Sandwich Time Inc. (hereinafter “company”) complies with the personal information protection regulations in relevant laws of Republic of Korea stipulated in the 『Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.』 (hereinafter “Information and Communications Network Act”) and 『Personal Information Protection Act』 and it is doing its best to protect the rights and interests of users by setting forth the privacy policy in accordance with the Information and Communications Network Act. This privacy policy shall apply to all services such as the web provided by the company, and includes the following contents.
1. User’s Rights and How to Use Them
1.
Users can exercise their rights as the owner of the information at any time (access, correction, withdrawal of consent, and deletion of registered personal information), and request for access, provision, correction, withdrawal of consent, deletion (withdrawal), suspension of processing, and objection for the following matters.
•
User's personal information held by the company
•
Current status of the company using the user's personal information or providing it to a third party
•
Current status in which the user has provided consent to the collection, use, and provision of personal information
- View and edit : After sign in → Profile Menu → Edit Profile
- Delete and membership withdrawal : After sign in → contact CS center
- Withdrawal of consent (receiving event information) : After sign in → Profile Menu → Edit Profile
•
The company has a separate customer center for consultation and inquiries regarding this, and by contacting the person in charge of personal information protection by email or phone, actions will be taken without delay.
2.
Users can make requests for corrections of errors in personal information to the company.
2. User’s Obligations
1.
Users are obligated to protect their personal information, and the company shall not be responsible for problems arising from the user’s will or negligence, such as sharing ID/password, leaving the place while logged in, without causes attributable such as the company’s will or negligence.
2.
Users must keep their personal information up-to-date, and users shall be responsible for problems arising from entering incorrect information.
3.
In most cases, user’s ID/password should be used only by the user, and cannot be transferred or rented out to a third party. If someone signs up by using someone else’s personal information or makes purchases by stealing ID, he or she may be subject to loss of membership or punishment in accordance with relevant laws and regulations of Republic of Korea .
4.
After using the company's services, users must log out of their account and close the web browser program.
3. Matters Concerning Automatic Collection and Rejection of Personal Information
1.
“Cookies” are very small text files that the server used for running the website sends to the user’s browser, and they are stored and run on the user's computer.
2.
The company installs and runs cookies to provide personalized services for users.
3.
The company uses cookies to provide personalized services such as target marketing by analyzing users’ access frequency or visit time, track traces, and identifying usage patterns and interests, level of participation in various events, and the number of visits.
4.
Users have the choice of installing cookies, and they can allow or reject all cookies by selecting options by web browsers, or prompt for confirmation every time a cookie is saved. Here is how to set the authorization for installing cookies. However, if the user refuses to save cookies, there may be restrictions on the use of some services like services that require login.
•
Chrome : Settings → Select Show Advanced Settings → Set Personal Information-Contents → Cookie level setting
•
Edge : Settings → Cookies and site permissions → Manage and delete cookies and site data
•
Safari : Preference → Personal Information tab Cookie and website data level setting
•
Firefox : Options → Personal Information → History-Customized Settings → Cookie level setting
4. Collection of Personal Information and the Purpose of Use
1.
The company shall collect personal information with the consent of the user within the minimum scope for providing the service, and shall not refuse to provide the service because the user does not provide personal information other than the required minimum personal information. Also, all personal information collected shall be used only within the scope of the notified purpose, and personal information is collected and used as follows according to the type of service provided by the company.
2.
The company may collect personal information in the following ways, and when collecting personal information that can be personally identifiable, the company shall obtain consent from the user. If the user clicks the consent button or enters the additional personal information collected by the modification of member information and saves it, it is deemed to have agreed to collecting personal information.
•
Website, mobile app, written, fax, phone, customer service inquiry, entering events
•
Automatic collection through generated information collection tool
5. Provision of personal information to a third party
1.
The company shall use the personal information only within the range notified in the “Collection of Personal Information and the Purpose of Use,” and in most cases, it shall not provide the user’s personal information to the third party. However, the following cases shall be exempted.
•
If the user agrees to provide a third party to perform a transaction, only the minimum personal information necessary for service provision, and user identification and verification shall be provided to the service provider.
•
When there is a request from an investigative agency for investigation and research purposes in accordance with the procedures and methods prescribed by laws and regulations of Republic of Korea.
•
In the case of providing to advertisers, partners, research organizations, etc. for statistical writing, academic research, or market research in a form in which a specific individual cannot be identified
2.
Users may disagree with the provision of personal information to a third party and may withdraw their consent to the provision of personal information to third parties at any time. However, the use of some services based on the provision to third parties may be restricted (membership service is available).
6. Consignment of Personal Information Processing
In relation to the processing of personal information, the company consigns the following tasks and takes necessary measures to ensure that the personal information that is consigned in accordance with relevant laws and regulations of Republic of Korea can be managed safely. Also, the personal information consigned is limited to the minimum scope necessary to provide the service.
7. Retention and Usage Period of Personal Information
1.
According to how the user’s personal information is notified and consented, the company shall retain the information until the purpose of collection and use is fulfilled, or until the user makes the withdrawal request. However, if it needs to be stored by law, it shall be stored separately in a separate DB or table blocked from the outside.
2.
The company shall operate the personal information expiration date system (inactive account policy) based on the details defined below.
•
In accordance with Article 29 of the Information and Communication Network Act, membership information of users with no service record for more than one year shall be saved and managed separately from the membership information of general users.
•
The company shall notify users about this at least 30 days prior to turning inactive account via e-mail, etc.
•
Except for cases where there is a special regulation in the relevant laws and regulations of Republic of Korea, this personal information shall not be used or released.
•
Order, payment, and CS information shall be stored during the retention period of personal information in accordance with relevant laws of Republic of Korea, and then deleted.
8. Procedure and Method of Destroying Personal Information
1.
In most cases, the company shall destroy users’ personal information without delay when the purpose of collecting and using personal information is fulfilled. However, if it should be stored in accordance with other laws of Republic of Korea specified in 『7. Retention and Usage Period of Personal Information』 it shall be transferred to a separate DB, stored safely for a certain period in compliance with internal regulations and related laws of Republic of Korea, and destroyed without delay. At this time, personal information shall not be used for other purposes except for cases by law.
2.
The company shall destroy personal information by using the destruction method defined below.
•
Information in the form of electronic files shall be deleted completely by using technical methods so that it cannot be recovered and reproduced.
•
Personal information printed on paper shall be destroyed by shredding or incineration.
9. Matters Regarding Personal Information Protection Method
In processing users’ personal information, the company is seeking technical and managerial protection measures according to relevant laws of Republic of Korea such as the “Information and Communication Network Act” and “Personal Information Protection Act” which the information and communication service provider shall follow to secure safety so that the personal information is not lost, stolen, divulged, altered, or damaged.
10. Person in Charge of Personal Information Protection and Handling of User Grievances
Users can contact the person in charge of personal information protection and the customer center for all personal information protection-related complaints and complaints that have occurred during the use of the company’s services, and the company will respond promptly and faithfully to the users’ inquiries.
•
Person in charge: Customer Management Team
•
Contact number of person in charge: +82 2-3409-8244
11. Obligation to Notify Privacy Policy
This personal information processing policy shall be applied from the date of registration or revision. Upon having any additions, deletions, or corrections due to changes in relevant laws and company policies, the company will make notice in advance on the website or by e-mail.