Hancom interfree Inc.(hereinafter “Company”, we, us or our) values protection of a user’s personal data and strives to strictly comply with applicable laws including “Act on Personal Information Protection” and “Promotion of Information and Communications Network Utilization and Information Protection Act”

Our privacy policy informs a user of how we process the personal data collected from the user and what measures are taken to protect the personal data.

This Privacy policy shall be effected as of Jan 20, 2017 and amendment thereafter shall be informed on the website(or via individual notices in writing, by email, phone, SMS, or any other similar means).

0. General Provisions

"Personal data" means information about an individual which can be used to identify the individual and includes user’s name, social security number, etc. Personal data also includes any data that cannot identify an individual on its own but can identify an individual when combined with other information without difficulties.

The Company values protection of user’s personal data and strives to strictly comply with all applicable laws and regulations on personal data protection including the “Act on Personal Information Protection” and “Guideline for the Protection of Personal Information” established by the Ministry of Public Administrations and Security.

Our privacy policy informs a user of how we process the personal data collected from the user and what measures are taken to protect the personal data.

The Privacy policy will always be available in GenieTalk (Setting>Help>GenieTalk Privacy Policy).

The Company has established certain procedures necessary for revising the Privacy policy in an effect to constantly improve its Privacy policy in an effort to constantly improve its Privacy policy. In addition, the version numbers of the Privacy policy allows you to identify any revision to the Privacy Policy.

1. Data subject to collection and Method of collection

(1) Personal data we collect

The Company collects the following personal data from the user during use GenieTalk services.
In order to offer membership and consulting services, the company collects the minimal personal information necessary as shown below. Personal information that can clearly infringe upon the rights, interests, or privacy of customers is not collected. However, when customers give consent or personal information is allowed for collection by law, minimum personal information may be collected within the necessary scope.

- Device ID, Device info (model, IMEI no.), Voice information, input text by the user, automatically speech recognized text.
- Name, ID or e-mail, password, mobile phone number
  – collection method: App (membership))
- During surveys or events, personal information may be selectively requested for statistical analysis or to send gifts.
- The following payment information may be collected for paid services
  – when paying by credit card: name of credit card company, card no., etc.
  – when paying by mobile phone: communication company, mobile phone number, etc.
  – bank transfer: bank name, account no., etc.

This service is not intended for children under 14, the Company does not knowingly collect any personal data from children under 14.
If we collect personal data from children under 14, without the consent from the legal representatives of the children, immediately destroy the personal data upon fulfilling its objectives of collection and/or use of its user’s personal data, and treat the personal data with care.

(2) How we collect personal data

- Personal data will be collected through synchronization with the consent of Collection and Provision of Personal Data.

※ The Company provides users with the procedures to choose to ‘agree’ or ‘disagree’ to the collecting and using the personal data.

2. The purpose of the collecting and using personal data

The Company uses the collected personal data for the following purposes.

- To improve the voice recognition services through the provision of voice recognition-based services and statistical analysis
- To provide a translation services using voice recognition and input of original text and improve the performance thereof
- Use for consulting during use of services or handling operations

3. Period of retention and use of personal data

In principle, the collected personal data shall be deleted without delay after the purposes for which the personal data is collected have been accomplished. In order to improve speech recognition accuracy and provide better responses, the voice information will be sent to our server using encryption protocols and be used to improve the voice recognition function for 2 years. The data of dormant user who does not use the GenieTalk for 6 consecutive months, will be retained and used for an additional 18 months after deleting other user identifiable data.

Notwithstanding the foregoing, we may retain certain personal data of our users for the period permitted under the applicable law in the event that we are required to do in compliance with the applicable laws and regulations. In such case, we transfer the personal data to a separate database or store the personal data in a separate storage.

☞ List of personal information (Period and Law)
- Records regarding contract and revocation of offers(5 years, Consumer Protection in Electronic Commerce Act)
- Records of payment and supply of goods (5 years, Consumer Protection in Electronic Commerce Act)
- Records Regarding consumer complaint and disputes(3 years, Comsumer Protection in Electronic Commerce Act)
- Records Regarding acquisition / processing and use of credit information(3 years, Use and Protection of Credit Information Act)
- Records regarding marketing and advertisement(6 months, Consumer Protection in Electronic Commerce Act)
- Records regarding internet log and user’s search track(3 months, Communications Privacy Act)
- Records regarding other Telecommunication related record(6 months, Communications Privacy Act)

4. Destruction Procedures and method of destruction of personal data

Destruction procedures and methods are as follows:

(1) Destruction Procedures

After achieving the purpose of collecting and using personal data, each personal data will be transferred to a discrete database and subsequently be disposed of after as certain period of time in accordance with the internal policies and the applicable laws(see Period of retention and use of personal data above) and will not be used for purposes other than those permitted under the applicable laws and regulations.

(2) Destruction Method

Any electronic files storing personal data shall be destroyed irretrievably using appropriate technologies.
Any hard copies of personal data shall be disposed of by shredding or burning.
----------------------------------------------------------------------------

5. Outsourcing of the Processing of Personal Data

For the purposes of providing services, the Company outsources the processing of personal data to an external third party where necessary.

When outsourcing the processing of its user’s personal data, we require the service provider to be in compliant with the instructions on the protection of personal data, maintain confidentiality, refrain from transferring or disclosing the personal information to a third party, assume liability for any damages, and return/dispose of the personal data immediately after the termination of the contract period and we monitor such third party to treat personal data in a secure manner.

In the event of any changes to the contracting party or to the terms of the outsourcing contract, the changes shall be informed on the website(or via individual notices in writing, by email, phone, SMS, or any other similar means).

☞ Outsourced Service Provider
- ETRI(Electronics and Telecommunications Research Institute)

6. Sharing data with business partners

In principle, we do not share your data with an external third party subject to the following exceptions:

- Pursuant to the provisions of laws and regulations, or for the purpose of the investigation if requested by law enforcement agencies according to the legitimate procedures and methods specified in statute
- Required for paying off balances for a paid service
- Provided in an form of anonymized format information for the statistical, academic research or market researches
- With a user’s prior consent

7. User and the legal representative’s rights and how to use it

A user under 14 and his or her legal representative may request to access/rectify·delete/stop processing/withdraw consent on the user’s personal data.

For such action, please send a letter to or email Personal Information Manager, or call our Representative telephone number(+82-31-627-7900), and we will take necessary steps without delay.

The Company may reject the request entirely or partially in any of the following cases:
- The relevant laws or regulations prohibits or limits access to the personal data
- There is a possibility that other person’s life/body gets hurt or person’s property or other type of interest may be infringed.

In case rectification of his or her personal data is requested by a user, such personal data will not be provided to a third party until the requested rectification is completed. Also if we provided incorrect personal data to a third party, we will deliver the corrected personal data to the third party without delay.

Personal data that is deleted/stopped processing at the request of a user or his or his legal representative will be treated in accordance with the steps mentioned above under ‘3. Period of retention and use of personal data’ and cannot be accessed or used for any other purpose.

Please make sure you keep your personal data up to date. You are solely responsible for any accident resulting from inaccurate personal data that you entered and your membership may be cancelled in case you input false personal data such as stolen personal data.

A user is entitled to protection of his or her personal data. A user shall not infringe other’s privacy. Please be careful to prevent leakage of your personal data including a password.
You may be subject to sanctions or penalties under “Promotion of Information and Communications Network Utilization and Information Protection Act” or other related laws in case you fail to carry out such responsibilities and harm other’s privacy or dignity.

8. Other Security Measures to Protect Personal Data

(1) Technical and administrative measures to protect personal data

The Company, in dealing with personal data of its users, takes the following technical and administrative measures to protect users’ personal data from loss, theft, leakage, falsification or damage:

- The establishment and implementation of internal control plan
· The Company has established and implemented the internal control plan to safely process personal data
· The Company, though its personal data protection process, monitors whether the personal data protection measures are normally operated and whether the relevant personnel are in compliance with internal guidelines and tries to fix a problem upon discovering the problem.

- Installation and operation of access control system
· The Company operate an access control system to prohibit any unauthorized access from outside and strives to take all feasible technical measures to ensure security of its system.

- Measures for prevention of forgery or falsification of access records
· The Company keeps records of access to the personal data processing system and utilizes security functions to prevent forgery or falsification of the access records.

- Encrypting personal data
· The Company protects user’s personal data with passwords. We store and maintain files and transfer data encryption or using file locking function.

- Anti-hacking measures
· The Company uses an antivirus program to prevent any leakage or loss or damage to its user’s personal data. The antivirus program will be regularly updated, and we will strive to provide the most recent version of the antivirus upon release in case of inadvertent malicious viruses.
· The Company adopts a Secure Sockets Layer(“SSL”) that enables safe transmission of its user’s personal data over the network using encryption algorithm.
· The Company uses intrusion prevention systems and vulnerability analysis systems to prohibit any unauthorized access to each server from outside and strives to take all available measures to ensure security of its system.
· Personal data and other data are stored in separate servers

- Restricting and training the personnel allowed to handle personal data
· The Company restricts access to the personal data of its users to its personnel who conducts direct marketing toward users, is responsible for or in charge of personal data management, and inevitably deal with personal data in the course of carrying out his or her duties.
· The Company or its external agent regularly trains the Company’s personnel who deal with personal data on new information security techniques and privacy obligations.
· Every employees have to sign the security pledge when joining the Company to prevent personal data leakage by such employees and the Company has proper internal procedure and process to audit the employees with respect to personal data breach.
· The handover procedures for employees who deal with personal data managers are carried out in a secure environment, and the Company clarifies who is liable for personal data breach since joining and leaving the Company.
· Computer rooms and data storage rooms are designated as restricted areas and access to such areas is strictly limited.

(2) External Link Policy

The Company may provide its users with a link to other companies’ document or website.
In this case, the Company lacks control over websites, materials, products and services of the third party and, accordingly, the Company is not responsible for and may not guarantee the usefulness or validity of the materials, products or services. You are recommended to review the privacy policy of the website transferred to after clicking the link contained in the Company’s site.

(3) Bulletin management policy

The Company cherish the users’ postings on bulletin and we strive to protect the postings from tampering, damage, or deletion, subject to the following exceptions:

- Spam
- Defamatory article disseminating false information in order to slander others
- Postings disclosing other’s identity without consent
- Postings infringing intellectual property rights of a third party or other company
- Postings whose subjects diverges from the subject of bulletin board

The Company may remove or switch to a symbol certain part when disclosing a third party’s identity without consent for desirable culture of the bulletin board. In case the content is transferrable to other bulletin board of different subjects, the Company shows the transfer path for the avoidance of any misunderstanding.
Otherwise, the Company may remove the articles after individual or explicitly warnings.

In principle, the individual posting an article assumes all responsibilities and rights pertaining to the article because any information voluntarily disclosed in such article may not be protected.

(4) Unauthorized email collection refusal policy

The Company refuse unauthorized collection of email address posted on the bulletin using an email collection program or other technical measures. Any violation may be subject to punishment pursuant to “Promotion of Information and Communications Network Utilization and Information Protection Act” or related laws.

(5) Transmission of Information containing advertisement

The Company does not send its customers any information containing an advertisement nature for commercial purposes in case a user explicitly refuses to receive such information.

9. Personal Data Manager and customer relation

The Company designates the following department or person to take care of any complaints or questions relating to personal data and to protect users’ personal data:

(1) Customer Service Department

Customer Service Department: Hancom interfree Inc.
Tel: +82-31-627-7931

(2) Personal Information Manager

Department: Hancom interfree Inc.
Phone: +82-31-627-7931
E-mail: privacy.info@interfree.com

(3) Other Organizations

Any report or questions relate to the infringement of any personal information may be directed to the following organizations:

- Personal Information Infringement Reporting Center(www.118.or.kr/118)
- Internet Crime Investigation Center of the Supreme Prosecutors’ Office (www.spo.go.kr/+82-2-3480-3600)
- Cyber Terror Response Center of the National Police Agency (www.ctrc.go.kr/+82-2-392-0330)

The user can declare all privacy-related complaint arising, please use the services of a personal information manager with the company or department. The company will be happy to answer quickly enough for users to report their locations.
If you need to report other personal information or counseling on infringement, please contact the following organizations.

- Privacy Complaint Center (www.118.or.kr/118)
- Prosecutors' Office Internet Crime Investigation Center (www.spo.go.kr/02-3480-3600)
- Police Cyber Terror Response Center (www.ctrc.go.kr/02-392-0330)

Version number of Privacy policy : 1.004
Enforcement Date of Privacy policy : 01/20/2017