Privacy Policy

1. Purpose of personal information management

    The Moon Co., Ltd. (www.moonchoistudio.com http://moonchoistudio.com, hereinafter “the Moon”) collects and processes personal information for the following purposes. Personal information collected shall not be used for any purposes other than for the followings. The Moon will seek prior consent of the person who is the subject of the personal information (including a legal representative for children under 14) (hereinafter “the User”) before any changes to the intended use is implemented.

    1) Membership registration and management for E-newsletters: the Moon processes personal information to confirm the User’s intention to be a registered member and to identify or certify the Users’ identity for provision of membership services.

    2) Provision of goods and services: the Moon processes personal information to deliver goods, provide services, verify the User’s identification and age, accept payment or settle invoices and prevent illegal use of the other’s name.

    3) Marketing and advertisement: the Moon processes personal information to develop new services/goods and provide customized services, provide event-related or advertising information and offer participation in events.

     

    2. Personal information processing and retention period

    1) The Moon processes and retains personal information during the period agreed by the User or permitted by law.

    2) Personal information processing and retention periods are as follows –

    ○ Membership registration and management for E-newsletters: the Moon processes and retains personal information until the User withdraws his membership or his consent to receive E-newsletters. Where the Moon is required by law to retain personal information for a certain period, the Moon shall process and retain personal information for the period required by law.

    ○ Provision of goods and services: the Moon processes and retains personal information for 5 years from the date when the User gives consent to collect or use of his personal information or until the time when the User withdraws his consent. Where the Moon is required by law to retain for a certain period, the Moon shall process and retain personal information for the period required by law.

    ○ Marketing and advertisement: the Moon processes and retains personal information for 2 years from the date when the User gives consent to collect or use of his personal information or until the time when the User withdraws his consent. Where the Moon is required by law to retain for a certain period, the Moon shall process and retain personal information for the period required by law.

     

     3. Provision of personal information to third party

    The Moon provides personal information to a third party only when it is permitted by the Personal Information Protection Act such as when the User gives consent or provision of personal information is expressly allowed under the applicable laws and regulations.

     

    4. Entrustment of personal information processing

    1) For smooth handling of personal information, the Moon entrusts certain works as follows –

    ○ EventsEntrusted party:

    Works: maintenance and management of events

    Period:

    ○ Online market research

    Entrusted party

    Works: conduct online market research

    Period:

     2) The Moon, in accordance with Article 26 of the Personal Information   Protection Act, specifies the following matters in an entrustment   agreement and supervises the entrusted party for safe use of the   personal information provided.

    ○ Prohibit the entrusted party from processing personal information for any purpose other than for carrying out the entrusted works;
    ○ Technical and administrative measures to protect personal information;
    ○ Restrict sub-contract of the entrusted works;
    ○ Manage and supervise the entrusted party; and
    ○ Liabilities and compensation

     3) Any change of the entrusted party or the entrusted works will be   immediately published through this policy.

     

    5. Rights of the User (including the legal representative for children under 14) and how the User exercises such rights

    As the subject of personal information, the User may exercise the following rights –

    • Right to access to personal information;
    • Right to request correction of any error;
    • Right to request deletion of personal information;
    • Right to request stop processing of personal information

    The legal representative for a child under 14 may exercise the right to access and/or correct the child’s personal information, and to withdraw the consent to collect and use the child’s personal information.

     

    6. What information we collect and how we collect such information

    1) The Moon collects personal information as follows –

    ○ Sign up membership or event booking through the Moon’s website, paper, telephone, fax or e-mail;

    ○ Automatic collection through cookies embedded in the Moon’s website.

    2) The Moon, with a prior consent from the User (including consent from the legal representative for children under 14), collects and processes the following information which is essential for the Moon to provide services. The User may refuse to provide the optional information, in which case the User can still use the service.

    3) Registration and management of membership

    ○ Required: name, date of birth, e-mail address

    ○ Optional: address, gender

    4) Registration and management for E-newsletters

    ○ Required: name, e-mail address

    5) Provision of goods and services

    ○ Required: name, date of birth, nationality, ID, password, address, telephone number, e-mail address

    6) Marketing and advertisement

    ○ Required: name, gender, age, address, telephone number, e-mail address

    7) Use of cookies

    ○ Cookies are embedded in the Moon’s website for the User’s convenience. Personal information such as IP address, name of the User’s workplace, web address and location of the User (city and country) may be automatically created and collected by cookies.

    ○ The User may block all or some cookies by activating the setting on the browser.

      

    7. Disposal of personal information

    The Moon disposes personal information without delay when personal information becomes no longer necessary. The procedure, timing and method of disposal are as follows –

     1) Procedure: the Moon identifies personal information that needs to be destroyed and, with approval of the Moon’s personal information manager, destroys such information. When the intended purposes to collect and process personal information are achieved, the Moon stores personal information in a separate database (in case of personal information in paper form, in a separate document) and disposes such personal information after preserving it for a period required by law or the Moon’s internal policies. Personal information preserved, unless allowed by law, will not be used for other purposes than the intended purposes.

    2) When destroy: personal information will be destroyed within 5 days after occurrence of an event causing disposal.

    3) How to destroy: personal information in electronic form will be destroyed using technical tools, which prevents such information from being reproduced. Personal information in paper form will be destroyed using shredder or by fire.

     

    8. Measures to secure safety of personal information

    The Moon, in accordance with the Personal Information Protection Act, takes the following technical, administrative and physical measures necessary to protect personal information –

    1) Regular internal audits: the Moon conducts internal audits periodically (on a quarterly basis) to secure safety of personal information.

    2) Minimize number of staff processing personal information and training: the Moon appoints minimum number of staff in charge of processing personal information and give permission to handle personal information only to such staff.

    3) Establish and implement internal management plan: the Moon establishes and implements internal management plan to safely handle personal information.

    4) Technical measures to prevent hacking: the Moon installs security programs to prevent leakage or damage of personal information caused by computer hacking or virus, and renews and checks the system regularly. The information system is located where access from outside is controlled and monitored through technical and physical measures.

    5) Encryption of personal information: the User’s personal information are stored and managed in an encrypted form so that only the User can know them. In addition, important data is stored and transmitted in an encrypted form and/or secured by the file locking function.

    6) Storage of access records and prevention of forging or falsifying logs: the Moon stores and manages records of access to personal information system for at least 6 months and uses security programs to prevent the access records from being forged or falsified, stolen or lost.

    7) Limited access to personal information: the Moon takes measures to control access to personal information by controlling authorization to access personal information database system, and prevents unauthorized access from outside using intrusion prevention system.

    8) Use of locking device to secure documents: the Moon keeps documents and storage device in a safe place where locking devices are installed.

    9) Control of unauthorized access: the Moon has a storage place where personal information is physically stored, and establishes and implements procedures to control access to such place.

     

    9. Personal information protection manager

    1) The Moon appoints a personal information protection manager who is responsible for all matters relating to personal information processing and handling the User’s complaints arising out of processing of his personal information.

    Personal information protection manager

    Name: Stella Choi

    Position: director

    Title: representative director of the Moon

    Contact: Tel +82 2 517 5732/ E-mail stella@moonchoistudio.com

     

    Personal information management division

    Name of division: Managing

    Person in charge: Stella Choi

    Contact: stella@moonchoistudio.com

     The User may contact the personal information protection manager or the personal information management division regarding all inquires or complaints related to personal information. The Moon will promptly respond to such inquires or complaints.

     

    10. Request to see personal information

    The User may request the following division to see his personal information in accordance with Article 35 of the Personal Information Protection Act. The Moon will handle such requests as promptly as possible.

    Name of division: Managing

    Person in charge: Stella Choi

    Contact: stella@moonchoistudio.com

     

    11. If the User’ rights and interests related to personal information is infringed

    The User may contact the following institutions for consultation about infringement of his rights or interests related to personal information, if the User is not satisfied with the services of the Moon in handling his complaints related to personal information.

    Personal Information Protection Centre

    (operated by Korea Internet & Security Agency)

    • What they do: take reports on infringement of personal information and provide counseling services.
    • Websie: privacy.kisa.or.kr
    • Telephone: 118 (without area code)
    • Address: Personal Information Protection Centre, 9 Jinheung-gil, Naju-si, Jeollanam-do, Korea 58324

      Personal Information Dispute Mediation Committee

      • What they do: receive applications for mediation of personal information related disputes
      • Website: www.kopico.go.kr
      • Telephone: 1833-6972 (without area code)
      • Address: 209, Seojong-daero, Sejongno, Jongno-gu, Seoul, Korea 03171

        Cybercrime Investigation Department of the Supreme Prosecutors’ Office:

        02-3480-3582 (www.spo.go.kr)

         Korean National Police Agency Cyber Bureau: 182 (http://cyberbureau.police.go.kr)

         

        12. Changes in the privacy policy


         This policy will take effect from the effective date, and any addition, deletion or correction of the policy will be published 7 days prior to the date on which such changes take effect.

         

        Notification Date: [30] [August] 2019

        Enforcement Date: [7 days after the notification]