1. Purpose

​

RHYME (hereinafter referred to as the "Company") shall establish a personal information processing policy (hereinafter referred to as the "Personal Information") in order to protect the information (hereinafter referred to as the "User" or "Personal Information") of individuals (hereinafter referred to as the "Company Service") who use the services (hereinafter referred to as the "Company Service"), comply with relevant laws such as the Personal Information Protection Act and the Promotion of Information and Communication Network Utilization and Information Protection Act (hereinafter referred to as the "Information and Communication Network Act") and to promptly and smoothly deal with complaints related to the protection of personal information of service users.

​

​

2. Principles of Processing Personal Information

​

In accordance with the laws and regulations related to personal information and this policy, the company may collect the user's personal information, and the collected personal information may be provided to a third party only with personal consent. However, if it is legally enforced by the provisions of laws and regulations, the company may provide the collected user's personal information to a third party without personal consent in advance.

​

​

3. Disclosure of this Policy

​

1. The company discloses this policy through the first screen of the company's website or the connection screen with the first screen so that users can easily check this policy at any time.

2. When the company discloses this policy pursuant to paragraph 1, it makes it easy for users to check this policy by utilizing the font size, color, etc.

​

​

4. Change of this Policy

​

1. This policy may be amended in accordance with laws, guidelines, notices, or changes in the policies or contents of government or company services related to personal information.

2. If the company revises this policy pursuant to paragraph 1, it shall be notified by one or more of the following methods.

   • How to announce it through the announcement column or a separate window on the first screen of the company's Internet homepage

   • A method of notifying the user in writing, sending an imitation, e-mail, or a similar way

3. The Company shall notify the notice under paragraph 2 at least 7 days prior to the enforcement date of the revision of this policy. However, if there is a significant change in user rights, it will be notified at least 30 days in advance.

​

​

5. Information for Membership

​

The company collects the following information for the user's membership registration for the company's service.

1. Required Collection Information: Email address, password, name, nickname, date of birth, and mobile phone number

​

​

6. Information for Personal Certification

​

The company collects the following information for the user's identity authentication.

1. Required Collection Information: Mobile Phone Number, Email Address, Name, Date of Birth, Gender, Identification Value (CI,DI), Mobile Carrier, iPin Information (When Confirming I-Pins) and My/Foreigner 

​

​

7. Information for Payment Services

​

The company collects the following information to provide the company's payment service to users. 

1. Required collection information: card number, card password, expiration date, 6 digits of birth date (yy/mm/dd), bank name and account number

​

​

8. Information for Providing Company Services

​

The company collects the following information to provide users with the company's services.

1. Required Collection Information: ID, email address, name, date of birth, and contact

​

​

9. Information for confirmation of service use and fraudulent use

​

The company collects the following information to confirm and analyze users' use of services and illegal use.

1. Required Collection Information: Service usage history, cookies, contact information, and device information

​

※ Unfair use: It refers to illegal or expedient receipt of economic benefits such as discount coupons and event benefits provided by the company, prohibited by the terms of use, and illegal or expedient acts such as name theft, such as re-registration after withdrawal of membership and cancellation of purchase after purchase. The information collected can be used for statistics and analysis according to the use of company services.

​

​

10. How to Collect Personal Information

​

The company collects users' personal information in the following ways.

1. A method in which users enter their personal information through services other than the homepage provided by the company, such as applications

​

​

11. Use of Personal Information

​

The company uses personal information in the following cases.

1. If necessary for the operation of the company, such as the delivery of notices

2. In the case of improving the service to users, such as responding to usage inquiries and handling complaints, etc

3. To provide the company's services

4. For new service development

5. For marketing purposes such as event and event guidance

6. For the analysis of demographic analysis, service visits, and usage records

7. In the case of the formation of relationships between users based on personal information and interest

8. Restricting the use of members who violate laws and company terms, In the case of preventing and sanctioning acts that interfere with the smooth operation of the service, including fraudulent use

​

​

12. Period of retention and use of personal information

​

1. The company holds and uses personal information for the period to achieve the purpose of collecting and using personal information for the user's personal information.

2. Notwithstanding the preceding paragraph, the company shall keep records of fraudulent use of the service for up to one year from the time of membership withdrawal in order to prevent fraudulent subscription and use.

​

​

13. Period of retention and use of personal information pursuant to Acts and subordinate statutes

​

The company holds and uses personal information in accordance with relevant laws and regulations as follows.

1. Retained information and retention period under the Consumer Protection Act in Electronic Commerce, etc

   • Record of contract or withdrawal of subscription: 5 years

   • Record of payment and supply of goods: 5 years

   • Record of consumer complaints or disputes: 3 years

   • Marking and advertising records: 6 months

2. Retained information and retention period under the Communications Secret Protection Act

   • Website Log Data: 3 Months

3. Retention information and retention period under the Electronic Financial Transactions Act

   • Record of electronic financial transactions: 5 years

4. Act on the Protection, Use, etc. of Location Information

   • Record of personal location information: 6 months

​

​

14. Principle of Destruction of Personal Information

​

In principle, the company shall achieve the purpose of processing the user's personal information, If personal information is not needed, such as the expiration of the retention and use period, the relevant information shall be destroyed without delay.

​

​

​

15. Processing of Personal Information for Non-User of Service

​

1. In principle, the company notifies users in advance of personal information of users who have not used the company's service for one year, destroys personal information, or stores it separately. 

2. The company will keep the personal information of users who have not been used for a long time separately and safely, and the user's notification will be sent to the e-mail address at least 30 days before the date of separate storage processing.

3. Long-term unused users can log in to the website (including the "mobile app") if they want to continue using the service before the company separates the unused DB separately.

4. Long-term unused users can restore their account with the consent of the user if they log in to the website.

5. The company will destroy the personal information stored separately for four years without delay.

​

​

16. Procedures for Destruction of Personal Information

​

1. The information entered by the user for membership registration is transferred to a separate DB after the purpose of processing personal information is achieved (in the case of paper, a separate document box) and is stored for a certain period of time according to the internal policy and other reasons for information protection under related laws (see retention and usage period).

2. The company destroys the personal information for which the reason for destruction has occurred after the approval procedure of the person in charge of personal information protection.

​

​

17. Method of Disclosing Personal Information

​

The company deletes personal information stored in the form of electronic files using a technical method that cannot be reproduced, and the personal information printed in paper is shredded with a shredder or destroyed through incineration.

​

​

18. Measures to Transmit Advertising Information

​

1. When the company uses electronic transmission media to transmit advertising information for commercial purposes, it receives explicit prior consent from the user. However, prior consent is not obtained in any of the following cases

   • Where the company collects contact information directly from the recipient through a transaction relationship of goods, etc., and intends to transmit advertising information for profit on goods, etc. of the same kind as the company processed and traded with the recipient within six months from the date of termination of the transaction

   • Where a telephone solicitor under the Door-to-Door Sales, etc. Act notifies the recipient of the source of personal information collection and recommends the telephone

2. Notwithstanding the preceding paragraph, the Company does not send advertising information for commercial purposes if the recipient expresses or withdraws prior consent, and notifies the result of the processing of rejection and withdrawal of consent.

3. Notwithstanding paragraph (1), the Company shall obtain separate prior consent from the recipient if it transmits commercial information for commercial purposes using electronic transmission media at 9 p.m. to 8 a.m. the following day.

4. When the company transmits advertising information for commercial purposes using electronic transmission media, the following matters are specifically disclosed in the advertising information.

   • Company name and contact information

   • Indication of matters concerning the declaration of intention to refuse to receive or withdraw consent to receive

5. The company does not take any of the following measures when transmitting advertising information for commercial purposes using electronic transmission media.

   • Measures to avoid or interfere with the rejection or withdrawal of consent from recipients of advertising information

   • Measures to automatically create a recipient's contact information, such as a phone number, e-mail address, by combining numbers, codes, or letters

   • Measures to automatically register phone numbers or e-mail addresses for the purpose of transmitting advertising information for commercial purposes

   • Various measures to hide the identity of the sender of advertising information or the source of advertising transmission

   • Various measures to induce a reply by deceiving the recipient for the purpose of transmitting advertising information for commercial purposes

​

​

19. Personal Information Protection of Children

​

1. In order to protect the personal information of children under the age of 14, the company allows membership registration only for users over the age of 14.

2. Notwithstanding paragraph 1, if the user is a child under the age of 14, the company receives consent from the child's legal representative to collect, use, and provide personal information of the child.

3. In the case of Paragraph 2, the company additionally collects the legal representative's name, date of birth, gender, duplicate subscription confirmation information (ID), and mobile phone number.

​

​

20. Withdrawal of consent to inquire and collect personal information

​

1. Users and legal representatives can inquire or modify their registered personal information at any time and request withdrawal of consent to collect personal information.

2. To withdraw their consent to collecting subscription information, users and legal representatives contact the person in charge of personal information protection or the person in charge by telephone or e-mail address, and the company will take action without delay.

​

​

21. Change of Personal Information, etc.

​

1. The user may request the company to correct the error in personal information through the method described in the preceding article.

2. In the case of the preceding paragraph, the company will not use or provide personal information until the correction of personal information is completed, and if the wrong personal information has already been provided to a third party, the correction processing result will be notified to the third party without delay so that the correction can be made.

​

​

22. Obligation of Users

​

1. Users must keep their personal information up to date, and the responsibility for problems caused by the user's inaccurate input of information rests with the user himself.

2. In the case of membership registration that steals other people's personal information, user qualifications may be lost or punished by related personal information protection laws.

3. The user is responsible for maintaining the security of e-mail addresses, passwords, etc., and cannot transfer or lend them to a third party.

​

​

23. Management of Personal Information of Companies

​

In processing users' personal information, the company is taking technical and administrative protection measures as follows to ensure safety to prevent personal information from being lost, stolen, leaked, altered, or damaged.

​

​

24. Processing of Deleted Information

​

The company processes personal information terminated or deleted at the request of the user or legal representative in accordance with the "Personal Information Retention and Use Period" collected by the company and cannot be viewed or used for other purposes.

​

​

25. encryption of passwords

​

The user's password is stored and managed by encrypting in one direction, and personal information can only be verified and changed by the person who knows the password.

​

​

26. Measures against hacking, etc.

​

1. The company is doing its best to prevent users' personal information from being leaked or damaged by intrusion into information and communication networks such as hacking and computer viruses.

2. The company uses the latest vaccine program to prevent users' personal information or data from being leaked or damaged.

3. The company is committed to security with intrusion prevention systems, just in case.

4. The company makes it possible to safely transmit sensitive personal information (if you have it) over the network through encrypted communication.

​

​

27. Minimization and Education of Personal Information Processing

​

The company limits the number of people in charge of handling personal information to a minimum and emphasizes compliance with laws and internal policies through administrative measures such as training for personal information controllers.

​

​

28. Measures against Personal Information Disclosure, etc.

​

When the company becomes aware of the loss, theft, or leakage of personal information (hereinafter referred to as "leakage, etc."), it shall notify the relevant user of all the following matters without delay and report them to the Korea Communications Commission or the Korea Internet & Security Agency.

1. Personal information items leaked, etc

2. the time when leaks, etc. have occurred

3. Actions that the user can take

4. Countermeasures by Information and Communication Service Providers, etc

5. Department and contact information for users to receive consultations, etc

​

​

29. Exceptions to Measures for Disclosure of Personal Information, etc.

​

The company may take measures to replace the notice of the preceding article by posting it on the company's website for at least 30 days if there is a justifiable reason, such as not knowing the user's contact information despite the preceding article.

​

​

30. Protection of Personal Information Transfer to Foreign Countries

​

1. The company does not enter into an international contract regarding the user's personal information that violates related laws such as the Personal Information Protection Act.

2. The company obtains the consent of the user to provide the user's personal information abroad (including when inquired), entrust and store the processing (hereinafter referred to as "transfer"). However, if all matters referred to in paragraph 3 of this Article are disclosed in accordance with relevant laws such as the Personal Information Protection Act or notified to the user according to the method prescribed by Presidential Decree such as e-mail, consent procedures under consignment and storage of personal information may not be performed.

3. In order to obtain consent under the main text of paragraph 2 of this Article, the Company shall notify the user of all of the following matters in advance.

   • Personal Information Item Transferred

   • Country where personal information is transferred, date and time of transfer, and method of transfer

   • The name of the person who receives the personal information (referring to the name of the corporation and the contact information of the person in charge of information management)

   • Purpose of use and retention and period of use of personal information of a person who receives personal information transfer

4. If the company transfers personal information abroad with consent pursuant to the main text of paragraph 2 of this article, it shall take protective measures in accordance with relevant laws such as the Presidential Decree of the Personal Information Protection Act.

​

​

31. User's right to install cookies

​

1. Users have the option of installing cookies. Therefore, you can either allow all cookies by setting options in your web browser, go through verification whenever they are saved, or refuse to save all cookies.

2. However, if you refuse to save cookies, some services from companies that require login may be difficult to use.

​

​

32. Method of Designating Allowing Cookie Installation

​

Here's how to specify whether to allow cookie installation (for Internet Explorer).

1. From the Tools menu, select Internet Options.

2. Click the Privacy tab.

3. You can set it in the Advanced setting.

​

​

33. Designation of the Company's Privacy Officer

​

1. In order to protect the personal information of users and to handle complaints related to personal information, the company has designated relevant departments and personal information protection officers as follows.

   • a privacy officer

     • Name: Kim Young-il

     • Email: daniel.k.rhyme@gmail.com

2. The company operates a department dedicated to personal information protection to protect personal information, and we are doing our best to check the implementation of the personal information processing policy and compliance with the person in charge to resolve and correct problems immediately.

​

​

Supplementary Provisions

 

This policy will take effect from October 23, 2023.