Rootalky privacy policy for collecting and processing personal information

Rootalky privacy policy for collecting and processing personal information
Rootalky (the company) thrives to do its best to comply with the regulations for promoting the usage of information network as well as the protection of member information according to the Protection of Communications Secrets Act, the Telecommunication Business Act, and to protect the right of the “members” by establishing privacy policy based on the relevant regulations and laws.
To comply with the privacy policy, the company will disclose on its website how and for what the information provided by the members are used, what relevant measures are taken to protect the members information, and if there are any changes.
To comply with the privacy policy, the company will disclose on its website how and for what the information provided by the members are used, what relevant measures are taken to protect the members information, and if there are any changes.
Article 1.
Collection of member information, purpose of the use, and method of the collection
  1. Unless there is an agreement with the members or relevant regulation, the company does not use the private information of the ‘member’ that is out of the usage range established in the current article. The company uses the collected information for following purposes.
  2. Implementation of contract relevant for offer of the service, providing summary of fee based on services, transaction of the service fee, shipping address and billing address, financial service offer, collection of fees, etc.
  3. Management of the members: confirmation of identity, personal identification, prevention of abuse by non-legitimate members, prevention of use without approval, confirmation of the intension for registration, limitation of registration and number of registrations, personal identification for legal representative, preservation of record for mitigating conflicts, confirmation of the age, management of complaints and others, delivery of the latest information including announcement.
  4. Collection and usage of data for identifying andprocessing the cause(s)in case of accident.
Article 2.
List of collected information
For the purpose of member registration, member support, offer of services, etc, the company is collecting following member information:
  • List of collected information: name, e-mail address, password, number of confirmation of registration (e-mail address, mobile phone number), gender, information on legal representative, credit card information, bank account information.
To provide better customer support and service, the company could collect following additional information:
  • Record of transaction, work and position information, e-mail receiving setting, course information, and setting for receiving e-mail for event and other advertisement.
Method of information collection: in writing, automatic collection through information generation tool, member registration and edition of information, phone call, messenger, off line individual support, and information offered from affiliated companies.
During the processing of service or business handling, following information may be automatically generated and collected.
  • Record of service use, record of login, cookie, login IP information, record of service use, record of illegitimate use.
When using services with fee, following information relevant to transaction may be collected.
  • When paying by credit card: the name of credit card company, credit card number, the credit card holder, birth date, expiration date, etc.
  • When using wireless bank transfer: the name of bank, name of the sender, bank account number, etc.
Article 3.
Storage of private information and duration of usage
  1. Principally, the company can maintain and use information collected during the time the members holds the status of the members, and once the goal of use and collection of the information is achieved, the corresponding information will be immediately deleted.
    • List of information stored: name, birth date, home phone number, home address, mobile number, e-mail address
    • Reason for information storage: regulations for protection of consumers in Internet transaction, regulation for usage and protection of credit information, identification of double registration and limitation on re-registration.
    • However, when it is necessary to store information based on regulation for protection of consumers in Internet transaction, the company stores the member’s information for a certain period following the relevant regulations below:
    • Record on contract or withdrawal of registration (identification of consumer information, contract, record of withdrawal of registration, etc.) – regulation for protection of consumers in Internet transaction – 5 years
    • Record on transaction of payment or supply of fund – regulation for protection of consumers in Internet transaction – 5 years
    • Record of consumer complaints or mitigation of conflicts – regulation for protection of consumers in Internet transaction – 3 years
    • Record of website visits (login record, IP, etc.) – protection of communication secrets act – 3 years
  2. Share of information for dormant members
    • If the member does not login for longer than 3 years since his/her last login, the member’s ID becomes “dormant member”, and member login and all the other services will be suspended. “The company” maintains the member information of “dormant member” separately from others’ information. “The company” does not notify the member in advance about becoming “dormant member,” and “the member” can immediately go through identification process on the “company” website or application to cancel the “dormant member” status and use the service again as usual.
Article 4.
Right to refuse to the agreement
“The member” has the right to refuse to the agreement for collection and use of private information. However, if the member refuses to the agreement for collection of information that is essential to make the contract, the member is not allowed to use the “company’s” contents and service (for the reason of difficulty in identification of the member and the intension of using the service). If the member refuses to the agreement for collection of information for marketing and advertisement, the members will not receive information on event and other benefits, including free gifts, promotion materials, discount advantage, etc.
Article 5.
Process and method for deleting private information
Once the goal of use and collection of the information is achieved, the company will immediately delete the corresponding private information. The process and method for deleting private information is as follow:
  • Process of deleting information: The information provided by “the member” for the registration purpose will be transferred to a separate DB after the goal of using such information is achieved, and after a certain period, the information will be deleted. The information ransferred to a separate DB will be stored but will not be used for any purposes except when called for relevant regulation.
  • Period for deleting process: Once the period for storing private information has passed, and the information is no longer needed (the purpose of using the information is achieved, corresponding service is no longer offered, or the business has been terminated), the corresponding private information will be deleted without delay from the date when the information becomes no longer necessary (unless there are adequate reasons, the information will be deleted within 5 days of this date).
  • Method for deleting information: Private information stored electronically will be deleted using a technique that does not allow the recovery of the information.
Article 6.
Providing private information
Principally, the company does not provide member’s private information to a third party. However, the following cases are exception.
  • If the members have agreed in advance.
  • If it is for the relevant regulation or if the information is requested for investigation purposes from relevant organization following proper procedures and methods.
Article 7.
Commissioning the collected private information
For the purpose of client service management, civil affairs and other relevant matters, the company commission the task of managing private information as follow. Also, in case of commissioning the task, the company makes sure that the relevant regulations for privacy protection are strictly followed, the information is not supplied to a third party, and that company receiving commissioning of the task is responsible in case of any accident, in order to protect the private information. In case the company receiving commissioning of the task is changed, we will notify the change in the display of policy for private information management within the notification section.
The company receiving commissioning of the task Stripe
Purpose of providing the information Transaction service
Provided information Information on purchased item (name of the item, option of the item, price of the item, discounted amount, delivery fee, amount of payment)
Duration of storage and usage of the information 5 years
Article 8.
The right and its practice of the members and their legal representative
  1. The member” or the legal representative can view or edit at any time their private information, or of their children who are below the age of 14 and request for the annulment of the registration.
  2. To view/edit the information of the member or of the children who are below the age of 14, the member can use ‘change personal information’ (or ‘edit member information’), and to request the annulment of the registration (annulment under agreement), the member can use ‘cancel membership’ to do so, after identification of the member has been approved. The member can also send the request in writing, phone call, or in email to the person in charge of private information management.
  3. When the member request for correction of personal information, the information will not be used or provided until the correction is completed. If the wrong personal information was provided to a third party, the processing of the correction will be immediately notified to the third party to ensure the correction will be made properly. The company will process the personal information requested to be annulled or deleted by the member or the legal representative according to the criteria stated under ‘Storage of private information and duration of usage collected by the company’, and to ensure that the information will not be viewed or used for any other purposes.
  4. Registration as a member is only permitted for people who are above the age of 14, and the information of people below the age of 14, who require the agreement from their legal representative for collection and usage of personal information, will not be collected.
Article 9.
Installation of automatic information collection device, factors relevant for operation and refusal
In order to provide personalized service to the members, the company operates ‘cookie’ which regularly stores and finds information of the members. Cookie is a tiny text file that is sent to the member’s browser from the server being used to operate the website of the company, and it is stored in the member’s computer hard disk. The company uses cookie for following purposes. The member has a right to accept or not the installation of cookie. Therefore, this information is stored only when the member provides the information, and information not provided by the member cannot be used, and other files stored in the computer cannot be accessed. The member can set different options in the browser to allow all cookies, or to confirm each time a cookie is stored, or to reject storage of all cookies.
  • The purpose of using cookie: cookie allows the company to analyze the usage pattern of the members and site visitors (frequency of the visit, time of the visit, level of interest in the service) to provide the information that is optimized for the member and to personalize the service accordingly.
  • How to refuse installation of cookie: The member can set different options in the browser to allow all cookies, or to confirm each time a cookie is stored, or to reject storage of all cookies. However, if the member sets the option to reject storage of all cookies, there may be difficulty in providing some of the services that require login. The member can set the option to allow or refuse the installation of cookies as follow:
  • Internet Explorer: go to ‘tool’ located at the top of the browser ->Internet option -> personal Information
  • Google Chrome: go to ‘setting’ located at the top of the browser -> advanced setting ->personal information
Article 10.
Measures for technical and managerial protection of the personal information
In order to protect the personal information of the members from being lost, stolen, leaked, falsified, or damaged, the company manages following measures for technical and managerial protection of the personal information.
  1. Management of the password The password associated with the ID of “the member” is only known to the member himself/herself, and identification of the password and the change of the password are only allowed for the member himself/herself.
  2. Measures against hacking In order to prevent the personal information from being leaked or damaged by hacking or computer virus, the company installs protection software program and periodically inspects it to technically and physically monitor and block such an event from the system.
  3. Minimizing number of staffs and education The staff for managing personal information for the company is limited to the person in charge, and he/she is assigned with a separate password, which is renewed regularly. Through frequent education of the person in charge, ensuring the regulation of Rootalkyfor processing personal information is always emphasized.
  4. Establishment and execution of the internal management plan In order to process the personal information securely, internal management plan is established and executed.
  5. Limit of access to the system for personal information processing Byassigning, changing, and cancelling the access right to the database system for personal information processing, the company takes necessary measures on limiting the access to the personal information, and by using prevention system against break-in, the company controls the unauthorized access from a third party. However, the company is not responsible for any problem from information –such as ID, password, social security number, and password for the credit card, etc. – leaked due to the problem of Internet or the carelessness of the members.
Article 11.
Notification on the right to refuse the agreement
Personal information is necessary for using services provided from the company and for purchasing items. The member can refuse to agree to provide personal information, but in such a case, access to use the service provided from the company or to purchase items can be limited.
Article 12.
The person in charge of management of personal information and his/her contact information
For every civil affair relevant for personal information that may occur when using the service provided by Rootalky can be informed to the person in charge of management of personal information. Rootalky will provide prompt and sufficient response about such a report from “the member” and users.
Name Elsie Oh
Email elsie@rootalky.com