Privacy Policy
Effective Date: March 27, 2024
Jiro Corporation ("the Company") operates Dropshot Stock ("the Service") and complies with the Republic of Korea's Personal Information Protection Act, Protection Of Communications Secrets Act, and Telecommunications Business Act as well as the EU's General Data Protection Regulation (GDPR). The Company endeavors to protect user rights by establishing a personal information processing policy based on relevant laws.
This Privacy Policy applies to users who have registered for the Service and is intended to inform users about how their personal information is being used and the measures the Company takes to protect personal information.
1. Collection and Purpose of Personal Information
- The Company collects and uses personal information for the following purposes. Collected personal information will not be used for any other purposes and, if the usage purpose changes, prior consent will be obtained.
- Membership management
- Personal information is processed for the purposes of verifying identity, personal identification, imposing restrictions on members who violate Terms of Use and License Policy, sanctioning actions that hinder the smooth operation of the service and misuse of the service, verifying age, confirming intentions for membership registration or withdrawal, limiting duplicate registrations, preserving records for dispute resolution, handling complaints and other civil petitions, and delivering notification.
- New service development and marketing/advertising utilization
- Purpose of service announcements and usage inducements, verifying the effectiveness of the service, statistics and access frequency analysis for service improvement and new service development, advertising based on statistical characteristics, and providing information and opportunities for participation in events or promotions.
- Financial transaction processing related to service provision
- Purpose of payments and refunds for the use of paid services and content license purchases, transmission of service information, and settlement of charges related to service provision.
- The Company will obtain the user's consent if the information is used for purposes other than those stated in this Privacy Policy.
2. Types and Methods of Personal Information Collection
- All users can access the Company's services, and registered members can receive a variety of services. When collecting personal information from users, the Company will inform and obtain user consent in advance.
- The Company collects personal information through membership registration, member information modification, forms, phone or fax, service usage, email, event participation, and customer service. The Company collects the following personal information:
- At the time of membership registration: name, password, email address, country or browser language
- For creators: Personal identification number (for issuing tax invoices as per the Value-Added Tax Act), account number, bank name, profile-related information (such as activity area).
- For paid service orders and refunds: Credit card information, mobile phone number, real-time bank transfer details, deposit without bankbook details, cash receipt issuance information.
- Automatically collected information during service use: Device identifiers, operating system, browser type and settings, website and app usage information, phone number, log information, IP address, cookies, and web beacons.
- Location information: GPS, Bluetooth, or Wi-Fi signals for specific geographic location (limited to regions where it is legally permitted).
- Other information: User preferences, advertising environment, pages visited, etc.
3. Retention and Usage Period of Collected Information
- The Company will destroy personal information without delay once the purpose of its collection and use has been achieved.
- Membership information: When a member withdraws or is expelled.
- Payment information: When the payment is completed or the period for the extinguishment of claims expires.
- Information collected for surveys, events, etc.: When the survey or event ends.
- However, if there is a need to retain information as prescribed by relevant laws, the Company will store membership information for a certain period as defined in such laws:
- Records related to contracts or withdrawal of offers: 5 years (Act on Consumer Protection in Electronic Commerce)
- Records on payment and supply of contents: 5 years (Act on Consumer Protection in Electronic Commerce)
- Records on consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce)
- Records on display advertising: 6 months (Act on Consumer Protection in Electronic Commerce)
- Site usage and visit records, access logs, access IP records: 3 months (Protection of Communications Secrets Act)
- Even if there is no basis in relevant laws, information may be stored to prevent significant losses to the Company or for purposes such as crime and litigation, but only the minimum period and items necessary to achieve this purpose are stored.
- Information for identifying re-registration prevention for 7 days after withdrawal or expulsion from membership.
- Information for denying transactions in cases of inevitable expulsion from membership according to the Term of Use.
- Download service records are stored for 15 years for copyright and license protection.
4. Disclosure of Collected Information
- The Company processes personal information only within the scope of the stated purposes and does not disclose it externally without the prior consent of the member, except in certain circumstances.
- Disclosure to the Company's affiliates, partners, and service providers.
- When users have given prior consent.
- When required by law or requested by investigative agencies according to legal procedures and methods.
5. Entrustment of Personal Information Processing
- The Company entrusts some necessary tasks for smooth personal information processing to external companies as follows.
- The Company, in accordance with the 'Personal Information Protection Act' and other related laws, ensures that these entrusted companies manage personal information safely according to relevant laws and regulations.
- The entrusted companies and their tasks are as follows.
- Amazon Web Services Inc.: Member management and service provision system development and operation, automated email dispatch.
- Google LLC: Real-time chat and user authentication.
- Stibee: Email delivery service
- Modusign Inc.: Electronic contracts and e-signature service
- Korea PortOne Co.,Ltd.: Payment service
- Toss Payments: Payment method
6. International Transfer of Data
- The Company may provide the users' personal information to the companies located in other countries for the purpose as expressly stated in this Policy. For the places where the personal information is transmitted, retained or processed, the Company takes reasonable measures to protect those personal information.
- In the EU region, personal information can be transferred to countries with adequacy decisions or under appropriate safeguards.
- Details of personal data provided to overseas companies are as follows:
Transferred entities | Purpose of transferee | Personal data to be transferred | Method for transfer | Use period |
---|---|---|---|---|
Amazon Web Services Inc. | Data storage for providing services and operation of services | Personal information and log information collected during use of the service | From time to time through information and communication networks during the service provision process | Until membership withdrawal or termination of consignment agreement Date |
Google LLC | To compile website user statistics and improve service | Personal information and log information collected during use of the service | From time to time through information and communication networks during the service provision process | Until membership withdrawal or termination of consignment agreement Date |
7. Third-Party Sites and Services
The Company's website, products, and services may include links to third-party websites, products, and services. The privacy policies of these third-party sites may differ from the Company's policy, so users are advised to review them additionally.
8. Destruction Procedure and Method of Personal Information
- The Company will destroy personal information immediately when it becomes unnecessary, following the expiration of the retention period or achievement of the processing purpose.
- The procedures and methods for destruction are as follows:
- Procedure of destruction
- Information entered by users for membership registration or other purposes is transferred to a separate database or storage location and kept for a certain period according to internal policies and other legal reasons, then destroyed immediately after the reason for storage expires.
- Personal information moved to a separate database is not used for any purpose other than retaining personal information, except in cases required by relevant laws.
- Personal information is destroyed in the same manner as specified in this clause, even in cases where the user directly requests modification or deletion of information, or requests withdrawal of membership.
- Personal information collected for temporary purposes (such as surveys, events, identity verification, etc.) is destroyed in the same manner after the purpose is achieved.
- Method of destruction
- Electronic files containing personal information are deleted using technical methods that prevent record recovery.
- Printed personal information is destroyed using shredders or incinerators.
9. Cookies (Tracking Technologies)
- The Company may collect collective and impersonal information through cookies and other tracking technologies such as pixel tags, web beacon, and similar technologies to provide individualized custom services.
- A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different from the domain of the website you are visiting – for our advertising and marketing efforts.
- Purpose of the Company's Use of Tracking Technologies
- The Company uses Tracking Technologies to store users' preferred settings, support faster web environments, and improve services for convenient use. Additionally, the Company analyzed service access frequency, visit duration, and number of visits through cookies to understand user preferences and interests for service provision.
- Installation, Operation, and Rejection of Cookies
- Users can accept or decline cookies. Most browsers automatically accept cookies, but users can modify their browser settings to decline cookies. Therefore, users can allow all cookies, go through confirmation every time a cookie is stored, or reject the storage of all cookies by setting options in their web browser. However, if users decline cookies, they may not be able to sign in or use other interactive features of our site and services that depend on cookies.
- How to manage cookies(tracking technology) setting (may vary depending on the version)
- Chrome: Select 'Settings' menu > Under "Privacy and Security" select 'Site settings' > Select 'Third-party cookies' > Select an option
- Safari: Select 'Preferences' menu > Select 'Privacy' tab > Set level of cookies and website data
10. Lawful Processing of Personal Information
- For individuals residing in the EEA and UK, the Company processes personal information based on the following legal grounds:
- A user has given consent to the processing of his or her personal information.
- Processing is necessary for the performance of a contract to which a user is party or in order to take steps at the request of a user prior to entering into a contract:
- Member management, identification, etc.
- Performance of a contract in relation to providing the services required by users, payment and settlement of fees, etc.
- Processing is necessary for compliance with a legal obligation to which the Company is subject
- Compliance with relevant law, regulations, legal proceedings, requests by the government
- Processing is necessary in order to protect the vital interests of users, or 3rd parties
- Detection of, prevention of, and response to fraud, abuse, security risks, and technical issues that may harm users or 3rd parties
- Processing is necessary for the performance of a task carried out in the public interest or in the excise of official authority vested in the Company
- Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child).
11. User Rights
- The users or their legal representatives, as main agents of the information, may exercise the following rights regarding the collection, use and sharing of personal information by the Company:
- The right to access to personal information
- The users or their legal representatives may access the information and check the records of the collection, use and sharing of the information under the applicable law.
- The right to rectification
- The users or their legal representatives may request to correct inaccurate or incomplete information.
- The right to erasure
- The users or their legal representatives may request the deletion of the information after the achievement of their purpose and the withdrawal of their consent.
- The right to restriction of processing
- The users or their legal representatives may make temporary suspension of treatment of personal information in case of the disputes over the accuracy of information and the legality of information treatment, or if necessary to retain the information.
- The right to data portability
- The users or their legal representatives may request to provide or transfer the information.
- The right to object
- The users or their legal representatives may suspend the treatment of personal information if the information is used for the purpose of direct marketing, reasonable interests, the exercise of official duties and authority, and research and statistics.
- The right to automated individual decision-making, including profiling
- The users or their legal representatives may request to cease the automated treatment of personal information, including profiling, which has critical impact or cause legal effect on them.
- If, in order to exercise the above rights, users may use the ‘Profile’ menu of the site or contact the Company by sending a document or e-mails, or using telephone to the Company, the Company will take measures without delay: Provided that the Company may reject the request of you only to the extent that there exists either proper cause as prescribed in the laws or equivalent cause.
12. Security Measures
- The Company regard the security of personal information of uses as very important. The company constructs the following security measures to protect the users' personal information from any unauthorized access, release, use or modification:
- Encryption of personal information
- Passwords are encrypted for storage and management, and only individuals who know the password can access and modify personal information. Password rules are applied to prevenet the use of predictable passwords.
- Countermeasures against hacking
- The Company is committed to preventing the leakage or damage of members' personal information due to hacking or computer viruses. To prevent personal information from being leaked or damaged by hacking or computer viruses, the Company has installed systems in the areas controlled for external access. These systems are designed to detect and block intrusions and are monitored 24 hours a day. Additionally, antivirus programs are installed to ensure the systems are not infected by the latest malware or viruses. The Company also continuously researches and applies new hacking and security technologies.
- Minimization and training of personnel handling personal information
- The Company limits the number of employees handling personal information to a minimum and emphasizes the importance of personal information protection through administrative measures, including training of these employees.
- Install control tower for the protection of user’s personal information
- The Company designates and operates a Data Protection Officer to protect users’ personal information and to address inquiries and complaints.
- However, the Company is not responsible for any issues arising from user negligence or internet-related problems leading to the leakage of personal information, such as ID, password, resident registration number, etc.
13. Protection of Children's Personal Information
- The Company primarily collects personal information from individuals over the age of 19. The Company does not collect personal information from children under the age of 14 without the consent of their legal guardians.
- If the Company inadvertently collects personal information from a child, appropriate measures will be taken to delete it.
- The Company also implements specific procedures to protect the personal information of children, such as verifying the age of the child and obtaining consent from legal guardians.
14. Changes
The Company reserves the right to modify or change this policy at any time. When the policy is changed, the Company will notify users through the website notice board (or through individual notice such as written document, fax, or email) and will obtain user consent if required by relevant laws.
15. Company Contact Information and Data Protection Officer
The Company designates the following Data Protection Officer (DPO) to protect personal information and handle user complaints. For inquiries about this policy or to update user information, please contact the Company using the following methods:
- Data Protection Officer
- Department: Business Development
- Name: Jeewon Lee
- Email: jee.lee@jirocorp.io
- Phone: 010-3423-2114
16. Remedies for Rights Infringement
For reports or consultations on personal information infringement, users can contact the following organizations:
- Personal Information Dispute Mediation Committee: (without extension) 1833-6972 https://www.kopico.go.kr/main/main.do
- Personal Information Infringement Reporting Center: (without area code)118 privacy.kisa.or.kr
- Cybercrime Investigation Division, Supreme Prosecutor’s Office: (without extension) 1301 www.spo.go.kr
- Cyber Security Division, National Police Agency: (without extension) 182 https://ecrm.police.go.kr/minwon/main
17. Notification Obligation
The Company will notify users of any additions, deletions, or modifications to the current privacy policy at least 7 days before implementation. Significant changes affecting user rights and obligations will be notified 30 days in advance.