Payletter Inc. (Hereinafter referred to as the 'Company') respects the user's personal information and complies with related laws such as the "ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.", "PERSONAL INFORMATION PROTECTION ACT", “ELECTRONIC FINANCIAL TRANSACTION ACT” .
The Company will inform you about the purpose and method of using personal information provided by users through the Privacy Policy and what measures are being taken to protect personal information.
When the Company revises its Privacy Policy, you will be notified via the website.

1. Purpose of collecting and using personal information
2. Purpose of collecting and using personal information
3. Retention and use period of personal information
4. Destruction procedure and method of personal information
5. Provide personal information
6. Personal information processing consignment
7. Rights of users and legal representatives and how to exercise them
8. Measures to ensure the stability of personal information
9. Matters concerning the installation, operation, and rejection of the automatic personal information collection device
10. Information manager and complaint handling department
11. Duty of notice

1. Personal information items collected
The Company collects the following personal information to provide integrated electronic payment service, partnership inquiry, and payment statement inquiry service.

① Personal information collection items
 (1) Required items 
  A. Personal information 
   - Partnership inquiry : Name, e-mail address, company name, department, phone number, mobile number  
   - Service application: Name, e-mail address, company name, department, phone number, mobile number, date of birth   
   - Payment history inquiry: Card number, mobile phone number, phone number, Culture Land ID, Book & Life ID, Happy Money ID, Teen Cash ID, Cashbee mobile number, 
 T-Money card number, Cash receipt identification number
   - 1:1 inquiry: phone number, e-mail address 
   - Franchise manager: Name, phone number, e-mail address
  B. In addition to the above mentioned personal information items, the following additional information may be generated and collected automatically or manually in the process of using the "service" or handling the "service".
   - Payment ID, access IP address, e-mail address, service access date, service usage record, bad or abnormal usage record, payment record  C. Other
   - The Company may collect additional information on payment methods such as card company name, card number (partly), bank name, mobile phone carrier name, and gift voucher ID required for payment related to service use.
 (2) Optional items
  A. Information provided in the contract document or provided by the customer in addition to the required items
  B. Address, fax number

② Collection method
 - Website (payment, partnership inquiry, payment history inquiry), written form, fax, email

2. Purpose of collecting and using personal information
The Company uses the collected personal information for the following purposes.

① Identification of identity and real name for establishment, maintenance, and termination of service contract, management of franchise, dispatch of contract, etc.
② Identification, authentication, real name verification and various notices/notifications during the service provision process
③ Prevention of illegal use and unauthorized use
④ Confirmation of consent or withdrawal necessary for service provision and related business processes
⑤ Registration of store business information for each payment method for service provision
⑥ Sending the user's payment information, personal information storage history, etc. to the issuer of the payment method that has entered into a contract with the user regarding the payment method for service provision (transaction approval, etc.) and related business processing (complaints, check of personal information management status, etc.)

3. Retention and use period of personal information
In principle, the personal information of the user shall be destroyed without delay when the purpose of collecting and using the personal information is achieved. However, the information for the following items shall be retained for the period specified for the reasons below.
① Retention of information by internal company policy
 (1) Retention items: Website service consultation collection items (Name, e-mail address, phone number, department name, company name)
 (2) Reason for retention: Handling civil affairs such as service consultation and complaints
 (3) Retention period: 1 year after consultation
② Information retention in accordance with related laws
The Company keeps the information for a certain period of time according to the related laws such as Commercial Act, ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC., ELECTRONIC FINANCIAL TRANSACTION ACT when necessary.
In this case, the Company shall use the information only for the purpose of retention. The retention periods are as follows.
 (1) Records regarding contract or withdrawal of contract
  A. Retention period: 5 years 
  B. Basis for retention: ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC. 
 (2) Records of payment and supply of goods
  A. Retention period: 5 years 
  B. Basis for retention: ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC.
 (3) Records of consumer complaints or disputes
  A. Retention period: 3 years 
  B. Basis for retention: ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC.
 (4) Records on the collection/processing and use of credit information
  A. Retention period: 3 years
  B. Basis for retention: CREDIT INFORMATION USE AND PROTECTION ACT
 (5) Records regarding identity verification
  A. Retention period: 6 months 
  B. Basis for retention: ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.
 (6) Records of visits
  A. Retention period: 3 months
  B. Basis for retention: PROTECTION OF COMMUNICATIONS SECRETS ACT
 (7) Records on electronic financial transactions exceeding KRW 10,000 per case
  A. Retention period: 5 years
  B. Basis for retention: ELECTRONIC FINANCIAL TRANSACTION ACT
 (8) Records on electronic financial transactions less than KRW 10,000 per case 
  A. Retention period: 1 years
  B. Basis for retention: ELECTRONIC FINANCIAL TRANSACTION ACT
 (9) Record of cash receipt payment  
A. Retention period: 1 years
B. Basis for retention: RESTRICTION OF SPECIAL TAXATION ACT 

4. Destruction procedure and method of personal information
① Destruction procedure
 - After the purpose is achieved, the information entered by the user for service applications, service consultations, and inquiries shall be stored for a certain period of time (see retention and usage period), depending on the reasons for the protection of information according to internal policies and other relevant laws, and then destroyed.
② Destruction method
 (1) Personal information stored in the form of an electronic file shall be deleted using a technical method that cannot reproduce the record.
 (2) Personal information printed on paper shall be destroyed by shredding or incineration.

5. Provide personal information
The Company shall use personal information within the scope of “2. Purpose of collecting and using personal information“ and shall not use it beyond that scope without the prior consent of the user. In principle, they shall not provide the user's personal information to the outside. The following cases are exceptions.
 A. If the user agrees in advance (this means that the user voluntarily provides his/her personal information to a third party for use of a service, etc.)
  Even in the above cases, the Company shall notify the users in advance of ① recipients of personal information, ② purpose of use, ③ items of personal information provided, and ④ retention and use period of personal information in advance and obtain individual consent in an explicit manner.   
In all of these processes, the Company shall not collect additional information against the user's intention, or share information outside the scope of consent with third parties.
 B. In accordance with the provisions of the law or at the request of an investigative agency in accordance with the procedures and methods prescribed by the law.
Personal information provided to third parties for the company's services is as follows.
(1). Credit card
A. Credit card companies: Kookmin, BC, Lotte, Samsung, NH, Hyundai, Shinhan, Hana, Woori, Citi  
B. Banks: Shinhan, SC First Bank, Citi, Hana, Nonghyup, IBK, Kookmin, Savings, Suhyup, Sinhyup, Post Office, Saemaeul, Daegu, Busan, Gyeongnam, Gwangju, Jeonbuk, Choheung, Jeju
C. VAN companies : KSNET Co., Ltd., Kovan Co., Ltd.
D. Easy payment partners: 11st Co., Ltd., NHN Payco Co., Ltd, Kakaopay Co., Ltd., Shinsegae I&C, eBay Korea
E. Partner PG companies : Nice Payments Co., Ltd., KG Inicis Co., Ltd., LG U + Co., Ltd.
(2) Bank wiring (Virtual account)
A. Banks: IBK, KB Kookmin, National Federation of Fisheries Corperatives, National Agricultural Cooperative Federation, Unit Cooperative, Woori, SC First Bank, Citi Korea, Daegu, Busan, Gwangju, Jeju, Jeonbuk, Gyeongnam, Saemaeul, Sinhyup Central Association, Post Office, KEB Hana, Shinhan , Forestry Association, Development Bank
B. Securities: Yuanta, Hyundai, Mirae Asset, Korea Investment & Securities, NH Investment, Hi Investment, HMC Investment, SK, Daishin, Hana Financial Investment, Shinhan Investment, Dongbu, Eugene Investment, Meritz Securities, Shin Young, Samsung, Hanwha Investment, Mirae Asset Daewoo
C. Partner PG companies : Korea Financial Telecommunications and Clearings Institute, KG Inicis Co., Ltd., Coocon Co., Ltd., Viva Republica Co., Ltd.  
(3) Gift card: Korean Culture and Arts Foundation, TRN, Happy Money INC 
(4) Prepaid card: Shinyun International Korea (M Planet), Playtong Co., Ltd., Galaxia Communications Co., Ltd., Korea Prepaid Card Co., Ltd., T-monet, EB Card
(5) Mobile phones, telephone payments: Phone carriers (SKT, KT, LGU +, MVNO), Danal Co., Ltd., KG Mobilians, Galaxia Communications Co., Ltd.
(6) ARS credit card: Dasam Solution Co., Ltd.
(7) Identity verification: Phone carriers (SKT, KT, LGU+), NICE Information Service Co., Ltd, Korea Credit Bureau 
(8) Overseas card (including global services): VISA, MASTER, JCB, American Express, Unionpay, PayPal, Safecharge, MOL, Degica, ICB
(9) Cash receipt: National Tax Service, Nice Information & Telecommunication
(10) Identity verification authentication: KSnet Co., Ltd.

6. Personal information processing consignment
The Company shall notify users in advance in cases of entrusting the user's personal information to an external professional company for the performance of the service, or if the contents of the consignment service or the trustee change. In addition, through the business partnership agreement, the service provider's observance of personal information protection, confidentiality of personal information, prohibition of the provision to third parties, responsibility for accidents, and obligation to return or destroy personal information immediately after the end of the consignment period shall be clarified and the agreement shall be kept in writing or electronically to protect the user's rights.

① The personal information processing trustee of the Company and its duty are as follows.
- Trustee : SK M&Service Co., Ltd. 
- Consignment duty: Confirmation of transaction details, cancellation and refund, service consultation, operation and management of customer service recording server 
② The Company shall not entrust external companies for user information without their consent. However, if a user's inconvenience arises, such as mass change of phone numbers due to national policy, etc., the Company may entrust the collection of personal information to the mobile carrier for the convenience of the user.
Trustee: Mobile carrier 
- Consignment duty : Consignment of collection of personal information in case of user's inconvenience such as mass change of mobile phone number by national policy

7. Rights of users and legal representatives and how to exercise them
① Users can always request to view their personal information and correct errors, and the Company shall take the necessary measures without delay. In addition, if there is a request for error correction, the Company shall not use the information until the correction is made.
② In cases of contacting the customer service center by phone (1599-7591 / 1599-2583) or visitation, you can request to view and change information after identity confirmation.
③ In the case of children under 14 years old, legal representatives have the right to inquire or revise the personal information of children, and to withdraw their consent for collection and use.

8. Measures to ensure the stability of personal information
The Company takes the following measures to ensure the stability of personal information.
① Management measures: Establish and execute internal management plan, regular employee training, etc.
② Technical measures: Access management of personal information processing system, access control system installation, encryption of unique identification information, security program installation
③ Physical measures: Access control of computer room, data storage room, etc.

9. Matters concerning the installation, operation, and rejection of the automatic personal information collection device
The Company does not install and operate 'cookies' that store and find user information.

10. Information manager and complaint handling department
The Company has a personal information manager and a personal information personnel in order to protect the user's personal information and handle complaints related to personal information.

 Personalinformation protection manager 

   Personalinformation manager

 Complainthandling department

 Name: Lee Sung Woo, Vice President

 Division: Billing Division

 Phone: 02-6191-3796

 Email: POQ_Bizop@payletter.com

 Name: Na Hwan Bok,Assistant Manager  

 Division: Future Business Team

 Phone: 02-6191-3773

 Email: hbna@payletter.com

 Department: Future Business Team

 Phone: 02-6191-3727

 Email: InfoProtectMGMT@payletter.com  

If you need to report or consult about other personal information infringement, please contact the following organizations.
① National Police Agency Cyber Bureau (http://cyberbureau.police.go.kr) / (without area code)182 
② Supreme Prosecutors' Office Cyber Investigation Division (http://www.spo.go.kr) / (without area code) 1301 
③ Personal Information Infringement Report Center (http://privacy.kisa.or.kr) / (without area code) 118 
④ Personal Information Dispute Mediation Committee (http://www.kopico.go.kr) / 1833-6972

11. Duty of notice
If there are any additions, deletions, or modifications to the current Privacy Policy, notice will be made through the 'Notice' area on the website at least 7 days before the revision. This Privacy Policy is effective from May 01, 2019.

Privacy Policy Change Notice Date: April 24, 2019
Privacy Policy Effective Date: May 01, 2019