Personal information stored separately is destroyed without delay after being stored for one year.
2.
30 days before the switch to a dormant account, the company informs users of the fact that the personal information will be kept separately, the scheduled date of the switch to a dormant account, the items that will be kept separately by email or text.
3.
If you do not want to be switched to a dormant account, you can log in to the service before the scheduled date of the switch. In addition, even if it has been converted to a dormant account, if you log in, you can restore the dormant account with the consent of the user to reuse the normal service.
Article 9 (Destruction of personal information)
1.
The company destroys personal information without delay when personal information becomes unnecessary, such as the expiration of the personal information retention period and the settlement of the personal information usage.
2.
If personal information is to be preserved in accordance with other laws and regulations despite the expiration of the period of personal information retention agreed by the member or the settlement of the personal information usage has been reached, the personal information is transferred to a separate database (DB) or stored elsewhere.
3.
The procedure and method of destroying a member's personal information are as follows: (1) Destruction procedure: The company selects the personal information that needs to be destroyed and destroys the personal information with the approval of the company's personal information protection manager. (2) Destruction method: The company destroys personal information recorded and stored in electronic file form using a technical method so that the information cannot be reproduced. Personal information recorded and stored in paper documents shall be destroyed by crushing or incinerating with a shredder.
Article 10 (Measures to ensure the safety of personal information)
1.
The company does its best to safely manage the members' personal information and protects personal information beyond the level required by the Information and Communication Network Act and the Personal Information Protection Act in accordance with the methods prescribed in this Article.
2.
We keep the personal information handler to a minimum. We manage employees who process personal information to a minimum and continue to emphasize that the protection of members' personal information is the most important value through regular and occasional training for personal information handlers.
3.
In order to prevent leakage and damage of personal information due to hacking or computer viruses, security programs are installed, regularly updated and inspected. Systems are installed in areas where access is restricted from the outside and are technically and physically monitored and blocked.
4.
Documents containing personal information, auxiliary storage media, etc. are stored in a safe place with a lock.
5.
There is a separate physical storage location where personal information is stored and access is restricted.
Article 11 (Changes in the privacy policy)
1.
If there is any addition, deletion, or modification of the contents of the privacy policy, the company announces the revision through the site or app at least 7 days before the revised privacy policy takes effect.
2.
If there is a significant change in the rights of members, such as provision of personal information to a third party, the company shall announce the revision through the site or app at least 30 days before the revised privacy policy takes effect and obtain the consent of the members.
Article 12 (Transfer of personal information due to business transfer, etc.)
When the company transfers personal information to another person due to the transfer or merger of all or part of its business, it shall notify the relevant members of the following matters in advance through a notice:
(1) The fact of transferring personal information
(2) Name of the person who receives the transfer of personal information (in the case of a corporation, the name of the corporation), address, phone number, and other contact information
(3) Methods and procedures that can be taken if the information object does not wish to transfer personal information
Article 13 (Installation, operation, and rejection of the automatic personal information collection device)
1.
The company uses 'cookie' to store usage information and recall it from time to time to provide individual customized services to users..
2.
Cookies are a small amount of information that the server (http), which is used to operate the site, sends to the user's computer browser and are sometimes stored on the user's hard disk of the user's PC computer. (1) Purpose of use of cookies: It is used to provide optimized information to users by identifying the type of visit and use of each service and site visited by users, popular search terms, and security access. (2) If the user refuses to save the cookie, some of the services provided by the company may be restricted.
Article 14 (Person in charge of personal information protection)
1.
The company is responsible for overall duties related to processing personal information and designates a person in charge of personal information protection as follows to handle complaints and remedy damages of information objects related to personal information processing. (1) Personal information handler Person in charge of protection : Ko Haneol Phone number: +82-2-6959-2076 E-MAIL: [privacy@makestar.co] (2) Department in charge of personal information Department name: Head of Platform Department: Oh Jongmyung Phone number : +82-2-6959-2076 E-MAIL : [privacy@makestar.co]
2.
Users can contact the person or department in charge of personal information protection in regards to handling complaints, and relief of damage caused by using the company's service (or business). The company responds and processes user inquiries without delay.
Article 15 (How to resolve infringement of rights and interests)
In order to receive relief from personal information infringement, the information object may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency's Personal Information Infringement Report Center. In addition, please contact the institutions below for reports and counseling of other personal information violations.
1.
Personal Information Dispute Mediation Committee : (without a national number) 1833-6972 (www.kopico.go.kr)
2.
Personal Information Infringement Report Center : (without a national number) 118 (privacy.kisa.or.kr)
3.
4.
A person who has been infringed on rights or interests due to disposition or omission by the head of a public institution may request an administrative trial as prescribed by the Administrative Appeals Act for requests under Articles 35 (View of Personal Information), 36 (Correction/Delete of Personal Information, etc.).
※ For more information on administrative trials, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).