PERSONAL INFORMATION PROCESSING POLICY

FINGER INC. (hereinafter referred to as ‘the Company’) respects the user's personal information and complies with the “Act on Promotion of Information and Communications Network Utilization and Information Protection”. The company will inform you about the purpose and method of using personal information provided by users through the personal information processing policy and what measures are being taken to protect personal information.

1. Purpose of processing personal information

The Company uses the collected personal information for the following purposes.

• ① Fulfillment of contract related to the provision of service and settlement of fees due to the provision of service, identification in financial transactions, and overseas remittance service
• ② For membership management: Self-identification, personal identification, prevention of illegal and unauthorized use of bad member, confirmation of registration, complaint handling, delivery of announcement
• ③ Collecting and storing the device's unique number at the time of membership registration, and use it as an account for personal identification
• ④ Collecting and using the member’s phone number, phone numbers stored in the phone book of the member's phone to provide services such as automatic friend registration and friend recommendation
• ⑤ Delivery of marketing information such as events for the purpose of marketing and advertisement, understanding the access frequency or statistics on the use of services by members

2. Personal information to be processed

The company is processing the below information for membership registration, consultation, service application, etc.

• ① The Company is collecting personal information required for sending money overseas such as ID card copy, name, address, phone number, date of birth, register’s bank name and banking account number, email address. However, company is not receiving application and collecting data from minors who are under the age of 19. Optional fields for collection include career, purpose of remittance, source of money etc…
• ② The Company may collect location, smartphone’s unique device information of customer during using service, and shall notify a customer in advance when collecting that information.
• ③ Methods of collecting information: either the customer enters directly when installing company’s App, or the Company shall collect in case the customer consents beforehand.

3. Use of personal information

• ① The Company collects personal information for purpose of processing membership registration
• ② The Company collects personal information for purpose of processing money transfer.
• ③ The Company collects personal information for purpose of providing relevant financial institutions with personal information and remittance information when processing transfer. (In accordance with relevant law about use and report of specific financial transaction information, customer information is provided to financial institutions when transferring money overseas)
• ④ The Company collects personal information for purpose of providing events, advertisement etc….
• ⑤ The Company collects personal information for purpose of providing customized services through service’s use record and frequency, analysis, use of service statistics etc….
• ⑥ The Company collects personal information for purpose of building using environment where a user can use safely in security, privacy, safety aspects.

4. Processing and retention period of personal information

• ① In principle, the Company shall destroy the information immediately after the purpose of collecting and using personal information is achieved. However, the following information will be retained for the period specified below for the following reasons.
• ② Preservation items: Name, login ID, password, home phone number, home address, mobile phone number, email, company name, department, company telephone number, bank account information, service use log, access log, cookie, access information, payment record
• ③ The Company shall no longer use information when a user terminates his/her membership
• ④ The Company destroys personal information after 1 year if a user does not own any transfer record. But some of personal information and remittance information may be preserved / maintained in accordance with laws.
• ⑤ If a user has at least 1 time or more of remittance record, the Company shall preserve remittance record and required personal information for 5 years since the date of transfer, except for that the Company shall not use personal information in any activities that are not regulated by laws.
• ⑥ In accordance with the provisions of relevant laws and regulations, if it is necessary the Company will keep the membership information for a certain period as follows.
• - Records on transactions, such as indications and advertisements, contract details and performance, in accordance with the Consumer Protection Act in Electronic Commerce, etc.
  • Record on contract termination or subscription termination: 5 years preservation
  • Record on goods supply and payment: 5 years preservation
  • Record on settling disputes or consumer’s complaints: 3 years preservation
• - Electronic financial transaction record pursuant to Article 12 of the Enforcement Decree of the Electronic Financial Transaction Act
  • Details of electronic financial transactions, records of access to electronic devices, matters related to application for electronic financial transactions and changes in conditions, and records of electronic financial transactions exceeding 10,000 won per transaction: 5 years
  • Records on electronic financial transactions with a transaction amount of KRW 10,000 or less per case, and records on approval of transactions related to the use of electronic payment means: 1 year
• - Communication confirmation data according to Article 41 of the Enforcement Decree of the Protection of Communications Secrets Act
  • Computer communication, Internet log record data, access tracking data: 3 months

5. Destruction of personal information

• ① When the period of retention of personal information has elapsed and personal information became unnecessary after achieving the purpose of processing personal information, abolishing the service, or closing the business, the personal information will be destroyed within 5 business days from the date the processing of personal information is recognized to be unnecessary.
• ② However, if the company has to keep personal information in accordance with related laws such as foreign exchange transaction law even though the period of retention of personal information has elapsed or the purpose of collection and use has been achieved, the relevant personal information should be transferred to a separate DB or storage place. This information will be stored and destroyed during the period specified by the relevant laws.
• ③ Printed information and written documents containing personal information will be destroyed by shredding or incineration, personal information in the form of electronic files will be permanently deleted.

6. Customers and their legal representatives’ rights and means of exercising

Customers shall be able to exercise the following rights for the protection of their own personal information as managed by the Company.

• ① Request to read personal information
• - Request to read personal information can be made to the Company or the person in charge of personal information management through written, telephone, e-mail, fax, etc., and the company will take action without delay.
• ② Request to correct error, etc.
• - If the user requests correction or deletion of personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
• ③ Request to delete information
• ④ Request to stop handling personal information

The user shall not infringe the personal information and privacy of the user himself or others that the company is handling in violation of related laws and regulations such as the Information and Communication Network Act, the Personal Information Protection Act.

7. Methods of processing personal information

• ① During membership registration and service use, the Company collects personal information if user agrees to the personal information collection and enters information directly.
• ② During the consultation process via customer center, personal information of users can be collected through web pages, applications, mail, fax, and telephone.
• ③ Personal information may be collected in written form at offline events.
• ④ The Company may receive personal information from another partner company or organization. In such cases, the partner companies must obtain the user's consent to provide personal information.

8. Provision and entrustment of personal information

• In accordance with related laws and regulations, the Company stipulates necessary matters to ensure that personal information can be safely managed when contracted. The company's personal information consignment processing agency and entrusted business contents are as follows.
• - The 3rd party who receives personal information
• Overseas financial institution
• Korea Financial Telecommunications and Clearings Institute(KFTC)
• - Necessary items
• Account real name, ID Card’s number, Passport Number, Account Number for checking real name account.
• Sender’s account number, Bank Code and Sender’s name for checking sender’s information.
• - Purpose of utilizing personal information: To provide small-sum overseas remittance service, and to perform the obligations pursuant to the according country's law
• - Period of use: 5 years from the day of receiving personal information in compliance with the according country's law

9. Installation, operation and denial of automatic collection of personal information

• ① The Company automatically collects the device identification number (device ID) when the user executes the program provided by the company in order to create the account information. Also, in order to provide friend recommendation and product recommendation function, the Company may collect phone numbers stored in users’ phone if they want.
• ② The Company stores users’ information and uses "cookies" retrieved from time to time to provide personalized service to each user.
• • - Purpose of use of cookie
  • Analyzing the frequency of visitors and members' access frequency and time, identifying user's tastes and interests, tracking traces, participating in various events and checking the number of visits, targeted marketing and personalized service users have the right of choosing cookies setting. As a result, users can allow all cookies by setting options in your web browser, check each time a cookie is saved, or refuse to save all cookies.
  • - How to decline cookie settings You may refuse to install cookies. However, if you refuse to install cookies, it may be difficult to use some services that are required to log in. (Setting method, based on IE) Tools> Internet Options> Privacy> Site blocking

10. Measures to ensure the safety of personal information

• ① The Company is encrypting personal information.
• ② To prevent personal information leak or damage through hacking or viruses, the Company establishes system in a restricted area, backs up data, transmits and receives personal information safely on an encrypted telecommunication network.
• ③ Minimizing the number of persons in charge of processing personal information. The number of persons in charge of processing personal information is designated at the minimum, top manager in charge of personal information protection’s approval is required when downloading to PC or using staff’s working PC.

11. Staff in charge of personal information protection

The Company’s staff in charge of personal information protection is as follows.

Person in charge of personal information

• - Name : LEE HONG WOO
• - Title : Senior General Manager
• - Email : hwlee@finger.co.kr

Top manager in charge of personal information protection

• - Name : CHANG JAE HWA
• - Title : Director
• - Email : jhchang9072@finger.co.kr

Telephone

• - 02-786-8203 (Vietnamese)
• - 02-786-8204 (Korean/English)

You may declare any privacy complaints that may arise during using company's service to the person in charge of Personal Information Management or relevant department. The Company will respond promptly and fully to members' reports.
If you need to report or consult about other privacy infringement, please contact the following organizations.

• Personal Information Infringement Report Center : http://privacy.kisa.or.kr / without area code 118
• Personal Information Dispute Mediation Committee : http://www.kopico.go.kr / 1833-6972
• Supreme Prosecutors’ Office Cyber Criminal Investigation Department : www.spo.go.kr / without area code 1301
• Korean National Police Agency Cyber Bureau : http://cyberbureau.police.go.kr / without area code 182

12. Obligation of notice

This personal information processing policy will be effective from the enforcement date. According to the laws and policies, if there are changes such as additions, deletions and corrections, the Company shall announce the changes by posting on website (blog) or mobile application notice (or individual notice). This policy will be enforced from the date of notice.

• Personal Information Processing Policy Notice Date : November 17, 2022
• Personal Information Processing Policy Enforcement Date : November 23, 2022

You can check the previous Personal Information Protection Policy by clicking the link below.

• Previous Personal Information Protection Policy(v1.5) 2020/01/23