Privacy Policy

The following are the general principles of the privacy policy of Consalad's Malang Maker service.

Article 1 Purpose of Collection and Use of Personal Information

Malang Maker shall not use your personal information beyond the scope notified in this Article except with your consent or in accordance with the provisions of laws and regulations. The purpose of using the collected personal information is as follows.

Article 2 Items and Methods of Collecting Personal Information

  1. Items of Personal Information Collected

The items of personal information collected by Malang Maker include items that are required for the user to use the service and items that are optional.

  1. Required items: Content usage history, device identification value
  2. Optional items: Information such as membership number (in case of social integration)

Malang Maker does not collect sensitive personal information (such as race and ethnicity, ideas and beliefs, origin and place of birth, political opinions and criminal records, health and sexual life) that may violate your basic human rights.

Malang Maker may collect and use automatically generated information (information that is automatically generated in the process of fulfilling the service contract, such as log records) that can be collected without consent in accordance with laws and regulations within the scope of the purposes described in the required consent (if the customer individually agrees to the optional consent, it will also be collected and used for that purpose).

Malang Maker may use or provide the collected personal information by processing it into statistical data that cannot recognize individuals.

The following information may be generated and collected in the course of business processing such as service use or inquiries.

  1. User's mobile device information (model name, OS version, mobile firmware version, device license number), IP address, cookies, last access location
  2. User's PC information (browser information, OS version), IP address, cookies, etc.
  3. Records of using location-based related services (location information)
  4. date and time of access, service usage records

In the process of using free/paid services, if it is unavoidably necessary for payment (recovery and refund, etc.), email address, confirmation of purchase details, real name and proof of family relationship to confirm the fact of payment by someone other than the user may be required.

Payment information such as credit card payments is subject to the privacy policy of the applicable payment company.

  1. How we collect personal information

Malang Maker collects personal information in the following ways.

  1. through the service subscription process
  2. automatically collected in the process of using the Service
  3. complaints or reports from yourself or others
  4. Automatic collection through the generated information collection tool
  5. Collected through a separate consent process for promotions and events
  6. automatically collected through platforms that have a partnership with the Company in providing services
  7. voluntarily provided by the user when responding to customers during service subscription and use, or collected after request by necessity

By signing up for Malang Maker, you are deemed to have agreed to the collection of personal information for the Malang Maker service.

Article 3 Retention and Use of Personal Information

Malang Maker may retain and use the user's personal information collected while the user maintains membership, and may use and store personal information for 30 days from the time of membership withdrawal for the purpose of managing withdrawn members and preventing and managing service-related disputes. However, despite the user's withdrawal from membership or loss of membership, the following information shall be retained for the period specified for the following reasons, and shall not be subject to the user's right to suspend or delete processing.

  1. commercial books and important documents and slips related to business: 10 years - important documents, 5 years - slips (Commercial Act)
  2. Books and supporting documents related to transactions: 5 years (National Tax Act, Corporate Income Tax Act, Value Added Tax Act, etc.)
  3. Subscriber's telecommunication date, telecommunication start'end time, telecommunication number, etc. of the other party, usage seconds, location tracking data of information and communication devices connected to the telecommunication network: 12 months (Communications Secrets Protection Act)
  4. Log records, IP addresses, etc. necessary to provide verification of communication facts: 3 months (Communications Secrets Protection Act)
  5. Records on display/advertising: 6 months (Act on Consumer Protection in Electronic Commerce)
  6. Records of contract or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce)
  7. Records of consumer complaints or dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)

Article 4 Veto of consent and disadvantages of refusal, etc.

Users have the right to refuse consent to the collection and use of personal information. However, if you refuse to consent, you may be restricted from using the service.

Article 5 Procedure and Method of Destruction of Personal Information

In principle, Malang Maker destroys personal information without delay after the purpose of collecting and using personal information is achieved. However, if personal information must be preserved in accordance with relevant laws and regulations, it shall be destroyed in a non-reproducible manner without delay after the expiration of the relevant period, and the company's personal information destruction procedures and methods are as follows.

  1. Procedure for destroying personal information

The information entered by the user is transferred to a separate database (hereinafter referred to as DB) after achieving the purpose of collection and use (in the case of paper, a separate filing cabinet) and stored for a certain period of time or immediately destroyed in accordance with internal regulations and other relevant laws and regulations. In this case, the personal information transferred to the DB will not be used for any other purpose unless permitted by law.

  1. Personal information destruction period

If the retention period of personal information has elapsed, the personal information shall be destroyed without delay (within 5 business days unless there is a justifiable reason) from the date the personal information is no longer required due to the achievement of the purpose of processing the personal information, the abolition of the service, or the termination of the business. If it is necessary to retain member data for a certain period of time for reasons such as confirmation of transaction-related rights and obligations under the provisions of relevant laws such as the Commercial Act, we will retain member data for a certain period of time as follows.

  1. If the customer is notified in advance and individual consent is obtained: Retention period in accordance with the consent
  2. Records on contract or withdrawal of subscription: 5 years
  3. Records of payment and supply of goods: 5 years
  4. Records on customer service and cooperation with relevant investigative agencies against illegal users: 1 year
  5. How to destroy personal information

Personal information written in written forms such as subscription applications or printed on paper shall be destroyed by shredding, incinerating, or dissolving by chemical treatment, and personal information stored in electronic files shall be destroyed using technical methods that make it impossible to reproduce the records.

Article 6 User's rights and how to exercise them

Users may view or modify their registered personal information at any time, and may request access to their personal information.

You may request the suspension of personal information processing at any time, and we may refuse your request to suspend processing in cases where there are special provisions in the law.

You may withdraw your consent to the collection, use, and provision of personal information at any time by agreeing to use the Malang Maker service (signing up for existing members).

If you wish to withdraw your consent (withdrawal of membership) at any time, you can apply directly through the customer center.

If you request correction of errors in your personal information, we will not use or provide such personal information until the correction is completed. In addition, if you have already provided incorrect personal information to a third party, we will notify the third party without delay of the results of the correction process so that the correction can be made.

Malang Maker will respond in good faith to a customer's request for access to, verification of, or correction of personal information, and will correct or delete personal information without delay if it is deemed necessary to correct or delete such information, such as if it is found to contain errors or to have exceeded the retention period.

Malang Maker handles personal information that has been terminated or deleted at the request of the user as specified in Article 5 and does not allow it to be viewed or used for any other purpose.

Article 7 Provision of Collected Personal Information to Third Parties

Malang Maker will use your personal information within the scope notified in Article 1, and will not use it beyond the scope of consent or disclose your personal information to the outside without your prior consent, except in the following cases.

  1. if the user has consented to the provision to a third party in advance
  2. when it is necessary for the settlement of fees for the provision of services
  3. in accordance with the provisions of laws and regulations or when requested by investigative and supervisory authorities in accordance with the procedures and methods set forth in laws and regulations for the purpose of investigation and investigation
  4. When necessary for statistical compilation, academic research, or market research, and when a specific individual is processed and provided in a form that cannot be recognized.

In other cases where it is necessary to provide personal information to a third party for the purpose of providing better services, the Company shall obtain the user's consent in advance by specifying the person to whom the personal information is provided, the purpose of using the personal information by the person to whom the personal information is provided, the items of personal information to be provided, the period of retention and use of personal information by the person to whom the personal information is provided, the fact that the user has the right to refuse consent to the provision of information, and the disadvantages of refusing consent. We may use and provide personal information with caution in the following cases.

  1. Partnership

We may provide or share your personal information with our affiliates in order to provide you with better services. When providing or sharing personal information, we will notify the customer in advance of who the affiliate is, what items of personal information are provided or shared, why such personal information is provided or shared, and how it is protected and managed for a period of time by individually notifying the customer in writing or by e-mail to seek consent, and if the customer does not agree, we will not provide or share the personal information with the affiliate. We will also notify or seek consent in the same manner when there is a change in the affiliate relationship or when the affiliate relationship is terminated.

  1. Sale, Merger, Acquisition, etc.

In the event of the transfer of all or part of the business, or the transfer of the rights and obligations of the Service Provider due to merger, inheritance, etc., the Customer shall be notified in order to ensure the rights of the Customer regarding personal information protection.

Article 8 Consignment of Personal Information Processing

Malang Maker entrusts some of the personal information processing tasks that are essential for the service to an external company, and in order to ensure that the entrusted company (trustee) safely handles personal information in accordance with personal information-related laws, Malang Maker stipulates the prohibition of processing personal information other than the purpose of the entrusted task, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the trustee, and responsibilities such as compensation for damages through the "Personal Information Processing Entrustment Agreement".

If it is necessary to entrust the processing of personal information to fulfill the service provision contract and improve the convenience of users, the consent to entrustment shall be replaced by the disclosure of this Privacy Policy pursuant to Article 25, Paragraph 2 of the Information and Communication Network Act, and if the contents of the processing entrustment or the entrustee in this regard change, the Company shall disclose it through this Privacy Policy without delay.

The Company entrusts the following tasks to external companies to fulfill service provision contracts and improve member convenience.

  1. When entrusting the processing of personal information
  2. Purpose of consignment: Data storage Trustee: Amazon Web Services Inc. Retention and use period: Until the purpose of use is achieved (according to the retention and use period of personal information) or until the consignment contract is terminated

Article 9 Measures to secure the safety of personal information

In accordance with the Personal Information Protection Act, Malang Maker takes technical, administrative, and physical measures necessary to ensure safety as follows.

  1. Conducting regular self-audits

We regularly conduct self-audits to ensure the safety of personal information handling.

  1. Minimization and training of employees handling personal information

We take measures to minimize personal information by designating and limiting the number of employees who handle personal information to those in charge. The minimum number of employees is as follows.

  1. those who directly deal with users and perform marketing tasks
  2. Persons who perform personal information protection duties, such as the personal information protection officer and person in charge
  3. those who are required to process personal information for other business purposes

When hiring new employees, we prevent information leakage by employees in advance by signing an information protection pledge or privacy pledge, and we have established and continuously implement internal procedures to audit the implementation of the privacy policy and compliance by employees. When employees leave the company, they sign a non-disclosure agreement to ensure that they do not damage, infringe, or disclose personal information that they have learned in the course of their duties. The handover of personal information-related processors is carried out thoroughly while maintaining security, and responsibilities for personal information accidents are clarified after joining and leaving the company.

  1. Establishment and implementation of internal management plan

We have established and implemented an internal management plan for the safe handling of personal information. Malang Maker is not responsible for what happens due to the mistakes of individual users or basic Internet risks. If the loss, leakage, alteration, or damage of personal information is caused by an internal manager's mistake or technical management accident, the company will immediately notify the customer and take appropriate measures and compensation.

  1. Technical measures against hacking, etc.

Malang Maker installs security programs, periodically updates and inspects them, installs systems in areas with controlled access from the outside, and monitors and blocks them technically and physically to prevent leakage and damage of personal information due to hacking or computer viruses.

  1. Encryption of personal information

The user's personal information is encrypted, stored and managed so that only the user can know it, and important data uses separate security functions such as encrypting file and transmission data or using a file lock function.

  1. Retention of access records and prevention of forgery

Records of access to the personal information processing system are kept and managed for the period required by relevant laws and regulations, and security functions are used to prevent access records from being falsified, stolen, or lost.

  1. Restriction of access to the personal information processing system

The Company takes necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and controls unauthorized access from the outside using an intrusion prevention system.

  1. Use of locks for document security

Documents containing personal information, auxiliary storage media, etc. are stored in a safe place with a lock.

  1. Access control for unauthorized persons

We have a separate physical storage location for personal information and have established and operated access control procedures for it.

Article 10 **Civil Service for Infringement of Personal Information

The Company has a personal information protection officer as follows. If you have any questions regarding your personal information, please contact us at the personal information below. We will respond to your inquiries promptly and sincerely.

Person in charge of personal information management

Position: CEO

Name: Seyoon Kang

Phone number : 070-7555-1850

Email : [email protected]

If you need to report or consult about other personal information infringement, you can contact the following organizations.

Article 11 Transmission of Advertising Information

If Malang Maker transmits advertising information through electronic media to conduct customer-oriented marketing, such as information on third party products and services, new products or events, it shall obtain the prior consent of the customer to transmit advertising information and take measures to ensure that the customer can easily recognize that it is advertising information as follows in the subject line and body line of the electronic media.