Lambda256 Corporation (hereinafter “the Company”) regards the protection of personal information of customers (hereinafter “Customer”) who use the website and Service provided by the Company as extremely important, and the Company is making every effort to safeguard the personal information provided by the Customer in order to use the Company’s Service.
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes. Personal information processed is not used for any purpose other than the following purposes, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.
① Company uses personal information for Customer management, including confirming the intention to join, verifying age and obtaining parental consent, verifying the identity of Customers and their legal representatives, identifying customers, and confirming the intention to withdraw membership.
③ Company uses personal information for providing paid Service, including personal authentication, purchasing and payment of fees, and using products and Service.
④ Company uses personal information for marketing and promotional purposes, including providing information on events and opportunities to participate, and providing promotional and advertising materials.
⑤ Company uses personal information for analyzing Service usage records and access frequencies, statistical analysis of Service usage, providing customized Service and advertisements based on service analysis and statistics.
⑥ Company uses personal information for establishing a secure, private, and safe Service environment that Customers can use with confidence. When the purpose of collection and use of personal information is accomplished, personal information is Disposaled without further delay in principle. However, the following information is retained for reasons as set forth below during a specified period.
1-1 The collection of personal information
The Company collects the following minimum personal information as required items for member registration, smooth Customer consultation, and the provision of various Service:
1-2 Automatic generation or additional collection
The information below can be automatically generated or additionally collected during the use of the Service or Service provision process. The information collected in this way may or may not be considered personal information depending on whether it is linked to personal information.
(Required) IP address, Cookies, Access log, Date of visits, History of Service use, History of usage error, History of payment
1-3 Collection of personal information pursuant to relevant laws and regulations
If related laws, such as the Act on the Consumer Protection in Electronic Commerce, require the retention of the information, the Company retains member’s information for the certain period specified by the related act. In this case, the Company uses the information only for retention, and the retention period is as follows:
|Retained information||Reasons for retention||Retention period|
|Records of contracts or withdrawals from subscription||Act on the Consumer Protection in Electronic Commerce, etc.||5 years|
|Records of payments and supply of goods, etc.||Act on the Consumer Protection in Electronic Commerce, etc.||5 years|
|Records of consumer’s complaints or mediation of disputes||Act on the Consumer Protection in Electronic Commerce, etc.||3 years|
|Records of labelling/advertisements||Act on the Consumer Protection in Electronic Commerce, etc.||6 months|
|Books and evidential papers about all transactions regulated by the tax law||Framework Act on National Taxes and Corporate Tax Act||5 years|
|Records of electronic financial transaction||Framework Act on National Taxes and Corporate Tax ActElectronic Financial Transactions Act||5 years|
|Protection of Communications Secrets Act||Protection of Communications Secrets Act||3 years|
1-4 Dormant accounts
The retention and usage period of personal information extends from the time the Service usage agreement is concluded (upon membership registration) until the termination of the Service usage agreement (upon withdrawal request). The Company defines dormant members as those who do not re-use (log in) for the period specified by law (1 year), except in cases where separate periods are stipulated by other laws or when a Customer makes a request. For dormant members, personal information is either Disposaled or separated from other Customers’ personal information and stored and managed separately.
The Company will notify Customers of the fact that their personal information will be Disposaled or separated and stored/managed, as well as the expiration date and the relevant personal information items, at least 7 days before the expiration date, using one of the following methods: email, written notice, fax, phone call, or a similar method.
2. Method of collecting personal information
The Company collects personal information through the following methods:
① It is collected through the generation of personal information during the process of using the Service, or through the provision of information by third parties such as affiliates.
② It is collected through a method where Customer directly input their personal information by agreeing to the collection of membership registration and Service use process.
③ It is collected through participation in events, promotions, and other activities conducted online and offline.
④ It is collected through the website and support email (email@example.com).
⑤ Generated information, such as device information, is automatically generated and collected during the process of using PC web, mobile web/app.
3. Disposal of Personal Information
As a principle, the Company disposes of personal information once the purpose of processing has been achieved. However, if we have obtained separate consent from the Customer or if there is a legal obligation to retain the information for a certain period under other laws, we will store the information separately from other personal information for the specified period. The procedures, deadlines, and methods for the disposal of personal information are as follows:
3-1 Procedure for Disposal
When the purpose of collection and use of personal information is accomplished, the information that a Customer entered for signing up or using other Service is transferred to a separate DB (or an additional cabinet for written form) to be stored for a particular period to comply with internal policies and other related Acts for information protection (refer to the section of Retention and use period of personal information) and then Disposaled. The same personal information is not used for any purposes other than its retention unless it is required by laws.
3-2 Method of disposal
The papers on which the personal information is printed are shredded by a shredder or burned to be Disposaled. The personal information stored in an electric file format is deleted by a technique which permanently destroys the records.
3-3 Disposal of Date
In cases where a Customer’s personal information has reached its retention period, the purpose of processing personal information has been achieved, the relevant Service has been terminated, or the business has been terminated and the personal information has become unnecessary, the personal information will be Disposaled within 5 business days from the applicable date.
4. Providing Personal Information to Third Parties
① The Company uses Customer’s personal information within the scope specified in “Article 1 (Purpose of Personal Information Processing)” and provides personal information to third parties only if it falls under Articles 17 and 18 of the Personal Information Protection Act. In the event that personal information is provided after prior consent from the Customer.
② To provide Service, the Company obtains the consent of the data subject and provides only the necessary minimum range in the following cases.
5. Rights, Obligations and Methods of Exercise of Users and Legal Representatives
5-1 Customers under 14 years of age
In the event that the applicant is a minor under civil law, the use of our Service is not permitted even with the consent of a legal representative (guardian), and the Company reserves the right to refuse the Service application for minors. By using our Service, the Customer confirms to the Company that they are not a minor. Users who are under 14 years of age are not eligible to register for the Service.
5-2 The rights of information subjects
The Customer has the right to request the Company at any time to provide all information about themselves stored in the Service. However, the exercise of rights, such as requests for Customer to view, correct, delete, or suspend processing of personal information, may be restricted as provided by the relevant statutes, such as Article 35(4), Article 36(1), and Article 37(2) of the Personal Information Protection Act.
Customer has the right to request Service to modify, block, complete and delete Customer’s personal information, restrict usage, and transfer data to another organization. The Customer has the right to request additional information about the Users handling of personal information.
In addition, the Customer has the right to challenge the data processing of the Service in some circumstances and to withdraw the consent if User has requested data processing consent. Also, if you would like support for the above mentioned rights, please contact the Privacy Officer (firstname.lastname@example.org).
5-3 Rights of legal representative
When a Customer requests a correction to their personal information, the personal information is not used or provided until the correction is completed. When incorrect personal information has already been provided to a third party, the Company notifies the third party of the result of the correction without any delay and ensures the correction is applied exactly.
The Company processes the personal information as per “4. Retention and use period of personal information” when it has been requested by the User or legal representative for its termination of use or deletion and blocks any other requests for reading or using the information for any other purposes.
6. Consignment of personal information processing
① The Company entrusts personal information processing tasks as follows for smooth handling of personal information-related tasks
② The Company oversees whether the entrusted party securely handles personal information under Article 26 of the Personal Information Protection Act when entering into an entrustment contract.
|consignee||Content of entrusted tasks||Period of Retention and Use of Personal Information|
|Payletter||SMS delivery Service, payment (credit card)||Until the member withdrawal or termination of the consignment contract|
|AWS (Korea)||Operation of infrastructure where personal information is stored||Until the member withdraws or the expiration of the personal information validity period|
|ActiveCampaign||Providing newsletters, event and promotional information, opportunities to participate, content provision, notifications and notices delivery||Until the member withdrawal or termination of the consignment contract|
7. Measures to Secure Personal Information Safety
The Company takes the following technical and administrative measures to ensure the safety of personal information to prevent loss, theft, leakage, alteration or damage of personal information in the processing of the Customer’s personal information.
7-1 Administrative Measures
① Establishment and implementation of an internal personal information protection management plan
We have established an internal personal information management plan, which includes the designation of a personal information protection manager and other matters related to personal information protection management. We also conduct annual audits to ensure that the internal management plan is being properly implemented.
② Utilization of the minimum number of human resources for processing personal information and training
③ Operating a specialized organization for privacy protection
7-2 Technical measures
① Password encryption
The Customer’s password is encrypted before being stored and managed, and only the user knows it. Also, only the Customer can check and change the personal information by using the password.
② Measures against hacking
The Company is doing its best to prevent any leakage or damage from being caused by hacking or computer virus, etc., to our Customer’s personal information. The data is regularly backed up to proactively prevent damage to the personal information, and the latest vaccine program is used to protect the Customer’s personal information or data from leakage or damage while supporting a safe transfer of the personal information on the network through encrypted communications and the like. In addition, the Company controls unauthorized access from outside with an intruder blocking system as well as putting its utmost effort to equip all technical devices available to secure safety in other parts of the system.
8. Installation, Operation and Refusal of Collecting Personal Information Automatically
8-2 Purpose of cookies
Cookies are used to identify each Service of the Company that the Customer uses, visits to the websites and the pattern of usage, popular keywords for search, and the number of Customer to provide the Customer with optimized and customized information including advertisements.
8-3 Installation/operation and refusal of cookies
① Users have a right to opt in/out of the installation of cookies. – Therefore, Users can set the options on their web browser to enable all cookies, check whenever a cookie is stored or refuse to store cookies.
② However, when storing cookies is disabled, there might be a difficulty in the use of some Service of the Company that need sign-in.
③ The way to enable/disable the cookie installation is as follows:
▶︎ Internet Explorer: Tool > Internet Option > Privacy > Advanced Privacy > Set the cookie level
▶︎ Chrome: Setup Menu > Advanced Settings > Privacy and Security > Content Settings > Set Cookie Level
▶︎ Edge : Setup Menu > Cookies and Site Permissions > Click on Manage and delete cookies> Set the cookie level
▶︎ Firefox : Setup Menu > Privacy and Security> Click on Data Management > Set cookie level > Click on Save changes > In the Clear Open Cookies and Site Data confirmation dialog box, click Clear
9. Details on the Personal Information Protection Officer
Customer can report any complaint related to Privacy Protection that occurs while using the Service of the Company to the person in charge of Privacy Protection or the corresponding department. The Company will respond quickly and diligently to its Customer’s complaints.
9-1 Personal Information Protection Officer
|Protection Manager||Lee Jaewon|
|Protection Officer||SE Team (security engineering)|
9-2 Personal Information Protection Department
|Protection Manager||Lee Heonjin|
|Protection Officer||SE Team (security engineering)|
Please contact the following institutions to report or need further consultation in relation to other privacy infringement issues.
- Personal Information Dispute Mediation Committee ( www.kopico.go.kr )
- Privacy Infringement Report Center ( https://privacy.kisa.or.kr)
- Cybercrime Investigation Division of the Supreme Prosecutor’s Office ( http://www.spo.go.kr )
- Cyber Bureau of National Police Agency ( https://ecrm.police.go.kr/minwon/main )
10. Changes in Personal Information Processing Policies
- Announcement date : 2023. 04. 12
- Enforcement date : 2023. 05. 12
2019. 03. 18 ~ 2019. 05. 28 (click)
2019. 05. 29 ~ 2020. 11. 19 (click)
2020. 11. 20 ~ 2023. 04. 12 (click)