Standard Terms and Conditions of Use and Personal Information Handling Policy

Personal Information Handling Policy


1. Purposes of Collection and Use of Personal Information

We collect personal information in order to provide the internet services related with the provision of font to the members and the collected information are used for the following purposes. All information provided by the users is not used except for the following purposes. When there is a change to the purposes of use, we will obtain the users’ prior consent.


1) Member Management

Identity check due to the use of membership service, confirmation of one’s intent, response to client inquiries, introduction of new information and delivery of notifications

2) Performance of Contract in relation to the Provision of Service and Payment of Fees following the Provision of Service

Identity check, personal identification for the provision of contents and service, purchase and payment of fees, and prevention of improper and unauthorized use

3) Service Development and Use for Marketing and Advertisements

Provision of tailored-service, guidance of service and recommendation for use, understanding of statistics and access frequencies for service improvement and new service development, posting of advertisement in accordance with statistical characteristics, and provision of event information and opportunity to participate therein


2. Items of Collected Personal Information and Method of Collection

In the website, without a separate membership subscription procedure, most of contents can be freely accessed except particular paid services. In case of use of service, essential items need to be inputted. The use of service is not restricted even if selective items are not inputted.


[Membership Subscription Stage]

Classification Items of Collection and Use Purposes of Use
Essential Items

① Common

Name (Business Name), E-mail (ID), Password

② Individual Member

Mobile phone number, connecting information (CI), duplication information (DI), date of birth, and gender

③ Corporate Member

Name of representative, business registration number, business category, business type, name of subscriber, responsible department, and contact details of contact person

④ Member under 14 years old

Parent’s e-mail (in case of under 14 years old), parent’s name (in case of under 14 years old), parent’s contact details (in case of under 14 years old)

Identity check due to the use of membership service, confirmation of one’s intent, confirmation of legal representative’s intent, response to client inquiries, introduction of new information and delivery of notifications

Selective items Set-up of mailing service

[Service Purchase Stage]

Classification Items of Collection and Use Purposes of Use
Essential Items

① Common

Credit card payment: Name of trading party, name of card company, card number, card valid period, credit card company code, and automatic payment key

Bank account transfer: Bank name, account number, and account password, etc.

Mobile phone payment: Name of subscriber, mobile phone number, and payment approval number, etc.

② In case of purchase of student product

Major, school details, class year, student certificate

performance of contract in relation to the provision of service and payment of fees following the provision of service

Selective items N/A

[Service Use Stage]

Classification Items of Collection and Use Purposes of Use
Essential Items

① In case of website or application (CloudBridge) log-in

Log-in time

② In case of log-in at application (CloudBridge)

PC name, MAC Address, PC model name, and PC serial number

③ In case of using the website

IP Address, cookie, date and time of visit, service use record, and record of improper use

④ Moment of action or deactivation of application (CloudBridge) font

List of font used

⑤ In case of using the mobile service

Device model information (information that cannot identify individuals)

identity check, personal identification for the provision of contents and service, purchase and payment of fees, and prevention of improper and unauthorized use

Selective items N/A

[Others]

Classification Items of Collection and Use Purposes of Use
Essential Items

① shipping address and contact details in case of winning promotions or events

Provision of tailored-service, guidance of service and recommendation for use, understanding of statistics and access frequencies for service improvement and new service development, posting of advertisement in accordance with statistical characteristics, and provision of event information and opportunity to participate therein

Selective items N/A

The abovementioned personal information are collected at the time of use of website and service, event application, and fax, mail, phone, and customer center inquiries.


3. Period of Possession and Use of Personal Information

The website possesses and uses the users’ personal information from the date of membership subscription and during the period of provision of service. In case of requesting for membership withdrawal, withdrawing the consent to the collection and use of personal information or where the purposes of collection and use are achieved or the period of use is ended, the personal information shall be destroyed without delay.

However, in the following cases, they shall be preserved for each of the specified ground and period.


1) Where it is necessary to preserve pursuant to the provisions of relevant laws such as the Commercial Act, the transaction details and minimal basic information shall be possessed during the period of preservation under law. In such case, the company shall use the stored information only for the purpose of such storage.

① Records about contract or subscription withdrawal, etc.: 5 years

② Records about money payment and supply of goods, etc.: 5 years

③ Records of handling of customer complaint or dispute: 3 years

④ Records about improper use, etc.: 5 years

2) Where the period of possession was notified in advance and such period of possession is not yet passed and where individual consents were obtained, they shall be possessed during the agreed periods.

3) Where the user does not log-in to the website for 12 months, for the purpose of protection of personal information, the ID may be categorized as a dormant account and the use of relevant account can be suspended. In such case, the company shall notify such fact by 30 days in advance by one of e-mail, writing or SMS. The use of website is possible when the user directly undergoes the process of identity check and expresses his/her intent to re-use the website.


4. Provision and Consignment of Personal Information

The company uses the personal information within the scope notified in the purposes of collection and use of personal information, and it does not use them outside the scope that was consented by the users in advance.


A. Consignment of Handling

For the purpose of service improvement, the company consigns personal information as follows. In case of entering into consignment agreements under the relevant laws, it sets out necessary matters so that personal information can be safely managed. When there are any changes, the company will announce them through the Notifications or the Personal Information Handling Policy.

Consignee Details of Consigned Work Period of Use of Personal Information
KG INICIS Payment through credit card, account transfer, and mobile phone, etc. required for product purchase Until the deadline of storage under the relevant laws
NICE INFORMATION SERVICE Mobile phone certification, i-pin certification, business number certification Not separately stored because it is the personal information that is already in possession of the relevant business

B. In the following cases, the personal information can be provided or used by obtaining the users’ consents through suitable procedures.

1) Partnerships: A change through partnerships shall be notified in advance. In such case, it shall undergo the process of obtaining individual consents; it shall not be provided when there is no consent.

2) Sale and M&A: Where the service provider’s rights and obligations are succeeded or assigned, it shall be notified in advance and the right of choice to withdraw the consent of user’s personal information shall be conferred; provided, however, it shall be an exception in the following cases:

– Where it is based on the relevant laws or where there is an investigation agency’s request pursuant to the procedures and methods set forth in law for the investigation purpose


5. Procedure for Destruction and Method of Destruction of Personal Information

The users’ personal information shall be in principle destroyed without delay when the purposes of collection and use of personal information are achieved. The company’s destruction procedure and method of personal information are as follows.


1) Destruction procedure: The information inputted by the users for the purpose of membership subscription, etc. are transferred to a separate DB after their purposes are achieved (a separate document cabinet in case of papers) and they are destroyed after storage for a certain period pursuant to the grounds of information protection under the internal policies and other relevant laws. The personal information transferred to the separate DB is not used for other purposes except those cases under law.

2) Destruction method: personal information printed on papers shall be destroyed by shredders or incineration. Personal information stored in electronic file forms shall be deleted by using a technical method in which restoration of records is not possible.


6. Users and Legal Representatives’ Rights and Methods of Exercise

1) The users may revise their own information registered in My Cloud > Revision of Member Information at any time.

2) For membership termination (withdrawal from the service), the users may withdraw directly by clicking on the service withdrawal and undergoing the identity check procedure. Alternatively, please contact the personal information manager / responsible officer in writing or by phone or email and it will be handled without delay.

3) In case of children under 14 years old, their legal representatives have the rights to check or revise the children’s personal information and withdraw their consents to the collection and use.

4) Where the users request for correction of errors of personal information, the relevant personal information is not used or provided until the completion of such correction. Moreover, where the incorrect personal information was already provided to a third party, the outcome of handling of correction will be notified to the third party without delay so that such correction can be made.

5) The company handles the personal information that is terminated or deleted pursuant to the users’ request in accordance with that is specified in ‘4. Period of Possession and Use of Personal Information’, and it handles them in a way that they cannot be used for any other purposes.


7. Sandoll’ Efforts for Protection of Personal Information

Sandoll is exercising its best efforts to safely manage the users’ personal information, and it is protecting the personal information at the same level as or higher level than what is required under the Information Communication Network Act and the Personal Information Protection Act.

1) Encryption of Personal Information

The users’ personal information is protected by passwords, and files and various data are protected by a separate security feature through encryption or file lock function.

2) Countermeasures against Hacking, etc.

In order to prevent losses by hacking or computer virus, etc., vaccine programs are regularly updated so that upon the appearance of new viruses, vaccines are applied as soon as they become available and thereby prevent the damage of personal information. The system is installed in an area in which access is controlled to guard against external infiltration, and the infiltration detection system and the weakness analysis system are installed under 24 hours monitoring.

3) Training of Employees Handling Personal Information

The employees to handle personal information are consisted of minimal number of employees. Regular trainings are conducted in relation to acquisition of new security technologies and obligation of personal information protection, and the internal audit procedure is implemented in order to maintain security.

4) Management of ID and Password

The company is exercising its best efforts to protect the users’ personal information; provided, however, the company is not liable for issues arising from the disclosure of personal information such as ID and password, etc. due to the users’ personal negligence and issues arising due to the basic internet risks.


8. Outline of Personal Information Manager and Responsible Officer

Sandoll designated the personal information manager and responsible officer as follows for handling of users’ inquiries and complaints, etc. related to personal information.


Personal Information Manager (CPO) Personal Information Protection Responsible Officer
Name Youn-hong Son Hyun-jin Yoon
Position Executive Director Team Head
E-mail cs@sandoll.co.kr
Phone Number 1688-4001 (10:00 ~ 17:00)

Where you need to report or consult in relation to other personal information infringements, please inquire to the following organizations.

– KISA Personal Information Infringement Report Center (www.118.or.kr / 118 without area code)

– Supreme Prosecutor’s Office High-Tech Crime Investigation Department (www.spo.go.kr / 02-3480-3571)

– National Policy Agency Cyber Terror Response Center (www.ctrc.go.kr / 182 without area code)


9. Methods of Notification of Personal Information Handling Policy

Where there is an addition, deletion and revision of the details of Personal Information Handling Policy, it shall be notified in advance through “Notifications” by at least 7 days prior to the amendment; provided, however, where there occurs a material change to the users’ rights such as changes of items of collected personal information and purpose of use, etc., it shall be notified by at least 30 days in advance; if required, the users’ consents may be re-acquired.


10. Matters relating to Installation/Operation and Refusal of Automatic Collection Device of Personal Information

1) The company through the internet service installs/operates cookies that store and frequently find customers’ information. Cookies are string information, which are sent by web servers to web browsers for storage and sent back to servers when there is an additional request from servers. When the members access the website, one can read the details of cookies in the members’ web browsers and find the additional information and thereby provide the service without additional inputs for access such as names, etc.

2) The information collected by the website through cookies are the same as ‘2. Items of Collected Personal Information and Methods of Collection’ and they are not used for the purposes other than ‘1. Purposes of Collection and Use of Personal Information.’

3) The members have a right of choice in relation to cookie installation.

The users may accept all cookies in “Tools > Internet Option > Privacy > Advanced” at the top end of web browser, require a notice to be sent at the time of installation of cookies, or refuse all cookies; provided, however, where the users refuse the installation of cookies, there can be inconveniences to the use of service or difficulties in the provision of service.


11. Link Websites

This website contains various banners and links. In many cases, it is connected to other website pages and this is based on a contractual relationship with the advertisers or a measure to disclose the source of provided contents. When moving to other website page by clicking on the link contained in this website, the personal information handling policy of the relevant other website is unrelated with this company; thus, please review the policy of the relevant other website in such case.


12. Protection of Personal Information of Non-Members

In the website, even without membership subscription, most of contents except personal information, which are not desired for disclosure, and major information can be perused.


13. Additional Rules

Effective Date: These standard terms and conditions shall be effective from November 23, 2015.

Effective Date: These standard terms and conditions shall be effective from December 13, 2018.