KineMaster Corporation or its affiliates (the “Company”) value the Personal Information (as defined below) of a user who uses the Services (as defined below) operated by the Company (the “Customer”) and endeavor to observe the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and Personal Information Protection Act.
Article 1 (Purpose)
The purpose of this Policy is to provide information on how and for what purposes the Company uses the Personal Information received from the Customer in connection with his/her use of the Services (as defined below) provided by the Company, and to provide information on the measures taken by the Company to protect the Personal Information.
Article 2 (Definitions)
The terms used herein shall be defined as follows:
(1) “Customer-Created Work” means contents, created by the Customer, by editing his/her original contents through application of audio or video effects, and storing such edited work while using the Services;
(2) “ID” means an email address that is designated by a Customer and approved by the Company for the identification of the Customer and his/her use of the Services;
(3) “Member” means a Customer who signs up to the Services through membership registration procedures offered by the Company;
(4) “Minor Customer” means a Customer who is under the age of 14;
(5) “Password” means a combination of letters and/or numbers designated by a Customer to identify himself/herself as the Customer via the ID granted to him/her and to protect his/her rights and interests;
(6) “Personal Information” means information about a natural person based on which the person can be identified, including the name and resident registration number of such person (Personal Information also includes information which, by itself, cannot identify a specific individual but can be easily combined with other information to identify a specific individual); and
(7) “Services” means all services provided by the Company, including all websites, applications, products, contents, etc. of the Company.
Article 3 (Personal Information subject to Processing and Method of Collection)
(1) The Company collects the following Personal Information of a Customer through its Services. The Personal Information below shall be information required to be processed for the Customer to use the Services, and if the Customer does not give consent for the processing of such information, his/her use of the relevant Services may be restricted:
- Information on membership registration: Name, email address, Password;
- Information on membership registration of a minor under 14: Name, contact information of his/her legal representative;
- Information on the use of the paid Services: Information on the purchase of the Services and on membership subscription;
- Information on the participation in events and promotional activities: Name, email address;
- Information for the provision of the Services: OS information that may serve to identify devices, hardware information, Android ID, Apple ID, Google Advertising ID, advertising data;
- Information generated automatically during the use of the Services: IP address, access record, record on the use of the Services, crash log, diagnosis information, performance data (application use time, non-response rate, energy use), product interaction, cookies; and
- Information uploaded or provided to the Company by the Customers during the use of the Services: Contents such as pictures or videos uploaded by the Customers, including profile pictures, metadata related to or included in the uploaded contents, such as filming time and date, location, file creation date, etc.
(3) The Company may also use the Google API services, including Google Sign-In and Google Drive API. The Company shall not collect, access, or share with a third party, the Personal Information of the Customer via the Google API services. In addition, the Company shall use information received from Google API in compliance with the limitations applicable to the use of such information, as well as the terms of service of Google API and the user data policy of the Google API services.
Article 4 (Purpose of Personal Information Processing)
The Company shall use the Personal Information collected for the following purposes:
- To confirm a Customer’s intention to use the Services and provide and recommend the optimized and customized Services to the Customer;
- To improve the existing Services and develop new services;
- To analyze, and compile statistical data, on the use of the Services;
- To prevent the abuses of the Services, illegal activities in the Services and damage to the Company and third parties due to such abuses and illegal activities;
- To provide events and promotional activities and information related thereto;
- To receive and handle complaints about the Services; and
- To request the suspension of the inspection/correction/processing of the Personal Information and for reporting purposes.
Article 5 (Personal Information Processing/Retention Period)
In principle, the Company shall destroy the Personal Information immediately after the purpose for processing the relevant information has been achieved; provided, however, that if it is required under the applicable laws to retain the Personal Information, the Company shall store the Personal Information of a Customer for a period specified in the applicable law as described below. In such case, the Company shall transfer the relevant Personal Information to a separate database or store it in a different location.
|Retained Information||Period of Retention||Applicable Law|
|Records of agreements and withdrawal from membership registration, etc.||Five years||Act on the Consumer Protection in Electronic Commerce, Etc.|
|Records of payment of fees and supply of goods, etc.||Five years||Act on the Consumer Protection in Electronic Commerce, Etc.|
|Records of handling of Customer complaints or disputes||Three years||Act on the Consumer Protection in Electronic Commerce, Etc.|
|Records of collection, processing, use, etc. of credit information||Three years||Credit Information Use and Protection Act|
|Records on labeling and advertising||Six months||Act on the Consumer Protection in Electronic Commerce, Etc.|
|Records of Customer access logs (including location of access)||Three months||Protection of Communications Secrets Act|
|Other data to confirm the existence of communication||12 months||Protection of Communications Secrets Act|
Article 6 (Process/Method of Destruction of Personal Information)
(1) The Company shall destroy the Personal Information immediately after the expiration of Personal Information retention period under Article 5 or under applicable laws, or the retention of the Personal Information becomes unnecessary after the purpose of the retention has been achieved unless there is a justifiable reason for not doing so.
(2) The Personal Information stored in electronic file format shall be deleted by using a technical method so that the record cannot be restored. The Personal Information printed on paper, etc., shall be shredded by a shredder or incinerated.
Article 7 (Installation, Operation and Refusal of Cookies)
(1) The Company shall operate ‘cookies,’ etc. that store and find information of a Customer from time to time. Cookies are small text files sent from the web browser of the Customer to the server used for the operation of the website of the Company and stored in the computer hard drive and mobile device of the Customer.
(3) The Customer shall have the option to install cookies. Therefore, the Customer may permit all cookies, confirm storage of cookie each time, or refuse the storage of all cookies by setting such option in his/her web browser; provided, however, that if the Customer refuses the installation of cookies, there may be difficulties in providing the Services to the Customer. Please see below for how to control cookies in the web browser:
- How to set the cookie setting (if Internet Explorer 8.x is used): Go to the ‘Tool’ menu and then select the ‘Internet Option’ menu. Then, click the ‘Personal Information’ tab. The Customer may set a level of permission suitable for him/her by selecting the ‘Advanced Setting’ menu.
- How to view cookies received (if Internet Explorer 11.x is used): Go to the ‘Tool’ menu and then select the ‘Internet Option’ menu. The Customer may check cookies he/she has received through the ‘View File’ menu by clicking the ‘General’ tab to access the ‘Setting’ menu of the ‘Recent Searches’ option.
- How to refuse the cookie setting (if Internet Explorer 11.x is used): Go to the ‘Tool’ menu and then select the ‘Internet Option’ menu. Then, click the ‘Personal Information’ tab. The Customer may select the ‘Default’ menu and then the ‘Block All Cookies’ option at a higher level to refuse the cookie setting.
- Please click here for other methods to control cookies.
Article 8 (Provision of Personal Information to Third Party)
(1) The Company shall process the Personal Information of a Customer only to the extent necessary to achieve the purpose specified in Article 4 of this Policy and shall not process such Personal Information beyond the scope of its original purpose or provide it to a third party without the prior consent of the Customer; provided, however, that in case of the occurrence of any of the events described under the following subparagraphs, the Company may use the Personal Information for a purpose other than the purposes set forth under this Policy or provide the Personal Information to a third party unless such use or provision may unfairly prejudice the interests of the Customer or a third party:
- If a Customer or his/her legal representative is incapable of expressing his/her intent, or a prior consent of the Customer or his/her legal representative cannot be obtained for a considerable period of time after the consent was requested, to the extent it is clear that the use or provision of the Personal Information is urgently required to protect life, body or property interest of the Customer or a third party;
- If the use or provision of the Personal Information is made pursuant to the laws or the request from an investigation agency in accordance with procedures and methods stipulated under the law for investigation purposes;
- If the use or provision of the Personal Information is required for the settlement of fees for the paid Services;
- If the Personal Information is provided for the preparation of statistical data, or for academic research or market research purposes after processing the data so that the data subject cannot be identified; or
- If the Personal Information is used or provided with the prior consent of the Customer.
(2) The Company shall notify the Customer of each of the following matters at the time the Company seeks the Customer’s consent under Paragraph (1) above. The Company shall also notify and obtain the consent of the Customer for any change to the following matters:
- Person to whom the Personal Information is provided;
- Purpose of the use of the Personal Information (the purpose of the use by the person who is to receive the Personal Information);
- Particulars of the Personal Information that is used or provided;
- Periods of the retention and use of the Personal Information (the periods of the retention and use by the person who is to receive the Personal Information); and
- The fact that the Customer has the right to refuse to give his/her consent and details of the disadvantage, if any, that may result from the Customer’s refusal to give his/her consent.
(3) If the Customer’s profile is disclosed to the public, information in such profile and the Customer-Created Work may be provided to other Customers, search engines, integrated contents management system, etc. The Customer may change the disclosure setting at any time and keep his/her profile or contents including Customer-Created Contents from being disclosed.
Article 9 (Outsourcing of Processing of Personal Information)
(1) The Company shall not outsource the processing of the Personal Information to another person without the consent of the Customer; provided however, that the Company currently outsources the processing of the Personal Information as provided below to improve the Services and develop new services.
(2) If the Company outsources the processing of the Personal Information to an outside service provider, it shall specify in an outsourcing agreement, etc., executed with such service provider that it shall follow the Company’s instructions on the protection of the Personal Information, keep the confidentiality of the Personal Information, be prohibited from providing third parties with the Personal Information and be liable for any accident and keep such agreement in hard or soft copy. In the event of any change to the outsourcee or outsourced business, the Company shall announce such change via one or more of the following means: in writing or by email, telephone, SMS, homepage announcement or any method similar thereto.
Article 10 (Rights/Obligations of Customer and Method of Exercise Thereof)
(1) A Customer and the legal representative of a Minor Customer (hereinafter collectively referred to as the “Customer” for the purpose of this Article) may request for the inspection of the Personal Information on himself/herself and the minor under 14 (applicable to the legal representative of the minor) processed by the Company by filing a written request to the Company. In such case, the Company shall respond within 10 days after receiving such request whether to allow the inspection of the Personal Information, unless there are extraordinary circumstances preventing the Company from responding within such period in which case the Company must explain the reasons for the delay (if any), or refusal (if any) to allow the requested inspection. In case of the events described under the following subparagraphs, the Company may restrict or refuse the requested inspection after informing the Customer of the reasons for such restriction or refusal:
- If the requested inspection is prohibited or restricted by law; or
- If the requested inspection may harm the life or body of another person or unfairly prejudice the property or other interests of another person.
(2) After inspection, the Customer may request the Company to correct or delete such Personal Information to the extent it is false or cannot be confirmed to be true; provided, however, that no such request for deletion may be made if the collection of such Personal Information is explicitly required under the law.
(3) Within 10 days after receiving a written request for the correction or deletion of the Personal Information from the Customer under Paragraph (2) above, the Company shall inform the Customer in writing of any correction or deletion made, if any, or if the Company refuses to grant such request, shall inform the Customer in writing of such refusal and reasons thereof and how to raise an objection thereto.
(4) The Customer may request the Company to suspend the processing of his/her Personal Information; provided, however, that in the event of any of the following subparagraphs, or if there is any other reasonable ground, the Company may refuse such request for suspension after notifying the Customer of the reason for such refusal:
- If there are applicable special legal provisions or such refusal is unavoidable to perform the Company’s legal obligations;
- If such suspension may harm the life or body of another person or unreasonably prejudice the property or other interests of another person; or
- If a failure to process the Personal Information makes it difficult for the Company to provide the Services to the Customer or otherwise perform any agreement with the Customer, and the Customer has not clearly indicated his/her intent to terminate such agreement.
(5) Within 10 days after receiving a written request for suspending the processing of the Personal Information from a Customer under Paragraph (4) above, the Company shall inform the Customer of the measures taken to suspend the processing of such Personal Information, or if the Company refuses to grant such request, shall inform the Customer in writing of such refusal and reasons thereof and how to raise an objection thereto.
(6) The Company shall not sell the Personal Information of its Customers. If the Company desires to sell the Personal Information of the Customers to a third party, it shall explicitly notify the Customers of its intended sale of the Personal Information and obtain the consent of the Customers, which the Customers may refuse.
(7) The Customer may request the Company to transfer his/her Personal Information collected by the Company to another entity or to the Customer.
(8) The Customer may withdraw his/her consent to the collection/use of the Personal Information; provided, however, that in such case, as the Customer cannot use the Services as the Member any longer, he/she shall cancel his/her membership. The Customer may request the Company to cancel his/her membership by sending an email to the address provided in the Services.
(9) If the Customer seeks relief for the exercise of his/her right under each paragraph of this Article or any infringement of his/her rights and interests relating to the Personal Information, he/she may file a request for such relief to the Personal Information Protection Manager under Article 13 hereof or by sending an email to the address provided in the Services.
Article 11 (Overseas Transfer of Personal Information)
(1) If the Customer does not reside in the Republic of Korea (“Korea”), the Personal Information of such Customer may be stored and processed in servers located in regions other than a country in which the Customer resides as below:
- Jurisdictions in which the Personal Information is processed: Korea (where the Company is headquartered) and the countries in which the regions of Amazon Web Services are located including the following countries; US, Africa, Hong Kong, India, Singapore, Australia, Japan, Canada, Germany, Ireland, UK, Italy, France, Sweden, Bahrain, Brazil.
- Purpose of the transfer of the Personal Information: To store and manage the Company’s servers and provide the Services requested by the Customer and process related requests.
(2) In the event of the transfer of the Personal Information, the Company shall apply protective measures pursuant to the Personal Information Protection Act to protect the Personal Information and take appropriate level of protective measures.
Article 12 (Measures to Ensure Safety of Personal Information)
The Company currently takes the necessary technical, administrative, and physical measures in its processing of the Personal Information as follows:
(1) Password is only known to the relevant Customer as it is stored and processed in an encrypted format, and the Personal Information can be confirmed and changed only by the relevant Customer who knows the Password;
(2) Company installs its systems in controlled areas that cannot be accessed by external parties to protect the Personal Information of the Customers from being leaked or damaged through hacking, computer virus, etc. Company frequently backs up its data and uses the latest vaccine programs to protect the Personal Information or data of the Customer from being leaked or damaged and to ensure that the Personal Information is transmitted safely on its network via encrypted communication method, etc.; and
(3) Company designates employees in charge of the processing of the Personal Information, who shall be the only employees involved in the processing of the Personal Information, and grants such employees separate Passwords for such purpose and renews such Passwords periodically, and always emphasizes the importance of complying with this Policy by providing regular training to such employees in charge of the processing of the Personal Information.
Article 13 (Manager for Protection of Personal Information)
(1) Company exercises best efforts to ensure that the Customers can safely use the Services of the Company. With respect to the use of the Services of the Company, a Customer may report any complaint related to the protection of Personal Information to the manager for protection of Personal Information or to the relevant department, in which case the Company shall respond promptly and faithfully to such report.
|Classification||Manager for protection of personal information|
|Department / Title||R&D / CTO|
(2) Should a Customer need to report or need any advice regarding potential infringement of Personal Information, please contact any of the following institutions:
- Center for Report of Infringement of Personal Information, KISA
- Cyber Investigation Department, Supreme Prosecutors’ Office
- Cyber Safety Bureau, National Police Agency
Article 14 (Language)
This Policy is written in Korean and English. In the event of conflicts between the Korean version and the English version, the Korean version shall prevail.
- Date of public notice: Nov 24, 2022
- Effective date: Dec 1, 2022