Privacy Policy
FLAMA Co., Ltd. (hereinafter referred to as the Company) has the following processing policy to protect users' personal information and rights and interests in accordance with the Personal Information Protection Act and to smoothly handle users' grievances related to personal information. If the Company revises the Privacy Policy, it will be notified through the website announcement (or individual notice).
Purpose of collecting and using personal information
The Company processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following purposes, and prior consent will be obtained if the purpose of use is changed.
Homepage membership and management
The Company processes personal information for the purpose of confirming the intention to join the membership, identifying and authenticating the person in accordance with the provision of membership services, maintaining and managing membership, identifying the person in accordance with the implementation of the limited identification system, preventing unauthorized use of the service, various notices and notifications, handling grievances, and preserving records for dispute settlement.
Handling civil affairs
Personal information is processed for the purpose of verifying the identity of the complainant, checking the complaint, contacting and notifying the complainant for fact-finding, and notifying the result of processing.
Provision of goods or services
We process personal information for the purpose of delivering goods, providing services, sending invoices, providing content, providing customized services, identification, age verification, payment and settlement, etc.
Utilization for marketing and advertising
We process personal information for the purpose of developing new services (products) and providing customized services, providing event and advertising information and participation opportunities, providing services and displaying advertisements according to demographic characteristics, verifying the validity of services, identifying the frequency of access or statistics on members' use of services, etc.
Items of personal information we collect and how we collect them
Collection Items
Items collected when registering as a member
- Required items: Name, gender, login ID, password, email, date of birth, address, mobile phone number
- Optional items: home number, consent to receive SMS, consent to receive emails
- Purpose of collection: To secure smooth communication paths such as delivery of member-specific and notice information, confirmation of personal intentions and complaint handling
Automatic collection
- Access IP information, cookies, service usage records, access logs, etc.
Other (events, marketing activities, etc.)
- Collected information: address, date of birth, phone number, mobile phone number, name, email, etc.
- In addition, if personal information is collected for short-term purposes for specific purposes, it will be notified and collected separately.
Collection Methods
We collect personal information in the following ways.
- Homepage (membership registration), written form, telephone, fax, consultation board, event application, service use, modification of membership information
Consent to the Collection of Personal Information
The Company has established a procedure for you to check the “I Agree” button to agree to the contents of the Company's Privacy Policy or Terms of Use, and by checking the “I Agree” button, you agree to the collection of personal information.
Installation, operation, and rejection of automatic personal information collection devices
In order to provide individualized customized services, we use 'cookies' that store and retrieve usage information from time to time.
Cookies are small amounts of information sent to the user's computer browser by the server (http) used to operate the website and are stored on the hard disk of the user's PC computer.
- Purpose of use of cookies: Cookies are used to provide optimized information to users by identifying the type of visit and use of each service and website visited by users, popular search terms, secure connection, etc.
- Installation, operation and rejection of cookies: You can reject the storage of cookies through the option settings in the 'Tools>Internet Options>Privacy' menu at the top of your web browser.
- If you refuse to save cookies, you may experience difficulties in using customized services.
Processing and retention period of personal information
The Company shall process and retain personal information within the period of retention and use of personal information in accordance with the laws and regulations or the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
Each personal information processing and retention period is destroyed when the purpose of collection or the purpose provided is achieved as follows.
- Membership information: When you withdraw or are expelled from the membership.
- Personal information collected for temporary purposes such as surveys, events, etc.: When the survey, event, etc. ends.
However, if it is necessary to retain the information for a certain period of time for reasons such as confirmation of transaction-related rights and obligations under the provisions of the Commercial Act and the Act on Consumer Protection in Electronic Commerce, etc.
- Records on contract or subscription withdrawal: 5 years
- Records of consumer complaints or dispute handling: 3 years
Provision and Sharing of Personal Information to Third Parties
The Company shall not use or provide the personal information of users to third parties beyond the scope disclosed in “Items of Personal Information Collected and Purpose of Collection” and “Purpose of Use of Personal Information” in any case, except with the consent of users or in accordance with the provisions of relevant laws and regulations. However, the following cases are exceptions.
- When users have given their prior consent.
- When necessary for settlement of charges for the provision of services.
- When necessary to fulfill the contract (product delivery/installation, service work)
- When we have sufficient grounds to believe that disclosure of customer information is necessary to take legal action against someone for causing mental or material harm to others.
- When it is necessary for statistical compilation, marketing analysis, or market research, and the information is processed in a form that does not identify a specific individual and provided to an outside agency or organization.
- In accordance with the provisions of other relevant laws and regulations, or when requested by an investigative agency in accordance with the procedures and methods prescribed by law for the purpose of investigation.
- When the personal information is necessary for the fulfillment of a contract for the provision of services and it is significantly difficult to obtain the usual consent due to economic or technical reasons.
Rights and obligations of the information subject and how to exercise them The user may exercise the following rights as a personal information subject.
The information subject may exercise the following personal information protection rights against the Company at any time.
- Request to view personal information
- Request for correction of errors, etc.
- Request for deletion
- Request suspension of processing
The exercise of rights under Paragraph 1 may be made in writing, e-mail, facsimile transmission (FAX), etc. to the Company in accordance with the form in Appendix 8 of the Enforcement Rules of the Personal Information Protection Act, and the Company will take action without delay.
If the information subject requests the correction or deletion of errors in personal information, the Company shall not use or provide the personal information until the correction or deletion is completed.
The exercise of the rights under Paragraph 1 may be made through an agent, such as the legal representative of the information subject or a person who has been delegated. In this case, a power of attorney in the form of Appendix No. 11 to the Enforcement Rules of the Personal Information Protection Act must be submitted.
Destruction of Personal Information In principle, the Company will destroy personal information without delay when the purpose of processing personal information has been fulfilled. The procedure, deadline and method of destruction are as follows.
Destruction Procedure
The information entered by the user is transferred to a separate DB after the purpose is achieved (separate documents in case of paper) and stored for a certain period of time in accordance with internal policies and other relevant laws and regulations, or destroyed immediately. In this case, the personal information transferred to the DB will not be used for any other purpose unless required by law.
Destruction Period
The personal information of the user shall be destroyed within 5 days from the end of the retention period if the retention period of the personal information has elapsed, or within 5 days from the date it is recognized that the personal information is no longer necessary, such as the achievement of the purpose of processing the personal information, the abolition of the service, or the termination of the business.
Method of Destruction
Information in the form of electronic files is destroyed using technical methods that do not allow the records to be reproduced.
Personal information printed on paper is destroyed by shredding or incineration.
Measures to ensure the safety of personal information The Company takes technical/administrative and physical measures necessary to ensure safety as follows in accordance with Article 29 of the Personal Information Protection Act.
Minimization and training of employees handling personal information
The Company implements measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to those in charge.
Conducting regular self-audits
We conduct self-audits on a regular basis (once a quarter) to ensure the stability of personal information handling.
Establishment and implementation of internal management plan
We have established and implemented an internal management plan for the safe handling of personal information.
Encryption of personal information
The user's personal information is stored and managed with encrypted passwords, so only the user can know it, and important data is encrypted with separate security functions such as encrypting file and transmission data or using the file lock function.
Technical measures against hacking, etc.
In order to prevent leakage and damage of personal information due to hacking or computer viruses, the Company installs security programs, periodically updates and inspects them, installs systems in areas with controlled access from the outside, and monitors and blocks them technically and physically.
Restriction of access to personal information
The Company takes necessary measures to control access to personal information through granting, changing, and canceling access rights to the database system that processes personal information, and controls unauthorized access from the outside using an intrusion prevention system.
Retention of access records and prevention of falsification
Records of access to the personal information processing system are kept and managed for at least 6 months, and security functions are used to prevent access records from being falsified, stolen, or lost.
Use of locks for document security
Documents containing personal information, auxiliary storage media, etc. are stored in a safe place with a lock.
Access control for unauthorized persons
We have a separate physical storage location for personal information and have established and operated access control procedures for it.
Personal Information Protection Officer
The Company is responsible for the overall handling of personal information, and designates the person in charge of personal information protection as follows to handle complaints and remedy damages of information subjects related to the handling of personal information.
Name :
Position :
Department :
Telephone number :
Fax number :
E-mail :
The information subject may inquire about all personal information protection-related inquiries, complaints, damage relief, etc. arising from the use of the Company's services (or business) to the person in charge of personal information protection and the department in charge. The Company will respond to and handle inquiries from the information subject without delay.
Changes to the Privacy Policy
This privacy policy is applied from the effective date, and if there are any additions, deletions, or corrections to the contents in accordance with laws and policies, we will notify you through a notice 7 days before the effective date of the change.
<This policy is effective February 1, 2019>
FLAMA Co., Ltd. (hereinafter referred to as the Company) has the following processing policy to protect users' personal information and rights and interests in accordance with the Personal Information Protection Act and to smoothly handle users' grievances related to personal information. If the Company revises the Privacy Policy, it will be notified through the website announcement (or individual notice).
Purpose of collecting and using personal information
The Company processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following purposes, and prior consent will be obtained if the purpose of use is changed.
Homepage membership and management
The Company processes personal information for the purpose of confirming the intention to join the membership, identifying and authenticating the person in accordance with the provision of membership services, maintaining and managing membership, identifying the person in accordance with the implementation of the limited identification system, preventing unauthorized use of the service, various notices and notifications, handling grievances, and preserving records for dispute settlement.
Handling civil affairs
Personal information is processed for the purpose of verifying the identity of the complainant, checking the complaint, contacting and notifying the complainant for fact-finding, and notifying the result of processing.
Provision of goods or services
We process personal information for the purpose of delivering goods, providing services, sending invoices, providing content, providing customized services, identification, age verification, payment and settlement, etc.
Utilization for marketing and advertising
We process personal information for the purpose of developing new services (products) and providing customized services, providing event and advertising information and participation opportunities, providing services and displaying advertisements according to demographic characteristics, verifying the validity of services, identifying the frequency of access or statistics on members' use of services, etc.
Items of personal information we collect and how we collect them
Collection Items
Items collected when registering as a member
- Required items: Name, gender, login ID, password, email, date of birth, address, mobile phone number
- Optional items: home number, consent to receive SMS, consent to receive emails
- Purpose of collection: To secure smooth communication paths such as delivery of member-specific and notice information, confirmation of personal intentions and complaint handling
Automatic collection
- Access IP information, cookies, service usage records, access logs, etc.
Other (events, marketing activities, etc.)
- Collected information: address, date of birth, phone number, mobile phone number, name, email, etc.
- In addition, if personal information is collected for short-term purposes for specific purposes, it will be notified and collected separately.
Collection Methods
We collect personal information in the following ways.
- Homepage (membership registration), written form, telephone, fax, consultation board, event application, service use, modification of membership information
Consent to the Collection of Personal Information
The Company has established a procedure for you to check the “I Agree” button to agree to the contents of the Company's Privacy Policy or Terms of Use, and by checking the “I Agree” button, you agree to the collection of personal information.
Installation, operation, and rejection of automatic personal information collection devices
In order to provide individualized customized services, we use 'cookies' that store and retrieve usage information from time to time.
Cookies are small amounts of information sent to the user's computer browser by the server (http) used to operate the website and are stored on the hard disk of the user's PC computer.
- Purpose of use of cookies: Cookies are used to provide optimized information to users by identifying the type of visit and use of each service and website visited by users, popular search terms, secure connection, etc.
- Installation, operation and rejection of cookies: You can reject the storage of cookies through the option settings in the 'Tools>Internet Options>Privacy' menu at the top of your web browser.
- If you refuse to save cookies, you may experience difficulties in using customized services.
Processing and retention period of personal information
The Company shall process and retain personal information within the period of retention and use of personal information in accordance with the laws and regulations or the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
Each personal information processing and retention period is destroyed when the purpose of collection or the purpose provided is achieved as follows.
- Membership information: When you withdraw or are expelled from the membership.
- Personal information collected for temporary purposes such as surveys, events, etc.: When the survey, event, etc. ends.
However, if it is necessary to retain the information for a certain period of time for reasons such as confirmation of transaction-related rights and obligations under the provisions of the Commercial Act and the Act on Consumer Protection in Electronic Commerce, etc.
- Records on contract or subscription withdrawal: 5 years
- Records of consumer complaints or dispute handling: 3 years
Provision and Sharing of Personal Information to Third Parties
The Company shall not use or provide the personal information of users to third parties beyond the scope disclosed in “Items of Personal Information Collected and Purpose of Collection” and “Purpose of Use of Personal Information” in any case, except with the consent of users or in accordance with the provisions of relevant laws and regulations. However, the following cases are exceptions.
- When users have given their prior consent.
- When necessary for settlement of charges for the provision of services.
- When necessary to fulfill the contract (product delivery/installation, service work)
- When we have sufficient grounds to believe that disclosure of customer information is necessary to take legal action against someone for causing mental or material harm to others.
- When it is necessary for statistical compilation, marketing analysis, or market research, and the information is processed in a form that does not identify a specific individual and provided to an outside agency or organization.
- In accordance with the provisions of other relevant laws and regulations, or when requested by an investigative agency in accordance with the procedures and methods prescribed by law for the purpose of investigation.
- When the personal information is necessary for the fulfillment of a contract for the provision of services and it is significantly difficult to obtain the usual consent due to economic or technical reasons.
Rights and obligations of the information subject and how to exercise them The user may exercise the following rights as a personal information subject.
The information subject may exercise the following personal information protection rights against the Company at any time.
- Request to view personal information
- Request for correction of errors, etc.
- Request for deletion
- Request suspension of processing
The exercise of rights under Paragraph 1 may be made in writing, e-mail, facsimile transmission (FAX), etc. to the Company in accordance with the form in Appendix 8 of the Enforcement Rules of the Personal Information Protection Act, and the Company will take action without delay.
If the information subject requests the correction or deletion of errors in personal information, the Company shall not use or provide the personal information until the correction or deletion is completed.
The exercise of the rights under Paragraph 1 may be made through an agent, such as the legal representative of the information subject or a person who has been delegated. In this case, a power of attorney in the form of Appendix No. 11 to the Enforcement Rules of the Personal Information Protection Act must be submitted.
Destruction of Personal Information In principle, the Company will destroy personal information without delay when the purpose of processing personal information has been fulfilled. The procedure, deadline and method of destruction are as follows.
Destruction Procedure
The information entered by the user is transferred to a separate DB after the purpose is achieved (separate documents in case of paper) and stored for a certain period of time in accordance with internal policies and other relevant laws and regulations, or destroyed immediately. In this case, the personal information transferred to the DB will not be used for any other purpose unless required by law.
Destruction Period
The personal information of the user shall be destroyed within 5 days from the end of the retention period if the retention period of the personal information has elapsed, or within 5 days from the date it is recognized that the personal information is no longer necessary, such as the achievement of the purpose of processing the personal information, the abolition of the service, or the termination of the business.
Method of Destruction
Information in the form of electronic files is destroyed using technical methods that do not allow the records to be reproduced.
Personal information printed on paper is destroyed by shredding or incineration.
Measures to ensure the safety of personal information The Company takes technical/administrative and physical measures necessary to ensure safety as follows in accordance with Article 29 of the Personal Information Protection Act.
Minimization and training of employees handling personal information
The Company implements measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to those in charge.
Conducting regular self-audits
We conduct self-audits on a regular basis (once a quarter) to ensure the stability of personal information handling.
Establishment and implementation of internal management plan
We have established and implemented an internal management plan for the safe handling of personal information.
Encryption of personal information
The user's personal information is stored and managed with encrypted passwords, so only the user can know it, and important data is encrypted with separate security functions such as encrypting file and transmission data or using the file lock function.
Technical measures against hacking, etc.
In order to prevent leakage and damage of personal information due to hacking or computer viruses, the Company installs security programs, periodically updates and inspects them, installs systems in areas with controlled access from the outside, and monitors and blocks them technically and physically.
Restriction of access to personal information
The Company takes necessary measures to control access to personal information through granting, changing, and canceling access rights to the database system that processes personal information, and controls unauthorized access from the outside using an intrusion prevention system.
Retention of access records and prevention of falsification
Records of access to the personal information processing system are kept and managed for at least 6 months, and security functions are used to prevent access records from being falsified, stolen, or lost.
Use of locks for document security
Documents containing personal information, auxiliary storage media, etc. are stored in a safe place with a lock.
Access control for unauthorized persons
We have a separate physical storage location for personal information and have established and operated access control procedures for it.
Personal Information Protection Officer
The Company is responsible for the overall handling of personal information, and designates the person in charge of personal information protection as follows to handle complaints and remedy damages of information subjects related to the handling of personal information.
Name :
Position :
Department :
Telephone number :
Fax number :
E-mail :
The information subject may inquire about all personal information protection-related inquiries, complaints, damage relief, etc. arising from the use of the Company's services (or business) to the person in charge of personal information protection and the department in charge. The Company will respond to and handle inquiries from the information subject without delay.
Changes to the Privacy Policy
This privacy policy is applied from the effective date, and if there are any additions, deletions, or corrections to the contents in accordance with laws and policies, we will notify you through a notice 7 days before the effective date of the change.
<This policy is effective February 1, 2019>