1. Purpose of Collection and Use of Personal Information
Intome (hereinafter "Company") processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
- Membership registration and management: Maintenance and management of membership status, prevention of fraudulent use of services, various notifications
- Provision of goods or services: Service provision, content provision, customized service provision
- Payment and settlement: Invoice delivery, fee payment, fee collection
- Customer support: Customer consultation and complaint handling, delivery of notices
- Marketing and advertising: Development of new services and provision of customized services, provision of events and promotional information
2. Personal Information Items Collected
The Company processes the following personal information items.
Required Items
- Email address
- Password (stored encrypted)
Optional Items
- Phone number
- Wedding information (wedding date, venue, bride/groom information, etc.)
- Bank account information (for gift money guidance)
- Payment information (orderer email, phone number)
Automatically Collected Items
- IP address, cookies, visit date and time
- Service usage records, improper usage records
3. Retention and Use Period of Personal Information
The Company processes and retains personal information within the personal information retention and use period pursuant to laws or the personal information retention and use period agreed upon when collecting personal information from the data subject.
Upon Membership Withdrawal
Personal information is destroyed without delay upon membership withdrawal. However, if it is necessary to preserve information under relevant laws, it will be retained for the period specified by such laws.
Retention Under Relevant Laws
- Records on contracts or withdrawal of subscription: 5 years (E-Commerce Act)
- Records on payment and supply of goods: 5 years (E-Commerce Act)
- Records on consumer complaints or dispute resolution: 3 years (E-Commerce Act)
- Website visit records: 3 months (Protection of Communications Secrets Act)
4. Matters Concerning Entrustment of Personal Information Processing
The Company entrusts personal information processing as follows for smooth personal information processing.
| Trustee | Entrusted Tasks | Retention and Use Period |
|---|
| Google Analytics | Service usage statistics analysis | 1 year |
| Cloudflare R2 | Image file storage | Until membership withdrawal or termination of entrustment contract |
| PortOne | Payment processing | 5 years under the E-Commerce Act |
5. Procedures and Methods for Destruction of Personal Information
The Company destroys personal information without delay when it is no longer needed due to expiration of retention period or achievement of processing purpose.
Destruction Procedure
Information entered by users is transferred to a separate DB after the purpose is achieved (separate documents in case of paper) and destroyed after a certain period according to internal policies and other relevant laws, or immediately destroyed.
Destruction Method
- Electronic file format: Deleted using technical methods that prevent record reproduction
- Paper documents: Shredded or incinerated
6. Provision of Personal Information to Third Parties
The Company processes personal information of data subjects only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as consent of the data subject or special provisions of law.
In principle, the Company does not provide users' personal information to external parties. However, the following cases are exceptions.
- When the user has given prior consent
- When required by investigative agencies according to procedures and methods prescribed by law for investigation purposes
- When provided in a form that cannot identify specific individuals for statistical compilation, academic research, or market research
7. Rights of Users and Legal Representatives and How to Exercise Them
Data subjects may exercise the following rights related to personal information protection against the Company at any time.
- Request to view personal information
- Request for correction if there are errors
- Request for deletion
- Request to stop processing
The above rights can be exercised through written request, phone, email, or fax to the Company, and the Company will take action without delay. Also, the rights of data subjects to view and request to stop processing personal information may be restricted pursuant to Articles 35(4) and 37(2) of the Personal Information Protection Act.
8. Measures to Ensure Safety of Personal Information
The Company takes the following measures to ensure the safety of personal information.
- Administrative measures: Establishment and implementation of internal management plan, regular employee training, etc.
- Technical measures: Access authority management for personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
- Physical measures: Access control to computer rooms and data storage rooms
9. Personal Information Protection Officer
Personal Information Protection Officer: Kim Yeon-hee
Contact: 0507-1406-9555 / [email protected]
This Privacy Policy is effective from November 1, 2024.
Company Information
- Deorot
- Business Registration Number: 258-04-02508
- CEO: Kim Yeon-hee
- Address: 1st Floor, 7 Uicheon-ro 30-gil, Dobong-gu, Seoul, 01381
- Contact Number: 0507-1406-9555
- Email: [email protected]