Privacy Policy

Consent to the collection and use of customers’ personal information, provision of personal information and consignment of personal information processing to third parties is completed by clicking the button for Personal Information Collection/Use Agreement. Prior to clicking, please read carefully the Privacy Policy and Personal Information Collection/Use Agreement posted on the PC or mobile website (htttp://www.cjenm.com, http://m.cjenm.com)

The Company collects and uses the minimum personal information required for service delivery. It shall not be used for any purpose other than the one for which consent was provided, and if the purpose of use changes, the Company shall take necessary measures including obtaining consent from the information subject.

1. (1) Collection method
   • Information collection through the use of PC or mobile website services
   • Collection of information generated via a log analysis program
   • Collection of information via cookies
2. (2) Items, purpose, and retention period of collected personal information
   1. a. Biz-Contact

      Purpose of collection and use	Use of Biz-Contact service, receipt and processing of inquiries, and notification of processing results
      Collected items	Email address, mobile phone number, company name, country
      Retention period	Up to 1 year from the date of receipt or up to 1 month from the time of processing completion

   2. b. FACT SHEET

      Purpose of collection and use	Use of FACT SHEET service
      Collected items	Username, email address, mobile phone number, affiliation, type of occupation
      Retention period	Up to 1 year from the date of receipt or up to 1 month from the time of processing completion

3. (3) Information generated and collected during service use or processing
   During service use or processing, the following information may be generated and collected to deliver personalized services.
   • Frequency of use, service use duration and usage record
   • Access log and access IP information, cookie, usage record, session information, terminal information and MAC address

1. (1) Period of use and retention
   The Company shall retain and use personal information only during the period (usage period) to which the customer has provided consent for the purpose of service delivery and inquiry processing.
2. (2) Period of storage and retention of personal information
   In the case that the Company needs to preserve personal information with the consent of the information subject or in accordance with the provisions of other relevant laws, the Company shall store such personal information for a certain period as stipulated in the relevant laws.
   • Visitor log records/Location tracing data capable of confirming the location of information and telecommunication equipment: three (3) months (Protection of Communications Secret Act), and for such other preservation periods pursuant to Article 15-2 of the Act thereof and Article 41 of the Corresponding Enforcement Decree for each Communication Confirmation Data
   • Other storage and preservation period: In cases where consent has been obtained separately from the information subject
3. (3) Procedure and method of personal information disposal
   1. a. Disposal procedurebr /> The information provided by the customer for service delivery is transferred to a separate database after the given purpose is achieved, stored for a certain period according to the reason for retention in accordance with internal policies and other relevant laws, and then disposed in the manner specified in subparagraph “c. Disposal Method” below. Personal information transferred to a separate database will not be used for any other purpose, unless it is retained for legal reason.
   2. b. Disposal subject
      Information for which the retention period and the preservation period have expired in accordance with relevant laws and regulations.
   3. c. Disposal method
      
      • Personal information on handwritten or printed media: Shredding or incineration
      • Personal information stored in an electronic file format such as a database: Deleted irreversibly using a technical method.

During the usage of the Company’s service or inquiry processing, etc., cookies, service use records, and user device information may be automatically generated and collected.

A “cookie” refers to data that a website sends to the user’s web browser (Internet Explorer, Chrome, Firefox, etc.). The Company accesses the cookies saved on customers’ PCs from their visits to the website, analyzes the information stored on the cookies, such as browsing history, information of services used, time and frequency of service use, and other information generated or provided (entered) by customers during their use of the website and utilizes the results to provide better services, deter fraudulent use, and identify user errors.

Customers have the right to allow all cookies, request notifications whenever cookies are stored, or to block all cookies by selecting the relevant option through the “Internet Options” tab on the tool bar at the top of the web browser. However, blocking cookies may cause inconvenience in terms of service use.

A customer can visit the Company’s website and submit a request for correction, deletion, or access regarding his/her personal information that is stored by the Company at any time.

1. (1) A customer may request access and verification via the website and the Company’s customer service center.
2. (2) When a customer requests access and verification of his/her personal information, the customer must provide his/her identity based on the identification (or copy thereof) such as a resident registration card, a passport, or a driving license (new version) for the Company to verify the identity.
3. (3) When a customer wishes to designate an agent to access and gain a verification of his/her personal information, the customer must provide proof for the power of attorney, the certificate of registered seal in the customer’s name, and proof of identity for the agent, for the Company to verify the identity of the agent as necessary.
4. (4) If a customer requests the correction of his/her personal information, the Company must neither use the relevant personal information nor provide it to third parties before the update is completed. If incorrect information has already been provided to third parties, the Company shall immediately notify the relevant third parties with the corrected information to ensure that the necessary correction is made.
5. (5) However, the Company can exceptionally restrict access and correction of personal information in cases as follows:
   1. a. If it is likely to cause substantial damage of the life, body, property or rights and interests of the principal or third parties.
   2. b. If it is likely to cause substantial interference to the operation of the service provider.
   3. c. If it violates laws or regulations.

• The Company has designated a personal information manager and a department responsible for personal information protection as follows and also operates a consultation channel for personal information protection to ensure clear communication with customers.

  Department	Name	Contact
  CJ ENM ENTERTAINMENT Division, IT Service Planning Team	Byung-ah Park	1670-1525

• To report or seek consultation on the breach of privacy, please contact the personal information manager by phone or email, or contact the following institutions:

  Name of institutions	URL	Contact information
  KISA Personal Information Infringement Report Center	http://privacy.kisa.or.kr	118 without an area code
  Supreme Prosecutor’s Office of the Republic of Korea Forensic Science Investigation Department Cybercrime Investigation Division	http://www.spo.go.kr	1301 without an area code
  National Police Agency of the Republic of Korea	http://cyberbureau.police.go.kr	182 without an area code
  Personal Data Dispute Mediation Committee	http://kopico.go.kr	1833-6972 without an area code

The Company uses customers’ personal information within the scope specified in the Privacy Policy. The Company shall neither use the information nor provide it to third parties beyond the specified scope. However, the Company may disclose the information in exceptional cases such as when prior consent has been given by a customer or when the information is required to be disclosed under the regulations and procedures stipulated by the relevant law. At present, the Company does not disclose customers’ personal information to third parties.

The Company externally entrusts personal information processing to operate and maintain its service, and to manage and provide convenience for customers. The Company manages the consignee by contractually obligating its compliance with the relevant laws and guidelines, information protection and confidentiality, and obligation to return/destroy personal information immediately after the expiration of the entrustment period, etc.

1. (1) Customers may request to access, correct or delete personal information at any time. To access, correct, or delete personal information, contact the personal information manager or customer service in writing, e-mail, or phone, and appropriate actions shall be taken without delay following the identity verification process.
   However, requests for personal information access may be restricted or refused in the following cases:
   • If there are special regulations under the law or when access is prohibited or restricted by law.
   • If there is a risk of harming another person’s life or body, or unjustly infringing another person’s property and other interests.
   • If it is likely to cause substantial interference to the operation of the service provider.
2. (2) Customers may request the withdrawal of consent to the collection and usage of personal information, and request the deletion, or suspension of processing regarding such data. Contact the personal information manager, and appropriate actions shall be taken without delay following the identity verification process.

1. (1) In principle, the Company does not collect personal information of children under the age of 14 (hereinafter referred to as “Children”). However, in cases of unavoidable collection of such information for service delivery, the Company shall seek consent from the legal representative of the Children concerned.
2. (2) In order to obtain the consent of the legal representative (parent), the Company collects minimum personal information such as the name and contact information of the legal representative (parent) from Children. The legal representative (parent) can access, correct, and delete Children’s personal information. Call the personal information manager or contact customer service to request access, correction or deletion regarding Children’s personal information, and then necessary actions shall be taken.

The Company has implemented the following technical and administrative measures to ensure security by preventing the loss, theft, leakage, tampering or damage of personal information.

1. (1) Technical protection measures
   1. a. Personal information is protected by a password, and critical data is protected with additional security functions such as encryption of files and transmitted data or using a file locking function.
   2. b. The Company aims to prevent damage caused by computer viruses through the use of antivirus software. The Company deters privacy infringement by regularly updating the antivirus software and ensuring the immediate installation of updates in line with the identification of new computer viruses.
   3. c. The Company adopts a security system for the secure transmission of personal information over its networks.
   4. d. In order to prevent the leakage of customers’ personal information by various intrusion methods (e.g., hacking), the Company installs its systems in a controlled area with restricted external access and use of intrusion-blocking devices.
2. (2) Administrative protection measures
   1. a. The Company has implemented a procedure for managing and accessing customers’ personal information, ensuring understanding and compliance among employees, and carrying out regular inspections on the compliance status.
   2. b. The Company minimizes the number of employees who handle personal information and manages access authority, while providing training on compliance with laws and regulations. The employees who handle customers’ personal information are as follows:
      • Those in direct or indirect customer-facing roles
      • Those in charge of the management and protection of personal information including personal information manager or personal information officer
      • Other employees who unavoidably access personal information when carrying out work-related tasks
   3. c. When hiring new employees, the Company prevents the leakage of information (including personal information) by employees by requiring them to sign a pledge of information security, while providing frequent reminders of obligations for personal information protection and implementing an internal procedure to audit their compliance.
   4. d. The handover of responsibilities by a personal information handler is conducted while ensuring strict security and clearly-defined liability against cases of personal information infringement when joining or leaving the Company.

The content of this Privacy Policy may be added, deleted, according to enactment and amendment of the statute, policy change by the government, or the Company for reasons such as changes in security technology. Any amendment of this Privacy Policy shall be posted on the website prior to the amendment.

• Current Privacy Policy Version: 1.2
• Notification date: September 27, 2021 / Effective date: October 4, 2021