“Thinkware Corporation” (www.thinkware.co.kr, www.thinkware.com, hereinafter referred to as “the Company”) regard the personal information of the users as very important and has been exerting its best efforts to keep and protect the personal information that the users provide to use the service of the Company (hereinafter referred to as “the Thinkware Service” or “the Service”).
The Company has complied with the Act on the Protection of Personal Information, the Act on Promotion of Information and Communications Network Utilization and Data Protection, Etc., and other regulations on personal information. Through this privacy policy, the Company intends to inform the users of the purpose and method of using the personal information provided by the users, including the measures taken for the protection of such personal information.
When the relevant regulation or the internal policy of the Company is changed, this privacy policy may be amended. Upon the amendment of this privacy policy, the Company shall make a public announcement by posting the details at the membership bulletin board on the Company’s website(www.thinkware.co.kr, www.thinkware.com) or by sending an individual notice thereof.
This Privacy Policy shall be enforced on April 17, 2017.
A. Personal information items to be collected
B. Purpose for collection and use of personal information
C. Period for holding and use of personal information
D. Procedures and methods for destruction of personal information
E. Sharing and provision of personal information
F. Entrustment of handling of the collected personal information
G. Rights of the user and his/her legal representative and methods of exercising such rights
H. Information on installation and operation of the device for the automatic collection of personal information and on refusal thereof
I. Protective measures for personal information in technology and management
J. Person responsible for managing the personal information and civil petition service
K. Information on Inavi’s customer center and duty of notification
1. Personal information collection method
Membership sign-up method ? The Company shall provide the following two (2) methods on the basis of the convenience of using the Thinkware Service and the users’ accessibility to the Service. The user can select one (1) out of the two (2) methods and use the Service provided by the Company after signing up for membership.
| Membership Method | General method | To be member in accordance with the membership procedure on the home page of the Company |
| Method using an SNS account |
To be member through service interworking using an SNS account |
General method refers to becoming a member, like the existing method, by signing up for membership in accordance with the membership procedures at the Company’s official home page (www.thinkware.co.kr). The method using an SNS account refers to becoming a member without undergoing separate membership procedures, through the user’s own mail account (hereinafter referred to as “SNS account”) such as Facebook, Google+, etc. In the latter case, the membership process is progressed by collecting the information provided through Open API from the service that provides the SNS account concerned. Accordingly, upon extinction, termination, closure, or withdrawal of the SNS account, part of the Service to be provided to the Member can be restricted. The user may use the basic service provided by the Company, without a separate member certification. If member certification is required, the user may use the Service using either the ID granted by the Company or the user’s SNS account certification.
1-1 Required items for the SNS account-based membership process
In the case of the user signing up for membership to the Company by using his/her SNS account, the Company shall collect the following information, as registered by the user through Open API from the service providing the SNS account concerned, only upon the user’s first time to sign up for the membership:
| Required items | E-mail, nickname |
1-2 Required items for the general membership process
The Company shall collect the following personal information only upon the user’s first time to sign up for the membership, for the purpose of smooth membership process and customer consultation on the use of the Thinkware Service and the provision of or application for the useful service and new service, etc.:
| Required items | E-mail, password, nickname, ID (if the user is using the ID) |
1-3 Optional items for the membership process
Optional items are the information to be collected by the Company to provide personalized information tailored to users and shall only be collected if such users opt to provide them out of their own will. However, the default value as entered through the SNS service by the user being a member through the SNS account can be automatically provided through the concerned SNS account. Accordingly, any user who does not desire to provide his/her profile photo may, at any time, correct or delete such photo from the Company’s official home page.
| Division | Items | Remarks |
| Optional items 1 | Profile photo, name, telephone number, date of birth,consent to receive SMS and EDM | To be collected upon signing up for the membership |
| Optional items 2 | Address, car owned, and gender | To be collected upon using the services concerned |
1-4 Items to be collected for purchase at the shopping mall, charged service, etc.
The Company shall collect the minimum information that the users opt to provide so that such users can use the shopping mall and the charged service as operated by the Company, by safely purchasing goods, withdrawing purchase, confirming transaction and receiving services, etc. (the Company has been operating the Escrow system of depositing the payment to ensure safe financial transaction of the users).
▶Delivery information: name, address, and telephone number (wire and mobile) of purchaser and requested matters
▶Payment information: the minimum payment information that the users opt to provide in connection with the purchase at the shopping mall and payment of the charged service
- Select payment by credit card: name of credit card company, card number, etc. (Upon online payment, the number of the credit card will be directly transmitted to the payment agent, without being kept by the Company.)
- Select payment by mobile phone: number of mobile phone, carrier, payment approval number, etc.
- Select payment by account transfer: name of bank, etc. (The account number will be directly transmitted to the payment agent, without being kept by the Company.)
- Upon refund: name of bank, account number and name of account holder, etc.
▶Handset information: product registration information as necessary for the use of the Service such as upgrade, theft and loss, etc. (product number and purchase location of the handset)
▶ Legal representative information: information on the legal representative is required upon collection of personal information of a child under 14 years of age.
2. Personal information collection method
To be collected through the home page (upon signing up for the membership), entry for a prize giveaway event, tool for the collection of created information and document form, including the application for use of Inavi Service, etc.
3. Trust of and responsibility for information
The Company completely trusts the information as directly provided by the users signing up for the membership and provides such users with the Service in good faith. In this regard, the Company does not carry out self-verification on the information thus provided. Thus, users are not allowed to be a member of the Company or use the Service by using (for any illegal purposes) the information of other people. Should a claim arise from other people due to the user’s failure to comply with such policy, the concerned user shall be held liable for the information as provided by him/her.
B. Purpose for collection and use of personal information
The Company shall use the personal information to be collected for the following purposes:
1. Perform the contract for providing the Service, settle the service charge payment, provide the contents, deal with the matters on purchase and payment, deliver products, send to the billing address, verify the identity of the user for financial transaction, and provide financial services.
2. Verify the identity of the member using the membership service under the membership management system, identify the member, prevent poor members from using the Service in an unjust manner or without authorization, ascertain the intention to sign up for the membership, check the age, verify whether or not to obtain the consent of the legal representative of a child under 14 years of age upon collection of the personal information of such child, deal with civil petitions, including complaints, etc., and convey notices.
3. Develop new service, specialize marketing service (including products), provide personalized service, convey information, and figure out the actual condition on the use of the membership service.
C. Period for holding and use of personal information
1. Period for holding of information
The Company shall, without delay, destroy the information concerned after the achievement of the purpose for collection and use of personal information, provided that the following information shall be held for the specified period due to the reasons below:
| Items preserved | Whether or not to receive SMS, log record, cookies, information on connected IP, personalized information |
| Ground for preservation | Prevention of access by the unauthorized member |
| Period preserved | One (1) year |
2. Statutory holding period
In connection with the information to be held pursuant to the relevant laws for the period other than described above, the Company shall preserve such information of the users for the period as stipulated by the relevant laws. In this case, the Company shall only use such information for the purpose of preservation, for the following period:
2.1 Records on the contract or the withdrawal of subscription, etc.: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
2.2 Records on price payment and provision of goods, etc.: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
2.3 Records on dealing with complaints or disputes of consumers: 3 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
2.4 Records on data for checking a communication fact: 12 months (Protection of Communications Secrets Act and Telecommunications Business Act)
2.5 Records on the identification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.)
2.6 Records on computer communications browsing: 3 months (Protection of Communications Secrets Act)
2.7 Records on marks and advertisements: 6 months (Act on the Consumer Protection in Electronic Commerce, Etc.)
D. Procedures and methods for destruction of personal information
The Company shall, without delay, destroy the information concerned after the achievement of the purpose for the collection and use of personal information. The procedures and methods for destruction are as follows:
1. Destruction procedures
The personal information that the users entered to sign up for membership, etc. shall be moved to a separate database (if the personal information is in a paper form, to a separate file cabinet) after the achievement of the purpose concerned. It shall be preserved for a certain period due to the reason of preservation pursuant to the internal policy and other relevant laws, and then destroyed. Personal information, as moved to a separate database, shall not be used for any purpose other than prescribed by the laws.
2. Destruction methods
Personal information stored in electronic file format shall be deleted by technical means that would render the records unrecyclable. The personal information as listed and written or printed out on paper, such as the Terms and Conditions for Use of the Service, etc., shall be destroyed by shredding using a document shredder or by incinerating it.
E. Sharing and provision of personal information
The Company shall not provide the personal information of the users to a third party. However, in the following cases, the Company may exceptionally share such information with a third party only by obtaining the consent of the user in the course of providing the Service or in accordance with the relevant laws, provided that the information concerned shall be used to the extent as described in “B. Purpose for collection and use of personal information” with due care and protection of the Company.
In the cases where the users gave prior consent to sharing with a third party, where as provided for in the relevant laws, or where the investigation agency requests for an investigative purpose in accordance with such procedures and methods as prescribed by the laws.
F. Entrustment of handling of the collected personal information
For the purpose of performing the Service, the Company has entrusted the following affairs to the third-party specialized companies:
| Truster | Entrusted affairs | Period for holding and use of personal information |
| Alpha Omega Navi Co. Ltd. | Receive and deal with after-service (parcel service, sending of SMS) | Until the withdrawal of membership or the termination of the entrustment agreement (If the statutory holding period is prescribed, such period shall apply.) |
| Metanet MCC Inc, Woori Mobile | Customer Service | |
| Inavi’s authorized dealer | Upgrade agency service (including part of after-service) | |
| Inavi’s designated service center | ||
| Upgrade agent | ||
| M4 Co. Ltd., Danal Co. Ltd., Daou Co. Ltd. | Operate the SMS transmission system | |
| Andwise Inc. | Operate the EDM transmission system | |
| KG Inicis NHN Entertainment Corp. | Payment settlement and payment system (PG) | |
| NICE Information Service | Mobile phone identification | |
| Post Office, Hyundai Logistics Co., Ltd. | Send products and parcel service |
G. Rights of the user and his/her legal representative and methods of exercising such rights
The user may, at any time, inquire about or modify his/her registered personal information and request the termination of his/her membership, by using the membership service at the Company’s home page.
1. Inquiry and modification
The user may log in to his/her account and inquire about or modify his/her personal information through the personal information confirmation section of the membership service at the Company’s home page. In the event that the user forgets his/her member account, he/she may ask for it via e-mail or by using the name and date of birth, etc. as given for the ID. When the user forgets own password, he/she may, if applied for membership through the general method, ask for, confirm, or modify his/her password via e-mail certification or the previously entered information certification procedures. In case he/she applied for membership using an SNS account, may ask for, confirm, or modify in accordance with the SNS service policy concerned. The user may, at any time, request the Company to suspend the handling of his/her personal information.
2. Termination of membership
The user may terminate membership by selecting “withdraw from the membership” at the upper side of the personal information confirmation section of the membership service at the Company’s home page. Specifically, the user may log in to his/her account, select “withdraw from membership,” select the items concerned, fill out the questionnaire in accordance with the guidance found on the home page, and then click “complete.” Such termination of one’s membership or use may be requested at any time. However, it does not mean that all services of the Company will become un available to the user concerned due to such withdrawal. To be precise, the user would only lose the privilege to use the part of the services that requires logging in. If the user applied for membership using an SNS account, he/she would only lose and withdraw from membership to the Company. He/she will not lose or withdraw his/her eligibility for being a member of the service based on his/her SNS account.
3. Provision of the information notice
The Company shall endeavor to use the personal information of the users in accordance with the Terms and Conditions. Also, the Company shall endeavor to prevent such information from being disclosed or delivered to a third party without the consent of the user, or from being lost, stolen, or leaked. Notwithstanding such endeavors, if the personal information of the users is leaked, the Company shall publicly announce such fact on their home page for thirty (30) days and shall, without delay, notify the users of the following matters via e-mail, letter, facsimile, telephone, or one of such similar means.
Items included in the personal information leaked, etc.
Time of occurrence of the leak, etc.
Measures to be taken by the user
Response actions to be taken by the Company
Department and contact person to which the user can apply for consultation, etc.
4. Information on the protection of a child’s information
According to the current law, a child under 14 years of age (hereinafter referred to as “the Child”) shall, before sending his/her personal information online to other people, fully read and understand the purpose for collection and use of personal information and obtain the consent of their parents, etc. (hereinafter referred to as “legal representative”).
In this regard, the Company shall explain the above requirement in the Terms and Conditions for Use, etc., so that the Child and his/her legal representative would not suffer any disadvantages due to the personal information provided by the Child, and shall ascertain whether or not to obtain the consent of the legal representative upon the Child’s membership. The Company shall send the legal representative an e-mail or SMS to obtain his/her consent. In this case, such legal representative shall declare the consent by replying to such e-mail or SMS.
The Company may request the minimum information?such as name, e-mail address and telephone number of the legal representative?as necessary for obtaining the consent of the legal representative, including his/her intention on whether or not to consent to the provision of the personal information of the Child. Likewise, the Company shall neither use the personal information of the legal representative so collected for any purposes other than confirming the consent of such legal representative, nor provide it to the third party.
5. Exercise of the rights of the legal representative
The legal representative may, at any time, inquire or modify his/her registered personal information or of the Child, or request the termination of membership. In connection with such, the legal representative may inspect, correct, or terminate the membership after going through the identification procedures by clicking on “change the personal information (or modify the member’s information etc.)” to inquire or modify the personal information of the Child or by clicking on “withdraw from the membership” to terminate the membership (withdraw the consent). Otherwise, he/she may contact the person responsible for managing the personal information in writing, by telephone, or via e-mail to receive prompt measures. Upon request for correction by the user and his/her legal representative of any errors in each individual’s personal information, the Company shall not use or provide such information until the completion of such correction. In the event that wrong personal information has already been provided to the third party in accordance with the Privacy Policy, the Company shall make appropriate corrections by notifying, without delay, the third party of the results of the correction thereof.
The Company shall deal with the personal information as terminated or deleted, upon request by the user, in accordance with “D. Period for holding and use of personal information.” Moreover, the Company shall not have such information be inspected or utilized for any purposes other than those described therein.
H. Information on installation and operation of the device for automatic collection of personal information and on refusal thereof
For the purpose of providing a personalized service tailored to the users, the Company shall operate cookies to store and find the information of the users.
Cookies are very small text files sent by the server, which are used for the operation of a website (HTTP) on a user’s computer browser. These can be stored in the hard disk of the user’s computer.
1. Purpose for the use of cookies
The Company shall utilize the users’ information collected through cookies as a measure to understand the areas of individual interest, analyze the frequency of connection or hours of visit by members or nonmembers, know the degree of participation in various events, use for target marketing purposes, understand the records on the use of personalized service and charged service, reorganize the Service and provide new service, etc.
2. Installation and operation of cookies
The user shall have the right to select whether or not to install cookies. Specifically, the user may allow all cookies, confirm whenever cookies are stored, or refuse all cookies through the option settings in a web browser. However, in the event of selecting to refuse the storage of cookies, the user may experience difficulties in using part of such services of the Company or Inavi such as those that require logging in.
3. Method of cookie settings
Example (in the case of Internet Explorer): “Tools” menu along the upper side of the web browser > “Internet Option” > “Personal Information”
I. Protective measures for personal information in technology and management
In connection with the handling of personal information of the users, the Company shall devise technical and managerial measures to secure stability and to prevent the personal information from being lost, stolen, leaked, falsified, or damaged. Specifically, the Company shall take encryption measures and install a firewall to provide technical protection for the ID and password of the user. Moreover, the company shall exert its best efforts to prevent the personal information of the user from being leaked or damaged due to hacking or virus, etc. The Company shall provide education to persons in charge of managing the personal information twice a year, within or outside of the Company, as a managerial measure to protect the personal information of the users. Also, it and shall strengthen the Company’s compliance with the laws relevant to personal information and internal guidance. For the purpose of managing the personal information of the users and of providing a prompt consultation, the Company shall establish a customer consultation service in accordance with “J. Person responsible for managing the personal information and civil petition service.”
J. Person responsible for managing the personal information and civil petition service
For the purpose of protecting the personal information of the users and dealing with complaints related to personal information, the Company shall designate a person responsible for managing the personal information and the civil petitions in order to operate such service. The users may apply for complaints related to personal information, which may arise from using the Service of the Company, to the person responsible for managing personal information or the department in charge. In this case, the Company shall exert its best efforts to respond promptly to such civil petitions.
| Person responsible for managing personal information | Person in charge of managing personal information |
| Name: Hye Kyung Kim Tel.: 1577-4242 E-mail: privacy@thinkware.co.kr Dept.: Customer Service Division Position: Chief of Division | Name: O-seok, Kwon Tel.: 1577-4242 E-mail: privacy@thinkware.co.kr Dept.: Customer Quality Management Division Position: Chief of Division |
If reporting or consultation on infringement of personal information is needed, you can separately refer it to the following personal information protection agencies:
- Personal Information Dispute Mediation Committee
- ePrivacy Mark Certification Committee
- Internet Crime Investigation Center of the Supreme Prosecutor’s Office
- Cyber Terror Response Center of the National Police Agency
K. Information on Inavi’s customer center and duty of notification
1. Customer center
In addition to its person responsible for managing personal information, the Company has been operating the customer consultation center, which is entrusted with handling various civil petitions and complaints from the users. Accordingly, the users may, at any time, make inquiries by calling the current main number of “Thinkware Customer Consultation Center” at “1577-4242.”
2. Duty of notification
Upon correction, deletion of, or amendment to the current privacy policy, the Company shall publicly announce the details at the membership bulletin board on the Company’s home page, at least seven (7) days before the amendment.
Date of public announcement: April 10, 2017
Date of enforcement: April 17, 2017
