Privacy Policy
1. General
Novelux (hereinafter referred to as "the Company") values the
protection of members' personal information and strives to
protect it at all times. The Company complies with all
relevant laws and regulations related to personal information
protection, including the "Act on Promotion of Information and
Communication Network Utilization and Information Protection,"
and has established a privacy policy based on these laws to
ensure the protection of user rights.
1) The Company has established a "Privacy Policy," which is
publicly available on its website and mobile application,
allowing users to easily access it at any time.
2. Collection Methods and Items of Personal Information
The Company collects the following personal information for
membership registration, consultation, and service
applications:
1) The Company collects the following information during
membership registration and service postings:
① Mobile phone number, device unique identifier (device
ID, etc.)
2) Range of personal information that may be collected during
the service usage process:
① Information entered and content created by users
during the service usage process
3) Methods of collecting personal information:
① Mobile applications, web pages, written forms, faxes,
telephone and online consultations through customer centers,
event participation
② Collection through information generation tools
3. Purpose of Collecting and Using Personal Information
1) Smooth provision and operation of services
2) Member management
① Member identification, prevention of fraudulent use
and unauthorized use, confirmation of intent to join,
restriction on the number of registrations and membership,
record retention for dispute resolution, complaint handling,
notification of important notices, etc.
3) Providing customized services, providing statistical
services and advertisements based on demographic
characteristics, sending regular publications, confirming the
validity of services, providing information on events and
advertisements, and providing opportunities for
participation
4. Consent for Collection, Use, and Provision of Personal
Information
The Company provides a procedure for users to check their
agreement to the collection of personal information when they
initially register as a member or when related to service
usage. If users check the agreement, it is presumed that they
have agreed to the collection of personal information.
5. Use and Provision of Personal Information Beyond the
Purpose and Third-Party Provision
1) The Company will not use or provide user's personal
information beyond the scope notified in "3. Purpose of
Collecting and Using Personal Information."
2) However, user consent will be obtained through appropriate
procedures in the following cases:
① Affiliation: For better service provision, the Company
may provide user information to affiliated companies. In this
case, the Company will go through the procedure of notifying
users of the affiliated company, the items of personal
information provided, the purpose of providing personal
information, the duration of provision, and measures to
protect personal information. If users do not agree, the
Company will not provide information to affiliated companies,
and in case of changes or termination of the affiliation,
users will be notified. Even if users agree to provide
information, they can withdraw their consent at any time.
② Outsourcing: To provide better services and process
personal information, the Company may outsource the handling
of personal information. In this case, the Company will
provide detailed notifications regarding the outsourcing
company's name, purpose, range of personal information
handled, and duration of outsourcing.
3) Exceptions:
① For settlement of fees related to service provision
② In the case of transactions concluded through the
services provided by the Company, providing relevant
information to the parties involved for smooth
communication
③ When users have given prior consent
④ Pursuant to the provisions of the law or in cases
where there is a request from an investigation agency
according to the procedures and methods prescribed by the law
for investigation purposes
⑤ In cases where it is deemed necessary for the life,
body, or property interests of the data subject or a third
party in a state where the data subject or the legal
representative cannot express their intention or the address
is unknown, and when it is clearly necessary to prioritize the
legitimate interests of the data controller over the rights of
the data subject. However, this is limited to cases where
there is a clear relationship between the legitimate interests
of the data controller and the reasonable scope.
⑥ When it is clearly necessary to achieve the legitimate
interests of the personal information controller, and the
relationship with the data subject's rights is prioritized,
and it does not exceed a reasonable range.
6. Retention Period and Disposal of Personal Information
1) The Company generally retains the collected personal
information until the end of the service usage contract, as
stipulated in Article 10 of the Terms and Conditions, which is
"Contract Period and Termination of Service Contract." In the
event of termination of the service contract, the Company
immediately disposes of the member's personal information and
takes measures to promptly dispose of information provided to
third parties.
(However, to prevent re-registration during the
re-registration grace period, personal information will be
disposed of two months after the end of the service
contract.)
① If there is a need to preserve transaction records and
minimal basic information for the period specified by law,
such as the preservation period prescribed by the Commercial
Act
② If the retention period is announced and has not
expired, or if the member's consent is obtained, the
information is retained for the agreed period
③ The following cases retain personal information for
the specified periods:
- Record of contract or withdrawal
Retention reason: Consumer protection under the
Act on Consumer Protection in Electronic Commerce, etc.
Retention period: 5 years
- Records related to payment and supply of goods,
etc.
Retention reason: Consumer protection under the
Act on Consumer Protection in Electronic Commerce, etc.
Retention period: 5 years
- Record of consumer complaints or dispute
resolution
Retention reason: Consumer protection under the
Act on Consumer Protection in Electronic Commerce, etc.
Retention period: 3 years
- Record of identity verification
Retention reason: Information and Communication
Network Promotion and Information Protection Act
Retention period: 6 months
- Record of visits
Retention reason: Telecommunications Secrecy
Protection Act
Retention period: 3 months
3) If there is a request from the member to view personal
information that the Company has obtained with consent, the
Company takes immediate action to allow the member to view and
confirm it.
7. Procedure and Method of Personal Information Disposal
1) The Company promptly disposes of personal information that
has become unnecessary, such as when the retention period of
personal information expires or the purpose of processing is
achieved.
2) If personal information with consent for retention expires
or if it is necessary to continue storing personal information
according to other laws, the Company moves the relevant
personal information to a separate database (DB) or stores it
in a different location. Personal information stored
separately is not used for purposes other than the purpose of
retention unless required by law.
3) The procedure and method of personal information disposal
are as follows:
- Disposal procedure
The Company selects personal information for
disposal when the reason for disposal arises and disposes of
personal information after obtaining approval from the
Company's personal information protection manager.
- Disposal method
For electronically recorded and stored personal
information, the Company uses methods such as low-level format
to make the information irretrievable. For personal
information recorded and stored on paper, the Company shreds
or incinerates the information.
8. Rights of Users and Legal Representatives and Methods of
Exercise
1) Users and legal representatives can access or modify their
personal information registered at any time, and they can
request registration or withdrawal.
2) For personal information viewing and modification, users
can undergo the identity verification process through the "My
Information" section, and for registration or withdrawal, they
can directly request access, correction, or withdrawal through
the customer center.
3) Users can also contact the personal information management
responsible person in writing, by phone, or by email to
request the viewing, modification, or withdrawal of personal
information.
4) If a user requests correction of an error in personal
information, the Company does not use or provide the personal
information until the correction is completed. If incorrect
personal information has already been provided to a third
party, the correction results are immediately notified to the
third party.
5) Personal information that has been terminated or deleted at
the request of the user is processed in accordance with the
provisions of Article 6, "Retention Period and Disposal of
Personal Information."
9. Matters Regarding the Collection of Location-Based
Information
The Company may collect location-based information for the
smooth provision of services. For details, please refer to the
Location-Based Service Terms and Conditions.
10. Technical and Managerial Measures for the Protection of
Personal Information
The Company takes the following technical/managerial measures
to ensure the security of users' personal information in
handling it to prevent loss, theft, leakage, alteration, or
damage:
1) Measures against hacking
The Company makes every effort to prevent the leakage or
damage of user's personal information due to hacking or
computer viruses. It regularly backs up data to prevent damage
to user's personal information or data leakage. The Company
also uses the latest antivirus programs to prevent information
leakage or damage during transmission over the network through
encrypted communication. The Company controls unauthorized
access from external sources using intrusion prevention
systems and strives to implement all possible technical
devices to secure security.
2) Minimization and education of handling staff
Handling staff related to personal information at the
Company is limited to specific personnel. Separate passwords
are assigned for this purpose, and they are regularly updated.
Regular education is conducted for handling staff to emphasize
compliance with the Personal Information Handling Policy.
3) Operation of a dedicated personal information protection
organization
The Company checks compliance with the Personal
Information Handling Policy and the compliance of personnel
through an in-house personal information protection
organization. If any issues are discovered, the Company
strives to rectify and correct them immediately. However, the
Company is not responsible for any problems arising from the
user's own negligence, intentional acts of the Company, or
significant negligence.
11. Personal Information Manager
1) Novelux manages the personal information of members
collected through the appointment of a personal information
manager and a personal information management officer as
follows:
① Personal Information Manager: Myeong-ho Yeo
(070-4149-0165)
② Personal Information Management Officer: Myeong-ho Yeo
(070-4149-0165)
12. Establishment and Handling of Opinions and Complaints
1) The Company values the opinions of users regarding personal
information and ensures that users have the right to receive
sincere answers to inquiries related to personal
information.
2) The Company operates a customer center for smooth
communication with users. Details are as follows:
Name: Novelux Customer Center
Email: cs@novelux.com
Phone Number: 070-4149-0165
Consultation Hours: 10:00 AM to 5:30 PM, excluding
holidays, weekends, and lunchtime (12:00 PM to 1:00 PM).
3) If you need to report or consult about other personal
information infringements, please contact the following
organizations:
- Personal Information Infringement Report Center (privacy.kisa.or.kr
/ 118)
- Information Protection Mark Certification Committee
(www.eprivacy.or.kr
/ 02-580-0533~4)
- Cyber Crime Investigation Department of the Supreme
Prosecutors' Office (www.spo.go.kr
/ 02-3480-2000)
- Cyber Terror Response Center of the National Police
Agency (www.ctrc.go.kr
/ 02-392-0330)
This Privacy Policy may be revised, added, or modified in
content. In such cases, the Company will announce it through
the "Notice" screen within Novelux services at least 7 days
before the effective date.
Announcement Date: February 26, 2024
Effective Date: February 26, 2024