1. What and How Personal Information is collected

A. Which Personal Information is collected

• Collection of mandatory information: the user’s ID, password, name, date of birth, sex, and contact information is collected upon signup.
• Collection of optional information: minimal additional information (optional information) may be collected to provide more specialized services. However, there are no restrictions on the use of the service even if there is no optional information provided.

B. How Personal Information is Collected

The Company collects personal information in the following ways.

• Homepage, mobile, written form, fax, phone, customer center inquiry, email, event application, delivery request
• Provision from partner companies
• Collection through generating information collection tool

C. Processing of Unique Identification Information

The Company collects personal information in the following ways.

• Unique identification information refers to the Personal Information Protection Act Article 24 (1) and Article 19 of the Enforcement Decree of the Personal Information Protection Act "Information set by the Presidential Decree", and refers to resident registration number, passport number, driver's license number and alien registration number.
• The Company collects and processes unique identification information for the following purposes.
  • Obligations to use transaction and payment service
  • Imposing the duties incurred by the spot prize winner
  • Complaint handling, etc.
• Collected unique identification information is not used or provided for purposes other than the purpose of collecting personal information except for the case specified in the Personal Information Protection Law and other laws, and it is encrypted and managed safely.

2. Purpose of Collection and Use of Personal Information

A. Fulfillment of Contracts Related to the Provision of Services and Settlement of Fees Due to Service Provision

Providing content, providing customized service, shipment of goods or invoice, self-identification, purchase and payment, collection of fees

B. Membership Management

Membership service provision, personal identification, restrictions on use of members in violation of the Terms and Conditions, acts or services that interfere with the smooth operation of the service, fraudulent use of the service, confirmation of subscription, restriction of subscription and the number of subscriptions, confirmation of legal representative's consent at the time of collection of a child under age 14, confirmation of legal representative's consent at the time of payment of a minor under age 19, confirmation of legal representative's identity later, preservation of records for dispute settlement, complaint handling, notification, confirmation of withdrawal(secession) of membership

C. Develop New Services and Utilizing it in Marketing and Advertising

Providing new service development and customized service, providing service according to statistical characteristics, showing advertisement, validating service, providing event information and participation opportunity, providing advertisement information, Identifying access frequency, statistics on a member's service use

3. Sharing and Providing Personal Information

The Company shall use the personal information of the users within the range specified in "2. Purpose of Collection and Use of Personal Information", and shall not use the personal information beyond the scope without prior consent of the user and will not disclose the personal information to the outside. However, the following exceptions apply.

A. If the User Agrees in Advance

If there is a situation where the Company will share or provide personal information separately with the third party for the purpose of providing the service, the Company shall notify or get consent of the member in advance in accordance with the "Act on Promotion of Information Network Usage and Information Protection, etc." and the "AfreecaTV Personal Information Processing Policy". However, in case of providing personal information according to service and providing personal information according to the event, if there is difficulty in revising the personal information processing policy due to service partnership and event proceeding which occur frequently, the member can check the details of the service provision.

This is a list that provides personal information to external content providers or developers to use event applications provided. In other words, users who do not use the following services will not provide personal information. It is the case where the user voluntarily provides his / her personal information to a third party in order to use the service, and the company also informs the user 'the person who is provided with the personal information, the purpose of providing, the personal information item to be provided, and the period of use', and obtains explicit and individual consent.

This is a list that provides personal information to game developers or operators to use the provided games. In other words, users who do not use the game will not provide personal information. It is the case when a user voluntarily provides his / her personal information to a third party for use of the game, and the company also informs the user 'the person who is provided with the personal information, the purpose of providing, the personal information item to be provided, the period of use', and obtains explicit and individual consent.

B. If in accordance with the provisions of the law, or if there is a request by the investigating agency in accordance with the provisions of the Act or the procedure and method prescribed by the Act for the purpose of investigation

4. Consignment of Processing Personal Information

In order to improve the service, the company consigns personal information as follows, and in accordance with the relevant laws and regulations, when a consignment contract is made it is ensured that the personal information is securely managed.

The company's personal information consignment processing agency and consigned business contents are as follows.

※ Some services can be consulted by external content providers (CP) for payment and refunds.

5. Storage and Use Period of Personal Information

In principle, the personal information of the user is destroyed without delay when the purpose of collecting and using the personal information is achieved. However, the following information will be preserved based on saving clause of Article 29 of the Act on Promotion of Information and Communication Network Promotion and Information Protection, etc. for the preservation period specified by the following reasons for storage. In order to comply with Article 21, Paragraph 3 of the Personal Information Protection Act, It is stored in separate safe storage space.

A. Reason for Preserving Information by Internal Policy

• Reason for preservation: Prevention of confusion and misuse (unauthorized subscription, unusual use of services, etc.) in using services such as dissatisfaction and dispute settlement of consumers at the time of membership withdrawal
• Preserved items: ID, identification code(CI.ID)
• Preservation period : 6 months

B. Reason for Preserving Information by Relevant Laws

If it is necessary to preserve the information in accordance with the relevant laws and regulations, such as the Commercial Act, the Consumer Protection Act in Electronic Commerce, etc., the Company will keep the member information for a certain period as stipulated by related laws and regulations. In this case, the Company will only use the information according to the purpose of keeping it, and keep it for the period of preservation according to the grounds stated in the reason for preservation. If the period of preservation is terminated, the personal information of the user will be deleted without delay.

- Reasons of record preservation regarding contracts or membership withdrawal: Act on Consumer Protection in Electronic Commerce etc. Preservation period: 5 years
- Reasons of record preservation regarding payment and goods supply: Act on Consumer Protection in Electronic Commerce etc. Preservation period: 5 years
- Reasons of record preservation regarding e-banking transaction: Act on e-banking transaction: 5years
- Reasons of record preservation regarding consumer’s complaint or resolution of dispute: Act on e-banking transaction of consumer protection: 3years
- Reasons of record preservation regarding visiting of website: Protection act on communication secret: 3 months

6. Procedures and Methods of Personal Information Deletion

In principle, the personal information of the user is deleted without delay when the purpose of collecting and using the personal information is achieved. However, the information that should be kept by other laws and regulations will be deleted immediately after separate separation and storage for a period set by the statute.

A. Deletion Procedure

• If the purpose of collecting and using personal information of the user is accomplished, it will be deleted without delay and if it should be stored according to other laws and regulations, it will be transferred to a separate DB and will be deleted without delay after being safely kept for a certain period in compliance with relevant laws and regulations.
• This personal information will not be used for any purpose other than the purpose for which it is being held, except as provided in laws and regulations.

B. Deletion Methods

• Personal information printed on paper is a destroyed by a grinder or by incineration.
• Personal information stored in an electronic file is deleted using a technical method so it cannot be restored.

C. Personal Information Expiration System (Inactive Account Policy)

• The personal information of the service user who is in a dormant state without a service use record for one year is separately stored and managed separately from the user's personal information. However, if there is a request from the dormant service user, the personal information will be provided again when the service is resumed.
• The company will notify the users by e-mail etc. before 30 days before transition into an inactive account.
• Separated and stored personal information will not be used or provided unless otherwise specified in other laws and regulations. In addition, personal information that has been separated and archived will be deleted without delay at the time specified in the related laws and will be notified to users by e-mail or other means before 30 days from the time of deletion.

7. Rights of Users and Legal Representatives and How to Exercise Them

• Users and legal representatives may access or modify the personal information of the registered person or his / her children under the age of 14 at any time. If the user does not consent to the processing of personal information by the Company, he / she can refuse his / her consent or request to unsubscribe (secession). However, in such cases it may be difficult to use some or all of the services.
• To access or modify the personal information of a user or a child under the age of 14 years, click 'Change membership information' (or 'Edit membership information'), and to cancel the subscription (withdraw the consent), click the "unsubscribe" button for a verification process and then correct or withdraw the subscriber.
• Or, in writing to the personal information manager, please contact the Company by phone or email and action will be taken without delay.
• If the user requests correction of the error of personal information, the Company will not use or provide the personal information until the correction is completed. Also, if wrong personal information is already provided to a third party, the Company will notify the third party without delay and make correction.
• The Company will process personal information that has been terminated or deleted at the request of the user or legal representative as described in "5. Retention and Use Period of Personal Information" and is prohibited from being viewed or accessed for other purposes.

8. Installation, Operation and Rejection of Automatic Collection of Personal Information

A. What are Cookies?

• The Company uses 'cookies' to frequently store and retrieve information of users in order to provide personalized and customized services.
• Cookies are very small text files sent to the user's browser by the server used to run the website and stored on the user's hard disk. When a user visits a website, the website server is used to maintain the user's preferences and provide customized services by reading the contents of cookies stored on the user's hard disk.
• Cookies do not automatically / actively collect information that identifies individuals, and the user can deny or delete these cookies at any time.

B. The Company's Purpose of using Cookies

It is used to provide optimized and customized information including advertisement to users by understanding the types of visits and usage of services and websites visited by users, popularity queries, security access, news editing, and user size.

C. Installation / Operation of Cookies and Refusal

• The user has the option of installing cookies. As a result, by setting options the user can allow all cookies in your web browser, or check each time a cookie is saved, or refuse to save all cookies.
• However, if the user refuses to store cookies, some services that require login may be difficult to use.
• How to specify whether to allow installation of cookies (for Internet Explorer) is as follows.

  ①From the [Tools]menu, select [Internet Options].
  ② Click the [Privacy] tab.
  ③You can set [Privacy level].

9. Technical and Administrative Protection Measures of Personal Information

The Company takes the following technical and administrative measures to ensure the safety of personal information in order to prevent the loss, theft, leakage, alteration or damage in handling personal information of users.

A. Password Encryption

The password of the member ID is encrypted and stored and managed. Only the member knows it, and the confirmation and change of personal information is possible only by the person who knows the password.

B. Measures against Hacking

The Company is doing its best to prevent leakage or damage of personal information of members caused by hacking or computer virus. In order to prevent personal information from being damaged, the Company is backing up the data from time to time. The latest vaccine program is used to prevent personal information or data from being leaked or damaged, and enable to securely transmit personal information on the network through encrypted communication. The Company uses intrusion prevention system to control unauthorized access from outside, and try to have all possible technical devices to secure it the systematically.

C. Minimize and systematic training the Processing Staff

The personal information processing staff of the Company is limited to the person in charge, and a separate password is given to update it regularly. The Company constantly emphasizes the compliance with the personal information processing policy through regular training for the person in charge.

D. Operation of Personal Information Protection Department

In addition, through the internal personal information protection department, the Company checks the implementation of the personal information processing policy and compliance with the person in charge, and is working to correct and rectify any problems that are found. However, the Company shall not be held responsible for damages that are not attributable to the Company, even though the Company has fulfilled its obligation to protect personal information, such as carelessness of users or accidents in areas not controlled by the Company.

10. Personal Information Manager and Contact Information

You may report all personal information protection complaints arising from your use of our services to the person or department in charge of privacy protection. The Company will respond promptly and adequately to the reports of users.

If you need to report or consult about other privacy infringement, please contact the following organizations.

- Personal Information Dispute Resolution Committee (http://www.kopico.or.kr, Telephone 1336)
- Personal Information Infringement Notification Center (http://privacy.kisa.or.kr / Without an area code 118)
- Supreme Prosecutors’ Office Cyber criminal investigation(http://www.spo.go.kr / 02-3480-3571
- National Police Agency Cyber security bureau(http://www.ctrc.go.kr / Without an area code 182)
- Illegal Juvenile harmful information(http://www.singo.or.kr / Without an area code 1377)

11. Others

The Company may provide users with links to other companies' websites or materials. In this case, the Company has no control over external sites and materials, so we cannot be responsible for and cannot guarantee the usefulness of the services or materials provided. If you click the link that the company provides and move to the page of another site, please check the policy of the new site because the policy of the site is not affiliated with the Company.

12. Obligation of Notification

In case of addition, deletion and modification of the content in accordance with the modification of the security policy or security technology, this Personal Information Processing Guidelines shall be announced at least 7 days before the implementation of the changed personal information policy through the "notification".

• Personal Information disposal directive version No v38.0
• Personal Information disposal directive(enforcement date): May 10, 2017
• Personal Information disposal directive(date of change notice): May 2, 2017