Oasis (hereinafter referred to as the 'Company') establishes and discloses the following personal information processing guidelines in order to protect and handle the complaints related to the protection of personal information of the information subject pursuant to Article 30 of the Personal Information Protection Act.
Article 1 (Purpose of processing personal information)
The Company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following purposes, and if the purpose of use is changed, the Company will take necessary measures to comply with Article 18 of the Personal Information Protection Act, including obtaining separate consent.
1. Website member registration and management
The Company processes personal information for the purpose of confirming the intention of membership registration, providing member services, verifying and authenticating the member’s identity, maintaining and managing member qualifications, confirming identity verification in accordance with the implementation of limited self-verification, preventing unauthorized use of services, confirming whether the legal representative's consent is obtained for processing personal information of children under 14 years of age, various notifications, complaints handling, etc.
2. Provision of goods or services
The Company processes personal information for the purpose of delivering goods, providing services, sending contracts and invoices, providing contents, providing customized services, personal authentication, age verification, fee payment and settlement, and debt collection, etc.
3. Handling of complaints
The Company processes personal information for the purpose of confirming the identity of the complainant, verifying the details of the complaint, contacting and notifying for fact-finding, and notifying the results of processing.
Article 2 (Period of processing and retention of personal information)
① The Company processes and retains personal information within the period of personal information retention and use agreed upon when collecting personal information from the information subject or within the period of personal information retention and use required by laws and regulations, if no specific period has been agreed upon or required by laws and regulations.
② The period of each personal information processing and retention is as follows.
1. Website member registration and management: Until the business operator/organization's website withdrawal
However, in the following cases, personal information will be retained until the termination of the relevant reasons
1) In the event of an ongoing investigation or inspection for a violation of relevant laws, it will be retained until the end of such investigation or inspection
2) In the event of the existence of remaining claims and debts related to the use of the website, it will be retained until the settlement of such claims and debt relationships
2. Provision of goods or services: Until the completion of the supply of goods/services and payment/settlement of fees
However, in the following cases, it will be retained until the end of the relevant period
1) Records related to indication/advertisement, contract contents, performance of transactions, etc. pursuant to the Act on Consumer Protection in Electronic Commerce, etc. - Records on indication/advertisement: 6 months - Records of contract or subscription withdrawal, payment, supply of goods, etc.: 5 years - Records on consumer complaints or disputes: 3 years
2) Preservation of telecommunication facts confirmation data pursuant to Article 41 of the Telecommunications Secret Protection Act - Data on the date and time of the subscriber's telecommunication, the start/end time, the counterparty's subscriber number, the frequency of use, and the location tracking data of the originating base station: 1 year - Log records of computer communication, internet, and access point tracking data: 3 months
Article 3 (Provision of personal information to third parties)
① The Company processes personal information within the scope specified in Article 1 (Purpose of processing personal information) of the personal information for information subjects and provides personal information to third parties only when the information subject has consented to it, or when there are special provisions in the law, such as Article 17 of the Personal Information Protection Act.
② The Company provides personal information as follows. - Recipient of personal information: <Oasis Company> - Purpose of use of the recipient's personal information: <Joint business cooperation and affiliation credit card issuance for events, etc.> - Items of personal information provided: <Name, address, phone number, email address, card payment account information> - Retention and use period of the recipient: <During the trade period according to the credit card issuance contract>
Article 4 (Rights of the user and legal guardian and methods of exercising them)
① Information subjects can exercise the following personal information protection rights against the Company at any time. 1. Request for personal information access 2. Request for correction if there are errors 3. Request for deletion 4. Request for suspension of processing
② The exercise of rights under paragraph 1 can be done to the Company in writing, by telephone, by electronic mail, by facsimile transmission (FAX), etc., and the Company will promptly take measures for it. ③ If an information subject requests correction or deletion of personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
④ The exercise of rights under paragraph 1 can be done through a legal representative of the information subject or a proxy. In this case, the power of attorney according to the Enforcement Rule of the Personal Information Protection Act must be submitted. ⑤ Information subjects must not infringe the personal information and privacy of themselves or others by violating the Personal Information Protection Act or related laws and regulations being processed by the Company.
Article 6 (Personal information items being processed)
The Company processes the following personal information items. 1. Website member registration and management Required items: <Name, date of birth, ID, password, address, phone number, gender, email address>
2. Provision of goods or services Required items: <e.g. Name, date of birth, ID, password, address, phone number, email address>
3. The following personal information items may be automatically generated and collected during the process of using internet services. IP address, cookies, MAC address, service usage record, visit records, records of improper use, etc.
Article 7 (Destruction of personal information)
① When the personal information becomes unnecessary due to the expiration of the retention period of personal information, achievement of the purpose of processing personal information, etc., the Company will promptly destroy the relevant personal information. ② If the personal information must be preserved in accordance with other laws and regulations despite the expiration of the retention period agreed by the information subject, or the achievement of the purpose of processing, the Company will separately transfer the personal information to a separate database (DB) or store it in a different location for preservation.
③ The procedure and method of destruction of personal information are as follows.
1. Procedure for destruction The Company selects personal information that has become unnecessary and obtains approval from the Company's personal information protection manager to destroy the personal information. 2. Method of destruction The Company uses methods such as making records stored in an electronic file format unrecoverable using methods such as low-level formatting for the destruction of personal information stored in electronic file formats; and for personal information recorded and stored on paper documents, it shreds or incinerates the personal information.
Article 8 (Measures for securing the safety of personal information)
The Company is taking the following measures to secure the safety of personal information. 1. Administrative measures: Establishment and implementation of an internal management plan, regular employee education, etc. 2. Technical measures: Access control management of personal information processing systems, installing access control systems, encrypting unique identification information, etc. 3. Physical measures: Access control to computer room, data storage room, etc.
Article 9 (Installation, operation, and rejection of personal information automatic collection devices)
① The Company uses 'cookies' to store and periodically retrieve usage information in order to provide individualized tailored services to users.
② Cookies are small pieces of information sent by the server (http) operating the website to the user's web browser, and are also stored on the user's hard disk inside the computer. a. Purpose of using cookies: To analyze the use patterns of users on each service and website visited, popular search terms, security access status, etc., to provide optimized information to the user. b. Installation, operation, and rejection of cookies: Users may refuse to store cookies by configuring the options in the Tools > Internet Options > Privacy menu of the web browser. c. If you refuse to store cookies, it may cause difficulties in using individualized services.
Article 10 (Personal Information Protection Manager)
① The Company has appointed a personal information protection manager to take responsibility for overall personal information processing, complaints processing, and remedies related to personal information processing as follows. ▶ Personal Information Protection Manager Name: Joo Won Lee Job Title: CEO Contact: teamprivateclub@gmail.com ※ Will be connected to the Personal Information Protection Department. ▶ Personal Information Protection Department Department Name: Management Support Team Person in charge: Joo Won Lee Contact: teamprivateclub@gmail.com ② Information subjects may contact the personal information protection manager and the department in charge for all inquiries, complaints processing, and remedies related to personal information protection during the use of the Company's services (or business). The Company will respond promptly to inquiries from information subjects.
Article 11 (Request for access to personal information)
Information subjects may request access to personal information according to Article 35 of the Personal Information Protection Act to the following department. The Company will make efforts to ensure that the request for access to personal information from information subjects is processed promptly. ▶ Department for receiving and processing requests for access to personal information Department Name: Management Support Team Person in charge: Joo Won Lee Contact: teamprivateclub@gmail.com
Article 12 (Remedies for infringement of rights
Information subjects may inquire about remedies for personal information infringement, consultations, etc., to the following organizations. ▶ Personal Information Infringement Report Center (Operated by the Korea Internet and Security Agency) - Responsible for: Reporting personal information infringement facts, applying for consultations - Website: privacy.kisa.or.kr - Phone: (without area code) 118 - Address: 9 Jinheung-gil, Naju-si, Jeonnam, 301-2, 3rd floor, Personal Information Infringement Report Center ▶ Personal Information Dispute Mediation Committee - Responsible for: Applying for personal information dispute mediation, group mediation (civil settlement) - Website: www.kopico.go.kr - Phone: (without area code) 1833-6972 - Address: 209 Sejong-daero, Jongno-gu, Seoul, Government Seoul Building, 4th floor, 03171 ▶ Cyber Investigation Unit, Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr) ▶ Cyber Safety Bureau, National Police Agency: 182 (http://cyberbureau.police.go.kr)
Article 13 (Enforcement and amendment of personal information processing policy)
This personal information processing policy is effective from May 20, 2024.
