Effective Date: July 9, 2020
Way2Bit Co. Ltd.(hereinafter referred to as the “Company”) values the personal information of its members, and abides by privacy protection regulations of related laws that the Company must comply with, such as the “Act on Promotion of Information and Communications Network Utilization and Information Protection” and “Personal Information Protection Act”.
The Company will inform Members of what information it collects, how it is used, how it is shared with others (“entrustment or provision”), and when and how it destroys information when its purpose of use has been achieved.
1. Items of Personal Information and Collection Method
The Company collects the minimum amount of personal information required to provide the Service.
We collect the minimum amount of personal information required through websites or applications in the process of sign up and Service use.
Email, nickname, password, BORA security key, birthdate
The personal information items collected may differ depending on the information disclosure criteria Members set when Members signed up via Kakao, Google or Facebook accounts. The personal information items collected from the services that requires age verification
Personal information collected from Members during the Service process
Digital asset transaction record, terminal information (OS information, device ID), IP address, login date, delinquent actions history, Service history.
When collecting personal information, we must notify Members of this fact, obtain consent, and then collect personal information as follows:
If receiving personal information from partner services, etc.
If entered on the website during consultation through the customer center
Through participation in online and offline events
If generated information such as device information is automatically generated in the process of using the PC web or mobile web
2. Purposes of Collecting and Using Personal Information
Personal information is used for managing subscribers, providing and improving Services, and creating new Services.
The Company collects and uses personal information of Members for the following purposes:
Confirmation of Member’s intent to sign up, verification of the identity of the Member, identification of the Member, and prevention of delinquent actions
Development of new Services and provision of various Services
Handling civil petitions such as inquiries or complaints, retaining records for dispute settlement, and delivering notices
Preventing and restricting actions that interfere with seamless Service operation (including any account fraud and delinquent actions)
Confirmation of event participation and use for marketing and advertising
Used to analyze Service use records and access frequencies, calculate statistics on Service use, establish Service environment for privacy protection and improve Service
3. Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)
The Company complies with the General Data Protection Regulation (GDPR) as well as the domestic laws of each Member of the European Union, including the UK.
The following may apply when the Company provides services to Members in EU countries and the UK.
[Purpose/Basis of Personal Information Processing]
The Company uses personal information collected from Members only for purposes specified in "2. Purposes of Collecting and Using Personal Information ", informs Members prior to any use thereof and asks for agreement.
In addition, the Company may process personal information in accordance with applicable laws including GDPR in any of the following cases:
Consent of the data subject
Sign and fulfil a contract with the data subject
For the pursuit of legitimate interests of the company (except for cases where the benefits, rights or freedom of the data subject is more important than that of the company.)
[Guarantee of Members' Rights in EU Countries]
The Company is committed to protecting Members’ privacy. In accordance with applicable laws including GDPR, a Member may request that his or her personal information be transferred to another manager (right to portability) and refuse the processing of his or her information (right to object). In addition, a Member has a right to file a complaint with their respective data privacy protection supervisory authorities.
The Company may also use personal information for marketing purposes such as event promotion or advertisements, for which the Company obtains a prior agreement (consent). A Member may withdraw the agreement at any time if he or she doesn't want it.
A Member may inquire the foregoing matters to the Customer Service via document, (please see point 12 below) phone or email. The request will be handled in a proper and timely manner.
When a Member requests for the correction of personal information (right to rectification), the concerned information shall not be displayed until such correction is completed.
We have appointed The DPO Centre Ltd (www.dpocentre.com) to be our EU representatives within the European Economic Area (EEA). You can find their contact details below in section 12 if you would like to contact them directly regarding GDPR enquiries.
4. Provision and Entrustment of Personal Information
As a rule, the Company does not provide personal information to any external party without consent from the Member.The Company does not provide personal information to any external party without consent from the Member, and personal information is only provided to a third party after obtaining the Members’ consent within the scope necessary for using the services of external partners and others.See the provision of personal information to the third partiesHowever, exceptions are given below
If there is a request from an investigating agency in accordance with procedures and methods prescribed by laws for investigation purposes or in accordance with the provisions of the laws
The company entrusts selected tasks to external companies to provide convenient and better services.
The company entrusts personal information to perform some of the necessary tasks in providing services from outside companies. And the Company manage and supervise the entrusted company to avoid violating the relevant laws and regulations; the contents of the Company's personal information consignment agency and consignment work are as follows.
See entrusted companies
5. Transfer of Collected Personal Information Overseas
Entrusted CompanyAmazon Web Service
Personal Information Transfer CountryAmazon Global Cloud Service Area (Japan)
Chief Privacy Officer Contact Informationabuse@amazonaws.com
Personal Information Items TransferredAll data including personal information collected and stored by the Company, such as email, password, BORA security key, nickname, login IP, cookie, service history
Transfer DateUpon sign up and use of the service
How To TransferMove data location to server located in Global Cloud area through a security-enhanced private network
Entrusted TasksSystem administration and site operation through AWS
Personal Information Retention and Use PeriodRetain until unsubscribing or until the expiration date of personal information
6. Destruction of Personal Information
As a rule, the Company destroys personal information immediately after the Member unsubscribes from the service.
Personal information stored in electronic files is safely deleted using technical methods, and information printed on paper is shredded or incinerated to prevent it from being restored or regenerated.
However, in order to minimize the damage caused by account theft when requesting unsubscription, it will be kept for 15 days and then destroyed.
The Company has implemented the “Personal Information Validity Period Plan”, which separately stores and manages or deletes the personal information of subscribers who have not used the service for one (1) year. The personal information that has been separated and stored for one (1) year will be destroyed without delay.
The personal information to be kept for a certain period in accordance with other laws and applicable regulations is as follows.
Retention ItemsGrounds LawRetention Period
Record of payment and provision of goodsAct on the Consumer Protection in Electronic Commerce5 years
Record of consumer complaint and dispute settlement3 years
Record of display and ad6 months
Record of electronic financial transactionsElectronic Financial Transactions Act5 years
Records of sign-inProtection of Communications Secrets Act3 Months
Record of Identity VerificationAct on Promotion of Information and Communications Network Utilization and Information Protection6 Months
7. Member’s Rights and How to Exercise Those Rights
Members can go to “Manage Account” to view or update their personal information at any time.
Members can go to “Unsubscribe” to withdraw their consent to the collection and use of their personal information at any time.
If a Member requests that errors in their personal information be corrected, the personal information that is corrected cannot be used or provided until the corrections are made. If incorrect personal information has already been provided to a third party, the corrected information will be immediately made available to the third party so that necessary corrections can be made.
8. Technical and Managerial (Organisational) Measures for Privacy Protection
The Company takes the following technical and managerial (organisational) measures to ensure the safety of personal information in order to prevent personal information from being lost, stolen, leaked, altered or damaged while handling the privacy of Members.
Establishment of internal management planThe Company establishes and implements and internal management plan for the safe management of personal information processed by the company.
Encryption of Member’s privacyThe Company encrypts and stores personal information such as Member’s email, password, and BORA security key using a secure password algorithm.
Measures against hacking, etc.The Company is doing its best to prevent Members’ personal information from being leaked or damaged as a result of hacking or computer viruses. Personal information is backed-up on a regular basis as a preemptive measure against possible damages done to personal information, and the latest vaccine programs are used to prevent any leakage or damage of Members’ personal information. Encoded communication is also used to transfer personal information safely through networks.
Minimization of number of employees that handle personal information and their trainingThe Company restricts the number of personal information handlers to the minimum necessary for the performance of its business operations and has them recognize the importance of personal information protection through protection through administrative measures such as training.
9. Matters Regarding Installation/Operation and Rejection of Automatic Devices Collecting Personal Information
In order to provide personalized and customized services, the Company uses “cookies” that store and retrieve information of Members frequently.
Cookies are small text files sent to a Member’s browser by the server used to run the website and stored on the Member’s computer hard disk. When a Member visits a website, the website server reads the contents of the cookies stored on the Member’s hard disk and uses them to maintain the Member’s preferences and to provide customized services.
Cookies do not automatically and/or actively collect information that identifies individuals, and Members can refuse to save or delete these cookies at any time.
The Members have the option to set cookies. Therefore, the Member can set the options in the web browser to allow all cookies, to check every time a cookie is saved, or to refuse to save all cookies.
However, if the Member refuse to save cookies, some of the Company’s services that need login may be difficult to use.
How to specify whether to allow cookies to be installed is as follows:
Internet Explorer: Select Tools Menu > Select Internet Options > Click the Privacy Tab > Advanced Privacy Settings > Set Cookie Level
Chrome: Select Settings Menu > Select Show Advanced Settings > Privacy and Security Section > Select Content settings > Set Cookie Level
Safari: Select Preferences Menu > Select Security Tab > Set Cookie and Website Data Level
10. Responsibility for Linked Sites
The Company may provide Members with links to other external sites.
In this case, since the Company has no control over external websites, it cannot be held responsible for the usefulness, truthfulness or legitimacy of the services or materials provided to the Members by exter
11. Obligation to Notify Before Amendments
However, notices on important amendments that affect Members’ rights, including changes to the personal information that is collected or to the purpose for using the information, will be made at least thirty (30) days prior to the amendment date. Member’s consent will be obtained again if needed.
12. How to Contact
If you wish to contact us, please send an email us at firstname.lastname@example.org or mail us at our physical address at ATTN: Privacy, Way2Bit, 8F., 8, Seongnam-daero 331beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea, 13558. If you are in the EU/UK, you can contact our Data Protection Officer by email at EURep@way2bit.com or at their physical address at DPO Centre Ltd., 50 Liverpool St., London, United Kingdom, EC2M 7PR.
Additionally, as we are based in Republic of Korea, we have appointed The DPO Centre Ltd. To be our representative within the EEA. Their contact details are by email at EURep@way2bit.com or +44 203 797 6340. Alternatively, they can be reached by post DPO Centre Ltd., 50 Liverpool St., London, United Kingdom, EC2M 7PR. www.dpocentre.com
© Way2Bit Co. Ltd. All Rights Reserved.