Effective Date: May 10, 2022
Vocal Classic (hereinafter referred to as the ‘Company’) collects, uses and manages users’ personal information according to the following principles,
In this regard, we comply with the relevant laws, personal information protection regulations and guidelines of the Republic of Korea, which information and communication service providers must comply with.
The company’s privacy policy contains the following information.
1. Purpose of collection and use of personal information
The company collects and uses personal information for the following purposes.
a) Member management
User identification and identification, confirmation of intent to sign up, prevention of fraudulent use of bad members, handling of complaints, delivery of notices, confirmation of intention to withdraw from membership, identification when exercising the rights of a legal representative
b) Service use and fee settlement according to use
Content provision, purchase and payment, delivery of goods or billing, collection of fees, registration/management of SMS sender number, shopping mall solution setting
c) Marketing and Advertising Utilization
New service development and specialization, delivery of advertising information such as events, provision of services and advertisements according to demographic characteristics, identification of access frequency, or statistics on member service use
d) Etc
Validate service, provide quality content seamlessly
2. Items and methods of collecting personal information
The company said ‘1. We collect personal information after obtaining user consent according to the purpose of collection and use of personal information.
a) Personal information collection items
(1) Membership registration
– Required: Name, login ID, password, email, access log, access IP information
(2) Service use
– Required: identity verification value, payment record, contact information
(3) Service refund, payment/settlement
– Required: Account information (bank name, account number, trader name)
(4) Service use process
– Behavioral information: Information generated by users while using the service is collected through an analysis tool, and the collected information is information that cannot identify the user.
– Other information: Service use (stop) records, access logs, cookies, access IP information
b) collection method
The company collects users’ personal information in the following ways.
– Website, written form, phone, fax, consultation bulletin board, event and prize event application
– Provided by affiliates
– Collection through generated information collection tools, etc.
3. Personal information retention and use period
a) Retention and use period of personal information
With respect to the user’s personal information, the company destroys the information without delay when the purpose of collection and use of personal information has been achieved, the retention and use period obtained with the consent of the user has expired, or the business has been closed.
b) Exceptional Retention of Personal Information
(1) User consent
The company keeps the user’s login ID for one year to prevent the user from illegally using the service provided by the company through methods such as double registration.
(2) Preservation of personal information in accordance with other related laws and regulations
The company retains the following information for a certain period of time in accordance with relevant laws and regulations.
o Records on contract or subscription withdrawal, etc.
– Relevant basis: Act on Consumer Protection in Electronic Commerce, etc.
– Retention period: 5 years
o Records on payment and supply of goods, etc.
-Relevant basis: Act on Consumer Protection in Electronic Commerce, etc.
– Retention period: 5 years
o Records on consumer complaints or dispute handling
-Relevant basis: Act on Consumer Protection in Electronic Commerce, etc.
– Retention period: 3 years
o Website visit history
-Relevant basis: Protection of Communications Secrets Act
– Retention period: 3 months
4. Provision of personal information
The company uses personal information of users as “1. Purpose of collection and use of personal information” is used within the scope notified, and the user’s personal information is not used beyond the scope without the user’s prior consent or, in principle, is not disclosed to the outside world. However, the following cases are exceptions.
– When the user agrees in advance
– In accordance with the provisions of the law or in accordance with the procedures and methods set forth in the law for the purpose of investigation, if there is a request from the investigative agency
5. Consignment of processing of personal information
The company consigns personal information as follows to improve the service, and stipulates necessary matters so that personal information can be safely managed during consignment contracts in accordance with relevant laws and regulations. If a company entrusted with personal information is added or the company or business is changed, we will notify you through a notice or personal information processing policy.
– Cafe24 Co., Ltd. > Scope of entrustment: Operation and maintenance of information system for service provision (hosting system), etc.
– Inicis Co., Ltd. > Scope of entrustment: Payment and escrow service
– Kakao Pay Co., Ltd. > Scope of entrustment: Simple payment
※ The information entrusted to the consignee is limited to the minimum information necessary to achieve the purpose.
6. Personal information destruction procedure and method
Personal information of users is destroyed in the following ways without delay when the purpose of collection and use of personal information is achieved, the retention and use period obtained with the consent of the user ends, or the business is closed.
a) Destruction procedure
The information entered by the user for service use is transferred to a separate DB after the purpose is achieved, stored for a certain period of time according to the period of retention and use of personal information, and then destroyed.
Personal information transferred to a separate DB will not be used or provided for any purpose other than those required by law.
b) Destruction method
– In the case of other recording media such as records, printed materials, and written materials, they are shredded or destroyed by incineration.
– In the case of an electronic file, it is completely deleted using a technical method so that it cannot be recovered or reproduced.
7. Rights of users and legal representatives and how to exercise them
The company protects the rights of users and legal representatives as follows.
a) You can view and modify your personal information at any time.
b) You may request withdrawal of consent to provision of personal information/cancellation of membership at any time.
c) In order to use and provide accurate personal information, when a user edits personal information, the user’s personal information is not used or provided until the correction is completed. If it has already been provided to a third party, we will notify the recipient without delay so that the information can be corrected.
The method of exercising the rights of the information subject is as follows.
a) View and modify personal information
Company site → Member login → My page → Edit information
b) Withdrawal of Consent and Termination of Membership
Withdrawal of consent and termination of membership are only possible for customers who do not use the company’s services, and customers who use the service must go through the service use cancellation procedure first and then request withdrawal through the company’s email (info@vocalclassic.com).
In addition to the information subject, the exercise of rights can be done through an agent, such as a legal representative or a person entrusted with the information subject. In this case, additional documents requested by the company (e.g. proof of identity and power of attorney, etc.) must be submitted.
8. Matters concerning the installation, operation, and refusal of automatic personal information collection devices
The company operates ‘cookies’ and ‘sessions’ to support faster and more convenient website use by frequently storing and finding user information, and to provide customized services.
Among them, ‘cookie’ is a small text file sent to the user’s browser by the server used to run the website and stored on the user’s computer, and ‘session’ is a small text file that the server used to run the website sends to the user’s browser. This refers to storing user information on a server.
The company operates ‘cookies’ and ‘session’ for the following purposes, and users have the option to install ‘cookies’.
a) Purpose of use of ‘cookies’ and ‘session’
By saving the user’s preferred settings through ‘cookies’ and ‘session’, it is used to improve the service for convenient use and to support a faster web environment for users.
b) How to reject ‘cookie’ settings
Users may allow all cookies by setting options in their web browser, go through confirmation whenever a cookie is saved, or refuse to save all cookies.
However, if you refuse to install cookies, you may find it inconvenient to use the web and have difficulty using some services that require login.
– How to set
1) For Internet Explorer: Tools menu at the top of the web browser > Internet Options > Privacy > Settings
2) In the case of Chrome: Settings menu on the right side of the web browser > Show advanced settings at the bottom of the screen > Content settings button for personal information > Cookies
c) Installation/Operation and Rejection of ‘Session’
The user does not have the option to install a session, and when a login is required among services provided by the company, including consignment work, a session is automatically created on the server operated by the company and used in common.
9. Technical/administrative protection measures for personal information
The company is making the following efforts in handling users’ personal information.
a). Minimization of designation of personal information handlers and training
We minimize the designation of personal information handlers and implement personal information protection training.
b) Restriction of access to personal information
We use an intrusion prevention system and detection system to control unauthorized access from outside. In addition, access to personal information is controlled through the management of access rights to the personal information processing system, details of authorization, change or cancellation are recorded, and the records are kept for at least 5 years.
c) Storage of access records and prevention of forgery
Records of access to the personal information processing system are kept and managed for at least two years, and access records are managed to prevent forgery, alteration, theft, and loss.
d) Encryption of Personal Information
The user’s personal information is transmitted using an encrypted communication section (SSL), and important information such as passwords are stored/managed in one-way encryption that cannot be decrypted.
e) Technical measures against hacking, etc.
In order to prevent leakage and damage of personal information caused by hacking or computer viruses, security programs are installed, periodically updated and inspected, and systems are installed in areas where access from outside is controlled and technically and physically monitored and blocked.
f) Access control for unauthorized persons
We set up a separate physical storage location for the personal information processing system that stores personal information, and establish and operate access control procedures.
10. Operation of personal information manager
In order to protect users’ personal information and handle complaints related to personal information, the company appoints the person in charge of personal information management as follows.
<Name of person in charge of personal information management: Kim Min-ji>
– Email: info@vocalclassic.com
In addition, if personal information is infringed and you need to report or consult, you can contact the following organizations for assistance.
– Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without an area code)
– Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972 without an area code)
– Cyber Investigation Division, Supreme Prosecutor’s Office (www.spo.go.kr / 1301 without area code)
– National Police Agency Cyber Security Bureau (cyberbureau.police.go.kr / 182 without area code)
11. Other personal information processing policies
a) User’s personal information management and theft
In principle, the user’s login information is intended to be used only by the user. The company does not take any responsibility for problems caused by leakage of personal information such as ID and password due to the user’s negligence or use by others. In addition, if membership registration or purchase is confirmed by stealing someone else’s personal information, the use contract may be unilaterally terminated, and imprisonment for up to 3 years or a fine of up to 10 million won may be imposed according to the Resident Registration Act.
b) Scope of application of personal information processing policy
Among the additional services provided by the company, this privacy policy does not apply to services that require separate membership registration and to the act of collecting personal information of users of affiliate sites linked to the company’s site.
12. Disclosure duty
This Privacy Policy was enacted on June 1, 2022, and if there is any addition, deletion, or modification of the contents due to changes in government policy or security technology, it will be notified through the ‘Notice’ on the website at least 7 days before the revision.