chapter 1 general provisions
article 1 (basic principle)
chapter 2 items of personal information collected and methods of collection
article 2 (items collected)
o2o collects the following items of personal information from members at the time of application for membership and/or during execution of the user identification (kyc), partnership application process, in order to register and manage membership, to provide various services and for marketing.
- email address, password
- email address, name, nationality, country of residence, birthdate, sex, self-photograph, photo id card (such as resident registration card, driver’s license card, passport without the relevant card number such as resident registration number, driver’s license number, passport number), and eth wallet address for receipt of o2o coin.
- if the partnership applicant is an institution: name of institution, name of relevant personnel filing the application, email address, and job title.
- if the partnership applicant is a natural person: name, email address, country of practice, occupation, specialty, and medical license number.
article 3 (additional information collected during member’s use of services)
when members use the services, information such as (i) ip address, (ii) cookie, (iii) the type and language of browser, and (iv) usage log may be collected by o2o.
article 4 (prohibited collection of sensitive personal information)
o2o does not collect sensitive personal information(such as race, ideology, creed, political orientation, or criminal record) that may infringe on the basic human rights of the member.
article 5 (how to collect personal information)
o2o collects member’s personal information in the following way:
a. collection through voluntary disclosure by members during service subscription or use or during the user identification process or the partnership application process.
b. automatic collection through the use of o2o’s service programs
chapter 3 purpose of collection and use of personal information
article 6 (purpose of collection and use of personal information)
o2o collects and uses members’ personal information for the following purposes: a. member registration and management: conﬁrmation of member registration, identiﬁcation and authentication of members by providing membership services, maintenance and management of membership status, prevention of unauthorized use of service, various notices and notices.
b. providing services: providing contents, providing services
c. marketing and advertising: developing new services and providing customized services, providing event and advertisement information, participation opportunities, providing customized advertisement information.
d. improvement of services: checking validity of service, grasping access frequency or statistics about service utilization of members.
e. user identiﬁcation (kyc) process: veriﬁcation of name of person wishing to purchase o2o coin, veriﬁcation of identity of person executing transaction with o2o coin.
f. partnership application process: veriﬁcation of identity and basic information of the partnership applicant(if the partnership applicant is an institution, the relevant personnel of the institution ﬁling the application).
chapter 4 sharing and providing personal information
article 7 (basic principles of sharing and providing personal information)
o2o shall use the personal information of members within the range notiﬁed in article 6 and shall not use the personal information of members outside of such range or disclose the personal information of members to third parties without the prior consent of the member.
however, the following cases shall be excluded:
a. the member agrees in advance.
b. personal information is processed and provided in a way that makes it impossible to identify a speciﬁc individual for statistical purposes.
c. there is a request from an investigating agency for the purpose of an investigation in accordance with procedures and methods prescribed in the law.
chapter 5 entrustment of handling personal information
article 8 (entrustment of handling personal information)
in principle, o2o entrusts the handling of personal information of members to third parties as follows:
information regarding transfer of personal information overseas.
a. items of personal information to be transferred: certain items designated by o2o
among the items collected by o2o.
b. company of transfer: sigmachain, cloud partner of sigmachain.
c. timing and method of transfer: transferred immediately by o2o upon collection.
d. purpose of use: for o2o to receive cloud server data storage services.
chapter 6 retention and use period of personal information
article 9. (basic principles of personal information retention and usage period)
in principle, personal information of members is destroyed without delay when the purpose of collecting and using personal information is achieved. upon a member’s termination of the membership with o2o, the purpose shall be considered as achieved on the date two weeks from the termination date unless the member rejoins the membership within the two weeks.
article 10. (retention of personal information under o2o’s internal policy)
notwithstanding article 9, in order to prevent disputes related to the services, o2o shall transfer information related to membership and management in a separate db(in the case of information recorded on paper to a separate document) in accordance with the internal policy of o2o and keep it for the following period, and use it only within the scope of its purpose.
a. if an investigation is underway for a violation of the relevant laws by a member: until the end of investigation.
b. if there is a debt relationship between o2o and the member: until the settlement of the relevant debt.
article 11. (retention of personal information by relevant laws and regulations)
notwithstanding article 9, o2o shall transfer information related to membership and management in a separate db(in the case of information recorded on paper to a separate document) in accordance with the relevant laws and regulations and keep it for the required period, and use it only within the scope of its purpose.
chapter 7 destruction of personal information
article 12. (procedures and methods of destroying personal information)
1. o2o will destroy the personal information within (i) 5 days from the date of termination of the personal information retention period under article 9 to article 11 or (ii) 5 days from the day when the processing of personal information is deemed unnecessary if the personal information becomes unnecessary (including completion of the processing of personal information, abolition of service, termination of business) in accordance with paragraph 3.
2. o2o shall identify personal information that has a reason to be destroyed, and destroy the personal information with the approval of the person in charge of personal information protection.
3. o2o will destroy personal information in the following ways:
a. personal information recorded and stored on paper: destruction by shredding or incinerating
b. personal information stored in electronic ﬁle format: destruction by using a technical method such as low-level format so that the record cannot be restored.
chapter 8 membership rights
article 13. (withdrawal of consent to the collection, use and disclosure of personal information)
1. a member may withdraw consent to the collection, use and disclosure of personal information through the membership process at any time.
2. withdrawal of the consent may result in restrictions on the use of the service.
article 14. (requests to view, verify, and correct personal information)
if a member requests to view, verify or correct personal information, o2o shall (i) not use or provide such personal information until the correction or deletion is completed, (ii) respond sincerely to the request of the member, (iii) take necessary measures without delay if it is deemed necessary to correct or delete the personal information(including if there is an error in the personal information or if the retention period of the personal information has elapsed).
when a member requests to view or verify through wire or written communication, o2o shall conﬁrm whether the request is true to the person's intention by requiring a copy of the requesting party’s id.
article 15. (restrictions on accessing and viewing personal information)
1. the personal information that has been canceled or deleted at the request of a member is processed as speciﬁed in articles 9 to 11, and is processed so that it can’t be viewed or used for any other purpose.
2. a member may view or modify registered personal information at any time and may request termination of membership.
article 16. (how to exercise rights)
members may exercise the rights of this chapter by means of written communication, mail to o2o.
article 17. (exercising the rights of agents)
members may exercise the rights of this chapter through their legal representatives or their authorized representatives. in this case, the member must submit the power of attorney in accordance with the personal information protection act.
chapter 9 matters on installation / operation and rejection of automatic collection device of personal information
a. maintain a member’s connection session.
b. service visit and usage behavior analysis.
c. security access
the installation of cookies is at the option of members. the installation of cookies will be executed pursuant to the browser settings set by members which may accept all cookies, request consent for installation each time a cookie is saved, or reject installation of all cookies. please note that if you refuse to install the cookies, you will face inconvenience in using the web- site and may have diﬃculty using some services that require login.
chapter 10 technological / administrative protection measures of personal information
article 19. (minimizing and educating processing staﬀ)
the personal information processing staﬀ of o2o is limited to the person in charge, and a separate password is assigned to it so that it is updated regularly. through regular training for the person in charge, o2o always emphasizes compliance with the personal information processing policy.
article 20. (establishment and enforcement of internal management plan)
o2o has established an internal management plan for the safe processing of personal information.
article 21. (encryption of personal information)
personal information of members is encrypted and stored and managed. only the user can know it, and important data is encrypted by encrypting the ﬁle and transmission data, or using the ﬁle security function.
article 22. (restrict access to personal information)
o2o takes necessary measures to control access to personal information through the granting, modiﬁcation and cancellation of access to the database system handling personal information and controls unauthorized access from outside by using an intrusion prevention system.
article 23. (personal information protection manager)
members may report any privacy complaints that may arise as a result of using o2o’s services to the following person. o2o will respond promptly and fully to members’ reports.
article 24. (personal information request)
chapter 11 miscellaneous
article 25. (notice of personal information processing policy and notiﬁcation method)
1. in case of addition, deletion or modiﬁcation of the current personal information processing policy, o2o will notify the reason and contents of the change through the notice section of the electronic bulletin board managed and operated by o2o at least 7 days before the amendment. however, if there is any signiﬁcant change in the membership rights in the collection and utilization of personal information, we will notify you at least 15 days in advance.
2. if o2o wishes to use the personal information of a member beyond the agreement of the member or obtain the additional consent of a member to entrust the handling to a third party, o2o shall individually notify the member in writing, by mail or telephone.