Privacy Policy
IMA (hereinafter referred to as the "Company") places great importance on the protection of personal information of members using the IMA service (hereinafter referred to as the "Service"). The Company complies with the personal information protection regulations in the relevant laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
The Company outlines its privacy policy as follows to inform members how their personal information provided to the Company is used and what measures are taken to protect their personal information.
The Company’s privacy policy for the Service may change in accordance with amendments to government laws and guidelines or changes to the Company's terms and internal policies. If the privacy policy is revised, the Company will immediately post the changes on the service screen. Members are advised to frequently check for any updates when visiting the site.
1. The Company collects, uses, provides, and disposes of personal information based on the type of service used as follows:
① To provide member-based services, the Company collects, uses, and disposes of personal information as outlined below.
| Collection Method | Collected Items | Purpose of Collection and Use | Retention and Usage Period |
|---|---|---|---|
| Member Registration (Mandatory) | Nickname, Email Address | User identification for service use and consultation | To prevent members from repeatedly deregistering and re-registering to gain economic benefits from discount coupons and event perks provided by the Company, or to prevent unauthorized use of personal information for fraudulent or illegal activities, the information is retained for one month after deregistration. |
| Member Registration (Optional | Google KakaoTalk User ID | For easy registration using SNS accounts like Google, KakaoTalk | |
| Profile Picture, Date of Birth, Gender, User Homepage Address | For marketing purposes such as personalized content and product recommendations | ||
| Mobile Phone Verification | Mobile Phone Number | For identity verification |
② During the course of using the service, IP addresses, cookies, service usage records, device information, and location information may be generated and collected. Specifically, this refers to: 1) information regarding the user that is automatically generated and stored (collected) by the information and communication service provider during the service usage process, or 2) information collected after securely transforming the unique information of the user's device to prevent the original values from being identified.
③ The Company promptly and safely disposes of the user’s personal information once the purpose of collection is achieved. Personal information printed on paper is shredded or incinerated, while personal information stored in electronic file formats is deleted using technical methods that prevent record recovery or reproduction. However, information that must be retained according to other laws or the Company's internal policies is safely stored in a separate database for the period specified by law before being destroyed. Personal information stored separately for such reasons will not be used for any other purpose unless required by law.
| Law/Internal Policy | Collected Items | Purpose of Collection and Use | Retention and Usage Period* |
|---|---|---|---|
| Protection of Communications Secrets Act | Provided upon request from investigative agencies with a court warrant | Log records, IP, etc. | 3 months |
| Date and time of telecommunications, location tracking data of originating base station, etc. | 12 months | ||
| Company Internal Policy | ID, Name, Connection Information (CI) | To prevent fraudulent or unlawful activities such as repeatedly canceling and re-registering to unfairly obtain economic benefits from discount coupons and event perks provided by the Company, or to prevent identity theft and other illegal activities | 6 months |
④ If a user does not use the service for more than 1 year, their account will be converted to a dormant account in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection.
- 30 days before the conversion to a dormant account, an email will be sent to the registered email address informing about the scheduled date of conversion. If the user does not wish to convert to a dormant account, they can simply log in after checking the notification email to continue using the service.
- Information of users whose accounts have been converted to dormant accounts is stored separately in a separate database to be safely managed. Even after conversion to a dormant account, users can easily restore their account to normal status by following a simple reactivation procedure after logging
⑤ The company does not collect personal information of children under 14 by limiting membership registration to those aged 14 and older, thereby protecting the personal information of children. However, personal information of users under 14 can be collected and used with the consent of their legal guardian.
2. The company may provide links to websites or materials of other companies for users.
In cases where the company provides links to websites or materials of other companies to users, the company has no control over external websites or materials, and therefore cannot be responsible for or guarantee the usefulness of services or materials provided from them.
When clicking on links included by the company to visit pages of other sites, please review the privacy policy of the newly visited site as it is unrelated to the company.
3. Rights of Users and Legal Guardians
① Users and legal guardians have the following rights regarding collected information: modification, withdrawal of consent, deletion, etc. However, partial or complete restriction of service usage may occur upon withdrawal of consent/deletion.
② (Inquiry/Modification and Correction) Users can use the member information modification menu on the homepage or utilize 1:1 consultations for processing. We will not use or provide the information until the process is complete. Furthermore, in cases where incorrect personal information has been provided to a third party for reasonable reasons, we will promptly notify the third party of the correction.
③ (Consent Withdrawal/Deletion) Users can request withdrawal of consent and deletion of collected information through 1:1 consultations. However, partial or complete restriction of service usage may occur upon withdrawal/deletion of collected information, and withdrawal of consent may be difficult for information collected under other laws.
④ ((Membership Withdrawal) Users can conveniently proceed with withdrawal directly through the 'My Home > Settings > Member Information Modification > Membership Withdrawal' menu on the homepage or through 1:1 consultations.
⑤ Service Reuse) Users can check if they are non-users through 'Find ID' and can reuse their account only after changing their password.
⑥ (Consultation/Inquiry) Information about recording, etc., during consumer consultations/inquiries through the customer center can be confirmed through pre-consultation announcements.
4. Rights of Users and Legal Guardians
The company operates cookies, etc., to constantly store and retrieve user information. Cookies are very small text files sent by websites to users' computer browsers and stored on users' computer hard drives.
① Purpose of Using Cookies
- Cookies are used to provide personalized services such as target marketing, tracking user behavior, analyzing the frequency and time of visits by members and non-members, understanding usage patterns and interests, tracking traces, and determining event participation levels and visit counts.
② Installation, Operation, and Refusal of Cookies
- Users have the option to refuse or delete cookie installation at any time.
- Cookie settings vary by web browser, such as allowing all cookies, confirming each time a cookie is saved, or refusing to save all cookies.
- The method of setting cookies may vary depending on the web browser, so please refer to the help menu for each browser.
- However, refusing to save cookies may cause difficulty in using certain services that require login.
5. The company endeavors to establish technical and managerial protective measures for the security of users' personal information to prevent loss, theft, leakage, alteration, or damage.
회사는 이용자들의 개인정보를 처리함에 있어 개인정보가 분실, 도난, 유출, 변조 또는 훼손되지 않도록 안전성 확보를 위하여 다음과 같은 기술적/관리적 보호대책을 강구하고 있습니다.
① Encryption of Passwords
- Users' passwords are stored and managed through one-way encryption, and verification and modification of personal information are only possible by the user who knows the password.
② Measures Against Hacking and Other Threats
- The company operates intrusion detection and prevention systems 24/7 to prevent loss, theft, leakage, alteration, or damage to users' personal information due to hacking or intrusion into the company's information and communication network by viruses or other means. Moreover, all intrusion detection and prevention systems are configured with redundancy to prepare for any unforeseen circumstances.
- Important data is regularly backed up to prepare for damage to personal information. Efforts are made to prevent the leakage of personal information or important data using antivirus programs.
- Sensitive personal information is transmitted securely through encrypted communication during the process of exchange over the information and communication network.
- Furthermore, continuous efforts are made to enhance security through the introduction of security systems and the reinforcement of specialized personnel.
③ Minimization of Personal Information Handlers and Regular Education
- The company minimizes the number of personnel handling personal information by limiting them to specific individuals. In cases of retirement or job changes, authorities are promptly changed or revoked to control access to personal information.
- Regular education sessions are conducted for personnel handling personal information to raise awareness of the importance of personal information protection and ensure secure management to the best of their abilities.
6. Designation of Personal Information Protection Manager
① To oversee tasks related to personal information processing and handle user complaints and damage relief related to personal information processing, the company has designated a personal information protection manager.
| Personal Information Protection Manager | Department Responsible for Handling Personal Information Complaints |
|---|---|
|
Name: Contact: Email: |
Department: Contact: Email: |
② You can inquire about any personal information protection-related matters, complaints, or remedies arising from your use of the services (or businesses) provided by the company to the Personal Information Protection Manager and the Customer Support Center. IMA will promptly respond to and address such inquiries.
③ If you need to report or consult on personal information breaches, please contact the following organizations:
▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency): 118 (no area code required) / privacy.kisa.or.kr
▶ Cyber Crime Investigation Department, Supreme Prosecutors' Office: 1301 (no area code required) / www.spo.go.kr
▶ Cyber Safety Bureau, Korean National Police Agency: 182 (no area code required) / www.cyber.go.krElectronic Commerce Dispute Mediation Committee (https://www.ecmc.or.kr / 1661-5714)
7. Policy on Changes to Privacy Policy:
This privacy policy is effective from the date of enforcement. In case of any additions, deletions, or modifications due to legal requirements or policy changes by the company, changes will be notified through announcements posted on the website at least 7 days prior to the implementation of such changes. Please refer to the website announcements for prompt notification of any changes related to relevant laws or company policies."