Personal Information Processing Policy
Article 1. Purpose of Personal Information Processing Policy
- 1. In order to protect the freedom and rights of users (hereinafter referred to as "Users") who use Godot Symphony, or a Company of copyrighted music (hereinafter referred to as the "Company"), the Company complies with the Personal Information Protection Act and related laws and regulations, lawfully processes and safely manages personal information.
- 2. During the process of using Godot Symphony, the Company transparently provides Users with information related to the 'lifespan of personal information,' including what information the Company collects, how it uses the collected information, with whom it shares (‘outsources or provides’) information as needed, and when and how it destroys information that has achieved its purpose.
- 3. The Policy informs Users of what rights they have over their personal information and how they can exercise these rights through what methods and procedures.
- 4. The policy informs users of whom they contact and what assistance they can get to prevent further damage and recover from any damage already incurred in the event of a personal information breach.
- 5. Above all, this Policy serves as a means to ensure Users' right of ”self-determination of personal information" by regulating the rights and obligations between Godot Symphony and its members regarding personal information.
Article 2. Purpose of Personal Information Processing
- The Company processes personal information for the following purposes. The processed personal information will not be used for purposes other than those listed below, and in the event that the purpose of use changes, necessary measures will be taken in accordance with Article 18 of the Personal Information Protection Act, including obtaining separate consent.
- Registration and management of website membership
Confirmation of membership registration intention, identification and authentication of individuals for providing membership services, maintenance and management of membership qualifications, prevention of service abuse, various notifications & announcements, and complaint handling.
- Utilization of Godot Symphony services and billing based on its usage.
Provision of service, sending of contracts or invoices, provision of contents, provision of customized services, identity verification, age verification, payment and settlement of fees, and debt collection.
- Complaint handling
Verification of complainant's identity, checking of complaint details, communication and notification for fact-finding investigation, and notification of processing results.
- Improvement and new development of Godot Symphony services
Analysis of members who subscribe to the service and analysis of members' records usage, handling of intellectual property-related disputes, provision of customized content tailored to each member, improvement of service and development of new services.
Article 3. Processing and Retention Period of Personal Information
- 1. The Company processes and retains personal information within the period of retention and use of personal information within the period required by law or agreed upon by the users at the time of collection.
- 2. The processing and retention periods for each category of personal information are as follows:
-
1) Membership registration and management on the website: the information is processed and retained until the member withdraws from the website.
However, in the following cases, the information will be processed and retained until the reasons for that cease:
- ① If an investigation or inquiry is ongoing due to a violation of relevant laws, the information process will be processed until the conclusion of such investigation or inquiry.
- ② If there are outstanding rights and obligations related to website usage, the information process will be processed until the settlement of such rights and obligations.
-
2) Utilization of Godot Symphony services and billing based on usage: the personal information is retained until the member withdraws from the website membership.
However, in the following cases, the personal information is retained for the following periods.
-
① Records related to display/advertising, contract contents, and transaction performance, as required by the "Act on Consumer Protection in Electronic Commerce"
- Records related to contracts or withdrawal of offers: 5 years
- Records related to payment of fees and supply of goods: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
- Records related to display and advertising: 6 months
-
② Records required by the Electronic Financial Transactions Act
- Records related to electronic financial transactions: 5 years
-
③ Records required by Framework Act on National Taxes
- Books and documentary evidence for all transactions as stipulated by tax laws: 5 years
-
④ Retention of communication verification data according to Protection of Communications Secrets Act
- Subscriber's electric communication date and time, start and end period, counterpart subscriber number, frequency of use, location tracking data issued by base station: 1 year
- Computer communication, internet log records, access location tracking data: 3 months
-
3) Complaint handling: the information is processed and retained until the member withdraws from the website.
However, in the following cases, the personal information is processed and retained until the reasons for processing cease:
-
① Records related to display/advertising, contract content, and transaction performance as required by the Act on Consumer Protection in Electronic Commerce.
- Records related to contracts or withdrawal of offers: 5 years
- Records related to payment of fees and supply of goods: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
- Records related to display and advertising: 6 months
-
② Records required by the Electronic Financial Transactions Act
- Records related to electronic financial transactions: 5 years
-
③ Records required by FRAMEWORK ACT ON NATIONAL TAXES
- Books and documentary evidence for all transactions as stipulated by tax laws: 5 years
-
④ Retention of communication verification data according to PROTECTION OF COMMUNICATIONS SECRETS ACT
- Subscriber's electric communication date and time, start and end period, counterpart subscriber number, frequency of use, location tracking data issued by base station: 1 year
- Computer communication, internet log records, access location tracking data: 3 months
-
4) Improvement and new development of Godot Symphony Service: until the homepage member withdraws.
-
① Records related to display/advertising, contract content, and transaction performance as required by the Act on Consumer Protection in Electronic Commerce.
- Records related to contracts or withdrawal of offers: 5 years
- Records related to payment of fees and supply of goods: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
- Records related to display and advertising: 6 months
-
② Records required by the Electronic Financial Transactions Act
- Records related to electronic financial transactions: 5 years
-
③ Records required by FRAMEWORK ACT ON NATIONAL TAXES
- Books and documentary evidence for all transactions as stipulated by tax laws: 5 years
-
④ Retention of communication verification data according to PROTECTION OF COMMUNICATIONS SECRETS ACT
- Subscriber's electric communication date and time, start and end period, counterpart subscriber number, frequency of use, location tracking data issued by base station: 1 year
- Computer communication, internet log records, access location tracking data: 3 months
Article 4. Collection and Use of Personal Information
-
1. When membership is registered,
- Required Items: Name, Email, Password, Mobile Phone Number
- Optional Items: Consent for receiving marketing information
- Purpose of Personal Information Processing: Website membership registration and management
-
2. When the quick SNS (such as KakaoTalk) membership is subscribed,
- Required Items: Nickname, Email, Mobile Phone Number
- Optional Items: Consent for receiving marketing information, addition to Godot Symphony's KakaoTalk channel
- Purpose of Personal Information Processing: Website membership registration and management
-
3. When the payment information is registered
-
Required Items:
(Individual Members) Subscription fee plan information, credit card information based on payment method (card number, expiration date, first 2 digits of card password), date of birth
(Corporate Members) Subscription fee plan information, Company information (Company name, business registration number), credit card information based on payment method (card number, expiration date)
- Optional Items: SNS platform channel information (YouTube, Facebook, Instagram, Podcast, etc).
- Purpose of Personal Information Processing: Billing for Godot Symphony service usage and related fees
-
4. When the preference information is registered,
- Required Items: date of birth, gender, preferred ambiance information, preferred video theme information
- Purpose of personal information processing: Improvement and development of Godot Symphony services
-
5. When the service is used,
-
1) Information that may be automatically generated and collected during the service usage or business processing process:
- Required Items: IP Address, Cookies, service usage records, device information (model name, device ID, operating system)
- Purpose of personal information processing: improvement and development of Godot Symphony services
-
2) Information collected when making a 1:1 inquiry:
-
Required Items
Error inquiries: Operating system, operating system version, browser
License inquiries: URL
- Purpose of Personal Information Processing: Complaint handling
-
5-1. How to collect personal information:
- Required Items: direct input of necessary information for membership registration, payment, and 1:1 inquiry.
- Optional Items: direct input of SNS platform channel information for whether the consent for receiving marketing information is made or for copyright issue response.
Article 5. Provision of Personal Information to Third Parties
-
Except when the user has consented or as provided by relevant laws and regulations, the Company shall not use the personal information of the data subject or provide it to third parties beyond the scope notified in "Article 4. Collection and Use of Personal Information” unless:
- a. When the user has given prior consent.
- b. When the provision is required by relevant laws and regulations, or when there is a request from investigative agencies in accordance with the procedures and methods prescribed by law for investigative purposes.
- c. When the provision is necessary for billing settlement related to service provision.
- d. When the provision is made to external agencies or organizations for market research and statistical analysis in a form in which any specific individuals cannot be identified.
Article 6. Outsourcing of Personal Information Processing
-
In order to ensure smooth processing of personal information tasks, the Company outsources the following personal information processing tasks:
-
1. Identity verification
- Service suppliers: (1) SendGrid, (2) NAVER Cloud
- Outsourced tasks: Authentication of individuals
- Retention and use period: Until a member withdraws his/her membership or the outsourcing contract ends.
-
2. Payment processing
- Service suppliers: (1) PayPal, Inc., (2) Kakao Pay Corporation, (3) Payco, Inc.
- Outsourced tasks: Transmission of payment information such as credit cards necessary for subscription payment
- Retention and use period: Until a member withdraws his/her membership or the outsourcing contract ends.
-
3. Alarm sending
- Service supplier: ㈜카카오 Kakao Corporation
- Outsourced tasks: Provision of KakaoTalk notification service
- Retention and use period: Until a member withdraws his/her membership or the outsourcing contract ends.
-
4. Provision of infrastructure
- Outsourced tasks: provision of infrastructure
- Retention and use period: Until a member withdraws his/her membership or the outsourcing contract ends.
-
The Company ensures compliance with Article 26 of the Personal Information Protection Act when entering into outsourcing contracts, by specifying in documents such as contracts the prohibition of processing personal information beyond the purpose of outsourcing, technical and managerial protective measures, restrictions on re-outsourcing, management and supervision of subcontractors, and liability for damages. Additionally, the Company supervises whether subcontractors handle personal information securely. In the event of changes in the content of outsourcing tasks or subcontractors, the Company will promptly disclose such information through this Privacy Policy.
-
6-1. Transfer of Personal Information Abroad
The Company outsources the following tasks to overseas corporations as outlined below:
-
1. Statistical analysis for improving Godot Symphony services:
- Service supplier: Google Inc (googlekrsupport@google.com)
- Purpose of transfer: Statistical analysis and service enhancement
- Information to be transferred: Information that may be automatically generated and collected during service usage
- Date and method of transfer: to be transmitted via the network when the personal information processing is necessary
- Destination country: United States
- Retention and usage period: Until either the member withdrawal or termination of the outsourcing contract is made.
-
2. Provision of infrastructure
- Service supplier: Amazon Web Service Inc
- Purpose of transfer: Provision of infrastructure for service operation
- Information to be transferred: (1) Information collected during service usage (2) Attachments submitted by members when they file complaints
- Date and method of transfer: to be transmitted via the network when processing personal information is necessary
- Destination country: Retention and usage period: Until either the member withdrawal or termination of the outsourcing contract is made.
Article 7. Procedure and Method of Personal Information Destruction
- 1. The Company promptly destroys any personal information when it becomes unnecessary due to the expiration of the retention period or the achievement of the collection/utilization purpose.
- 2. If personal information, despite reaching the end of the agreed retention period or fulfilling its purpose, must be retained according to other laws, the Company transfers such information to a separate database (DB) or stores it in a different location for preservation.
-
3. The procedure and method of personal information destruction are as follows:
- Destruction procedure: The Company selects the personal information for destruction when the reasons for destruction arise and obtains approval from the Company's personal information protection manager before proceeding with the destruction.
- Destruction method: Electronic files containing personal information are permanently destroyed to prevent data recovery, while personal information recorded and stored on paper documents is shredded or incinerated for destruction.
- Exceptions to destruction: Personal information under investigation due to suspected violation of relevant laws will be retained until the conclusion of the investigation.
Article 8. Rights, Duties, and Methods of Exercise for Users as Information Subjects and their Legal Representatives
- Users have the right to ask for access, correction, deletion, or suspension of processing of their personal information from the Company at any time. Users who are minors over the age of 14 may exercise these rights themselves or through their legal representatives concerning their personal information. The exercise of rights can be carried out through written form, email, fax, etc., according to Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will promptly respond to such requests. Users may also exercise their rights through their legal representatives or authorized agents. In this case, a power of attorney must be submitted according to the form specified in Annex 11 of the "Notice on Methods of Personal Information Processing (No. 2020-7)". The right of users to ask for access and suspension of processing may be restricted under Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act. Requests for correction and deletion of personal information cannot be made if the information is specified as subject to collection under other laws. The Company verifies whether those who ask for such as access, correction, deletion, or suspension of processing, are the right individual themselves or a legitimate representative. The specific methods for requesting access, correction, deletion, or suspension of processing of personal information are as follows:
- 8-1. Access to Personal Information
- Users can request access to their personal information processed by Godot Users can request access to their personal information processed by Godot Symphony. Member information can be directly accessed through the 'My Page' menu within the service. If users wish to access personal information not directly available within the service but automatically generated through the system during service usage, they can contact the 'Customer Center'. Unless there are unavoidable reasons preventing such access, the Company will respond within 10 business days from the date of contact. The method of access can be determined according to the user's request and is not limited to a specific method. However, if there are delays or reasons making access impossible, the Company will promptly inform the user of that.
-
Unavoidable reasons
- 1. There occurs any significant service or securit6y problem.
- 2. There is any likeliness of endangering the life or body of another person, or unjustly infringing upon the property, and other rights of another person.
-
8-2. Modification of Personal Information
- Users have the option to directly modify their personal information within the Godot Symphony service through the 'My Page > My Account > Personal Information > Information Modification' menu or by requesting modifications through the customer service center.
During this process, procedures such as verifying one's identity for the purpose of modification may be carried out.
-
8-3. Withdrawal of Consent and Deletion of Personal Information
- Users have the option to directly withdraw their consent or request deletion of information collected through the service within the Godot Symphony service, either by personally initiating membership withdrawal ('My Page > My Account > Personal Information > Membership Withdrawal') or by contacting the customer service center.
However, it's important to note that upon such requests, certain limitations may be imposed on the use of the service, either partially or entirely and that additionally, the withdrawal of consent or deletion may not be possible for information collected under other legal regulations.
Article 9. Measures for Ensuring the Security of Personal Information
- 1. The Company takes the following measures to ensure the security of personal information and prevent its loss, theft, alteration, or damage:
- Administrative measures: Regular employee training.
- Technical measures: control to access the personal information processing systems, installation of access control systems, encryption of personal information or, installation and updating of security programs.
- 2. However, the Company shall not be held responsible for any issues arising from the transfer, lending, loss of ID (email), password, access media, or negligence of members, such as leaving their devices while logged in or problems on the internet, without attributable causes to the Company, thus leading to the leakage of personal information. Additionally, The Company informs the users that its privacy policy does not apply to the collection of personal information in other companies' websites or any linked sites.
Article 10. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
- To provide personalized services to users, the Company uses 'cookies' that store and retrieve usage information periodically.
-
10-1. Definition of cookie
- A cookie is a very small text file sent from the server operating a website to the user's computer, where it is stored on the user's computer hard drive. It is used to track the user's visit and usage patterns for each service and website visited by the user, as well as to determine the security status, in order to provide the user with optimized information. Users have the freedom to autonomously choose whether to install and collect cookies, and thus, they can refuse collection.
However, the refusal of storing cookies may limit access to certain services that require login, such as personalized service usage.
-
10-2. How to refuse the cooking setting
-
The settings method may vary depending on the version of each browser. For detailed instructions, please refer to the help section of your respective browser.
- Internet Explorer
Select the [Tools] menu → Choose [Internet Options] → Click on [Personal Information] → Click [Advanced] → Select whether to allow cookies.
- Chrome
Select [Settings] → Choose [Show advanced settings] on the bottom of the screen → Click [Content settings] in the Personal Information section → Adjust cookie settings directly in the Cookies section.
- Safari
Click on the top-left menu bar [Safari] in MacOS → Select [Preferences] → Go to [Security] → Choose whether to allow cookies.
Article 11. Personal Information Protection Manager
-
The Company is responsible for overseeing the handling of personal information, as well as handling user complaints and remedies related to personal information processing. To fulfill this responsibility, the Company has designated a personal information protection manager as follows:
Furthermore, users can contact the personal information protection manager for any inquiries, complaints, or remedies related to personal information protection arising from their use of Godot Symphony. The Company is ready to promptly respond to and handle user inquiries.
- 1. Name: Park Jaehwan
- 2. Position: CEO
Users may ask the personal information protection manager to allow them to access the personal information under Article 35 of the Personal Information Protection Act.
Article 12. Remedies for Violation of Rights of Users as Information Subjects
- To seek remedies for violations of personal information, users can apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency’s Personal Information Infringement Reporting Center, and other relevant organizations. In addition, if users want to report on the infringement of personal information or equivalent, you need to call one of the followings.
- 1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- 2. Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)
- 3. Prosecution Service: 1301 (www.spo.go.kr)
- 4. National Police Agency: 182 (ecrm.cyber.go.kr)
- The Company guarantees the users to get the right of self-determination of personal information and endeavors to provide Users with consultation and remedies for damages caused by personal information infringement. If reporting or consultation is needed, please contact the following responsible person:
- 1. Name: Park Jaehwan
- 2. Position: CEO
Article 13. Matters regarding changes in the Privacy Policy
- This Privacy Policy takes effective on Jan 18, 2024.