Earnfinex values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other relative laws regarding the Personal Information Protection Act, and take such action to protect customer’s personal information.
“Processing Personal Information” means a guideline that the Company needs to comply with in order to let the customers use the services with confidence by protecting the customer’s personal information, which the company highly values.
This processing of personal information is applied to the company’s website (https://www.earnfinex.com) service. Separate privacy policies may apply to services provided on other websites.
The company will notify you through the website announcement (or individual notice) when revising the personal information processing policy. Users are urged to check back frequently when visiting our site.
PURPOSE OF COLLECTING AND USING PERSONAL INFORMATION
The company may process personal information for the following purposes. The processed personal information will not be used for any purpose other than the following purposes and will be subject to a prior agreement if the purpose of the use is changed.
• Verification of a user’s identity, his/her willingness to obtain membership, his/her willingness to withdrawal membership and managing members.
• Authentication for payment and withdrawal.
• Providing services, providing content, and providing personalized services.
• Establishing a service utilization environment that users can use with confidence in terms of security, privacy, and safety.
• Data to provide personalized services such as service usage record and access frequency analysis, statistics on service utilization, customized service according to service analysis and statistics, and advertisement.
• Inform any upcoming events, marketing, advertisement, etc.
• Providing information upon a request made by proper and legal investigation on hacking/fraud and other performance of duty by law.
List of collecting personal information and method of collecting
The Company collects minimum personal information that customer needs to use the services of the Company. Customer may refuse to consent to collection or use of personal information if one does not wish to do so. However, if you do not agree to the collection and use of essential items in the collected personal information items, there may be restrictions on the use of some functions.
The personal information that the company collects from the user is as follows.
1 . Registration
• E-mail, Password
• Providing exchange/wallet service
• Duplicated registration information (DI), and identification information of the same person(CI)
Information that is automatically generated during the process of using the service or processing the business: service usage history, access logs, cookies, access IP information, payment history.
2 . Confirmation identity
• Copy of identification (make blank all other information except date of birth)
3 . Others
Company will not collect sensitive personal information that may infringe human rights (such as race, ethnicity, ideology, creed, place of birth, homeland, political orientation and criminal record, health status and sex life), and Company will obtain prior consent when the Company has to collect above information.
In any case, the company will not use the information that the customer input for any other purpose other than the purpose stated above, or leak.
The Company collects personal information through the following methods:
The company collects personal information which the customer, themselves, input and consent to when signing up and using services (Consent of legal representative is necessary when collecting personal information of children under 14 years old).
Personal information of users can be collected through web pages, e-mail, fax, and telephone during the consultation process through the Customer Centre.
Personal information can be collected in written form at events, seminars, etc. held offline.
Generation information such as device information can be automatically generated and collected during the process of using PC web or mobile web (access IP information, cookie, service usage log, access log).
Retention and usage period of the collected personal information
If the Company collects personal information of the user, the retention period is until the cancellation (including withdrawal application, withdrawal of directorship) after signing up. Also, at the time of termination, the Company will destroy the personal information of the user and instruct the third party to destroy the personal information that is provided to the third party.
However, if there is a need to preserve by the laws and regulations such as commercial law, Company may retain transaction details and minimum basic information during the preservation period prescribed by laws and regulations and notify customers regarding this period in advance, and the company may preserve the customer’s personal information if the period of retention has not elapsed or if the company receive customer’s consent individually.
1) Records of consumer complaints or disputes
• Retention reason: consumer protection act in electronic commerce
• Retention period: 3 years
2) Records on the collection, processing and use of credit information
• Retention reason: Act on the Use and Protection of Credit Information
• Retention period: 3 years
3) Record of payment and goods supply
• Retention reason: Consumer Protection Act in Electronic Commerce
• Retention period: 5 years
4) Record of Log In
• Retention reason: Protection of communications secrets Act
• Retention period: 3 months
5) Company internal policy to prevent the illegal use
• Record period of illegal use: 5 years
Procedures and methods of personal information destruction
In principle, the company destroys customer’s personal information without any delay when the purpose of collecting personal information is achieved. The procedure and method of destroying personal information of the company are as follows.
1) Destruction procedure :
The information entered by the user for registration is transferred to a separate DB (retained in a separate cabinet in case of the written form) after the purpose is achieved and is stored for a certain period of time and destroyed after the period according to internal policy and other relevant laws and regulations(refer to retention and usage period).
2) Destruction period :
In the case where the personal information of the user has elapsed, destruction should be taken place within 5 days from the end of the period of holding the personal information. If the personal information such as accomplishing the purpose of processing personal information, abolishing the service, the destruction should be taken place within 5 days from the day when it is deemed unnecessary to process the personal information.
3) Destruction method:
• Personal information printed on paper shall be destroyed by being shredded through shredders or burnt
• Personal information stored in an electronic file is deleted using a technical method that can’t play the record
Transfer of personal information abroad
The company uses overseas could services to provide smooth services and enhance user convenience. In this regard, we inform you about the transfer of personal information abroad as follows.
The company entrusts the following personal information processing tasks for the smooth handling of personal information business, and both regulates and supervises the entrusted company to process personal information safely in accordance with the Information and Communications Network Act.
Customers have the right to refuse consent to the consignment (provision) of personal information. However, customer may be restricted from using the services when refused to consent.
Customer’s rights and how to exercise the rights
1) The subject of the information can exercise the right of personal information protection at any time with respect to the company
• Personal information request
• Request revision when error is found
• Request destruction
• Requests stop the procedure
2) The exercise of rights under (1) may be done in writing an e-mail to the person in charge of personal information protection and the department in charge. And the Company take action without any delay.
3) If the subject requests correction or deletion of personal information, the company will not use or provide the personal information until the correction or deletion is completed.
4) Users can view or modify their registered personal information at any time and may request withdrawal of consent and termination of membership.
5) The company does not accept membership of children under the age of 14 who need the consent of a legal representative.
Issues regarding Cookie operation
Cookie means “contact information file” and is used by the company to provide members with faster and more convenient use of the website and to provide specialized customized services. The Company identifies your computer with regard to cookie management but does not identify you individually.
Customers have the option of installing cookies. By setting options in the web browser, members can accept all cookies, check each time a cookie is saved, or refuse to save all cookies. However, if you refuse to install cookies, you will not be able to use the web conveniently, and you may have difficulty using some services that require login.
Measures to ensure the safety of personal information
1) Technical measures against hacking:
The Company installs security programs to prevent leakage and damage of personal information caused by hacking and computer viruses, and the Company periodically updates and checks, installs the system in an area where the place is separated from outside and technically and physically monitors and blocks them.
2) Minimize the staff and educate them:
The Company limits the personal information processing staff to the person in charge and implements measures to manage personal information. In addition, we constantly emphasize compliance with the company's personal information processing policy through on-the-job training to the person in charge.
3) Encryption of personal information:
The personal information of the user is encrypted, stored and managed so that only the user can know it, and the important data is using the separate security function such as encrypting the file and transmission data or using the file lock function.
4) Restricted access to personal information:
The company takes necessary measures to control access to personal information through granting, modifying, and deleting access rights to the database system that processes personal information. We also control unauthorized access from outside by using an intrusion prevention system.
5) Using locks for document security:
We keep documents with personal information and auxiliary storage media in safe place with lock.
6) Access control to unauthorized persons:
The company has setup a separate physical storage place for storing personal information and both setup and operates access control procedures on this place.
Duty of Notification