CoinBin (hereinafter “company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. As the company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the company’s policies, customers are recommended to pay frequent visits to our website and check details.
1. Personal Information Items Collected
The Company shall collect and use the following essential personal information. The company shall give pre-notification to the member when the company collect the personal information of member.
· Verification of a user’s identity via mobile phone authentication: date of birth, gender, name, mobile phone number, nationality, telecommunications provider that the user uses the mobile service subscription.
· Verification of a user’s bank account: name of bank, account number, name of account holder
· Additional authentication: ID card (any remaining information masked except for date of birth), image, deposit transaction records, the certificates of transfer, age confirmation.
The company shall collect personal information during providing the service.
· The device information (OS, screen size, device ID, mobile phone number, UID, UUID, IMEI), IP address, the records of use of service, the status information of user, cookie
· For paid service: information required for the payment such as credit card information, telecommunications service provider information, gift card number
2. Collection and Use of Personal Information
(The purpose of use) The Company shall use customers’ personal information for the following purposes:
· Member identification, verification, management and maintenance of membership, prevention of use of service by fraudulent members
· All types of notification, adjustment of difficulties, dispute conciliation
· Affiliated service with partners, payment and calculation
· Notification of new service development and event, the use for marketing and advertisements
· Records of use of services, analysis of frequency of access, statistics of use of services, service environment development in aspect of privacy protection, providing customized service, service improvement
Investigation of hacking/frauds, delivery of information when the legitimate investigation is required
· Web service and event which are fit in member’s interests, giveaway event, advertising information such as promotion, operation of space for member’s participation, notification of the result of winning prizes at events/giveaways and delivery of products
(Period of Use)
The company shall use only for the period of use based on the purpose of collection and use of users’ personal information. The Company shall immediately destroy personal information upon withdrawal of membership. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.
· Records on agreements or withdrawal of offers: five (5) years
· Records on payments and the supply of goods: five (5) years
· Records on the handling of customers’ complaints and disputes: three (3) years
· Records on electronic finance: (5) years
· Log-in records (3) months
3. Provision and Commission of Personal Information
(Provision of personal information to the third party)
The company shall not provide personal information to third party. If the users agree the provision of personal information to third party, the company provides the personal information to third party per requests of submitting personal information in accordance of related legislation. The company provides personal information upon the agreement of users to the third party list is as below;
(Commission of processing personal information)
The company commits parts of personal information to third party for providing various services and is managing/supervising to not violate any related legislations. The entity receiving personal information list is as below;
4. Destroying Personal Information
|Entity receiving personal information
|NICE Information Service
||SMS authentication service to verify the mobile phone owner and occupation, identification of bank account holder
||Until withdrawal of membership or termination of a partnership agreement
||Until withdrawal of membership or termination of a partnership agreement
The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes (the period of retention and use of personal information), it shall be retained in accordance with the following provisions. The company shall immediately destroy those personal information afterwards the period of retention and use described in the relevant statutes.
Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.
5. Rights of Users and Legal Representatives and Methods for Exercising Their Rights
Users can exercise the following rights to the personal information.
· Right to demand access to personal information
· Right to demand correcting errors in personal information, if any
· Right to demand the deletion of personal information
· Right to demand the suspension of personal information processing
Users can check and modify personal information and may withdraw their consent to the ‘collection and use of personal information’. If user requests the correction in their personal information, the company shall neither use nor provide such personal information until such errors are corrected. If the personal information is already provided to the third party, the company immediately notifies the request of the correction to the entity that received the personal information and let the entity to correct the information.
The company shall not collect personal information of children under 19 years of age. However, the legal representatives of children under 19 years of age may exercise the rights to the personal information of themselves or such children (the rights to demand access, correcting, deletion and the suspension of personal information processing of children).
6. Measures for Ensuring the Security of Personal Information
The Company has implemented the following measures required for ensuring security under the Personal Information Protection Act.
(Establishment and implementation of an internal management plan)
the company exercises the establishment and implementation of an internal management plan.
(Limitation of access to the personal information)
the company controls the access by authorization, revision and cancellation of access rights and blocks unauthorized external access by using the access control methods such as firewall system.
(Access control against unauthorized person)
the company has established and operates a procedure for controlling entry to and exit from physical sites where personal information is stored.
(Locks for document security)
The company also stores and manages documents and supplementary storage mediums containing personal information at locations secured with locks.
(Technological protection measures)
The company installs, operates and maintains security program to prevent the leakage of personal information caused by hacking, external unauthorized infringement and virus of computer. The company has established and operates those measures in the separate sites where the external access is controlled and the company also blocks and supervises the external access in physical and technological aspects.
(Encryption of personal information)
The sensitive information such as password are stored and managed after encryption. The company transfers those information through the encrypted network.
7. The Person in Charge of Managing Personal Information
The company appoints the person in charge of managing the member’s information to protect users’ personal information in safe while processing users’ personal information.
(The person in charge of managing personal information)
· Name: Kyu-Chul Lee
· Title: The person in charge of managing personal information
· Contact: 1661-7211
· E-mail: email@example.com
Customers who wish to contact the person in charge of managing personal information and the related department at the company may contact him/her at the telephone number or by e-mail above. We will answer your inquiries on the protection of personal information swiftly and sincerely.
You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.
·Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
·Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 1301
·Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 182
·Personal Information Response Center (http://privacy.kisa.or.kr): 118
Guideline that is caused by changes in the government’s policies or security technologies on the Notices menu on its homepage seven (7) days before the effectuation of such addition, deletion or modification. In case that changes occur in the rights or obligation of users, the company shall notifies changes before thirty (30) days before the effectuation of modification.
9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies
(Definition of cookies) Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server.
the company may read the contents of cookies stored at such a customer’s web browser, provide better services and improves service for easier use. Users can use the service with easier process.
(Installation, operation and rejection of cookies)
all customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed)
(How to reject cookies setting)
· Internet Explorer: Tools > Internet Options > Personal Information > Personal Information Management Level
· Chrome: Setting > Advanced > Personal Information – Content Setting > Cookie Level
· Safari: Setting > Personal Information > Level of Cookie and Web Site Data
10. Notices of guideline of processing personal information modification
This guideline of processing personal information shall enter into force on April 15, 2018.