Coinstep Privacy Policy

 

Blockchain Factory (Here after the Company complies with privacy policies stipulated in relevant laws including Information Communication Network Promotion and Protection of Information Laws, Privacy Laws, Protection of Communications Secrets Act, Telecommunications Business Act which required to be observed by information communication service providers, and we take the security of your personal information very seriously by enacting a policy for handling personal information based on relevant laws.

The company informs how personal information is used for and in what way through the policy for handling personal information and informs you of what actions are taken to protect privacy.

The company will disclose any revisions and its details on the notice board of the homepage (or individual announcement) when the policy is revised. The company discloses any changes made for your easy identification by disclosing version numbers when the policy is changed.

This Privacy policy will be effective from 1 Apr 2018

 

1.      Personal information collected and methods of collection

A.    Personal information collected
The company collects the following personal information when you use the service of Coinstep for the first time for subscribing to a membership (or subscribing for service), customer service and to provide services.

·       Service log

B.    Methods of collecting personal information
The company collects personal information in the following methods.

·       Collection while executing or using Coinstep Program

·       Provided by partners

·       Collection through tools for collecting generated information (including cookie)

·       Collection through voluntary disclosure by user while using the service

·       Essential: name (or nickname), email address, profile photo

You can enter account information to connect to external services selected by you including Google accounts for service.

Lastly, the following information can be automatically generated and collected while using service or while conducting businesses.

 

2.     Collection and use of personal information
The company uses collected personal information for the following purposes.

A.    Provide Coinstep Service
Identification within Coinstep service subscribed by you and connecting accounts set by you including Google and for inviting others

B.    Membership management
Identifying members, preventing disruptive members (members whose access is restricted according to the Article 17 of Terms of Use) from accessing the service and preventing unauthorized accesses, confirm intention to subscribe, record keeping for settle disputes, customer complaints including handling complaints, announcing notices

C.     Use for developing new service and marketing·advertisements
Develop new service and provide customized service, provide service according to statistical features and advertisements, checking validity of service, provide opportunities to participate in promotions or provide advertisements, examining access frequency, statistics on service usage by members

3.     Sharing and providing personal information
The company uses personal information of users within the scope disclosed from "2. Collection and use of Personal Information in principle, and the following information can be disclosed while using our service.

o   When you agree in advance

o   When you agree in advance to use service by third parties in partnership
The company notifies of those receiving personal information, purposes of receiving personal information, personal information provided, period of keeping and using personal information, right to refuse to give consent and disadvantages for not giving consents to users through email or in writing when personal information is provided to third parties. Personal information provided to partners will be limited to essential information including name, profile photo and information on memorable days needed to provide service. We inform details of personal information provided for each service at the time of giving consent. The details of personal information provide can be added/changed while providing service, and if personal information needed to use service provided by partners is changed then we receive additional consent when using service.

o   When authorities request for information according to the provisions by statues or according to procedures and methods stipulated in law for the purpose of investigation

Commissioning of personal information
The company commissions personal information as shown below to improve our service, and we stipulate necessary regulations to safely protect personal information when entering into an agency contract according to relevant laws. The company does not commission personal information to external parties without consents form users. If a need arises in the future, then we will notify the agent and businesses of the agent to users and we will seek consents in advance if needed.

The company states obligations including prohibition of treating personal information other than purposes commissioned according to Privacy Protection Act, technical
·administrative protections, restricting sub-commissioning, supervise·manage the agents, compensation for damages in writing such as the contract and supervise whether the agents are safely treating personal information.
If there are changes in the business of an agent or the agents then we will disclose these through Privacy Policy without delay.
The agents for treating personal information and business of agents for the company are as shown below.

 

 

Agent

Business

Period of keeping and using personal information

AWS

Managing infrastructure to provide service

When withdrawing from the membership or when the contract ends

5.     Period of keeping and using personal information
The company will keep and use personal information while service is provided from the day when you apply for a membership. Personal information will be destroyed without delay in principle when the account is deleted or when the goal for collecting and using personal information is achieved. However, The Company keeps membership information for a certain period required by relevant laws if it is necessary to keep information according to regulations of relevant laws. In this case, the information is used for purpose of keeping only and the period is as shown below.

o   Records on withdrawal from a contract or an agreement: 5 years

o   Records on payments and supply of goods: 5 years

o   Records on customer complaints and dispute resolutions: 3 years

o   Records on accesses: 3 months

o   Records on electronic transactions: 5 years

o   Records on identification: 6 months

o   Name, email address, cell phone number, date and time of accesses, records on illegal access, service records, legal representatives: 30 days

o   Records of illegal access: 1 year

6.     Procedures and methods of destroying personal information
Personal information will be destroyed without delay in principle when the account is destroyed or when the goal for collecting and using personal information is achieved. The procedures and methods of destroying personal information are as shown below.

A.    Procedures
Information entered for subscription by users are kept for a certain period (refer to period for keeping and using) then destroyed once goals are achieved by transferring into a separate DB (separate filing cabinets for paper) according to the Privacy Protection based on internal regulations and relevant laws.

The said personal information will not be used for purposes other than for keeping unless otherwise required by laws.

B.    Methods

·       Personal information printed on papers will be shredded or incinerated.

·       Personal information kept in electronic files will be deleted by technical methods that cannot be restored.

 

7.     Rights, obligations of users and legal representatives and its exercises

o   You or legal representative can make inquiries or request to correct, delete, change or stop using personal information registered for self or child under the age of 14 at any time, and you can refuse to give a consent or request to cancel a membership (withdraw from a membership) if you do not agree with the companys processing of personal information. However, in this case, a part of or all service may not be accessible.

o   You or legal representative can personally withdraw to click Manage Account> Delete Account from Coinstep application

o   We will not use or provide personal information until mistakes are corrected when a user request to correct mistakes in personal information. If wrong personal information has been provided to a third party then we will make corrections by notifying the changes to the third party without delay.

o   The company processes cancelled or deleted personal information as requested by users according to "5. Period of keeping and using personal information" and we make sure that the information is not viewed or used for other purposes.

o   The responsibility for accidents caused by inaccurate information entered by a user lies with the user. You have the obligation to prevent unforeseen accidents by accurately entering up to date personal information.

o   You have the obligation to protect yourself and not violate other persons information as well as the right to be protected of personal information. You should take caution not to leak personal information and not to damage personal information of others including from bulletin boards. If you damage personal information of others or damage the dignity of others by failing to fulfill the above obligations then you can be punished by relevant laws.

o   The company does not collect personal information from minors in principle. When the company needs to collect personal information from minors for making payments for goods purchased then we seek consents from a legal representative in advance, and we will destroy personal information of minors at the time of concluding relevant businesses and we will strictly control personal information of minors while relevant businesses.

 

Technical/administrative protection of personal information
The company takes the following technical/administrative plans for safety to prevent loss, theft, leakage, falsification of or damage to personal information when treating your personal information.

A.    Personal information encryption
The company stores and manages personal information safely through encryption according to relevant laws and internal policies.

B.    Plans for hackings
The company is trying its best to prevent leaking or damaging personal information from hacking or computer viruses.

The company backs up personal information every 6 month in case of damages, prevents personal information from leaking or damaging through up-to-date security patches and firewalls, and safely transmits personal information in networks through encrypted communication.

The company controls unauthorized external accesses through a firewall system, and tries its best to install all possible technical devices to systematically secure security.

·       Minimizing the number of employees treating personal information and training
The company only authorizes a responsible employee to treat personal information and assigned with a separate password which is updated regularly, and emphasizes compliance of Privacy Policy through regular training.

·       Operation of an organization exclusive to protect personal information
The company installed an in-house personal information protection organization to check for compliance of the Privacy Policy and compliance by the employee responsible and rectifies any problems immediately when problems are discovered.

 

However, the company is not responsible for any problems caused by leakage of personal information including ID, password by user negligence or problems with the internet.

9.     Officer responsible for privacy and contact details
You can report any personal information related complaints to an officer responsible for privacy or a responsible department while using the service provided by the company.

The company will quickly and satisfactorily respond to the reports by users.

 

Officer responsible for Privacy

Divison responsible for Privacy

Name: Oh Jinsuk

Email: softland@blockchainfactory.co.kr

Dept: Privacy team

Phone : 070-7721-3264

Email : info@blockchainfactory.co.kr

Fax : 0504-368-6573

10.  Miscellaneous
We inform you that the act of collecting personal information by websites linked to the Coinstep service is not applicable with "Coinstep Privacy Policy".

11.    Obligation of disclosure
The company will notify any addition, deletion and modification in the current Privacy Policy at the homepage, Notice within the service or other easy to noticeable ways at least 7 days prior to any revision. However, the company will notify any major changes in user rights including collection and using of personal information, providing to third parties at least 15 days in advance.

o   Name, email address, profile photo will be disclosed to users connected to Coinstep to identify each other while using Coinstep Service.

o   Name, email address, profile photo will be disclosed to identify a host depending on setting when a user invites others. If contact number is used for invitation then cell phone number will be disclosed to the other party because the invitation is sent by SMS, Kakao Talk, Google or email.

Personal information will not be disclosed to third parties in principle nor used for purposes other than those stated in 2. Collection and use of Personal Information without your consents in advance. However, the followings are excluded.

 

Date enacted: 30 Apr 2018