PRIVACY POLICY
Effective Date: July 6, 2023
DOBBY CANVAS Co., Ltd. (hereinafter "the Company"), which operates the Dobby Canvas(www.dobby-canvas.com), complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. pursuant to its provisions.
The Company has the following processing policy for personal information to protect the User's personal information, rights, and interests, and to efficiently process the User's personal information grievances in accordance with the Personal Information Protection Act and other relevant laws of the Republic of Korea.
If the Personal Information Processing Policy is amended in the future, such an amendment will be notified publicly through the website (or by individual notice).
Article 1 (The Purpose for which Personal Information is Processed)
The Company extends its best efforts under the policy for personal information to be securely protected and stored so that no rights and interests are infringed. Personal information is utilized for purposes such as membership registration, efficient customer service, and the provision of paid services; the purpose of the Personal Information Processing Policy is to provide full transparency on personal information, such as what information the Company collects, how such collected information is used, when it is shared ("outsourced or provided") as needed and with whom, and when and how information is destroyed when the purpose of its use is achieved. If any relevant Personal Information Processing Policy is amended, such as by changes to the Terms of Service or the collection of additional personal information etc., accessible and comprehensible notice of such amendment will be given publicly on the web site, or individually by email.
Article 2 (The Particulars of Personal Information to Be Collected, and Means of Collection)
The Company collects members' personal information for membership registration and the provision of services; the particular of collected information and the means of collection are as follow:
1. The particulars of personal information to be collected
1. At initial membership registration, the Company collects the following minimum particulars of personal information as required information:
• Email address, name
2. The following information may additionally be collected in the course of service usage or customer service:
• Service usage information: Inquirer information (name, email address), IP address, cookie, date and time of visit, service usage record, abnormal usage record, browser information, operating system (OS) information, device information, MAC address, etc.
2. Means of Collecting Personal Information
1. The Company collects personal information with the following means:
• Website, email, event entries, customer service tool
• Provision by a partner or a third party in a service partnership
Article 3 (The Purpose of Personal Information Collection and Usage)
The Company will use members' personal information collected through membership registration for the following specified purposes:
1. Member Management
1. Provision and improvement of services, member identification, limitations placed on the usage of members who violated the terms of service, sanctions on activities that hinder the operation of services and on illegitimate uses of the service, confirmation of the intention to join, limitations on registration and the number of registrations, confirmation of a legal representative's consent if the personal information of a child under 14 is collected, confirmation of the legal representative's identity after the fact, preservation of records for mediation of conflicts, processing of complaints such as grievances, transmission of notice, confirmation of the intention to withdraw membership etc.
2. Usage in the development of new services, marketing, and advertisement
1. The development of new services and the provision of customized services, the provision of services and display of ads in accordance with statistical characteristics, confirming service validity, the provision of information on company and partner events and of opportunities to participate, provision of promotional information, identification of access frequency, statistical analysis of members' service usage etc.
3. Performance of contracts on the provision of services and settlement of fees for the provision of paid services
1. Provision of paid services, the provision of specific customized services, billing for paid services, payment for purchases and fees, identity authentication, shipping or mailing of goods or bills etc., fee collection etc.
4. Preservation and submission as evidence in legal disputes etc.
5. Provision of sales reports and royalty payments
Article 4 (Consent to the Collection of Personal Information)
The Company shall display the Personal Information Processing Policy so that members can verify it to their satisfaction on joining, and configure the environment so that they sign up after giving their consent. All members who have registered membership are deemed to have consented to the entirety of the personal information collection procedure and purpose of use above.
Article 5 (The Period for Retaining and Using Personal Information)
The Company processes and retains personal information during the period for retaining and using personal information in accordance with law, or the period for retaining and using personal information to which the data subject consented at the time the personal information was collected.
Each piece of personal information is processed and retained for the following periods:
1. Records related to cancellation of contracts or subscriptions etc.: Five (5) years (Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, Etc., Article 6)
2. Records related to payment for and supply of goods, etc.: Five (5) years (Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, Etc., Article 6)
3. Records relating to resolution of consumer complaints or disputes: Three (3) years (Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, Etc., Article 6)
4. Records related to marks and advertisements: Six (6) months (Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, Etc., Article 6)
5. Website visitation record: Three (3) months (Enforcement Decree of the Protection of Communications Secrets Act, Article 41)
6. Even without a basis for the retention of personal information in the relevant law, the Company may otherwise retain personal information to prevent material loss to itself, or when obligated to do so for criminal trial, litigation etc.; provided that such retention shall be for the minimum period and particulars necessary to achieve such purpose.
1. Identifying information to prevent repeat registration if membership was withdrawn; or
2. Identifying information to refuse transactions to persons whose membership was removed under the Terms of Service.
7. In accordance with the validity period of personal information, the Company will separate out for retention or destroy the personal information of members who have not used the service for one (1) year, and the separately retained personal information will be destroyed without delay after four (4) years of retention. The member will be notified by email about this separate retention or destruction by thirty (30) days prior to the expiration of the one-year period above, that the personal information will be separately retained or destroyed, the date on which the period expires, the particulars of the personal information to be destroyed etc.
8. Accounting documents on the payment and transfer of royalties and their details will be retained in accordance with the periods provided for in the relevant law such as the Commercial Act, the Framework Act on National Taxes etc.
Article 6 (Procedures and Methods for Destroying Personal Information)
As a rule, the Company destroys personal information without delay when the purpose of processing it has been achieved. The procedure and method for such destruction is as follows:
1. Destruction procedure
1. Information entered by the User is transferred to a separate database (a different document if on paper) after the purpose is achieved, then destroyed immediately or after retention for a certain period in accordance with internal policy and relevant law. The personal information transferred to the database at this time is not used for any other purpose unless by law.
2. Method of destruction
1. Technical means are used on records in electronic file form to make the record irretrievable.
2. Personal information printed on paper will be shredded by a shredder or destroyed by burning.
Article 7 (The Provision of Personal Information)
As a rule, the Company shall not provide the User's personal information outside the Company; provided that exceptions apply as follow:
1. The Users gave advance consent;
2. Where the information is necessary for statistics, scientific research, or market research, and is provided in a form from which specific individuals cannot be identified;
3. Causes relating to the assignment, merger etc. of business arise (provided that if User personal information must be transferred for cause relating to the assignment of business etc., the Company will give advance notice on the fact of the personal information transfer etc. in accordance with the procedures and methods provided for in the relevant law, and the User will be given the right to withdraw consent to the transfer of personal information); or
4. Where it is in accordance with legal provisions, or an investigative agency requests it for investigative purposes.
Article 8 (Outsourcing of Personal Information)
1. The Company outsources the work of processing personal information as follows for the purpose of efficient personal information work:
Outsourcee Outsourced Work
Amazon Web Service (AWS) The provision of cloud IT infrastructure
Nice payments Credit card payment service
Kakaopay Simple payment service (Korea)
PayPal Simple payment service (Global)
Creator, GDN, DDN, Facebook, LinkedIn User-customized advertisement
1. The Company, in contracting to outsource, specifies in documentary form such as in the contract the prohibition against processing personal information outside the purpose of performing the outsourced work, technical and managerial safeguards, restrictions on sub-outsourcing, management and supervision of the outsourcee, and matters of liability such as the compensation of damage, and supervises the safe processing of personal information by the outsourcee in accordance with Article 26 of the Personal Information Protection Act.
2. If the outsourced work or outsourcee under this Personal Information Processing Policy is modified, the Company will disclose such change through this Personal Information Processing Policy without delay.
Article 9 (The Rights of the User and Their Legal Representative, and Means of Their Exercise)
1. The User and their legal representative may at any time inquire or modify the User's own registered personal information, and may request termination of membership. If an email applying for withdrawal of membership is sent to the customer service center, the withdrawal will be processed after verifying personal identity.
2. The Company will process the personal information terminated or deleted at the request of the User or their legal representative as specified in Article 5. The Period for Retaining and Using Personal Information, and will process it so that it cannot be perused or used for any other purpose.
3. If the right under Paragraph 1 is exercised through an agent such as a legal representative, documentation such as a Power of Attorney must be furnished and submitted to the Company.
4. The request to peruse and to cease the processing of personal information may be limited by Articles 35 (4) and 37 (2) of the Personal Information Protection Act, while the request to correct or delete may be refused if such personal information is prescribed as subject to collection in another law.
Article 10 (The Installation, Operation, and Removal of a Personal Information Automatic Collection Tool)
Dobby Canvas uses cookies to store, and from time to time load, usage information for the provision of individual customized services.
A cookie is a small amount of information sent to the User's computer browser by a server (http) used to operate a website, and may be stored in the hard disk of Users' personal computers.
1. The purpose of cookies: Identifies the services visited by the User, aspects of the User's visits to and uses of services and websites, popular search keywords, whether access was secure etc. to provide optimized information to the User.
2. The installation, operation, and refusal of cookies: The User can refuse cookie storage by configuring options in the Tools > Internet Options > Personal Information menu at the top of their web browser.
3. Refusing cookie storage may cause difficulties in the use of services.
Article 11 (Personal Information Safeguards)
The Company takes the following technical, managerial, and physical measures necessary to ensure safety in accordance with Article 29 of the Personal Information Protection Act:
1. Minimization of employees who handle personal information, and their training
1. The Company implements measures to designate employees who handle personal information and minimizing them to persons in charge for the management of personal information.
2. Technical policies in case of hacking etc.
1. The Company installs security software to prevent the leakage of and damage to personal information from hacking, computer viruses etc., regularly updates and inspects such software, installs systems in areas where access from the outside is restricted, and keeps them under technical and physical surveillance and blocks.
3. Encryption of personal information
1. User login is processed via social login services such as Google. Thus, user passwords are neither exposed nor saved. Login info will be protected safely.
2. All data communications are processed via encrypted protocols.
4. Limited access to personal information
1. Measures are being taken to limit access to personal information through the grant, modification, and expungement of authority to access database systems to process personal information, and an infiltration blocking system controls unauthorized access from the outside.
Article 12 (Notice of Changes to the Personal Information Processing Policy)
The above Personal Information Processing Policy applies from the date of its implementation; if there are additions, deletions, or corrections to the modifications in accordance with law and policy, public notice of such change will be given at least seven (7) days before implementation.
Article 13 (Privacy Officers and Persons Responsible)
This Company has designated a privacy officer as follows to be responsible for overall personal information processing work, and for the processing of data subject grievances and relief for damage etc. in relation to the processing of personal information:
1. Department responsible for personal information management: Customer Service Team
2. Email: contact@dobby-canvas.com
3. Name of privacy officer: Jina Lee
1. Telephone number: +82-70-8866-1024
2. Email: contact@dobby-canvas.com
You may inquire with the Privacy Officer and responsible department for all inquiries, grievances, relief for damage etc. arising from the use of the Company and the Company's services (Dobby Canvas).
If you otherwise require reporting or consultation on the infringement of personal information, please inquire with the following bodies:
• Personal Information Infringement Report Center (https://privacy.kisa.or.kr/kor/main.jsp / 118 without area code)
• The Cybercrime Investigation Center of the Supreme Prosecutors' Office (http://www.spo.go.kr / +82-2-3480-2000)
• Cyber Bureau of the Police Agency (http://cyberbureau.police.go.kr / 182 without area code)
Supplementary Terms
The following additional terms apply respectively to users having residence in or nationality of certain countries. In the event of any conflict between the following additional terms and the provisions of the main body of this Policy, the following terms shall prevail. The Company shall try to comply with any legal regulation of countries which may be applied to the User and the Company.
1. For Users Having Usual Residence in European Union
• The purpose and basis of personal information processing
The Company uses the collected personal information only for the purposes stated in Article 3, gives the User advance notice of this fact, and seeks the User's consent. Also, in accordance with the GDPR etc., the Company may process the User's personal information if any one of the following applies:
(1) The data subject consented;
(2) It is for the conclusion and performance of a contract with the data subject;
(3) It is to comply with legal requirements;
(4) Processing is necessary for the crucial interest of the data subject; or
(5) It is for the pursuit of the Company's legitimate interests (the foregoing does not apply where the data subject's interests, rights, or freedoms are more important than the interests pursued by the Company).
• The guarantee of the rights of the User who uses the Company's services within the European Union (EU)
According to the GDPR etc., the User may request the Company to transfer their personal information to a different manager, and may also refuse the processing of their personal information. Furthermore, the User retains the right to bring grievances on the processing of their personal information before the personal information protection authorities.
Meanwhile, the Company may use personal information to provide marketing such as events or advertisement to the User and seeks the User's consent in relation to the foregoing; the User may at any time withdraw their consent if such marketing is not desired.
The User may request the foregoing requests by means such as telephone, email, documents etc.; the Company will act on such request without delay once it is filed.
If modification or correction is requested for errors in the User's personal information, the Company will not use or provide such personal information of the User until such matter is modified or corrected.
• Personal Information of Children
For the Users having usual residence in EU (including UK, Switzerland), the Company’s services is designed for a general audience and is not directed towards children. In connection with the Company’s service, the Company does not knowingly collect or maintain personal information from anyone under the age of sixteen (16) or knowingly allow such persons to use the Company’s service. If you are under sixteen (16), please do not attempt to register for the Company’s service or provide the Company with any personal information. If the Company learns that a person under the age of sixteen (16) has provided the Company with any personal information, the Company shall promptly delete such personal information. If you believe that a child under age sixteen (16) may have provided the Company with personal information, please contact the Company using the information specified in the Policy.
2. For Users Having Usual Residence in California, and Virginia, United States
If the Users reside in California and Virginia, certain rights may be given. The Company shall prepare preventive measures necessary for protecting personal information of Users so that the Company may comply with California Privacy Rights Act of 2020 (hereinafter referred to as “CPRA”) and Virginia Consumer Data Protection Act (hereinafter referred to as “VCDPA”) when necessary.
3. For Users Having Usual Residence in Japan
• Use of Personal Information of Users
The Company process the User’s personal information when this is necessary under the Company’s agreement with the User, to provide Users with the Company’s service, and specific features users select when using the Company’s service, which may require personalizing the content of the Company’s service mainly regulated in Article 3 of this Policy.
• Provision and Outsourcing of Personal Information of Users
Article 7 and 8 of this Policy shall be applied on the provision and outsourcing of personal information of Users
This Policy is implemented starting on July 6th, 2023.