pnp.so

PnPSoft Co.,Ltd. (the "Company") complies with all applicable laws and regulations, including the Act on the Promotion of Information Network Usage and Information Protection, and is committed to protecting personal information of customers (the “User”) using the Company's Service.
Through the disclose of the privacy policy, the Company informs users of the purpose and the method for processing personal information and what measures are being taken to protect the personal information.
The Company amends this Policy at any time to reflect changes in the relevant laws or its internal policy, so Users should review the policy periodically when using or applying for the Service.

1. Information to be collected and method of collection

1. Personal information items to be collected

• ① The Company collects and uses the following personal information from the user when using the service for the first time in order to provide the Service, customer consultation, and various services.
• ② Necessary information: Company name, number of employees, business registration number, corporation registration number, visit path, individual’s name, department, title, contact information, e-mail address, cell phone number, phone number.
• ③ The following types of information may be automatically generated and collected during the service usage process and business process - IP Address, Cookie, Visit Date and time , Service Usage Record, and Bad Usage Records.
• ④ When using paid services, the following information may be collected. - For account transfer: Bank name, account number etc.
• ⑤ The following information may be collected in case of providing the Service, requiring legal deputy's consent , and requiring identity verification to comply with applicable laws - name, date of birth, gender, domestic/foreign, mobile phone number(cell phone number), mobile carrier information, i-pin information, personal identification number (CI. DI), contact list

2. Methods of collection

The Company collects personal information in the following ways:

• ① Through Homepage, written form, telephone, consultation board, email, event entry
• ② Provided by an affiliate company
• ③ Through information gathering tools, etc.

3. The Company does not require any personal information (such as race or ethnicity, ideology and beliefs, hometown and permanent domicile, political orientation and criminal record, health status, and sex life etc,) that may be of fundamental human rights violation.

2. The purpose of collection and use of personal information

The Company uses collected personal information for the following purposes.

• ① To fulfill the contract related to the provision of services and to charge fees due to the provision of paid services - contents provision, use of fee-based services, payment for purchase and charges or billing, and fee collection.
• ② For customer management – to confirm personal identification and individual identification, to prevent fraudulent use and unauthorized use by bad users, to confirm duplicate application and service usage, to confirm the legal representative’s consent when collecting personal information of children under the age of 14 and the legal deputy's identity, to keep record for dispute adjustment, to deal with complaints and to deliver notices.
• ③ For developing new services and marketing / advertising – to develop new services and to provide customized services, to provide services and ads according to statistical characteristics, to identify the validity of the services and to provide advertisement information
• ④ For customer consultation - to deal with customer inquiries such as service inquiries etc.
• ⑤ Convenience of service provision – Utilize the contact list so that the device user can check and select the device’s contact list

3. Sharing and providing personal information

The Company uses the personal information of the user within the range notified in this section 2 and does not use or share it with others or other organizations without the prior consent of the user. However, with the exception of the following cases.

• ① If the user agrees in advance
• ② If there is a request by the investigating agency in accordance with the procedures prescribed by laws and ordinances for the purpose of remediation
• ③ When necessary for the settlement of the charge according to the service provision
• ④ When required for collaboration among customers regarding service provision
• ⑤ When providing individuals in an unidentifiable form for statistical writing, academic research or market research.

4. Consignment of collected personal information

The Company shall specify the contents and the partners when consigning personal information processing of the user for the performance of the Service, and stipulate necessary matters so that the personal information can be safely managed under the consignment contract and observe the related laws and regulations and supervise them.

5. Period of retention and use of personal information

1. The Company shall dispose personal information of the user without delay when the user wishes to terminate the service usage contract and cancels the consent to the agreement about collection and use of personal information, and if the purpose of collecting and receiving personal information has been fulfilled. However, the following information will be retained for the period of preservation according to the grounds specified on the basis of retention.

• ① Items of retention: company name, number of employees, business registration number, corporation registration number, visiting route, name, department, rank, service use log, access log, cookie, payment records.
• ② Applicable basis for retention : to resolve users’ complaints and disputes, to prevent illegal use of the users, and to cooperate with the relevant investigating agency’s request about illegal users
• ③ Retention period : 6 months

2. If there is a need to retain information according to the provisions of related laws such as commercial law, consumer protection law in e-commerce, etc., the Company can keep personal information of the user for a certain period set by relevant laws and regulations. In this case, the Company will keep the information just for the data retention basis and period specified in this section. Items of data retention, and the basis and period of retention are as follows:

• ① Records of the contract or the withdrawal of the application
  - Basis for retention : Act on Consumer Protection in Electronic Commerce etc.
  - Retention period : 5 years
  
• ② Record of payment and goods supply
  - Basis for retention : Act on Consumer Protection in Electronic Commerce etc.
  - Retention period : 5 years
  
• ③ Records on electronic financial transactions
  - Basis for retention : Electronic financial transaction law
  - Retention period : 5 years
  
• ④ Records of consumer complaints or disputes processing
  - Basis for retention : Act on Consumer Protection in Electronic Commerce etc.
  - Retention period : 3 years
  
• ⑤ Record of identity verification
  - Basis for retention : Act on Promotion of Use of Information and Communication Networks and Information Protection, etc.
  - Retention period : 6 months
  
• ⑥ Record of display / ad
  - Basis for retention : Act on Consumer Protection in Electronic Commerce etc.
  - Retention period : 6 months
  
• ⑦ Website visit history
  - Basis for retention : Communication Confidentiality Protection Act
  - Retention period : 3 months
  

6. Procedures and methods of destroying personal information

In principle, the personal information of the user is destroyed without delay as soon as the purpose of the collection and use of the personal information is achieved. The procedure and method of destroying personal information of the company are as follows :

• ① Procedures of destroying information
  - The information provided by the user for the use application is transferred to a separate DB after the purpose is accomplished and is stored and destroyed for a certain period of time according to the reasons for the information protection by the internal policy and other related laws.
  - The above personal information will not be used for any purpose other than that held by law.
  
• ② Method of destroying information
  - Personal information printed on paper is crushed by a crusher or destroyed by incineration
  - Personal information stored in the form of electronic files is deleted using a technical method that cannot reproduce the record.
  

7. Rights of users and legal deputies and how to exercise them

1. When collecting personal information of children under the age of 14, the company shall obtain the consent of the legal deputy.

2. Users can access or modify their personal information at any time and can request cancellation of usage contracts and deletion of personal information. However, if the users delete the personal information that is necessary to provide the Service, they may not be able to receive the related services.

3. In order to access or modify the personal information of the user or children under the age of 14 years, they need to change the personal information specified in their profile and to terminate the service usage contract(or to withdraw the consent), they need to contact the person in charge of personal information protection by telephone or email or in written form, the company will take necessary measures without delay after identity verification.

4. If it is requested to correct errors in personal information, the personal information will not be used or provided until the correction is completed. Also, if the wrong personal information has already been provided to the third party, the result of the correction process will be notified to the third party without delay and the correction will be made.

5. The Company shall have personal information that has been terminated or deleted at the request of the user or legal deputy in accordance with section 5 (Period of Retention and Use of Personal Information) prohibited from being accessed or used for any other purpose.

8. Installation, operation and refusal of the automatic collection tools of personal information

1. The Company uses cookies to store and periodically identify users’ information in order to provide them with personalized and customized services. A cookie is a small amount of information that a website sends to a user's web browser (Internet Explorer, Firefox, Chrome, etc.).

2. The user has the choice for cookies. The user can either accept all cookies by selecting [Tools]> [Internet Options]> [Privacy]> [Settings] in the web browser, or check each time a cookie is saved, or refuse to store all cookies. However, if you refuse to store all cookies, you will not be able to use the services provided by the company through cookies.

9. Technological and administrative protection measures of personal information

In handling personal information of users, the Company has established technical and administrative measures to ensure that personal information is not lost, stolen, leaked, altered or damaged.

1. Technical measures
- The password of the user is encrypted and cannot be known except the user himself/herself.
- The company can securely transmit personal information over the network through encrypted communication.
- The Company is committed to prevent personal information from being leaked or damaged by hacking or computer viruses.
- The Company is backing up the data from time to time in preparation for the destruction of personal information, and takes measures to prevent damage caused by computer virus by using the latest vaccine program.
- The Company is continuously making efforts to enhance security through measures such as access control, authority management, and vulnerability checks on the system.

2. Administrative measures
- The Company limits access to the personal information of users to the minimum number of people
- The company conducts regular education on personal information handlers on their duty to protect personal information.
- If the department responsible for the protection of personal information recognizes any problem in complying with the privacy policy and the internal regulations, the Company shall strive to rectify them immediately.
- The Company shall not be liable for any damages not attributable to the Company, such as the user’s own carelessness or accidents in the areas not controlled by the Company.

10. Notification of business transfer etc.

If the company transfers all or part of its business or relinquishes its rights and obligations through merger, inheritance, etc., the Company shall notify the following items of the relevant contents to the user.

1. The fact of transfer, merger or inheritance of all or part of business

2. Name, address and contact details of the person who inherited rights and obligation

11. Contact information of Chief Privacy Officer and Data Protection Officer

1. In order to protect the user's personal information and to handle complaints related to personal information, the Company has Chief Privacy Officer and Data Protection Officer as follows

Chief Privacy Officer(CPO)	Chief Privacy Officer(CPO)
Name : kyunglim Kang Rank : CEO Phone : 031-8064-1417 Email : kyunglim.kang@pnpsoft.kr	Name: Changsuk Jin Rank:General Manager Phone : 031-8064-1417 Email : changsuk.jin@pnpsoft.kr

2. Please contact the following organizations if you need to report or consult about other personal information infringement.

3. Personal Information Infringement Notification Center (privacy.kisa.or.kr/ call 118 without area code)

4. The Supreme Prosecutors' Office Cyber Crime Division (cyberid@spo.go.kr/ 02-3480-3571)

5. Cyber Terror Response Center, National Police Agency (www.ctrc.go.kr/ call 182 without area code)

12. General Data Protection Regulation: GDPR

The Company considers and enforces relevant measures for policies and safeguards on the subject of personal information to ensure GDPR compliance, the EU privacy act effective on May 25, 2018.

13. Link site

The Company may provide users with links to other companies' websites. In this case, this Privacy Policy does not apply to collecting personal information from the linked websites.

14. Others

If there is any addition, deletion or change to this Privacy Policies, the Company shall give notices at least 7 days prior to the effective date of the modifications being made by posting them on the homepage.