Privacy Policy

ConsumerInsight INC. (hereinafter "the Company") values personal information and, in accordance with Article 30 of the Personal Information Protection Act, establishes and discloses the following privacy policy to protect the rights of data subjects and to handle complaints swiftly and smoothly. This policy is effective from December 9, 2024. The previous revision was made on November 25, 2021.
Article 1 (Purpose of Processing Personal Information)
The company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below. If the purpose of use changes, the company will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.
  1. Membership Registration and Management
    Personal information is processed for purposes such as confirming the intent to register, identifying and authenticating individuals for the provision of membership services, maintaining and managing membership status, preventing fraudulent use of services, verifying the consent of legal representatives when handling the personal information of children under 14 years of age, providing various notifications and announcements, and handling complaints.
  2. Handling Civil Complaints
    Personal information is processed for purposes such as verifying the identity of the complainant, checking complaint details, contacting or notifying for fact-checking, and informing about the results of processing.
  3. Provision of Goods or Services
    Personal information is processed for purposes such as delivering goods, providing services, sending contracts, providing content, offering customized services, identity verification, age verification, and offering prizes.
  4. Survey Responses and Marketing Utilization
    Personal information is processed for purposes such as selecting survey respondents, compiling statistical data, and providing compensation for participation. It is also processed for purposes such as providing event and promotional information and participation opportunities, offering services and displaying advertisements based on demographic characteristics, verifying service effectiveness, analyzing access frequency, and compiling statistics on members’ use of services.
Article 2 (Processing and Retention Period)
The company processes and retains personal information within the retention and usage period prescribed by law or within the period agreed to by the data subject at the time of collection.
The retention and processing periods for each category of personal information are as follows:
  1. Service Membership Registration and Management : Until membership withdrawal.
    However, in the following cases, retention will continue until the relevant reason no longer applies:
    • If an investigation or inquiry related to a violation of applicable laws is ongoing, until the investigation or inquiry is concluded.
    • If any rights or obligations arising from service use remain (such as outstanding claims or debts), until settlement of such rights and obligations.
    • Exceptions for Service Continuity - For smooth service operation, the following information may be retained for a designated period:
      • Retained items: Name, ID, email, phone number
      • Legal basis: Prevention of re-registration within a certain period, handling of complaints, and compliance with the Act on Promotion of Inf`ormation and Communications Network Utilization and Information Protection, etc.
      • Retention period: 6 months
  2. Provision of Goods or Services : Personal information will be retained until the completion of the supply of goods or services and until the expiration of the validity period for rewards provided in connection with survey responses.
    However, in the following cases, information will be retained until the relevant period has expired:
    • Records related to labeling/advertising, contract details, and performance under the Act on the Consumer Protection
      • in Electronic Commerce, etc.: 6 months
      • Records of rewards for survey responses, contracts or cancellations, payments, and supply of goods, etc.: 5 years
      • Records of consumer complaints or dispute resolution: 3 years
    • Communication confirmation data under Article 41 of the Protection of Communications Secrets Act:
      • Computer communications, internet log data, and connection location tracking data: 3 months
    • Identity verification information under Article 29 of the Enforcement Decree of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.: Retained for 6 months after the termination of information posting on the bulletin board.
Article 3 (Provision to Third Parties)
  1. The company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only in cases where the data subject has given consent, or where special provisions of law apply, in accordance with Articles 17 and 18 of the Personal Information Protection Act.
  2. If it becomes necessary to provide personal information to a third party, the company will obtain additional consent from the data subject before such provision.
  3. In accordance with Article 28-2 of the Personal Information Protection Act, personal information may be processed into a form that does not identify a specific individual and then provided for purposes such as the preparation of statistics, scientific research, or preservation of records for the public interest.
Article 4 (Entrustment of Personal Information Processing)
  1. The company entrusts the processing of personal information to the following service providers to ensure smooth handling of related tasks:
    • Trustee: Daou Technology Inc.
      Entrusted tasks: Bulk SMS delivery
      Items provided: Mobile phone number, name, registration date
      Retention and usage period: 3 months after completion of the entrusted task
    • Trustee: Netpursy Mailing Link Inc.
      Entrusted tasks: Notification messages (Alimtalk) and bulk email delivery
      Items provided: Email address, panel ID, mobile phone number, name, registration date
      Retention and usage period: 3 months after completion of the entrusted task
    • Trustee: Korea Credit Bureau (KCB)
      Entrusted tasks: Identity verification
      Items provided: Name, date of birth, mobile phone number
      Retention and usage period: Until membership withdrawal or termination of the entrustment contract
    • Trustee: KT Alpha Co., Ltd.
      Entrusted tasks: Gifticon (mobile gift voucher) delivery
      Items provided: Mobile phone number
      Retention and usage period: 3 months after completion of the entrusted task
    • Trustee: CLM&S Co., Ltd.
      Entrusted tasks: Vehicle information inquiry service
      Items provided: Name, vehicle registration number
      Retention and usage period: 1 month after completion of the entrusted task
    The company manages and supervises entrusted parties to ensure that personal information is not used unlawfully.
  2. When entering into an entrustment agreement, the company specifies in writing, in accordance with Article 26 of the Personal Information Protection Act, matters such as prohibition of personal information processing for purposes other than the entrusted task, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages. The company also monitors entrusted parties to confirm that they process personal information securely.
  3. If there are any changes in the details of entrusted tasks or in the entrusted parties, such changes will be disclosed without delay through this Privacy Policy.
Article 5 (Processing of Pseudonymized Information)
  1. For the purposes of statistical compilation, scientific research, and preservation of records for the public interest, the company processes collected personal information in a manner that does not identify specific individuals.
  2. Pseudonymized information is retained during the period of use for such purposes and is destroyed without delay once the purpose has been achieved.
    • Research Title: Analysis of Tourism Trends Using Travel Panel Data and Interest Indices of Web/App Users
    • Purpose: Scientific research
    • Items processed: Name, phone number, gender, year of birth, age group, occupation, survey responses (monthly income, domestic travel experience, preferred domestic travel destinations, preferred overseas travel destinations, domestic and overseas travel expenses)
    • Retention and usage period: Until December 31, 2025
    • Recipient organization: Zero to One Partners
  3. In processing pseudonymized information, the company takes measures to ensure security in accordance with Article 28-4 (Obligations to Ensure the Security of Pseudonymized Information) of the Personal Information Protection Act.
    • Administrative measures: Establishment and implementation of internal management plans, regular employee training
    • Technical measures: Access control for personal information processing systems, encryption, and use of security programs
    • Physical measures: Access control for computer rooms, data storage rooms, and related facilities
Article 6 (Rights and Methods of Exercise)
  1. Data subjects may, at any time, exercise their rights with respect to the company regarding the inspection, correction, deletion, or suspension of processing of their personal information.
  2. The exercise of rights under the preceding paragraph may be carried out through written request, email, fax, or other methods in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act. The company will take necessary measures without delay.
  3. The exercise of rights under the preceding paragraph may also be carried out through a legal representative or an authorized agent. In such cases, a power of attorney must be submitted using the prescribed form in Annex No. 11 of the Guidelines on Personal Information Processing Methods (Notification No. 2020-7).
  4. Requests for access to personal information or suspension of processing may be restricted in accordance with Articles 35(4) and 37(2) of the Personal Information Protection Act.
  5. Requests for correction or deletion of personal information cannot be made if such information is specified as a mandatory collection item under other applicable laws.
  6. When a data subject makes a request for access, correction, deletion, or suspension of processing, the company verifies whether the requester is the data subject themselves or a duly authorized representative.
Article 7 (Processed Personal Information Items)
The company processes the following categories of personal information
  1. Service Membership Registration and Management
    • Required items: Email address, password, name, gender, date of birth, mobile phone number, mobile carrier, residential address
    • Optional items: Home phone number, total monthly household income, family circumstances, occupation, marital status
  2. Automatically Generated Information from Service Use
    • IP address, access logs, service usage records, cookies, location information
  3. Inquiries and Complaint Handling
    • Name, user ID, email address, phone number, and information required for identity verification, if necessary
Article 8 (Destruction of Personal Information)
  1. The company destroys personal information without delay when it becomes unnecessary, such as when the retention period has expired or the purpose of processing has been achieved.
  2. If the retention period consented to by the data subject has expired, or if the processing purpose has been achieved, but other laws require continued retention of the personal information, the information will be moved to a separate database (DB) or stored in a different location. Personal information that is separately stored will not be used for purposes other than those prescribed by law.
  3. Following is the procedures for destruction
    • Procedures for Destruction
      The company selects the personal information subject to destruction once the reason for destruction has arisen, and proceeds with destruction after obtaining approval from the company’s Chief Privacy Officer (CPO).
    • Methods of Destruction
      Personal information in electronic file format is destroyed using technical methods that prevent the records from being restored. Personal information printed on paper is destroyed by shredding with a shredder or by incineration.
Article 9 (Measures for Ensuring Security)
The company takes the following measures to ensure the security of personal information
  1. Regular Internal Audits
    To ensure the stability of personal information handling, the company conducts regular self-audits (at least once a year).
  2. Minimization and Training of Staff Handling Personal Information
    The company designates specific staff to handle personal information and limits access to only those in charge, thereby minimizing exposure and enhancing control.
  3. Establishment and Implementation of Internal Management Plans
    The company establishes and implements internal management plans to ensure the secure processing of personal information.
  4. Technical Measures Against Hacking and Other Threats
    To prevent leakage or damage of personal information caused by hacking or computer viruses, the company installs and regularly updates/inspects security programs, installs systems in access-controlled areas, and monitors and blocks unauthorized access both technically and physically.
  5. Encryption of Personal Information
    Users’ personal information, including passwords, is encrypted for storage and management so that only the user can know it. Important data is also secured using additional measures such as encrypting files and transmission data or applying file-locking functions.
  6. Access Restriction to Personal Information
    The company takes necessary measures to control access to personal information by granting, changing, or revoking access rights to database systems that process personal information, and uses intrusion prevention systems to block unauthorized external access.
  7. Use of Locking Devices for Document Security
    Documents and auxiliary storage media containing personal information are stored in secure locations equipped with locking devices.
  8. Access Control for Unauthorized Persons
    Physical storage locations containing personal information are set apart, and entry control procedures are established and operated to restrict access to unauthorized individuals.
Article 10 (Matters Concerning the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
The company uses “cookies” to store and retrieve user information in order to provide users with customized services.
A cookie is a small piece of data that the server (http) operating a website sends to the user’s computer browser, and it may be stored on the hard disk of the user’s PC.
  1. Purpose of Using Cookies: Cookies are used to analyze information such as the services and websites visited by the user, patterns of use, popular search terms, and whether secure access is enabled, in order to provide optimized information to the user.
  2. Installation, Operation, and Rejection of Cookies: Users may refuse the storage of cookies by adjusting the settings in their web browser under: Tools > Internet Options > Privacy.
  3. However, if cookie storage is refused, some difficulties may arise in using customized services.
Article 11 (Personal Information Protection Officer)
  1. The company appoints the following Personal Information Protection Officer to take overall responsibility for personal information processing and to handle complaints and remedies related to personal information
    • Personal Information Protection Officer
      Name: Jang Ho-wan
      Position: Executive Director
      Title: Executive Director
      Contact: +82-2-6004-7650, Fax: +82-2-543-5984
      Email: janghw@consumerinsight.kr
    • Department in Charge of Personal Information Protection
      Department: Information Technology Team
      Person in charge: Oh Joo-yeon
      Contact: +82-2-6004-7641
      Email: ohjy@consumerinsight.kr
  2. Users may contact the Personal Information Protection Officer or the responsible department regarding all inquiries, complaints, or remedies related to personal information that arise while using the company’s services. The company will respond to and handle such inquiries without delay.
Article 12 (Request for Access to Personal Information)
The data subject may request access to their personal information pursuant to Article 35 of the Personal Information Protection Act from the department listed below. The Company will make every effort to ensure that requests for access to personal information are processed promptly.
  • Department in charge of receiving and processing requests for access to personal information
    Department: Information Technology Team
    Person in charge: Oh Joo-yeon
    Contact: +82-2-6004-7641
    Email: ohjy@consumerinsight.kr
Article 13 (Remedies for Rights Infringement)
Data subjects may seek dispute resolution or consultation regarding personal information infringement by contacting the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency (KISA) Personal Information Infringement Report Center, or other related organizations listed below.
  1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  2. Personal Information Infringement Report Center (KISA): 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)
  4. National Police Agency (Cyber Bureau): 182 (cyberbureau.police.go.kr)
In addition, if a data subject’s rights or interests have been infringed due to a disposition or omission by the head of a public institution in response to a request made under Articles 35 (Access to Personal Information), 36 (Correction and Deletion of Personal Information), or 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act, the data subject may file an administrative appeal in accordance with the Administrative Appeals Act.
※ For further details regarding administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).
Article 14 (Policy Change)
  1. This policy is effective from December 9, 2024.
  • CEO. Kim, Jinkook
  • 19th floor, Geopyeong Town, 129, Bongeunsa-ro, Gangnam-gu, Seoul, Republic of Korea 06121
  • Registration Number : 120-86-12648
  • TEL : 02-6004-7600
  • FAX :02-543-5984
  • E-MAIL : leejh@consumerinsight.kr
  • KR
    EN
  • Privacy Policy
© Copyright (C) CONSUMERINSIGHT. All Rights Reserved.