Privacy Policy

Privacy Policy

Nexnet Co., Ltd. (hereinafter referred to as "the Company") is making every effort to provide smooth and convenient services. The Company complies with the "Act on Promotion of Information and Communications Network Utilization and Information Protection" (hereinafter referred to as "Network Act") and relevant privacy protection regulations, thereby adhering to the guidelines for protecting members' personal information.

The Company discloses this privacy policy on the homepage's first screen so that members can easily view it at any time.

This privacy policy may be changed due to changes in laws, protection guidelines, or internal policies. If changes occur, the Company will immediately notify the members of the reason and details of the changes via the homepage.

[ Definition of Terms ]
"Personal information" refers to information about a living individual that can identify the individual through details such as name, date of birth, etc. (including information that can identify an individual when combined with other information, even if the information alone does not identify the individual). 
The Company uses the personal information of members within the scope disclosed in "Article 1: Items of Personal Information Collected and Collection Methods" and "Article 2: Purpose of Collecting and Using Personal Information." If the scope is exceeded or changed, the Company will obtain prior consent from users. Any changes to "Article 3: Retention and Use Period of Personal Information" or third-party provision and processing consignment will also require notification and consent via internet site, written form, phone, or email.

In the process of membership registration, clicking the "Agree" button regarding the receipt of commercial advertisements via email, mobile phone, etc., confirms the consent to receive commercial advertisement information.

Article 1: Items of Personal Information Collected and Collection Methods
The Company collects personal information through the following items and methods:

1. Collected items: ID and password, password question, password answer, name, date of birth, address, phone number, mobile phone number, SMS reception status, email address, newsletter reception status, I-PIN number, personal identification number, gender, nickname, login time, service usage record, legal guardian information, character name, PC IP.

The Company presents mandatory and optional fields during registration. Users must fill in the mandatory fields to use the membership services. However, optional fields can be left blank without restricting the use of services. For paid services, users must enter their bank account information, credit card details, etc., within the required range for payment purposes.

2. Collection method: Website (membership registration), written form, telephone. The Company does not use or disclose the information collected for purposes other than those disclosed to users.

Article 2: Purpose of Collecting and Using Personal Information
The purpose of collecting and using the personal information collected by the Company is as follows:
It is used for the fulfillment of contracts related to service provision, payment settlement, purchase and content provision, billing or shipment of goods, and financial transaction authentication. The Company does not disclose users' personal information without their prior consent and uses the collected information as stated below.

1. Member management
Verification of identity via credit rating agencies, identification of users, provision of age-restricted services, consent verification for the collection of personal information of children under 14 years old, confirmation of legal guardian consent for minors' legal actions, handling complaints, communication via notices, temporary password issuance, resolution of disputes, prevention of unauthorized use, confirmation of duplicate registrations, etc.

2. Utilization for new services and marketing
Provision of information on new services and events, offering personalized services, preparing demographic analyses, and providing services and advertisements.

Article 3: Retention and Use Period of Personal Information
The Company will destroy personal information once the purpose of collection and use has been achieved. However, the following information will be retained for the specified period for the reasons listed below.

o Retained items: ID and password, name, date of birth, address, phone number, mobile phone number, SMS reception status, email address, newsletter reception status, login time, service usage record, character name, PC IP.
o Retention reason: To resolve consumer complaints and disputes upon membership withdrawal.
o Retention period: 30 days

When required by applicable laws such as the Commercial Code and the Consumer Protection in Electronic Commerce Act, the Company may retain personal information for a period longer than specified. In this case, the information will only be used for the purpose of retention and will be retained for the minimum required period, as follows:

Contract or cancellation records
o Retention reason: Consumer Protection in Electronic Commerce Act
o Retention period: 5 years

Payment and supply records
o Retention reason: Consumer Protection in Electronic Commerce Act
o Retention period: 5 years

Consumer complaints or dispute resolution records
o Retention reason: Consumer Protection in Electronic Commerce Act
o Retention period: 3 years

Identity verification records
o Retention reason: Network Act
o Retention period: 6 months

Article 4: Procedures and Methods for Destroying Personal Information
The Company will destroy personal information once the purpose of collection and use has been achieved. The procedures and methods for destruction are as follows:

1. Destruction procedure
o If a member has not used the service for a certain period or withdraws from membership.
o Personal information will be retained for 90 days for the purpose of resolving consumer complaints and disputes, and will then be destroyed in a way that prevents recovery.

2. Destruction method
o Personal information stored in electronic files will be deleted using technical methods that prevent the recovery of records.
o Printed personal information will be shredded or incinerated.

Article 5: Provision and Sharing of Personal Information
The Company does not provide users' personal information to third parties, except in the following cases:

1. If the user has consented in advance.

2. When necessary for payment settlement related to service provision.

3. When required by law or at the request of law enforcement for investigation purposes.

4. When providing information in a form that cannot identify specific individuals for statistical purposes, academic research, or market research.

For higher quality service provision, the Company shares personal information with the following third parties with prior consent:

Information for membership services:
- Recipient: KG Mobilians
- Information provided: Name, date of birth
- Retention period: Used only for identity verification during membership registration, no separate retention.

Information related to mobile payment dispute resolution:
- Recipient: Mobile Payment Arbitration Center
- Information provided: Name, date of birth, mobile phone number
- Retention period: Until dispute resolution.

Information for payment processing and billing:
- Recipient: KG Mobilians (Payment Agency)
- Information provided: Payer's name, resident registration number, ID, IP information
- Retention period: 5 years from the payment date.

Information for marketing and events:
- Recipient: Marketing Agency
- Information provided: ID, date of birth, name, address, phone number, mobile number, IP address
- Retention period: Until membership withdrawal.

Article 6: User and Legal Guardian Rights and Methods of Exercise
1. Protection of children's personal information
- The company obtains the consent of the legal representative when collecting, using, or providing personal information of children under the age of 14 (hereinafter referred to as "children").
- To obtain consent from a child's legal representative, the company may request the minimum necessary information, such as the legal representative's name and contact details. The collected information will only be used to confirm the consent of the legal representative and will not be used for other purposes or shared with third parties.
- The consent form from the legal representative will be used for resolving consumer complaints or disputes related to contracts, cancellation of agreements, payment, or delivery of goods involving the minor.
- The consent form or withdrawal of consent from the legal representative for a child who has withdrawn their membership will be destroyed in an irreversible way after 90 days. However, if required by relevant laws such as the Commercial Act or the Consumer Protection Act in Electronic Commerce, the company will retain the information for the period specified by the law.
- The legal representative of a child may request the review, correction, or withdrawal of consent for the collection, use, or provision of personal information of the child. In such cases, the company will take necessary actions without delay.

2. User's rights regarding personal information
- A member may withdraw their consent for the collection of personal information by clicking "Change Member Information > Withdraw Membership" on the company’s website, or by contacting the personal information management officer via written request, phone, or email. In such cases, the company will confirm the identity of the member and, unless otherwise stipulated by laws, take action such as destroying the personal information. However, if personal information is destroyed due to membership withdrawal, any related information accumulated during the use of the company’s services may also be destroyed.
- A member may request to review and correct their personal information through the "Change Member Information" page on the company’s website, and the company will take necessary actions in response to such requests.
- If a member's agent visits to request a review or correction of personal information, the company will verify whether the person is the legitimate agent of the member. In this case, the company may request the agent to provide proof of the agency relationship.
- If the company has a legitimate reason to refuse a request for reviewing or correcting all or part of the personal information, it will promptly notify the member and explain the reason for the refusal.
- Changes to mandatory registration items such as name, date of birth, or email address provided during membership registration may cause errors or disruptions in the services provided by the company. Therefore, to ensure smooth and stable service provision, the company may request the member to follow a separate procedure for changing mandatory registration items.

Article 7: Installation and Operation of Automatic Collection Devices (Cookies)
The company operates "cookies" (connection information files) to store and retrieve member information periodically in order to provide specialized, personalized services to the members. 
In relation to the operation of cookies, the company identifies the member’s computer but does not personally identify the member. 
Members have the right to choose whether to accept cookies. By selecting [Tools] > [Internet Options] > [Security] > [Custom Level] in their web browser, members can choose to allow all cookies, confirm each time a cookie is saved, or reject the storage of all cookies. However, if members reject the storage of all cookies, they will not be able to use services provided by the company through cookies.

Article 8: Technical/Administrative Protection Measures for Personal Information
The company has implemented technical measures to ensure the security of personal information and prevent loss, theft, leakage, alteration, or damage while processing personal information. 
Member personal information is encrypted so that only the individual can access it, and personal information verification and changes can only be made by the individual. 
The company ensures the safe transmission of personal information over the network through encrypted communication. 
The company makes every effort to prevent personal information from being leaked or damaged due to hacking or computer viruses. 
The company regularly backs up personal information to prepare for any emergencies and takes measures to prevent damage from computer viruses using antivirus programs. 
The company continuously strives to enhance security through access control, authority management, and vulnerability inspections of the system. 
The company limits access to personal information to a minimum number of personnel and conducts regular training for employees handling personal information. 
The company has a department dedicated to personal information protection that checks compliance with the privacy policy and internal regulations, and makes immediate corrections if any issues are discovered. 
The company does not take responsibility for issues arising from personal information leakage due to the member's negligence or internet-related problems such as ID, password, or date of birth leakage.

Article 9: Personal Information Complaints Service
The Company has designated departments and officers to handle personal information complaints and concerns.

- Customer service: Customer Center

- Privacy Officer:
  - Name: Noh Seong-hee
  - Department: Operations Team
  - Email: help@nexnet.co.kr

If users have any privacy-related complaints, they can contact the Privacy Officer or the relevant department for a prompt response.

- Personal Information Infringement Reporting Center (http://www.cyberprivacy.or.kr, Phone: 1336)
- Personal Information Dispute Mediation Committee (http://www.kopico.or.kr, Phone: 1336)
- Information Security Mark Certification Committee (http://www.privacymark.or.kr, Phone: 02-580-0533)
- National Police Agency (http://www.police.go.kr)

Article 10: Notification Duty
If there are changes to the privacy policy due to legal, policy, or security reasons, the Company will notify members at least 7 days before the policy changes are implemented.

Appendix
Effective Date: September 26, 2024.