LION CORPORATION (KOREA) ("Company") processes personal information for the following purposes. The processed personal information is not used for any purpose other than the following, and any modification to the purpose of use will be subject to necessary measures, such as obtaining additional consent under Article 18 of the Personal Information Protection Act.
1. Purposes of processing personal information
(1) Membership subscription and management on website
Personal information is processed for the purposes of user verification, management of members whose identity has been verified, identity verification, service application, marketing data through statistical analysis, product delivery, service provision, and content provision.
(2) Handling of complaints
Personal information is processed for the purposes of identification of civil petitioners, verification of civil petitions, contact and notification for fact-finding, and notification of processing results.
2. Processing and retention period of personal information
The Company utilizes the collected personal information for the following purposes:
(1) The Company processes and retains personal information within the period for retention and use of personal information under the laws and regulations or the period for retention and use of personal information agreed by the data subjects upon the collection of their personal information.
(2) The period for processing and retention of each personal information is as follows:
- Membership subscription and management on website: Until membership cancellation
However, if an investigation or inquiry is underway under the relevant laws and regulations, the period is until the investigation or inquiry is completed.
3. Provision of personal information to third parties
(1) The Company processes the personal information of the data subjects only within the scope specified under Article 1 (Purposes of processing personal information), and provides personal information to third parties only where the provision falls under Article 17 of the Personal Information Protection Act, such as the consent of the data subject and special provisions in other laws.
(2) In no case whatsoever does the Company uses personal information of users or provides thereof to third parties outside the scope notified in the Purposes of the Collection and Use of Personal Information unless otherwise consented by the data subject or permitted under the relevant laws and regulations.
- Where personal information of users is provided or shared, the Company will individually notify users of the entity who is provided or shared with, what its major business is, which items of personal information are provided or shared, and what the purpose of provision or sharing of personal information is, etc. via email or written document, and then obtain their consent. In addition, users will be able to withdraw their consent at any time even if they agree to provide their personal information.
- An exception will apply in the event where it is required under the relevant laws and regulations or demanded by an investigatory authority according to the procedure and method prescribed under the laws and regulations.
4. Consignment of personal information processing
(1) The Company consigns the processing of personal information as follows for smooth processing of personal information.
- Consignee: DFLUX C&C
- Consigned tasks: System operation for provision of the Services
- Provided information: All member information
- Consigned tasks: System operation for provision of the Services
- Period of retention and use of provided information: Upon withdrawal from the membership or upon termination of the consignment agreement
5. The rights and duties of data subjects and the method to exercise such rights
(1) The data subject may exercise the following privacy rights against the Company at any time:
- Requesting an access to personal information;
- Requesting a correction if there is an error, etc.;
- Requesting a deletion;
- Requesting a suspension in the processing.
(2) The rights under paragraph 1 may be exercised in writing, by telephone, by email, or by fax, and the Company will take action without delay.
(3) Where the data subject requests for correction or deletion of any errors, etc. in his/her personal information, the Company does not use or provide such personal information until the correction or deletion is completed.
(4) The rights under paragraph 1 may be exercised through an agent, such as a legal representative of the data subject or an authorized person. In this case, the data subject must submit a power of attorney pursuant to the attached Form 11 of the Enforcement Rule of the Personal Information Protection Act.
(5) The data subject must not invade the personal information and privacy of the data subject or a third party in violation of the relevant laws and regulations, such as the Personal Information Protection Act.
6. Items of personal information processed
The Company processes the following items of personal information.
(1) Membership subscription and management on website:
Required: Name, date of birth, gender, ID, password, phone number, and address;
Optional: Email address, job, cookies, access log, and access IP.
(2) The following items of personal information may be automatically generated and collected during Internet service use:
IP address, cookies, MAC address, service use history, website activity, etc.
7. Destruction of personal information
(1) The Company destroys personal information without delay when personal information becomes no longer required due to reasons, such as the expiration of the retention period for personal information or the fulfillment of the processing purpose.
(2) Where it is necessary to preserve the personal information in accordance with other laws and regulations despite the expiration of the retention period for personal information agreed by the data subject or the fulfillment of the processing purpose, such personal information will be transferred to a separate database or preserved in a different storage location.
(3) The procedure and method of destructing personal information are as follows.
- Destruction procedure:
The Company selects personal information where the reason for destruction arises and destroys the personal information after obtaining approval from the privacy officer of the Company.
- Destruction method:
The Company destroys personal information recorded and stored in the form of electronic files by using methods that render the records unrestorable, such as low-level format, and destroys personal information recorded and stored in paper documents by shredding them with paper shredders or by means of incineration.
The Company enforces the following measures to ensure the safety of personal information:
(1) Administrative measures: Establishment and implementation of internal management plans, periodic training of employees, etc.
(2) Technical measures: Management of authorities to access the personal information processing system, etc., installation of an access control system, encryption of unique identifier information, and installation of security software.
(3) Physical measures: Access control of computer rooms, data storage rooms, etc.
9. Matters concerning the installation, operation and rejection of automatic personal information collection devices
(1) The Company uses "cookies" that store and frequently import user information to provide personalized Services to users.
(2) A cookie is a small amount of information sent by the server (http) used to run the website to the user's computer browser, and it may be stored on the hard disk of the user's computer.
A. Purpose of using cookies: They are used to provide optimized information to users by identifying their visits and usage patterns, popular search terms, security connections, etc. for each of the Services and website they visit.
B. Installation, operation and rejection of cookies: Users can reject cookies from being saved by accessing Tools < Internet Options < Personal Information menu at the top of the browser.
C. Your refusal of the cookies from being saved may give rise to difficulties in the use of customized Services.
10. Privacy officer
(1) The Company is fully responsible for processing personal information and appoints a privacy officer as follows for handling complaints and damage relief of data subjects related to personal information processing.
▶ Customer Service Representative
▶ Privacy Officer
▶ Privacy Manager
(2) The data subject may contact the privacy officer and the department in charge for all inquiries, complaints handling, damage relief, etc. related to personal information that arise during the use of the Services (or business) provided by the Company. The Company will respond to and process inquiries from the data subject without delay.
11. Request to access personal information
The data subject may request the following department to access his/her personal information under Article 35 of the Personal Information Protection Act. The Company will strive to rapidly handle the request to access personal information filed by the data subject.
12. How to remedy infringement on rights and interests
The data subject may inquire about damage relief, counseling, etc. for any infringement on personal information to the following institutions.
<As the following institutions are unrelated to the Company, please contact the following if you are not satisfied with the complaint handling of the Company and the results of damage relief or if you require further assistance>
▶ Privacy Infringement Reporting Center (operated by the Korea Internet & Security Agency)
- Affairs handled: Reporting privacy infringement and requesting consultation
- Website:
privacy.kisa.or.kr
- Contact: +82-118 (no area code)
▶ Personal Information Dispute Mediation Committee
- Affairs handled: Application for personal information dispute mediation, collective dispute mediation (civil remedy)
- Website:
www.kopico.go.kr
- Contact: +82-1833-6972 (no area code)
▶ Cybercrime Investigation Division, Prosecution Service: +82-2-3480-3573 (
www.spo.go.kr)
▶ Korean National Police Agency Cyber Bureau: 182 (
http://cyberbureau.police.go.kr)
(1) This Privacy Policy will come into effect on March 1, 2020.
(2) Previous privacy policies are available below:
