NAVER Privacy Policy (Ver. 6.0)

NAVER Corporation (nhncorp.com, hereinafter referred to as “Company” or “NAVER”) complies with the regulations on personal information protection of related legislation, which an information communication service provider must abide by, including Act on Promotion of Information and Communication Network Utilization and Information Protection, Personal Information Protection Act, Communication Privacy Protection Act, Telecommunications Business Act, and does its best to protect user rights by developing Privacy Policy based on the related legislation.

This Privacy Policy is applied to the services provided by NAVER and to me2day, Wingbus and Wingspoon that can be used with a NAVER ID.

  1. Collected Personal Information and Collection Method
  2. Purpose for Collection and Use of Personal Information
  3. Disclosure and Provision of Personal Information
  4. Entrusting Personal Information
  5. Period of Retention and Use of Personal Information
  6. Procedure and Method of Disposal of Personal Information
  7. Rights of Users and Legal Representatives and Methods of Exercising the Rights
  8. Installation, Operation and Rejection of Automatic Personal Information Collector
  9. Technical and Administrative Measures of Personal Information Protection
  10. Contact Information of Manager and Employee in Charge of Personal Information Management
  11. Others
  12. Obligation to Notify

1. Collected Personal Information and Collection Method

A. Personal information collected by NAVER

  1. 1) NAVER collects the following minimum personal information as required information upon initial user registration for purposes that include user registration, smooth customer consultation and provision of various services.

    <General user registration: register with telephone number>

    • Name, date of birth, gender, ID, password, nickname, contact information (choose one from email address and mobile phone number), registration authentication number

    <Real name user registration: register optionally with resident registration number or i-PIN>

    • Name, resident registration number (date of birth, gender and i-PIN number of users registering with i-PIN), ID, password, nickname, contact information (choose one from email address and mobile phone number), legal agent information of users under the age of 14, registration authentication number

    <Group ID registration>

    • Required information: group ID, company name, name of representative, representative phone number, representative email address, group’s address, ID of administrator, contact information of administrator, department and position of administrator.
    • Optional information: representative website, representative fax number

    <Foreigner general user registration: register with telephone number>

    • Name, date of birth, gender, ID, password, nickname, contact information (choose one from email address and mobile phone number), registration authentication number

    <Foreigner real name user registration >

    • Foreign residents in Korea: name, passport number or alien registration number, ID, password, nickname, contact information (choose one from email address and mobile phone number), gender of users registering with passport number, nationality of users registering with alien registration number, legal agent information of users under the age of 14, registration authentication number
    • Foreign residents abroad: name, ID, password, nickname, contact information (choose one from email address and mobile phone number), nationality, gender, date of birth, registration authentication number
  2. 2) The following information may be automatically created and collected while services are used or businesses are processed.
    • IP Address, cookies, time of visit, service use records, delinquent use records
  3. 3) When users use optional and customized service or enter events with a NAVER ID, the following information may be collected only from the users who use the corresponding services.
    • Click to see when the user is asked to agree to the collection of additional personal information.
  4. 4) The following payment-related information may be collected when using paid services.
    • When paying with credit cards: name of card company, credit card number, etc.
    • When paying with mobile phone: mobile phone number, mobile service provider, payment authentication number, etc.
    • When making credit transfer: bank name, account number, etc.
    • When paying with gift vouchers: voucher number

B. Personal information collection method

NAVER collects personal information using the following:

  • Website, written forms, fax, telephone, customer service board, email, event entry information, shipping request
  • Information provided by affiliated companies
  • Tool collecting generated information

2. Purpose for Collection and Use of Personal Information

A. Execution of service provision agreement and billing for the provided service

To provide contents and customized services, to deliver goods or invoices, to conduct self-authentication, to make purchase and payment, to collect fee.

B. Member management

To conduct self-identification for the use of member-only services and for the compliance with limited self-identification policy, to verify personal identity, to prevent dishonest or unauthorized use by delinquent users (users who have permanently been forbidden to use services in accordance with first and second paragraphs of Article 20 of NAVER’s Terms of Use, due to the violation of the subparagraphs 1 to 8, paragraph 1 of Article 11), to verify intention to join membership, to limit acquisition of membership or number of accounts per user, to verify approval from a legal agent when collecting personal information of a user under the age of 14, to verify legal agent’s identity afterward, to retain records for settlement of conflicts, to process civil complaints including customer complaints, to deliver notices.

C. Development, marketing and advertisement of new services

To develop new services and provide customized services, to provide services and place advertisements based on statistical characteristics, to confirm validity of the service, to provide information on events and advertisement as well as opportunity to participate, to identify access frequency, to make statistics on member’s service usage.

3. Disclosure and Provision of Personal Information

Company uses personal information of users within the scope indicated in “2. Purpose for Collection and Use of Personal Information,” does not go beyond that scope without prior consent of the user, and principally does not disclose personal information of users to third parties. However, the following cases are exceptions.

  • When user agreed to disclose in advance (Click to see details)
  • When it is demanded by provisions of legislation or when an investigative agency makes a request based on process and method defined by the legislation for the purpose of investigation.

4. Entrusting Personal Information

Company entrusts personal information as the following for the purpose of service enhancement, and in accordance with related legislation presents the necessary regulations upon signing of contract to ensure safe management of entrusted personal information.

Company entrusts personal information to the following organizations for the following purposes.

personal information to the following organizations
Organization Purpose Period of retention and use
NAVER I&S Co., Ltd. Service operation, event prize delivery, customer service support Until the termination of account by the user or the termination of the contract
inComms Co., Ltd., Gplus Co., Ltd. Customer service
Greenweb Service Co., Ltd. Service operation
Nplex Co., Ltd. Photo printing service operation
NAVER Business Platform Co., Ltd. System operation for provision of services
Happybean Foundation Happybean operation
NAVER Technology Services Co., Ltd. Management of infrastructure, development and testing of services
Skylogis Co., Ltd. Delivery of service products or event prizes
NICE Group Co., Ltd.,
National Information and Credit Evaluation Inc.,
Seoul Credit Rating and Information Inc.,
Korea Association for ICT Promotion
Real name verification Personal information is not saved separately as the corresponding companies are already retaining the information
Mobile service providers and credit card companies, which users are using Self identification

※ For certain services, customer consultation regarding payment and refund can be carried out by external content providers (click).

5. Period of Retention and Use of Personal Information

In principle, the personal information of users is destroyed without delay once the purpose of collection and use of the personal information has been accomplished. However, the following information will be retained over the described period for the corresponding reasons.

A. In accordance with Company’s internal policy

  • - Record of misuse
    Reason: prevention of misuse
    Period: 1 year

B. In accordance with related legislation

If relevant legislation, including Commercial Law and Act on the Consumer Protection in the Electronic Commerce Transactions states to do so, Company retains the information for the period specified by legislation. In this case, Company uses the retained information only for the purpose of retention, the period of which is as stated below:

  • - Record on agreement or withdrawal of subscription
    Reason: Act on the Consumer Protection in the Electronic Commerce Transactions
    Period: 5 years
  • - Record on payment and supply of goods
    Reason: Act on the Consumer Protection in the Electronic Commerce Transactions
    Period: 5 years
  • - Record on settlement of customer complaints or conflict
    Reason: Act on the Consumer Protection in the Electronic Commerce Transactions
    Period: 3 years
  • - Record on self identification
    Reason: Act on Promotion of Information and Communication Network Utilization and information Protection
    Period: 6 months
  • - Record on website visits
    Reason: Communication Privacy Protection Act
    Period: 3 months

6. Procedure and Method of Disposal of Personal Information

In principle, the personal information of users is destroyed without delay once the purpose of collection and use of the personal information has been accomplished. Company destroys personal information following the procedure and method stated below.

A. Procedure of disposal

  • The data entered by users for member registration is transferred to a separate database once the purpose is achieved (hard copies are moved to a separate cabinet), saved for a certain period in accordance with the internal policy and the reason of information protection stated by other relevant legislation (see period of retention and use), and destroyed.
  • The corresponding personal information is not used for the purpose other than for retention, unless that purpose derives from the law.

B. Method of disposal

  • Personal information printed on paper will be shredded or incinerated.
  • Personal information saved in electronic file format will be erased using a technology that does not allow recovery of records.

7. Rights of Users and Legal Representatives and Methods of Exercising the Rights

  • Users and legal representatives can view and modify their registered personal information or the personal information of children under 14 who they represent at any time, and if do not approve Company’s processing of personal information, users or their legal representatives can also refuse to agree or request termination of account (withdrawal of membership). However, in those cases users may have limited or no access to the services.
  • In order to view and modify their personal information, users or legal representatives of users under the age of 14 should click “update personal information” (or “edit account information”), and click “withdraw membership” to terminate account (cancel agreement). Users can view, modify the personal information or withdraw after user identification is confirmed.
  • Users can also contact the employee in charge of personal information management via telephone, email or in writing for immediate response to the request.
  • If users request correction of errors in the personal information, the concerned information will not be used or disclosed until the correction is made. In addition, if the incorrect personal information has already been provided to a third party, immediate action will be taken to make corrections by notifying the third party of the updates.
  • If users or legal representatives request termination of account or deletion of personal information, the concerned information will be processed only as indicated in “5. Period of Retention and Use of Personal Information,” and will not be viewed or used for any other purpose.

8. Installation, Operation and Rejection of Automatic Personal Information Collector

A. What is a cookie?

  • Company uses cookies that save and frequently recall user information, in order to provide personalized and customized services.
  • Cookies are very small text files sent to the user’s browser by the website’s server, and are saved in the hard disk of the user’s computer. When the user revisits the website, its server reads the saved cookies and uses them to maintain user configuration and provide customized service.
  • Cookies do not automatically or actively collect personal identification information, while users can always refuse saving cookies or delete them.

B. NAVER’s purpose of using cookies

NAVER utilizes cookies to provide users with the optimized and customized information including adverts based on the analysis of user’s patterns of visiting and using NAVER’s services and websites, popular search terms as well as the data about connection using SSL, news page editing and number of users.

C. Installation, operation and rejection of cookies

  • Users have the right to choose whether cookies are installed or not. Thus users can adjust options on their web browser allow all cookies, confirm each time that a cookie may be stored, or disallow all cookies.
  • However, if a user rejects all cookies, there may be limitations in using certain services, which require log-in.
  • Here is how users can set their cookie preferences (if using Internet Explorer):
    1. From the [Tools] dropdown, choose [Internet Option].
    2. Click on [Privacy] tab.
    3. Adjust the privacy slider.

9. Technical and Administrative Measures of Personal Information Protection

Company takes the following technical and administrative measures for the purpose of safety acquisition that will prevent loss, theft, leak, falsification or damage of personal information while it is handling the personal information of its users.

A. Codification of passwords

Passwords of NAVER user IDs are known only by the users as they are stored and managed in encrypted form, and only the users who know their passwords can view and make changes to their personal information.

B. Countermeasures against hackers

Company does its best to prevent leakage or damage of the user’s personal information by hacking or computer viruses.
Company also frequently makes back-up copies of the personal information in case of deterioration, prevents leakage or damage of the information by using the latest vaccine programs, uses encrypted communication to facilitate safe transmission of personal information on the network.
In addition, NAVER controls external intrusion utilizing intrusion prevention system, and does its best to be equipped with all possible technological instruments to ensure system security.

C. Recruitment of minimum number of employees involved and education

Company restricts handling of the information only to authorized employee who is issued with a separate password, which is periodically updated. The employee in charge of the personal information management is constantly reminded of the importance of adherence to the privacy policy through employee training conducted frequently.

D. Special team for privacy protection

Company also does its best to resolve and correct any problem should it occur, through its special team for privacy protection that monitors enforcement of NAVER Privacy Policy as well as employees’ adherence to it.
However, Company does not take any responsibility for problems related to leakage of ID, password and resident registration number caused by user’s carelessness or internet connection.

10. Contact Information of Manager and Employee in Charge of Personal Information Management

You may file all your complaints with regard to personal information protection in NAVER services to the manager or the department in charge of protection of personal information.
Company will swiftly and fully respond to users’ reports.

Manager in charge
Name:
Jun Ho Lee, Information Protection Center
Position:
Director
Tel:
1588-3820
email:
privacy@naver.com
Employee in charge
Name:
Jin Kyu Lee, Personal information protection team
Position:
Team manager
Tel:
1588-3820
email:
navercc@naver.com

Please refer to the organizations below for further consultation or report on other cases of personal information infringement:

  • Personal Information Infringement Report Center (www.118.or.kr / 118)
  • Korea Association for ICT Promotion (www.eprivacy.or.kr / 02-580-0533~4)
  • High-tech Crime Investigation Section, Supreme Prosecutors’ Office (www.spo.go.kr / 02-3480-2000)
  • Cyber Terror Response Center (www.ctrc.go.kr / 02-392-0330)

11. Others

We notify you that this NAVER Privacy Policy does not apply to the act of collecting personal information by websites linked to NAVER.
In addition, detailed information on protection of personal information in NAVER mobile services is available on NAVER Mobile Privacy Protection page.

12. Obligation to Notify

Any addition, deletion or modification of this document will be notified through Notification on the homepage at least seven days prior to such revision taking effect. However, if significant changes are made to user rights, including changes to collection and use of personal information and disclosure of the information to third parties, users will be notified at least 30 days prior to intended changes.

  • Date of notification: January 3, 2012
  • Date of implementation: January 10, 2012