Privacy Policy
■ General Provisions
in mind’s Service (hereinafter referred to as 'Service') of Demand Co., Ltd. (hereinafter referred to as 'Company') values the protection of its members' personal information and strives to protect it.
The Company complies with all personal information protection-related laws and regulations and notices, directives, and guidelines established by national institutions, including the Personal Information Protection Act, the Protection of Communications Secrets Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. (hereinafter referred to as the ‘Information Network Act’).
This privacy policy covers what information the Company collects, how it uses the collected information, with whom it is shared ('consigned or provided') as necessary, and when and how the information is destroyed after the purpose of use is achieved. And it transparently provides such details related to 'personal information’.
■ Consent to collection and use of personal information
The Company collects the minimum personal information necessary for establishing and executing the use contract of Service in a legal and fair manner. When members log in for the first time, the details of consent to collection and use of personal information are provided to collect personal information that can identify each user. When a member clicks the ‘Next’ button after checking checkboxes to agree to the terms of each subparagraph on the screen of the Service’s Terms and Conditions, they are deemed to have agreed to the collection and use of personal information.
■ Items and methods of personal information collection
The Company collects and processes the following personal information in order to fulfill the contract, such as member registration and management, payment of the Paid Service, and customer consultation.
A. Items of personal information collection
(1) Member registration
Corporate member
Created and distributed ID, encrypted password, nickname, date of birth, and gender
Individual member
Members who have signed up via social media login
Sign up with social login
Social media ID (or an email address type ID) in their real names, nickname, profile photo, social login generation number, nickname, date of birth, and gender
Members who have signed up via emails
Sign up via email
Email address used when signing up, encrypted password, nickname, date of birth, and gender
(2) Automatically generated information
The following information may be generated and collected in the process of using the Service;
App push permission, a model name of mobile phones and smart OS-equipped devices, OS information, device token, Google Advertising Identifier (ADID), Apple Advertising Identifier (IDFA), IP address, cookies, visit date and time, faulty use record, service use record, user device identification number (device ID or IMEI), login type information, and/or Firebase cloud messaging service Token (individual unique information for sending notifications)
(3) Activity generation of bio information
The Company additionally collects bio information (e.g., pulse wave, the activities of autonomic nerves, the ratio of parasympathetic/sympathetic nerves, heart rate variability, the activities of parasympathetic/sympathetic nerves, the subjective physical stress state, and the subjective sleep quality) in order for members to use various functions specialized in in mind’s Service.
(4) When members pay the Paid Service
If it is inevitably necessary for payment, etc., credit card information, direct deposit information, telecommunication company information, and other payment-related information may be collected.
(5) When members inquire about events, promotions, gift sending, or use of the Service
Additional information may be collected after the Company separately explains the purpose of use and storage period of the collected personal information and then obtains members’ consent.
If a member makes an inquiry to in mind’s Service or files a report on infringement of rights, the Company shall collect the member’s email and (mobile) phone number for submission and resolution of inquiries. And it may request a copy of the member’s ID masked to verify his/her identity depending on the type of inquiry
B. How to collect personal information
When the Company collects personal information, it must inform users of the purpose of collection and use, collection items, retention and use period, etc. in advance and ask for consent. And it collects personal information through the following methods;
(1) When a user agrees to and understands the collection and use of personal information and directly enters information during the process of member registration and use of the Service
(2) When affiliates, partners, etc. provide information
(3) When information is automatically generated and collected in the process of using mobile applications, websites, etc.
(4) When information is collected through a user's voluntary consent and provision in the process of using other Services
■ Matters in regard to installing, operating, and using the device of automatic personal information collection
The Company automatically collects a user's device identification number (device ID or IMEI) when the user runs in mind’s program to generate account information. If the user refuses to automatically collect the device identification number, he/she cannot use in mind.
■ Purpose of collecting and using personal information
The Company uses the collected personal information for the following purposes;
A. Provision of in mind’s basic functions
The Company monitors the pulse flow via mobile phones and uses this information to determine the activity and balance of each nervous system. Since the information falls under the Personal Information Protection Act, it is collected and used under strict security system management.
B. Membership management
Personal information is used for various member management, such as identity verification according to use of the membership Service and limited identification system, personal identification, prevention of illegal use and unauthorized use of faulty members (members who have been permanently suspended due to violation of in mind’s terms of use, etc.), confirmation of applicants’ intent to join, limitation to registration and the number of registration, age confirmation, confirmation of a legal representative’s consent when the Company collects personal information of children under 14 years of age, identification of a legal representative later on, preservation of records for dispute settlement, complaint handling, and notice delivery.
C. Development of new services and use of marketing/advertising
Personal information is used for development and specialization of new services, provision of customized services, improvement of functions, provision of services and advertisements according to statistical characteristics, verification of service validity, provision of opportunities for event participation, provision of advertisement information, identification of the access frequency, statistics on a member’s use of the Service, etc.
D. Service provision and payment management under the use right contract of the Paid Service
Implementation of contract for providing the Service, payment settlement and content provision according to provide the Paid Service, billing, and/or purchase and payment for the use of the Paid Service
■ Sharing and provision of personal information
The Company uses users' personal information within the scope which has been notified in the "Purpose of collection and use of personal information.” In principle, it does not disclose users' personal information to outside or use them beyond such scope without a user's prior consent. However, personal information may be shared and provided with careful caution in the following cases;
A. When users consent to disclosure in advance for the use of affiliate services, etc.
Personal information may be shared and provided to third parties if members have consented in advance to provide personal information for the Service to be used by affiliated third parties with the Company; however, the Company shall inform its members of the following matters; (1) a recipient provided with their personal information, (2) the purpose of using personal information, (3) the items of personal information to be provided, (4) the period of retention and use of personal information, and/or (5) the fact that they have the right to refuse consent and the disadvantages caused by refusing consent, prior to sharing and providing information. And the Company shall explicitly and individually obtain consent from members for this. The details of the provided personal information may be changed while the Company provides the Service. And if there is any change in the personal information required to use the affiliated service, additional consent shall be obtained when the members use the Service. In all these processes, the Company shall not collect additional information against its member's will or share information beyond the scope of consent with a third party.
In addition, if it is necessary for the Company to provide your personal information to a third party, such as another company, in order to provide you better services, the Company will go through the process of obtaining your consent by notifying you of the following matters; who the affiliate is in advance, what personal information items must be provided or shared, the purpose of use of the provided or shared personal information, how long it is shared and how it is protected and managed. We will not provide or share information with third parties to which you do not consent. However, prior notice cannot be reached due to time constraints, provision and sharing of personal information may be made simultaneously with the notice. We will do our best not to provide your personal information indiscriminately against the original purpose of collection and use set forth in the privacy policy.
B. Provision of information to provide emotional support service to members using a corporate pass
A member who has purchased a corporate pass may designate a member's consulting agency or entrusted counseling agency to help those in charge of his/her work use the Service and requests the Company to directly send the related personal information. In this case, the Company shall provide the member's information to the designated companies in response.
A person to whom personal information is provided: counseling agencies (e.g., an in-house counseling center, etc.), Dain Co., Ltd.’s partner consulting agency that has a consulting partnership with the Company
Use purpose of a person who receives personal information: to provide emotional support counseling for those in charge of members’ work
Items of personal information to be provided: user usage information, physical stress information, the history of messages, and permission to send messages
Period of retention and use of personal information by the person receiving personal information: Attached below
You may refuse consent; however, some of Demand’s healthcare app services will not be provided if consent is rejected.
C. When there is a request from the relevant authorities for investigation, trial, or administrative purposes
Personal information may be provided in accordance with the provisions of other laws of the Republic of Korea, such as Act on Real Name Financial Transactions and Security, Act on Use and Protection of Credit Information, Telecommunication Framework Act, Telecommunications Business Act, Local Tax Act, Consumer Protection Act, Bank of Korea Act, and Criminal Procedure Act, etc., or only when the investigation agency requests under the procedures and methods stipulated in laws and regulations.
D. In case of succession of rights and obligations due to business transfer or division/merger of the Company
If the Company transfers all or part of its business or transfers and succeeds in the rights and obligations of the service providers through merger/inheritance, etc., it must notify its members of such matters in order to guarantee their rights related to personal information protection under Article 27 of the Personal Information Protection Act.
■ Rights of users and their legal representatives and how to exercise the rights
Members and their legal representatives may inquire about or modify the registered personal information of themselves or their children under the age of 14 at any time. If they do not agree to the Company's processing of personal information, they may refuse consent or request termination of membership (withdrawal of membership). However, it may be difficult for them to use some or all of the Service in such a case. They may inquire about or edit personal information of users or children under the age of 14 in in mind’s App menu>My Page>.
If you wish to cancel membership or withdraw consent, please get in touch with the person in charge of personal information management in writing, by phone (+82 031 698 2940) or by email (help@demand.co.kr). We will provide measures without delay.
If you request the correction of errors in personal information, the personal information will not be used or provided until the correction is completed. If incorrect personal information has already been provided to a third party, we will notify the third party of the result of the correction without delay so that the third party may correct the incorrect personal information. However, there may be some exceptional cases where the viewing and correction of personal information may be restricted as follows;
- if there is a risk of significantly harming the life, body, property, or rights and interests of the person concerned or a third party,
- if there is a risk of significantly affecting the business of the service provider,
- and/or if laws and regulations are violated
The Company handles personal information that has been canceled or deleted at the request of a member or legal representatives as specified in the “Period of Retention and Use of Personal Information.” Such information is not allowed to be viewed or used for any other purpose.
When the Company learns that a member has signed up for membership by stealing another person's personal information, the Company will immediately take necessary measures, such as suspension of service use for the ID or withdrawal of membership. In addition, if a user who is aware of the theft of his/her personal information requests to suspend the use of the Service for the ID or to withdraw from membership, the Company will take measures immediately.
■ Period of retention and use of personal information
In principle, users' personal information is destroyed without delay when the purpose of collection and use of personal information is achieved. If a member withdraws from membership or is informed of a disposition for deletion of member ID due to false personal information, the collected personal information will be completely deleted and processed so that it cannot be used for any purpose. However, personal information is temporarily stored for a grace period of seven days after the application for withdrawal because the theft may cause an unwanted withdrawal. After seven days, the personal information will be completely deleted from the Company's member information database (DB).
If a dispute arises due to identity theft, the copy of the ID submitted for identification will be destroyed immediately after identification. The legal representative’s information of children and adolescents under the age of 19 will be destroyed together when the children and adolescents reach the age of majority or when the personal information is destroyed due to the child or adolescent's membership withdrawal.
The user's personal information is destroyed without delay when the purpose of collection and use of personal information is achieved; however, it can be kept for the specified period in each of the following cases without being used for any other purpose.
If it is necessary to preserve personal information under the provisions of relevant laws, such as the Commercial Act, the Consumer Protection Act in Electronic Commerce, etc., the Company shall keep the personal information for a certain period of time as stipulated by the relevant statute. If the retention period is changed due to the revision of related laws, the retention period set by the Company is also subject to the provisions of the revised laws. In this case, the Company shall use the stored information only for the purpose of storage, and the retention period is the same as above.
■ Procedure and method of destroying personal information
In principle, a user’s personal information is destroyed without delay when the purpose of collection and use of personal information is achieved. Procedures and methods of destroying personal information set by the Company are as follows;
A. Subject to destruction
- Information on membership registration
B. Destruction procedure
After the purpose of collecting and using personal information is achieved, the personal information is moved to a separate database (DB) (if it is paper, it will be moved to a separate filing cabinet). It is stored for a certain period and then destroyed under internal policy and other related statutes. This personal information will not be used for any purposes other than being retained unless it is required by law.
C. Destruction method
If personal information is printed on paper, it shall be shredded with a shredder or destroyed through incineration when destroyed. And if personal information is stored in electronic file format, it shall be deleted using a technical method that disables the records to be restored or reproduced.
■ Members’ rights and responsibilities
Members must prevent unexpected accidents by entering their personal information to be accurate and up-to-date. Users are responsible for any incidents due to inaccurate information entered by them. And their use of the account may be restricted if false information is entered, such as stealing another person's information.
Members who use in mind are obligated to protect themselves and not to infringe on the information of others as well as the right of personal information protection. Members must be careful not to leak personal information, including ID and passwords, and damage other people's personal information. If they fail to fulfill this responsibility and damage the information and dignity of others, they may be punished under the 「Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.」.
■ Measure of technical/administrative protection of personal information
While handling users' personal information, the Company shall take the following technical/administrative measures to ensure users’ safety so that personal information will not be lost, stolen, leaked, altered, or damaged.
A. Personal information encryption
The member’s passwords are encrypted when they are stored and managed. Only the member knows the passwords. And personal information can be confirmed and changed only by him/herself.
B. Countermeasures against hacking
The Company strives to prevent personal information from being leaked or damaged by hacking or computer viruses. We frequently back up our data in preparation for damage to personal information and use the latest vaccine program to prevent leakage or damage to users' personal information or data. Encrypted communication allows personal information to be safely transmitted over the network. In addition, the firewall system controls unauthorized access from the outside, and we do our best to equip all possible technical devices to secure other systemic security.
C. Company’s staffing for personal information protection
The Company prepares procedures required for access and management of members' personal information and allows its employees to be well-versed and comply with them.
The Company limits the number of personnel who handles members' personal information to a minimum. Persons who can handle the member's personal information are as follows;
- a person who engages in marketing by targeting members directly or indirectly,
- a person who carries out personal information protection tasks and protection duties,
- a person who needs to handle personal information inevitably for other business purposes
We check the implementation of in mind’s privacy policy and the compliance of the person in charge; if any problems are found, we work hard to correct them immediately. However, the Company does not take responsibility for any personal information leakage caused by a member's mistake or the intrinsic risk of the Internet. Members must properly manage their IDs and passwords in order to protect their personal information and take responsibility for it.
■ Supervisor and person in charge of personal information
The Company puts great emphasis on protecting members' personal information and is doing its best not to damage, infringe, or leak members’ personal information. Please report to the Company's department by phone or e-mail if you have personal information protection-related complaints while using the Service. The Company will do its best to provide prompt and sufficient responses to users' reports.
Name and position (or department name): Kim Jae-hoon, the Management Support Department
Tel: +82 031 698 2940
Email: help@demand.co.kr
■ Counseling and reporting related to personal information infringement
Please get in touch with the following organizations if you need to report or consult on other personal information infringement.
- Personal Information Infringement Report Center (www.118.or.kr / +82 118 without area code)
- Authentication Committee of the Information Protection Mark (www.eprivacy.or.kr / +82 02 580 0533~4)
- Cyber Criminal Investigation Division under the Supreme Prosecutors' Office (http://www.spo.go.kr / +82 02 3480 2000)
- National Police Agency’s Cyber Terror Response Center (www.ctrc.go.kr / +82 02 392 0330)
Announcement date:
Effective date:
This document is the privacy policy for in mind’s service (hereinafter referred to as ‘in mind’ or ‘Service’) provided by Demand Co., Ltd.
in mind’s Service (hereinafter referred to as 'Service') of Demand Co., Ltd. (hereinafter referred to as 'Company') values the protection of its members' personal information and strives to protect it.
The Company complies with all personal information protection-related laws and regulations and notices, directives, and guidelines established by national institutions, including the Personal Information Protection Act, the Protection of Communications Secrets Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. (hereinafter referred to as the ‘Information Network Act’).
This privacy policy covers what information the Company collects, how it uses the collected information, with whom it is shared ('consigned or provided') as necessary, and when and how the information is destroyed after the purpose of use is achieved. And it transparently provides such details related to 'personal information’.
■ Consent to collection and use of personal information
The Company collects the minimum personal information necessary for establishing and executing the use contract of Service in a legal and fair manner. When members log in for the first time, the details of consent to collection and use of personal information are provided to collect personal information that can identify each user. When a member clicks the ‘Next’ button after checking checkboxes to agree to the terms of each subparagraph on the screen of the Service’s Terms and Conditions, they are deemed to have agreed to the collection and use of personal information.
■ Items and methods of personal information collection
The Company collects and processes the following personal information in order to fulfill the contract, such as member registration and management, payment of the Paid Service, and customer consultation.
A. Items of personal information collection
(1) Member registration
Corporate member
Created and distributed ID, encrypted password, nickname, date of birth, and gender
Individual member
Members who have signed up via social media login
Sign up with social login
Social media ID (or an email address type ID) in their real names, nickname, profile photo, social login generation number, nickname, date of birth, and gender
Members who have signed up via emails
Sign up via email
Email address used when signing up, encrypted password, nickname, date of birth, and gender
(2) Automatically generated information
The following information may be generated and collected in the process of using the Service;
App push permission, a model name of mobile phones and smart OS-equipped devices, OS information, device token, Google Advertising Identifier (ADID), Apple Advertising Identifier (IDFA), IP address, cookies, visit date and time, faulty use record, service use record, user device identification number (device ID or IMEI), login type information, and/or Firebase cloud messaging service Token (individual unique information for sending notifications)
(3) Activity generation of bio information
The Company additionally collects bio information (e.g., pulse wave, the activities of autonomic nerves, the ratio of parasympathetic/sympathetic nerves, heart rate variability, the activities of parasympathetic/sympathetic nerves, the subjective physical stress state, and the subjective sleep quality) in order for members to use various functions specialized in in mind’s Service.
(4) When members pay the Paid Service
If it is inevitably necessary for payment, etc., credit card information, direct deposit information, telecommunication company information, and other payment-related information may be collected.
(5) When members inquire about events, promotions, gift sending, or use of the Service
Additional information may be collected after the Company separately explains the purpose of use and storage period of the collected personal information and then obtains members’ consent.
If a member makes an inquiry to in mind’s Service or files a report on infringement of rights, the Company shall collect the member’s email and (mobile) phone number for submission and resolution of inquiries. And it may request a copy of the member’s ID masked to verify his/her identity depending on the type of inquiry
B. How to collect personal information
When the Company collects personal information, it must inform users of the purpose of collection and use, collection items, retention and use period, etc. in advance and ask for consent. And it collects personal information through the following methods;
(1) When a user agrees to and understands the collection and use of personal information and directly enters information during the process of member registration and use of the Service
(2) When affiliates, partners, etc. provide information
(3) When information is automatically generated and collected in the process of using mobile applications, websites, etc.
(4) When information is collected through a user's voluntary consent and provision in the process of using other Services
■ Matters in regard to installing, operating, and using the device of automatic personal information collection
The Company automatically collects a user's device identification number (device ID or IMEI) when the user runs in mind’s program to generate account information. If the user refuses to automatically collect the device identification number, he/she cannot use in mind.
■ Purpose of collecting and using personal information
The Company uses the collected personal information for the following purposes;
A. Provision of in mind’s basic functions
The Company monitors the pulse flow via mobile phones and uses this information to determine the activity and balance of each nervous system. Since the information falls under the Personal Information Protection Act, it is collected and used under strict security system management.
B. Membership management
Personal information is used for various member management, such as identity verification according to use of the membership Service and limited identification system, personal identification, prevention of illegal use and unauthorized use of faulty members (members who have been permanently suspended due to violation of in mind’s terms of use, etc.), confirmation of applicants’ intent to join, limitation to registration and the number of registration, age confirmation, confirmation of a legal representative’s consent when the Company collects personal information of children under 14 years of age, identification of a legal representative later on, preservation of records for dispute settlement, complaint handling, and notice delivery.
C. Development of new services and use of marketing/advertising
Personal information is used for development and specialization of new services, provision of customized services, improvement of functions, provision of services and advertisements according to statistical characteristics, verification of service validity, provision of opportunities for event participation, provision of advertisement information, identification of the access frequency, statistics on a member’s use of the Service, etc.
D. Service provision and payment management under the use right contract of the Paid Service
Implementation of contract for providing the Service, payment settlement and content provision according to provide the Paid Service, billing, and/or purchase and payment for the use of the Paid Service
■ Sharing and provision of personal information
The Company uses users' personal information within the scope which has been notified in the "Purpose of collection and use of personal information.” In principle, it does not disclose users' personal information to outside or use them beyond such scope without a user's prior consent. However, personal information may be shared and provided with careful caution in the following cases;
A. When users consent to disclosure in advance for the use of affiliate services, etc.
Personal information may be shared and provided to third parties if members have consented in advance to provide personal information for the Service to be used by affiliated third parties with the Company; however, the Company shall inform its members of the following matters; (1) a recipient provided with their personal information, (2) the purpose of using personal information, (3) the items of personal information to be provided, (4) the period of retention and use of personal information, and/or (5) the fact that they have the right to refuse consent and the disadvantages caused by refusing consent, prior to sharing and providing information. And the Company shall explicitly and individually obtain consent from members for this. The details of the provided personal information may be changed while the Company provides the Service. And if there is any change in the personal information required to use the affiliated service, additional consent shall be obtained when the members use the Service. In all these processes, the Company shall not collect additional information against its member's will or share information beyond the scope of consent with a third party.
In addition, if it is necessary for the Company to provide your personal information to a third party, such as another company, in order to provide you better services, the Company will go through the process of obtaining your consent by notifying you of the following matters; who the affiliate is in advance, what personal information items must be provided or shared, the purpose of use of the provided or shared personal information, how long it is shared and how it is protected and managed. We will not provide or share information with third parties to which you do not consent. However, prior notice cannot be reached due to time constraints, provision and sharing of personal information may be made simultaneously with the notice. We will do our best not to provide your personal information indiscriminately against the original purpose of collection and use set forth in the privacy policy.
B. Provision of information to provide emotional support service to members using a corporate pass
A member who has purchased a corporate pass may designate a member's consulting agency or entrusted counseling agency to help those in charge of his/her work use the Service and requests the Company to directly send the related personal information. In this case, the Company shall provide the member's information to the designated companies in response.
A person to whom personal information is provided: counseling agencies (e.g., an in-house counseling center, etc.), Dain Co., Ltd.’s partner consulting agency that has a consulting partnership with the Company
Use purpose of a person who receives personal information: to provide emotional support counseling for those in charge of members’ work
Items of personal information to be provided: user usage information, physical stress information, the history of messages, and permission to send messages
Period of retention and use of personal information by the person receiving personal information: Attached below
You may refuse consent; however, some of Demand’s healthcare app services will not be provided if consent is rejected.
C. When there is a request from the relevant authorities for investigation, trial, or administrative purposes
Personal information may be provided in accordance with the provisions of other laws of the Republic of Korea, such as Act on Real Name Financial Transactions and Security, Act on Use and Protection of Credit Information, Telecommunication Framework Act, Telecommunications Business Act, Local Tax Act, Consumer Protection Act, Bank of Korea Act, and Criminal Procedure Act, etc., or only when the investigation agency requests under the procedures and methods stipulated in laws and regulations.
D. In case of succession of rights and obligations due to business transfer or division/merger of the Company
If the Company transfers all or part of its business or transfers and succeeds in the rights and obligations of the service providers through merger/inheritance, etc., it must notify its members of such matters in order to guarantee their rights related to personal information protection under Article 27 of the Personal Information Protection Act.
■ Rights of users and their legal representatives and how to exercise the rights
Members and their legal representatives may inquire about or modify the registered personal information of themselves or their children under the age of 14 at any time. If they do not agree to the Company's processing of personal information, they may refuse consent or request termination of membership (withdrawal of membership). However, it may be difficult for them to use some or all of the Service in such a case. They may inquire about or edit personal information of users or children under the age of 14 in in mind’s App menu>My Page>.
If you wish to cancel membership or withdraw consent, please get in touch with the person in charge of personal information management in writing, by phone (+82 031 698 2940) or by email (help@demand.co.kr). We will provide measures without delay.
If you request the correction of errors in personal information, the personal information will not be used or provided until the correction is completed. If incorrect personal information has already been provided to a third party, we will notify the third party of the result of the correction without delay so that the third party may correct the incorrect personal information. However, there may be some exceptional cases where the viewing and correction of personal information may be restricted as follows;
- if there is a risk of significantly harming the life, body, property, or rights and interests of the person concerned or a third party,
- if there is a risk of significantly affecting the business of the service provider,
- and/or if laws and regulations are violated
The Company handles personal information that has been canceled or deleted at the request of a member or legal representatives as specified in the “Period of Retention and Use of Personal Information.” Such information is not allowed to be viewed or used for any other purpose.
When the Company learns that a member has signed up for membership by stealing another person's personal information, the Company will immediately take necessary measures, such as suspension of service use for the ID or withdrawal of membership. In addition, if a user who is aware of the theft of his/her personal information requests to suspend the use of the Service for the ID or to withdraw from membership, the Company will take measures immediately.
■ Period of retention and use of personal information
In principle, users' personal information is destroyed without delay when the purpose of collection and use of personal information is achieved. If a member withdraws from membership or is informed of a disposition for deletion of member ID due to false personal information, the collected personal information will be completely deleted and processed so that it cannot be used for any purpose. However, personal information is temporarily stored for a grace period of seven days after the application for withdrawal because the theft may cause an unwanted withdrawal. After seven days, the personal information will be completely deleted from the Company's member information database (DB).
If a dispute arises due to identity theft, the copy of the ID submitted for identification will be destroyed immediately after identification. The legal representative’s information of children and adolescents under the age of 19 will be destroyed together when the children and adolescents reach the age of majority or when the personal information is destroyed due to the child or adolescent's membership withdrawal.
The user's personal information is destroyed without delay when the purpose of collection and use of personal information is achieved; however, it can be kept for the specified period in each of the following cases without being used for any other purpose.
If it is necessary to preserve personal information under the provisions of relevant laws, such as the Commercial Act, the Consumer Protection Act in Electronic Commerce, etc., the Company shall keep the personal information for a certain period of time as stipulated by the relevant statute. If the retention period is changed due to the revision of related laws, the retention period set by the Company is also subject to the provisions of the revised laws. In this case, the Company shall use the stored information only for the purpose of storage, and the retention period is the same as above.
■ Procedure and method of destroying personal information
In principle, a user’s personal information is destroyed without delay when the purpose of collection and use of personal information is achieved. Procedures and methods of destroying personal information set by the Company are as follows;
A. Subject to destruction
- Information on membership registration
B. Destruction procedure
After the purpose of collecting and using personal information is achieved, the personal information is moved to a separate database (DB) (if it is paper, it will be moved to a separate filing cabinet). It is stored for a certain period and then destroyed under internal policy and other related statutes. This personal information will not be used for any purposes other than being retained unless it is required by law.
C. Destruction method
If personal information is printed on paper, it shall be shredded with a shredder or destroyed through incineration when destroyed. And if personal information is stored in electronic file format, it shall be deleted using a technical method that disables the records to be restored or reproduced.
■ Members’ rights and responsibilities
Members must prevent unexpected accidents by entering their personal information to be accurate and up-to-date. Users are responsible for any incidents due to inaccurate information entered by them. And their use of the account may be restricted if false information is entered, such as stealing another person's information.
Members who use in mind are obligated to protect themselves and not to infringe on the information of others as well as the right of personal information protection. Members must be careful not to leak personal information, including ID and passwords, and damage other people's personal information. If they fail to fulfill this responsibility and damage the information and dignity of others, they may be punished under the 「Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.」.
■ Measure of technical/administrative protection of personal information
While handling users' personal information, the Company shall take the following technical/administrative measures to ensure users’ safety so that personal information will not be lost, stolen, leaked, altered, or damaged.
A. Personal information encryption
The member’s passwords are encrypted when they are stored and managed. Only the member knows the passwords. And personal information can be confirmed and changed only by him/herself.
B. Countermeasures against hacking
The Company strives to prevent personal information from being leaked or damaged by hacking or computer viruses. We frequently back up our data in preparation for damage to personal information and use the latest vaccine program to prevent leakage or damage to users' personal information or data. Encrypted communication allows personal information to be safely transmitted over the network. In addition, the firewall system controls unauthorized access from the outside, and we do our best to equip all possible technical devices to secure other systemic security.
C. Company’s staffing for personal information protection
The Company prepares procedures required for access and management of members' personal information and allows its employees to be well-versed and comply with them.
The Company limits the number of personnel who handles members' personal information to a minimum. Persons who can handle the member's personal information are as follows;
- a person who engages in marketing by targeting members directly or indirectly,
- a person who carries out personal information protection tasks and protection duties,
- a person who needs to handle personal information inevitably for other business purposes
We check the implementation of in mind’s privacy policy and the compliance of the person in charge; if any problems are found, we work hard to correct them immediately. However, the Company does not take responsibility for any personal information leakage caused by a member's mistake or the intrinsic risk of the Internet. Members must properly manage their IDs and passwords in order to protect their personal information and take responsibility for it.
■ Supervisor and person in charge of personal information
The Company puts great emphasis on protecting members' personal information and is doing its best not to damage, infringe, or leak members’ personal information. Please report to the Company's department by phone or e-mail if you have personal information protection-related complaints while using the Service. The Company will do its best to provide prompt and sufficient responses to users' reports.
Name and position (or department name): Kim Jae-hoon, the Management Support Department
Tel: +82 031 698 2940
Email: help@demand.co.kr
■ Counseling and reporting related to personal information infringement
Please get in touch with the following organizations if you need to report or consult on other personal information infringement.
- Personal Information Infringement Report Center (www.118.or.kr / +82 118 without area code)
- Authentication Committee of the Information Protection Mark (www.eprivacy.or.kr / +82 02 580 0533~4)
- Cyber Criminal Investigation Division under the Supreme Prosecutors' Office (http://www.spo.go.kr / +82 02 3480 2000)
- National Police Agency’s Cyber Terror Response Center (www.ctrc.go.kr / +82 02 392 0330)
Announcement date:
Effective date:
This document is the privacy policy for in mind’s service (hereinafter referred to as ‘in mind’ or ‘Service’) provided by Demand Co., Ltd.