The STING Foundation (hereinafter referred to as the "Company") values the privacy of users and is committed to protecting the privacy provided to the company to use the company's services (digital asset transaction services). Therefore, the company complies with laws related to personal information protection, such as the Act on the Promotion of Information and Communication Network Use and Information Protection, etc. and the Personal Information Protection Act.
The company discloses this personal information processing policy on the first screen of the website so that users can easily check it at any time.
This personal information processing policy may be changed in accordance with the relevant statutes and the company's internal policies, and the amendment can be easily confirmed through version management.
The personal information items collected by the company are as follows.
- 1. Personal information items collected when necessary, such as membership registration and digital asset transactions, etc.
- 2. Personal information items collected in accordance with the Act on the Provision of Goods or Services
- 3. Information collected automatically during service use
- 3. Information collected automatically during service use
- 1) Collection through the website, mobile app, KakaoTalk consultation, telephone, etc.
- 2) Collection from other services with consent from third parties
- 3) Collection through an automatic collection device
- 1. Manage user information
- - Identification of users, management of user information, and delivery of various notices;
- - Consultation with users, handling complaints, and compensation for customer damage
- - Process withdrawal through non-face-to-face authentication, initialization of mobile phone number and withdrawal account, etc.
- 2. Service delivery
- - Confirmation of security and digital asset transaction relationships
- - Matters concerning the overall management of services, such as the establishment, maintenance, and termination of digital asset transaction relationships, etc.
- 3. Event Information Guide
- - Providing various events and advertising information
- - Providing new and customized services, etc.
-
① The company shall process personal information within the period of retention and use of personal information under Acts and subordinate statutes or the period of retention and use of personal information agreed upon when collecting personal information from users.
② The period of retention and use of each personal information is as follows.
- 1. Personal Information Retention and Use Period for Digital Asset Transaction Services
- 2. Preservation of goods or services under the law of Goods or Services
- 1. Trustee for personal information processing (domestic)
- 2. Personal information processing trustee (overseas)
- ① The user may exercise his/her right to the company at any time, such as requesting perusal, correction, deletion, suspension of processing, etc. of personal information.
- However, the exercise of rights may be restricted, such as the user's request for perusal, correction, deletion, and suspension of personal information, as prescribed by related statutes, such as Articles 35(4), 36(1) and 37(2) of the Personal Information Protection Act.
- ② The exercise of users' rights may be made in writing, e-mail, FAX, etc. pursuant to Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the company will take measures without delay.
- ③ The exercise of rights under paragraph (1) may be conducted through an agent, such as a legal representative of the user or a delegated person. In such cases, a power of attorney under attached Form 11 of the Enforcement Rules of the Personal Information Protection Act shall be submitted.
- ④ When requesting the correction or deletion of personal information, if the personal information is specified as a target for collection in other statutes, it shall not be requested to be deleted.
- ⑤ The company verifies whether the person who made the request for perusal, correction or deletion, and suspension of processing according to the user's right to use is himself/herself or a legitimate agent.
- ① When personal information becomes unnecessary, such as the lapse of the personal information retention period and the achievement of the processing purpose, the company shall destroy the personal information without delay.
- ② If personal information is to be preserved in accordance with Acts and subordinate statutes even after the period of retention of personal information agreed by users or the purpose of processing has been achieved, the relevant personal information shall be moved to a separate database (DB) or stored in a differently.
1. Items stored separately: name, mobile phone number, email, date of birth, gender, identification information (CI, DI), account information
- ③ The methods for destroying personal information are as follows.
-
1. Permanently delete personal information stored in electronic file format so that records cannot be played
2. Personal information recorded and stored in paper documents is shredded or incinerated with a grinder.
- 1. Establishing an internal management plan
- The company establishes and implements an internal management plan for the safe management of personal information processed by the company.
- 2. Encrypt user's personal information
- The company stores and manages personal information such as the user's password and bank account number by encrypting them with a secure password algorithm.
- 3. Measures to prepare for hacking, etc.
- The company is doing its best to prevent users' personal information from being leaked or damaged by hacking or computer viruses. We frequently back up data in case of damage to personal information, prevent users' personal information or data from being leaked or damaged using the latest vaccine program, and secure transmission of personal information on the network through crypto communication.
- 4. Minimization and education of personal information handler
- The company limits personal information handlers to the minimum necessary for performing their duties, and recognizes the importance of personal information protection through management measures such as education for personal information handlers.
- 1. Purpose of use of cookies
- We store user's preference settings, etc. through cookies to support a faster web environment for users, and use it to improve services for convenient use. This makes it easier for users to use the service.
- 2. Installation, operation, and rejection of cookies
- You have the option of installing cookies, and you can refuse or delete them at any time.
- 3. How to reject cookie settings
- You have the option of installing cookies, and you can refuse or delete them at any time.
-
- Internet Explorer: Select Tools Menu > Select Internet Options > Click the Privacy tab > Advanced Privacy Settings > Cookie Level Settings
- Chrome : Select Settings Menu > Select Display Advanced Settings > Privacy and Security > Select Content Settings > Set Cookie Level
- Safari : Select Configuration Menu > Select Privacy Tab > Set Cookie and Website Data Level
- ▶ Responsible for personal information protection
- Name
- ▶ Personal Information Infringement Report Center (Operated by the Korea Internet Agency)
- - Home page: privacy.kisa.or.kr
- - Phone: (without country code) 118
- ▶ Personal Information Dispute Mediation Committee
- - Home page: www.kopico.go.kr
- - Phone: (without country code) 1833-6972
- ▶ Cyber crime investigation team of the Supreme Prosecutors' Office
- - Home page: www.spo.go.kr
- - Phone: (without country code) 1301
- ▶ Cyber Safety Bureau of the National Police Agency
- - Home page: cyberbureau.police.go.kr
- - Phone: (without country code) 182
| Sortation | point of collection | Collection Items |
|---|---|---|
| join membership | STING join membership | Whether to receive Kakao account (email) or Apple account (email), STING nickname, and event information (optional) |
| Level 1 Email Authentication | ||
| Digital Asset Transactions | Level 2 Mobile Phone Identification | Name, mobile number, date of birth, gender, domestic/foreign information, subscribed carrier, identification information (CI, DI) |
| Sortation | point of collection | Collection Items |
|---|---|---|
| Event | Payment of utility bills | a copy of one's identification card |
| financial fraud | Unstopped Transaction | Name, date of birth, gender, account information, damage deposit and withdrawal transaction details |
| Cash Receipt Issuance | Register cash receipt information | Mobile phone number, business number |
| Sortation | point of collection | Collection Items |
|---|---|---|
| Automatically generated items during service access | Using the STING service | Device information (OS, model name, carrier, device identification number, language information), IP address, service usage record, cookie |
The company processes the user's personal information for the following purposes. The personal information being processed shall not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures, such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act, will be implemented.
| Sortation | Reason for possession |
|---|---|
| join membership | Managing members, consulting with users, and handling civil petitions (if there is no financial history of transactions); |
| Digital Asset Transactions | Identification of identity according to the use of services provided by the company, management of information on payment and withdrawal processing in digital asset transactions, and determination of transaction relationships; |
| Additional authentication | Process withdrawal of members, initialization of mobile phone number and withdrawal account, and verification of deposit fact. |
Provided, That if an investigation or investigation is under way due to a violation of relevant statutes, it shall be retained and used until the completion of the relevant investigation or investigation.
| Sortation | Related Laws |
|---|---|
| Records of withdrawal of contracts or subscriptions, etc. | The Consumer Protection Act in E-commerce, etc. |
| Records of payment and supply of goods, etc. | |
| Records of consumer complaints or disputes | |
| Records of marking and advertising | |
| Records of compensation and misappropriation. | |
| Login History | Communication Secret Protection Act |
| Record of payment of utility bills | Framework Act on National Taxes |
| Customer verification records to raise withdrawal limits | Specific Financial Information Act |
③ The period of retention and use of personal information is from signing a service use contract (member registration) to termination of a service use contract (withdrawal application). Except as otherwise provided for in other Acts and subordinate statutes or at the request of users, the company shall destroy the personal information of users who are not reused for the period defined in Acts (one year) or store and manage it separately from the personal information of other users. Provided, That the fact that personal information is destroyed or stored separately and managed by 30 days prior to the expiration of the period, and the items of the relevant personal information shall be notified to the user by e-mail, writing, FAX, telephone, or similar means.
① The company shall process the user's personal information only to the extent specified in Article 2 (Purpose of Processing Personal Information), and shall provide personal information to third parties only if it falls under Articles 17 and 18 of the Personal Information Protection Act.
| Service Name | Offered by | Purpose of delivery | Third Party Offerings | Period of use |
|---|---|---|---|---|
| Real name verification account service | K-Bank | Prevention of money laundering (provided upon request of data) | Name, date of birth, account information, transaction details | Until withdrawal of membership or termination of partnership agreements. |
① The company entrusts the personal information to external companies to perform some of the necessary tasks in providing services. And we manage and supervise the entrusted company not to violate the relevant laws.
② The following companies are entrusted with the processing of personal information.
| Trustee | Consignment Purpose | Personal Information Period |
|---|---|---|
| KT Co., Ltd. | Kakao Notification Tok Sending Agency | Until withdrawal of membership or termination of consignment contract. |
| KT Co., Ltd. | SMS Shipping Service | |
| KT Co., Ltd. | Staking Service |
| Trustee | Consignment Purpose | Entrusted Items | Country of Consignment | Date of Consignment, Method | Period of use |
|---|---|---|---|---|---|
| Twilio Inc. | Send an Informed Mail | the United States | When email is sent, transferred over the network when using the service | 30 Days After Email Sent |
In order to ensure safety so that personal information is not lost, stolen, leaked, tampered with, or damaged while processing the personal information of users, the company shall:
① The company uses 'cookie' to store user information and bring it in frequently to provide convenience to users.
② Cookies are small amounts of information that a website sends to a customer's computer browser (such as Internet Explorer).
① In order to protect users' personal information and handle complaints related to personal information, the company designates the relevant departments and persons in charge of personal information protection as follows:
② All complaints related to personal information protection arising from the user's use of the company's services can be inquired to the person in charge of personal information protection and the department in charge. The company will answer and deal with the user's inquiries.
You can contact the following institutions if you need damage relief or counseling for privacy violations.
The company can provide users with links to other external sites. In this case, the company has no control over the external site, so it cannot guarantee the usefulness, integrity, and legality of services or data received from the external site, and the privacy policy of the linked external site is irrelevant to the company.
If there is any addition, deletion, or revision of the contents of the current privacy policy, we will notify you at least seven days before the revision through "Notice". However, if there is an important change in user rights, such as the collection and utilization of personal information and the provision of third parties, it will be notified at least 30 days in advance.
This personal information processing policy V2.9 will take effect from October 13, 2020. You can check the previous privacy policy below.