Article 1 (Categories of Personal Information Collected)
Smart Olive Co., Ltd. (hereinafter referred to as the “Company”) allows users to freely access most content without a separate membership registration process. However, in order to provide customized services, the Company collects user information through its membership services and affiliated partners. To use the Company’s membership services, you must provide the following required information. Failure to provide optional items may result in limited access to certain services.
Notwithstanding the foregoing, the Company may collect and use personal information without the user’s consent where permitted under applicable laws and regulations.
1. Personal Information Collected upon Membership Registration
a. Required items for Individual Members: ID, password, name, email address, mobile phone number
b. Optional items for Individual Members: Date of birth, gender
c. Required items for Corporate Members: Company name, department/team, job title, name, mobile phone number, email address
d. Optional items for Corporate Members: Date of birth, Anniversary 1, Anniversary 2, employment status, company extension number
2. Personal Information Collected When Using Paid Services
a. Required items for Individual and Corporate Members: Same as information collected during membership registration
b. Personal information entered in the payment window according to the selected payment method is recorded by the payment service provider and is not stored by the Company.
3. Personal Information Collected for Refunds of Payments for Goods or Services
a. Required items for Individual and Corporate Members: Bank name, account number, account holder’s name
4. Automatically Generated Information During Service Use or Business Processing
a. Service usage records, access logs, cookies, IP address, payment records, suspension records, unique device identifiers (device ID or IMEI), and location information
5. Information on the Use of Group Facilities for the Prevention of COVID-19 and the Prevention of Its Spread
Article 2 (Purpose of Collection and Use of Personal Information)
The Company collects personal information for the following purposes. If the purpose of use changes, the Company will obtain prior consent from users.
1. ID, name, email address, mobile phone number, and password: Used for identity verification for membership services
2. Email address and mobile phone number: Used to deliver notices, verify user intent, handle complaints, ensure smooth communication, provide information on new services/products or events, request reviews regarding service usage, and send service information and promotional materials provided by the Company
3. Address, telephone number, and location information: Used for selecting preferred regions, securing accurate delivery addresses for prizes, and identity verification
4. Other optional items: Used to provide personalized services
• The Company does not collect sensitive personal information that may infringe upon users’ fundamental rights (such as race or ethnicity, ideology or beliefs, place of origin or domicile, political inclination, criminal records, medical information, etc.).
5. Prevention of COVID-19 and the prevention of its spread
Article 3 (Retention and Use Period of Personal Information)
1. The Company uses members’ personal information only for the period during which services are provided, starting from the time of service use.
2. If there is no record of service use for one year, the Company will notify the member in advance pursuant to Article 29 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and store the personal information separately for three years from the date the account is converted to a dormant account.
3. To prevent abuse such as repeatedly re-registering after withdrawal or suspension to obtain economic benefits (e.g., discount coupons or event benefits), or unauthorized use of another person’s identity, the Company retains the member’s information for 90 days after withdrawal.
4. Upon expiration of the retention period specified in Paragraphs 2 and 3 of this Article, the Company will destroy printed personal information by shredding or through a specialized service provider, and permanently delete electronic files using technical methods that prevent recovery.
5. Notwithstanding the foregoing, where retention is required to verify rights and obligations related to transactions, the Company retains personal information for the following periods in accordance with applicable laws:
• Service usage records (login records): 3 months (Protection of Communications Secrets Act)
• Records related to labeling/advertising: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)
• Records related to contracts or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
• Records related to payment and supply of goods/services: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
• Records related to consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
• Records related to personal location information: 1 year (Act on the Protection and Use of Location Information)
• Records related to electronic financial transactions: 5 years (Electronic Financial Transactions Act)
• Membership registration information: Deleted after 90 days following withdrawal, expulsion, or conversion to a dormant account to prevent re-registration. Members will be notified by email upon withdrawal.
• Records related to data registration and sales: 180 days
6. If you request access to your transaction information retained with your consent, the Company will promptly take necessary measures to allow you to review such information.
7. Information collected for the prevention of COVID-19 will be destroyed four weeks from the date of collection or immediately after an epidemiological investigation is completed.
Article 4 (Rights of Users and Legal Representatives and How to Exercise Them)
1. Users and their legal representatives may at any time access or correct their personal information (or that of children under the age of 14), and may refuse consent or request membership withdrawal. However, refusal may result in restrictions on service use.
2. Users may directly access, correct, or withdraw membership by clicking on “Edit Personal Information” or “Membership Withdrawal.”
3. Alternatively, you may contact the Personal Information Protection Officer by written request, telephone, or email, and the Company will take prompt action.
4. If a user requests correction of erroneous personal information, the Company will not use or provide such information until the correction is completed. If incorrect information has already been provided to a third party, the Company will promptly notify the third party of the correction.
Article 5 (Technical and Administrative Measures for the Protection of Personal Information)
The Company takes the following technical and administrative measures to ensure that personal information is not lost, stolen, leaked, altered, or damaged.
1. Password Protection Measures
Passwords are encrypted and stored securely. Only the user knows their password, and personal information can only be accessed or modified by the user who knows the password.
2. Measures Against Hacking, etc.
The Company makes every effort to prevent personal information from being leaked or damaged due to hacking or computer viruses.
The Company regularly backs up data, uses up-to-date antivirus programs, ensures secure transmission of personal information through encrypted communications, and employs intrusion prevention systems to control unauthorized external access. The Company strives to implement all possible technical safeguards to ensure system security.
3. Minimization and Training of Handling Personnel
The Company limits access to personal information to designated personnel only, assigns separate passwords, and updates them regularly.
4. Operation of a Dedicated Personal Information Protection Organization
The Company operates an internal department responsible for personal information protection to ensure compliance with this Privacy Policy and to promptly correct any issues identified. However, the Company shall not be held liable for any issues arising from the user’s negligence or problems on the Internet that result in the leakage of personal information such as ID and password.