Redbrick Class Privacy Policy
Redbrick Inc. (hereinafter "Company") values the personal information of users of Redbrick Makers (hereinafter "Service") and is committed to protecting personal information. Through this Privacy Policy, the Company informs you of the purposes and methods for which the personal information you provide is used and what measures are being taken to protect personal information.
1. Purpose, Items, and Methods of Personal Information Collection and Use
1.
The Company processes personal information for the following purposes.
a) Matters related to membership registration and management: Member identity verification, prevention of fraudulent registration, confirmation of intent to register, age verification, verification of legal representative consent for processing personal information of children under 14, notice of announcements, restriction of use for members violating terms, sanctions against activities that interfere with stable service operation and fraudulent use, confirmation of grounds for membership refusal, record keeping for dispute resolution, various notifications, etc.
b) Matters related to content and service provision: Basic/customized service provision, various customized services, sending contracts and invoices, identity verification, age verification, payment and settlement, debt collection, paid service payment and refund
c) Complaint consultation and processing, grievance handling: User identity verification, confirmation of complaints, contact and notification for fact-finding, notification of processing results
d) Service improvement and statistical surveys on usage, new service development, service provision based on statistical characteristics, service validity verification, access frequency analysis, statistical analysis of member service usage, and service environment improvement
e) Only with separate consent from the member: Provision of event information and participation opportunities, provision of advertising information and participation opportunities
2.
The Company collects the following personal information for the purposes stated above.
a) When registering as an Educator or Student member
① Required items: Name, email address, password
② Optional items: None
③ When registering members under 14: Legal representative's name, email, date of consent
b) When paying for paid services
① Credit card payment: Card company name, card number, and other credit card information
② Bank transfer: Account holder name, account number, bank name, and other bank account information
③ Mobile payment: Mobile phone number, carrier, and other payment information
c) During service use or business processing, information such as mobile device ID, access IP, Advertising ID (AAID, IDFA, etc.), cookies, visit date and time, and service usage records may be automatically generated and collected to verify content usage.
d) When registering through external services or linking accounts, the following personal information is collected from third parties.
① Google: Google ID, email, name
e) During complaint processing, necessary items from the above information and additional items required for the complaint may be collected and processed.
2. Provision and Entrustment of Personal Information
1.
Provision of personal information
a) The Company uses users' personal information within the scope stated in "1. Purpose, Items, and Methods of Personal Information Collection and Use" and does not provide personal information in principle. However, exceptions are made in the following cases.
① When the user has given prior consent
② When required by law or requested by investigative authorities through procedures and methods prescribed by law for investigation purposes
2.
Entrustment of personal information processing
a) The Company entrusts personal information as follows for smooth business processing and stipulates necessary matters for safe management of personal information in entrustment contracts in accordance with relevant laws. The entrustment period is until 90 days after the member's withdrawal or loss of eligibility, or until the entrustment contract ends.
① Domestic entrusted companies
② Overseas entrusted companies
* You may refuse the overseas transfer of personal information by contacting the Company's personal information department. However, if you refuse, service use may be restricted.
3. Use and Provision of Personal Information Within Reasonably Related Scope
The Company may use or provide personal information to third parties without the user's consent within a reasonable scope related to the original collection purpose, considering the following criteria.
a) Whether there is relevance to the original collection purpose: Determined by considering whether the original collection purpose and the additional use/provision purpose are related in nature or tendency
b) Whether there is predictability of additional use or provision considering the circumstances or practices of personal information collection: Determined by considering the relationship between the personal information processor and the user, the level and speed of technological development, and general practices established over a considerable period
c) Whether the user's interests are unfairly infringed: Determined by considering whether the user's interests are substantially infringed in relation to the additional use purpose and whether such infringement is unfair
d) Whether necessary measures for safety such as pseudonymization or encryption have been taken: Determined by considering whether safety measures have been taken in consideration of the possibility of infringement
4. Personal Information Retention and Use Period
1.
The Company retains information provided at the time of membership registration for 90 days after the user withdraws or loses eligibility to prepare for unwanted withdrawal due to identity theft, and retains personal information of members who violated the terms of use and Company policies for 1 year to prevent disputes from fraudulent use. However, if investigation or inquiry is in progress due to violation of relevant laws, retention continues until the end of such investigation, and if there are remaining claims or debts from service use, retention continues until settlement.
2.
Notwithstanding the preceding paragraph, the Company retains member information for the following periods as required by relevant laws.
a) Records on contracts or withdrawal of subscription (E-Commerce Act): 5 years
b) Records on payment and supply of goods/services (E-Commerce Act): 5 years
c) Records on consumer complaints or dispute resolution (E-Commerce Act): 3 years (however, until the end of proceedings if civil, criminal, or administrative proceedings are in progress)
d) Records on display/advertising (E-Commerce Act): 6 months
e) Books and supporting documents for all transactions as prescribed by tax law (National Tax Basic Act): 5 years
f) Records on electronic financial transactions (Electronic Financial Transactions Act): 5 years
g) Records on access (Protection of Communications Secrets Act): 3 months
5. Procedures and Methods for Destruction of Personal Information
1.
The Company destroys personal information without delay through the following methods when the retention and use period has elapsed or the processing purpose has been achieved.
a) Destruction procedure: The Company selects personal information for which destruction reasons have occurred and destroys it with the approval of the personal information protection officer.
b) Destruction method: Electronic files are permanently deleted in a manner that prevents recovery; printed materials, documents, and other recording media are shredded or incinerated.
2.
Separately from the above criteria, the Company may convert accounts of members who have not used the service for 1 year to dormant accounts and store them separately or delete them.
3.
If personal information must continue to be retained pursuant to the laws stated in Article 3, Paragraph 2, despite the expiration of the consented retention period or achievement of the processing purpose, the personal information shall be moved to a separate database or stored in a different location.
6. Rights and Obligations of Members and Legal Representatives and How to Exercise Them
1.
Members may exercise their rights to request access, correction, deletion, and suspension of processing of personal information, and withdraw from membership at any time regarding the following matters. However, if a Member withdraws consent to personal information necessary for membership registration and service provision, membership withdrawal and service termination may be unavoidable.
a) The Member's personal information held by the Company
b) Records of the Company's use or provision of the user's personal information to third parties
c) Records of consent given to the Company for collection, use, and provision of personal information
2.
The exercise of rights under Paragraph 1 may be made to the personal information protection officer through written documents, phone, email, etc., and the Company shall take action without delay.
3.
The exercise of rights under Paragraph 1 may be made through a legal representative or an authorized agent. In such cases, a power of attorney confirming the delegation must be submitted.
4.
The exercise of rights to request access, correction, deletion, and suspension of processing of personal information may be restricted as prescribed by relevant laws such as the Personal Information Protection Act.
5.
Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target under other laws.
6.
The Company verifies whether the person making the request for access, correction, deletion, or suspension of processing is the individual or a legitimate representative.
7. Matters Regarding Processing of Personal Information of Children Under 14
1.
The Company collects the minimum personal information necessary for the service with the consent of the legal representative when collecting personal information of children under 14. Additionally, separate consent is obtained from the legal representative when collecting children's personal information for marketing or promotional purposes.
2.
When collecting personal information of children under 14, the Company may request minimum information such as the legal representative's name and email, and confirms that the legal representative has given legitimate consent through one of the following methods.
A method where the legal representative indicates consent on an internet site posting the consent content, and the personal information processor confirms the consent indication by sending a text message to the legal representative's mobile phone
A method where the legal representative indicates consent on an internet site and provides credit card or debit card information
A method where the legal representative indicates consent on an internet site and verifies identity through mobile phone authentication
A method where a written document containing the consent content is directly issued to the legal representative or delivered by mail or fax, and the legal representative signs, seals, and submits it
A method where an email containing the consent content is sent and an email with the legal representative's expression of consent is received
A method where the consent content is communicated to the legal representative by phone and consent is obtained, or a method to verify the consent content such as an internet address is provided and consent is obtained through a subsequent phone call
Other methods equivalent to the above for informing the legal representative of the consent content and confirming the expression of consent
8. Installation/Operation and Rejection of Automatic Personal Information Collection Devices
1.
The Company uses cookies and sessions that periodically store and retrieve member information. Cookies are small data packets sent by the server to the user's web browser when using the website and are stored on the member's computer hard disk. Sessions refer to the server storing member information on the server during the member's access period.
2.
Purpose of using cookies and sessions: To help maintain the settings configured by the user for convenient use, and to provide optimized customized services and serve as a measure for service improvement by identifying visit records, usage patterns, and areas of interest.
3.
Matters regarding cookie installation, operation, and rejection: Users have the option to accept or reject cookie installation by setting options in their web browser. However, rejecting cookie installation may cause difficulties in using some services that require login. Methods for specifying cookie installation permission are as follows.
a) Chrome web browser > Top right menu [Settings] > [Site Settings] > [Cookies] settings
b) Safari web browser > [Settings] > [Safari] > [Block Cookies] > settings
4.
Users do not have the option to reject session installation, and sessions are automatically created on the server when using services that require login.
9. Safety Measures for Personal Information Protection
1.
Members' personal information is thoroughly protected by passwords, and the password matching the email address provided by the member is known only to the member. Therefore, verification and modification of personal information can only be done by the member who knows the password.
2.
Members should not share their passwords with anyone. For this purpose, the Company recommends logging out and closing the web browser after use on a PC.
3.
The Company's technical/administrative measures and physical measures for personal information protection are as follows.
a) Encryption of passwords and other authentication or important information among collected personal information
b) Installation, updating, and inspection of antivirus software to prevent personal information breaches from hacking or computer viruses
c) Access control through access authority settings, management, and intrusion prevention systems for personal information systems, and preservation and prevention of forgery of access records
d) Designation and authority settings for personal information handlers, education, establishment and implementation of internal management plans for safe management of personal information, and regular employee training
10. Name, Contact Information, and Department of Personal Information Protection Officer
The Company designates a personal information/location information protection officer as follows to take overall responsibility for personal information and location information processing and to handle user complaints and damage relief.
Name: Yang Young-mo
Organization: Redbrick Makers Inc.
Phone: 02-6358-2023
E-mail: redbrickmakers@redbrick.space
Users may contact the personal information protection officer and the department below for all personal information protection-related complaints and grievances arising from using the Company's services, and the Company will respond promptly and sincerely.
Department: Customer Support Department
Phone: 02-6358-2023
E-mail: redbrickmakers@redbrick.space
11. Methods for Remedying Rights Infringement
Users may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to obtain relief for personal information infringement. For other reports and consultations regarding personal information infringement, please contact the following organizations.
1. Personal Information Dispute Mediation Committee: (no area code) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: (no area code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: (no area code) 1301 (www.spo.go.kr)
4. National Police Agency: (no area code) 182 (ecrm.cyber.go.kr)
12. Obligation of Notification
The Company shall notify changes and the timing of implementation through the "Notices" section of the Company's site when the privacy policy is changed. The changed privacy policy shall take effect 7 days after posting.
This privacy policy is effective from November 17, 2023.