Vibrary Privacy Policy
VibeZone (hereinafter referred to as "Company") has established the [VIBRARY Privacy Policy] in order to comply with the Act on the Promotion of Information and Communications Network Utilization and Information Protection, Etc., the Personal Information Protection Act, the Protection of Communications Secrets Act, the Telecommunications Business Act, and all other relevant laws. We, the Company, are doing our best to protect the rights and interests of users by setting a privacy policy that is in accordance with required personal information protection regulations of the relevant laws and regulations that must be complied with by information and communications service providers.
The VIBRARY (hereinafter referred to as "VIBRARY" or "Service") mobile application (hereinafter referred to as "APP") developed by the Company takes protecting members' personal information very seriously. The Privacy Policy is shown on the first screen of the APP at initial signup and changes in content, and we are taking measures so that users of the Service can always easily check the Privacy Policy through "Official Announcement" posts.
For the continuous improvement of the Privacy Policy, the Company is establishing the necessary procedures for its revision. And when the Privacy Policy is revised, version numbers, etc., are given so that the users of the Service can easily check what items have been revised.
The Privacy Policy includes the following contents:
1. What is a privacy policy?
2. Items and methods of personal information collection
3. Right to deny the Privacy Policy and disadvantages of its denial
4. Purpose of collection and use of personal information
5. Sharing and provision of personal information
6. Consignment of personal information handling
7. Holding and usage period of personal information
8. Destruction procedure and methods for personal information
9. Matters related to the installation/operation and denial of automatic personal information collection tools
10. Technical/administrative protection measures for personal information
11. Contact information of the personal information protection officers
12. Other
13. Duty of disclosure
1. What is a privacy policy?
"Personal information" refers to information about a living individual, which includes the individual's name and other information that can identify the individual (even if the relevant information alone cannot identify a specific individual, this includes information that can be easily combined with other information to identify the individual).
The "Company" "collects, uses, and provides personal information based on consent" from users, and actively guarantees the "users' rights (right to self-determination of personal information)."
The Company complies with the relevant laws and regulations of the Republic of Korea, personal information protection regulations, and guidelines that information and communications service providers must comply with.
"Privacy policy" refers to the guidelines that the Company must comply with in order to protect the valuable personal information so that users can use the Company's Service with confidence.
This Privacy Policy applies to the VIBRARY Service.
2. Items and methods of personal information collection
"VIBRARY" collects the following personal information at initial membership signup or use of the Service:
1) "VIBRARY" signup information
- VIBRARY Partner (VP): VIBRARY account (ID/password), email address, nickname, nationality, name, phone number, Twitter activity information
- General user: Social networking site (SNS) login information, email address
2) User information collected at initial signup
- Language (Korean or English)
- Nationality
- Preferred artists (groups and members)
3) Device and application information
- Device information (including its identification number), firmware version, main settings (whether or not password is set)
- In-app usage record(use of in-app functions such as entry into screens/menus and button selections, errors during usage)
- IP addresses, cookies, visit dates, Service usage record, delinquent usage record, device information during mobile service usage (device model, OS type, telecommunications company information, hardware ID, advertising ID, basic statistics on service usage), application installation, and usage history
4) Social media page information
- Login account IDs for social networking sites (Naver, KakaoTalk, Twitter, Facebook, Line, Google, Apple), emails, and phone numbers
- Twitter ID key, address, profile, activity information
5) Information collected according to APP service usage
- Preferred artists
- Likes, My Albums, downloaded contents
- User access frequency, retention time, screen exit time, etc., for statistical analysis
6) Personal information collection methods
The Company collects personal information in the following methods:
- Mobile application, website, phone, FAQ bulletin board, email, entry into events, etc.
- Automatic collection from devices when using the Service
- Provision from partner companies (RSAD Co., Ltd., AMP Co., Ltd.)
- Automatic collection when running the Service
- Collection through generated information collection tools
3. Right to deny the Privacy Policy and disadvantages of its denial
The Company or the Company's personal information collection/use consent form may provide an "I do not consent" option to each item. If a user who wishes to use the VIBRARY Service does not agree to the collection of the above personal information, the user cannot use the Service. VIBRARY is not the official channel provided by the artists' agencies, and does not hold any legal responsibility regarding any individual's use of the Service or activity history.
4. Purpose of collection and use of personal information
The Company uses the collected personal information for the following purposes:
- Personal information is used to provide the Service promised to the users, email verification for the provision of the Service, customer services, and other various tasks.
- Personal information is used to confirm membership signup, identify users, confirm membership withdrawals, respond to inquiries, handle complaints, and manage other membership matters.
- Personal information is used to protect users and operate the Service safely by taking measures to restrict usage by members that violate laws, regulations, or terms and conditions, preventing and sanctioning against any acts or unauthorized acts, including illegal acts, that interfere with the smooth operation of the Service, preventing account theft or fraudulent transactions, delivering notices, preserving records for the settlement of disputes, etc.
- Personal information is used to provide the Service according to demographic characteristics, analyze access frequency, improve the Service, provide statistics regarding the usage of the Service, provide new services by analyzing user trends, interests, usage records based on Service analysis and statistics, etc. (* The Privacy Policy is revised later when new services are introduced.)
- Personal information can be used for the purposes of events and promotions, such as for providing push notifications, event information, and advertisement information.
- Personal information can be used for the improvement of the Service, such as for the analysis and statistics on the current improvement of the Service, new service development, and Service usage.
- Personal information can be used to provide the following services:
1. Personal information can be used as a supplement to reinforce the VIBRARY Service based on personal health information, as basic data for the provision of the VIBRARY Service.
2. Back up personal health information on a database, or save and use it for the purpose of linking with proof
3. Provide linkage services to the account (social networking, etc.)
4. Provide content and recommendations
5. A part of the VIBRARY usage records can be provided, if necessary, to optimize the Service by linking to other services provided by the Company.
5. Sharing and provision of personal information
The Company only uses the users' personal information only within the scope notified in "2. Items and methods of personal information collection." The Company does not use the users' personal information beyond this scope without the users' prior consent, and, in principle, does not disclose personal information to outside parties. However, the following cases are exceptions:
- If users' give prior consent
- If necessary for the settlement of fees in accordance with the provision of the Service
- In accordance with laws and regulations, or if requested by investigative authorities in accordance with procedures and methods prescribed by law for the purpose of investigation
6. Consignment of personal information handling
To improve the Service, the Company consigns personal information as follows, and the Company prescribes the matters necessary to safely manager personal information in accordance with relevant laws and regulations when signing consignment contracts. The Company's consigned personal information handling agencies and their consigned tasks are as follows:
7. Holding and usage period of personal information
In principle, the Company only stores users' personal information until membership withdrawal. However, to prepare for unwanted membership withdrawals, etc., due to theft of personal information, etc., the Company retains the personal information for 30 days after the membership withdrawal request. In addition, the following information is retained for specified periods after membership withdrawal for the following reasons:
A. Reasons for retaining information according to the Company's internal policy
-
Separately held information: VIBRARY Service usage record
-
Reason and period of retainment: Retained for 30 days to respond to member complaints, etc.
-
Extinctive prescription period for civil and criminal litigation such as lawsuits: Standard 1 year for legal issues, but 10 years for extinctive prescription of complaints if issues occur during that period
B. Reasons for retaining information according to relevant laws and regulations
If retainment is necessary in accordance with the Commercial Act, the Act on Consumer Protection in Electronic Commerce, Etc., and other relevant laws and regulations, the Company stores the membership information for the period designated by the relevant laws and regulations. In this case, the Company only uses the stored information for the purpose of its storage, and retention periods are as follows:
C. All personal information handlers must comply with the following items, and if an information subject requests access, correction, or deletion, it must be processed within 10 days.
8. Destruction procedure and methods for personal information
In principle, users' personal information is destroyed without delay when the purpose of the personal information's collection and usage is achieved. However, the Company destroys or separately stores the personal information of members who do not use the Service for 1 year according to the "valid period of the personal information."
The Company's destruction procedure and methods for personal information are as follows:
A. Destruction procedure
Information entered by users for the purpose of membership signup, etc., is transferred into a separate database (separate filing cabinet for papers), and when its holding period passes and its handling purpose is achieved, it must be destroyed within 5 days in accordance with the reasons for information protection according to the internal policy and other relevant laws and regulations. The personal information is not used for any purpose other than retention unless required by law.
B. Destruction methods
Personal information printed on paper is destroyed in a shredder or incinerator.
Personal information saved in electronic files is deleted using a technical method that cannot restore the records.
C. The information of users that has not logged in for 1 year since the last login date must be destroyed at the 1 year mark, and if storage is legally required, the information must be stored separately from the currently operating user information.
D. When an administrator account is deleted, the "deleted account's ID, name, email, and delete date" must be stored separately for 3 years.
9. Matters related to the installation/operation and denial of automatic personal information collection tools
A. What are cookies?
In order to provide a personalized and customized form of the Service, the Company uses "cookies" to store and often load users' information. Cookies are very small text files sent from the servers that operate the website to the users' web browsers, and they are saved in the computer's hard drive.
B. Purpose of using cookies
Cookies are used to provide the most optimal customized information to users by analyzing each service of the Company, usage patterns, etc., used by the users.
C. Installation/operation and denial of cookies
Users have the right to choose whether or not to install cookies. Therefore, by selecting the options on the web browser, users can allow all cookies, ask permission every time cookies are saved, or deny the saving of all cookies.
However, if the saving of cookies are denied, it may be difficult to use parts of the Service of the Company that require logging in.
How to choose whether or not to install cookies
① Internet Explorer web browser: [Tools] > [Internet Options] > [Privacy] tab > [Tools] > Change
② Chrome web browser: Top-right menu > [Settings] > [Privacy and security] > [Site settings] > [Cookies and site data] > Set
D. Setting/operating cookies in the mobile service
In order to provide a similar internet environment on the mobile service as that of the PC environment, the Company may also use "cookies" in mobile devices (e.g. smartphones, tablet PCs). However, the Company does not arbitrarily collect personal information, including third party cookies, without the users' explicit consent.
Users can also choose whether or not to allow cookies in the web browser settings on mobile devices. There may be slight differences depending on the operating system of the mobile device and web browser type, but in most cases, users can decide whether or not to allow cookies or delete all existing cookies through the general settings of the mobile web browser. However, if the saving of cookies is denied, users may have difficulty using parts of the Service that require logging in.
① Chrome web browser: Top-right menu > [Settings] > [Advanced] > [Site settings] > [Cookies] > Set
② Safari web browser: [Settings] > [Safari] > [Block All Cookies] > Set
10. Technical/administrative protection measures for personal information
In the handling of users' personal information, the Company is taking the following technical/administrative measures to prevent the loss, theft, leak, alteration, or damage of personal information and ensure its safety.
A. Personal information encryption
The Company is encrypting personal information with passwords, etc., as required by relevant laws and regulations, and is protecting the users' personal information by taking separate measures such as encrypting important data files and transported data. Also, members' passwords are stored and managed under encryption, and personal information confirmations and changes are also only possible by individuals that know their passwords.
B. Countermeasures against hacks, etc.
The Company is committed to preventing the leakage or damage of members' personal information through hacks, computer viruses, etc. Personal information data is backed up frequently in case of damage to personal information, the latest anti-virus programs are used to prevent the leakage or damage of users' personal information, and encrypted communication, etc., is used to safely transmit personal information over the network. In addition, an intrusion prevention system is used to block unauthorized access from the outside, and the Company is making utmost efforts to equip all possible technical systems to ensure all other aspects of systematic security.
C. Minimization and training of handling staff
The Company's personal information-related handling staff is limited to the personnel in charge, and they are given separate passwords that are regularly updated. The handling staff's compliance with the Privacy Policy is constantly emphasized through frequent training.
D. Operation of the personal information protection committee
Through an internal personal information protection committee, etc., that checks the fulfillment of the Company's Privacy Policy and compliance by personnel in charge, the Company is making utmost efforts to immediately fix and correct issues when they are discovered. However, the Company is not responsible whatsoever for any issues caused by the leakage of IDs, passwords, or other personal information on the internet due to the users' negligence.
11. Contact information of the personal information protection officers
The Company has designated personal information protection officers in charge of collecting comments and handling complaints regarding personal information. You can report all personal information-related complaints that occur while using the Company's Service to the personal information protection officers or the department in charge. The Company will respond quickly and sufficiently to your reports.
Chief Privacy Officer (CPO)
Name: Geunyong Kim
Affiliation and position: Development Team Leader
Staff in charge of customers' personal information management
Name: Jungki Min
Affiliation and position: Operations Team Leader
Phone: 070-8234-8232
Email: contact@myvibrary.com
Consigned staff in charge of personal information management
Name: Jisoo Ahn
Affiliation and position: RSAD Co., Ltd., Operations and Maintenance Officer
Phone: 02-2135-4890
Email: js.ahn@rsad.co.kr
To report or consult on other personal information violations, please contact the following authorities:
- Personal Information Infringement Report Center (http://privacy.kisa.or.kr, 118 without area code)
- Supreme Prosecutors' Office Cybercrime Investigation Division (http://www.spo.go.kr, 1301 without area code)
- National Police Agency Cybercrime Investigation Division (https://www.police.go.krwww/security/cyber.jsp, 182 without area code)
12. Other
The "VIBRARY Privacy Policy" does not apply to the collection of personal information of websites linked to the Service provided by the Company.
13. Duty of disclosure
The use of collected personal information must be notified to users at least once a year.
Content of notifications
- Purpose of the collection/use of personal information, and items of personal information collected
- Parties provided with personal information, purpose of the provision, and items of personal information provided
- Parties consigned with personal information handling, and details on the consigned tasks
For any additions, deletions, or modifications to the current Privacy Policy, you will be notified through "Official Announcement" posts on the website at least 7 days before the revision. However, if there are important changes that affect the users' rights, such as the collection and use of personal information or provision to third parties, you will be notified at least 30 days in advance.
Announcement date: September 5, 2021
Effective date: October 5, 2021