Last revised on 03/11/2020
<Hyperity> has the following processing policy to protect user's personal information and rights and to handle user's grievance related to personal information in accordance with the Personal Information Protection Act.
<Hyperity> will be notified through the Blurry App Notice (or individual notice) when the company revises the privacy policy.
1. Purpose of Processing Personal Information <Hyperity> processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following, and if the purpose of use is changed, prior consent will be obtained.
•
Membership and Management
Confirmation of membership intention, identification and certification by providing membership system, maintenance and management of membership, identification of identity through limited identity verification system, prevention of fraudulent use of service, confirmation of legal representative consent when collecting personal information of children under 14 years old, We process personal information for the purpose of preserving various notices, notices, grievances, and records for mediation.
•
Civil affairs processing
Personal information will be processed for the purpose of verifying the identity of the complainant, confirming the complaint, contacting and notifying for the fact investigation, and notification of the processing result.
•
Providing Goods or Services
Personal information is processed for the purpose of providing services, sending bills, providing contents, providing customized services, verifying identity, verifying age, and paying and settlement.
•
Use in marketing and advertising
Development of new services (products) and provision of customized services, provision of event and advertising information and participation opportunities, provision of services and advertisements based on demographic characteristics, validation of services, identification of access frequency, or statistics on the use of services by members, etc. We process personal information for the purpose of
2. Status of Personal Information File
•
Personal Information File Name: Blurry Privacy Policy
•
Personal information items: email, mobile phone number, password question and answer, password, login ID, gender, date of birth, name, occupation, anniversary, marital status, hobby, physical information, religion, service usage record, access log, cookie, Access IP Information, Billing Record
•
Collection method: collection through the application, collection information collection tool
•
Basis for possession: Service provision and protection for Blurry members
•
Period of retention: 1 year
•
Relevant laws: Records on consumer complaints or disputes: 3 years, Records on payments and goods: 5 years, Records on contracts or withdrawals: 5 years, Records on labeling / advertising: 6 month
3. Processing and Retention Period of Personal Information
① <Hyperity> processes and holds personal information within the period of possession and use of personal information pursuant to the law or within the period of possession and use of personal information that has been agreed upon when collecting personal information from the information subject.
② Each personal information processing and retention period is as follows.
1. <membership and management>
Personal information related to <membership registration and management> will be retained and used for the above purposes from the date of agreement on collection and use to <1 year>.
•
Operational basis: service provision and protection for Blurry members
•
Related laws: 1) Records of complaints or disputes of consumers: 3 years
2) Record of payment and supply of goods: 5 years
3) Record on contract or withdrawal of subscription: 5 years
4) Record on display / advertisement: 6 months
4. Rights and obligations of the data subject and the legal representative and the method of exercise The user can exercise the following rights as a personal information subject.
① The person in charge of information can exercise the right to access, modify, delete, and suspend personal information at any time.
② In accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, Hyperity can be made in writing or by e-mail.
③ The exercise of rights under Paragraph 1 can be done through the legal representative of the information subject or the representative who has been delegated. In this case, you must submit a power of attorney according to Form 11 of the Enforcement Regulations of the Personal Information Protection Act.
④ The right of information subject may be restricted in accordance with Article 35 Paragraph 5, Article 37 paragraph 2 of the Personal Information Protection Act.
⑤ A request for correction or deletion of personal information may not request the deletion if the personal information is specified for collection in other laws and regulations.
⑥ Hyperity verifies whether the person who requested the request, the request for correction / deletion, or the request for suspension of processing according to the information subject's right is the person or the rightful agent.
5. Items of personal information processed
<Hyperity> handles the following personal information items.
1 <Membership registration and management>
•
Required items: Email, mobile phone number, login ID, gender, date of birth, name, service usage record, access log, cookie, access IP information, payment record
•
Optional: occupation, anniversary, marital status, hobbies, health information, religion
2 <Process of civil affairs>
•
Required items: Email, mobile phone number, login ID, gender, date of birth, name, service usage record, access log, cookie, access IP information, payment record
3 <service provision>
•
Required items: Email, mobile phone number, login ID, gender, date of birth, name, service usage record, access log, cookie, access IP information, payment record
•
Optional: occupation, anniversary, marital status, hobbies, health information, religion
4 <Use for marketing and advertising>
•
Required items: Email, mobile phone number, login ID, gender, date of birth, name, service usage record, access log, cookie, access IP information, payment record
•
Optional: occupation, anniversary, marital status, hobbies, health information, religion
6. Destruction of personal information In principle, when the purpose of processing personal information is achieved, the personal information is destroyed without delay. The procedure, deadline and method of destruction are as follows.
①Destruction procedure
The information entered by the user is transferred to a separate DB after achieving the purpose. It is stored for a certain period of time or destroyed immediately according to internal policies and other related laws. At this time, personal information transferred to the DB will not be used for any other purpose unless required by law.
②Destruction time
If the retention period of personal information has elapsed, the user's personal information is destroyed within 5 days from the end date of the retention period. When the personal information becomes unnecessary, such as the achievement of the purpose of processing the personal information, the abolition of the service, or the termination of the business, the personal information is destroyed within 5 days from the date when it is deemed unnecessary.
③How to destroy
Information in the form of electronic files uses a technical method that cannot reproduce the records.
7. Matters concerning the installation, operation and rejection of automatic personal information collection devices
Hyperity does not use ‘cookies’ that store information subject's usage information and call it from time to time.
8. Privacy information Office
① Hyperity is responsible for the handling of personal information, and has designated the Personal Information Protection Responsibility Department as follows to handle complaints by the data subject related to personal information processing and remedy.
Privacy information Office
② You can inquire about any personal information protection inquiries, complaints, damage relief, etc. that occurred while using Hyperity's service to the department in charge.Hyperity will answer and process your inquiries without delay.
9. Privacy Policy Change
① The personal information processing policy is effective from the effective date. In the event that there are additions, deletions, and corrections of changes in accordance with laws and policies, we will notify you through the notice 7 days prior to the implementation of the changes.
10. Measures to secure the safety of personal information. In accordance with Article 29 of the Personal Information Protection Act, technical, administrative and physical measures are taken to ensure safety as follows.
① Regular self-audit
In order to secure stability related to the handling of personal information, we conduct self-audit on a regular basis (once a quarter).
② Minimization and training of personnel handling personal information
We are taking measures to manage personal information by designating employees who handle personal information.
③ Establishment and implementation of internal management plan
For the safe handling of personal information, we have established and implemented an internal management plan.
④ Technical measures against hacking
In order to prevent the leakage and damage of personal information due to hacking or computer viruses, security programs are installed and technical / physical monitoring and blocking.
Periodically update and inspect, and install the system in an area where access is controlled from the outside.
⑤ Encryption of personal information
The user's personal information is encrypted and stored and managed. Only you can know, and sensitive data uses separate security functions such as encrypting file and transmission data or using the file lock function.
⑥ Storage of access records and prevention of forgery
We keep and manage records accessing the personal information processing system for at least 6 months. Security functions are used to prevent access records from being forged, stolen, or lost.
⑦ Restrict access to personal information
We take action through granting, changing, and canceling access to database systems that process personal information.
Intrusion prevention system is used to control unauthorized access from the outside.