Privacy Policy
This Agreement is written in the English language. If there is any discrepancy between the English version and the Korean version, the Korean version shall prevail.
1. Purpose
Nadoomodoo Inc. (hereinafter referred to as the "Company") establishes this Privacy Policy (hereinafter referred to as the "Policy") to protect the information of individuals (hereinafter referred to as "Users" or "Individuals") using the services provided by the Company (hereinafter referred to as the "Company Services") in compliance with relevant laws such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and to handle promptly and smoothly the grievances related to the protection of personal information of service users.
2. Principles of Personal Information Processing
In accordance with personal information-related laws and this Policy, the Company may collect personal information of users, and the collected personal information may be provided to third parties only with the consent of the individual. However, in cases where it is lawfully required by regulations, the Company may provide the collected personal information of users to third parties without the individual's prior consent.
3. Disclosure of this Policy
- The Company discloses this Policy to users easily accessible at any time through the first screen of the Company's website or a connected screen with the first screen.
- In accordance with the preceding paragraph, the Company ensures that users can easily confirm this Policy by using letter size, color, etc.
4. Amendment of this Policy
- This Policy may be revised in accordance with changes in personal information-related laws, guidelines, notices, or changes in the policies or content of the government or the Company's services.
- When revising this Policy pursuant to paragraph 1, the Company notifies users through one or more of the following methods:
- Posting on the first screen of the Company's website or through a separate window in the announcement section
- Notification to users via written notice, facsimile transmission, electronic mail, or similar means
- The notice under paragraph 2 shall be made at least 7 days prior to the effective date of the revised Policy. However, in the event of significant changes to user rights, the notice shall be made at least 30 days prior.
5. Information for Membership Registration
For user registration for the Company's services, the Company collects the following information:
- Mandatory collection information: Email address, password, name, nickname, date of birth, and mobile phone number
6. Information for Identity Verification
For user identity verification, the Company collects the following information:
- Mandatory collection information: Mobile phone number, email address, name, date of birth, authentication values (CI, DI), mobile service provider, i-PIN information (if confirmed), and domestic/foreigner status
7. Information for Obtaining Legal Guardian's Consent
If the consent of a legal guardian is required, the Company collects the following information for obtaining the consent of the legal guardian:
- Mandatory collection information: Guardian's name, guardian's date of birth, guardian's gender, guardian's domestic/foreigner status, guardian's mobile phone number, guardian's mobile service provider information, guardian's i-PIN information (if confirmed), and guardian's authentication values (CI, DI)
8. Information for Payment Services
The Company collects the following information to provide payment services to users:
- Mandatory collection information: Card number, card password, expiration date, 6-digit date of birth (yy/mm/dd), bank name, and account number
- Optional collection information: Cardholder's address, telephone number, and email address
9. Information for Issuing Cash Receipts
The Company collects the following information to issue cash receipts to users:
- Mandatory collection information: Name of the cash receipt recipient, date of birth of the cash receipt recipient, address of the cash receipt recipient, mobile phone number, and cash receipt card number
10. Information for Providing Company Services
The Company collects the following information to provide services to users:
- Mandatory collection information: ID, email address, name, and contact information
11. Information for Service Usage and Identification of Illicit Usage
The Company collects the following information to confirm and analyze user service usage and illicit activities:
- Mandatory collection information: Service usage records, cookies, connection information, and device information
※ Illicit usage: Refers to actions such as repetitive re-registration after withdrawal, repetitive purchase and cancellation of goods, or obtaining economic benefits such as discount coupons and event benefits provided by the Company through illegal or improper means, acts prohibited by the terms of service, identity theft, etc. The collected information may be used for statistical analysis related to the use of Company services.
12. Methods of Personal Information Collection
The Company collects the personal information of users through the following methods:
- Input by users on the Company's website
- Information provided by users during the use of customer service consultations, bulletin board activities, and other services provided by the Company
13. Use of Personal Information
The Company uses personal information for the following purposes:
- Delivery of notices necessary for the operation of the Company
- Responding to inquiries and addressing complaints to improve service for users
- Providing Company services
- Developing new services
- Marketing purposes such as event and promotion notifications
- Demographic analysis and analysis of service visit and usage records
- Prevention and sanctions against acts that violate laws and the Company's terms of service, including measures against activities that hinder the smooth operation of services
14. Provision of Personal Information Based on Prior Consent
- Despite the prohibition of providing personal information to third parties, the Company may provide personal information to third parties if the user has disclosed it in advance or consented to the following items. However, even in this case, the Company provides the minimum amount of personal information required by relevant laws.
- Providing information collected for membership registration and service usage to payment service providers for payment processing during service usage
- The Company notifies users and obtains consent through the same process when there are changes to or termination of third-party provision relationships.
15. Retention and Use Period of Personal Information
- The Company retains and uses personal information of users for the period necessary to achieve the purpose of collecting and using personal information.
- Despite the preceding paragraph, the Company retains service abuse records for up to 1 year from the time of member withdrawal for the prevention of abuse and misuse of services based on internal policies.
16. Retention and Use Period of Personal Information According to Laws
The Company retains and uses personal information in accordance with relevant laws as follows:
- Records related to the Act on Consumer Protection in Electronic Commerce, Etc.
- Records related to contracts or withdrawals: 5 years
- Records related to payment and supply of goods: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
- Records related to display and advertising: 6 months
- Records related to the Telecommunications Secrets Protection Act
- Website log records: 3 months
- Records related to the Electronic Financial Transactions Act
- Records related to electronic financial transactions: 5 years
- Records related to the Act on the Protection and Use of Location Information
- Records related to individual location information: 6 months
17. Principles of Personal Information Disposal
The Company promptly disposes of personal information when it is no longer necessary for the purposes of processing, retention, and use, following the principles below:
- Disposal procedure
- Information provided by users for registration is transferred to a separate DB (or stored in a separate file for paper documents) and retained for a certain period in accordance with internal policies and other relevant laws (refer to retention and use period) before being disposed of.
- Personal information transferred to a separate DB is not used for purposes other than retention unless required by law.
- Disposal method
- Paper documents containing personal information are shredded or incinerated.
- Personal information stored in electronic file formats is deleted using technical methods that prevent record reproduction.
18. Handling of Personal Information of Non-Users
- The Company shall, after one year of non-usage of the Company's services by users, notify the users in advance and either destroy their personal information or store it separately.
- For non-users with long-term non-usage, their personal information shall be securely stored separately. Notification to such users shall be sent via email at least 30 days before the separation and storage process is initiated.
- If non-users with long-term non-usage wish to continue using the service before the Company separates the non-user database, they can simply log in to the website (including mobile apps).
- Non-users with long-term non-usage can restore their accounts based on their consent when logging into the website.
- The Company shall destroy the separately stored personal information after retaining it for four years without delay.
19. Personal Information Disposal Procedure
- Information provided by users for registration shall be transferred to a separate database (or stored in a separate file for paper documents) after the purpose of personal information processing is achieved. It shall be retained for a certain period as per internal policies and other relevant laws (refer to the retention and use period) before being destroyed.
- The Company shall destroy personal information when the reason for disposal arises, following the approval process of the personal information protection manager.
20. Method of Personal Information Disposal
The Company shall use technical methods to irreversibly delete personal information stored in electronic file formats and shall destroy paper documents containing personal information through shredding or incineration.
21. Measures for Transmission of Advertising Information
- When transmitting commercial advertising information using electronic transmission media, the Company shall obtain explicit prior consent from users. However, it shall not obtain prior consent in the following cases:
- If the Company intends to transmit commercial advertising information regarding the same type of goods or services with which it has previously conducted transactions within 6 months after the transaction, provided that the Company directly collected contact information from the recipient
- If a telemarketing seller under the "Door-to-Door Sales Act" notifies the recipient of the source of personal information collection and engages in telemarketing
- Regardless of the above, the Company shall not transmit commercial advertising information if the recipient expresses refusal to receive it or withdraws prior consent, and shall notify the recipient of the results of refusal to receive and withdrawal of consent.
- Even when transmitting commercial advertising information using electronic transmission media between 9 PM and 8 AM, the Company shall obtain separate prior consent from the recipient.
- When transmitting commercial advertising information using electronic transmission media, the Company shall clearly indicate the following in the advertising information:
- Company name and contact information
- Instructions for indicating refusal to receive or withdrawal of consent
- When transmitting commercial advertising information using electronic transmission media, the Company shall refrain from taking any of the following actions:
- Actions that evade or interfere with the refusal to receive or withdrawal of consent by the recipient of advertising information
- Actions that automatically generate contact information of recipients such as phone numbers or email addresses by combining numbers, symbols, or characters
- Actions that automatically register phone numbers or email addresses for the purpose of transmitting commercial advertising information
- Various measures to conceal the identity of the sender or source of advertising transmission
- Various measures to deceive recipients into responding to solicitations for the purpose of transmitting commercial advertising information
22. Obligations of Users
- Users are responsible for keeping their personal information up to date, and any problems arising from inaccurate information input by users are the responsibility of the users themselves.
- Users may lose their membership status or be subject to punishment under relevant personal information protection laws for fraudulent registration using another person's personal information.
- Users are responsible for maintaining the security of their email addresses, passwords, etc., and may not transfer or lease them to third parties.
23. Company's Management of Personal Information
The Company employs technological and managerial protective measures to prevent the loss, theft, leakage, alteration, or damage of user personal information in the course of processing.
24. Treatment of Deleted Information
The Company processes personal information that has been terminated or deleted at the request of users or legal guardians according to the "Retention and Use Period of Personal Information" collected by the Company and ensures that it cannot be accessed or used for any other purpose.
25. Encryption of Passwords
User passwords are stored and managed using one-way encryption methods, and confirmation or modification of personal information requires the password known only to the user.
26. Measures against Hacking and Similar Threats
- The Company makes every effort to prevent user personal information from being leaked or damaged by hacking, computer viruses, or other intrusions into information networks.
- The Company uses the latest antivirus programs to prevent the leakage or damage of user personal information.
- The Company employs intrusion prevention systems to prepare for unforeseen circumstances.
- If the Company collects and retains sensitive personal information, it ensures the secure transmission of personal information over networks using encryption communication methods.
27. Minimization and Education of Personal Information Handling
The Company restricts the number of personnel handling personal information to a minimum and emphasizes compliance with laws, internal policies, etc., through education and other administrative measures for personal information handlers.
28. Measures for Personal Information Leakage, etc.
When the Company becomes aware of the loss, theft, or leakage (hereinafter referred to as "leakage, etc.") of personal information, the Company shall promptly notify the affected user of all of the following and report to the Korea Communications Commission or the Korea Internet & Security Agency:
- Items of personal information subject to leakage, etc.
- Time of occurrence of the leakage, etc.
- Measures users can take
- Response measures of information service providers, etc.
- Department and contact information where users can seek assistance or file complaints
29. Exceptions to Measures for Personal Information Leakage, etc.
Despite the preceding clause, if there is a legitimate reason such as the inability to obtain the user's contact information, the Company may take measures to replace the notification stipulated in the preceding clause by posting it on the Company's website for 30 days or more.
30. Protection of Personal Information Transferred Overseas
- The Company shall not enter into international agreements containing matters that violate relevant laws and regulations regarding personal information of users.
- Before providing (including accessing), outsourcing processing, or storing (hereinafter referred to as "transfer") personal information of users overseas, the Company shall obtain the user's consent. However, if all the items in paragraph 3 of this are. disclosed to users in accordance with relevant laws and regulations such as the Personal Information Protection Act, the consent process for transfer in accordance with processing outsourcing or storage of personal information may be exempted.
- Before obtaining consent pursuant to the main text of paragraph 2 of this Article, the Company shall notify users in advance of all the following:
- Items of personal information transferred
- Country to which the personal information is transferred, date and method of transfer
- Name of the recipient of personal information (including the name and contact information of the person in charge of information management in the case of a corporation)
- Purpose of use, retention, and use period of personal information by the recipient
- If the Company obtains consent for the transfer of personal information overseas, it shall take protective measures in accordance with the Presidential Decree of the Personal Information Protection Act and other relevant regulations.
31. User's Choice Regarding Cookie Installation
- Users have the option to choose whether to install cookies. Therefore, users can allow all cookies, require confirmation each time a cookie is stored, or refuse to store all cookies by setting options in their web browser.
- However, if you refuse to store cookies, some services of the Company that require login may be difficult to use.
32. Method of Designating Permission for Cookie Installation
The method of designating permission for cookie installation (in Internet Explorer) is as follows:
- Select "Internet Options" from the "Tools" menu.
- Click on the "Privacy" tab.
- You can set it in the "Advanced" settings.
33. Use of Third-Party Services
- The Company uses the following third-party services to improve the quality of services and provide a better user experience:
- Google Analytics: Website traffic analysis
- Google Workspace: Email, calendar, and document management services
- We explicitly affirm that Google API Workspace is not used to develop, improve, or train generalized AI or ML models.
- Channel.io: Customer support chat service
34. Appointment of Personal Information Protection Manager by the Company
- The Company designates the following department and personal information protection manager to protect user personal information and handle complaints related to personal information:
- Personal Information Protection Manager:
- Name: Lim Heeeun
- Phone number: 82+ 02-557-4423
- Email: privacy@nadoomodoo.com
- Personal Information Protection Officer:
- Department: Development Team
- Name: Lim Heeeun
- Phone number: 82+ 02-557-4423
- Email: privacy@nadoomodoo.com
Supplementary Provisions
This policy shall be effective from May 8, 2023.