Article 1 (Personal Information Collected)
Company collects the following personal information for membership subscription, consultation, and service request.
- Information Collected: Name, Date of Birth, Sex, Login ID, Password, Question and Answer Required for Password Confirmation, Home Telephone Number, Home Address, Mobile Telephone Number, E-mail Address, Record of Using Service, Access Log, Cookie, Access IP Information, Payment Record, Preferred Artist, i-PIN Number, Name of Legal Representative, Mobile Telephone Number, Device Identification Number (Device ID), PUSH Token, i-PIN CI, SM Institute Membership Card Number and Card Password, Personal Identification Information of the Legal Representative of the Member under 14-years-old (Name, i-PIN CI, Age)
- Said information about the device is not personally identifiable, and Company will not commit any activity that identifies individuals based on the information it collects.
- Collecting Method: Homepage (membership subscription, audition entry, event entry, shipment request), written form, etc.
Article 2 (Purpose of Collecting and Using Personal Information)
Company uses the personal information collected for the following purposes.
- Implementation of terms and conditions relating to services provided and settlement of charges for services provided
Provision and purchase of contents, payment of charges, shipping of goods, billing address, and other shipping needs
- Membership Management
Personal identification due to the use of membership service, individual identification, prevention of illegal use or unauthorized use by a suspended member, confirmation of the intent to join, confirmation of age, confirmation of the consent of the legal representative of a person under 14 years of age whose personal information is being collected and personal identification of the legal representative in the future, handling of complaints, delivery of announcement, integrated ID management, membership service provision, card issue, point saving and use settlement, VIP service provision
- Use for Marketing and Advertisement
Development and specialization of new service (product), delivery of advertisement information such as events, provision of service pursuant to demographical characteristics and posting of advertisement, access frequency, and statistics on members’ use of services
Article 3 (Period of Retention and Use of Personal Information)
In principle, the Company immediately destroys personal information after the purpose of collection and use of the information are achieved.
However, if any personal information of member is required to be retained under the applicable laws and regulations, the Company will retain the personal information for the period as prescribed under such applicable laws and regulations as follows;
- Information Retained: Name, Date of Birth, Sex, Login ID, Password, Question and Answer to Confirm Password, Home Telephone Number, Home Address, Mobile Telephone Number, E-mail, Service Use Record, Access Log, Cookie, Access IP Information, Payment Record, Artist Preference, i-PIN Number, Name of Legal Representative, i-PIN CI, Member Number, Name, Date of Birth, Sex, Mobile Telephone Number, E-mail Address and Point Information
- Basis of Retention: The Act on the Consumer Protection in Electronic Commerce, Etc.
- Retention Period: 3 years
① Records on labeling/advertisements: 6 months (The Act on the Consumer Protection in the Electronic Commerce Transactions, Etc.)
② Records on contracts or withdrawal of subscription: 5 years (The Act on the Consumer Protection in Electronic Commerce, Etc.)
③ Records on payment and supply of goods: 5 years (The Act on the Consumer Protection in Electronic Commerce, Etc.)
④ Records on handling of consumer complaints/disputes: 3 years (The Act on the Consumer Protection in Electronic Commerce, Etc.)
⑤ Records on Collection, Processing, and Use of Credit Information: 3 years (The Credit Information Use and Protection Act)
Article 4 (Procedures and Method of Destruction of Personal Information)
Personal information destruction procedure and method are as follows;
- Destruction Procedure
① The information that the member provided to subscribe for membership is transferred to a separate database (DB) (separate document box for paper) after the purpose of such information is fulfilled, stored for a fixed period of time based on Company’s policy and the reason for information protection pursuant to related laws (refer to Period of Retention and Use of Personal Information), and destroyed.
② The personal information transferred to a separate DB is only retained and not used for other purposes unless otherwise required by law.
- Destruction Method
① The personal information saved in an electronic form is deleted in a technical method which disables the regeneration of the records.
② The personal information printed out on the paper is shredded with shredder or burned to destroy.
Article 5 (Delegation of Personal Information Collected)
- For the performance of services, customer convenience, and smooth operations, the Company delegates the processing of personal information to outside professional service providers as follows. The commissioned company retains the member’s personal information during the contracted period. In the event the legal retention period is specified under related laws, the commissioned company retains the member’s information for the specified period.
- The Company ensures that the commissioned company complies with laws related with the protection of personal information, maintains the confidentiality of the personal information, does not share the information with the third party, shoulders responsibilities for accident, and observes the delegation period and the obligations to return or destroy the personal information after the contracted period through the consignment agreement and so forth.
- Consignees the personal information is entrusted with for the provision of services
※ The list of consignees is subject to change depending on the change of related services and the length of contract period. Changes in services will be announced in advance.
- Amazon Web Service
- -Amazon Web Service cannot access user’s personal information and it only provides Cloud Computing Environment to support service.
Amazon Web Service
Consigned Job Description
Operate system via AWS
Contact Information of Consigned Company
Country which Personal Information is Transferred
Japan (AWS Tokyo Region)
Transferred Personal Information
All personal information collected within service providing process
Period of Transfer
Immediately after member registration period
Method of Transfer
Storing personal information in AWS Cloud Computing Environment
Period to Possess And Use Personal Information
By and until withdrawal/inactivity of user or expiration of consignment contract
*Inactivity period of user means user account which became inactive status after not using service for certain period (1 year).
Article 6 (Rights of Users and Legal Representatives and the Method of Exercising thereof)
- The user or the legal representative can inquire or modify his or her own information or the information of the child under 14 years of age her or she represents at any time or also request for cancellation of membership.
- The user or the legal representative of the child under 14 years of age can click on ‘Change Personal Information’ (or ‘Modify Membership Information’) to inquire and revise personal information directly, or click on “Withdraw” to withdraw from membership (cancel consent) after undergoing the personal identification procedure directly. The user or the legal representative can also contact the Company’s Personal Information Administration Manager in writing, by telephone or e-mail and make such a request and the Company will immediately process the request.
- If the correction of personal information error is requested, the personal information can be blocked from use or provision until the correction is completed.
- In the event the wrong personal information has already been given to the third party, the Company will ensure the result of correction is immediately notified to the third party so that the wrong information can be corrected.
- SM Institute makes sure the personal information cancelled or deleted upon the request of the user or the user’s legal representative is handled in accordance with "Period of Retention and Use of Personal Information Collected by SM Institute" and is not perused or used for other purposes.
- Peruse and correction of personal information can be restricted in following cases.
① Such peruse or correction is expected to harm the rights and benefits of the third person enormously
② Disturb the operations of the related service provider seriously
③ Violate laws
Article 7 (Installation, Operation and Refusal of Personal Information Automatic Collection Devices)
Company uses ‘cookie’ to save and search the user’s information frequently. A cookie is a very small text file that the server used to operate SM Institute’s website sends to the user’s computer hard disk. The Company uses the cookie for the following purposes.
- Purpose of Using Cookie
① To provide target marketing and customized service by analyzing the frequency and time of access by member and non-member, identifying user’s preference and field of interest, following the user’s trace, and reviewing the frequency of participating in various events and the frequency of visiting the site.
② The user has the right to accept or refuse cookie installation. The user can accept all cookies, accept cookies after giving consent, or block all cookies using the web browser option.
- How to Block Cookies
① The user may configure the options of the web browser that he or she uses to accept all cookies, accept cookies after giving consent, or block all cookies.
② For example, if the user is using Internet Explorer: Go to Tool > Internet Option > Personal Information in the upper part of the web browser and choose the option
③ However, blocking cookie installation may lead to difficulties in using the services.
Article 8 (Administrative, Technical, and Physical Measures for Personal Information)
- The Company shall establish and implement internal management plan for the safe management of personal information and also provide training.
- The Company has devised technical measures to secure the safety of the personal information and prevent loss, theft, leakage, falsification, or damage in handling personal information of the user.
- The personal information of the user is managed by using the internal network which cannot be penetrated from outside network and important data are thoroughly protected through separate security features such as encrypting or locking files and transmitted data.
- The Company uses firewall and penetration detection system for each server to enhance internal network security against hacking and possible penetration from outside, and the Company has also stepped up the security with access control system.
- A vaccine program is installed to the personal information processing system and the information device used by the personal information handler to handle personal information to inspect and handle malwares such as computer virus and spyware in order to prevent the infringement of personal information.
- The Company limits the authority to access users’ personal information to the minimum required staff, prepared an internal procedure on accessing and managing personal information to secure the safety of personal information, applied access control and locking devices, and made sure the staff in charge to understand and observe related regulations.
- The change-over of operation between personal information handlers takes place securely and thoroughly, and the responsibilities for personal information related accidents are clearly defined for both incumbent and retired staff members.
- The user shall make sure his or her information given to the Company is maintained correctly through self-confirmation and management, and the unauthorized use of another person’s personal information in the course of using internet sites or the infringement of another person’s rights may be subjected to the restriction by Company and also civil and criminal charges.
- The Company shall not be held responsible for the issues arising from the leakage of personal information such as ID, password, and resident registration number due to the user’s neglect or fault or internet problem. Therefore, each Member shall manage his or her own ID and password (P/W) thoroughly in order to protect his or her own personal information and take responsibility for them. In the event the user’s personal information was lost, leaked, falsified, or damaged due to the mistake of the internal manager of the Company or the accident in technical management, the Company shall immediately notify the user of the incident and seek appropriate measures and compensations.
Article 10 (Complaints Relating to Personal Information)
Company has designated a department and personal information manager as follows in order to protect customer’s personal information and cope with complaints relating to personal information.
Customer Service Department: Administration
Contact Number: +82-2518-9810
Manager: Sophia Kim
Contact Number: +82-2518-9810
The User may report any grievance relating to personal information that the user suffers while using Company’s services to the Personal Information Administration Manager or the responsible department. The Company will provide a prompt and sufficient response to the reports of its users.
For reporting or consultation on infringement of personal information, please contact to the institutions as follows;
- Center for Reporting Personal Information Infringement (http://privacy.kisa.or.kr, 118 for domestic, without any regional number)
- Privacy Protection Mark Certification Committee (www.eprivacy.or.kr, 02-550-9531~2)
- National Police Agency Cyber Bureau (www.ctrc.go.kr, 02-3150-2659)