Privacy Policy

Privacy Policy

Article 1 (Purpose)

OmniNews (hereinafter referred to as the 'Company') establishes this Privacy Policy (hereinafter referred to as 'this Policy') to protect the personal information of individuals (hereinafter referred to as 'User' or 'individual') who use the services provided by the Company (hereinafter referred to as 'Company Services'), to comply with relevant laws and regulations such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the 'Network Act'), and to promptly and smoothly handle any grievances related to the protection of users' personal information.

Article 2 (Principles of Processing Personal Information)

In accordance with relevant privacy laws and this Policy, the Company may collect users' personal information. The collected personal information may be provided to a third party only with the individual's consent. However, if legally mandated by laws or regulations, the Company may provide the collected personal information to a third party without prior consent from the individual.

Article 3 (Disclosure of this Policy)

1. The Company discloses this Policy on the first page of its website or through a link from the first page, so that users can easily check it at any time.

2. When disclosing this Policy as per Paragraph 1, the Company utilizes font sizes, colors, etc., to ensure users can easily identify this Policy.

Article 4 (Changes to this Policy)

1. This Policy may be amended due to changes in relevant laws, guidelines, official notices, or the policies or content of the government or Company Services.

2. When amending this Policy in accordance with Paragraph 1, the Company will provide notice through one or more of the following methods:
   a. Notifying through the notice section on the first page of the Company's website or in a separate pop-up window.
   b. Notifying the user via written document, fax, email, or similar methods.

3. The notice mentioned in Paragraph 2 shall be given at least 7 days prior to the effective date of the amendment. However, in the case of significant changes to user rights, the notice will be given at least 30 days in advance.

Article 5 (Information for Membership Registration)

The Company collects the following information for user registration for its services.

1. Required Information: Email address and name

Article 6 (Method of Collecting Personal Information)

The Company collects users' personal information through the following methods:

1. When the user enters their personal information on the Company's website.

2. When the user enters their personal information through services other than the website provided by the Company, such as applications.

3. Collection of personal information through social logins via KakaoTalk, Apple, and Google.

Article 7 (Use of Personal Information)

The Company uses personal information for the following purposes:

1. For company operations, such as delivering announcements.

2. For improving user services, such as responding to inquiries and handling complaints.

3. For providing the Company's services.

4. For imposing restrictions on members who violate laws and the Company's terms of service, and for preventing and sanctioning activities that interfere with the smooth operation of the service, including fraudulent use.

Article 8 (Retention and Use Period of Personal Information)

1. The Company retains and uses the user's personal information for the period necessary to achieve the purpose of its collection and use.

2. Notwithstanding the preceding paragraph, according to the Company's internal policy, records of fraudulent service use are stored for a maximum of one year from the time of membership withdrawal to prevent fraudulent registration and use.

Article 9 (Retention and Use Period of Personal Information According to Laws)

The Company retains and uses personal information as required by relevant laws and regulations, as follows:

1. Information and retention period under the Act on Consumer Protection in Electronic Commerce, etc.
   a. Records on contracts or subscription withdrawal: 5 years
   b. Records on payment and supply of goods: 5 years
   c. Records on consumer complaints or dispute resolution: 3 years
   d. Records on indication and advertisement: 6 months

2. Information and retention period under the Communications Secret Protection Act
   a. Website log records: 3 months

3. Information and retention period under the Electronic Financial Transactions Act
   a. Records on electronic financial transactions: 5 years

4. Information and retention period under the Act on the Protection and Use of Location Information
   a. Records on personal location information: 6 months

Article 10 (Principle of Personal Information Destruction)

As a general rule, the Company will destroy the user's personal information without delay when it is no longer necessary, such as upon the achievement of the processing purpose or the expiration of the retention and use period.

Article 11 (Procedure for Personal Information Destruction)

1. Information entered by the user for membership registration, etc., is transferred to a separate database (or a separate filing cabinet in the case of paper) after the purpose of processing has been achieved. It is then stored for a certain period according to internal policies and other relevant laws for information protection reasons (see Retention and Use Period) before being destroyed.

2. The Company destroys personal information for which a reason for destruction has occurred, following an approval process by the Chief Privacy Officer.

Article 12 (Method of Personal Information Destruction)

The Company deletes personal information stored in electronic file format using a technical method that makes the records irreproducible. Personal information printed on paper is shredded with a shredder or destroyed by incineration.

Article 13 (Measures for Sending Advertisements)

1. The Company obtains explicit prior consent from the user before sending commercial advertising information via electronic transmission media. However, prior consent is not required in the following cases:
   a. When the Company, having directly collected the recipient's contact information through a transaction of goods or services, intends to send commercial advertising information about the same type of goods or services that the recipient has previously transacted, within six months from the end of the transaction.
   b. When a telemarketer under the 「Act on Door-to-Door Sales, etc.」 verbally informs the recipient of the source of their collected personal information and makes a telemarketing call.

2. Notwithstanding the preceding paragraph, if the recipient expresses an intention to refuse reception or withdraws prior consent, the Company will not send commercial advertising information and will inform the recipient of the result of processing their refusal or withdrawal of consent.

3. When sending commercial advertising information via electronic transmission media between 9:00 PM and 8:00 AM the next day, the Company will obtain separate prior consent from the recipient, notwithstanding Paragraph 1.

4. When sending commercial advertising information via electronic transmission media, the Company will clearly state the following:
   a. Company name and contact information
   b. Information on how to express refusal or withdrawal of consent

5. The Company shall not take any of the following measures when sending commercial advertising information via electronic transmission media:
   a. Measures to evade or interfere with the recipient's refusal or withdrawal of consent.
   b. Measures to automatically generate a recipient's contact information, such as a telephone number or email address, by combining numbers, symbols, or characters.
   c. Measures to automatically register telephone numbers or email addresses for the purpose of sending commercial advertising information.
   d. Any measures to conceal the sender's identity or the source of the advertisement.
   e. Any measures to induce a response from the recipient by deceit for the purpose of sending commercial advertising information.

Article 14 (Inquiry and Withdrawal of Consent for Personal Information)

1. The user and their legal representative may at any time inquire about or modify their registered personal information and may request the withdrawal of consent for the collection of personal information.

2. To withdraw consent for the collection of their registration information, the user or their legal representative should contact the Chief Privacy Officer or the person in charge in writing, by phone, or by email, and the Company will take action without delay.

Article 15 (Changing Personal Information, etc.)

1. The user may request the correction of errors in their personal information through the methods described in the preceding article.

2. In the case of the preceding paragraph, the Company will not use or provide the personal information until the correction is complete. If incorrect personal information has already been provided to a third party, the result of the correction will be notified to the third party without delay so that the correction can be made.

Article 16 (User's Obligations)

1. The user must keep their personal information up to date, and the user is responsible for any problems arising from inaccurate information they have entered.

2. Registering for membership by stealing another person's personal information may result in the loss of user qualifications or punishment under relevant privacy laws.

3. The user is responsible for maintaining the security of their email address, password, etc., and may not transfer or lend them to a third party.

Article 17 (Company's Management of Personal Information)

When processing a user's personal information, the Company implements necessary technical and managerial safeguards to ensure safety and prevent loss, theft, leakage, alteration, or damage.

Article 18 (Handling of Deleted Information)

Personal information that has been terminated or deleted at the request of the user or their legal representative is processed as specified in the "Retention and Use Period of Personal Information" collected by the Company and is handled in a way that prevents it from being accessed or used for any other purpose.

Article 19 (Password Encryption)

The user's password is encrypted one-way for storage and management, and the verification and changing of personal information can only be done by the user who knows the password.

Article 20 (Countermeasures for Hacking, etc.)

1. The Company does its best to prevent the leakage or damage of users' personal information due to hacking, computer viruses, or other network intrusions.

2. The Company uses the latest antivirus programs to prevent the leakage or damage of users' personal information or data.

3. The Company uses an intrusion prevention system to ensure security in case of an emergency.

4. The Company ensures the secure transmission of personal information on the network through encrypted communication, etc., (if it collects and holds sensitive personal information).

Article 21 (Minimization and Training of Staff)

The Company limits the number of employees who handle personal information to a minimum and emphasizes compliance with laws and internal policies through measures such as training for data handlers.

Article 22 (Actions in Case of a Personal Information Breach)

When the Company becomes aware of the loss, theft, or leakage (hereinafter "breach, etc.") of personal information, it will promptly notify the affected user of all of the following items and report to the Korea Communications Commission or the Korea Internet & Security Agency.

1. The items of personal information that were breached.

2. The time the breach occurred.

3. Actions the user can take.

4. The response measures taken by the information and communication service provider.

5. The department and contact information where the user can file for counseling, etc.

Article 23 (Exceptions to Data Breach Notification)

Notwithstanding the preceding article, if there is a justifiable reason, such as not knowing the user's contact information, the Company may take measures to substitute the notification of the preceding article by posting it on its website for 30 days or more.

Article 24 (Protection of Personal Information Transferred Abroad)

1. The Company shall not enter into international agreements that violate relevant laws, including the Personal Information Protection Act, regarding the user's personal information.

2. The Company must obtain the user's consent to provide (including cases where it is accessed), entrust the processing of, or store (hereinafter "transfer") the user's personal information abroad. However, if all the items in Paragraph 3 of this Article are disclosed in accordance with relevant laws, such as the Personal Information Protection Act, or notified to the user by a method prescribed by Presidential Decree, such as email, the consent procedure for entrusting or storing personal information may be omitted.

3. To obtain consent under the main text of Paragraph 2 of this Article, the Company must notify the user in advance of all of the following items:
   a. The items of personal information being transferred.
   b. The country to which the personal information is being transferred, the date, time, and method of transfer.
   c. The name of the person receiving the personal information (in the case of a corporation, its name and the contact information of its information manager).
   d. The purpose of use and the retention/use period of the personal information by the recipient.

4. When transferring personal information abroad with the user's consent under the main text of Paragraph 2 of this Article, the Company shall take protective measures as prescribed by relevant laws, such as the Presidential Decree of the Personal Information Protection Act.

Article 25 (Installation, Operation, and Refusal of Automatic Collection Devices for Personal Information)

1. The Company uses 'cookies,' which are automatic personal information collection devices that save user information and are loaded on-demand, to provide personalized and customized services. A cookie is a small piece of information that the server (http) used to run the website sends to the user's web browser (including PC and mobile) and may be stored on the user's storage device.

2. The user has the option to control the installation of cookies. Therefore, the user can set options in their web browser to allow all cookies, to confirm each time a cookie is saved, or to refuse to save all cookies.

3. However, if you refuse to store cookies, you may experience difficulties in using some of the Company's services that require login.

Article 26 (How to Specify Cookie Settings)

You can configure cookie settings, such as allowing or blocking cookies, through your web browser's options.

1. Edge: Settings menu in the upper right corner of the web browser > Cookies and site permissions > Manage and delete cookies and site data.

2. Chrome: Settings menu in the upper right corner of the web browser > Privacy and security > Cookies and other site data.

3. Whale: Settings menu in the upper right corner of the web browser > Privacy > Cookies and other site data.

Article 27 (Designation of Chief Privacy Officer)

1. The Company has designated the relevant department and a Chief Privacy Officer as follows to protect users' personal information and handle related complaints.
   a. Chief Privacy Officer
   1) Name: Kang Dong-hyun
   2) Position: CEO
   3) Phone Number: 010-9533-7464
   4) Email: kang3171611@naver.com

Article 28 (Remedies for Infringement of Rights)

1. The data subject may apply for dispute resolution or counseling with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, etc., to seek relief from personal information infringement. For other reports and counseling on personal information infringement, please contact the institutions below.
   a. Personal Information Dispute Mediation Committee: (No area code) 1833-6972 (www.kopico.go.kr)
   b. Personal Information Infringement Report Center: (No area code) 118 (privacy.kisa.or.kr)
   c. Supreme Prosecutors' Office: (No area code) 1301 (www.spo.go.kr)
   d. National Police Agency: (No area code) 182 (ecrm.cyber.go.kr)

2. The Company strives to guarantee the data subject's right to self-determination of their personal information and to provide counseling and relief for damages caused by personal information infringement. If you need to file a report or request counseling, please contact the department in charge mentioned in Paragraph 1.

3. A person whose rights or interests have been infringed by a disposition or omission of the head of a public institution regarding a request under Article 35 (Access to Personal Information), Article 36 (Correction or Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may file an administrative appeal as prescribed by the Administrative Appeals Act.
   a. Central Administrative Appeals Commission: (No area code) 110 (www.simpan.go.kr)

Addendum

Article 1: This policy shall become effective on September 8, 2025.