Personal Information Processing Policy

  • Article 1 (Purpose)

    The promotional and operational agency of MyK FESTA (hereinafter referred to as the “Company”) establishes this Personal Information Processing Policy (hereinafter referred to as the “Policy”) for the purpose of protecting the information (hereinafter referred to as “Personal Information”) of the individual (hereinafter referred to as the “User” or “Individual”) using the services provided by the Company (hereinafter referred to as the “Company Services”). This Policy is established in accordance with relevant laws and regulations, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the “Information and Communications Network Act”), and aims to ensure the prompt and appropriate handling of any concerns related to the protection of the User’s Personal Information.

  • Article 2 (Principles of Personal Information Processing)

    In accordance with applicable laws and regulations related to personal information and this Policy, the Company may collect the Personal Information of the User. The collected Personal Information may be provided to third parties only upon obtaining the consent of the Individual. However, where disclosure is lawfully required under applicable provisions of laws and regulations, the Company may provide the collected Personal Information to third parties without the prior consent of the Individual.

  • Article 3 (Disclosure of this Policy)

    1. The Company shall make this Policy publicly available on the main page of its official website or a linked page directly accessible from the main page so that User may easily access it at any time.

    2. When disclosing this Policy in accordance with Paragraph 1, the Company shall employ appropriate font sizes, color schemes, and other formatting tools to ensure that User is able to fully understand and review the contents of this Policy.

  • Article 4 (Amendment of this Policy)

    1. This Policy may be amended in accordance with changes to applicable laws and regulations, guidelines, or public notices concerning Personal Information, or changes to policies or contents of the Company Services.

    2. In the event that the Company amends this Policy in accordance with Paragraph 1, it shall provide notice through one or more of the following methods:

    • a. By posting a notice on the notice section on the main page of the Company’s official website, or through a separate pop-up window;

      b. By providing notice to the User in writing, by facsimile, by e-mail, or through similar means of communication;

    3. The Company shall provide notice under Paragraph 2 at least seven (7) days prior to the effective date of the amended Policy. However, where there is a significant change affecting the rights of the User, such notice shall be provided at least thirty (30) days in advance.

  • Article 5 (Information Collected for Service Usage and Prevention of Fraudulent Use)

    The Company collects the following information for statistical and verification purposes and analysis of the User’s service usage, as well as for the detection of fraudulent use (“fraudulent use” refers to acts such as the repeated withdrawal and re-registration of membership, the repeated purchase and cancellation of products, and other actions intended to unlawfully or improperly obtain economic benefits provided by the Company, such as discount coupons or promotional offers. It also includes any conduct prohibited under the Terms of Use, identity theft, and other unlawful or improper acts.).

    1. Required Information Collected: Service usage records, cookies, access location information, and device information

  • Article 6 (Methods of Collecting Personal Information)

    The Company collects the Personal Information of the User through the following methods:

    1. When the User enters their Personal Information on the Company’s official website;

    2. When the User enters their Personal Information through services other than the official website, such as applications provided by the Company;

    3. When the User enters their Personal Information while using the Company Services, such as during customer service consultations or activities on forums.

  • Article 7 (Use of Personal Information)

    The Company uses Personal Information in the following cases:

    1. Where required for the operation of the Company, such as the delivery of notices;

    2. Where required to improve services for the User, such as responding to inquiries or handling complaints;

    3. Where required to provide Company Services;

    4. Where required to take usage restriction measures against members who violate applicable laws or the Company’s Terms and Conditions, and prevent and take action against harmful conduct, including fraudulent use that interferes with the smooth operation of Company Services;

    5. Where it is used for marketing purposes, such as providing information on events and promotions;

    6. Where it is used for analysis of visitor demographics, service visits, and usage history.

  • Article 8 (Retention and Use Period of Personal Information)

    1. The Company retains and uses the User’s Personal Information for the period necessary to achieve the purpose of its collection and use.

    2. Notwithstanding the preceding paragraph, the Company may, in accordance with its internal policies, retain records of fraudulent use of the services for up to one (1) year from the time of the User’s withdrawal in order to prevent fraudulent registration and use.

  • Article 9 (Retention and Use Period of Personal Information in Accordance with Applicable Laws and Regulations)

    The Company retains and uses Personal Information as follows, in accordance with applicable laws and regulations:

    1. Information retained and the corresponding retention period in accordance with the Act on the Consumer Protection in Electronic Commerce, Etc.:

    • a. Records regarding contracts or withdrawal of subscription: 5 years

      b. Records regarding payments and supply of goods, etc.: 5 years

      c. Records regarding consumer complaints or dispute resolution: 3 years

      d. Records regarding labeling and advertisements: 6 months

    2. Information retained and the corresponding retention period in accordance with the Protection of Communications Secrets Act:

    • a. Website log data: 3 months

    3. Information retained and the corresponding retention period in accordance with the Electronic Financial Transactions Act:

    • a. Records of electronic financial transactions: 5 years

    4. Act on the Protection and Use of Location Information:

    • a. Personal location information: 6 months

  • Article 10 (Principle of Personal Information Destruction)

    In principle, the Company shall destroy Personal Information without delay when it is no longer deemed necessary, such as upon the fulfillment of the purpose of processing or the expiration of the retention and use period./span>

  • Article 11 (Procedure for Personal Information Destruction)

    1. Personal Information entered by the User for purposes such as membership registration shall, upon completion of processing, be transferred to a separate database (or, in the case of paper documents, to a separate physical storage container) and then stored for a certain period for the purpose of information protection as specified in internal policies and relevant laws and regulations (refer to the retention and use period), after which it shall be destroyed.

    2. The Company shall destroy Personal Information once the conditions for destruction have been satisfied following an approval process conducted by the personnel responsible for personal information protection.

  • Article 12 (Personal Information Destruction Methods)

    The Company shall destroy Personal Information stored in electronic form by using technical methods that render the records irrecoverable. The Company shall destroy Personal Information in printed form by shredding, incineration, or other similar means.

  • Article 13 (Measures for Sending Advertising Information)

    1. When transmitting advertising information for commercial purposes through electronic means, the Company shall obtain the explicit prior consent of the User. However, prior consent shall not be required in any of the following cases:

    • a. Where the Company has collected the recipient’s contact information directly from the recipient through a transactional relationship involving goods or services and intends to transmit advertising information for commercial purposes related to goods or services of the same kind handled by the Company and transacted with the recipient within six (6) months from the date the transaction was completed.

      b. Where a telephone solicitor, in accordance with the Act on Door-to-Door Sales, verbally notifies the recipient of the source of the Personal Information collected and places the solicitation call accordingly.

    2. Notwithstanding the preceding paragraph, the Company shall not transmit advertising information for commercial purposes if the recipient indicates a refusal to receive such information or withdraws their prior consent. The Company shall also notify the recipient of the result of processing the refusal or the withdrawal of consent.

    3. Notwithstanding Paragraph 1, if the Company intends to transmit advertising information for commercial purposes through electronic means between 9:00 p.m. and 8:00 a.m. of the following day, it shall obtain separate prior consent from the recipient.

    4. When transmitting advertising information for commercial purposes through electronic means, the Company shall clearly specify the following details in the advertising content:

    • a. Name and contact information of the Company

      b. Matters concerning the refusal to receive information or the withdrawal of prior consent

    5. When transmitting advertising information for commercial purposes through electronic means, the Company shall not take any of the following actions:

    • a. Any action that disregards or interferes with the recipient’s refusal to receive advertising information or withdrawal of prior consent

      b. Any action that automatically generates the recipient’s contact information, such as telephone numbers or email addresses, by combining numbers, symbols, or characters

      c. Any action that automatically registers telephone numbers or email addresses for the purpose of transmitting advertising information for commercial purposes

      d. Any action intended to conceal the identity of the sender of advertising information or the source of transmission

      e. Any action that deceptively induces a response from the recipient for the purpose of transmitting advertising information for commercial purposes

  • Article 14 (Obligations of the User)

    1. The User shall keep their Personal Information up to date and shall be responsible for any issues arising from the submission of inaccurate information.

    2. In the event that the User registers for membership by using another person’s Personal Information, the User may lose their eligibility for service use or be subject to penalties under applicable personal information protection laws.

    3. The User is responsible for maintaining the security of their email address, password, and other credentials and shall not transfer or provide them to any third party.

  • Article 15 (Matters Concerning the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

    1. The Company uses automatic personal information collection devices (hereinafter referred to as “cookies”) that store and retrieve usage information on occasion in order to provide the User with personalized services. A cookie is a small piece of data sent by the server (HTTP) used to operate the website to the User’s web browser (including PC and mobile browsers) and may be stored in the User’s device.

    2. The User has the right to choose whether to allow the installation of cookies. Accordingly, the User may configure their web browser settings to allow all cookies, to receive a prompt each time a cookie is stored, or to reject the storage of all cookies.

    3. However, when the settings are configured to refuse the storage of cookies, certain Company Services that require login may not function properly or may be difficult to use.

  • Article 16 (Methods for Managing Cookie Installation Permissions)

    Through the configuration of their web browser's settings, the User may either choose to allow or block cookies. Instructions for configuring browser cookies are provided below:

    1. Edge: Settings menu at the top right of the web browser > Cookies and site permissions > Manage and delete cookies and site data

    2. Chrome: Settings menu at the top right of the web browser > Privacy and security > Cookies and other site data

    3. Whale: Settings menu at the top right of the web browser > Privacy protection > Cookies and other site data

  • Article 17 (Designation of Personnel Responsible for Personal Information Protection)

    1. The Company designates the following department and personnel responsible for Personal Information Protection to safeguard the User’s personal information and handle complaints related to personal information:

    • A. Personnel Responsible for Personal Information Protection:

      • 1) Name: MyK FESTA Promotion

        2) Position: Public Relations Team

        3) Telephone: +82-70-4288-4097

        4) Email: mykfesta@gmail.com

  • Article 18 (Remedies for Infringement of Rights)

    1. In order to seek remedies for personal information infringements, data subjects may submit a request for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Call Center of the Korea Internet & Security Agency (KISA), or other related organizations. For reports or consultations concerning other personal information infringements, please contact one of the institutions listed below:

    • a. Personal Information Dispute Mediation Committee: 1833-6972 (no area code required), www.kopico.go.kr

      b. Personal Information Infringement Report Call Center: 118 (no area code required), privacy.kisa.or.kr

      c. Supreme Prosecutors’ Office (SPO): 1301 (no area code required), www.spo.go.kr

      d. Korean National Police Agency: 182 (no area code required), ecrm.cyber.go.kr

    2. The Company is committed to safeguarding the data subject’s right to self-determination over personal information and makes every effort to provide consultation and remedies in the event of any personal information infringement. If the User deems it necessary to submit a report or request consultation, they may contact the department specified in Paragraph 1..

    3. In accordance with Article 35 (Access to Personal Information), Article 36 (Correction or Erasure of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act, any individual whose rights or interests have been infringed by a decision or omission of the head of a public institution may file an administrative appeal in accordance with the Administrative Appeals Act.

    • a. Central Administrative Appeals Commission: 110 (no area code required), www.simpan.go.kr

Addendum

Article 1 This Policy shall take effect as of April 17, 2025.