NAVER Corporation (hereinafter referred to as the "Corporation") handles the personal information of the users of the Service (hereinafter referred to as “Customers”) as follows for the provision of its Article service (hereinafter referred to as the “Service”).In handling the personal information of Customers, the Corporation is aware of the importance of personal information protection and complies with the Act on the Protection of Personal Information (hereinafter referred to as the "APPI”) and other laws and regulations.
1. Scope of Application
Unless otherwise defined, the meanings of the terms used in this Policy are as defined in the APPI and the guidelines related thereto.
3. Personal Information Obtained
The Corporation obtains and uses the following personal information for the provision of the Service:
- · Profile information, such as the ID, email address, author’s name, introduction, areas of interest/keywords, signature information, profile image, etc., that the Corporation directly obtains from Customers upon member registration or from their My Page and the internal identification codes that the Corporate assigns to each Customer account;
- · In the event a Customer creates their Article account using an external social media account other than that of the Corporation or links their external social media channel through the Linked Account feature, information collected from a third party other than the Corporation, such as the profile information on the relevant external social media account(name stated in the profile, profile image, status message, internal identifier, etc.), authentication token, channel information (channel name or social media account name, channel thumbnail image, channel URL, etc.), and the information on the latest content of the relevant channel (title, thumbnail, content link URL, etc.), etc.;
- · Service use history of Customers, such as the texts, images, audio files, videos, and other content submitted by Customers, lists of articles read by Customers, and ‘Likes’, comments/replies, underlines, KEEP (saved articles) lists made by the Customers. etc.;
- · Information related to a Customer uploaded by another Customer who is a friend of the former, such as a photograph showing the face of the former, etc.;
- · Information obtained to respond to Customers’ inquiries or communications to the Corporation;
- · Information obtained to carry out a campaign or event or to send giveaways; and
- · Cookies, device and network-related information, such as IP address, OS version, manufacturer, model name, telecom company, whether WiFi is used, etc., time of service use, service use history, browser information, advertising ID, referrer information, and other information on Customers’ communications logs.
4. Purpose of Utilization of Personal Information
The Corporation uses the obtained personal information for the following purposes.Unless it obtains the consent of Customers or it is permitted by law, the Corporation does not use any personal information that it obtains for a purpose other than the specified purpose of utilization thereof.
- (1) To provide the Service
- · To confirm that an individual who logs in is the Customer by comparing the log-in information with the registered information
- · To provide features, etc., that enable Customers to create and publicly share their profiles or to search or follow other Customers using IDs or profile information to create and manage their relationships with other Customers
- · To enable Customers to create content, such as texts, images, audio files, videos, etc., and to communication with other Customers regarding the created content
- · To create and disclose rankings of the most popular articles
- · To conduct reviews necessary for the use of the Service
- · To send event prizes, giveaways, and products
- (2) To provide Customers with optimized content and benefits
- · To recommend or advertise content based on Customers’ areas of interest/preference, etc., by analyzing the personal information obtained by the Corporation and Customers’ service use history, etc.
- · To measure the effect of advertisements distributed by the Corporation
- · To provide various benefits, such as the distribution of coupons, etc., based on Customers’ service use history
- (3) To respond to Customer inquiries and provide appropriate information
- · To provide an accurate response
- · When responding to a Customer inquiry regarding the Service by referring to the Customer’s service use history, history of past inquiries, registered information, etc.
- · To provide news about the Service (amendments to any policies, scheduled service downtime, feature changes, etc.) and various information to make service use more convenient
- · To notify Customers of information on the Corporation’s services and the group companies or information on the advertisements, etc., provided by business operators other than the Corporation
- (4) To safely provide services
- · To prevent conducts that cause harm to others or any unauthorized use such as unauthorized access, etc.
- · To perform identity verification or contact a Customer in the event of an identity theft
- (5) To improve the Service and develop new services
- · To perform satisfaction surveys regarding the use of the Service, surveys regarding new services, etc.
- · To improve the Service and develop new services useful to Customers by analyzing Customers’ service use history, etc.
- (6) To prepare and use statistical data
- · To prepare statistical data using de-identified information related to the Service and to use such statistical data to improve services
5. Third-Party Provision of Personal Information
Limited to cases in which the prior consent of Customers is obtained, the Corporation provides LINE Corporation with the personal information of Customers that it obtains from the Service (the information stated in 3. Personal Information Obtained above), and LINE Corporation (hereinafter referred to as the “Recipient”) uses such provided personal information for the following purposes.More information on the Recipient’s purpose of utilization can be found here.
- · To provide and maintain the Recipient’s services
- · To develop and improve the Recipient’s services and content
- · To prevent any unauthorized use such as unauthorized access, etc.
- · To provide Customers with optimized content
Furthermore, the Corporation may provide personal information to external third parties limited to the following cases in addition to the cases above:
- · Cases in which a Customer gives prior consent
- · Cases in which the handling of personal information is based on laws and regulations
- · Cases in which the handling of personal information is necessary for the protection of the life, body, or fortune of an individual and in which it is difficult to obtain the consent of the Customer
- · Cases in which the handling of personal information is specially necessary for improving public hygiene or fostering healthy children and in which it is difficult to obtain the consent of the Customer
- · Cases in which the handling of personal information is necessary for cooperating with a central government organization, a local government, or a person entrusted by either of the former two in executing the affairs prescribed by laws and regulations and in which obtaining the consent of the Customer is likely to impede the execution of the affairs concerned
- · Cases in which the relevant third party is an academic research institute, etc., and in which such third party needs to handle the relevant personal data for academic research purposes (including cases in which academic research constitutes a part of the purpose for handling such personal data and excluding cases in which the rights and interests of an individual may be unfairly infringed)
6. Entrustment of Personal Information
The Corporation may entrust all or a part of the personal information that it obtains from Customers to a trustee to the extent necessary to achieve the purpose of utilization (e.g., infrastructure construction and operation, service planning, development, and operation, marketing, customer support, etc.)
The Corporation establishes and operates a system to ensure that the entrusted personal information is safely managed, such as requiring trustees to take measures for the protection of personal information, to return or destroy personal information upon the termination of the entrusted work, and to keep the information confidential as provided by the relevant laws and regulations and the Corporation’s security standards through entrustment agreements, etc., and regularly exercising management and supervision as well as sufficiently reviewing the eligibility of the trustees.
The trustees of the Corporation also include companies located in South Korea.South Korea is a member of the APEC Cross-Border Privacy Rules (CBPR) System.Also, it has obtained the E.U. adequacy decision.For information on the South Korean laws and systems for the protection of personal information, please visit here (※Reiwa 2nd APPI Amendment | Personal Information Protection Commission (ppc.go.jp)).
7. Joint Utilization of Personal Information
The Corporation uses the personal information stated in ‘3. Personal Information Obtained’ jointly with the group companies of the Corporation (which refer to its subsidiaries or affiliates, including those located outside Japan) to the extent necessary to achieve the purpose of utilization.
The purpose of joint utilization is equal to the purpose of utilization stated in ‘4. Purpose of Utilization of Personal Information,’ but “the Corporation” will be substituted by the group company of the Corporation and “the Service” will be substituted by the services provided by the group company of the Corporation with respect to the purpose of utilization of a joint user.
The entity responsible for the management of joint utilization is the Corporation (the address and representative of the Corporation are stated at the end of this Policy).
8. Transfer of Personal Information Resulting from a Business Succession
In the event a transaction between companies involving the Corporation’s business subject to this Policy, such as a merger, spin-off, business assignment, etc., occurs, the personal information may also be transferred to the business successor as a result to the extent recognized by the applicable laws.
9. Safe Management of Personal Information
The Corporation takes necessary and appropriate measures in order to prevent the leakage, loss, or damage of the handled personal information and to otherwise safely manage personal information. Furthermore, the Corporation exercises necessary and appropriate supervision in order to encourage its trustees to safely manage personal information in the event it entrusts all or a part of the handling of personal information. The key details are as follows:
- (1) Establishment of Basic Policies: We have established basic policies regarding “compliance with related laws, regulations, guidelines, etc.,” “inquiry and claim handling window,” etc., to guarantee the appropriate handling of personal data.
- (2) Establishment of Regulations on the Handling of Personal Data: We have established regulations on the handling of personal data that set forth the handling method, the supervisors and persons-in-charge, and each of their duties for each of the following stages: acquisition, utilization, retention, provision, and deletion/destruction.
- (3) Organizational Measures for Safe Management: In addition to appointing personal data handling supervisors, we have clearly defined the employees who handle personal data and the scope of the personal data handled by such employees, and we have established a supervisor reporting and communication system for an actual or potential violation/breach of the law or the handling regulations.
- (4) Personal Measures for Safe Management: We offer regular training to employees regarding the matters that require attention when handling personal data.
- (5) Physical Measures for Safe Management: In order to prevent the leakage or damage of the personal information of members caused by hacking, a computer virus, etc., we have installed the system in an area where external access is controlled and have established and are operating an access control procedure.
- (6) Technical Measures for Safe Management: By implementing access control, we limit the persons-in-charge and the scope of the personal information database, etc. to be handled by each person. Also, we have introduced a system for protecting the information systems handling personal data from unauthorized external access or software.
- (7) Identification of External Environments: The Corporation handles personal information in South Korea. The Corporation identifies the personal information protection systems of the country and implements measures for safe management.
10. Personal Information Storage and Access
- (1) Place for Storing Personal Information
The Corporation stores personal information in data centers located in Japan and South Korea.South Korea is a member of the APEC Cross-Border Privacy Rules (CBPR) System and has also obtained the E.U. adequacy decision.
- (2) Access from Outside Japan
For the development and operation of services, the Corporation or the trustees thereof located in South Korea may access the Customers’ personal information stored by the Corporation.The Corporation implements appropriate personal information protection measures based on the Corporation’s security standards not only by requiring trustees with access to the personal information of Customers to engage in appropriate security management through agreements, etc., and exercising management and supervision thereon, but also by implementing appropriate encryption measures for communication areas when accessing personal information, regardless of the country or region in which they are located.For information on the South Korean laws and systems for the protection of personal information, please visit here. (※Reiwa 2nd APPI Amendment | Personal Information Protection Commission (ppc.go.jp)).
11. Regarding the Use of Modules, Cookies, etc., of Other Companies
- · To authenticate a social media log-in
- · To deliver news about the Service in the form of a push notification
- · To monitor and improve the performance of Service and to prevent any unauthorized use thereof
- · To show advertisements on behalf of the Corporation or to measure the effect thereof
- (2) Information on the Use of SDKs and Plug-Ins for Providing the Social Media Log-In Feature and the Link Social Media Account Feature
The Corporation uses SDKs offered by Facebook, Google, LINE, etc., to provide the social media log-in feature and the link social media account feature.
When a Customer tries to log in using the social media log-in feature, minimal profile information on the social media necessary for the log-in is shared with the Service with the consent of such Customer.When a Customer links their social media account to the Service, the channel information of the social media, information on the latest content on the social media account or channel, etc., are shared with the Service.
- (3) Information on the Use of SDKs for Providing Push Notifications
The Corporation uses third-party SDKs to deliver service-related news and notifications in the form of a push notification. The Corporation handles Customers’ device ID and push notification message information by using third-party SDKs.
- (4) Information on the Use of SDKs for Monitoring and Improving Service Performance and Detecting and Responding to Unauthorized Use
In order to monitor and improve the service performance and detect and respond to any unauthorized use, the Corporation collects and analyzes information on Customers’ devices (operating system, model name, manufacturer, etc.), network information (whether Wi-Fi is used, telecom company, etc.), various metrics related to service performance (service performance indicators, error logs, etc.), and the internal identification codes that the Corporation assigns to individual Customers using third-party SDKs.
12. Rights of Customers
Customers may request that the Corporation disclose the personal data retained by it that the Customers cannot confirm within the Service (including disclosing records of third-party provisions) or notify the purpose of utilization thereof pursuant to the procedure provided by the Corporation and the APPI and other laws and regulations.
Customers may request that the Corporation correct, supplement, or delete such retained personal data (hereinafter referred to as “Correction, etc.”) pursuant to the procedure provided by the Corporation and the APPI and other laws and regulations in the event the content of any retained personal data is deemed untrue.
Customers may request that the Corporation suspend the utilization of or delete the retained personal data (hereinafter referred to as “Suspension of Utilization, etc.”) pursuant to the procedure provided by the Corporation and the APPI and other laws and regulations.
Customers may request the “Suspension of Third-Party Provisions” of the retained personal data from the Corporation pursuant to the procedure provided by the Corporation and the APPI and other laws and regulations.
In the event it receives from a Customer a request for the disclosure or notification of the purpose of use, Correction, etc., Suspension of Utilization, etc., or Suspension of Third-Party Provisions mentioned above (hereinafter collectively referred to as “Disclosure, etc.”), the Corporation first confirms whether such request is made by the Customer themselves and then implements the Disclosure, etc., of such retained personal data without delay and notifies the Customer of its intention to do so (if the Corporation decides not to implement the Disclosure, etc., its intention not to do so) unless provided otherwise in the APPI and other laws and regulations.
Meanwhile, in the event it receives a request for the disclosure or the notification of the purpose of utilization of retained personal data that cannot be confirmed within the Service, the Corporation may collect a fee pursuant to a separately provided procedure.
Customers may elect not to provide any personal information to the Corporation, but they may not be able to use some of the Service if they do not provide the information needed for the use of the Service.
13. Information of Former Members
In the case of deleted Service accounts, the personal information of the relevant Customers is appropriately handled pursuant to the relevant laws and regulations and the Corporation’s internal policy.
14. Amendment of This Policy
The Corporation may amend all or a part of this Policy in order to appropriately use and thoroughly protect personal information.In the event of any material amendment, the Corporation will announce the effective date of the amended policy.
15. Inquiry about the Handling of Personal Information
If you have any inquiries, including those related to counseling, complaints, objections, etc., related to the Corporation’s handling of personal information, please send them any time via Inquiry Email.
Meanwhile, the address and representative of the Corporation are as follows:
Address: Buljeong-ro 6, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea
Representative: Choi Soo-yeon
﹤Date of Application: 07. 21, 2022﹥