Article 1 Objective
1. Dear U (hereinafter referred to as “The Company”) values personal information of members when providing Lysn services (hereinafter referred to as "The Services") to members, and makes utmost efforts to effectively manage and safely protect personal information of members
2. The company complies with laws and regulations regarding personal information protection such as Act on Promotion of Information and Communications Network Utilization.
4. The company posts these policies on the Lysn service screen for members to read them any time.
Article 2 Personal information to be collected and the collection method
1. The company prepares a procedure for members to consent to terms and conditions of service, and collection and usage of personal information when members sign up for the services. If the members select ‘consent’, then it is considered that the members agree to collect and use their personal information.
2. The company may collect personal information as follows to provide services and implement the contract such as consulting about member registration and service application, etc.
(1) Common items for members
- Required items: email account, password (saved after encryption in order to prevent decryption), profile name, mobile phone number, service version, OS, OS version, device model name, device's unique ID (ID randomly assigned to a member’s device by the company), language, region, country and time zone
- Optional items: Name and phone numbers saved in the contacts book of devices, profile photographs (including meta information), status messages, purchase histories of paid services for items or goods, and location information
(2) The identification of a legal representative (of 'Minor Members' under the age of 14)
- Required items: legal representative’s (or guardian’s) name, e-mail address, mobile phone number, SMS verification, and the consent date and Service the representative agrees for Minor Members to use
(3) Additional items to be collected when signing up for fan club community
- Required items: real name, DOB, gender, address, fan club members number (number randomly assigned to a fan club member by the company)
- Optional items: address, occupation
3. The company may collect automatically generated information such as service usage log, connection log, cookie, IP information, ID or payment records in the course of service usage.
4. The company collects personal information in the following method.
(1) Sign-up, service inquiry, event participation, delivery request, etc.
(2) Collection through information collector tools.
Article 3 Purposes of collecting and using personal information
The company uses the collected personal information for the following purposes.
1. Provision of functions to add and register friends automatically
(1) Provision of functions to add and register friends automatically by collecting and using the telephone number of members, and names and telephone numbers of third parties saved in address book of devices
2. To implement contracts regarding provision of services
(1) Provision of contents, making and delivery of goods
3. Member management
(1) Prevention of illegal use and unauthorized use under membership services, checking out duplicate registration, confirmation of intention to sign up, preservation of records for dispute mediation, complaint handling and delivery of notification
(2) Confirmation of legal representative's consent for collecting personal information of Minor Members under the age of 14, confirmation of legal representative's identity, preservation of records for dispute settlement, handling inquiry including complaints, notifying announcements, confirmation of membership withdrawal
4. Marketing and advertisement
(1) Development of new services, provision of customized services, service provision and advertisement according to statistics, verification of service effectiveness, access frequency identification, statistics regarding members’ service use, and provision of event and advertising information and participation opportunity
Article 4 Sharing and providing personal information
1. The company uses personal information of users within the range specified in “2. Purposes of collecting and using personal information”. The company does not use the information out of the range without prior consent of users, and does not disclose personal information of users to third parties. Provided, however, following cases are exceptional.
(1) In case users agree to disclose their personal information in advance
(2) In case it is required by laws and regulations, or investigative agency requests according to procedures and methods specified in laws and regulations
2. The company provides personal information to third parties as follows only when members agree to it.
Information to be provided
Purpose of provision
Retention and usage period
|SM Entertainment Co., Ltd||① E-mail account ② Cell phone number ③ Additional information collected when joining official fan club||Using Marketing related information||Period of service|
|SK Telecom Co., Ltd||Cell phone number||To verify SKT tickets and to send the Marketing related information via identify SKT Members||Destroyed without delay if the purpose of use is achieved or the member requests deletion|
3. Retention and usage period for information: Personal information will be retained and used for one year after the transaction between the user and the service provider is terminated. After the transaction is terminated, personal information is retained and used only for the necessities to investigate financial incident, resolve disputes, handle complaints and implement legal obligations related to the purposes set forth above.
Article 5 Trust management of the collected personal information
1. The company entrusts personal information to a company specialized in information processing in order to enhance the services. The company makes service providers to strictly observe instructions related to personal information, maintain secret for personal information and prohibit from providing personal information to third parties, clearly specifies responsibilities when incidents occur through a trust agreement and stores the agreement in writing in order to secure safe trust management.
2. The trust institution and entrusted works related to personal information are as follows.
SUREM CO., Ltd.,
Upon withdrawal from membership or
ACE membership code product sale agent, ACE Membership card making and packaging of goods (membership cards, etc.), shipping, reimbursement procedure agent, request for preemption event.
AMAZON Web Service
Transmit, process and store personal information acquired or generated by the user to the cloud service. (however, AMAZON Web Service conducts physical management of the server only and does not access to personal information of members)
|Korean Corporate Call Center||Customer service|
Article 6 Retention and usage period for collected personal information
1. If a member cancel membership or member account is deleted due to false personal information, any collected personal information will be completely deleted and not used for any purposes whatsoever.
(1) Following information will be destroyed after one year of retention period under internal policy.
- Unauthorized usage records
- Email account is encrypted and stored (for instruction mail and CS respond after withdrawal)
(2) Following information will be destroyed after 6 months of retention period under internal policy.
- Device ID and phone number are encrypted and stored.(To comply with community rejoining regulations and avoid double signup)
(3) Following items are destroyed after being stored for a certain period pursuant to the Act on Consumer Protection in Electronic Commerce, etc. (Retention period)
- Records related to contracts or withdrawal of subscription (5 years)
- Records for payment and supply of goods (5 years)
- Records related to consumer’s complaints or disputes (3 years)
- Records for presentation/advertisement (6 months)
(4) All books and evidential documents for transactions prescribed by the Tax Law under the Basic Act for National Taxes will be destroyed after five years of retention period.
(5) Records on electronic financial transaction will be destroyed after five years of retention period according to the Electronic Financial Transaction Act
(6) Service access records are destroyed after three months of retention period according to the Protection of Communications Secrets Act.
(7) Information of a legal representative provided for the consent to collecting personal information of a Minor Member under the age of 14 shall be kept until the Minor Member becomes 14 years of age or older and shall be destroyed accordingly.
Article 7 Destruction procedure and method of personal information
1. The company immediately destroys personal information after retention period has been elapsed or the purposes of collecting and using personal information are accomplished.
2. Destruction procedure
(1) In general, information entered by members for sign-up, etc. will be destroyed immediately after the purposes of collecting and using personal information are accomplished, and will not be used for the other purposes unless it is required by laws.
3. Destruction methods
(1) Printed personal information is shredded by a shredder or incinerated. Personal information saved in electronic file type will be deleted by technical method that does not allow recovery of data.
Article 8 Rights of members and exercising the rights
1. Members (if a member is under 14 years old, then his/her legal representative) always can verify, inquire or amend their personal information, and request cancellation or suspension of processing personal information. Provided, however, in these cases, whole or part of the services may be restricted.
3. If members request correction or deletion of their personal information, the company takes necessary actions immediately after verifying their identification. Moreover, if it falls under Article 20 Paragraph 1 (Restriction of use, etc.) of the Terms of Conditions of Uses, personal information such as member's account may be destroyed under determination of the person in charge of personal information.
4. If members request correction for an error, such personal information will not be used or provided until the correction is finished. In addition, if wrong personal information is already given to any third parties, the result of the correction will be notified to the third parties promptly to make the correction.
6. The rights specified in Paragraph 1 and 2 can be exercised through writing or email by representative such as legal representative or mandatee. In this case, power of attorney shown in the Appendix No. 11 of the Enforcement Regulations of the Personal Information Protection Act shall be submitted.
Article 9 Technical and management measures to protect personal information
The company takes the following technical and management measures to secure safety and prevent loss, theft, leakage, falsification or damage when handling members’ personal information.
1. Technical measures
(1) The company makes best efforts to prevent members’ personal information from being leaked or damaged by hacking or computer viruses. It frequently backs up data in preparation for the case where personal information is damaged, uses the most recent vaccine program to prevent users’ personal information from being leaked or damaged, uses encrypted communication to safely transmit personal information in the network, and uses intrusion blocking system to control unauthorized access from third parties. The company is striving to have all kinds of technical devices as much as possible in order to establish a secured system.
2. Management measures
Article 10 Installation/operation of automatic collector of personal information and refusal
The company installs/operates cookies in order to support faster web environment to members.
Members can refuse to install cookies.
1. What is a cookie?
(1) Cookie is a small text file sent from a server operating websites to the browser of a user. Cookie is installed in a storage of a user's device.
(2) The cookie does not collect personally identifiable information, and users can refuse to save a cookie or delete it anytime.
2. Purposes of a cookie
(1) The company can support faster and more convenient web environment for users by saving settings or preferred pages designated by users through the cookie.
(2) The company may easily understand taste/interests of users through a cookie, and utilize it to provide appropriate service to users.
3. Installation, operation of cookie and refusal
(1) Users have an option to install cookie.
(2) User can allow all cookies through option settings of web browser and OS, or allow cookies whenever they are installed, or refuse the installation of all cookies. However, if users refuse to install cookies, it may be inconvenient to use the website, and it may be difficult to use some services requiring login.
(3) Settings by browsers
- Internet Explorer: Tools menu in the upper side of web browser > Internet option > Personal information > Settings
- Chrome: Settings in the right side of web browser > Advanced settings in the bottom of the screen > Contents settings button of personal information > Cookies
Article 11 Linked Sites
Article 12 Person responsible for personal information management
The company designates a person responsible for management of personal information in order to collect opinions regarding personal information and address claims regarding such information.
1. Person responsible for personal information management
(1) Company/Service: Dear U Co., Ltd.
(2) Name: Hakhee Lee
(3) Position: Vice President
(4) E-Mail : email@example.com
2. Customer Service
(1) Company/Service : Dear U
(2) Department in charge : Service Operation Team
(3) E-Mail : firstname.lastname@example.org
(4) Telephone : 070-4370-4523
3. Working hours of the person in charge of management of personal information
(1) Weekdays: 10:00~19:00, Break time: 12:00~13:00
(2) The company will be closed on weekends and holidays.
4. Organizations for reporting or consulting on other infringement of personal information
(1) Korea Internet & Security Agency (KISA) (https://privacy.kisa.or.kr/)
(2) High-tech and financial crimes investigation division, Supreme Prosecutors’ Office (http://www.spo.go.kr / 02-3480-2000)
(3) Cyber Terror Response Center, National Police Agency (http://cyberbureau.police.go.kr/ / 02-3150-2659)
2. Even though the company notifies that it will be considered that the users accept the amendments if the users do not express intention of refusal before the effective date of amendments, when notifying as stated in Paragraph 1, if the users do not explicitly express the intention of refusal, it will be considered that the users have agreed on the amendments.
3. When the company additionally collect personal information from users or provide it to any third parties despite of Paragraph 2, it will obtain separate consent from the users regarding this matter.
- Notification Date May. 26, 2020.
- Enforcement Date Jun. 2, 2020.