NAVER Cloud Corp. (hereinafter referred to as "the Company") processes and manages personal information legally and safely in compliance with the Personal Information Protection Act and relevant laws to protect the freedom and rights of data subjects. Accordingly, in accordance with the Personal Information Protection Act, the Company establishes and discloses the following privacy policy to guide data subjects on the procedures and standards for handling personal information and to process related grievances promptly and smoothly.
 |  |  |  |  |
General Personal Information Collection | Purpose of Processing Personal Information | Retention Period of Personal Information | Delegation of Personal Information Processing | Contact for Grievances |
Name, Email Address, Password, Date of Birth, Payment Method | Service provision and member management, payment for paid products, responding to inquiries, etc. | Personal information is destroyed immediately upon withdrawal Some personal information is retained for additional periods based on internal policies or relevant laws | NAVER Corp., NAVER Financial Corp., InComms Corp. |
Contents
- 1. Purpose of Processing Personal Information, Collected Information, and Retention Period
- 2. Matters Concerning Delegation of Personal Information Processing
- 3. Procedures and Methods for Destruction of Personal Information
- 4. Rights and Obligations of Data Subjects and How to Exercise Them
- 5. Measures to Ensure the Safety of Personal Information
- 6. Installation, Operation, and Rejection of Devices that Automatically Collect Personal Information
- 7. Matters Concerning the Personal Information Protection Officer
- 8. Department in Charge of Receiving and Processing Requests for Access to Personal Information
- 9. Remedies for Infringements of Data Subjects’ Rights
- 10. Changes to the Privacy Policy
1. Purpose of Processing Personal Information, Collected Information, and Retention Period
Categories | Purpose of Collection | Collected Information | Retention and Usage Period | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Member Management |
| (Required) Name, email address for ID, password, date of birth, recovery email address |
| |||||||||||||||||||
Paid Product Payment |
| (Required) Name, date of birth, gender, duplicate subscription verification information (DI), encrypted same-person identification information (CI), phone number, carrier information, domestic/foreign status | ||||||||||||||||||||
Paid Product Payment |
| (Required) Payment methods (easy payment methods, credit card number), payment date and time, payment results, purchase product information, refund information | ||||||||||||||||||||
Inquiry Response |
| (Required) Email address, Email address for ID | ||||||||||||||||||||
Suggestions/Partnership |
| (Required) Email address | ||||||||||||||||||||
Generated/Collected during Service Use |
| IP address, cookies, access log, visit date and time, service usage records, payment records |
2. Matters Concerning Delegation of Personal Information Processing
To ensure smooth business operations, the Company delegates personal information processing tasks as follows
Delegatee (Trustee) | Delegated Tasks | Retention and Usage Period |
|---|---|---|
NAVER (Subdelegatees: Korea Credit Bureau, KG Mobilians, SCI Assessment Information) | System operation for service provision, identity verification | Upon member withdrawal or termination of the delegation |
NAVER Financial Corp. | Payment processing | |
InComms Corp. | Operation of customer consultation services |
- When entering into a delegation contract, the Company specifies—in documents such as contracts—the prohibition of personal information processing for purposes other than the performance of delegated tasks, technical and managerial protection measures, restrictions on re-delegation, management and supervision of the trustee, and responsibility for damages. The Company also supervises the trustee to ensure that personal information is handled securely.
- If the details or trustee of the delegated tasks changes, the Company discloses it promptly through this privacy policy.
3. Procedures and Methods for Destruction of Personal Information
- The Company destroys personal information without delay when it is no longer needed due to the expiration of the retention period or the achievement of its processing purpose.
- Personal information recorded and stored in electronic file format is destroyed to prevent recovery. Personal information recorded and stored on paper is shredded or incinerated.
4. Rights and Obligations of Data Subjects and How to Exercise Them
- The Company destroys personal information without delay when it is no longer needed due to the expiration of the retention period or the achievement of its processing purpose.
- Personal information recorded and stored in electronic file format is destroyed to prevent recovery. Personal information recorded and stored on paper is shredded or incinerated.
5. Measures to Ensure the Safety of Personal Information
To prevent the loss, theft, leakage, alteration, or destruction of personal information, the Company takes the following technical and managerial measures.
The Company makes efforts to promptly correct and rectify any issues by verifying the implementation of the Privacy Policy and the compliance of responsible personnel through the internal dedicated personal information protection organization.
While having fulfilled its obligation to protect personal information, the Company shall not be held accountable for damages resulting from factors beyond its control, including customer negligence or incidents occurring in areas not under the Company's management.
- Managerial Measures
- Establishment and implementation of an internal management plan, operation of a dedicated organization, regular employee training
- Technical Measures
- Management of access rights to the personal information processing system, installation of access control systems, encryption of personal information, installation and updating of security programs
- Physical Measures
- Setting up and controlling access to physical access control areas
6. Installation, Operation, and Rejection of Devices that Automatically Collect Personal Information
- To provide personalized and customized services, the Company uses cookies to store and retrieve usage information.
- Cookies are small pieces of information that the server sends to the user's computer browser and may be stored on the hard drive of the user's computer.
- Cookies do not automatically/actively collect personally identifiable information, and users can refuse or delete these cookies at any time.
- Purpose of using cookies: To provide optimized information to users by understanding visit and usage patterns of services, security access status and websites visited by users.
- Method to refuse cookies: Users have the option to set their web browser to allow all cookies, confirm each time a cookie is stored, or refuse all cookies. However, refusing to store cookies may cause difficulties in using customized services.
7. Matters Concerning the Personal Information Protection Officer
The Company designates the following person as the Personal Information Protection Officer to be responsible for overall management of personal information processing, handling complaints, and providing remedies for data subjects:
Data subjects can contact the following department for all inquiries, complaints, and remedies related to personal information protection while using the service.
The Company shall promptly respond to and handle inquiries from data subjects in accordance with relevant laws and regulations.
- Name: Hanyong Park
- Department: Security Policy & Privacy
- Contact : dl_ncloud_privacy@navercorp.com
8. Department in Charge of Receiving and Processing Requests for Access to Personal Information
Data subjects can contact the following department for all inquiries, complaints, and remedies related to personal information protection while using the service.
The Company shall promptly respond to and handle inquiries from data subjects in accordance with relevant laws and regulations.
9. Remedies for Infringements of Data Subjects’ Rights
Data subjects can seek remedies for personal information infringement by applying for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, and other organizations. For other reports and consultations on personal information infringement, please contact the following institutions:
- 1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- 2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- 3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
- 4. National Police Agency: 182 (ecrm.cyber.go.kr)
10. Changes to the Privacy Policy
If there are any additions, deletions, or modifications to the current privacy policy, the Company will notify users at least 7 days before the changes take effect through the 'Notices' section on the homepage. However, if there are significant changes to user rights, the Company will notify users at least 30 days in advance and may obtain user consent again if necessary.
This privacy policy will be effective from September 25th, 2024 (KST).