Sammypick Co., Ltd. (the "Company") establishes and discloses this privacy policy pursuant to Article 30 of the Personal Information Protection Act to protect members' personal information and to handle related inquiries promptly and smoothly.
Apart from the items listed below, the Company does not process any personal information.
① Profile image and nickname information registered on an optional basis
② General device information (OS information, device model information)
③ FCM (Firebase Cloud Messaging) token information for push notifications
The Company processes personal information for the following purposes and will not use it for any purposes other than those stated below.
① Performance of contracts for service provision, provision of additional services, and member management
② Development of new services and use for marketing and advertising
③ Service announcements and notifications
① When collecting personal information from the data subject, the Company processes and retains such personal information within the retention/use period consented to by the data subject or within the period permitted by applicable laws.
② Specific retention and processing period:
a. Membership registration and management: 3 years or until membership is terminated
Data subjects may exercise the following rights regarding personal information at any time:
① Request to access personal information
② Request correction if there are errors
③ Request deletion
④ Request suspension of processing
In principle, the Company promptly destroys personal information once the purpose of collection and processing has been achieved. The Company's procedures and methods for destruction are as follows.
① Procedure for destruction
a. Information entered by members for membership registration, etc., is transferred to a separate database after the purpose has been achieved and stored for a certain period in accordance with internal policies and relevant laws before being destroyed.
b. The above personal information will not be used for purposes other than retention unless required by law.
② Methods of destruction
a. Personal information printed on paper is shredded by a shredder or incinerated.
b. Personal information stored in electronic file form is deleted using technical methods to prevent its restoration.
③ Destruction timeline
When the retention period of a user's personal information has expired, it will be destroyed on the 1st day of the month following the end date of the retention period. When personal information becomes unnecessary due to the achievement of the processing purpose, discontinuation of the relevant service, termination of business, or similar reasons, it will be destroyed within 5 days from the date it is deemed unnecessary.
The Company implements technical and managerial measures to ensure the security of personal information so that it is not lost, stolen, leaked, altered, or damaged during processing.
① Technical measures
a. The Company uses encrypted communication to safely transmit personal information over networks.
b. The Company strives to prevent the leakage or damage of personal information due to hacking or computer viruses.
c. The Company regularly backs up data to prevent damage to personal information and uses the latest antivirus programs to protect against computer viruses.
d. The Company continually enhances security by implementing access controls, permission management, and vulnerability assessments for its systems.
② Managerial measures
a. The Company limits access to personal information to the minimum number of personnel.
b. The Company provides regular training to personal-information handlers on their protection obligations.
c. A dedicated department checks compliance with this privacy policy and internal regulations, and any issues identified are promptly corrected.
d. The Company is not responsible for damages caused by the data subject's negligence or incidents occurring in areas not managed by the Company.
① The Company designates the following person as the Personal Information Protection Officer, who is responsible for overseeing personal information processing and addressing complaints and remedies related to personal information.
▶ Personal Information Protection Officer
② For any inquiries, complaints, or requests for remedies related to personal information arising from the Company's services (or business), please contact the Personal Information Protection Officer. The Company will respond and handle your inquiry without delay.
The Company may provide links to other companies' websites. This privacy policy does not apply to the collection of personal information by linked websites.
This privacy policy applies from the effective date below. If there are additions, deletions, or corrections due to changes in laws or policies, the Company will notify you through a notice at least seven (7) days before the changes take effect.
Privacy Policy Version: v1.0