Privacy Policy
■ Purpose of Processing Personal Information
StepHow Inc. processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use changes, we will seek prior consent.
① Website Membership Registration and Management
- Processing personal information for purposes such as confirming the intention to register as a member, providing membership services, verifying identity for membership services, maintaining and managing membership qualifications, implementing limited identity verification, preventing misuse of services, providing various notifications, handling complaints, and preserving records for dispute resolution.
② Provision of Goods or Services
- Processing personal information for purposes such as providing services, sending invoices, providing content, offering customized services, verifying identity and age, and processing payments and settlements.
③ Marketing and Advertising
- Processing personal information for purposes such as developing new services (products), offering customized services, providing information on events and advertisements, offering participation opportunities, checking service effectiveness, and compiling statistics on service usage.
■ Processing and Retention Period of Personal Information
① StepHow Inc. processes and retains personal information within the personal information retention and usage period agreed upon by the information subject or as required by law.
② Each personal information processing and retention period is as follows:
Personal Information File Name | Purpose of Operation | Basis of Operation (Collection Basis) | Collected Items | Retention Period |
Member Information | Using StepHow Service | Consent of the Information Subject | (Required) Email, Password, Name (Optional) Profile Photo, Department, Position, Date of Birth | Until Membership Withdrawal |
Payment Information | During Payment | Consent of the Information Subject | (Required) Name, Email, Contact Information of the Payment Officer (Required for Credit Card Payment) Card Number, Expiration Date, Date of Birth | Until Membership Withdrawal *For credit card information, it is deleted immediately after payment is completed. |
■ Provision of Personal Information to Third Parties
① StepHow Inc. provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the information subject or special provisions of the law.
② StepHow Inc. does not provide personal information to third parties beyond the scope specified for processing purposes. However, it may provide information in the following cases:
a. With separate consent from the information subject.
b. If there are special provisions in other laws.
c. If it is necessary to protect the urgent life, body, or property interests of the information subject or a third party when the information subject cannot express their intention or cannot obtain prior consent due to an unknown address, etc.
d. For statistical or research purposes, provided in a form that cannot identify an individual.
e. If it is necessary to perform duties prescribed by other laws, and the Personal Information Protection Commission has deliberated and resolved the issue.
f. To comply with international treaties or agreements, provide to foreign governments or international organizations.
g. For investigations, prosecutions, and maintenance of legal proceedings.
h. For court duties.
i. For the execution of sentences and protective measures.
■ Consignment of Personal Information Processing
① StepHow Inc. consigns personal information processing tasks for smooth operation as follows:
Consignee | Content of Consigned Tasks | Consignment Period |
AWS | Operation of Information Systems | Until Membership Withdrawal or End of Consigned Task |
Toss Payments | Domestic Purchases and Payment Processing | |
ChannelTalk | Customer Support and Sales, Marketing | |
Google | Login Services | |
Stibee | Email Dispatch |
② StepHow Service, when concluding a consignment contract, specifies in documents such as the contract the prohibition of processing personal information beyond the consignment purpose, technical and managerial protection measures, restrictions on re-consignment, management and supervision of the consignee, and liability for damages, in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the consignee handles personal information safely.
③ StepHow does not provide personal information to foreign entities but consigns tasks such as information system operation, payment processing, and customer support. We manage and supervise the consigned tasks to ensure they are handled safely.
④ If the content or consignee of the consigned tasks changes, we will disclose it without delay through this Privacy Policy.
■ Consignment of Overseas Personal Information Processing
Recipient of Transfer | Country of Transfer | Time and Method of Transfer | Transferred Items | Purpose of Use and Processing Period |
Amazon Web Services, Inc. Contact: aws-korea-privacy@amazon.com | Japan (Tokyo region) | Transmitted via Network at Time of Membership Registration | Personal Information Collected During Service Use | For Providing StepHow Services, Until Membership Withdrawal or End of Consigned Task |
Users can refuse the overseas transfer of their personal information through the company's personal information protection officer and department. If the user refuses the overseas transfer, the company will exclude the user's personal information from the overseas transfer. However, this may limit the use of services where the overseas transfer of personal information is essential.
■ Rights and Obligations of Information Subjects and Methods of Exercise
As a personal information subject, users can exercise the following rights:
① Information subjects can request to view, correct, delete, or stop processing their personal information at any time.
② The exercise of rights under Paragraph 1 can be done in writing, by email, or fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and StepHow will take action without delay.
③ Rights can be exercised through an agent, such as a legal representative of the information subject or a person who has been delegated. In this case, a power of attorney in the form prescribed in Annex 11 of the Enforcement Regulations of the Personal Information Protection Act must be submitted.
④ Requests for viewing and suspension of processing may be restricted under Articles 35, Paragraph 5 and 37, Paragraph 2 of the Personal Information Protection Act.
⑤ Requests for correction and deletion of personal information cannot be requested if other laws specify that the personal information must be collected.
⑥ StepHow verifies whether the person making the request is the information subject or a legitimate agent when requesting to view, correct, delete, or stop processing personal information.
■ Destruction of Personal Information
StepHow Service, in principle, destroys personal information without delay when the purpose of processing is achieved. The procedures, deadlines, and methods of destruction are as follows:
① Destruction Procedure
- Information entered by the user is transferred to a separate DB (or separate document for paper) after the purpose is achieved and stored for a certain period according to internal policies and other related laws before being destroyed. Personal information transferred to the DB is not used for other purposes unless required by law.
② Destruction Deadline
- The personal information of users is destroyed within 5 days from the end date of the retention period, if the retention period has expired. If the personal information is no longer needed due to the achievement of the processing purpose, discontinuation of the service, or termination of the business, it is destroyed within 5 days from the date it is recognized as unnecessary.
③ Destruction Method
가. Information in electronic file format is destroyed using technical methods that prevent the recovery of records.
나. Personal information printed on paper is shredded or incinerated.
■ Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
① StepHow uses 'cookies' to store and retrieve usage information to provide personalized services.
② Cookies are small amounts of information sent by the server used to operate the website to the user's computer browser and are sometimes stored on the user's PC hard drive.
a. Purpose of Using Cookies: StepHow uses cookies to collect information for purposes other than those specified for personal information collection and use.
b. Installation, Operation, and Rejection of Cookies: Users can refuse to store cookies through the option settings in the privacy menu of the web browser's tools menu.
c. Refusal to store cookies may cause difficulties in using customized services.
③ StepHow automatically collects device type, operating system version, and unique device identifier when users use StepHow services. Additionally, credit card information, telecommunications carrier information, discount code or gift card number, or other information necessary for payment may be collected during the use of paid services.
■ Designation of Personal Information Protection Officer
① StepHow designates a personal information protection officer to take responsibility for overall personal information processing, handle complaints and remedy damages, as follows:
a. Personal Information Protection Officer
- Name: Seongwook Hwang
- Position: CEO
- Contact: ceo@stephow.me
※ Connected to the personal information protection department.
b. Personal Information Protection Department
- Department: CTO
- Person in Charge: Jee-hyung Cha
- Contact: cto@stephow.me
② All users of StepHow services can contact the personal information protection officer and department for all inquiries, complaints, and remedies related to personal information protection while using StepHow services.
③ StepHow will respond to and handle inquiries from information subjects without delay.
■ Changes to the Privacy Policy
① This Privacy Policy applies from the effective date, and if there are additions, deletions, or corrections to changes in laws and policies, we will notify you through announcements at least 7 days before the changes take effect.
■ Measures to Ensure the Safety of Personal Information
StepHow Service takes the following technical, managerial, and physical measures to ensure safety as required by Article 29 of the Personal Information Protection Act.
① Regular Self-Audits
- Regular (quarterly) self-audits are conducted to ensure the safety of personal information handling.
② Minimization and Training of Personal Information Handling Staff
- Employees handling personal information are designated and limited to those in charge, and measures are implemented to manage personal information by minimizing the number of employees.
③ Establishment and Implementation of Internal Management Plans
- Internal management plans are established and implemented for the safe processing of personal information.
④ Technical Measures Against Hacking
- Security programs are installed, periodically updated and checked, and systems are installed in controlled areas to monitor and block external access.
⑤ Encryption of Personal Information
- Users' personal information, such as passwords, is encrypted and stored, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions.
⑥ Storage and Prevention of Forgery of Access Records
- Access records to the personal information processing system are kept and managed for at least two years, and security functions are used to prevent forgery, theft, or loss of access records.
⑦ Restriction of Access to Personal Information
- Necessary measures are taken to control access to personal information by granting, changing, and deleting access rights to the database system, and unauthorized external access is controlled using an intrusion prevention system.
⑧ Use of Locks for Document Security
- Documents and auxiliary storage media containing personal information are stored in a safe place with locks.
⑨ Access Control for Unauthorized Persons
- Separate physical storage places for personal information are established and access control procedures are implemented and operated.
■ Remedies for Infringement of Rights
The following institutions are separate from StepHow and if you are not satisfied with StepHow's own personal information complaint handling and damage relief results, or if you need more detailed help, please contact them.
a. Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Scope of Work: Report and apply for consultation on personal information infringement.
- Website: privacy.kisa.or.kr
- Phone: (No area code) 118
- Address: Personal Information Infringement Report Center, 9 Jinheung-gil (301-2 Bitgaram-dong), Naju-si, Jeollanam-do 58324, South Korea
b. Personal Information Dispute Mediation Committee
- Scope of Work: Apply for personal information disputes, mediation of collective disputes (civil resolution).
- Website: www.kopico.go.kr
- Phone: (No area code) 1833-6972
- Address: 4th floor, Government Complex-Seoul, 209 Sejong-daero, Jongno-gu, Seoul 03171, South Korea
c. Supreme Prosecutors' Office Cyber Investigation Division: 02-3280-3573 (www.spo.go.kr)
d. d. National Police Agency Cyber Safety Bureau: (No area code) 182 (http://cyberbureau.police.go.kr)