Privacy policy

Sandoll Inc. ("the company") values the protection of users' personal information and complies with the "Personal Information Protection Act" and related laws to process personal information legally and manage it securely. The company has established and disclosed this personal information processing policy to guide the procedures and standards for processing personal information according to the "Personal Information Protection Act" and to handle related grievances quickly and smoothly.

1. Purposes of Collection and Use of Personal Information

We collect personal information in order to provide the internet services related with the provision of font to the members and the collected information are used for the following purposes. All information provided by the users is not used except for the following purposes. When there is a change to the purposes of use, we will obtain the users’ prior consent.

1) Member Management

Identity check due to the use of membership service, confirmation of one’s intent, response to client inquiries, introduction of new information and delivery of notifications

2) Performance of Contract in relation to the Provision of Service and Payment of Fees following the Provision of Service

Identity check, personal identification for the provision of contents and service, purchase and payment of fees, and prevention of improper and unauthorized use

3) Service Development and Use for Marketing and Advertisements

Provision of tailored-service, guidance of service and recommendation for use, understanding of statistics and access frequencies for service improvement and new service development, posting of advertisement in accordance with statistical characteristics, and provision of event information and opportunity to participate therein

2. Items of Collected Personal Information and Method of Collection

In the website, without a separate membership subscription procedure, most of contents can be freely accessed except particular paid services. In case of use of service, essential items need to be inputted. The use of service is not restricted even if selective items are not inputted.

※ The mobile phone number is a mobile phone number certified by NICE Information Service.

[Membership Subscription Stage]

Classification	Items of Collection and Use	Purposes of Use
Essential Items	① Common Name (Business Name), E-mail (ID), Password ② SNS Account Easy Login Email, login identification value (Apple, Google), nickname ② Individual Member Mobile phone number, connecting information (CI), duplication information (DI), date of birth, and gender ③ Corporate Member Name of representative, business registration number, business category, business type, name of subscriber, responsible department, and contact details of contact person ④ Member under 14 years old Parent’s e-mail (in case of under 14 years old), parent’s name (in case of under 14 years old), parent’s contact details (in case of under 14 years old)	Identity check due to the use of membership service, confirmation of one’s intent, confirmation of legal representative’s intent, response to client inquiries, introduction of new information and delivery of notifications
Selective items	Set-up of mailing service

[Service Purchase Stage]

Classification	Items of Collection and Use	Purposes of Use
Essential Items	① Common Credit card payment: Name of trading party, name of card company, card number, card valid period, credit card company code, and automatic payment key Bank account transfer: Bank name, account number, and account password, etc. Mobile phone payment: Name of subscriber, mobile phone number, and payment approval number, etc. ② In case of purchase of student product Major, school details, class year, student certificate Corporate information: Company name, representative's name, business registration number, type of business, industry, postal code, address Personal information: Name, department, email, mobile phone number ④ When processing refunds Bank account, account number, account holder's name, email	performance of contract in relation to the provision of service and payment of fees following the provision of service
Selective items	N/A

[Service Use Stage]

Classification	Items of Collection and Use	Purposes of Use
Essential Items	① In case of website or application (SandollCloud APP) log-in Log-in time ② In case of log-in at application (SandollCloud APP) PC name, MAC Address, PC model name, and PC serial number ③ In case of using the website IP Address, cookie, date and time of visit, service use record, and record of improper use ④ When using Webfont (SandollCloud Webfont) service Domain Address, Development Server IP Address, Font Usage List, Cookies ⑤ Moment of action or deactivation of application (SandollCloud APP) font List of font used ⑥ In case of using the mobile service Device model information (information that cannot identify individuals) ⑦ When converting from a personal member to a student member Student category, school name, major, (for university students) grade and semester, student identification (youth card, school ID, certificate of enrollment, etc.) ※When converting with a Kakao Talk student ID, school name and enrollment status are collected from the Kakao Talk student ID verification information.	identity check, personal identification for the provision of contents and service, purchase and payment of fees, and prevention of improper and unauthorized use
Selective items	N/A

[Non-member Service Usage Stage]

Classification	Items of Collection and Use	Purposes of Use
Essential Items	① Application guest login time ② PC name, MAC Address, OS version during application guest login	For service improvement and development of new services, to gather statistics and access frequency

[Others]

Classification	Items of Collection and Use	Purposes of Use
Essential Items	① shipping address and contact details in case of winning promotions or events	Provision of tailored-service, guidance of service and recommendation for use, understanding of statistics and access frequencies for service improvement and new service development, posting of advertisement in accordance with statistical characteristics, and provision of event information and opportunity to participate therein
Selective items	N/A

[Inquiries Related to Partnerships and Advertising]

Classification	Items of Collection and Use	Purposes of Use
Essential Items	Company name, category (marketing/business/other partnerships), contact person's name, position, contact information, email, content	For conducting partnership and advertising tasks, customer management
Selective items	Main services/products, website address, brochures and proposals	For conducting pre-investigation for partnership and advertising tasks, customer management

2) The company can collect personal information in the following ways:

- Website, service usage, event entry, fax, mail, phone, customer service inquiries, Google Forms

3. Period of Possession and Use of Personal Information

The website possesses and uses the users’ personal information from the date of membership subscription and during the period of provision of service. In case of requesting for membership withdrawal, withdrawing the consent to the collection and use of personal information or where the purposes of collection and use are achieved or the period of use is ended, the personal information shall be destroyed without delay.

However, in the following cases, they shall be preserved for each of the specified ground and period.

1) Where it is necessary to preserve pursuant to the provisions of relevant laws such as the Commercial Act, the transaction details and minimal basic information shall be possessed during the period of preservation under law. In such case, the company shall use the stored information only for the purpose of such storage.

① Records about contract or subscription withdrawal, etc.: 5 years

② Records about money payment and supply of goods, etc.: 5 years

③ Records of handling of customer complaint or dispute: 3 years

④ Records about improper use, etc.: 5 years

2) Where the period of possession was notified in advance and such period of possession is not yet passed and where individual consents were obtained, they shall be possessed during the agreed periods.

4. Provision and Consignment of Personal Information

The company uses the personal information within the scope notified in the purposes of collection and use of personal information, and it does not use them outside the scope that was consented by the users in advance.

A. Consignment of Handling

For the purpose of service improvement, the company consigns personal information as follows. In case of entering into consignment agreements under the relevant laws, it sets out necessary matters so that personal information can be safely managed. When there are any changes, the company will announce them through the Notifications or the Privacy Policy.

Consignee	Details of Consigned Work	Period of Use of Personal Information
KG INICIS	Payment through credit card, account transfer, and mobile phone, etc. required for product purchase	Until the deadline of storage under the relevant laws
NICE INFORMATION SERVICE	Mobile phone certification, i-pin certification, business number certification	Not separately stored because it is the personal information that is already in possession of the relevant business
Stibee	Send Email	Until membership withdrawal or termination of consignment contract
Sejong Telecom	SMS, Send Notification Talk	Until membership withdrawal or termination of consignment contract
Channel Corporation	Customer consultation system operation	Until membership withdrawal or termination of consignment contract

B. In the following cases, the personal information can be provided or used by obtaining the users’ consents through suitable procedures.

1) Partnerships: A change through partnerships shall be notified in advance. In such case, it shall undergo the process of obtaining individual consents; it shall not be provided when there is no consent.

2) Sale and M&A: Where the service provider’s rights and obligations are succeeded or assigned, it shall be notified in advance and the right of choice to withdraw the consent of user’s personal information shall be conferred; provided, however, it shall be an exception in the following cases:

– Where it is based on the relevant laws or where there is an investigation agency’s request pursuant to the procedures and methods set forth in law for the investigation purpose

5. Procedure for Destruction and Method of Destruction of Personal Information

The users’ personal information shall be in principle destroyed without delay when the purposes of collection and use of personal information are achieved. The company’s destruction procedure and method of personal information are as follows.

1) Destruction procedure: The information inputed by the users for the purpose of membership subscription, etc. are transferred to a separate DB after their purposes are achieved (a separate document cabinet in case of papers) and they are destroyed after storage for a certain period pursuant to the grounds of information protection under the internal policies and other relevant laws. The personal information transferred to the separate DB is not used for other purposes except those cases under law.

2) Destruction method: personal information printed on papers shall be destroyed by shredders or incineration. Personal information stored in electronic file forms shall be deleted by using a technical method in which restoration of records is not possible.

6. Users and Legal Representatives’ Rights and Methods of Exercise

1) The users may revise their own information registered in My Cloud > Revision of Member Information at any time.

2) For membership termination (withdrawal from the service), the users may withdraw directly by clicking on the service withdrawal and undergoing the identity check procedure. Alternatively, please contact the personal information manager / responsible officer in writing or by phone or email and it will be handled without delay.

3) In case of children under 14 years old, their legal representatives have the rights to check or revise the children’s personal information and withdraw their consents to the collection and use.

4) Where the users request for correction of errors of personal information, the relevant personal information is not used or provided until the completion of such correction. Moreover, where the incorrect personal information was already provided to a third party, the outcome of handling of correction will be notified to the third party without delay so that such correction can be made.

5) The company handles the personal information that is terminated or deleted pursuant to the users’ request in accordance with that is specified in ‘4. Period of Possession and Use of Personal Information’, and it handles them in a way that they cannot be used for any other purposes.

6) Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.

7) Users must enter their personal information accurately and up to date, and notify the company in case of changes. Users themselves are responsible for any issues arising from entering inaccurate information or not notifying the company about changes.

7. Protection of Children's Personal Information and Rights and Methods of Legal Representatives

The company is equipped with the following mechanisms to protect the personal information of children under 14 years of age.

1) Consent from parents or legal guardians is obtained when collecting personal information of children under 14.

2) The company does not provide or share information about children under 14 to third parties without the consent of legal guardians.

3) The method of consent includes writing down the name, social security number, contact information of the legal guardian, and is conducted according to the law. The information of the legal guardian is used for consent verification purposes.

4) For children under 14, legal guardians have the right to view or modify the child's personal information, and the right to withdraw consent for collection and use.

5) If the legal guardian of a child under 14 requests correction of errors in the collected personal information, the company will prohibit the use and provision of that personal information until the error is corrected.

6) Children under 14 will not be sent email format advertisements or proposals without consent, nor will they be induced to disclose more information through games, prizes, and events.

7. Sandoll’ Efforts for Protection of Personal Information

Sandoll is exercising its best efforts to safely manage the users’ personal information, and it is protecting the personal information at the same level as or higher level than what is required under the Information Communication Network Act and the Personal Information Protection Act.

1) Encryption of Personal Information

The users’ personal information is protected by passwords, and files and various data are protected by a separate security feature through encryption or file lock function.

2) Countermeasures against Hacking, etc.

In order to prevent losses by hacking or computer virus, etc., vaccine programs are regularly updated so that upon the appearance of new viruses, vaccines are applied as soon as they become available and thereby prevent the damage of personal information. The system is installed in an area in which access is controlled to guard against external infiltration, and the infiltration detection system and the weakness analysis system are installed under 24 hours monitoring.

3) Training of Employees Handling Personal Information

The employees to handle personal information are consisted of minimal number of employees. Regular trainings are conducted in relation to acquisition of new security technologies and obligation of personal information protection, and the internal audit procedure is implemented in order to maintain security.

4) Management of ID and Password

The company is exercising its best efforts to protect the users’ personal information; provided, however, the company is not liable for issues arising from the disclosure of personal information such as ID and password, etc. due to the users’ personal negligence and issues arising due to the basic internet risks.

8. Outline of Personal Information Manager and Responsible Officer

Sandoll designated the personal information manager and responsible officer as follows for handling of users’ inquiries and complaints, etc. related to personal information.

	Personal Information Manager (CPO)	Personal Information Protection Responsible Officer
Name	Hyuk Lee	Hyun-jin Yoon
Position	Vice president	Team Head
E-mail	cs@sandoll.co.kr
Phone Number	1688-4001 (10:00 ~ 17:00)

Where you need to report or consult in relation to other personal information infringements, please inquire to the following organizations.

- Personal Information Dispute Mediation Committee (https://www.kopico.go.kr/ 1833-6972)

– KISA Personal Information Infringement Report Center (www.118.or.kr / 118 without area code)

– Supreme Prosecutor’s Office High-Tech Crime Investigation Department (www.spo.go.kr / 02-3480-3571)

– National Policy Agency Cyber Terror Response Center (www.ctrc.go.kr / 182 without area code)

10. Matters relating to Installation/Operation and Refusal of Automatic Collection Device of Personal Information

1) The company through the internet service installs/operates cookies that store and frequently find customers’ information. Cookies are string information, which are sent by web servers to web browsers for storage and sent back to servers when there is an additional request from servers. When the members access the website, one can read the details of cookies in the members’ web browsers and find the additional information and thereby provide the service without additional inputs for access such as names, etc.

2) The information collected by the website through cookies are the same as ‘2. Items of Collected Personal Information and Methods of Collection’ and they are not used for the purposes other than ‘1. Purposes of Collection and Use of Personal Information.’

3) The members have a right of choice in relation to cookie installation.

11. Link Websites

This website contains various banners and links. In many cases, it is connected to other website pages and this is based on a contractual relationship with the advertisers or a measure to disclose the source of provided contents. When moving to other website page by clicking on the link contained in this website, the Privacy Policy of the relevant other website is unrelated with this company; thus, please review the policy of the relevant other website in such case.

12. Protection of Personal Information of Non-Members

In the website, even without membership subscription, most of contents except personal information, which are not desired for disclosure, and major information can be perused.

13. Changes and Notices of Personal Information Processing Policy

1) This personal information processing policy will be applied from Feb. 26, 2024.

2) If there are additions, deletions, or modifications to this personal information processing policy, a prior notice will be given through 'Notices' at least 7 days before the revision.

13. Additional Rules

Announcement Date: February 6, 2023

Implementation Date: February 26, 2024

Previous personal information processing policies can be checked below.

Effective Date: These standard terms and conditions shall be effective from November 23, 2015.

Effective Date: These standard terms and conditions shall be effective from December 13, 2018.

Effective Date: These standard terms and conditions shall be effective from November 27, 2020.

Effective Date: These standard terms and conditions shall be effective from May 03, 2021.

Effective Date: These standard terms and conditions shall be effective from November 26, 2021.

Effective Date: These Terms and Conditions will take effect on February 13, 2023.

Effective date: These terms are effective from June 19, 2023.

Effective Date: These terms are effective from November 29, 2023.

Effective Date: These terms are effective from January 9, 2024.

Effective Date: These terms are effective from February 26, 2024.