Privacy Policy


    
MEWPOT Corp. (www.mewpot.com, hereinafter referred to as “Company”) has the following Privacy Policy (hereinafter referred to as “Privacy Policy”) in order to protect the personal information protection and rights and interests of users in accordance with the Personal Information Protection Act and to smoothly handle users' grievances related to personal information.

In the event that the Company revises its Privacy Policy, it will notify users through website notice (or individual notice).

○ This Privacy Policy is amended on April 28, 2021 and will take effect on May 6, 2021.

1. The purpose of this Privacy Policy is as follows. The Privacy Policy shall not be used for any purpose other than the following purposes, and if the purpose of it is changed, the Company will seek a prior consent from users.
  A. Registration and Management of Homepage Membership
    Personal information is processed for the purpose of confirming the intention to join the membership, identifying and authenticating the identity according to the provision of membership services, maintaining and managing the membership, verifying the identity according to the implementation of the limited identity verification system, preventing the illegal use of the service, various notices, notices, grievances, and preserving records for dispute settlement.

  B. Handling of Civil Complaints
    Personal information is processed for the purpose of identifying the complainant, checking the complaint, contacting and notifying the results of the fact-finding, etc.

  C. Provision of Goods or Services
    Personal information is processed for the purpose of providing services, providing content, providing customized services, identity verification, payment and settlement, etc.

  d. Use in Marketing and Advertising
    Personal information is processed for the purpose of developing new services (products) and providing customized services, providing event and advertising information and providing opportunities for participation, providing services and serving advertisements according to demographic characteristics, verifying the validity of services, understanding the frequency of access, or statistics on members' use of services. 

2. Status of Personal Information Files

  1. Name of the personal information file: MEWPOT Personal Information File
  - Items of personal information: Email, password, login ID, gender, date of birth, name, contact information, service use record, access log, cookie, access IP information, payment record.
  - Method of collection: Homepage, Received from affiliates, Collected through tools to collect generated information.
  - Grounds for Retention: Maintenance and improvement of the service.
  - Period for Retention: 3 years.

3. Processing and Retention Period of Personal Information

(1) The Company processes and retains personal information within the period of retention and use of personal information in accordance with laws and regulations or the period of retention and use of personal information agreed upon at the time of collecting personal information from the information owner. 
(2) The processing and retention period of each personal information is as follows.

  1. Registration and Management of Homepage Membership
  Personal information related to registration and management of membership on the website will be retained and used for the above purposes from the date of consent to the collection and use until 3 years. 
  - Grounds for Retention: Maintenance and improvement of the service.
  - Reason for exception: Almost none.

  2. Handling Civil Complaints
  Personal information related to handling civil complaints will be retained and used for the above purposes from the date of consent to collection and use until 3 years.
  - Grounds for Retention: Maintenance and improvement of the service.
  - Reason for exception: Only when required by applicable law.

  3. Provision of Goods or Services
  Personal information related to provision of goods or services will be retained and used for the above purpose from the date of consent to collection and use until 3 years. 
  - Grounds for Retention: Maintenance and improvement of the service.
  - Reason for exception: Only when required by applicable law.

  4. Use for Marketing and Advertising
  Personal information related to use for marketing and advertising will be retained and used for the above purposes from the date of consent to collection and use until 3 years. 
  - Grounds for Retention: Maintenance and improvement of the service.
  - Reason for exception: Only when required by applicable law.

4. Matters Concerning the Provision of Personal Information to third Parties
(1) The Company provides personal information to third parties only if it falls under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information owner and the special provisions of the law.
(2) In the event that the Company provides the user's personal information to a third party other than the personal information processing consignment company in Article 5, the user will be notified in advance of the information of the third party and the details of the information provided.

5. Consignment of Personal Information Processing
  (1) The Company entrusts the processing of personal information as follows in order to facilitate the processing of personal information.

  1. 
    - Consignee: KG INICIS, Kakao Pay Corp., Payple Inc., NICE Payments Co., Ltd.
    - Contents of the entrusted task: Payment processing (credit card and other payment methods) and prevention of payment theft.
  2.
    - Consignee: Iamport
    - Contents of the entrusted task: Provision of payment API
  3. 
    - Consignee: Amazon Web Services, Inc.
    - Contents of the entrusted task: System operation and data storage using cloud service
  4.
    - Consignee: Danal Co., Ltd.
    - Contents of the entrusted task: Handling identity verification

(2) In the event of concluding a consignment contract, the Company shall specify in the documents such as the contract the matters concerning the prohibition on the processing of personal information other than the purpose of carrying out the entrusted business, the technical and administrative protection measures, the restriction of re-entrustment, the management and supervision of the Consignee, and the compensation for damages, etc., in accordance with Article 25 of the Personal Information Protection Act, and supervise whether the Consignee handles personal information safely.
(3) In the event that the contents of the consignment business or the Consignee change, we will disclose it through this personal information processing policy without delay.

6. The rights and obligations of the information owner and legal representative, and the users of the exercise method thereof may exercise the following rights as the personal information owner.
  (1) The information owner may exercise the right to view, correct, delete, or request the company to stop processing at any time.
  (2) The exercise of rights under paragraph (1) may be made in writing, e-mail, facsimile (FAX), etc. in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
  (3) The exercise of rights pursuant to paragraph (1) may be made through an agent such as the legal representative of the information owner or a person who has been delegated. In this case, a power of attorney in accordance with the form of Annex No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
  (4) Requests for the viewing and suspension of processing of personal information may be restricted by Article 35 (5) and Article 37 (2) of the Personal Information Protection Act.
  (5) Requests for correction and deletion of personal information cannot be requested to be deleted if the personal information is specified in other laws and regulations as the object of collection.
  (6) The Company confirms whether the person who made the request, such as the request for viewing in accordance with the rights of the information owner, the request for correction and deletion, and the request for suspension of processing, etc., is the person or the rightful agent.

7. Preparation of Items of Personal Information to be Processed 
(1) The Company processes the following personal information items.
  1. Registration and Management of Homepage Membership
    - Required items: Email, password, login ID, gender, date of birth, name, contact information, service use record, access log, cookie, access IP information, payment record.
    - Optional items:

  2. Handling Civil Complaints
    - Required items: Email, password, login ID, gender, date of birth, name, contact information, service use record, access log, cookie, access IP information, payment record.
    - Optional items:

  3. Provision of Goods and Services
    - Required items: Email, password, login ID, gender, date of birth, name, contact information, service use record, access log, cookie, access IP information, payment record
    - Optional items:

  4. Use for Marketing and Advertising
    - Required items: Email, password, login ID, gender, date of birth, name, contact information, service use record, access log, cookie, access IP information, payment record.
    - Optional items:

8. Destruction of Personal Information
  In principle, if the purpose of processing personal information is achieved, the Company shall destroy the personal information without delay. The procedure, deadline, and method of destruction are as follows.

  - Destruction Procedure
    The information entered by the user is transferred to a separate DB after the purpose is achieved (in the case of paper, a separate document) and stored for a certain period of time in accordance with the internal policy and other relevant laws and regulations, and then destroyed immediately. At this time, the personal information transferred to the DB will not be used for any other purpose unless required by law.

  -  Destruction Period
    If the retention period of personal information of the user has elapsed, the personal information of the user shall be destroyed within 5 days from the end of the retention period, and within 5 days from the date when the processing of the personal information becomes unnecessary, such as the achievement of the purpose of processing the personal information, the abolition of the relevant service, or the termination of the business.

  - Destruction Method
    Information in the form of electronic files uses a technical method that makes it impossible to reproduce records.

9. Matters Concerning the Installation, Operation and Refusal Of Automatic Collection Of Personal Information
(1) The Company uses cookies to store and retrieve usage information from time to time in order to provide personalized services.
(2) A cookie is a small amount of information sent to the user's computer browser by the server (http) used to operate the website and may be stored on the hard disk of the user's PC.
  A. Purpose of use of cookies: It is used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by the user, popular search terms, security access, etc.
  B. Installation, Operation and Refusal of cookies: The Member can refuse to save cookies by setting options on the internet options privacy menu at the top of your web browser.
  C. Refusing to save cookies can cause difficulties in using customized services.
(3) Weblog Analysis: It refers to the analysis of the user's use of the service on the website. 
  1. Weblog tool analysis tool: Google Analytics, hotjar
  2. How to reject the weblog analysis tool:
    - Google Analytics blocking: https://tools.google.com/dlpage/gaoptout/
    - Hotjar blocking: https://www.hotjar.com/legal/compliance/opt-out
  3. For other weblog analysis tools, follow the tool-specific rejection method.

10. Creation of Personal Information Protection Officer 
 (1) The Company is responsible for the handling of personal information and designates a person in charge of personal information protection as follows for the handling of complaints and damage relief of information owners related to the processing of personal information.
    ▶ Personal Information Protection Officer 
    Name: Hyerim Cho
    Job Title: Representative
    Position: CEO
    Contact: contact@mewpot.com
    ※ You will be connected to the department in charge of personal information protection.
  (2) The information owner may inquire to the person in charge of personal information protection and the department in charge of all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the service (or business) of the Company. The Company will answer and handle the inquiries of the information owner without delay.

11. Changes to the Privacy Policy 
  (1) This Privacy Policy shall apply from the effective date, and if there is any addition, deletion or correction of changes in accordance with laws and policies, we will notify you through a notice 7 days before the implementation of the changes.

12. Measures to Ensure the Safety of Personal Information
  The Company has the following technical, administrative and physical measures to ensure safety in accordance with Article 29 of the Personal Information Protection Act.
    1. Conduct Regular Self-Audits
      In order to ensure stability related to the handling of personal information, the Company conducts its own audits on a regular basis (1 time per quarter).
    2. Minimization and Training of Personal Information Handling Staff
      The Company designates employees who handle personal information and limit them to the person in charge, and the Company implements measures to manage personal information by minimizing it.
    3. Establishment and Implementation of Internal Management Plan
      The Company has established and implemented an internal management plan for the safe handling of personal information.
    4. Technical Measures Against Hacking, Etc.
      In order to prevent leakage and damage of personal information caused by hacking or computer viruses, the Company installs security programs, periodically updates and checks, installs systems in areas with restricted access from outside, and monitors and blocks technically and physically.
    5. Encryption of Personal Information
      The user's personal information is stored and managed by encrypting the password, so only the user can know it, and the important data uses separate security functions such as encrypting the file and transmission data or using the file lock function. 
    6. Storage of Access Records and Prevention of Forgery and Tampering
      The Company keeps and manages records of access to the personal information processing system for at least 6 months and uses security functions to prevent access records from being forged, stolen, or lost.

    7. Restrict Access to Personal Information
    The Company takes necessary measures to control access to personal information through the granting, alteration, and cancellation of access rights to the database system that processes personal information and uses the intrusion prevention system to control unauthorized access from outside.