Privacy policy
Terms when you use the products and services of Blueroom
March 14, 2023
Article 1 (Purpose)
Blueroom (hereinafter referred to as the "Company") establishes this Privacy Policy (hereinafter referred to as the "Policy") to protect the personal information of individuals (hereinafter referred to as "Users" or "Individuals") who use the services provided by the Company (hereinafter referred to as the "Company Services") and to promptly and smoothly handle complaints related to the protection of personal information of service users by complying with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other relevant laws.
Article 2 (Principles of Personal Information Processing)
In accordance with relevant laws and this Policy, the Company may collect Users' personal information, and the collected personal information may be provided to third parties only with the consent of the individual. However, if the Company is legally obligated to provide the collected personal information to a third party, it may do so without the individual's consent.
Article 3 (Public Disclosure of this Policy)
The Company discloses this Policy to Users easily by making it available on the first page of the Company's website or through a link to the first page.
The Company ensures that the disclosure of this Policy, as stated in the preceding paragraph, is easily visible to Users by using appropriate font sizes, colors, and other means.
Article 4 (Changes to this Policy)
This Policy may be revised in accordance with changes in laws and regulations related to personal information or changes in policies or content of the Company Services.
When revising this Policy as mentioned in the preceding paragraph, the Company notifies Users through one or more of the following methods:
a) Posting on the notice board or a separate window on the website operated by the Company.
b) Sending notifications through written documents, facsimile transmission, email, or similar methods to Users.
The Company notifies Users of the revised Policy at least seven days before its enforcement date, as stated in the second paragraph. However, if there are significant changes in Users' rights, the Company provides notification at least 30 days in advance.
Article 5 (Information for Membership Registration)
To register for the Company's services, the Company collects the following information from Users:
Mandatory collection information: Email address, password, and nickname.
Optional collection information: Profile picture.
Article 6 (Information for Identity Verification)
For Users' identity verification, the Company collects the following information:
Mandatory collection information: Mobile phone number, name, date of birth, gender, and mobile carrier.
Article 7 (Information for Payment Services)
For providing payment services to Users, the Company collects the following information:
Mandatory collection information: Card number, card security code, expiration date, six digits of birth date (yy/mm/dd), bank name, and account number.
Article 8 (Information for Issuing Cash Receipts)
To issue cash receipts to Users, the Company collects the following information:
Mandatory collection information: Name of the recipient of the cash receipt, recipient's date of birth, and mobile phone number.
Article 9 (Information for Providing Company Services)
To provide the Company's services to Users, the Company collects the following information:
Mandatory collection information: ID and email address.
Optional collection information: (For physical product delivery) Name, phone number, and address, or (For mobile product delivery) Phone number.
Article 10 (Information for Service Use and Verification of Unauthorized Use)
For the use and verification of unauthorized use of services by Users, the Company collects the following information:
Mandatory collection information: Service usage records, cookies, connection location information, and device information.
※ Unauthorized use: Actions such as repeatedly rejoining after membership withdrawal, repeatedly purchasing and canceling products, illegal receipt of economic benefits from discount coupons and event benefits provided by the Company, actions prohibited in the terms of service, and illegal acts such as identity theft. The collected information may be used for statistics and analysis related to the use of the Company's services.
Article 11 (Methods of Collecting Personal Information)
The Company collects Users' personal information through the following methods:
a) Users input their personal information on the Company's website.
b) Users input their personal information through services provided by the Company other than the website.
c) Users input their personal information during their activities on customer centers or bulletin boards while using the Company's services.
Article 12 (Use of Personal Information)
The Company uses personal information for the following purposes:
a) To respond to inquiries and handle complaints to improve services for Users.
b) For marketing purposes, such as event and promotion notices.
c) For demographic analysis and analysis of service visits and usage records.
d) To prevent and sanction actions that hinder the smooth operation of services, including measures against members who violate laws and the Company's terms of service or engage in dishonest use, such as repeatedly rejoining after withdrawal and repeatedly purchasing and canceling products.
Article 13 (Retention and Use Period of Personal Information)
The Company retains and uses personal information for the period necessary to achieve the purpose of collecting and using personal information.
Notwithstanding the previous paragraph, the Company retains records of service unauthorized use for up to one year from the point of withdrawal, for the purpose of preventing and protecting against unauthorized registration and use.
Article 14 (Retention and Use Period of Personal Information according to Laws)
The Company retains and uses personal information in accordance with the relevant laws as follows:
a) Records of contracts or withdrawals of offers: 5 years
b) Records of payment and supply of goods: 5 years
c) Records of handling consumer complaints or disputes: 3 years
d) Records of displaying advertisements: 6 months
e) Website log data: 3 months
f) Records of electronic financial transactions: 5 years
g) Personal location information: 6 months
Article 15 (Principle of Personal Information Disposal)
The Company disposes of personal information without delay when the purpose of processing personal information has been achieved, or the retention period specified in the Company's internal policy or other relevant laws has expired.
Article 16 (Processing of Personal Information for Non-Users of Services)
For Users who have not used the Company's services for one year, the Company provides prior notice to Users and then disposes of their personal information or separates and stores it separately.
The Company sends a notification to Users' email addresses at least 30 days before the process of separating and storing personal information mentioned in the previous paragraph.
Non-Users can continue to use the service by logging into the website (including mobile apps) before the process of separating and storing personal information.
Non-Users can restore their accounts according to their consent by logging into the website as per the preceding paragraph.
The Company disposes of separated personal information without delay after keeping it stored separately for four years.
Article 17 (Procedure for Personal Information Disposal)
Personal information entered by Users for membership registration, etc., is transferred to a separate database (paper documents to a separate file) after achieving the purpose of processing personal information, and in accordance with internal policies and other relevant laws on information protection, it is stored for a certain period before being disposed of.
The Company disposes of personal information after obtaining approval from the personal information protection manager for the reason for disposal.
(Note: This is a translated version of the provided Korean text and may not be an official legal document. For an accurate and legally binding version, it's essential to consult the original Korean document or a qualified legal professional.)
Article 18 (Measures for Sending Advertising Information)
The Company obtains explicit prior consent from Users when sending commercial advertising information via electronic transmission media. However, the following cases do not require prior consent:
a) When the Company directly collects the contact information from the recipient of goods or services, and the Company intends to send commercial advertising information about similar goods or services within 6 months from the end of the transaction
b) When telephone marketers under the Act on Door-to-Door Sales, etc., notify the recipient of the source of personal information and make telephone solicitations
Despite the provisions in the preceding paragraph, the Company shall not send commercial advertising information if the recipient expresses their refusal to receive it or withdraws their prior consent. The Company shall promptly notify the outcome of the refusal to receive or withdrawal of consent to the recipient.
When the Company sends commercial advertising information via electronic transmission media between 9 p.m. and 8 a.m. on the following day, the Company shall obtain separate prior consent from the recipient, regardless of the provisions in paragraph 1.
When the Company sends commercial advertising information via electronic transmission media, the following information shall be clearly indicated in the advertising information:
a) Company name and contact information
b) Methods to refuse or withdraw consent to receive the information
The Company shall not take the following actions when sending commercial advertising information via electronic transmission media:
a) Measures to evade or hinder refusal to receive or withdrawal of consent to receive the advertising information
b) Measures to automatically generate contact information of recipients, such as telephone numbers or email addresses, by combining numbers, symbols, or characters
c) Measures to automatically register contact information, such as telephone numbers or email addresses, for the purpose of sending commercial advertising information
d) Measures to conceal the identity of the sender or the source of the advertising information
e) Measures to deceive recipients for the purpose of inducing them to respond to the advertising information
Article 19 (Access to Personal Information and Withdrawal of Consent)
Users or their legal representatives may access and modify their registered personal information at any time and request the withdrawal of consent for the collection of personal information.
Users or their legal representatives may request access, modification, or withdrawal of consent by contacting the personal information protection manager or the responsible department through written, phone, or email communication. The Company shall take necessary actions promptly upon receiving such requests.
Article 20 (Correction of Personal Information, etc.)
Users may request correction of errors in their personal information through the methods provided by the Company.
Until the correction of personal information is completed, the Company shall not use or provide the relevant personal information.
If the Company has already provided incorrect personal information to a third party, the Company shall promptly notify the correction to the third party and ensure that the correction is made.
Article 21 (User's Obligations)
Users must keep their personal information up to date, and the Company shall not be liable for any disadvantages caused by Users' submission of false information.
In the event that a User provides another person's personal information by impersonation, the User shall lose their membership status and may be subject to legal punishment under related laws.
Users are responsible for maintaining the confidentiality of their email addresses, passwords, etc., and shall not transfer or lend them to third parties.
Article 22 (Management of Personal Information by the Company)
The Company takes the following technical and administrative measures to secure personal information and prevent its loss, theft, leakage, alteration, or damage:
Encryption of personal information
Installing security programs such as firewalls
Restricting access to personal information to a minimum number of employees
Regular backup of personal information
Education and training of employees handling personal information
Article 23 (Handling of Deleted Information)
Personal information that has been terminated or deleted at the User's request is processed in accordance with the Company's retention and use period for personal information.
Article 24 (Encryption of Passwords)
User passwords are encrypted and stored, and only the User can confirm and change their personal information.
Article 25 (Measures against Hacking)
The Company makes its best effort to prevent the leakage or damage of personal information due to hacking or computer viruses.
The Company uses the latest antivirus programs to prevent personal information or data from being leaked or damaged and to securely manage personal information.
The Company is equipped with intrusion prevention systems to prevent leaks of personal information due to hacking.
The Company uses secure transmission encryption technology to safely transmit personal information on networks.
Article 26 (Minimization and Education of Personal Information Processing)
The Company limits the number of employees who handle personal information to a minimum and emphasizes compliance with relevant laws, regulations, and internal policies by conducting regular education and training for those who handle personal information.
Article 27 (Measures against Personal Information Leakage, etc.)
In case of personal information leakage (hereinafter referred to as 'Leakage, etc.'), the Company shall promptly notify Users of all details and measures through the Company's website or other appropriate means.
The Company may take alternative measures instead of notifying Users of the Leakage, etc. if it is difficult to contact them due to unknown contact information, etc., in which case, the Company shall announce the details of the Leakage, etc. on its website for more than 30 days.
Article 28 (Exception to Measures against Personal Information Leakage, etc.)
Even in the event of personal information Leakage, etc., the Company may not notify Users in accordance with the provisions of Article 27 if any of the following applies:
a) When providing the Leakage, etc. details is likely to harm the Company's business or harm a third party's interests
b) When providing the Leakage, etc. details is likely to violate other related laws
c) When it is difficult to determine the content and scope of the Leakage, etc.
Article 29 (Protection of Personal Information Transferred Overseas)
The Company does not enter into international contracts that involve violations of personal information protection laws or regulations regarding Users' personal information.
When the Company transfers or entrusts Users' personal information to overseas countries, the Company obtains the Users' consent. However, in cases where all the matters in Article 17, Paragraph 3, are publicly disclosed in accordance with laws and regulations, or when the method prescribed by the President through an enforcement ordinance is used to inform Users, the Company does not need to go through the consent process for the transfer or entrustment of personal information.
Before obtaining the consent mentioned in Paragraph 2, the Company shall notify the Users of all the following matters:
a) Personal information items to be transferred
b) Country where personal information will be transferred, date and method of transfer
c) Name (in the case of a corporation, the name and contact information of the person in charge of information management) and contact information of the recipient of personal information
d) Purpose of using the personal information and the retention period
When the Company transfers Users' personal information overseas with their consent, the Company takes the necessary measures in accordance with the provisions of relevant laws and regulations to ensure the protection of personal information.
Article 30 (User's Right to Accept or Reject Cookies)
Users have the right to choose whether or not to accept cookies. Users may configure their web browsers to allow all cookies, check each time a cookie is saved, or reject all cookies.
However, some of the Company's services that require login may be difficult to use if cookies are rejected.
Article 31 (Method to Allow Cookies)
The method for Users to allow the installation of cookies (in the case of Internet Explorer) is as follows:
Select 'Internet Options' from the 'Tools' menu.
Click on the 'Privacy' tab.
Configure the settings.
Article 32 (Appointment of Personal Information Protection Manager by the Company)
The Company designates the following department and personal information protection manager to protect Users' personal information and handle complaints related to personal information:
Personal Information Protection Manager:
a) Name: Seon Woo Jin
b) Contact: 010-8862-5507
c) Email: wlstjsdn12@gmail.com
Supplementary Provisions
This Policy is effective from January 1, 2023.