Privacy policy
Significance of the Privacy Policy
Lee & Koo (the Korean name is "리앤쿠", hereinafter referred to as the "Company") and the users in relation to the use of the service provided by the Company, "Shortshock" (hereinafter referred to as the "Service") complies with all relevant laws and regulations related to the protection of personal information, including the Personal Information Protection Act, the Protection of Communications Secrets Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the "Information and Communications Network Act"), as well as notifications, directives, and guidelines established by government agencies. This Privacy Policy transparently provides information related to personal information, such as what data is collected by the Company, how the collected data is used, with whom it is shared (entrusted or provided), and when and how the data is destroyed once the purpose of its use has been achieved.
Consent to the Collection and Use of Personal Information
The Company provides this Privacy Policy, which includes details related to the collection and use of personal information, at the time of user registration. By selecting the "Agree" button, users are deemed to have consented to the collection and use of their personal information for the purposes of establishing and fulfilling a service usage contract and identifying users.
Article 1 [Items of Personal Information Collected and Collection Methods]
The Company collects and processes personal information as follows to facilitate user registration, customer support, payment for paid services, and the provision of various services and contract fulfillment.
- Items of Personal Information Collected
• Upon User Registration
- When registering via social login: The user's social media ID (or email address format ID) and name (or nickname), profile image, social login generation number.
- When registering via email: The email address, password, and name (or nickname) used.
• Automatically Generated Information
- During service usage, the following information may be generated and collected:
- App push permissions, device model, OS information, device token, Google Advertising ID (ADID), Apple Advertising ID (IDFA).
- IP address, cookies, visit date and time, usage records, service usage records.
• For Paid Service Payment
- If necessary for payment, information such as credit card details, bank transfer information, carrier information, gift card numbers, and other payment-related information may be collected.
• For Events, Promotions, Prize Distribution, Service Inquiries
- Additional information may be collected after notifying users of the purpose and retention period and obtaining consent.
- Collection Methods
The Company provides prior notice and seeks consent from users regarding the purpose of collection, items collected, and retention/use period when collecting personal information. The following methods are used to collect personal information:
• When users provide consent and directly input information during the registration process or while using services.
• When information is provided by affiliated partners or third parties due to partnerships.
• When information is automatically generated during the use of mobile applications, websites, etc.
• When information is voluntarily provided by users during the service usage process.
Article 2 [Purpose of Collecting Personal Information]
The Company uses the collected personal information for the following purposes:
- Fulfillment of service contracts, fee settlement for paid services, content provision, billing for paid service usage, purchases, and payment.
- Personal identification for membership services, prevention of unauthorized use, duplicate registration verification, dispute resolution, complaint handling, and notifications.
- Development of new services, provision of customized services, verification of service effectiveness, analysis of access frequency, statistics on service usage, and provision of event and advertising information.
Article 3 [Retention and Use Period of Personal Information]
The Company will destroy personal information without delay when the user requests withdrawal, withdraws consent for the collection and use of personal credit information, when the purpose of the collection/use has been achieved, or when the retention period has expired. However, the following information may be retained for the periods specified below:
- Membership Registration and Management: From the time of registration until withdrawal (however, in cases of ongoing investigations or disputes, until their conclusion).
- In case of legal violations under relevant laws: Until the investigation or legal proceedings are concluded.
- For refund, reimbursement, or settlement of debts/claims: Until the settlement is completed, using necessary information such as name, phone number, and account number.
- Service Provision: Until the service is fully delivered and payment/settlement is completed.
• Records related to electronic financial transactions: 5 years.
• Records related to contract or subscription withdrawal, payment, and supply of goods: 5 years.
• Records related to consumer complaints or disputes: 3 years.
• Records related to display/advertising: 6 months.
• Website visit records: 3 months.
• Advertising/Marketing: Until consent is withdrawn or the user withdraws.
Even if the application is deleted, personal information may not be deleted unless a withdrawal request is made. To completely delete your personal information, please ensure to request withdrawal.
Article 4 [Handling and Entrustment of Collected Personal Information]
For service improvement, the Company entrusts the operation of personal information to external contractors or services as specified below, and destroys the relevant personal information without delay upon the termination of the entrusted tasks.
Article 5 [Installation, Operation, and Rejection of Automatic Collection Devices]
- To provide users with specialized and customized services, the Company may operate cookies (connection information files) that store and retrieve user information. The Company identifies user computers through cookies but does not personally identify users.
- For refund, reimbursement, or settlement of debts/claims: Until the settlement is completed, using necessary information such as name, phone number, and account number.
• Purpose of Using Cookies, etc.: To analyze user access frequency, visit times, identify user preferences and interests, track traces, target marketing, and provide personalized services.
• Installation, Operation, and Rejection of Cookies: Users have the option to manage cookies. Users can set the cookie allowance level in their web browser [Tools -> Internet Options -> Privacy -> Advanced]. However, if all cookies are rejected, some services may be difficult to provide.
- The Company may use an automated system to analyze user service usage information to provide customized content, personalized ads, and other functionalities tailored to the user's usage patterns. The Company may also use this analysis to detect spam, malware, illegal access, and other misuse..
Article 6 [Procedures and Methods for Destroying Personal Information]
The Company promptly destroys the personal information once the purpose of processing is achieved.
- he Company destroys personal information using the following methods:
• Electronic Files: File deletion and formatting of storage media such as disks.
- Procedures for Destroying Personal Information of Dormant Accounts
• In accordance with applicable laws, the Company converts the personal information of accounts that have not logged in for more than one year into dormant accounts and manages them separately to protect personal information.
• Dormant Account Information: All information collected/managed during registration or through updates.
• The Company will notify the user of this action via email one month before the dormant account information is separated.
• Personal information from dormant accounts will be destroyed without delay three years after the separation date. However, if the user requests service reactivation, the information may be provided again.
Article 7 [Measures to Ensure the Security of Personal Information]
To prevent the loss, theft, leakage, forgery, alteration, or damage of personal information, the Company takes necessary administrative and technical measures to ensure its security.
- Administrative Measures
• Establishment and implementation of an internal management plan.
• Minimization of personal information processing staff and training.
- Technical Measures
• Management of access rights to personal information processing systems.
• Installation of access control systems.
• Application of encryption technology or equivalent measures for unique identification information.
• Installation and updating of security programs.
• Storage and protection of access records to prevent forgery and alteration.
Article 8 [User and Legal Representative Rights and Their Exercise Methods]
To prevent the loss, theft, leakage, forgery, alteration, or damage of personal information, the Company takes necessary administrative and technical measures to ensure its security.
- Users may exercise the following personal information protection rights at any time with the Company:
• Request access to personal information.
• Request correction of errors, if any.
• Request deletion.
• Request suspension of processing.
- The above rights can be exercised by submitting a written request, phone call, or email to the Company (aj.koo@shortshock.net), and the Company will take appropriate action without delay.
- When a user requests correction or deletion of personal information due to errors, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
- The above rights may also be exercised by the user's legal representative or a delegated representative. In this case, a power of attorney following the prescribed form must be submitted.
- Users must not infringe on the privacy and personal information of the Company or others by violating the Personal Information Protection Act or related laws.
Article 9 [Designation of Personal Information Protection Officer]
The Company designates the following person as the Personal Information Protection Officer to protect users' personal information and handle complaints related to personal information
- Personal Information Protection Officer: Ban-seok Koo, CEO
Contact Information: 010-9348-6338 / aj.koo@shortshock.net
- For further inquiries or complaints related to personal information breaches, please contact the following organizations:
• Personal Information Dispute Mediation Committee (www.kopico.go.kr)
• Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
• Supreme Prosecutors' Office Cybercrime Investigation Team (1301 without area code)
• Cybercrime Investigation Team of the National Police Agency (http://cyberbureau.police.go.kr / 182 without area code)
Article 10 [Changes and Notices to the Privacy Policy]
If there are any additions, deletions, or changes to the current Privacy Policy due to changes in the Company’s policies, government policies, or security technologies, the Company will notify users at least 7 days before the changes take effect through notifications on the application or website. The changed Privacy Policy will take effect 7 days after the notification.
Article 11 [Google Privacy Policy and YouTube API Services Terms of Use]
Supplementary Provisions
- This Privacy Policy applies from September 1, 2024.
- For further inquiries or complaints related to personal information breaches, please contact the following organizations:
• Personal Information Dispute Mediation Committee (www.kopico.go.kr)
• Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
• Supreme Prosecutors' Office Cybercrime Investigation Team (1301 without area code)
• Cybercrime Investigation Team of the National Police Agency (http://cyberbureau.police.go.kr / 182 without area code)