Article 1 (Purpose of Collecting and Using Personal Information) Fandom School Co., Ltd. (hereinafter referred to as "Company") collects the minimum personal information of users for the following purposes. The personal information collected by the user will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be taken. 1. Purposes for member management, including confirmation of membership intention, confirmation of age and consent of legal representative, identification of users and legal representatives, identification of users, maintenance and management of membership, and confirmation of membership withdrawal 2. Service use record, access frequency analysis, statistics on service use, purpose of service improvement 3. Purpose to build a service environment that can be used with confidence in terms of security, privacy, and safety 4. Purposes of identity verification, purchase and payment, supply and delivery of goods and services, etc. 5. Measures such as restrictions on use of members who violate laws and terms of use, prevention and sanctions against activities that interfere with the smooth operation of the service, including acts of fraudulent use, prevention of account theft and fraudulent transactions, and amendment of terms and conditions. For the purpose of protecting users and operating services, such as disseminating notices, preserving records for dispute settlement, and handling complaints Article 2 (Personal Information Collected) ① The Company collects the following personal information items from the user at the time of initial membership. Email, Password, and Device Identification Number (Device ID or IMEI, Mac Address, etc.) ② The company may collect the following information from users in the process of providing the service. Service usage record, access log, cookie, access IP information, payment record, device information, location information, etc. Article 3 (Methods of Collecting Personal Information) The company collects personal information through the following methods. 1.When the user agrees to the collection of personal information and directly inputs it during the registration and service use process 2. Automatically generated and collected by running or using the program in the process of using the service 3. Collected via e-mail or phone during the consultation process through the customer center Article 4 (Rights, duties and exercise methods of the information subject) ① The information subject may exercise his / her right for protection of personal information at any time with respect to the company. 1. Request for access to personal information 2. Request for correction in case of error 3. Delete request 4. Processing stop request ② The rights in the preceding paragraph can be exercised in writing, e-mail or facsimile (FAX) in accordance with Form 8 of the Enforcement Rule of the Personal Information Protection Act. ③ The exercise of rights in the preceding 2 paragraph can be done through the legal representative of the information subject or a person authorized by the information subject. In this case, another power of attorney must be submitted in Form 11 of the Enforcement Rule of the Personal Information Protection Act. However, if it is difficult to verify the identity of the information subject and the legal representative, the company may refuse to exercise the right through the agent. Article 5 (Period of Retention and Use of Personal Information) In principle, the company will destroy the user's personal information without delay when the purpose of collecting and using personal information is achieved. However, personal information may be kept for a certain period of time if it is necessary to preserve it in accordance with the relevant laws or internal policies. 1. In case of storage in accordance with the provisions of related laws end. Personal information related to the use of the service (service visit history) Basis for preservation: Protection of Communications Secrets Act Retention period: 3 months I. Record on display / advertisement Basis for Conservation: Act on Consumer Protection in Electronic Commerce, etc. Retention period: 6 months All. Record of contract or withdrawal Basis for Conservation: Act on Consumer Protection in Electronic Commerce, etc. Retention period: 5 years la. Record of payment and supply of goods, etc. Basis for Conservation: Act on Consumer Protection in Electronic Commerce, etc. Retention period: 5 years hemp. Records of consumer complaints or disputes Basis for Conservation: Act on Consumer Protection in Electronic Commerce, etc. Retention period: 3 years bar. Records on Electronic Financial Transactions Basis for retention: Electronic Financial Transactions Act Retention period: 5 years four. Records about personal location information Basis for retention: Act on the Protection and Use of Location Information Retention period: 6 months 2. When storing according to company internal policy end. For CS processing of withdrawn members I. Service Abuse Record Article 6 (Handling of Personal Information Related to Prizes) 1. Items of personal information collected The company collects minimal personal information for events or promotions. Collected Items: Collect personal information that the visitor agrees to collect the information of the company and submits for the event application and delivery request such as name, contact and address 2. Purpose of collection of personal information by item -Name, phone number: For the purpose of sending the prize and the correct delivery address when delivering to the address -Address: Ensure the correct shipping address for the prize delivery -Other items: Materials to provide personalized service 3. Processing and retention period of personal information Personal information provided by visitors to the event will be kept only during the event and promotion period, and will be destroyed within 3 months after the purpose of collecting and using the personal information is reached (end of event). 4. Destruction procedure and method of personal information -Target of destruction: Visitor information whose retention period has expired under the retention period and related laws -Method of destruction: Destroy personal information written and printed on paper (written) by shredding or incineration. -Personal information stored in the form of electronic files such as DB: Deleted by technical method that cannot be played, and comments including personal information are deleted. 5. Receipt of Prizes Prizes will be notified by text on the mobile phone you entered during the event, and the item's retention period is 90 days after the end of the event. Article 7 (Destruction of Personal Information) The company's procedures for destroying user's personal information are as follows. 1. Destruction procedure The information entered by the user for the use of the service will be destroyed after being stored for a certain period in accordance with the relevant laws and company internal policies after the purpose of use is achieved. The personal information will not be used for purposes other than the purpose of storage unless required by law. 2. How to destroy Personal information printed on paper is shredded or incinerated by a shredder, and personal information recorded and stored in the form of an electronic file is destroyed using a technical method so that the record cannot be reproduced. Article 8 (Provide Third Party of Personal Information) The Company will not provide the personal information of the user to third parties unless the user's consent or the law stipulates. Article 9 (Measures to Ensure the Safety of Personal Information) The Company takes the following measures to ensure the stability of personal information pursuant to Article 29 of the Personal Information Protection Act. 1. Technical measures against hacking The company installs security programs, periodically updates and checks the system, and installs the system in areas where access is controlled from outside, and technically and physically monitors and blocks it in order to prevent leakage or damage of personal information due to hacking or computer viruses. 2. Encryption of personal information The user's personal information is stored and managed by encrypting the password, so only the user can know it, and important data uses separate security functions such as encrypting files and transmission data or using file locking. 3. Storage of access records and prevention of forgery and alteration We keep and manage the records of access to the personal information processing system for at least 6 months and use the security function to prevent the access records from being forged, altered, stolen or lost. 4. Restricting Access to Personal Information We take necessary measures to control access to personal information by granting, modifying and erasing the access right to the database system that handles personal information, and control unauthorized access from outside by using intrusion prevention system. Article 10 (Personal Information Protection Officer and Department in Charge) The company operates personal information protection officers and departments as follows to protect personal information of users and to handle inquiries and complaints related to personal information. Protection Officer: Myung Jae Hyuk Department in charge: Privacy Protection Part Contact: Customer Center (02-2294-0128) Article 11 (Revision of Personal Information Processing Policy) If you add, delete or modify the contents of this Privacy Policy, you will be notified or notified at least 7 days prior to the effective date through the 'Notice'. However, when significant changes in user's rights occur, such as the collection and use of personal information and the purpose of use change, we will notify or notify at least 30 days before the effective date. September 11, 2018 Privacy Policy Announcement September 11, 2018 Enforcement of Privacy Policy Fandom School Privacy Policy