privacy policy

Article 1 [Purpose)

Diff Day (hereinafter referred to as ‘Company’) protects the information (hereinafter ‘personal information’) of individuals (hereinafter ‘users’ or ‘individuals’) who use the services (hereinafter ‘Company Services’) that the Company intends to provide. In order to comply with related laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the 'Information and Communications Network Act'), and to promptly and smoothly handle service users' grievances related to personal information protection, as follows: Together, we establish a personal information processing policy (hereinafter referred to as “this policy”).

Article 2 (Principles of personal information processing)

In accordance with personal information-related laws and this policy, the company may collect users' personal information, and the collected personal information may be provided to third parties only with the individual's consent. However, if legally enforced by laws, regulations, etc., the company may provide the collected user's personal information to a third party without the individual's prior consent.

Article 3 (Disclosure of this policy)

1. The company discloses this policy through the first screen of the company website or a link to the first screen so that users can easily check this policy at any time.
2. When disclosing this policy in accordance with Paragraph 1, the Company uses font size, color, etc. to enable users to easily check this policy.

Article 4 (Changes to this policy)

1. This policy may be revised in accordance with changes in personal information-related laws, guidelines, notices, or policies or contents of government or company services.
2. If the company revises this policy in accordance with Paragraph 1, it will announce it in one or more of the following ways.
   1. A method of making announcements through the notice section on the first screen of the company's Internet homepage or through a separate window.
   2. Method of notifying users in writing, facsimile, e-mail, or similar methods
3. The company will announce the notice in Paragraph 2 at least 7 days prior to the effective date of the revision of this policy. However, if there are significant changes to user rights, notice will be provided at least 30 days in advance.

Article 5 (Information for membership registration)

The company collects the following information for users to register for the company's services.

1. Required information collected:  Email address
2. Optional information collected: name, nickname, profile picture 

Article 6 (Information for identity verification)

The company collects the following information to verify the user's identity.

1. Required information collected:  Email address 

Article 7 (Information for providing company services)

The company collects the following information to provide the company's services to users.

1. Required information collected:  ID, email address and name
2. Optional Information We Collect:   Profile Picture

Article 8 (Information to confirm service use and fraudulent use)

The company collects the following information for statistics and analysis of users' use of the service and for confirmation and analysis of illegal use. (Fraudulent use refers to the act of illegally or illegally receiving economic benefits such as discount coupons and event benefits provided by the company, such as repeatedly re-registering after withdrawing membership, canceling purchases after purchasing a product, etc., acts prohibited by the Terms of Use, etc. , refers to illegal and illegal acts such as identity theft, etc.)

1. Required information collected:  Device information
2. Optional Information We Collect: Device Settings Language

Article 9 (Personal Information Collection Method)

The company collects users’ personal information in the following ways.

1. How users enter their personal information on the company’s website
2. A method in which users enter their personal information through services other than the website provided by the company, such as applications
3. A method where a user receives an email sent by the company and enters personal information
4. Method provided through a third-party authentication platform such as Google or Apple

Article 10 (Use of personal information)

The company uses personal information in the following cases.

1. When necessary for company operation, such as delivery of notices
2. To improve services for users, such as responding to usage inquiries and handling complaints
3. To provide the company's services
4. To prevent and sanction actions that interfere with the smooth operation of the service, including restrictions on use of members who violate laws and company terms and conditions, and fraudulent use.
5. For new service development
6. For marketing purposes such as event and event information
7. For demographic analysis and analysis of service visit and usage records
8. For the formation of relationships between users based on personal information and interests

Article 11 (Retention and use period of personal information)

1. The company retains and uses users' personal information for a period of time to achieve the purpose of collection and use of personal information.
2. Notwithstanding the preceding paragraph, the Company, in accordance with its internal policy, retains records of unauthorized use of the service for up to one year from the time of membership withdrawal to prevent unauthorized registration and use.

Article 12 (Retention and use period of personal information in accordance with laws)

The company retains and uses personal information as follows in accordance with relevant laws and regulations.

1. Information retained and retention period in accordance with the Act on Consumer Protection in Electronic Commerce, etc.
   1. Records on contracts or subscription withdrawals, etc.: 5 years
   2. Records of payment and supply of goods, etc.: 5 years
   3. Records of consumer complaints or dispute resolution: 3 years
   4. Records of labeling and advertising: 6 months
2. Information retained and retention period in accordance with the Communications Secrets Protection Act
   1. Website log record data: 3 months
3. Information and retention period according to the Electronic Financial Transactions Act
   1. Records of electronic financial transactions: 5 years
4. Act on the Protection and Use of Location Information, etc.
   1. Records of personal location information: 6 months

Article 13 (Principle of destruction of personal information)

In principle, when personal information is no longer needed, such as when the purpose of processing a user's personal information has been achieved or when the retention/use period has expired, the company destroys the information without delay.

Article 14 (Personal Information Destruction Procedure)

1. The information entered by the user for membership registration, etc. is transferred to a separate DB (in the case of paper, a separate filing cabinet) after the purpose of personal information processing is achieved (retention and use period) in accordance with the internal policy and other relevant laws and regulations for information protection reasons. (Reference) It is stored for a certain period of time and then destroyed.
2. The company destroys personal information that has grounds for destruction through the approval process of the personal information protection manager.

Article 15 (Method of destroying personal information)

The company deletes personal information stored in electronic file format using technical methods that render the record unrecoverable, and personal information printed on paper is destroyed by shredding or incineration.

Article 16 (Measures to transmit advertising information)

1. When transmitting advertising information for commercial purposes using electronic transmission media, the company obtains the user's explicit prior consent. However, prior consent will not be obtained in any of the following cases:
   1. If the company collects contact information directly from the recipient through a transaction relationship for goods, etc., and if the company intends to transmit for-profit advertising information about goods of the same type as those processed and transacted with the recipient within 6 months from the end of the transaction
   2. When a telephone solicitation seller pursuant to the Act on Door-to-Door Sales, etc. informs the recipient of the source of personal information collection and makes a telephone solicitation.
2. Notwithstanding the preceding paragraph, if the recipient expresses an intention to refuse receipt or withdraws prior consent, the Company will not transmit commercial advertising information for commercial purposes and will notify the recipient of the processing results for refusal to receive receipt or withdrawal of consent.
3. Notwithstanding Paragraph 1, if the Company transmits advertising information for commercial purposes using electronic transmission media between 9:00 PM and 8:00 AM the next day, separate prior consent is obtained from the recipient.
4. When transmitting advertising information for commercial purposes using electronic transmission media, the company specifically discloses the following information in the advertising information.
   1. Company name and contact information
   2. Indication of matters regarding refusal to receive or withdrawal of consent to receive.
5. When transmitting advertising information for commercial purposes using electronic transmission media, the Company will not take any of the following measures.
   1. Measures to avoid or prevent recipients of advertising information from opting out of receiving it or withdrawing their consent to receive it.
   2. A measure to automatically create the recipient's contact information, such as a phone number or e-mail address, by combining numbers, symbols, or letters
   3. Measures to automatically register phone numbers or e-mail addresses for the purpose of transmitting commercial advertising information
   4. Various measures to hide the identity of the transmitter of advertising information or the source of advertisement transmission
   5. Various measures to induce a response by deceiving recipients for the purpose of transmitting advertising information for commercial purposes

Article 17 (User Obligations)

1. Users must keep their personal information up to date, and they are responsible for any problems that arise from entering inaccurate information.
2. If you register as a member using someone else's personal information, you may lose your user status or be punished under relevant personal information protection laws.
3. Users are responsible for maintaining the security of their e-mail address, password, etc., and may not transfer or rent it to a third party.

Article 18 (Company’s personal information management)

When processing users' personal information, the company is taking necessary technical and managerial protection measures to ensure the safety of personal information so that it is not lost, stolen, leaked, altered, or damaged.

Article 19 (Processing of Deleted Information)

The company processes personal information that has been canceled or deleted at the request of the user or legal representative as specified in the “Retention and Use Period of Personal Information” collected by the company and processes it so that it cannot be viewed or used for any other purpose.

Article 20 (Encryption of password)

The user's password is stored and managed through one-way encryption, and personal information can only be confirmed or changed by the person who knows the password.

Article 21 (Measures against hacking, etc.)

1. The company is doing its best to prevent users' personal information from being leaked or damaged due to information and communication network intrusions such as hacking and computer viruses.
2. The company uses the latest anti-virus programs to prevent users' personal information or data from being leaked or damaged.
3. The company is doing its best for security by using an intrusion prevention system to prepare for any emergency.
4. The company ensures that sensitive personal information (if it is collected and retained) can be safely transmitted over the network through encrypted communication.

Article 22 (Minimization of Personal Information Processing and Training)

The company limits the number of people in charge of processing personal information to a minimum and emphasizes compliance with laws and internal policies through administrative measures such as training for personal information processors.

Article 23 (Matters regarding installation, operation and refusal of automatic personal information collection devices)

1. The company uses an automatic personal information collection device (hereinafter referred to as “cookies”) to store and frequently retrieve usage information in order to provide individualized services to users. Cookies are a small amount of information that the server (http) used to run the website sends to the user's web browser (including PC and mobile) and are sometimes stored in the user's storage space.  
2. Users have the option to install cookies. Therefore, users can allow all cookies by setting options in their web browser, confirm each time a cookie is saved, or refuse to save all cookies.
3. However, if you refuse to store cookies, you may have difficulty using some of the company's services that require login.

Article 1 This policy is effective from April 13, 2024. It will be implemented from now on.

Article 2 The personal information processing policy before revision can be found here .