Article 1 (General Provisions)
DIDI CO., LTD. (hereinafter “Company”) values the personal information of "OTAHub"(hereinafter “Service”) users and makes every effort to effectively manage and secure the personal information of the user. The company complies with various laws and regulations related to the [Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.] and privacy laws of the Republic of Korea. We also do our best to protect the rights and interests of users by establishing a Personal Information Handling Policy. This Policy is open to the public so that users can easily access the policy at any time.
Article 2 (Collection of Personal Information and Purpose of Collection)
1. The company collects minimum personal information within the scope required for subscription, service provision, and inquiries.
2. Information on legal representatives may be collected for those under the age of 14.>
3. Personal information items collected by the company and the purpose of collection/use are as follows.
[Personal Information Items]
1) username(ID), country, language, email address, Password
2) Birthday
3) Records of purchase history and withdrawal
4) User token (Token)
5) Service use information, such as user records (date/location), access log, contents used, IP info, device info, cookie, and records of illegal use
[Purpose of Collection/Use]
1) Service subscription/change/withdrawal processing and user identification, contact for contract execution, service usage related processing, and age of service availability
2) Providing customized services and utilize marketing
3) Providing notification service
4) Analysis of demographic analysis (age/gender/region, etc.) and usage patterns/preference for service improvement
4. The company can collect and use users' personal information without their consent only in the following cases.
1) If it is clearly difficult to obtain ordinary consent for economic or technical reasons as personal information necessary to fulfill a contract with a user
2) If there is a special provision in the relevant statutes
5. The user's permission to access does not mean that all information related to permitted rights is collected(transmitted) from the device information immediately, it is collected after notification and approval that the user accesses the device information within the scope of the user's consent to collect/use personal information.
Article 3 (Collection Method of Personal Information)
1. The company shall collect personal information in the following ways.
1) Personal information through membership
2) Method through generation information collection tool when using the service
Article 4 (Retention and Usage Period of Personal information)
1. Except for personal information that the company has a duty to keep in accordance with the relevant statutes (Act on the Consumer Protection in Electronic Commerce, etc., Protection of Communications Secrets Act, and Framework Act on National Taxes), the company destroys the personal information when the purpose of use is achieved.
2. The company shall hold the user's personal information to the user only during the period of service provision or dispute settlement.
1) Service subscription period (subscription date - withdrawal date)
2) If a complaint/dispute related to the use of the service continues, hold it until the resolution of the complaint /dispute (Provided, if there is a special provision in the relevant statutes, keep it in accordance with the relevant statutes)
Article 5 (Right of Users and Legal Representatives)
1. Users (legal representative if under 14 years of age) can inquire or modify personal information provided at any time through functions within the service or withdraw consent to personal information provision through withdrawal from the service. The Chief Privacy Officer may also be requested to take specific action through the Customer Center.
2. The company processes personal information withdrawal or deleted at the request of the user or the legal representative as specified in Article 4 “Retention and Usage Period of Personal information" and takes measures not to be viewed or used for any other purposes.
Article 6 (Personal Information Protection for Children) If a child under 14 years of age (hereinafter “child”) wishes to subscribe to the service, the company shall confirm the consent of the legal representative to protect the child's personal information and immediately restrict the use of the service when it finds the use of services by children under 14 years of age who have not been consented by the legal representative.
Article 7 (Youth Protection Policy)
The company establishes and implements youth protection policies so that teenagers can grow into healthy personalities. The company prevents teenagers from accessing harmful information, and informs you through this Youth Protection Policy of what measures the company is taking to protect young people.
1. Restrictions on juvenile access to and management measures for hazardous information The company manages to prevent teenagers from exposing harmful information without any restrictions and implements quick management measures to prevent exposure and distribution of harmful information to teenagers.
2. Education for the officer for youth protection against harmful information
The company conducts education on information and communication workers on the laws and regulations related to youth protection, sanctions standards, how to deal with the discovery of harmful information, and procedures for reporting violations.
3. Damage counseling and handling of grievances due to harmful information
The company assigns specialists for counseling damages and handling grievances caused by harmful information about teenagers to prevent the spread of such damages. The user may request damage counseling and grievance handling by mail referring to "2. Youth Protection Manager" specified in Article 9.
Article 8 (Technical and Administrative Protection of Personal Information)
The company has prepared the following technical and administrative measures to ensure safety so that the user's personal information is not lost, stolen, leaked, forged, altered or damaged. [Technical Protection Measures]
1. Management of access authority for personal information processing systems, etc., installation of access control systems, encryption of unique information, etc., and installation of security programs
[Administrative Protection Measures]
1. The company has prepared an internal management plan for safe handling of users' personal information and trains its employees to understand and comply with the plan.
2. The company limits people who can handle users' personal information to a minimum and manages access rights. The persons who can handle the user's personal information are as follows.
1) Person in charge of personal information management and personal information protection such as Personal Information Protection Manager and Personal Information Protection Officer
2) Persons who have no choice but to process personal information for business affairs
3. The company shall not be responsible for incidents due to personal mistakes or the basic risks due to the Internet. In order to protect users' personal information, they should thoroughly manage and take responsibility for their ID and password.
Article 9 (Personal Information and Youth Protection Officer)
The company designates the Personal Information Protection Manager as follows for the overall responsibility for personal information processing, complaint handling, and damage relief of information subjects in relation to personal information processing.
1. Chief Privacy Department and Contact
1) Personal Information Protection Manager Department/Position: Head of New Business Division Email: cddchingudeul@gmail.com
2) Personal Information Protection Officer Department/Position: Service Development Team Leader Email: cddchingudeul@gmail.com
2. Youth Protection Manager 1) Personal Information Protection Manager Email: cddchingudeul@gmail.com
3. If you need to report or consult about other personal information violations, please contact the following agencies.
1) Personal Information Infringement Report Center: http://privacy.kisa.or.kr / 118
2) Supreme Prosecutors’ Office Cyber Investigation: http://www.spo.go.kr / 02-3480-3571
3) National Police Agency Cyber Bureau: http://www.netan.go.kr / 1566-0112
Article 10 (Notice of Privacy Policy)
The company's Personal Information Handling Policy may be amended by a change in the relevant statutes and internal operational policies. When the Personal Information Handling Policy is revised, the revised information shall be posted in the service by granting an effective date, etc. and notified through announcements.
Date of Notice : 12 April 2021
Date Implemented : 12 April 2021