Privacy Policy
Last updated
Last updated
RECYCLEFARM Inc. (hereinafter referred to as the "Company") values the protection of user privacy and always strives to protect personal information (including personal location information, unless otherwise specified) of users.
The Company complies with relevant laws and regulations, including the Personal Information Protection Act and the Act on the Protection and Use of Location Information, and ensures compliance with personal information protection regulations in accordance with the laws and regulations when operating services (including web and mobile sites and smartphone apps) under its operation ("RecycleFarm Service" or "Service"). The Company makes the personal information protection policy publicly available on the Service so that users can easily access it at any time.
The Company may change the privacy policy periodically in accordance with changes in government laws and guidelines, and establishes necessary procedures for continuous improvement of the privacy policy. When revising or changing the privacy policy, the Company notifies the content through the homepage.
This privacy policy applies to users using the Service and contains information on how the personal information provided by users is used and processed, and what measures are taken to protect personal information.
The Company collects and uses the minimum necessary personal information to provide the RecycleFarm Service to users. The Company will not collect or use personal information for purposes other than the following purposes, and if the purpose of collection or use changes, the Company will take necessary measures, such as obtaining separate consent in accordance with the Personal Information Protection Act and other relevant laws and regulations.
Category | Items of Collection and Use | Purpose of Use | Period of Use and Retention |
---|---|---|---|
Category | Items of Collection and Use | Purpose of Use | Period of Use and Retention |
---|---|---|---|
The Company retains and uses personal information of users from the date of providing the information until the user withdraws membership (for location information, until the termination of location-based tasks). Pursuant to Article 16, Paragraph 2 of the Location Information Act, the Company automatically records and preserves confirmation data of location information use for members in the location information system, and this data is retained for 6 months from the recording date.
In case a user requests service termination, withdraws consent for the collection and use of personal information, or requests deletion of personal information, the Company promptly destroys the personal information (including confirmation data of location information collection, use, and provision) within the scope of the withdrawal/deletion request. However, if there is a need to retain member information pursuant to relevant laws such as the Commercial Act, the National Tax Basic Act, or laws related to consumer protection, the Company retains the information for the period specified by such laws. In this case, the Company only uses the retained information for its retention purpose, and the retention period is as follows:
Once the purpose of using or providing personal location information is achieved, the company immediately destroys the personal location information excluding the confirmation data of location information use or provision. However, if it is necessary to retain it under other laws or if the member separately agrees to the retention of personal location information, the company can retain it for a maximum of one year from the date the member agrees.
The Company shall promptly destroy collected personal information when it becomes unnecessary due to the expiration of the personal information retention period or the achievement of the purpose of use. The procedure and method of destruction are as follows:
Destruction Procedure: The Company selects personal information for destruction when the need arises and obtains approval from the Personal Information Protection Manager before proceeding with the destruction.
Destruction Deadline: Personal information of users is deleted when the retention period expires. However, if it is discovered that an individual has used another person's personal information to register for membership or similar actions, the Company promptly takes necessary measures. Additionally, if a user requests service suspension or withdrawal due to discovering their personal information being misused, the Company may take appropriate actions, including submission of relevant information to relevant authorities through established procedures.
Destruction Method: Personal information in paper form is shredded or incinerated using chemicals to ensure destruction, while electronically stored personal information is deleted using technically irretrievable methods.
If personal information must continue to be retained due to other laws despite the expiration of the agreed-upon retention period or the achievement of the processing purpose, the Company transfers such personal information to a separate database or stores it in a different location for preservation.
In order to enhance services, the Company entrusts personal information as follows. In accordance with relevant laws, the Company ensures that entrusted personal information is securely managed by prohibiting the processing of personal information beyond the entrusted tasks, implementing technical and administrative protective measures, restricting re-outsourcing, supervising and managing entrusted entities, and specifying responsibilities such as indemnification in contracts or other documents. The entrusted entities and the tasks they perform are as follows:
If the content or recipient of the commissioned task changes, we will promptly disclose it through this Privacy Policy.
The Company processes the User's personal information only within the scope specified for the purpose of personal information processing, and except with the User's consent or special regulations under the law, does not provide personal information to third parties beyond that scope.
When providing personal location information to a third party, the Company notifies the User in advance of the recipient and purpose of the provision and obtains consent.
When providing personal location information to a third party as per the preceding paragraph, the Company promptly notifies the User of the recipient, date of provision, and purpose of provision through communication devices or email addresses.
The Company uses 'cookies' to provide personalized services. Cookies are small data files that can be stored on a device, typically containing a unique identifier associated with the account, session, and/or device, additional data relevant to the purpose of cookies, and self-management information for cookies. The Company uses cookies to grant access to the core functions of our app on devices, track app usage and performance on devices, adjust user experience on our app based on user preferences, and provide advertising on devices. Communication of cookie data between devices and servers occurs in a secure environment.
(1) Purpose of using cookies: Used to understand user visits and usage behavior on each service and website visited by users to provide optimized information.
(2) If you refuse to store cookies, you may have difficulty using personalized services.
(3) Installation/Operation and refusal of cookies
You can set your web browser to allow all cookies, prompt you each time a cookie is saved, or refuse all cookies.
How to specify whether to allow cookie installation (example based on Internet Explorer 11)
Select [Internet Options] from the [Tools] menu.
Click the [Privacy] tab.
Select [Advanced] and set it to the desired level.
The Company may collect and use behavioral information to provide users with optimized personalized services, benefits, and online tailored advertisements during the service usage process.
The Company may collect the following behavioral information:
Items of behavioral information: Users' service visit records, activity logs, and search histories within the service.
Method of collecting behavioral information: Automatically collected when users visit or use the website or app.
Purpose of collecting behavioral information: To provide personalized advertisements based on user interests and preferences.
Retention/use period and post-processing method: Within 5 days after the user's withdrawal or according to the retention period prescribed by law.
Online advertising businesses may collect and use behavioral information to provide users with online tailored advertisements as follows:
Advertisers intending to collect and use behavioral information: Google AdMob
Items of behavioral information: Users' service visit records, activity logs, and search histories within the service.
Method of collecting behavioral information: Automatically collected when users visit or use the website or app.
Purpose of collecting behavioral information: To provide personalized advertisements based on user interests and preferences.
Retention/use period and post-processing method: Within 5 days after the user's withdrawal or according to the retention period prescribed by law.
The Company or online advertising businesses shall collect only the minimum necessary behavioral information for online tailored advertisements. Sensitive behavioral information that may clearly infringe on an individual's rights, interests, or privacy, such as beliefs, family and kinship relationships, education, medical history, or other social activities and careers, will not be collected.
The Company or online advertising businesses may collect and use advertising identifiers (ADID, IDFA, etc.) for online tailored advertisements in mobile apps. Users can block or allow personalized advertisements in apps by changing the settings on their mobile devices.
Blocking/allowing advertising identifiers on smartphones:
[Android] (1) Settings → (2) Privacy → (3) Ads → (4) Reset advertising ID or opt out of personalized ads
[iPhone] (1) Settings → (2) Privacy → (3) Tracking → (4) Allow apps to request tracking off ※ Menu and method may vary slightly depending on the mobile OS version.
Users may contact the contact provided in Clause 13 to inquire about behavioral information, exercise the right to refuse, file complaints, etc.
Rights of users and legal guardians and their exercise methods:
Users may exercise the following rights regarding personal information protection against the Company at any time:
Request to access personal information.
Request correction if there are errors.
Request deletion.
Request suspension of processing.
The exercise of rights under (1) can be done through written requests, telephone, email, or fax to the Company, and the Company will promptly respond.
If a user requests correction or deletion of personal information, the Company will not use or provide the information until the correction or deletion is complete.
The exercise of rights under (1) can be done through representatives such as legal guardians or delegated persons. In this case, the user must submit a power of attorney in accordance with the format of the guidelines on personal information processing.
Pursuant to Article 39-8 of the "Personal Information Protection Act," the Company will periodically (more than once a year) notify users of their personal information usage history.
You may withdraw your consent to the collection, use, and provision of personal information related to service registration at any time. You can withdraw your consent directly within the app by accessing "Settings > Terms and Privacy Agreement" or by contacting the Personal Information Protection Manager in writing, by phone, or via email. The Company will take immediate action to withdraw your consent, including actions such as withdrawing consent and destroying personal information, and will promptly notify you of such actions.
The Company takes the following measures to ensure the security of personal information:
Administrative measures: Establishment and implementation of internal management plans, regular employee education, etc.
Technical measures: Access control management of personal information processing systems, installation of access control systems, encryption of personal information, installation of security programs, etc.
Physical measures: Access control in computer rooms, data storage rooms, etc.
If any of the following persons (hereinafter referred to as "children under 8 years of age") agree to the collection, use, or provision of personal location information of children under 8 years of age for the protection of their lives or bodies, their guardian's consent is deemed to be obtained:
(1) Children under 8 years of age
(2) Plenary guardian
(3) Individuals with severe disabilities under Article 2(2)(2) of the Act on the Welfare of Persons with Disabilities who correspond to severe disabilities under Article 2(2) of the Act on the Promotion of Employment and Vocational Rehabilitation for Disabled Persons (Only those who have been registered as disabled under the Act on the Welfare of Persons with Disabilities are applicable.)
The guardian of children under 8 years of age referred to in Paragraph 1 means a person who effectively protects children under 8 years of age and includes any of the following:
(1) Legal representative of a child under 8 years of age or a guardian under Article 3 of the Act on Guardianship Duties of Minors in Protection Facilities
(2) Legal representative of a plenary guardian
(3) Legal representative of a person under Paragraph 1, or a head of a facility for persons with disabilities under Article 58(1)(1) of the Act on the Welfare of Persons with Disabilities (limited to facilities installed and operated by the state or local governments), a head of a mental health facility under Article 22 of the Act on the Promotion of Mental Health and the Welfare of Mental Patients, or a head of a mental rehabilitation facility under Article 26 of the same Act (limited to facilities installed and operated by the state or local governments)
If a person who wishes to agree to the collection, use, or provision of personal location information for the protection of the lives or bodies of children under 8 years of age, they must submit a written consent form to the Company, attaching a document proving that they are the guardian of children under 8 years of age.
The written consent form under Paragraph 3 must include the following information, and the guardian must sign and seal or sign:
(1) Name, address, and date of birth of the child under 8 years of age
(2) Name, address, and contact information of the guardian
(3) Confirmation that the purpose of collecting, using, or providing personal location information is limited to the protection of the life or body of the child under 8 years of age
(4) Date of consent
The guardian may exercise all the rights of the data subject regarding the collection or provision of personal location information of children under 8 years of age.
The Company may pseudonymize collected personal information when necessary for statistical analysis, scientific research, public interest record-keeping, etc., in a manner that specific individuals cannot be identified.
When processing, outsourcing, or providing pseudonymous information according to Articles 28-2 to 28-7 of the Personal Information Protection Act, the Company will disclose such actions through this Privacy Policy.
When pseudonymizing information, the Company will pseudonymize the minimum necessary items and separate and manage pseudonymous information to prevent re-identification. Additionally, the following technical and administrative protective measures will be taken:
Administrative measures: Establishment and implementation of internal management plans, regular employee education, etc.
Technical measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, etc.
Physical measures: Access control in computer rooms, data storage rooms, etc.
The Company is responsible for overseeing personal information processing tasks and has designated a Personal Information Protection Manager to handle complaints and remedies related to personal information processing. The contact information is as follows:
Users may report or inquire about any matters related to personal information protection, complaints, counseling, and remedies to the Personal Information Protection Manager and the department in charge of personal information protection at the Company. The Company will promptly respond and handle inquiries from users.
Users seeking remedies for personal information breaches may contact the Korea Internet & Security Agency Personal Information Infringement Report Center, Cyber Terror Response Center of the Korean National Police Agency. Other relevant agencies for reporting and consultation regarding personal information breaches:
Korea Internet & Security Agency Personal Information Infringement Report Center: 118 (http://privacy.kisa.or.kr)
Cyber Investigation Division, Supreme Prosecutors' Office: 1301 (http://spo.go.kr)
Cyber Investigation Bureau, Korean National Police Agency: 182 (http://ecrm.police.go.kr)
Personal Information Dispute Mediation Committee: 1833-6972 (http://kopico.go.kr)
Individuals whose rights or interests have been infringed due to the disposition made by the head of a public agency or an act of negligence regarding requests such as access, correction, deletion, or suspension of processing of personal information under the Personal Information Protection Act may request administrative litigation according to the Administrative Litigation Act:
Central Administrative Appeals Commission: 110 (www.simpan.go.kr)
This Privacy Policy is effective from July 1, 2023.
Date of Announcement: July 1, 2023 Date of Enforcement: July 1, 2023
Legal basis | Retention information | Retention period |
---|---|---|
Category | The content of the commissioned tasks | Period of commission |
---|---|---|
Recipient | Provided items | Purpose of provision | Period of Use and Retention |
---|---|---|---|
Personal Information Protection Officer | Email Address |
---|---|
Optional
Service usage and subscriber management (verification for service usage, personal identification, notification delivery, etc.)
Until withdrawal of membership
Optional
(Kakao Easy Sign-up) Kakao account (email), nickname, profile picture
Kakao Talk easy sign-up and user management (verification for service usage, personal identification, notification delivery, etc.)
Until withdrawal of membership
Optional
(Google Easy Sign-up) Google account (email), nickname, profile picture
Google easy sign-up and user management (verification for service usage, personal identification, notification delivery, etc.)
Until withdrawal of membership
Optional
(Apple Easy Sign-up) Apple account (email)
Apple easy sign-up and user management (verification for service usage, personal identification, notification delivery, etc.)
Until withdrawal of membership
Optional
Phone number
Utilization for marketing advertisements
Provision of information such as development and improvement of "RecycleFarm Service"
Provision of advertising messages related to new services or events Until withdrawal of membership
Until withdrawal of membership
Essential
Service usage and subscriber management, including identity verification for service usage, personal identification, prevention of misuse by malicious users and unauthorized usage, confirmation of intent to join, retention of records for dispute resolution, handling of complaints and grievances, and delivery of notifications and announcements.
For a period of 7 days following membership withdrawal.
Optional
(Kakao Easy Sign-up) Kakao account (email), nickname, profile picture
User management for KakaoTalk easy sign-up and login, including identity verification for service usage, personal identification, prevention of misuse by malicious users and unauthorized usage, confirmation of intent to join, retention of records for dispute resolution, handling of complaints and grievances, and delivery of notifications and announcements.
For a period of 7 days following membership withdrawal.
Optional
(Google Easy Sign-up) Google account (email), nickname, profile picture
User management for Google easy sign-up and login, including identity verification for service usage, personal identification, prevention of misuse by malicious users and unauthorized usage, confirmation of intent to join, retention of records for dispute resolution, handling of complaints and grievances, and delivery of notifications and announcements.
For a period of 7 days following membership withdrawal.
Optional
(Apple Easy Sign-up) Apple account (email)
User management for Apple easy sign-up and login, including identity verification for service usage, personal identification, prevention of misuse by malicious users and unauthorized usage, confirmation of intent to join, retention of records for dispute resolution, handling of complaints and grievances, and delivery of notifications and announcements.
For a period of 7 days following membership withdrawal.
Optional
Measured number of steps
Step analysis (providing carbon emission reduction based on the number of steps, distance traveled, and activity time) and staircase ascent analysis (providing carbon emission reduction based on the number of staircases climbed, distance traveled, and activity time).
Until membership withdrawal
Optional
Personal location information
Providing location-based challenges: Utilizing user's location information to operate challenges and provide rewards based on participation, offering challenge information and participation guidance using the user's current location, and providing nearby information based on the user's location.
Until the end of the location-based challenge
Optional
(Profile picture integration) Profile image (Kakao/Naver)
Integration of KakaoTalk/Google profile images.
Until membership withdrawal
Optional
Phone number, email, PUSH ID, agreement path/date, cookies, and automatically collected information (such as user's app service visit history, search history), advertising identifiers (ADID/IDFA)
Utilization in marketing advertisements:
Provide information on the development and improvement of "RecycleFarm Service"
Send personalized advertisements and information related to new services or events, and third-party products related to "RecycleFarm Service"
Until membership withdrawal
Electronic Commerce Consumer Protection Act
Records related to contracts or withdrawal of subscription
5 years
The laws related to consumer protection in e-commerce, Commercial Act, National Tax Basic Act, Income Tax Act, Corporate Tax Act, Value-Added Tax Act.
Records related to payment and supply of goods, ledger and documentary evidence related to transactions
5 years
Electronic Commerce Consumer Protection Act
Records related to consumer complaints or dispute resolution
3 years
Electronic Commerce Consumer Protection Act
Records regarding display/advertisement
6 months
Google Firebase
User account (email), nickname, phone number, mobile notification service, app push notifications.
3 years
Google Admob
Encrypted customer ID
Point settlement (processing of point approval, accumulation, etc.)
Until the member withdrawal or termination of the partnership service.
CEO
privacy@recyclefarm.org