Buzzvil Co., Ltd., (Hereinafter, the “Company”) considers the personal information of users to be very important. This Privacy Policy sets forth in detail the main policies for protecting personal information that are applied to the data that the Company collects through Buzzvil's advertising network business (the “Business”).
1. Data to be collected and collection method
The Company does not collect or store personal information that can be used to identify a specific individual, including, but not limited to, name, phone number, email, and health status.
The Company automatically collects the following anonymous data during the course of business to achieve the purposes of use as specified in Article 3. Some information is collected directly with user consent.
Device identifiers defined as non-personal data, such as point affiliates' user identifiers, Google advertising IDs (GAID), Android IDs, advertiser identifiers (IDFA), vendor identifiers (IDFV), cookies, etc., as well as IP addresses and package lists
Gender, birth year, local information, language used, device manufacturer, device name, carrier used, OS version, user agent, resolution, time zone, service usage record, WIFI connection status, etc.
3. Purposes of use
The Company uses the collected data for the following purposes:
For posting customized, interest-based advertising based on the inferred interests and preferences of individuals, and for analyzing advertising effects;
For responding to requests for customer support and solving any customer support problems accurately;
For limiting the number of impressions of posted advertisements (to prevent users from viewing the same advertisement multiple times), tracing conversions (to allow users to receive points for the advertisements they have participated in), reporting, securing and defecting fraud; and
For improving other business.
4. Data sharing with third parties
In principle, the Company does not provide user information to third parties without prior consent. However, data may be shared for the smooth business operation of the Company and compliance with related laws as follows:
Sharing with advertisers and affiliates for the purpose of measuring advertisement performance, making settlements, providing customized advertisements or responding to customer services
The request of an investigative agency under the procedures and methods prescribed by law
5. Data security and storage
The Company considers the security of customer information to be very important. The Company secures data through industry-standard security measures, including the use of firewalls and encryption, and retains data for as long as it is required for any of the below.
To complete the provision of customer support services
To comply with applicable legal and regulatory obligations
To prevent unauthorized use or abuse by unauthorized businesses and re-registration of illegal members
To present such data in disputes between users or other disputes
6. Other important information
The Company does not collect data on children aged 13 or under, and does not targeting those aged 13 or under with advertisements.
If you have any questions about this Privacy Policy, please contact us using the contact information below.
Email: contact@buzzvil.com Address: 3F, Daelim Building, 272 Seokchonhosu-ro, Songpa-gu, Seoul, Republic of Korea
7. Amendments to the Privacy Policy
The Company may amend this Privacy Policy for various reasons, including for improving procedures for handling the personal information of users, for reflecting changes to the Company's business, or for complying with relevant laws and regulations. If the Company amends this Privacy Policy, the Company will notify users of such amendment through the Business‘s services or by using other reasonable means 7 days of more before the effective date of the amendment. However, if there is any important change in the rights or obligations of users, the Company will notify user of such change no less than 30 days before it goes into effect.<Announced on October 5, 2020 (Enforced on October 5, 2020)>
Appendix to the Privacy Policy for Korean Users
The Company provides the Privacy Policy to transparently provide what data of users is collected, how such collected data is used, with whom the data is shared (“consignment” or “provision”) if necessary and when and how data that have achieved its purpose of use is destroyed. In addition to general content and principles, this Appendix provides information on additional matters required by the information protection-related regulations of the Republic of Korea.
1. Consignment of personal information handling
The Company consigns personal information to improve business quality as follows and required matters are set forth to safely manage personal information subject to consignment agreements in accordance with relevant laws and regulations:
The consignment agency for handling personal information and the consignment content of the Company shall be as follows:
Consignee: AWS
Consignment content: Operation and management of the cloud server
2. Period of retention and use of personal information
The Company retains and uses collected information only for the period required to provide business services. However, information that must be kept according to relevant laws and regulations (not limited to the examples below) will be retained for the period specified by the relevant laws and regulations and shall be used within the scope of the purpose.
A. Subscriptions and management of business members
Subscription information of members
Purpose of retention: To prevent re-subscription after withdrawal of members who have lost their qualification
Retention period: 30 days
History of measures taken against illegal use by members
Purpose of retention: To prevent the recurrence of malicious use by members
Retention period: 6 months
In the case of any of the following reasons, until the termination of the reason
In the case of an investigation or inspection for violations of related laws and regulations, until the investigation or inspection is closed
In the case of a remaining claim and obligation relationships resulting from the use of the Business, until the settlement of such relationship
B. Provision of goods or services
Records on contract or subscription withdrawal
Ground for retention: Act on the Consumer Protection in Electronic Commerce, Etc
Retention period: 5 years
Records on payment and supply of goods
Ground for retention: Act on the Consumer Protection in Electronic Commerce, Etc.
Retention period: 5 years
Records on consumer complaints or dispute handling
Ground for retention: Act on the Consumer Protection in Electronic Commerce, Etc.
Retention period: 3 years
Records related to use for the Business
Ground for retention: Protection of Communications Secret Act
Retention period: 3 months
3. Matters concerning the installation, operation and rejection of automatic personal information collection devices
The company automatically collects the information specified in Article 2 of this text to achieve the Purposes of use specified in Article 3 of this text.
If the user refuses the automatic collection of the information, he or she may be restricted from the use of the company‘s services.
4. Analysis of business use records
The Company uses advertising identifiers of users and analysis software to provide suitable and more useful services to users.
Advertising identifiers may be rejected or reset to prevent them from being used for interest-based advertising by changing the settings of the device to a non-persistent and non-personal identifier, such as an Android advertising ID or Apple advertising ID, and this cannot be not used to connect with personal information or identify individuals.
Analysis software is used to analyze information that is automatically generated when a user visits a website or uses a mobile service, and it may be refused by the user.
Rejecting the collection of advertising identifiers
For Android [Settings -> Google -> Ads] or [Settings -> General -> Account & Sync -> Google -> Personal Information and Protection of Personal Information->Advertising Settings]
5. Destruction of personal information
When personal information becomes unnecessary due to the expiration of the personal information retention period and the achievement of the processing purpose, the Company destroys the personal information without delay in such a way that it cannot be recovered or reproduced.
If the personal information retention period for which the Company has obtained consent from its members expires, or if the personal information must be retained in accordance with relevant laws and regulations despite the achievement of the purpose of use, the personal information may be transferred to separate database (DB) or retained in a different storage location.
The procedure and method of destroying personal information are as follows:
Destruction procedure The Company selects personal information which has been slated for destruction and destroys it.
Destruction method The Company takes the following measures when completely destroying (by incineration or shredding), deleting or destroying part of the personal information with a dedicated device or when it is difficult to destroy the personal information by using said methods:
In the case of electronic files: After deleting the personal information, managing and supervising to prevent recovery and playback
In the case of other records, prints, documents, or other recording media: Deleting the relevant part by masking or punching
6. Members' rights, duties and exercise method
Members and their legal representatives (if the member is a child under the age of 14) may inquire, or request to modify or terminate the subscription of their own registered personal information or that of children under the age of 14 at any time with the privacy manager. (The name, contact information and email of the privacy manager must be written.)
Inquiries and requests for the modification of the personal information of members and their legal representatives may be made to the privacy officer of the Company in writing or by telephone, e-mail, fax, etc., and the Company takes measures without delay upon receipt thereof.
If a member requests the correction of an error in her or her personal information, the Company shall not use said personal information or provide it to a third party until the correction is completed. In addition, if incorrect personal information has already been provided to a third party by the Company, the Company will promptly notify the third party of the correction so that the correction can be made.
7. Measures to secure the safety of personal information
The Company has established and applies technical and administrative measures to protect its customers‘ personal information.
Technical measures The Company takes the following technical measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged in handling customers' personal information:
The personal information of customers is protected by a password, and important data is protected through a separate security function such as encrypting files and transmission data or using a file lock.
The Company uses anti-virus programs as a measure to prevent damage caused by computer viruses.
Anti-virus programs are updated regularly, and if a virus appears suddenly, a solution is provided as soon as it is available to prevent personal information from being breached.
The Company employs a security device (SSL) that can securely transmit personal information over the network using a cryptographic algorithm.
In preparation for external intrusions, such as hacking, the Company uses an intrusion prevention system and a vulnerability analysis system for each server to ensure security.
Administrative measures The Company restricts access to its customers‘ personal information to a minimum number of people. Those who fall under the minimum number of people are as follows:
Those who perform marketing directly to users;
Those, such as privacy officers and privacy managers, who perform personal information management tasks; and
Those who are inevitable for the handling of personal information for other business purposes.
Regular in-house training and outsourced training are provided for employees who handle personal information on the acquisition of new security technologies and obligations to protect personal information.
The Company has established internal procedures to prevent new employees from leaking information, such as by receiving a security pledge from those in charge of personal information and auditing implementation and compliance with the Privacy Policy.
The transfer of work of personal information-related handlers is carried out thoroughly while security is maintained and responsibility for personal information accidents after joining and leaving the Company is clarified.
Personal information and general data are not mixed but are stored separately.
Physical measures: Access control to the computer room, data storage room, etc.
8. Information on Privacy Officers
The Company designates a privacy officer responsible for the handling of personal information as follows in order to handle complaints and compensation for members related to the handling of personal information: