Search
DownloadLoginSign Up
Click to apply the changed page
Privacy policy

cafenono Co., Ltd. (hereinafter referred to as the "Company") establishes and discloses the following personal information handling policy in order to protect the personal information of the information subject in accordance with Article 30 of the Personal Information Protection Act and to handle related grievances quickly and smoothly. do.

 

Article 1 (Purpose of processing personal information)

The company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be implemented.

  1. Membership registration and management

    Personal information is processed for the purpose of confirming the intention to join as a member, identifying and authenticating the person in accordance with the provision of membership service, provide better service experience such as friend recommendation, maintaining member status, preventing illegal use of the service, and handling various notices and notices.

  2. Provision of services

    Personal information is processed for the purpose of providing services, providing content, providing customized services, and payment and settlement.

  3. Grievance handling

    Personal information is processed for the purpose of confirming the identity of the complainant and notifying the result of contact notification for investigation of complaints.

  4. Used for marketing and advertising

    Personal information is processed for the purpose of developing new services (products) and providing customized services, providing services according to demographic characteristics and posting advertisements, checking the validity of services, determining the frequency of access, or statistics on the use of services by members.

Article 2 (Processing and Retention Period of Personal Information)

  1. The company processes and retains personal information within the period of retention and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.

  2. Each personal information processing and retention period is as follows

    1. Provide membership, management and better service experience: Until service withdrawal

      However, in the case of the following reasons, until the

      1. In the event that an investigation is in progress due to a violation of the relevant laws and regulations, until the end of the investigation
      2. In the case of remaining debt-to-debt relationship due to service use, until settlement of the debt-to-debt relationship
    2. Service provision: Until the completion of service supply, payment, and settlement

      However, in the following cases, until the end of the period

      1. Contract or subscription withdrawal, payment, supply records of goods, computer communication, internet log data, access tracking data: until service termination
      2. Records on indications, advertisements, consumer complaints, etc. in accordance with the 「Act on Consumer Protection in Electronic Commerce, Etc.」
        1. Records on display and advertisement: 6 months
        2. Records on consumer complaints or dispute resolution: 3 years

Article 3 (Provision of personal information to third parties)

The company processes the personal information of the information subject only within the scope specified in Article 1 (Purpose of processing personal information), and only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject and special provisions of the law. We provide personal information to third parties.

The company does not provide personal information to third parties without the user's prior consent. However, personal information is provided to third parties after obtaining the user's consent within the scope necessary for the user to use the following services. In other words, users who do not use the services below will not be provided with personal information.

[Cafe-no-no service] Provided to: Mailgun Technologies, Inc Purpose of provision: Sending e-mail Items of personal information to be provided: Email address Period of retention and use of personal information by the person receiving personal information: Until membership withdrawal or service termination Provided by: Sentry.io Purpose of provision: collection of error information Provided personal information items: device information, IP information, user ID Period of retention and use of personal information by the person receiving personal information: Until membership withdrawal or service termination Provided by: Google Purpose of provision: App push, Google Analytics, error information collection Provided personal information items: device token, device information, IP information, user ID Period of retention and use of personal information by the person receiving personal information: Until membership withdrawal or service termination Recipient: NHN Cloud Purpose of provision: Send SMS, LMS, and Alim Talk Items of personal information provided: (mobile) phone number Period of retention and use of personal information by the person receiving personal information: Until membership withdrawal or service termination Recipient: NAVER CLOUD Purpose of provision: SMS, LMS, AlimTalk transmission, Naver Map API linkage Items of personal information provided: (mobile) phone number Period of retention and use of personal information by the person receiving personal information: Until membership withdrawal or service termination Provided to: Amazon Web Services, Inc. Purpose of provision: Sending e-mail Items of personal information to be provided: Email address Period of retention and use of personal information by the person receiving personal information: Until membership withdrawal or service termination Provided to: Mixpanel, Inc. Purpose of provision: service analysis and improvement Items of personal information provided: (mobile) phone number, e-mail address, nickname, profile image, IP, access history, etc. usage records, device information Period of retention and use of personal information by the person receiving personal information: Until membership withdrawal or service termination 

Article 4 (Consignment of personal information processing)

  1. The company entrusts the following personal information processing tasks for smooth personal information processing.
    • Consignee (trustee): Amazon Web Services Inc.
    • Consigned tasks: Operate and manage the cloud server where personal information is stored during the personal information storage period
  2. When the company concludes a consignment contract, in accordance with Article 25 of the Personal Information Protection Act, matters related to responsibilities such as prohibition of processing of personal information other than for the purpose of performing entrusted work, technical and administrative protection measures, restrictions on re-entrustment, management, supervision, and compensation for damages It is specified in documents such as contracts and supervises whether the trustee handles personal information safely.
  3. If the contents of the consignment work or the consignee is changed, we will disclose it through this personal information processing policy without delay.

Article 5 (Transfer of personal information abroad)

In order to provide services and improve user convenience, the company may transmit or manage personal information abroad as follows.

- Receiving company name and contact information: Amazon Web Service Inc., aws-korea-privacy@amazon.com - Previous countries: Japan, USA - Transfer date and method: Transmission through the network at the time of service use - Items of personal information transferred: Items collected in the personal information processing policy - Purpose of use of transfer recipient: service operation and data storage - Recipient’s retention and use period: Until membership withdrawal or termination of consignment contract - Receiving company name and contact information: Google, googlekrsupport@google.com - Previous country: USA - Transfer date and method: Transmission through the network at the time of service use - Items of personal information transferred: device token, device information, IP information, user ID - Purpose of use of transfer recipient: App push, Google Analytics, error information collection - Recipient's retention and use period: Until membership withdrawal or termination of consignment contract - Receiving company name and contact information: Sentry, compliance@sentry.io - Previous country: USA - Transfer date and method: Transmission through the network at the time of service use - Items of personal information transferred: device information, IP information, user ID - Purpose of use of transfer recipient: collection of error information - Recipient's retention and use period: Until membership withdrawal or termination of consignment contract - Transfer recipient name and contact information: Mailgun Technologies, Inc., privacy@mailgun.com - Previous country: USA - Transfer date and method: Transmission through the network at the time of service use - Items of personal information transferred: email address - Purpose of use of transfer recipient: service analysis and improvement - Recipient's retention and use period: Until membership withdrawal or termination of consignment contract - Receiving company name and contact information: Mixpanel, Inc., dpo@mixpanel.com - Previous country: USA - Transfer date and method: Transmission through the network at the time of service use - Items of personal information transferred: (mobile) phone number, e-mail address, nickname, profile image, IP, access history, etc. usage records, device information - Purpose of use of transfer recipient: service analysis and improvement - Recipient's retention and use period: Until membership withdrawal or termination of consignment contract 

Article 6 (Rights, Obligations and Methods of Execution of Information Subjects and Legal Representatives)

  1. The information subject can exercise the right to view, correct, delete, and suspend processing of personal information at any time with respect to the company.
  2. The exercise of rights pursuant to Paragraph 1 may be done in writing, e-mail, fax, etc. in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act for the company, and the company will take action without delay.
  3. The exercise of rights pursuant to Paragraph 1 may be done through an agent such as a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in the form of Attachment No. 11 of the Enforcement Regulations of the Personal Information Protection Act.
  4. The rights of the information subject may be restricted in accordance with Article 35 (5) and Article 37 (2) of the Personal Information Protection Act for requests to view and stop processing of personal information.
  5. Request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
  6. The company confirms whether the person who made the request, such as a request for reading, correction or deletion, or request for suspension of processing, is the person or a legitimate agent according to the right of the information subject.

Article 7 (Items of personal information to be processed)

The company handles the following personal information items.

[Membership in Cafe Nono] Required items: nickname, mobile phone number, email, hashed phone numbers registered in Contacts. 

In order to provide better service while using the service, the following personal information items may be automatically created and collected. - Device information (OS, screen size, etc.), IP address, cookie, date of visit, service use record, encrypted member identification code, MAC address, bad use record, etc.

Article 8 (Destruction of personal information)

  1. The company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or achievement of the purpose of processing.
  2. If the personal information retention period agreed to by the information subject has elapsed or the personal information needs to be kept in accordance with other laws despite the achievement of the purpose of processing, the personal information may be moved to a separate database (DB) or stored to be preserved differently.
  3. In order to prevent illegal use, if necessary, the company stores user information (e-mail, (mobile) phone number, user identification information provided by the company, device information, password, etc.) with one-way encryption (hash processing).
  4. The company separately stores or deletes the personal information of members who have not used the service for one year in accordance with the 'personal information validity period system', and the separated personal information is stored for 4 years and then destroyed without delay.
  5. The procedure and method of personal information destruction are as follows.
    1. Destruction procedure
      • The company selects the personal information for which the reason for destruction occurred, and destroys the personal information with the approval of the company's personal information protection officer.
    2. Destruction method
      • The company destroys personal information recorded and stored in the form of electronic files so that the record cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration with a shredder.

Article 9 (Measures to ensure the safety of personal information)

The company is taking the following measures to ensure the safety of personal information.

  1. Administrative measures: establishment and implementation of internal management plans, regular employee training, etc.
  2. Technical measures: management of access rights of personal information processing system, etc., installation of access control system, encryption of unique identification information, etc., installation of security program
  3. Physical measures: access management, etc.

Article 10 (Matters regarding installation, operation and rejection of automatic personal information collection devices)

  1. The company uses 'cookies' to store and retrieve usage information from time to time to provide users with individually customized services.
  2. Cookies are a small amount of information that the server (http) used to operate the website sends to the user's computer browser and is also stored on the hard disk of the user's PC computer.
    1. Purpose of use of cookies: These are used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by the user, popular search terms, and whether secure access is available.
    2. Installation, operation, and rejection of cookies: You can refuse to store cookies by setting options in the Tools>Internet Options>Personal Information menu at the top of the web browser.
    3. If you refuse to store cookies, you may experience difficulties in using customized services.
  3. The company is using marketing and web analytics support services to provide better services.
    1. The processing of information collected by each service is in accordance with the policy of the respective service, and the user may use the tracking prevention or cookie refusal function in the browser or refuse automated collection in the manner provided by the service.
    2. The collected non-identifying behavioral information may be used for online advertisements through Google's Google AdWords service, Facebook's business tools, Kakao's Kakao Moment, and AppsFlyer's partners.
    3. The name and policy of each service may change depending on the circumstances of the marketing and web analysis support service provider.
- Facebook Pixel Overview: An analytics tool powered by Facebook that measures the performance of your ads by understanding the actions users take on your website. Service Policy: www.facebook.com/about/privacy Opt out of collection: https://www.facebook.com/settings/?tab=ads - Kakao Pixel Overview: An analytics tool powered by Kakao that measures the performance of your ads by understanding the actions users take on your website. Service Policy: https://kakaoad.github.io/kakao-pixel/pixel-guide.html Rejection of collection: Rejection of collection through refusal to use cookies - AppsFlyer Overview : An analytics tool provided by AppsFlyer that measures app installation and usage behavior Service Policy: https://www.appsflyer.com/services-privacy-policy Opt out of collection: https://www.appsflyer.com/optout - Google Analytics Overview : A web analytics service provided by Google that tracks and reports website traffic. Service Policy: https://support.google.com/analytics/answer/6004245?hl=en Opt out of collection: https://support.google.com/analytics/answer/9019185?hl=en - Mixpanel Overview : User behavior-based product analytics platform across websites and mobile apps Service Policy: https://mixpanel.com/legal/terms-of-use/ Opt out of collection: https://help.mixpanel.com/hc/en-us/articles/360001113426-Opt-Out-of-Tracking 

Article 11 (Personal Information Protection Officer)

  1. The company is responsible for handling personal information, and has designated a person in charge of personal information protection as follows to handle complaints and damage relief from information subjects related to personal information processing.
    • Name of the person in charge of personal information protection: Kim Jun-gi
    • Position: Director of Technology
    • Phone number: 031-8016-9286
    • Email: support@cafenono.com
  2. The information subject may inquire to the person in charge of personal information protection for all personal information protection-related inquiries, complaint handling, damage relief, etc. that occurred while using the company's services. The company will respond and handle the inquiries of the information subject without delay.
  • Announced on: Sep 22, 2022
  • Enforced on: Sep 29, 2022

However, for members who sign up after the announcement date, the revised terms and conditions will be applied from the time of registration.