Dream Bridge (hereinafter referred to as "the Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and smoothly handle related complaints.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
- Membership Registration and Management
Personal information is processed for the purpose of confirming membership intention, identifying and authenticating the individual according to the provision of membership services, maintaining and managing membership qualifications, preventing illegal use of services, and for various notices and notifications.
- Provision of Goods or Services
Personal information is processed for the purpose of providing services, content, personalized services, identity verification, and fee payment/settlement.
- Complaint Handling
Personal information is processed for the purpose of verifying the identity of the complainant, confirming the complaint, contacting/notifying for investigation, and notifying of processing results.
Article 2 (Processing and Retention Period of Personal Information)
- The Company processes and retains personal information within the personal information retention and use period according to statutes or the personal information retention and use period agreed upon when collecting personal information from the data subject.
- Each personal information processing and retention period is as follows.
- Membership Registration and Management: Until withdrawal from membership. However, in the following cases, until the termination of the relevant cause:
- - In the case of ongoing investigation for violations of relevant laws, until the end of the investigation
- - In the case of remaining credit/debt relationships following service use, until settlement of relevant credit/debt relationship
- Provision of Goods or Services: Until completion of supply of goods/services and completion of fee payment/settlement. However, in the following cases, until the end of the relevant period:
- - Records on display/advertising, contract details, and fulfillment in accordance with the Act on Consumer Protection in Electronic Commerce: 3 years
- - Records on payment and supply of goods: 5 years
- - Records on consumer complaints or dispute handling: 3 years
Article 3 (Items of Personal Information to be Processed)
The Company processes the following personal information items.
| Category | Collection Items | Purpose of Collection |
|---|
| Required Items | Email address, password, name (nickname) | Member identification, service provision |
| Optional Items | Profile image, affiliated school/institution | Provision of personalized services |
| Payment Information | Credit card information, payment records | Paid service payment |
| Automatic Collection | Access IP, cookies, access records, service use records, device information | Service improvement, prevention of illegal use |
Article 4 (Provision of Personal Information to Third Parties)
- The Company processes the data subject's personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the data subject or special provisions of laws.
- The Company does not currently provide personal information to third parties.
Article 5 (Consignment of Personal Information Processing)
The Company entrusts personal information processing tasks as follows for smooth handling of personal information tasks.
| Consignee | Consigned Task |
|---|
| Toss Payments | Payment processing and payment information management |
| Firebase (Google) | Data storage and authentication services |
| Vercel | Service hosting and operation |
When concluding a consignment contract, the Company specifies in documents such as a contract the prohibition of processing personal information other than for the purpose of performing the consigned task, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and matters concerning liability such as compensation for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the consignee safely processes personal information.
Article 6 (Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them)
- Data subjects may exercise their rights, such as requesting access to, correction of, deletion of, or suspension of processing of personal information, at any time against the Company.
- The exercise of rights pursuant to paragraph 1 may be done in writing, by e-mail, or by facsimile (FAX) in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take measures without delay.
- The exercise of rights pursuant to paragraph 1 may be done through a legal representative of the data subject or an agent such as a person who has been delegated. In this case, a power of attorney in accordance with Attachment 11 of the "Notice on Personal Information Processing Methods (No. 2020-7)" must be submitted.
- The request for access to and suspension of processing of personal information may be restricted in accordance with Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.
- The request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other statutes.
- The Company verifies whether the person making the request, such as a request for access, request for correction/deletion, or request for suspension of processing according to the rights of the data subject, is the person themselves or a legitimate agent.
Article 7 (Destruction of Personal Information)
- The Company destroys personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the purpose of processing.
- If it is necessary to continue to preserve personal information in accordance with other statutes despite the expiration of the personal information retention period agreed upon by the data subject or the achievement of the purpose of processing, the personal information is moved to a separate database (DB) or preserved in a different storage location.
- The procedures and methods for destroying personal information are as follows:
- Destruction Procedure: The Company selects personal information for which the cause of destruction has occurred and destroys the personal information with the approval of the Company's personal information protection officer.
- Destruction Method: Information in the form of electronic files uses a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by shredding with a shredder or by incineration.
Article 8 (Measures to Ensure the Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information.
- Minimization and training of employees handling personal information: We are implementing measures to manage personal information by designating employees who handle personal information and limiting them to the person in charge.
- Technical measures against hacking, etc.: In order to prevent leakage and damage of personal information caused by hacking or computer viruses, the Company installs security programs, periodically updates and inspects them, and installs systems in areas where access from the outside is controlled, and monitors and blocks them technically/physically.
- Encryption of personal information: The personal information of users is stored and managed with passwords encrypted, so only the person themselves can know it, and important data uses separate security functions such as encrypting files and transmitted data or using file locking functions.
- Retention of access records and prevention of forgery/alteration: We store and manage records of access to the personal information processing system for at least one year and use security functions so that access records are not forged, altered, stolen, or lost.
- Access control for unauthorized persons: We have a separate physical storage place for personal information and have established and operated access control procedures for it.
Article 9 (Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
- The Company uses 'cookies' to save and frequently bring up usage information to provide individual customized services to users.
- Cookies are a small amount of information sent to the user's computer browser by the server (http) used to operate the website and are also stored on the hard disk in the user's PC computer.
- Purpose of using cookies: It is used to provide optimized information to users by identifying the visit and transition types, popular search terms, secure access, etc. for each service and website visited by the user.
- Installation, operation, and refusal of cookies: You can refuse to store cookies through option settings in the Tools -> Internet Options -> Privacy menu at the top of the web browser.
- If you refuse to store cookies, difficulties may occur in using customized services.
Article 10 (Privacy Officer)
The Company is responsible for the overall handling of personal information and has designated a personal information protection officer as follows to handle complaints and remedy damages of data subjects related to personal information processing.
Personal Information Protection Officer
- Name: Chang-jun Lee
- Position: CEO
- Contact: 070-4517-9006
- Email: duoenjia8@gmail.com
Data subjects may contact the personal information protection officer for all inquiries related to personal information protection, complaint handling, damage relief, etc., that occur while using the Company's services (or business). The Company will respond to and process the inquiries of data subjects without delay.
Article 11 (Remedies for Infringement of Rights and Interests)
Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, etc., to receive relief from personal information infringement. For other reports and consultations on personal information infringement, please contact the following organizations.
- Personal Information Dispute Mediation Committee: (no area code) 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: (no area code) 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: (no area code) 1301 (www.spo.go.kr)
- National Police Agency: (no area code) 182 (ecrm.cyber.go.kr)
A person whose rights or interests have been infringed by a disposition or omission made by the head of a public institution in response to a request under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may request an administrative appeal as prescribed by the Administrative Appeals Act.
Article 12 (Change of Privacy Policy)
This Privacy Policy is applied from January 1, 2024. Previous privacy policies can be checked below.
This Privacy Policy shall take effect on January 1, 2024.