01. Personal Information Items Collected

The company collects the following personal information for the purpose of providing services such as e-payment agency and payment reserve (hereinafter referred to as 'service') application, consultation, and enquiries.

① Personal information collection items

(1) Mandatory items

· Personal information : Name (Name of CEO and person in charge in case of merchant), date of birth, mobile phone number (Mobile number of CEO and person in charge in case of merchant), phone number (company number not applicable), email address (Email address of CEO and person in charge in case of merchant), gender

· Additional information may be automatically or manually generated and collected during the 'service' processing or 'service' processing other than the personal information items specified above (IP/MAC Address, cookies, e-mail, service accessed dates, service usage records, bad or abnormal usage records, payment records).

· Miscellaneous : The ‘company’ can collect additional information on the payment method, such as the card transaction name, credit card number (partial), bank name, account number, carrier name and gift certificate ID/PW required for payment or refund related to service use.

(2) Selected Items

· Information provided by the client or information contained in the contract document other than required items

· Address, fax number, etc.

02. Purpose of collecting and using personal information

The ‘company’ utilizes the collected personal information for the following purposes:

① Identifying and verifying the person's real name for the purpose of establishing, maintaining, and terminating the service contract; managing various members, sending contracts, etc.

② Identifying, certifying, real-name verification and various notices/notifications during the service delivery process

③ Prevention of fraudulent and unauthorized use

④ Confirmation of consent or withdrawal required for service provision and related business handling

⑤ Identifying frequency of use and providing services according to demographic characteristics and CRM

⑥ Register store business information for each payment method for service provision

⑦ For service provision (approval transaction, etc.) and related business processing (civil complaints, personal information management status check), the payment method issuer of the user who enters into the contract with the user regarding the payment method

(e.g. credit card company in question) shall send the payment information of the user, personal information storage details, etc.
(See below details about the issuer of the payment method)

03. The retention and usage period of personal information

The personal information of the users shall be destroyed without delay when the purpose of collecting and using personal information is achieved in principle. However, the information for each of the following neck shall be retained for the period specified for the following reasons

① Retention of information based on the company's internal policy

(1) Retention items: Service call collected items (company name, customer name, phone number, e-mail, call content, etc.)

(2) Reasons for preservation: Use explanatory evidences in case of conflict

(3) Preservation period: 6 months after completion of the consultation

② Retention of information according to relevant laws

In the event it is necessary to preserve the information according to the provisions of the relevant statutes, such as the Commercial Act, the Electronic Finance Transaction Act, etc., the company shall keep the information for a certain period as prescribed by the relevant statutes. In this case, the company uses the information stored for the purpose of storage only, and the retention period is as follows

(1) Records of withdrawal of contract or subscription, etc.

· Preservation Period: Five Years

· Grounds for Preservation: Law on Consumer Protection in Electronic Commerce, etc.

(2) Records of payment and supply of goods, etc.

· Preservation Period: Five Years

· Grounds for Preservation: Law on Consumer Protection in Electronic Commerce, etc.

(3) Records of complaints or dispute handling by consumers

· Preservation Period: 3 Years

· Grounds for Preservation: Law on Consumer Protection in Electronic Commerce, etc.

(4) Records on the collection, processing and utilization of credit information

· Preservation Period: 3 Years

· Grounds for Preservation: The Act on the Utilization and Protection of Credit Information

(5) Records of identification

· Preservation Period: 6 Months

· Grounds for Preservation: Act on Promotion of Information and Communication Utilization and Information Protection

(6) Records of visits

· Preservation Period: 3 Months

· Grounds for Preservation: Communications Secret Protection Act

04. The process and method of destruction of personal information

① Destruction procedure : The information entered by the user for service application, service consultation, inquiry, etc. is transferred to a separate DB after the purpose is achieved (in case of paper, separate filing box) and is stored and destroyed for a period of time according to internal policy and other reasons for information protection under relevant statutes (see retention and service period). Personal information transferred to a separate database is not used for purposes other than holding purposes unless for legal reasons.

② Method of destruction

(1) Personal information stored in electronic file format shall be deleted using a technical method that cannot be played back.

(2) The personal information printed on the paper shall be shredded with a shredder or destroyed through incineration.

05. Personal information provision

The company uses the user's personal information within the scope specified in [2. Purpose of Use of Personal Information Collected], and does not use the information beyond that scope without prior consent from the user, or does not provide the user's personal information to the outside world in principle. Exceptions are made in the following cases

· If the users have agreed in advance (if the users have agreed in advance, the users voluntarily agree to provide their personal information to a third party for the purpose of using the service).

· In case there is a request of the investigative agency according to the provisions of the Act or according to the procedures and methods prescribed in the Act for the purpose of investigation purposes. In the above cases, the ‘company’ shall notify the users who is provided the personal information, the purpose of use, items of personal information provided, the retention and utilization period of personal information shall be notified in advance and individual consent shall be obtained in an explicit manner. In all such processes, the company does not collect additional information against the users' will or share information outside the scope of consent with third parties.

06. Personal information handling consignment

The ‘company’ will entrust the users' personal information to an external expert for service performance or notify the users of the contents of consignment work or trustee changes in advance. Further, we will clearly stipulate the service provider's personal information protection-related instructions, confidentiality of personal information, prohibition of third-party provision, liability in case of accident, and obligation to return or destroy personal information upon the end of the consignment period to protect the users' rights and interests.The ‘company’ does not entrust personal information collected from users to third parties. In case of future consignment, the user is notified in advance and if necessary, prior consent is obtained.

07. Rights of the users and legal representatives and their methods of exercise

① The user may request access to his or her personal information and error correction at all times, and the company shall take necessary actions without delay. In addition, the company does not use the information until the error correction request is made.

(1) The procedure for requesting information subject request procedure.

· Preparation of information subject requirements (written, telephone, e-mail, FAX, etc.) → receipt of eromnet → decision (reading, correction, deletion, processing suspension) → preparation of result notice → review and approval → notification to the information subject.

② In addition, if you contact the company's customer center (02-2088-7011) or visit the company, you can confirm that you are the user and apply for an access, change, or withdrawal of membership.

③ We do not collect personal information of children under the age of 14 (the children under the age of 14). However, if personal information needs to be collected, the consent of the legal representative must be sought. The company may request minimal information, such as the name and contact number of the legal representative from the child, and the legal representative of the child may request access, correction or deletion of the child's personal information through written, telephone, e-mail or FAX. If such request is made, the company shall take necessary actions without delay.

④ Access restrictions or refusal may be made for the following reasons.

(1) In cases where access is prohibited or restricted by law

(2) In the case where there is a fear of harming another person's life and body, or us who unfairly infringe on another person's property and other interests

08. Measures to secure personal information security

The company is taking the following steps to secure the stability of personal information.

1) Management measures: Establishing and implementing an internal management plan, regular employee training, etc.

2) Technical measures: management of access authority, installation of access control system, encryption of unique identification information, and installation of security program

3) Physical actions: Access control of the computer room, data storage, etc.

09. Matters concerning the installation, operation, and refusal of the automatic collection of personal information

The ‘company’ installs and operates 'cookies' that store and retrieve user information from time to time. Cookies are small text files that are sent to the user's browser by the server used to run the company's website and are stored on the user's computer hard disk. The company uses cookies, etc. for the following purposes

① Purpose of use such as cookies

(1) Target marketing and personalization services are provided by analyzing the frequency of access and time of visit of users to identify the users' tastes and interests, tracking their own experiences, and identifying the degree of participation in various events and the recall of visits.

(2) The user has the option of installing cookies. Therefore, you can allow all cookies by setting options in your web browser, check every time cookies are saved, or refuse to save them.

③ However, if the user refuses to install cookies, it may be difficult to provide the service.

10. Civil Service on Personal Information

The company designates a person in charge of personal information management and a person in charge of personal information management as follows in order to protect users' personal information and handle complaints related to personal information.

Personal Information Management Officer: Lee Shin-woo
Department: Strategic Business Department
TEL: 070-2088-7011
E-Mail: shinwoo.l@eromnet.com

Person in charge of personal information management: Choi Young-min
Department: IT Infrastructure Security Office
TEL: 070-2088-7011
E-Mail: privacy@eromnet.com

You can report all personal information protection related complaints that arise from using the company's service to the person in charge of personal information management or the department in charge. The company will quickly and fully respond to the users' reports.

11. Duty of Notice

If there are any additions, deletions or modifications to the current privacy policy, we will notify you through the notice on the website at least seven days before the revision.

Additional Clause

This Privacy Policy is effective from September 02, 2022.