Privacy policy..

• BITCMON (hereinafter referred to as the “Company") regards the customer's personal information with highest importance, and strictly adheres to the guidelines and complies with relevant laws and regulations, including but not limited to the Act on the Promotion of Information and Communication Network Utilization and Information Protection Act, the Act on Consumer Protection in Electronic Commerce, the Telecommunications Privacy Act, the Telecommunications Business Act, and the Personal Information Protection Act, so as to protect the personal information that customers provide to use our services.
• Customer shall note that the Privacy Policy is subject to change per changes in the laws or guidelines related to the protection of personal information. Please check back frequently when visiting our website.
• The Privacy Policy of the Company consists of the following:

1. Personal Information Items to be Collected and its Collection Method 

2. Purpose of Collection and Utilization of Personal Information

3. Sharing Personal Information

4. Entrusting the Processing of Collected Personal Information

5. Retention and Utilization Period of Collected Personal Information

6. Procedure and Method of Personal Information Disposal

7. Rights of the User & Legal Representative and the Exercise Method 

8. Measures to Secure Safety of Personal Information

9. Installation and Operation of Automatic Personal Information Collection System and Matters against the Installation and Operation

10. Managing Supervisor and Person in Charge of Personal Information 

11. Duty of Notification

1.  Personal Information Items to be Collected and its Collection Method 

• A. Items of personal information collected
• ① The Company does not collect sensitive personal information (race and ethnicity, religion and ideologies, hometown and registered place of birth, political affiliation, criminal record, health condition, and sexual orientation, etc.) that may violate users' fundamental human rights.
• ② The Company collects and uses only the following essential personal information:
•  
  • 1) Personal identification and member sign-up consent
  • - General members: name, ID, password, passport number (foreigners only), mobile phone number, e-mail address, country of origin, security PIN, and residence (address)
  • - Corporate members: company name, representative name, business registration number, representative phone number, business address, e-mail address, password, country of origin, mobile phone number, and security PIN
  • 2) Authentication for payment and withdrawal
  • - Name, date of birth, account number, copy of identification card (mask information other than date of birth), mobile phone number, and security PIN
  • 3) Authentication for advancing to next level
  • - Mobile phone number, e-mail address, i-PIN number, copy of identification card (mask information other than date of birth), withdrawal account number, residence, connecting information (CI), and duplication information (DI)
  • 4) Reset security PIN
  • - Name, e-mail address, mobile phone number, copy of identification card (mask information other than date of birth), photo (facial photo)
  • 5) Prevention of fraudulent and unauthorized use by problematic members
  • - User access IP address, visit date
  • 6) Easy authentication
  • - Name, date of birth, gender
  • ③ The following information can be generated and collected when using 'Service':
  • - Service use record, payment record, suspension and revocation record, access log, cookies, user access IP addresses, faulty or abnormal usage record
•  
  • B. Method of personal information collection
  • The Company shall use the following method to collect personal information:
  • - Website, mobile phone application, mobile phone webpage, FAX, telephone, customer service webpage, e-mail, event application
  • - Gathering through the Generated Information Gathering Tool

2. Purpose of Collection and Utilization of Personal Information

• The Company collects and uses the customer's personal information for the following purposes:
• A. Member management
• - Authentication and identification for member-based services
• - Preventing illegal and unauthorized use of problematic members
• - Confirmation of registration/subscription intention, registration, and limit number of registration
• - Underage identification
• - Track records for customer consultation, reception and handling of customer complaints, and dispute settlement
• - Communicate notices

• B. Implementation of service agreement and settlement of charges
• - Delivery of services, contents, and personalized services
• - Payment and settlement of charges
• - Announcement of event/prize winners and gift delivery
• C. Use in marketing and advertisement
• - Provide optimized services to customers
• - Develop and specialized new service (product)
• - Deliver services and serving ads based on demographic characteristics
• - Estimate the frequency of webpage access
• - Produce statistics on service use
• - Ship periodicals and introduce new products or services
• - Plan web services and events that meet customer concerns
• - Deliver advertising information such as prizes, events, etc. or operate a participation space
• - Conduct customer survey

 3.  Sharing Personal Information

• The Company shall not use the customer's personal information beyond the scope notified to the customer or specified in the terms of Service Agreement, or to share it with a third party, unless given with a customer consent or when any one of the following conditions is met:
• A. Affiliated partners: The Company may provide to or share customer’s personal information with its affiliated partners to provide better service to customers. In case of providing or sharing personal information, the Company shall give customers a prior notice via e-mail or writing about who the affiliated partner(s) is(are), why such personal information should be provided or shared, and until when and how it will be protected and managed. In case a customer does not provide consent, the Company shall not provide or share personal information of the customer to or with the affiliated partner(s). In the event that there is a change in the partnership or when the partnership is terminated, the same procedure shall be used to notify and obtain consent from customers.
• B. Sales, mergers, etc.: In the event that all or part of the business is transferred, or the service provider's rights and obligations are transferred through merger or inheritance, the Company shall notify customers to ensure protection of their rights related to personal information.
• C. In case it is significantly difficult, for economic and technical reasons, to obtain consent on the personal information needed to perform contractual terms concerning the provision of services.
• D. If it is necessary for settlement of charges according to the Service Agreement.
• E. The Company may share customer’s personal information in case there are special provisions in other laws, such as the Protection of Communications Secrets Act, the National Tax Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., the Enforcement Decree of the Act on Real Name Financial Transactions and Guarantee of Secrecy, the Enforcement Degree of the Use and Protection of Credit Information Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, Korea Bank Act, and the Criminal Procedure Act. However, even when stipulated by another law or regulation and requested by the administrative or investigative agencies for administrative or investigation purposes, customer’s personal information shall not be provided unconditionally, but only provided given that a warrant or written document bearing the authority of the head of the agency is presented, under the relevant laws and in accordance with due procedure.
• F. If the Company has sufficient reasons to believe that customer’s personal information must be disclosed in order to take legal action for causing mental or physical harm to others through the Company’s services.
• Personal information sharing detail

4. Entrusting the Processing of Collected Personal Information

• The Company may entrust management of personal information to other companies within a limited extent for smooth and improved service. The following companies are entrusted with the personal information by the Company in order to fulfill the Service Agreement with its members. By specifying relevant provisions in the contract with those companies, personal information is managed safely in accordance with the relevant laws and regulations.
• Entrusted companies

5.  Retention and Utilization Period of Collected Personal Information

• A. Customer’s personal information is retained and used during the period in which the Company provides services. When a member withdraws, the collected personal information is destroyed so that it cannot be viewed or used anymore. However, if deemed necessary, the information may be retained in accordance with the related laws and regulations as follows:
• - Contract or withdrawal record: 5 years
• - Payment and goods supply record: 5 years
• - Record of complaint or dispute: 3 years
• - Tax payment record: 5 years
• - Log-in record: 3 months
• - Information about ads displayed: 6 months
• B. If the customer requests to view transaction information retained with the consent of the customer, the Company shall make it available without delay.
• C. The Company shall retain encrypted information of withdrawn member, such as name, date of birth, ID, and password information, for one (1) month after cancellation of membership to prevent the member from subscribing and cancelling repeatedly to gain economic benefits, such as discount coupons and event benefits, illegally or through improper ways.

6. Procedure and Method of Personal Information Disposal

• In accordance with retention and utilization period, the Company shall, without delay, dispose or separately store the collected personal information once the purpose of personal information collection has been achieved. The procedure, timing and method shall be as follows.
• A. Disposal procedure and timing
• Once the purpose of collection and personal information use have been achieved, the Company shall dispose customer’s personal information collected at the time of subscription in accordance with the retention period specified as per the internal policy other relevant laws (see “Retention and Utilization Period of Collected Personal Information” in the preceding section) without any delay. In general, if there is no remaining bond-to-debt relationship, personal information collected by the Company at the time of membership subscription is managed in electronic file format and is deleted immediately upon membership cancellation.
• B. Disposal method
• Personal information printed on paper is destroyed by grinding, incineration, or by using chemical products. Personal information stored in electronic file format is deleted using technical methods that are irreversible.
• C. Method and timing of separate storage
• A user account, which has been inactive for one (1) year shall become a dormant account in accordance with the ‘Personal Information Expiration System.’ Dormant account information is managed separately with access restrictions and security applied.

7. Rights of the User & Legal Representative and the Exercise Method 

• A. Users or their legal representatives may exercise the following rights regarding their personal information at any time:
• -Request to access personal information

- Request to correct personal information in case of error

- Request to delete personal information

- Request to suspend processing of personal information

• B. Users or their legal representatives may access or correct their personal information at the "Change Member Information" page after logging into the Company website (www.bitcmon.co.kr) or request for an update by e-mail or in writing to the Company’s personal information protection manager.
• C. Users or their legal representatives may withdraw (cancel) their ‘Consent to Collection and Utilization of Personal Information' via e-mail, telephone, or FAX.
• D. If requested for an update of deletion by users or their legal representatives, the Company shall not continue to use or provide personal information until the request has been processed. The Company processes personal information that has been requested to be revoked or deleted by the users or their legal representatives in accordance with "Retention and Utilization Period of Collected Personal Information" and does not make them available to be viewed or used for other purposes.

8. Measures to Secure Safety of Personal Information

• The Company implements the following security measures to ensure compliance with the Personal Information Protection Act:
•  
  • A. Managerial protection measures
  • ① Establish and implement internal management plan
  • - Matters concerning appointment of personal information protection manager
  • - Matters concerning the roles and responsibilities of personal information protection manager and personnel handling personal information
  • - Matters concerning the necessary security measures for protecting personal information
  • - Matters concerning the training of personnel handling personal information and entrusted personal information service provider
  • - Other matters related to protecting personal information
  • ② Conduct regular self-audits
  • - Matters concerning separation of duties of the person in charge of protecting personal information and auditors
  • - Matters concerning the role and responsibilities of personal information auditors
  • - Regular self-audit to secure safety when handling personal information
•  
  • B. Technical protection measures
  • ① To prevent the personnel handling personal information from leaking customer information, the Company operates a personal information leakage prevention system, in which a safe encryption algorithm is applied on the personal information sent over device (PC) and network.
  • ② Access to personal information processing system is restricted for related tasks only, and each personnel in charge manages one user account. In case the personnel handling personal information is changed, the access to the personal information system is changed or revoked and the records are kept for at least five (5) years. In addition, rules for creating passwords is established and applied to each personnel handling personal information. 
  • ③ In the event that an individual’s identification information and password are sent or received through the information communication network or transmitted through a secondary storage medium, the information is stored using commercial encryption software and the passwords are encrypted and stored with secure algorithm.
  • ④ Access log of the personnel handling personal information is kept and managed for at least six (6) months and kept securely to prevent forging, falsification, theft, or loss.
  • ⑤ The Company has installed and is operating security programs, such as antivirus software, that can prevent or treat malicious programs on personal information processing systems and computers. The Company uses automatic updating feature of security programs and conducts regular PC inspection.
•  
  • C. Physical protection measures
  • IT room, data storage room, and other physical places storing personal information is protected with access control procedures; documents and auxiliary storage media are managed and stored in a locked place.

9. Installation and Operation of Automatic Personal Information Collection System and Matters against the Installation and Operation

• A. The Company may install and operate cookies, which often store and find customer information, through the Company's online service. Cookies are string of information sent by a web server to a web browser, stored, and then sent back to the server when there is an additional request from the server. When a customer connects to the Company’s website, cookies in their browsers enable the Company to find customer information and provide service without having the customer enter information such as name, etc.
• B. The Company may use customer information collected through cookies for the following purposes:
  • ① To provide information tailored to each customer’s areas of interest
  • ② To analyze the access frequency or stay time of members and non-members to identify the users' tastes and areas of interest and use them for targeted marketing
  • ③ To trace the contents viewed by users and provide customized service next time they visit
  • ④ To inform the period of use of paid service
  • ⑤ To analyze customer habits and use them to restructure service, etc.
• C. Customers have right to determine installation of cookies. Customers may choose to accept all cookies, receive notification when new cookies are installed, or reject all cookies by selecting the appropriate option in their browser setting: Tools > Internet Options > Personal Information > Advanced. However, if a customer refuses to install cookies, there may be inconvenience in using the service or difficulty in providing the service.
• D. Cookies are inactive upon exiting the browser or upon log-out.

10. Managing Supervisor and Person in Charge of Personal Information 

• A. The Company values the protection of customers’ personal information and does its best not to damage, infringe or leak their personal information. However, the Company shall not be hold responsible for any unexpected accidents caused by hacking or other basic network risks that damage information, despite the technical measures taken by the Company, or disputes caused by users’ postings.
• B. Customer service shall provide prompt and sincere response to any inquiries about customer’s personal information protection. If a customer wishes to contact a person in charge of personal information protection of the Company, please e-mail or contact the below number. We will provide prompt and sincere response to any inquiries regarding personal information.

 Managing supervisor of personal information

• - Name: 
• - Position:
• - Phone number: 
• - E-mail:
• C. For consultation regarding other personal information violation, customers may contact the Personal Information Dispute Mediation Committee, the Supreme Public Prosecutor's Office, the National Police Agency, and the Korea Internet & Security Agency as shown below:
• ① Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
• ② Cybercrime Investigation Department of the Supreme Public Prosecutor’s Office(http://www.spo.go.kr): 1301
• ③ National Police Agency Cyber Bureau (http://cyberbureau.police.go.kr): 182
• ④ Personal Information Infringement Notification Center (http://privacy.kisa.or.kr): 118

11.  Duty of Notification 

• In the event that the stipulations of the current Privacy Policy, enacted as of December 3, 2018, are added, deleted, or modified in accordance with the changes in the government policies or security technologies, the Company will notify customers of such change(s) at least seven (7) days prior to the enforcement, by way of displaying in ‘Notice’ of the Company’s website. 
• - Enforcement Date: June 1, 2019