Kilo Co., Ltd. ("Company") complies with the personal information protection regulations under the relevant laws and regulations that information and communication service providers must comply with, such as the Information and Communication Network Act.
Through the personal information processing policy, the company informs you of the purpose and method of personal information being used and what measures are being taken to protect personal information. If the company revises its personal information processing policy, it will notify it through the application or website (or individual notice).
This policy will take effect on March 1, 2022.(UTC +9:00)
Chapter 1. Purpose of collecting and using personal information
The company collects personal information from membership registration and smooth service provision through applications and web pages, and can request personal information entry for collective statistical analysis or for the purpose of sending prizes at surveys or events.
•
User information.
◦
Email address and ID.
•
Device information.
◦
Device identifier, operating system, hardware version, device setting, phone number.
◦
National information, encrypted identification information (CI), and duplicate subscription confirmation information (DI)
•
Log information.
◦
Log data (including data related to records such as diet, exercise, body, etc.), search terms entered by users, Internet protocol addresses, cookies, service usage records and time zones, payment records, visit records, bad usage records, access logs, advertisement identifiers, etc.
•
Other information.
◦
Other personal information necessary for service improvement, such as preferences, advertising environment, and visiting pages, in the use of members' services.
Personal information processed by the company is not used for purposes other than the following purposes, and if the purpose changes, the member will seek prior consent.
① Member management such as identification and prevention of illegal use of services.
② Implementation of contracts regarding the provision of services required by members, handling complaints/error matters, settlement of charges, etc.
③ It is used to improve existing services, develop new services, and develop customized recommendation functions.
④ Notification of changes to the function or policy of the company website or application.
⑤ Use for events and promotions, internal statistics, advertisements, etc. with the prior consent of other users.
⑥ Compliance with relevant applicable laws or legal obligations
Members may refuse the collection of personal information by disagreeing with the collection of personal information of the company or not writing down personal information. However, in this case, the services provided to members may be restricted.
Chapter 2. Period of retention and use of personal information
While service users continue to use the service as members of our company, we continue to hold the user's personal information and use it to provide services.
The personal information of the service user is destroyed in a way that cannot be reproduced if the purpose of collection and use (including temporary purposes such as surveys, events, etc.) is achieved, or if the user directly deletes or withdraws from the membership. According to the "Personal Information Validity System", the personal information of members who have not used the service for a year is separately stored.
If there is a request for abuse of users' rights, prevention of abuse, infringement of rights/defamation disputes, or investigation cooperation, we may keep the member's personal information for one year from the termination of the member's use contract in case of recurrence. If it is necessary to preserve it in accordance with the provisions of related laws, such as the Commercial Act, the Consumer Protection Act in e-commerce, etc., we keep member information for a certain period of time prescribed by the relevant laws. In this case, we use the information we keep only for the purpose of storage, and the retention period is as follows.
A. The period of preservation of personal information is as follows when withdrawing from a member who holds information according to the company's internal policy.
•
Preservation grounds: Dispute on infringement of rights, such as prevention of re-registration of defective users and defamation, and cooperation in investigation.
•
Preservation period: 1 year after withdrawal of membership.
B. If it is necessary to preserve it under the relevant laws and regulations, such as the Act on the Reasons for Information Holding and the Act on the Protection of Consumers in Electronic Commerce, etc., the company stores member information for a certain period of time. In this case, the company uses the information it keeps only for the purpose of its storage, and the preservation period is as follows.
•
Records of contract or withdrawal of subscription, etc.
◦
Reasons for preservation: Act on the Protection of Consumers in Electronic Commerce, etc.
◦
Preservation period: 5 years.
•
Records of payment and supply of goods, etc.
◦
Reasons for preservation: Act on the Protection of Consumers in Electronic Commerce, etc.
◦
Preservation period: 5 years.
•
Records of consumer complaints or disputes.
◦
Reasons for preservation: Act on the Protection of Consumers in Electronic Commerce, etc.
◦
Preservation period: 3 years.
•
Records of identity verification.
◦
Reasons for preservation: Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.
◦
Preservation period: 6 months.
•
Records of visits.
◦
Reasons for preservation: Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.
◦
Preservation period: 3 months.
Chapter 3. Reading, updating, modifying, or deleting personal information
You can view or modify your registered personal information and request membership withdrawal. We will take action without delay to view or modify your personal information directly through changes in member information on the site, or if you request it by e-mail or in writing from the person in charge of personal information protection.
Chapter 4. Procedures and methods for destroying personal information
The information entered by the user for membership registration, etc., will be transferred to a separate DB after the purpose is achieved and stored for a certain period of time (see retention and usage period) according to internal policies and other relevant laws and regulations.
Personal information stored in the form of an electronic file is deleted using a technical method that cannot play records.
Chapter 5. Consignment of collected personal information
The company entrusts the work in relation to the processing of personal information as follows, and is taking necessary measures to ensure that personal information entrusted under relevant laws and regulations is safely managed. The information entrusted is limited to the minimum range required to provide the service and is all encrypted.
The tasks and trust companies entrusted by the company are as follows. It is entrusted and stored to foreign companies to improve service provision and user convenience, and is transmitted through the network at the time of service use.
Transfer to. | Country | Purpose | Transferred personal information data. |
Google Analytics, Firebase | US | Processing data on service use. | Service usage records or collected personal information. |
Amplitude, appsflyer | US | Statistical analysis of users' use of services. | Service usage records |
Facebook, Tiktok, Google Ads | US | Marketing for target customers. | Encrypted individual UIDs |
Amazon Web service | US | Processing and storing data. | Service usage records or collected personal information. |
If the consignment changes, we will inform you of the fact through this personal information processing policy.
Chapter 6. Rights of users and legal representatives and their exercise methods
Users and legal representatives can view or modify the registered member's personal information at any time, and withdraw consent to the use of personal information through the membership withdrawal process. Or if you contact the person in charge of personal information protection by writing, phone, or e-mail, we will take action without delay. In the case of legal representatives, they must submit a power of attorney in accordance with attached Form 11 of the Enforcement Rules of the Personal Information Protection Act to exercise their rights.
If a user requests correction of an error in personal information, the personal information will not be used or provided until correction is completed. In addition, if wrong personal information has already been provided to a third party, we will notify the third party of the correction process without delay so that the correction can be made.
The company processes personal information terminated or deleted at the request of a user or legal representative as specified in the "retention and use period of personal information" and cannot be viewed or used for other purposes.
Chapter 7. Matters concerning the installation, operation, and refusal of automatic personal information collection devices
A. About cookies.
The company installs and operates cookies to provide customized services for each user. The purpose and refusal of the cookie are as follows.
1.
The meaning of cookies: Cookies are very small text files sent by the server used to run the website to the user's browser and are stored and operated on the user's computer.
2.
The purpose of using cookies is to provide optimized customized services by identifying users' access management, error management, provision of user-specific usage environments, identifying user activity information, a/b test, and checking event and promotion statistics.
3.
Installation, operation, and rejection of cookies: Users have the option to install cookies when using facilities. By setting options in a web browser, users can allow all cookies, go through verification whenever they are saved, or refuse to save all cookies. However, if the user refuses cookies, it may be difficult to provide the service.
B. About online customized advertising services,
In order to provide services that take into account the characteristics of users by analyzing users' online usage types and access records, the company allows online customized advertising operators to collect behavior information as follows.
1.
Advertisers who collect and process behavioral information: Facebook, Google, Amplitude, Naver, Kakao, TikTok, appsflyer
2.
Behavioral information collection method: Automatic collection when a user visits a company's website or runs an app.
Users have the option of installing cookies. Therefore, by setting options in the web browser, you can allow all cookies, go through verification whenever they are saved, or refuse to save all cookies. However, if the user refuses to install cookies, there may be difficulties in some services provided by the company.
Chapter 8. Technical and management measures for personal information protection
Your personal information is protected by passwords.
Only you can know the password of your account, and you can check and change your personal information only by yourself who knows the password. Therefore, you should not tell anyone about your password. Except for devices under your name, it is recommended that you log out after use and completely terminate. The company is not responsible for the leakage of personal information due to careless use.
The company considers the security of users' personal information very important. The company is establishing the following security measures to prevent unauthorized access, disclosure, use, and modification of user personal information.
[Personal information encryption]
•
Transmitting the user's personal information using an encrypted communication section.
•
Encrypt and store important information such as passwords.
•
Measures to prepare for hacking.
•
Preventing personal information of users from being leaked or damaged by hacking or computer viruses.
Installing a system in an area where access from the outside is restricted.
•
Establishment and implementation of an internal management plan.
•
Installation and operation of access control devices.
•
Measures to prevent forgery and alteration of access records.
•
Access to personal information is limited to those who perform the relevant task and those who are inevitable to handle personal information when performing the task.
Chapter 9. Protection of Children's Personal Information
In principle, the company does not collect information from children under the age of 13 or of the corresponding minimum age under the jurisdiction. However, when the company inevitably collects personal information of children under the age of 13 or of the minimum age corresponding thereto for the use of the service, the following procedures will be additionally performed to protect children's personal information.
1.
Proceed with the guardian's consent procedure for collecting children's personal information or sending the company's product and service information directly to children.
2.
Notify the female guardian of the company's privacy policy for children, including collected personal information items, purpose, and sharing.
3.
Grant legal representatives the authority to access the child's personal information, correct or delete personal information, suspend personal information processing, and request withdrawal of previously provided consent.
4.
Restrictions on the scope of personal information collection other than those essential for participation in service activities.
Chapter 10. The affiliation, name, and contact information of the person in charge of personal information protection
The company in charge of the company designates the relevant department and person in charge as follows to protect users' personal information and handle complaints related to personal information. If you have any opinions on this policy or would like to update the user's information held by the company, please contact the contact information below.
[Personal information protection manager]
Name: Liam
Department in charge: Development team.
Email: support@mealligram.com
Plain Text
복사
Announcement date: January 28, 2022.
Effective date: March 1, 2022.
past documents