Babyfolio Privacy Policy, JEJEMEME Inc.
This Privacy Policy (hereinafter referred to as the “Privacy Policy”) describes how JEJEMEME Inc. (the "Company") processes and protects users' personal information and rights and interests in accordance with the Personal Information Protection Act of Republic of Korea and handle users' requests related to personal information. The Company processes and protects users' personal information as follows in compliance with the Personal Information Protection Act and other relevant laws and regulations.
1.
Purpose of Collecting and Using Personal Information
The Company collects personal information in accordance with this Privacy Policy to the extent necessary for the operation of all related services, including the Babyfolio Service (the "Service"). The Company utilizes the collected personal information for the following purposes and does not use it for any purpose other than the following:
a.
Membership management
Includes providing membership services, identifying individuals, restricting the access of members who violate the terms of use, sanctioning acts that interfere with the smooth operation of the Service or unauthorized use of the Service, confirming the application for registration, managing subscriptions and limiting the number of subscriptions, keeping records for dispute resolution, handling user requests such as complaints, delivering notifications, confirming the withdrawal of membership, and confirming the information of corporate membership.
b.
Fulfillment of contractual liabilities and settlement of payments in accordance with the provision of the Service
Includes identity verification, delivery of notifications including revision of terms and conditions, purchase, and payment of fees for the paid services, delivery of goods and services, etc.
c.
Development of new services and marketing and advertising activities
Includes development of new services, products, or features and provision of personalized services, provision of event and advertising information, validation of services, collecting number of access and statistics on members' use of the Services.
2.
Personal Information Collected and Method of Collection
a.
Particulars of personal information collected:
The Company collects the following information for the purpose of membership registration, provision of the Service, customer supports, personalized algorithms and service improvement based on the information provided by users. The information collected shall be encrypted so that a specific individual cannot be identified solely by such information.
i.
At the user registration:
•
Member's personal information including email address or ID (relevant account ID information in case of using an account of Affiliated Service such as KakaoTalk, Google, Naver, or Apple), relation with child, name (or nickname), mobile phone number, child's gender, child's name (or nickname), child's date of birth;
•
Any additional information provided by the Company’s Affiliated Service subject to the users’ registration method for the purpose of authorizing such registration;
Affiliated Service of user’s choice | Provided by Affiliated Service (Required) | Provided by Affiliated Service (Optional) |
Sign up with Kakaotalk
(provided by Kakao Corporation) | Nickname, profile picture, email address, phone number, status and history of KakaoTalk channel | None |
Sign up with Naver ID
(provided by NAVER Corporation) | None | Name, Profile picture |
Sign up with Google ID
(provided by Google Inc.) | Email address | Profile |
Sign up with Apple ID
(provided by Apple Inc.) | Unique key | Email address |
ii.
While using the Service, the following information may be automatically generated and collected:
•
IP address, cookies, device information, visit date and time, service usage history, user-generated content (text, image, video), etc.
iii.
The following information may be collected when necessary to process payment, etc for the paid services.
•
For payments by credit card: Credit card type, cardholder’s name, installment, card company name, card number, authorization number, etc.
•
For bank transfer: Personal identification number, bank name, account number, transaction number, transaction name, transfer status, etc.
•
For in-app payment: Receipt number, payment authorization, etc.
•
For mobile phone payments: Mobile phone number, payment amount, payment authorization, etc.
iv.
The following information may be collected for offline goods delivery:
•
Order information (name, phone number, mobile phone number), delivery information (name, phone number, mobile phone number, address)
b.
Methods to collect personal information
The Company collects personal information in the following methods:
i.
Provided voluntarily by users for the registration or use of the Service
ii.
In case that a member logs in using an Affiliated Service of the member’s choice such as KakaoTalk, Google, Naver, Apple, etc., provided by such Affiliated Service upon the member's consent.
iii.
Automatically generated in the due course of users’ use of the Service, such as device information and service usage records.
3.
Provision of Personal Information to Third Parties
The Company shall use members' personal information within the scope specified in '1. Purpose of collecting and using personal information' and shall not use such personal information beyond that scope or provide to a third party, except when it is essential for the purpose of the Service or upon the prior consent of the member, or for the following exceptions:
a.
In case that the information is essential to provide service(s) requested by the user;
b.
In case that the user has given prior consent;
c.
In accordance with the provisions of laws and regulations, or when requested by investigative agencies in accordance with the procedures and methods prescribed by laws and regulations for the purpose of investigation; and
d.
If the rights and obligations of the service provider are succeeded or transferred by sale, merger, acquisition, etc., the user will be notified in advance and given the option to withdraw consent to the user's personal information.
4.
Consignment of Personal Information Processing
The Company consigns the processing of personal information as follows to improve the service upon stipulating the necessary rules to ensure that personal information is managed safely in the consignment contract in accordance with the relevant laws and regulations. The Company's entrusted personal information processing organizations and entrusted tasks are as follows. If any changes occur, the Company shall notify users of the changes through the notice and Privacy Policy.
Consignee | Scope of Work |
SmileServe | Data storage and server system operations |
NAVER CLOUD PLATFORM | Data storage and server system operations |
Amazon | Data storage and server system operations |
Cloudflare | Data storage and server system operation |
Cloocus | Data storage and server system operations |
Danal Infra Lab | Data storage and server system operations |
Digital Myungsung Tech | Photo and photo goods production and shipping |
Maybee One Inc. | Photo and photo goods production and shipping |
Betterway Systems | Photos and photo goods production and shipping |
Blanker Corporation | Photos and photo goods production and shipping |
Korea Academic Information Co. | Photos and photo goods production and shipping |
Husk Factory | Photos and photo goods production and shipping |
Toss Payments | Accepts credit cards and bank transfers |
NHN Commerce | Provides e-commerce platform |
Channel Corporation | Customer center operation and customer consultation |
5.
Term of Use and Retention of Personal Information
a.
In principle, personal information of members shall be destroyed without delay when the purpose of collecting and using personal information is achieved. However, in the following cases, the personal information shall be retained for the period specified for each reason for retention in accordance with relevant laws such as the Commercial Act and the Company’s policies.
i.
Records of contract or withdrawal from the Service: 5 years (Act on Consumer Protection in Electronic Commerce)
ii.
Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
iii.
Records of consumer complaints or disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
iv.
Website or platform access records and service usage records: 3 months (Act on the Protection of Communications Secrets)
v.
Records of unauthorized use: 1 year (Prevention of unauthorized use and transactions in accordance with internal policies)
b.
To protect the user’s personal information, if the user has not used the Service for more than 180 days, the Company may separate the user’s personal information into a Long-term unused user and prevent the user from using such an account. The details of the Long-term unused user policy are as follows:
i.
Accounts that have not been used to access the app for 180 days or longer will be converted to Long-term unused user.
ii.
The Company shall notify three times the user via email or mobile phone number provided at registration before conversion to the Long-term unused user.
iii.
If the account was converted to Long-term unused user, all contents and personal information stored in the service will be immediately deleted from our servers to protect privacy and cannot be restored.
iv.
In case of conversion to Long-term unused user, Cheese credited to the account will be expired subject to each scheduled expiration date.
6.
Discard of Personal Information
In principle, the personal information of members shall be destroyed without delay when the purpose of processing personal information is achieved. The procedure, deadline and method of destruction are as follows.
a.
Destruction procedure: The information provided by the user shall be destroyed EITHER after it is transferred to a separate DB (separate documents in case of paper) and stored for a certain period of time in accordance with the internal policy and other relevant laws and regulations OR immediately, after the purpose is achieved. In this case, the personal information transferred to the DB will not be used for any purpose otherwise required by law.
b.
Due of destruction: The personal information of users shall be destroyed within 5 days from the end of the retention period if the retention period of personal information has elapsed, or within 5 days from the date upon acknowledgment that the processing of personal information is no longer necessary due to achievement of the purpose of processing personal information, the abolition of the service, or the termination of the business.
c.
Destruction method: Personal information printed on paper shall be destroyed by shredding or incineration, and information in the form of electronic files shall be destroyed using a technical method that does not allow the record to be reproduced.
7.
Use and Provision of Personal Information Within the Scope Reasonably Related to the Purpose of Collection
The Company may use or provide personal information to a third party without the user's consent within a reasonable scope related to the original purpose of collection, according to each of the following criteria:
a.
Whether the purpose is related to the original purpose of collection: The Company shall decide accordingly upon considering whether the original purpose of collection and the purpose of further use and provision are related in nature or tendency;
b.
Whether there is foreseeability of further use or provision of personal information in light of the circumstances under which the personal information was collected or the business practices: The Company shall decide upon considering the relationship between the personal information processor and the user, the level and pace of technological development, and general circumstances or practices established over a considerable period of time;
c.
Whether the interests of the user are unreasonably infringed: The Company shall decide upon considering whether the interests of the user are substantially infringed in relation to the additional purpose of use and whether the infringement of such interests is unreasonable.
d.
Whether necessary measures have been taken to ensure safety, such as anonymization or encryption: The Company shall decide by considering whether safety measures are taken in consideration of the possibility of infringement.
8.
Exercise of Rights and Obligations of Users and Legal Representatives
a.
Users may exercise their rights to view, correct, delete, or suspend the use of personal information at any time against the Company.
b.
Users may indicate exercise of rights under the Clause 8.A. in writing, e-mail, etc. and the Company will take action without delay upon receipt of such indication.
c.
The rights under the Clause 8.A. may be exercised through an agent, such as a legal representative of the user or a person who has been delegated by the user. In such case, the user must submit a document such as power of attorney which confirms the delegation.
d.
The exercise of rights to view, correct, delete, or suspend the use of personal information may be limited in accordance with relevant laws and regulations such as the Personal Information Protection Act.
e.
Requests for correction and deletion of personal information shall not be accepted if the personal information is specified as the subject of collection under other laws.
f.
The Company shall verify whether the person who made a request for access, correction, deletion, or suspension of use of personal information in accordance with the user's rights is the user him/herself or a legitimate representative.
9.
Installation, Operation, and Rejection of an Automatic Collection Tool for Personal Information
a.
Purpose of use of Cookies
i.
The Company may use Cookies that store and retrieve user's information from time to time in order to provide personalized and customized services. A Cookie is hereby defined as a small text file sent by the website server to the user's browser, which can be stored on the hard disk of the user's device.
ii.
The Company may use Cookies to identify members and maintain the member’s login status.
iii.
The Company may use Cookies to identify the type, scale, etc. of users' visits to and use of the Service and provide users with optimized and customized information, including advertisements.
b.
Installation, Operation and Rejection of Cookies
Users reserve the right to opt in or out for Cookies. Users can determine whether to allow all Cookies, choose Cookies to allow, or block all Cookies. Notwithstanding the aforementioned, in case that the user refuses storage of Cookies, the user’s access to specific services that require login may be limited.
10.
Anonymization of Information
The Company processes personal information collected for statistical purpose, scientific research, and records for public interests through anonymization to avoid a specific individual being recognized, as follows:
a.
Details of anonymization procedures
Category | Purpose of use | Scope | Termination of use |
Service Development | Analyze growth information by age group, create statistics, and content recommendations | Quantitative parenting data, including measured data | Withdrawal from the Service |
Service development | Statistics and in-service content recommendations | Photo and video location, gender, and age | Upon completion of development |
b.
Measures to secure the safety of anonymized information in compliance with the obligation to take safety measures for anonymized information
i.
Administrative measures: The Company shall establish and implement internal personal information management plan and regular employee training;
ii.
Technical measures: The Company shall manage access rights to personal information processing systems, install access control systems, encrypt unique identification information, and install security programs
iii.
Physical measures: The Company shall control access to computer rooms, data storage rooms, etc.
11.
Processing of Personal Location Information
a.
The Company shall process personal location information as follows:
i.
Purpose of processing personal location information: The Company shall process the location information of members or the location information of photos and videos uploaded by members for the purpose of providing convenience in using the Service and providing or recommending contents in the Service.
ii.
Retention period of personal location information: Upon the achievement of the purpose of processing personal location information, such as the achievement of the purpose of collection and use or the member’s withdrawal of membership, personal location information shall be securely deleted in a manner that prevents recovery and reproduction. Notwithstanding, if there is a legitimate reason, such as the need to store the information in compliance with any relevant laws, the Company shall comply with such laws.
iii.
Basis of retention and retention period of collection, use, and verification of personal location information: Article 16, Paragraph 2 of the Act on the Protection and Utilization of Location Information, 6 months
iv.
Procedures and methods for discarding personal location information: The Company shall destroy personal information recorded and stored in the form of electronic files using technical methods that the records cannot be reproduced, and destroy personal information recorded and stored in paper documents by shredding or incinerating them.
b.
The Company shall not provide personal location information to third parties, and if it is necessary to provide such location information to a third party, the Company shall notify the member of the recipient and purpose of the provision and request for consent prior to privision.
c.
In case a guardian of a person who falls under the below agrees to the use or provision of personal location information to protect the life or body of each of the person, it shall be deemed as valid as the consent from the person. The guardian shall submit a written consent form to the Company stating the person’s name, address, and date of birth and the statement to acknowledge the purpose of collecting, using, or providing personal location information is limited to protecting the life or body of the person with the date of such acknowledgement.
•
Children under the age of 8
•
Guardian of the person under the age of majority
•
A person with a mental disability pursuant to Article 2, Paragraph 2 of the Disability Welfare Act and a severe disability pursuant to Article 2, Paragraph 2 of the Employment Promotion and Vocational Rehabilitation Act (limited to a person who has registered as a person with a disability pursuant to Article 32 of the Disability Welfare Act)
12.
Collection, Use, and Rejection of Behavioral Information
a.
The Company collects and uses behavioral information generated by the user’s use of the Service to provide customized services and benefits optimized for users, online customized advertisements, etc.
b.
The Company collects behavioral information as follows:
Items | User's access to website/app service, search history, and purchase history |
Method of Collection | Automatically collected during user’s access to website and app |
Purpose of Collection | To provide personalized product recommendation service (including advertisements) based on user's interests and inclinations |
Retention and usage period | Data to be retained and used for up to 36 months from the date of collection, and destroyed after the retention period has expired |
c.
The Company allows the following online personalized advertising providers to collect and process behavioral information:
•
Online personalized advertising vendors: Google, AppLovin, Meta, Pangle, InMobi, and Coupang
•
Method of collection: Automatically collected and transmitted during the user’s access to the Company’s website or app
•
Information to be collected: The user’s web/app browsing history, search history, purchase history.
d.
The Company shall collect only the minimum behavioral information necessary for online personalized advertising and other services, and shall not collect sensitive behavioral information that may clearly infringe on the rights, interests or privacy of individuals, such as ideas, beliefs, family and relatives, education and medical history, and other social activity records.
e.
The Company shall not collect behavioral information for the purpose of personalized advertising from children under the age of 14 or from online services whose primary users are children under the age of 14 and shall not provide personalized advertising to children known as under the age of 14.
f.
The Company collects and uses advertising identifiers for online personalized advertising in the mobile app. Users can block or allow personalized ads in the app by changing the settings on their mobile device.
•
The menu and method may differ slightly depending on the version of mobile OS.
•
Android: Settings → Privacy → Advertisements → Reset Advertisement ID or Delete Advertisement ID
•
iPhone: Settings → Privacy → Tracking → Turn off Allow apps to track your activity
g.
Users can block or allow online personalized advertising in bulk by changing the web browser's cookie settings. Notwithstanding, changing cookie settings may affect the use of certain services, such as automatic login to websites.
•
Internet Explorer: Tools → Internet Options → Privacy → Settings → Block Cookies
•
Microsoft Edge: Settings → Privacy, search, and services → 1) Always use strict do not track in InPrivate mode, 2) Privacy -> Send a do not track request
•
Google Chrome: Settings → Privacy and security → Cookies and other site data → Choose how you want to block cookies
13.
Technical and Administrative Protection Measures for Personal Information
The Company shall take the following technical and administrative measures to ensure the safety of personal information to prevent the personal information from being lost, stolen, leaked, altered or damaged when processing personal information of members.
a.
Measures for cybersecurity
The Company shall do its best to prevent the leakage or damage of members' personal information due to hacking or computer viruses. The Company shall prevent the leakage or damage of members' personal information or data, enable safe transmission of personal information on the network through encrypted communication, etc. and control unauthorized access from the outside using an intrusion prevention system.
b.
Minimization and training of relevant staff
The Company's staff involved in personal information handling shall be strictly limited to the persons in charge, and a separate password shall be assigned to such staff, which shall be updated regularly. The Company shall highlight compliance with the Company's personal information processing policy through frequent training for such persons in charge.
c.
Operation of a dedicated personal information protection organization
The Company shell check the implementation of the Company's personal information protection policy and the compliance of the persons in charge through the in-house personal information protection organization and make its best efforts to immediately correct if any problems are found. Notwithstanding, the Company shall not be liable for any problems caused by the leakage of personal information due to the member's own carelessness or for reasons other than the intentional or gross negligence of the Company.
14.
Personal Information Management Officer
You may report any complaints related to personal information protection arising from the use of the Company's services to the person in charge of personal information protection or the department in charge. The Company shall promptly respond to the member's report.
•
Personal Information Protection Officer
Name: Jeon Jewoo
Organization: JEJEMEME
Position: COO
Email: [email protected]
•
Department in charge of personal information protection
Department Name: IT Team
Person in charge: Youngwoo Lee
Contact: [email protected]
If you need to report or consult about any personal information infringement, contact the following organizations:
•
Personal Information Infringement Report Center (www.118.or.kr / 118)
•
Information Protection Mark Certification Committee (www.eprivacy.or.kr / 02-580-0533~4)
•
High-Tech Crime Investigation Division of the Supreme Prosecutors' Office (www.spo.go.kr / 02-3480-2000)
•
National Police Agency Cyber Terrorism Response Center (www.ctrc.go.kr / 02-392-0330)
15.
Responsibilities for Notification
This Privacy Policy may be changed due to government policies or the needs of the Company, and any modifications to the contents will be notified through the notice on the website at least 7 days prior to the implementation or simultaneously with the implementation in case prior notification cannot be made.
Notwithstanding the aforesaid, in case of any significant change in user’s rights, such as the collection and utilization of personal information or provision to a third party, the Company shall notify users at least 30 days in advance.
Addendum
This Privacy Policy is effective as of April 06, 2024.
Privacy Policy Revision History
Revised on: October 12, 2023
Revised on: November 3, 2022
Revised on: March 21, 2022
Revised on: January 13, 2022
Revised on: October 25, 2021
Revised on: February 25, 2020
Revised on: November 1, 2019