Personal Information Processing Policy

Optatumplatform co., ltd. (hereinafter referred to as the “Company”) values personal information of users and complies with the “Act on Promotion of Information and Communication Network Use and Information Protection” and “Personal Information Protection Act.” The Company shall inform you about the use and method of personal information provided by users through the personal information processing policy and what measures are being taken to protect personal information. When the Company revises its personal information processing policy, it will announce it through website announcements or individual notice.

1. Types of Personal Information Collected

The Company collects the following personal information to provide services such as application for electronic payment and settlement service (hereinafter referred to as “Service”), consultation, and inquiries.

①Personal Information Collection Items
1. Required Items
  1. A. Contract information at the time of membership registration
    ID, password, email address, gender, nationality, date of birth, address(Korean/English), name of the person in charge, contact information of the person in charge, settlement account information(account name, account holder), phone number
  2. B. Information used for electronic payment
    User’s card information (card number, expiration date, cardholder, etc.)
  3. C. In addition to the personal information items specified above, the following additional information may be automatically or manually generated and collected during the use of the Service or the process of the Service
    Access IP, cookie, e-mail, service access date and time, service use record, bad or abnormal use record, payment record
  4. D. etc.
    The Company may collect additional information necessary for payment, refund, etc. related to the use of the Service.
2. Optional Items
  1. A. Information provided in contract documents, information provided by the customer in addition to the required information
  2. B. Address etc.
②Collection method
1. Collection of personal information presented by customers from homepage(service application, service consultation bulletin board), written form, fax, e-mail, and affiliates that have signed a business alliance contract.
2. Direct input information to use the payment service provided by the Company

2. Purpose of Collection and Use of Personal Information

The Company uses the collected personal information for the following purposes.

①Identification and real name verification for establishment, maintenance, and termination of service provision contracts, various member management, contract delivery, etc.
②Identification, authentication, real name verification and various information/notifications during the service provision process
③Prevention of illegal use and unauthorized use
④Confirmation of intentions such as consent or withdrawal necessary for service provision and related business processing
⑤Identify the frequency of use and provide services according to demographic characteristics and CRM
⑥Registration of store business information for each payment method for service provision
⑦Delivery of advertising information such as events provided by other companies, provision of services and advertisements according to statistical characteristics, actual marketing activities

3. Retention and Use Period of Personal Information

In principle, personal information of users is destroyed without delay when the purpose of collecting and using personal information is achieved. However, information falling under each of the following items is retained for the specified period for the reasons below.

①Retention of information according to the Company’s internal policy
1. Items to be preserved: Items collected for service consultation (customer name, phone number, e-mail, consultation contents, etc.)
2. Reason for retention: Use of explanatory data in case of dispute
3. Retention period: 6 months after completion of consultation
②Retention of information in accordance with related laws
If it is necessary to preserve it in accordance with the provisions of related laws such as the Commercial Act, the Consumer Protection Act in Electronic Commerce, the Electronic Financial Transaction Act, etc., the Company keeps the information for a certain period specified in the relevant laws. In this case, the Company uses the information it keeps only for the purpose of its storage, and the retention period is as follows.
1. Records on contract or subscription withdrawal, etc.
  1. A. Retention period : 5 years
  2. B. Basis for preservation: Act on Consumer Protection in E-Commerce, etc.
2. Records on payment and supply for goods, etc
  1. A. Retention period : 5 years
  2. B. Basis for preservation: Act on Consumer Protection in E-Commerce, etc.
3. Records on consumer complaints or dispute settlement
  1. A. Retention period : 3 years
  2. B. Basis for preservation: Act on Consumer Protection in E-Commerce, etc.
4. Records on the collection/processing and use of credit information
  1. A. Retention period : 3 years
  2. B. Basis for preservation: Act on the Use and Protection of Credit Information
5. Records on identification
  1. A. Retention period : 6 months
  2. B. Basis for preservation: Act on Promotion of Information and Communication Utilization and Information Protection, etc.
6. Record of visit
  1. A. Retention period : 3 months
  2. B. Basis for preservation: Protection of Communications Secrets Act
③Application of the personal information expiration date system
In accordance with the provisions related to the Information and Communication Network Act, the Company shall protect personal information safely and prevent damage in the event that there is no record of using the service for 1 year(hereinafter, “Personal Information Validity Period”). In accordance with Article 29 of the Protection, Etc. Act, users are notified in advance and personal information is separately stored and managed. The Company shall notify you in advance via email 30 days before the expiration date. However, in the case of a member whose personal information has reached the expiration date, if there is individual consent, such as a request for an extension of the validity period or a request for an update of the validity period, and if the retention period is separately determined by other laws prescribed in paragraph ② take action after preservation for a specified period.

4. Personal Information Destruction Procedure and Method

①Destruction procedure
The information entered by the user for service application, service consultation, inquiries, etc. is transferred to a separate DB (separate filing cabinet in the case of paper) after the purpose is achieved and according to the reasons for information protection according to internal policies and other relevant laws(retention). And period of use it is destroyed after being stored for a certain period of time. Personal information transferred to a separate DB is not used for purposes other than retention unless required by law.
②Destruction method
1. Personal information stored in the form of electronic files is deleted using a technical method that cannot reproduce the record.
2. Personal information printed on paper is destroyed by shredding or incineration.

5. Provision of Personal Information

The Company uses the user’s personal information [2. The purpose of collection and use of personal information] is used within the range notified, and without prior consent of the user, it is not used beyond this range or, in principle, does not provide the user’s personal information to the outside. However, the following cases are exceptions.

①When users agree in advance
(when the user agrees in advance, it means that the user voluntarily agrees to provide his or her personal information to a third party for service use, etc.)
②In the event of a request from an investigative agency in accordance with the provisions of the law or according to the procedure and method specified in the law for the purpose of investigation
1. Persons who receive personal information
2. Purpose of use of the recipient
3. Items of personal information provided
4. The period of retention and use of personal information is notified in advance, and individual consent is obtained through an explicit method.
In all of these processes, the Company does not collect additional information against the user’s will or share information outside the scope of consent with third parties.
③ Person who receives personal information
1. The Company provides the personal information collected from users to third parties as follows.
  1. A. Credit card companies (Kookmin, BC, Lotte, Samsung, NH Nonghyup, Hyundai, Shinhan)
  2. B. 4 commercial banks (Shinhan, SC Cheil, Citi, Hana)
  3. C. 3 special banks (Nonghyup, Kiup, Kookmin)
  4. D. 3 local banks (Daegu, Busan, Gyeongnam, 1 full-time card company(Woori))
  5. E. VAN company
2. Purpose of using personal information by the person receiving personal information
  Store business information registration for each payment method for service provision, settlement of usage fees, and handling of consumer complaints and disputes, etc.
3. Items of personal information to be provided
  User’s card information (card number, expiration date, cardholder, etc.)
4. Retention and use period of personal information of the person receiving personal information
  Information retention period after completion of service provision or in accordance with relevant laws and regulations

6. Personal Information Processing Consignment

The Company may entrust some of the tasks necessary to provide the service to an outside company. Compliance with laws and regulations related to personal information protection through contracts when consigning business regulate and supervise the provision of confidentiality regarding personal information to third parties, obligation to destroy personal information, etc. If you entrust electronic financial transaction related work to an external company, it shall notify you through this policy.

8. Matters Concerning the Installation, Operation and Rejection of Automatic Personal Information Collection Devices

The Company installs and operates ‘cookies’ that store and find user information from time to time. Cookies are small text files sent to the user’s browser by the server used to operate the Company’s website and are stored on the user’s computer hard disk. The Company uses cookies for the following purposes.

①Purpose of use such as cookies
1. Provide targeted marketing and personalized services through analysis of the frequency of access or visit time of homepage users, identification of users’ tastes and interests, tracking traces, and identification of the degree of participation in various events and the number of visits.
2. Users have the option of installing cookies. Therefore, the user may allow all cookies by setting options in the web browser, check each time a cookie is saved, or refuse to save all cookies.
②How to reject cookie settings
1. As a method of rejecting cookies settings, you can allow all cookies by selecting the option of your web browser, go through confirmation every time you save cookies, or refuse to save all cookies.
2. Example of setting method(for Internet Explorer): Tools at the top of the web browser>Internet Options>Personal Information
③However, if the user refuses to install cookies, there may be difficulties in providing the service.

9. Civil petition service for personal information

In order to protect users’ personal information and handle complaints related to personal information, the Company appoints a person in charge of personal information protection and a person in charge as follows.

①Personal Information Protection Director
- Name : Kyungtae Kim
- Contact : +82 1577-6281
- E-mail : shwoo05@optatumplatform.com
②Personal Information Protection Officer
- Name : Dongwon Lee
- Contact : +82 1577-6281
- E-mail : dwlee@optatumplatform.com

You can report all personal information protection-related complaints arising from using the Company’s services to the person in charge of personal information protection or the person in charge. The Company shall provide prompt and sufficient answers to users’ reports.

If you need to report or consult about other personal information infringement, please contact the following organizations.

①National Police Agency Cyber Security Bureau (http://www.police.go.kr / 182)
②Supreme Prosecutors’ Office Cyber Investigation Division (http://www.spo.go.kr / 1302)
③Personal Information Infringement Accident Center (https://privacy.kisa.or.kr / 118)

10. Protection measures for information protection

The Company takes administrative/technical/physical protection measures for the safe management of personal information.

①Administrative protection measures: Establishment and implantation of personal information protection guidelines and internal management plans, regular employee personal information protection training, personal information protection law and enforcement ordinance review, etc.
②Technical protection measures: Apply physical network separation, personal information processing system access record check, credit information encryption, security program installation, periodic vulnerability check and measures, etc.
③Physical protection measures: Asymptotic control of protected areas such as technology research centers and IDCs, CCTV installation, etc.

11. Notification obligation

If there is any addition, deletion, or modification of the current privacy policy, it will be notified through the “Notice’ on the website at least 7 days before the revision.

Announcement date: 2021 April 1st
Effective date: 2021 April 15th