TwigFarm Co., Ltd.(hereinafter referred to as “Company”) treats users’ personal information withcare. Personal information processing policy refers to the guidelines that thecompany must follow so that users can use the service feeling easy, and the companycomplies with all relevant laws and regulations, including the ‘PersonalInformation Protection Act’ and the ‘Act on Promotion of Information andCommunications Network Utilization and Information Protection’, etc. Thecompany is doing the best to ensure that your personal information isprotected.
Through the personal informationprotection policy, the company informs you of the purpose and method of usingthe personal information provided by the user and how it is managed to protectpersonal information.
Werespect the confidentiality of personal data and the privacy of individuals,and the processing personal information is based on Personal Data Protection Act 2012(PDPA).
Article 1 Purpose of collecting and usingpersonal information
The company collectsand uses personal information for the following purposes. All informationprovided by users will not be used for any other purpose, and if the purpose ofuse is changed, prior consent from the user will be obtained.
Asa data controller, the company is obliged to comply with the provisions ofrelevant laws and regulations.Legal basis for the matter based on the PersonalData Protection Act 2012(PDPA).
・Membership management: Provision of membership services, personalidentification, prevention of fraudulent and unauthorized use by delinquentmembers, confirmation of intention to join, membership of children under theage of 14, handling of complaints, etc.
・Implementation of contractsfor service provision and settlement of fees for service provision: Service userecords, payment information
・New service development and marketing utilization: Statisticalcharacteristics, types of use, access frequency, and statistics on members' useof services
Article 2 Items and methods of collectingpersonal information
When collecting theuser's personal information, the company will inform the user in advance of thepurpose of collecting personal information, items to be collected, etc. andobtain the user's consent.
1. Personal information collection items
・When the user agrees to the collection of personal information andenters the information personally during the process of signing up and usingthe service
・ When personalinformation is provided by a third party such as a webpage, email, fax, phone
and affiliate, etc. during theconsultation through the customer center In this case, according to thePersonal Information Protection Act, it is provided to us after obtainingconsent from affiliates, etc. to provide personal information to a third party.
・During the using PC web and mobile web/apps, information such asdevice information, IP address, cookies, visit date and time, and illegal userecords may be automatically generated and collected.
・Event application, event participation, etc.
2. Personal information collection items
・ When registeringand modifying your membership information
· Required: Name or nickname,email, password, date of birth
・When signing up for social media and modifying information
· Required: Google (name /email), Apple (name / email)
· Optional: Profile information:Profile photo/interest categories, etc., date of birth
・Payment-related information such as bank account or credit cardinformation such as payment information (card information, etc.) for use ofpaid services and payments, and your credit information.
・In the process of using the service, device information, cookies,and basic statistics on service use may be collected in a form that does notidentify you.
3. Purpose of Collection and Use
・User identification, confirmation of intent to sign up, preventionof illegal use by delinquent members
・Providing various services, handling inquiries or complaints, anddelivering notices
・Collection of use records and settlement of fees when using paidservices
・Prevention and sanctions against actions that limit the smoothoperation of the service
・Used for developing new content and services, deliveringinformation on events, marketing and advertising, etc.
・Used to build a service environment where users can use the servicefeeling easy in terms of security, privacy, and safety.
Article 3 Consent to collection ofpersonal information
If your personal data is shared with a third partyacting with 'TwigFarm Co., Ltd.' as a co-manager under the PDPA, the companywill provide additional information about the primary contact manager regardingthe request for your rights to the extent required by law.
1. We have established a procedure that allows users to select whetheror not to agree to the contents of the personal information protection policyor terms of use by clicking the 'Agree' button. If you select the 'Agree'button, the personal information you entered will be stored in the customerdatabase and considered to be used appropriately for the purposes specifiedabove.
2. If you enter and save additional personal information collectedthrough modification of member information, etc., you are deemed to haveconsented to the collection of personal information.
3. Even when consent to the collection of personal information isobtained through a third party, such as an affiliate, the company will providea procedure for users to choose whether or not to agree with the contents ofthe privacy policy or terms of use through the 'Agree' button, and if the'Agree' button is selected, it will be considered as if the user has agreed.
Article 4 Processing and retention periodof personal information
1. Retention and Use Period of Personal Information
We may retain yourpersonal data for as long as necessary for the purposes for which it wascollected in accordance with local laws and regulations. If you requestwithdrawal from membership or your consent to the collection and use ofpersonal information, the information will be destroyed without delay when thepurpose of collection and use is achieved or the retention and use period ends.
However, the following information willbe kept separately for the specified period in accordance with relevant lawsand regulations, and personal information after the period will be destroyedwithout delay, and you may contact the data protection manager to requestdetailed information on the retention of your personal data.
A) Records regarding contracts or application withdrawal, etc.
· Retention basis: Act onConsumer Protection in Electronic Commerce, etc
· Retention Period: 5 years
B) Records of payment and supply ofgoods, etc.
· Retention basis: Act onConsumer Protection in Electronic Commerce, etc
· Retention Period: 5 years
C) Records of consumer complaints ordispute resolution
· Retention basis: Act onConsumer Protection in Electronic Commerce, etc
· Retention Period: 3 years
D) Records of consumer complaints ordispute resolution
· Retention basis: Act onConsumer Protection in Electronic Commerce, etc
· Retention period: 3 years
2. Membership Withdrawal and Re-signing up
Personal information and activityinformation of accounts that have been withdrawn will be permanently deletedimmediately upon withdrawal and cannot be recovered. Additionally, the accountwill be disconnected from all social media accounts. After withdrawal, you canre-sign up with the same email address or social media account as beforewithdrawal.
3. Rights of personal information subjects
In principle, users have the right torefuse consent to the collection of personal information under the PersonalInformation Protection Act. However, if you refuse to collect essentialpersonal information items, you cannot sign up for membership and use theservice.
Article 5 Entrustment of personalinformation processing work
In order to providesmooth service, the company entrusts the processing of personal information tothe following third parties to the minimum extent. In any other case, thecompany will not use or provide the user's personal information to a thirdparty beyond the scope notified in the 'Items and methods of collectingpersonal information'.
Additionally, members may requestwithdrawal of consent to provision of personal information at any time.
<Entrusted tasks handled by overseascorporations>
・Trustee (solution): Auth0
· Date and method of entrustment:When singing up or withdrawing, transmitted at any time through a privatenetwork
· Information manager contact: privacy@auth0.com
· Personal information items tobe transferred: Nickname, email address, password, date of birth
· Purpose of use of trustee:System work related to customer sign-up and management
· Retention and use period: Untilmembership withdrawal or termination of entrustment contract (however,retention is possible during the retention period stipulated by related laws)
・Trustee (Solution): MailChimp
· Date and method of entrustment:When signing up or withdrawing membership, transmitted at any time through aprivate network
· Information manager contact: privacy@mailchimp.com
· Personal information items tobe transferred: Nickname, email address, password, date of birth
· Purpose of use of trustee:Sending email marketing contents such as advertisements
· Retention and use period: Untilmembership withdrawal or termination of entrustment contract (however,retention is possible during the retention period stipulated by related laws)
・Trustee (solution): Typeform
· Time and method of entrustment:When providing survey responses, send them frequently through private networks
· Information Manager Contact: support@typeform.com
· Personal information items tobe transferred: Personal information provided by respondents
· Purpose of use of trustee:marketing and improving service quality and user experience
· Retention and use period: Untilmembership withdrawal or destruction of personal information notified inadvance
・Trustee (Solution): Google LLC (Google Analytics)
· Time and method of entrustment:Remote transmission using a private network when using the service
· Information Manager Contact: Google
· Personal information items tobe transferred: Region, access history, content usage history, etc.
· Purpose of use of trustee:Compiling statistics, measuring service performance, and improving userexperience
· Retention and use period: Untilmembership withdrawal or termination of entrustment contract (however,retention is possible during the period stipulated by related laws)
Article 6 Provision of personalinformation to third parties
We do not use userinformation or provide it to third parties beyond the scope of user's consentobtained when collecting personal information. However, exceptions are made ifthe user agrees or if one of the following applies.
1. When it is necessary to settle fees for the provision of informationand communication services
2. When there are special provisions in the law or when it isunavoidable to comply with statutory obligations.
Overseas Data Transfer
Your personal datamay be stored on external servers located overseas. In addition, as describedabove, in conducting the business, the company may need to share informationwith related companies and third party service providers (that may be locatedin countries other than your country of residence).
We may also transferyour personal information to other countries (including countries other thanSingapore) within the scope of sharing described above.
If personal information is transferred to a country other than Korea, Personal Data Protection Act 2012 (PDPA) applies.
Article 7 Procedures and methods fordestroying personal information
After the purpose of collecting and using personal information hasbeen achieved, the company destroys the information without delay. Destructionprocedures and methods are as follows.
1. Destruction Procedure
· The information entered byusers for membership sign-up, etc. is transferred to a separate database(separate filing cabinet in the case of paper) after the purpose is achievedand stored for a certain period and then destroyed in accordance with informationprotection reasons according to internal policies and other relevant laws.
· Personal informationtransferred to a separate DB will not be used for any purpose other than asrequired by law.
· The company selects thepersonal information that requires destruction and destroys the personalinformation with the approval of the company's personal information protectionmanager.
2. Destruction method
· Personal information stored inelectronic file format is deleted using technical methods that render therecords unrecoverable.
· Personal information printed onpaper will be destroyed by shredding or incineration.
3. Personal information destruction procedure for dormant accounts
· In accordance with Article 39-6of the Personal Information Protection Act and Article 48-5 of the EnforcementDecree of the same Act, the company turns the personal information of memberswho have not logged in to the website for more than one year into a dormantaccount and manages it separately to protect personal information.
· Dormant membership information:All information collected and managed at the time of membership sign-up ormodification of membership information
· The company will notify theuser of the relevant information through e-mail one month before the personalinformation separation and storage period of the dormant account arrives.
· Personal information storedseparately by switching to a dormant account is destroyed without delay after 3years.
Article 8 Personal information protectionmeasures
1. Establishment and implementation of internal personal informationmanagement plan
We have established an internal personalinformation management plan, including matters related to the composition andoperation of the personal information protection organization, such as thedesignation of a personal information protection manager, and are checkingwhether it is being properly implemented every year.
2. Access control and access rights restriction measures for personalinformation
In order to blockillegal access to personal information, the company has access to the personalinformation processing system. one We establish and enforce standards for granting, changing,and deleting personal data, train employees who handle personal data to respectthe confidentiality of personal data, and take violations of all applicabledata protection laws very seriously.
The company alsokeeps the number of employees who process personal information to a minimum.
3. We are taking encryption measures to safely store and transmitpersonal information.
4. We are taking measures to prevent storage, forgery and alteration ofpersonal information access.
Article 9 Operation and options forcookies
A. Operation andpurpose of cookies
The company operates cookies just likeany other website. Cookies are small amounts of information that a websitesends to the user's computer's Internet browser and are stored on the computerdisk. Cookies identify only the user's computer, not the user, and are used toprovide optimized services to the user, such as maintaining login, storing ID,and analyzing usage patterns.
Google Analytics
This website usesGoogle Analyticsa web analytics service provided by Google, Inc. (“Google”).Information generated by cookies (including your IP address) about using theGoogle Analytics website is sent by Google to a server in the United States andstored.
B. Installation, operation and rejectionof cookies
You have choices about cookies. This mayvary depending on the type of web browser, but in most cases you can decidewhether to accept cookies or delete all existing cookies through your webbrowser settings. However, if you refuse to store cookies, the use of someservices that require login may be restricted.
[How to set cookies]
· Internet Explorer: Select Toolsmenu → Select Internet Options → Click Personal Information tab → Personalinformation processing level settings
· Chrome: Select the Settingsmenu → Select Show advanced settings → Select Privacy-Content Settings → Cookielevel settings
· Safari: Select the Settingsmenu → Select the Privacy tab → Cookie and website data level settings
Article 10 Management and protectionmeasures for personal information
The company is takingthe following management measures to protect users' personal information. Thecompany strictly limits employees who handle personal information to those whoperform personal information management duties and those who inevitably have tohandle personal information for work purposes, and emphasizes compliance withthis policy through regular training for employees in charge. The company hasdesignated a personal information protection manager to protect personalinformation. If you have any questions regarding personal information, thecompany will do the best to answer.
<Personal Information ProtectionOfficer>
· Name: Kim Seok-sik
· Department: Squad Headquarters
· Email : seoksik.kim@twigfarm.net
Article 11 Duty to notify before revisionof personal information processing policy
This personal information processingpolicy will be applied from July 6, 2022, and if there are any changes, thecompany the company will notify you through a notice on the website or aseparate notice 7 days prior to the implementation of the changes.
Both this policy and the use of thiswebsite are in compliance with the laws of Singapore. Where applicable, for theavoidance of doubt, the processing of personal data will also be subject toother data protection laws.
