This Privacy Policy is applied to the services provided by NAVER and to me2day, Wingbus and Wingspoon that can be used with a NAVER ID.

1. Collected Personal Information and Collection Method
2. Purpose for Collection and Use of Personal Information
3. Disclosure and Provision of Personal Information
4. Entrusting Personal Information
5. Period of Retention and Use of Personal Information
6. Procedure and Method of Disposal of Personal Information
7. Rights of Users and Legal Representatives and Methods of Exercising the Rights
8. Installation, Operation and Rejection of Automatic Personal Information Collector
9. Technical and Administrative Measures of Personal Information Protection
10. Contact Information of Manager and Employee in Charge of Personal Information Management
11. Others
12. Obligation to Notify

A. Personal information collected by NAVER

1. 1) NAVER collects the following minimum personal information as required information upon initial user registration for purposes that include user registration, smooth customer consultation and provision of various services.

   <General user registration: register with telephone number>

   • Name, date of birth, gender, ID, password, nickname, contact information (choose one from email address and mobile phone number), registration authentication number

   <Real name user registration: register optionally with resident registration number or i-PIN>

   • Name, resident registration number (date of birth, gender and i-PIN number of users registering with i-PIN), ID, password, nickname, contact information (choose one from email address and mobile phone number), legal agent information of users under the age of 14, registration authentication number

   <Group ID registration>

   • Required information: group ID, company name, name of representative, representative phone number, representative email address, group’s address, ID of administrator, contact information of administrator, department and position of administrator.
   • Optional information: representative website, representative fax number

   <Foreigner general user registration: register with telephone number>

   • Name, date of birth, gender, ID, password, nickname, contact information (choose one from email address and mobile phone number), registration authentication number

   <Foreigner real name user registration >

   • Foreign residents in Korea: name, passport number or alien registration number, ID, password, nickname, contact information (choose one from email address and mobile phone number), gender of users registering with passport number, nationality of users registering with alien registration number, legal agent information of users under the age of 14, registration authentication number
   • Foreign residents abroad: name, ID, password, nickname, contact information (choose one from email address and mobile phone number), nationality, gender, date of birth, registration authentication number
2. 2) The following information may be automatically created and collected while services are used or businesses are processed.
   • IP Address, cookies, time of visit, service use records, delinquent use records
3. 3) When users use optional and customized service or enter events with a NAVER ID, the following information may be collected only from the users who use the corresponding services.
   • Click to see when the user is asked to agree to the collection of additional personal information.

     Agreement to the collection of additional personal information

     When users use optional and customized service or enter events with NAVER ID, they are notified and asked to agree to the collection of additional personal information that were not collected during user registration.

     Service	Collected personal information
     me2day	<When using with NAVER ID > - Required information: me2day address (if different from NAVER ID), - Optional information: nickname, mobile phone number, email address, blog address, school & company information <When registering with new me2day ID > - Required information: me2day address, nickname, password, email address - Optional information: name, date of birth, mobile phone number, gender, blog address, school & company information
     Wingbus/Wingspoon	Nickname, gender, address of blog (miniHome)
     Housekeeping Book	Housekeeping Book ID, household type, number of children, range of income, expenditure details, income details
     Healthcare	Blood type, physical details (height, weight, waist, hip), body composition (body mass index, abdominal fat percentage, waist hip ratio, skeletal muscle mass, body fat mass, body fat percentage, basal metabolism)
     NAVER LAB	Name, affiliation, contact information, email address
     NAVER talk	Mobile phone number, address book
     Mobile service authentication	Resident registration number, mobile phone number, address
     Love Book sponsorship inquiry	Sponsorship details, contact person, company or organization name, email address, contact information
     Library opening application	Name, email address, contact information
     Book Bus visit application	Name, email address, contact information
     Site search	Name of company (website), name, email address, contact information
     Photo print	Orderer information (mobile phone number, email address), name of recipient, shipping address, contact information of recipient
     Prize delivery for event winners	Shipping address, phone number
     People Search	<Edit Authority Management> If edited by owners of the information: name, resident registration number, resident registration card issue date or driver’s license number, mobile phone number If edited by family member, agency (club) employee, or other representatives: power of attorney (name, resident registration number, address of entruster and name, resident registration number, address of delegator), copy of the entruster’s ID, document that proves the relationship <People Information Management> Basic information (name, birth name, name in English, name in Chinese characters, date of birth, place of birth, date of death, height, weight, blood type, hobby, religion, blog, address, miniHome, official website), occupation or affiliation, education, work experience, awards, publication/sporting event
     App Factory	Name of developer, mobile phone number, website address
     Happybean Brand application	Name of representative, representative contact information, address, contact person, contact information
     Happybean Happylog application	Name of administrator, affiliated department, job position, contact information of administrator, name of organization, name of representative, bank account information
     QR code	Name, mobile phone number, telephone number, photo, fax number, email address, website address, company name, address

     
4. 4) The following payment-related information may be collected when using paid services.
   • When paying with credit cards: name of card company, credit card number, etc.
   • When paying with mobile phone: mobile phone number, mobile service provider, payment authentication number, etc.
   • When making credit transfer: bank name, account number, etc.
   • When paying with gift vouchers: voucher number

B. Personal information collection method

NAVER collects personal information using the following:

• Website, written forms, fax, telephone, customer service board, email, event entry information, shipping request
• Information provided by affiliated companies
• Tool collecting generated information

A. Execution of service provision agreement and billing for the provided service

To provide contents and customized services, to deliver goods or invoices, to conduct self-authentication, to make purchase and payment, to collect fee.

B. Member management

To conduct self-identification for the use of member-only services and for the compliance with limited self-identification policy, to verify personal identity, to prevent dishonest or unauthorized use by delinquent users (users who have permanently been forbidden to use services in accordance with first and second paragraphs of Article 20 of NAVER’s Terms of Use, due to the violation of the subparagraphs 1 to 8, paragraph 1 of Article 11), to verify intention to join membership, to limit acquisition of membership or number of accounts per user, to verify approval from a legal agent when collecting personal information of a user under the age of 14, to verify legal agent’s identity afterward, to retain records for settlement of conflicts, to process civil complaints including customer complaints, to deliver notices.

C. Development, marketing and advertisement of new services

To develop new services and provide customized services, to provide services and place advertisements based on statistical characteristics, to confirm validity of the service, to provide information on events and advertisement as well as opportunity to participate, to identify access frequency, to make statistics on member’s service usage.

Company uses personal information of users within the scope indicated in “2. Purpose for Collection and Use of Personal Information,” does not go beyond that scope without prior consent of the user, and principally does not disclose personal information of users to third parties. However, the following cases are exceptions.

• When user agreed to disclose in advance (Click to see details)

  Disclosure to the third parties

  “When user agreed to disclose in advance” means that the user voluntarily agreed to share his or her personal information to third parties for the purpose of using services.
  In addition, Company notifies users in advance and receives individual and explicit agreement about 1) the party to which the personal information will be disclosed; 2) the purpose of using it; 3) detailed information items to be disclosed; 4) the period of retention and use of personal information. In all this process Company does not collect additional information against the wishes of users and does not disclose to the third parties the information, disclosure of which was not approved of by users.

  NAVER services provided by NBP Corporation

  • Provided to: NHN Business Platform Corporation
  • Purpose: execution of service provision agreement and billing for the provided services, self identification upon account registration, verification of the user’s intent, establishment of smooth communication channel for troubleshooting and others, development, marketing and advertisement of new services
  • Provided personal information: ID, name, email address, mobile phone number
  • Period of retention and use of personal information by recipient: until account termination by user

  Movie ticket booking

  • Provided to: Yes 24 Corporation
  • Purpose: provision of movie reservation information and signing of reservation agreement
  • Provided personal information: NAVER ID, name, resident registration number (or alien registration number)
  • Period of retention and use of personal information by recipient: until the termination of services or account termination by user

  Social Apps

  • Provided to: application developer and developing companies
  • Purpose: use of social apps
  • Provided personal information: nickname (if none, then member ID), profile picture, friend list (list of Neighbor Bloggers, cafe members, me2day friends, depending on installed service), ID@naver.com (if needed for processing customer service)
  • Period of retention and use of personal information by recipient: while the app is being used

  NAVER Music

  • Provided to: CJ E&M
  • Purpose: downloading and listening to paid MP3 at NAVER Music
  • Provided personal information: NAVER ID
  • Period of retention and use of personal information by recipient: until the termination of the service or account termination by user

  
• When it is demanded by provisions of legislation or when an investigative agency makes a request based on process and method defined by the legislation for the purpose of investigation.

Company entrusts personal information as the following for the purpose of service enhancement, and in accordance with related legislation presents the necessary regulations upon signing of contract to ensure safe management of entrusted personal information.

Company entrusts personal information to the following organizations for the following purposes.

※ For certain services, customer consultation regarding payment and refund can be carried out by external content providers (click).

External Content Provider

In order to realize swift and accurate customer service, external content providers may directly provide customer service for the following inquiries. External content providers have access to the minimum personal information necessary for the corresponding consultation, which are never used for purposes other than customer service.

External Content Provider	Inquiries
CJTelenix, CJ E&M Co., Ltd.	Music service failure
UOK Co., Ltd.	Blurs on street and aerial view images of Map Service
Aro In Tech Co., Ltd.	Modification of traffic contents of Map Service
Inicis Co., Ltd., Daou Tech Co., Ltd.	Inquiries about payment and shipping via product registering bbs of Cafe Service
Infobank Co., Ltd.	Inquiries regarding mobile messenger

In principle, the personal information of users is destroyed without delay once the purpose of collection and use of the personal information has been accomplished. However, the following information will be retained over the described period for the corresponding reasons.

A. In accordance with Company’s internal policy

• - Record of misuse
  Reason: prevention of misuse
  Period: 1 year

B. In accordance with related legislation

If relevant legislation, including Commercial Law and Act on the Consumer Protection in the Electronic Commerce Transactions states to do so, Company retains the information for the period specified by legislation. In this case, Company uses the retained information only for the purpose of retention, the period of which is as stated below:

• - Record on agreement or withdrawal of subscription
  Reason: Act on the Consumer Protection in the Electronic Commerce Transactions
  Period: 5 years
• - Record on payment and supply of goods
  Reason: Act on the Consumer Protection in the Electronic Commerce Transactions
  Period: 5 years
• - Record on settlement of customer complaints or conflict
  Reason: Act on the Consumer Protection in the Electronic Commerce Transactions
  Period: 3 years
• - Record on self identification
  Reason: Act on Promotion of Information and Communication Network Utilization and information Protection
  Period: 6 months
• - Record on website visits
  Reason: Communication Privacy Protection Act
  Period: 3 months

In principle, the personal information of users is destroyed without delay once the purpose of collection and use of the personal information has been accomplished. Company destroys personal information following the procedure and method stated below.

A. Procedure of disposal

• The data entered by users for member registration is transferred to a separate database once the purpose is achieved (hard copies are moved to a separate cabinet), saved for a certain period in accordance with the internal policy and the reason of information protection stated by other relevant legislation (see period of retention and use), and destroyed.
• The corresponding personal information is not used for the purpose other than for retention, unless that purpose derives from the law.

B. Method of disposal

• Personal information printed on paper will be shredded or incinerated.
• Personal information saved in electronic file format will be erased using a technology that does not allow recovery of records.

• Users and legal representatives can view and modify their registered personal information or the personal information of children under 14 who they represent at any time, and if do not approve Company’s processing of personal information, users or their legal representatives can also refuse to agree or request termination of account (withdrawal of membership). However, in those cases users may have limited or no access to the services.
• In order to view and modify their personal information, users or legal representatives of users under the age of 14 should click “update personal information” (or “edit account information”), and click “withdraw membership” to terminate account (cancel agreement). Users can view, modify the personal information or withdraw after user identification is confirmed.
• Users can also contact the employee in charge of personal information management via telephone, email or in writing for immediate response to the request.
• If users request correction of errors in the personal information, the concerned information will not be used or disclosed until the correction is made. In addition, if the incorrect personal information has already been provided to a third party, immediate action will be taken to make corrections by notifying the third party of the updates.
• If users or legal representatives request termination of account or deletion of personal information, the concerned information will be processed only as indicated in “5. Period of Retention and Use of Personal Information,” and will not be viewed or used for any other purpose.

A. What is a cookie?

• Company uses cookies that save and frequently recall user information, in order to provide personalized and customized services.
• Cookies are very small text files sent to the user’s browser by the website’s server, and are saved in the hard disk of the user’s computer. When the user revisits the website, its server reads the saved cookies and uses them to maintain user configuration and provide customized service.
• Cookies do not automatically or actively collect personal identification information, while users can always refuse saving cookies or delete them.

B. NAVER’s purpose of using cookies

NAVER utilizes cookies to provide users with the optimized and customized information including adverts based on the analysis of user’s patterns of visiting and using NAVER’s services and websites, popular search terms as well as the data about connection using SSL, news page editing and number of users.

C. Installation, operation and rejection of cookies

• Users have the right to choose whether cookies are installed or not. Thus users can adjust options on their web browser allow all cookies, confirm each time that a cookie may be stored, or disallow all cookies.
• However, if a user rejects all cookies, there may be limitations in using certain services, which require log-in.
• Here is how users can set their cookie preferences (if using Internet Explorer):
  1. From the [Tools] dropdown, choose [Internet Option].
  2. Click on [Privacy] tab.
  3. Adjust the privacy slider.

Company takes the following technical and administrative measures for the purpose of safety acquisition that will prevent loss, theft, leak, falsification or damage of personal information while it is handling the personal information of its users.

A. Codification of passwords

Passwords of NAVER user IDs are known only by the users as they are stored and managed in encrypted form, and only the users who know their passwords can view and make changes to their personal information.

B. Countermeasures against hackers

Company does its best to prevent leakage or damage of the user’s personal information by hacking or computer viruses.
Company also frequently makes back-up copies of the personal information in case of deterioration, prevents leakage or damage of the information by using the latest vaccine programs, uses encrypted communication to facilitate safe transmission of personal information on the network.
In addition, NAVER controls external intrusion utilizing intrusion prevention system, and does its best to be equipped with all possible technological instruments to ensure system security.

C. Recruitment of minimum number of employees involved and education

Company restricts handling of the information only to authorized employee who is issued with a separate password, which is periodically updated. The employee in charge of the personal information management is constantly reminded of the importance of adherence to the privacy policy through employee training conducted frequently.

D. Special team for privacy protection

Company also does its best to resolve and correct any problem should it occur, through its special team for privacy protection that monitors enforcement of NAVER Privacy Policy as well as employees’ adherence to it.
However, Company does not take any responsibility for problems related to leakage of ID, password and resident registration number caused by user’s carelessness or internet connection.

You may file all your complaints with regard to personal information protection in NAVER services to the manager or the department in charge of protection of personal information.
Company will swiftly and fully respond to users’ reports.

Please refer to the organizations below for further consultation or report on other cases of personal information infringement:

• Personal Information Infringement Report Center (www.118.or.kr / 118)
• Korea Association for ICT Promotion (www.eprivacy.or.kr / 02-580-0533~4)
• High-tech Crime Investigation Section, Supreme Prosecutors’ Office (www.spo.go.kr / 02-3480-2000)
• Cyber Terror Response Center (www.ctrc.go.kr / 02-392-0330)

We notify you that this NAVER Privacy Policy does not apply to the act of collecting personal information by websites linked to NAVER.
In addition, detailed information on protection of personal information in NAVER mobile services is available on NAVER Mobile Privacy Protection page.