Privacy Policy (Effective Date: October 3rd, 2023)

Thinkfree Inc. (hereinafter referred to as “Company”) has established the following Privacy Policy to protect the personal information of the users and their rights and interests and to facilitate handling of their complaints in relation to personal information.

We reserve the right to change this Privacy Policy at any time. Such changes will be reflected by the Effective Date above. We encourage you to visit and review this Privacy Policy to stay abreast of any changes.

Article 1. Definition

① Service: This refers to the Company and its related services that are available to its members regardless of the implemented devices (including various wired and wireless devices such as PCs, TVs, and portable devices).

② User: Refers to visitors who access the company’s sites or services to receive services provided by the Company.

Article 2. Purpose of Processing Personal Information 

The Company uses the collected personal information for the following purposes:

① Payment settled as per the contract execution regarding the provision of services and the service provision thereof: Provision of contents, purchase and payment, shipping or delivery to billing address, identification for financial transactions (payment, etc.) and financial services.

② For marketing and advertising purposes: Development and specialization of new services (products), delivery of advertising information such as events, provision of service and display of advertisement according to demographic characteristics, statistical usage to identify access frequency or service usage by member.

③ Connection to online supplementary service: In case a member requests to use online supplementary services through member registration and personal information update, the Company will deliver the collected personal information to the online supplementary service provider for smooth use of such services.

Article 3. Personal Information for Handling

The Company collects the following aspects of personal information for non-member services, customer counseling and after-sale service applications.

① Scope of information that can be collected during service use and handling process: Service usage records, access logs, cookies, access IP information, payment information and records.

② Google Analytics:

1. The Company aims to provide efficient services by using Google Analytics, a web analytics service provided by Google, Inc. (hereinafter referred to as “Google”), for the purpose of providing better service to customers to analyze and evaluate how customers use the Company’s services, identify customers’ needs, and improve and customize the services and products provided.
2. Google Analytics uses “cookies”, a text file stored on your computer, to analyze a user’s pattern of using their website.
3. Google stores such information collected through cookies by moving them to the Google servers located in the United States.
4. Google may provide this information to the third party where required by law, or those that processes such information on our behalf of Google.
5. Google does not associate our customer’s IP address with any other data that Google has.
6. Unless a customer specifically denies access of Google to cookies, it shall be considered that you consent to the use of Google cookies and all information generated by Google Analytics by using the Company’s service.
7. Google’s Privacy Policy details can be found here. 
8. To see how to refuse the Google Analytics service, go to Google’s website to limit the usage or disable all cookies. Note, however, that if you disable cookies, you may be restricted from using some of the services that require logging in, and you will be and are solely responsible for this.

Article 4. Processing and Retention Period of Personal Information

Your personal information shall be retained by the Company as long as you receive the services provided by the Company as a member of the Company and shall be used to provide our services to you as members.

① Membership information: The principle is to destroy the personal information at the time of withdrawal or expulsion, and if the purpose of personal information collection is fulfilled, however, your personal information may be retained pursuant to the Commercial Law and the Act on the Consumer Protection in the Electronic Commerce Transactions, etc.and/or other rules such as the National Tax Law. The items of personal information and retention period set by the Company based on the relevant laws and regulations are as follows:

1. Act on the Consumer Protection in the Electronic Commerce Transaction, etc.
2. Records on contract or withdrawal: 5 years.
3. Records on payment and goods supply: 5 years.
4. Records of consumer complaints or dispute handling: 3 years.
5. Records on electronic financing as per the Electronic Financial Transactions Act: 5 years.
6. Investigation request from the judiciary authority for abusive use of service: 1 year.
7. Log-in records as per the Protection of Communications Secrets Act: 3 months.
8. Records on member identification as per the Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc.: 6 months.

② The Company shall retain the personal information in accordance with the provisions of the relevant regulations during the specified period and shall not and will not use such information for other purposes.

Article 5. Provision of Personal Information to Third Party

In principle, the Company does not provide the user’s personal information to the outside source. The following cases, however, shall be exceptions.

① Requested to provide the information by investigative agencies or other government agencies.

1. If necessary for information security affairs to identify an illicit act, etc. including violation of laws or regulations on a member’s part.
2. Where required by other law.
3. If necessary for the settlement of the charges according to the provision of the service: The provision items may be subject to change according to the changein the terms of the payment provider / privacy policy.

② Partnership: To provide better service, the Company may partner with other companies and provide personal information to them.

1. A minimum amount of information necessary to provide the service may be provided or shared with third-party enterprises.
2. In case of provision of information, it shall be notified to the members through the Terms of Use or Privacy Policy, and your consent / non-consent status shall be decided according to the consent procedure based on the Terms of Use.

Article 6. Consignment of Personal Information Handling

The Company entrusts the implementation of the service to the outside professional companies as below, and stipulates necessary matters at the point of signing a consignment contract pursuant to the relevant laws and regulations so that the personal information can be managed safely. The agency consigned to handle the Company’s personal information and its details are as follows:

① Handling of personal information consigned: Customer information, of which was agreed by a customer for provision, necessary for the corresponding task.

Consignee	Details of consigned task	Retention and use period of personal information
Zendesk Inc.	Provision of customer technical support and communications.	At the time of account closure, expiration of consignment contract, or until the day when the retention period expires as per the relevant law.

Article 7. Rights and Duties of Data Subject and Legal Representatives and Exercise Methods

Data subject may exercise the right to protect personal information at any time on the Company with respect to what is set forth below:

1. Request to view personal information.
2. Request to correct any error.
3. Request for deletion.
4. Request to stop handling the information.

Article 8. Disposal of Personal Information

In principle, the Company shall destroy the information immediately after the purpose of collecting and using personal information is achieved. The procedures and methods of disposal are as follows.

① Disposal procedure

1. Your personal information shall be retained by the Company as long as you receive the services provided by the Company as a user of the website and shall be used to provide our services to you as users.
2. Besides these, the Company shall destroy a user’s information immediately after the purpose of collecting and using personal information is achieved.
3. In addition, even when the purpose of collection or that of its provision is accomplished, the Company may retain your personal information pursuant to Commercial Law and other legal regulations.In this case, the personal information shall be managed for archiving purposes only.

② Disposal method

Personal information printed on paper shall be crushed by a shredder or destroyed by incineration. Personal information stored in the form of electronic files shall be deleted using a technical method that prevents physical restoration.

Article 9. Measures to Ensure Personal Information Security

The Company takes the following measures to ensure the security of personal information in accordance with the ‘Personal Information Protection Act.’

① Administrative measures: Establishment and execution of internal information management plan for personal information, minimization in the number of personal information processing staff, regular staff training, etc.

② Technical measures: Management of access rights to, for example, personal information processing systems, installation of access control systems, encryption of unique identification information and passwords, installation of security programs, periodic updating and inspection of potentially vulnerable areas, archives of access records.

③ Physical measures: Access control and lock system application to computing room (data center) and data archive