DMDisplay Corporation (hereinafter referred to as ‘DMDisplay’ or the ‘Company’) thoroughly abides by domestic privacy protection regulations, including the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the ‘Information and Communications Network Act’) and Personal Information Protection Act, in all stages of DMDisplay services, from service planning to termination. DMDisplay also provides services in accordance with international standards, including the OECD Privacy Guidelines.
Some contain policies that are required by relevant laws and regulations for Privacy Policies, and others are included as DMDisplay judges these to be important to protect the personal information of users.
- 2.Collected Personal Information
- 3.Use of the Collected Personal Information
- 4.Provision and Entrustment of Personal Information
- 5.Destruction of Personal Information
2.Collected Personal Information
Users who have not subscribed to DMDisplay can still enjoy the same level of services provided to DMDisplay subscribers, such as searching for information or viewing the news. However, if the user subscribes to DMDisplay to use personalized or subscription-based services, including email, calendar, café or blog services, a minimum amount of personal information, which is necessary for service use, will be collected by DMDisplay.
The following personal information is collected when users subscribe to DMDisplay.
- Users’ ‘ID, password, name, date of birth, gender, mobile phone number used to verify subscription’ is mandatory information that is collected when the user subscribes to DMDisplay. If the date of birth provided by the user shows that the user is a minor under the age of 14, information on the user’s legal representative (the legal representative’s name, date of birth, gender, duplication information (DI) and mobile phone number) is also collected. The user can decide whether to allow DMDisplay to collect their email address.
- If subscription is made with an organization's ID, organization ID, password, organization's official name, email address, mobile phone number used for subscription verification are mandatory information collected. Name of the representative, member name(s) to issue password(s) and email address(es) can be collected additionally based on user(s)'s choice.
The following personal information is collected while users use the service.
Additional personal information may be collected from users of specific DMDisplay services while the user uses the service, participates in an event or applies for a prize. If additional personal information is collected, the user is provided with guidelines on the ‘collected personal information, the purpose of collecting and using personal information, and the personal information storage period’ and is asked whether the user agrees to the collection and use of the information.
The IP address, cookies, service usage records, device information, and location information can be generated and collected during service use.
In other words, 1) the information communications service provider may automatically generate information about the user while the user uses the service and save (collect) the information, or 2) the information is collected after information that is unique to the user’s device is safely converted so that the original value is unidentifiable.
Details on the collection and storing of location information when using DMDisplay’s location-based services are regulated on “DMDisplay Location Information User Agreement”.
DMDisplay uses the following methods to collect personal information.
- Personal information is collected if the user agrees to the collection of personal information and personally inserts the information during the subscription process or during service use.
- User’s personal information is collected through the webpage, email, fax or phone during consultations that are provided at the customer center.
- Personal information is collected through documents at events or seminars that are held offline.
- Personal information is acquired by external companies or organizations that are in partnership with DMDisplay. In such an event, the partnering company will provide the information to DMDisplay after obtaining consent from the user to provide their personal information to DMDisplay, as is required to do so by the Information and Communications Network Act.
- Information that is generated, such as device information, is automatically generated while the user uses the PC web or mobile web/app and collected.
3.Use of the Collected Personal Information
DMDisplay uses personal information only for purposes described below, which includes managing subscribers, developing, providing and improving services, and creating a safe internet user environment.
- Personal information is used to confirm user’s intent to subscribe to DMDisplay, verify the user’s age and consent from the user’s legal representative verify the identity of the user and legal representative, identify the user, confirm the user’s intent to unsubscribe from DMDisplay, and for other subscriber management purposes.
- Personal information is used to provide existing services, including contents and advertisement, and also used to analyze demo graphic data, service visitations and use records, create relationships between users based on users’ personal information and areas of interest, provide customized services based on information on friends and areas of interest, and discover other elements that can be used to develop new services and/or improve existing services.
- Personal information is used to restrict users who have violated laws, regulations and DMDisplay’s User Agreement from using the service, prevent and restrict actions that interfere with seamless service operation, including any delinquent actions, prevent account fraud and illegal transactions, deliver notices on agreement updates, store records on dispute mediation, handle civil petitions and for other user protection and service operation purposes.
- Personal information is used to verify the user’s identity when providing premium services, make purchases and payments and to deliver product and services.
- Personal information is used to provide information on events and provide opportunities to participate, to provide advertisement and for other marketing and promotion purposes.
- Personal information is used to analyze service use records and access frequencies, calculate statistics on service use, analyze services and provide customized services based on statistics, and place advertisements.
- Personal information is used to relieve users in circumstances that involve security, privacy and safety and to build a usable service environment.
4.Provision and Entrustment of Personal Information
As a rule, DMDisplay does not provide personal information to any external party without consent from the user
DMDisplay does not provide personal information to any external party without consent from the user. However, personal information is provided only when the user has personally agreed to the provision of their personal information in order to use external partner’s services, when DMDisplay is obligated to submit personal information in accordance with related laws and regulations, and to resolve emergency situations where the user’s life or safety is confirmed to be endangered.
5.Destruction of Personal Information
As a rule, the Company destroys personal information immediately after the user unsubscribes from the service.
However, personal information can be stored safely for a designated amount of time, even after the user unsubscribes, if DMDisplay has obtained separate consent from the user to store the personal information for a certain amount of time, or if the Company is obligated by law to store the information for a specific time period.
DMDisplay will obtain separate consent from the user to store their personal information for a specific time period in the following situations.
To prevent fraudulent subscriptions and misuse, records of misuse, including records on fraudulent subscriptions and disciplinary actions, are collected, stored, and destroyed after six (6) months. Mobile phone numbers that are used to verify subscriptions (the legal representative’s DI if the subscriber is under the age of 14) is included as personal information in the records of misuse.
To prevent illegal transactions, protect law-abiding users and guarantee an environment that ensures safe transactions, records of fraudulent transactions with DMDisplay Pay (ID, name, mobile phone number, shipping address, IP address, cookie, device information), which includes payment thefts, illegal money accommodation through credit cards and other actions that violate related laws, regulations or the User Agreement, will be collected and stored for 3 years and will be destroyed afterwards.
Statutes, including the Act on the Consumer Protection in Electronic Commerce, Electronic Financial Transactions Act, and the Protection of Communications Secrets Act, require DMDisplay to store the information for a period of time, as described below. DMDisplay will store the personal information for the period prescribed by law and will never use the information for other purposes.
- Act on the Consumer Protection in Electronic Commerce
- Records on subscription or withdrawal of subscription: Store for five (5) years
- Records on payment settlements and supply of goods: Store for five (5) years
- Records on customer complaints or dispute settlements: Store for three (3) years
- Electronic Financial Transactions Act
- Records on electronic finance: Store for five (5) years
- Protection of Communications Secrets Act
- Records on sign-in: Store for three (3) months
Personal information is immediately destroyed to an unrestorable state once the purpose of the information collection and storage has been fulfilled, which includes the user’s unsubscription from the service, termination of a service, or expiration of the personal information storage period that was approved by the user. Personal information that was stored due to obligations imposed by law is immediately destroyed to an unrestorable state once the storage period has expired.
Personal information stored in electronic files is safely deleted using technical methods and information printed on paper is shredded or incinerated to prevent it from being restored for regenerated.
FYI, DMDisplay has implemented the ‘Personal Information Validity Period Plan’, which separately stores and manages the personal information of subscribers who have not used the service for one (1) year.
6.User and Legal Representative’s Rights and How to Exercise Those Rights
- Users can go to ‘DMDisplay My Information > Subscriber Information’ to view or update their personal information at any time.
- Users can go to ‘Subscription Withdrawal’ to withdraw their consent to the collection and use of their personal information at any time.
- If the user is a child under the age of 14, the child’s legal representative has to right to view and update the child’s personal information, and to withdraw the consent to the collection and use of the child’s personal information.
- If a user requests that errors in their personal information be corrected, the personal information that is to be corrected cannot be used or provided until the corrections are made. If incorrect personal information has already been provided to a third party, the corrected information will be immediately notified to the third party so that necessary corrections can be made.
7.DMDisplay’s Efforts to Protect Personal Information
DMDisplay is doing our best to safely manage our users’ personal information and is protecting personal information at a level that exceeds standards required by the Information and Communications Network Act and the Personal Information Protection Act.
Personal information is being encrypted.
Passwords, personally identifiable information, account numbers and credit card numbers are encrypted as required by law. Email address and mobile phone numbers are also encrypted and stored.
Personal information is safely protected from internal and external security risks.
DMDisplay installs our systems in controlled areas that cannot be accessed from the outside in order to prevent users’ personal information from being leaked or damaged as a result of hackings or computer viruses. Personal information is backed-up on a regular basis as preemptive measures against possible damages done to personal information, and the latest vaccine programs are used to prevent any leakage or damage of users’ personal information. Encoded communication is also used to transfer personal information safely through networks.
Employees that handle personal information are kept to a minimum.
Employees that handle personal information are kept to a minimum. The responsible employees’ work PCs are blocked so that it cannot access external internet services, reducing the possibilities of personal information from being leaked. DMDisplay continuously stresses the importance of personal information protection, and how protecting our subscribers’ personal information is our utmost priority. DMDisplay provides training to personal information-handling employees on a regular basis and frequently holds training and campaigns for all DMDisplay employees.
A separate organization is operated exclusively for personal information protection.
In 2007, DMDisplay became the first company in Korea to create a Customer Information Protection Team. To date, the Personal Information Protection Team, and the Information Protection Office the team belong to, frequently executes technical/managerial protective measures to ensure that all DMDisplay employees properly abide by their obligation to protect users’ personal information.
DMDisplay is audited by domestic and international certification authorities for our user information protection activities.
DMDisplay is regularly audited by external organizations with the international information security standard ISO/IEC 27001:2013 and the Korean information security standard PIMS·ISMS for our information protection activities. Auditing standards provided by the American Institute of Certified Public Accountants (AICPA) is used to verify DMDisplay’s internal service control levels and the results are published in the form of a SOC report.
8.The Chief Privacy Officer and the Responsible Personnel
DMDisplay has designated the following persons as the Chief Privacy Officer and Personal Information Manager. They will be responsible for answering DMDisplay users’ inquiries regarding personal information and resolving any related complaints.
- Chief Privacy Officer
- Name : Lim Jae Woon
- Affiliation and Position : CEO
- Phone : +82-2-6911-2774
- Email : info@DMDisplay.com
- Personal Information Manager
- Name : Yu mi hye
- Affiliation and Position : Magager
- Phone : +82-2-6911-2774
- Email : info@DMDisplay.com
Contact the organizations shown below to file reports or seek consultation for other privacy infringements.
10.Obligation to Notify Before Amendments
- Notification date: June 7, 2017
- Effective date: June 15, 2017