Monday, April 15, 2024

Cosmorning Privacy Policy

Cosmorning (hereinafter referred to as the 'company') establishes the following personal information processing guidelines to protect the personal information of information subjects and to handle complaints related to them promptly and smoothly in accordance with Article 30 of the Personal Information Protection Act Disclosure. When the company revises the privacy policy, it will be notified through the notice on the company website (or individual notice).

Article 1 (Purpose of processing personal information)

The company processes personal information for the following purposes. Personal information being processed will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

  1. Homepage membership registration and management
    Confirmation of intention to sign up for membership, identification/authentication by provision of membership service, maintenance/management of member status, identification by implementation of limited identification system, prevention of illegal use of services, processing of personal information of children under 14 years of age Personal information is processed for the purpose of confirming the consent of the legal representative, various notices and notifications, and handling grievances.
  2. We process personal information for the purpose of providing goods or services, delivery of goods, provision of services, delivery of contracts and invoices, provision of contents, provision of customized services, identity verification, age verification, bill payment and settlement, debt collection, etc.
  3. Personal information is processed for the purpose of verifying the identity of the complainant, confirming the complaint, contacting and notifying for fact-finding, and notifying the processing result.

Article 2 (Processing and retention period of personal information)

  1. The company processes and retains personal information within the period of retention and use of personal information according to the law or within the period of retention and use of personal information consented to when collecting personal information from the information subject.
  2. Each personal information processing and retention period is as follows.
    1. 1. Homepage member registration and management: Until withdrawal from the homepage.
      However, in the case of the following reasons, until the relevant reason ends
      1. 1) If an investigation or investigation is in progress due to a violation of related laws, until the end of the relevant investigation or investigation
      2. 2) In the event of remaining credit/debt relations due to the use of the website, until the settlement of the related credit/debt relations
    2. 2. Provision of goods or services: Until the completion of supply of goods or services and completion of payment or settlement
      However, in the case of the following reasons, until the end of the relevant period
      1. 1) Records on transactions, such as indications and advertisements, contract details and performance, in accordance with the 「Consumer Protection Act in Electronic Commerce, Etc.」
        • - Records on display and advertisement: June
        • - Record of contract or subscription withdrawal, payment, supply of goods, etc.: 5 years
        • - Records on consumer complaints or dispute handling: 3 years
      2. 2) Storage of communication confirmation data in accordance with Article 41 of the Protection of Communications Secrets Act
        • - Subscriber telecommunication date and time, start/end time, subscriber number of the other party, frequency of use, originating base station location tracking data: 1 year
        • - Computer communication, Internet log record data, access tracking data: 3 months

Article 3 (Consignment of personal information processing)

  1. The company entrusts the following personal information processing tasks to provide smooth service.
    1. - Entrusted person (consignee): Mediaon Co., Ltd.
    2. - Contents of entrusted business: Site maintenance
    3. - Consignment period: Until the end of the site maintenance contract
  2. In accordance with Article 25 of the Personal Information Protection Act, the company manages and supervises whether the trustee handles personal information safely, such as prohibition of processing personal information for purposes other than the purpose of consignment, technical and managerial protection measures, and restrictions on re-entrustment.
  3. If the contents of the entrusted business or the consignee are changed, we will disclose it through this personal information processing policy without delay.

Article 4 (Rights and Obligations of Data Subjects and Exercising Methods)

  1. The information subject can exercise the following personal information protection related rights against the company at any time.
    1. 1. Request to view personal information
    2. 2. Request for correction if there are any errors
    3. 3. Deletion request
    4. 4. Request for suspension of processing
  2. The exercise of rights under Paragraph 1 can be done in writing, by phone, e-mail, fax, etc. to the company, and the company will take action without delay.
  3. If the information subject requests correction or deletion of personal information errors, the company will not use or provide the personal information until the correction or deletion is completed.
  4. The exercise of rights pursuant to Paragraph 1 can be done through an agent, such as a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with Attachment No. 11 of the Enforcement Rules of the Personal Information Protection Act.
  5. The information subject must not violate the personal information and privacy of the information subject or others handled by the company in violation of related laws such as the Personal Information Protection Act.
  6. The company verifies whether the person who made the request, such as a request to view, a request for correction or deletion, or a request to suspend processing according to the rights of the information subject, is the person or a legitimate agent.

Article 5 (Items of personal information to be processed)

The company handles the following personal information items.

  1. Homepage member registration and management
    1. - Required items: name, date of birth, ID, password, gender, email address, nickname
    2. - Optional items: address, phone number, profile picture
  2. When providing goods or services
    1. - Required items: Information necessary for payment, such as name, date of birth, ID, password, address, phone number, email address, i-PIN number, credit card number, bank account information, etc.
  3. In the course of using the Internet service, the following personal information items may be automatically generated and collected.
    1. - IP address, cookie, MAC address, service use record, visit record, bad use record, etc.

Article 6 (Destruction of personal information)

  1. The company destroys the personal information without delay when the personal information becomes unnecessary, such as when the personal information retention period has elapsed or the purpose of processing has been achieved.
  2. If personal information must be kept in accordance with other laws and regulations despite the expiration of the personal information retention period agreed to by the information subject or the achievement of the purpose of processing, the personal information is moved to a separate database (DB) or stored in a different storage location. and preserve it.
  3. The procedure and method of destroying personal information are as follows.
    1. 1. Destruction procedure
      The company selects the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the person in charge of personal information protection of the company.
    2. 2. Destruction method
      The company destroys personal information recorded and stored in the form of electronic files so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incinerating.

Article 7 (Measures to Ensure Safety of Personal Information)

The company takes the following measures to ensure the safety of personal information.

  1. Administrative measures: Establishment and execution of internal management plans, regular employee training, etc.
  2. Technical measures: Management of access rights such as personal information processing system, installation of access control system, encryption of unique identification information, etc., installation of security program
  3. Physical measures: access control in computer room, data storage room, etc.

Article 8 (Matters Regarding the Installation, Operation and Rejection of Automatic Personal Information Collection Devices)

  1. The company uses 'cookies' that store and retrieve usage information from time to time in order to provide personalized services to users.
  2. Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser, and is also stored on the hard disk of the user's PC computer.
    1. 1. Purpose of use of cookies: It is used to provide optimized information to users by identifying the types of visits and use of each service and website visited by the user, popular search words, security access, etc.
    2. 2. Installation, Operation, and Rejection of Cookies: You can refuse to save cookies by setting options in the Tools > Internet Options > Personal Information menu at the top of the web browser.
    3. 3. If you refuse to save cookies, you may experience difficulties in using customized services.

Article 9 (Person in charge of personal information protection)

  1. The company is responsible for overall handling of personal information processing, and has designated the person in charge of personal information protection as follows to handle complaints and damage relief of information subjects related to personal information processing.
    Personal Information Protection Officer Department in charge of personal information protection
    • Name : Huh Kang-woo
    • Position : Director
    • Contact : 02-338-8470
    • Department name : Cosmorning
    • Person in charge : Huh Kang-woo
    • Contact : 82-2-338-8470
  2. The information subject can inquire about all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's service to the person in charge of personal information protection and the department in charge. The company will respond to and process inquiries from information subjects without delay.

Article 10 (Remedy for Infringement of Rights and Interests)

The information subject can inquire about damage relief and consultation for personal information infringement to the following institutions.

<The organizations below are separate organizations from the company. If you are not satisfied with the company's own personal information complaint handling and damage relief results, or if you need more detailed help, please contact us>

  1. Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
    1. - Responsibilities: Report personal information infringement, apply for consultation
    2. - Website:
    3. - Phone: (without area code) 118
    4. - Address: (58324) 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong) 3rd floor Personal Information Infringement Reporting Center
  2. Personal Information Dispute Mediation Committee
    1. - Jurisdiction: personal information dispute mediation application, collective dispute mediation (civil settlement)
    2. - Website:
    3. - Phone: (without area code) 1833-6972
    4. - Address: (03171) 4th floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul
  3. Supreme Prosecutor’s Office Cyber ​​Crime Investigation Team : 02-3480-3573 (
  4. National Police Agency Cyber ​​Security Bureau : 182 (

Article 11 (Change of Privacy Policy)

  1. This privacy policy is effective from 2019-10-30