サポート
利用規約とポリシー
プライバシーポリシー
hereinafter referred to as the "Company") establishes and discloses the Privacy Policy as follows in order to protect the personal information of the information subject in accordance with Article 30 of the Personal Information Protection Act and to promptly and smoothly handle any grievances related thereto.
Article 1 (Purpose of Personal Information Processing)
Company processes personal information for the following purposes. The personal information processed will not be used for any purpose other than the following purposes, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. Membership and management
Personal information is processed for the purpose of confirming the intention to become a member, identifying and authenticating the person in accordance with the provision of membership services, providing a better service use experience such as account recommendations, maintaining membership, preventing unauthorized use of the service, and handling various notices and grievances.
2. Provision of Services
Processes personal information for the purpose of providing services, providing content, providing customized services, payment and settlement of fees, etc.
3. Grievance handling
Personal information is processed for the purpose of identifying the identity of the complainant, contacting the complainant to investigate the facts of the complaint, and notifying the result of the handling of the complaint.
4. Use for marketing and advertising
processes personal information for the purpose of developing new services (products) and providing customized services, providing services and displaying advertisements according to demographic characteristics, verifying the validity of services, identifying the frequency of access or statistics on members' use of services, etc.
Article 2 (Items and Methods of Collecting Personal Information)
The Company processes the following personal information items.
1. Registration
- Required: Email, password, SNS membership information, duplicate registration confirmation information (DI)
- Purpose of use: User identification, delivery of announcements, service use and consultation (Information automatically generated in the process of service use or business processing) Service use records, access logs, cookies, access IP information, device information, bad use records
2. Collection method
1) When the user enters the information directly at the time of membership registration on the homepage/identity verification
2) When the user agrees to the collection of personal information and enters the information directly at events, sweepstakes applications, surveys, seminars, etc.
3) In the process of consultation through the customer center, the user's personal information may be collected after prior consent through webpage, email, fax, telephone, etc.
3. The Company does not collect sensitive information that may infringe on the precious human rights of users in any case, and if it is unavoidably collected in accordance with the obligations stipulated by laws and regulations, the Company will always obtain prior consent from users. The Company collects users' personal information in the following ways: by having users enter it directly when registering for membership, by automatically collecting it in the process of providing various services, by email, telephone, etc.
Article 3 (Retention and Use Period of Personal Information)
1. until the user's request for withdrawal or withdrawal of consent to the collection and use of personal information. However, the Company shall retain and destroy personal information for 5 years from the time of collection, notwithstanding the user's request for withdrawal or withdrawal of consent to the collection and use of personal information, if there is a record of the member's illegal use or suspected illegal use in accordance with the Company's terms and conditions.
2. Notwithstanding the Company's Privacy Policy, information required to be kept by the following relevant laws and regulations shall be kept for the period prescribed by the laws and regulations.
1) Personal information related to service use (login records)
- Retention basis: 「Protection of Communications Secrets Act」
- Retention period: 3 months
2) Records on display/advertising
- Retention basis: 「Act on Consumer Protection in Electronic Commerce, etc.
- Retention period: 6 months
3) Records on consumer complaints or dispute handling
- Retention basis: 「Act on Consumer Protection in Electronic Commerce, etc.
- Retention period: 3 years
Article 4 (Provision of Personal Information to Third Parties)
The Company processes the personal information of the information subject only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, including the consent of the information subject and special provisions of the law.
The Company does not provide personal information to third parties without the prior consent of the user. However, to the extent necessary for the user to use the following services, the Company provides personal information to third parties after obtaining the user's consent. In other words, users who do not use the following services do not provide personal information.
[Bloomingbit Service]
- Recipient: Sendgrid
- Purpose of provision: Sending email
- Items of personal information provided: Email address
- Period of retention and use of personal information by the recipient: Until withdrawal from membership or termination of service
- Recipient: Google
- Purpose of provision: Google Analytics, error information collection, app push
- Items of personal information provided: Device token, device information, IP information, user ID
- Period of retention and use of personal information by the recipient: Until withdrawal from membership or termination of service
- Recipient: Amazon Web Services, Inc.
- Purpose of provision: Sending email
- Items of personal information provided: Email address
- Period of retention and use of personal information by the recipient: Until withdrawal from membership or termination of service
Period of retention and use of personal information by the recipient: Until withdrawal from membership or termination of service
Article 5 (International Transfer of Personal Information)
The Company may transfer personal information overseas or manage it overseas in order to provide services and improve user convenience as follows.
- Name and contact information of the transfer recipient: Amazon Web Service Inc, aws-korea-privacy@amazon.com
- Transferred countries: Japan, United States
- Transfer date and method: Transfer via network at the time of service use
- Transferred personal information items: Items collected in the Privacy Policy
- Transferred recipient's purpose of use: Email transmission, operation and management of cloud servers containing personal information during the personal information storage period
- Transferred recipient's retention and use period: Until withdrawal of membership or termination of consignment contract
- Transferred recipient's name and contact information: Google, googlekrsupport@google.com
- Transferred countries: United States
- Transfer date and method: Transfer via network at the time of service use
- Transferred personal information items: Device token, device information, IP information, user ID
- Purpose of use: Google Analytics, error information collection, app push
- Period of retention and use: Until withdrawal from membership or termination of consignment contract
- Name and contact information of the recipient: Sendgrid, privacy@twilio.com
- Country of transfer: United States
- Time and method of transfer: Transmission through the network at the time of service use
- Items of personal information transferred: Email address
- Purpose of use: Email transmission
- Period of retention and use: Until withdrawal from membership or termination of consignment contract
Article 6 (Rights, Obligations, and Methods of Exercise of Information Subjects and Legal Representatives)
1. The information subject may exercise the right to view, correct, delete, or request suspension of processing of personal information at any time against the Company.
2. The exercise of the rights under Paragraph 1 may be made in writing, e-mail, facsimile transmission (FAX), etc. to the Company in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
3. The exercise of the rights under Paragraph 1 may be made through an agent, such as the legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in the form of Appendix No. 11 to the Enforcement Rules of the Personal Information Protection Act.
4. Requests for access to personal information and suspension of processing may limit the rights of the information subject pursuant to Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act.
5. A request for the correction and deletion of personal information cannot be made if the personal information is specified as the subject of collection under other laws.
6. The Company shall verify whether the person making the request is the information subject or his/her authorized representative when making a request for access, correction or deletion, or suspension of processing in accordance with the rights of the information subject.
Article 7 (Procedures and Methods of Disposal of Personal Information)
In principle, the Company destroys personal information as soon as the purpose of collecting and using the user's personal information is fulfilled. The procedures, deadlines, and methods for destroying personal information are as follows. However, if the Company has received separate consent from the user to keep personal information or if there is a preservation obligation under relevant laws and regulations, the Company will keep the personal information securely for the period specified by the consent or laws and regulations.
1. Destruction Procedure
Personal information provided by users is stored in a separate database (DB) or paper documents for a certain period of time after the purpose of collection is fulfilled and then destroyed in accordance with internal policies and relevant laws and regulations. Personal information stored in a separate DB will not be utilized for any other purpose except as required by law.
2. Destruction Method
1) Personal information in electronic form is permanently deleted using technical methods that cannot be recovered, and personal information printed in paper form is completely destroyed by shredding or incineration.
2) If the Company receives separate consent from the user regarding the period of personal information retention, the Company may retain the personal information for up to five years from the date of termination of the use contract for the purpose of preventing abuse of rights that may occur in the event of withdrawal or expulsion, preventing fraudulent use, responding to legal disputes, and cooperating in investigations.
Article 8 (Consignment of Personal Information Processing)
1. The Company consigns the processing of personal information as follows to improve its services, and stipulates the necessary matters to ensure that personal information is managed safely in the consignment contract in accordance with relevant laws and regulations. The Company's entrusted personal information processing organizations and entrusted tasks are as follows.
- Consignee (Trustee): Amazon Web Service Inc.
- Details of consignment: Operation and management of cloud servers containing personal information during the period of personal information storage
2. When entering into a consignment contract, the Company specifies in documents such as contracts the prohibition of processing personal information other than for the purpose of performing consignment work, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and responsibilities such as compensation for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the consignee processes personal information safely.
3. If the content of the consignment or the consignee changes, we will disclose it through this Privacy Policy without delay.
Article 9 (Installation/Operation and Refusal of Automatic Personal Information Collection Devices)
1. Use of Cookies
In order to provide services optimized for the user's website usage experience, the Company uses cookies, which are small data files, to store and subsequently recycle user information. Cookies are text files that are delivered to the user's web browser by the service operation server and are recorded on the user's terminal device (PC, smartphone, tablet, etc.) that can set cookies. When the user subsequently visits the same website again, the stored cookie is used to restore preferences or provide personalized content. Cookies do not contain information that directly identifies you personally, and you can block the storage of cookies or delete existing cookies at any time.
2. Purpose of using cookies
Uses cookies to understand the following information to provide you with personalized content and advertising: Information necessary for the operation of the website, such as the user's history of accessing and using the service, access method, security status, news screen configuration information, and number of visitors.
3. How to set and refuse cookies
Allows you to set your own preferences for receiving cookies. You can set your browser settings to accept all cookies, require confirmation when a cookie is being stored, or refuse to accept cookies altogether. However, some of our services may not function properly if cookies are disabled.
Example settings
- Microsoft Edge: Microsoft Edge: [top right dot menu] → [Settings] → [Cookies and site permissions] → [Manage and delete cookies and site data]
- Google Chrome: [Settings] → [Advanced] → [Privacy and security] → [Site settings] → [Cookies]
4. Analyzing logs using Google Analytics
The Company uses the Google Analytics tool to analyze the flow of website usage, and in doing so, performs aggregate analysis based on anonymous, non-personally identifiable data. You can refuse the collection of logs by using a browser extension to block the collection of Google Analytics or by changing your cookie settings.
5. Information collected when using the app
When using the app-based services, the following information may be collected to provide more reliable functionality: Google Advertising ID, Android ID (for Android OS), device model name, operating system version, device unique identifier, etc. If you do not wish to have advertising identifier information collected, you can disable its collection via the following paths
- Android: [Settings > Google > Ads] or [Settings > General > Account Sync > Google > Privacy > Ads Settings]
- iOS: [Settings > Privacy > Ads]
Article 10 (Measures to Ensure Safety to Protect Personal Information)
The Company takes your personal information very seriously and takes the following safety measures to protect it.
1. Personal information encryption measures
The Company uses secure encrypted communication when transmitting personal information, and important items of personal information are stored in encrypted form.
2. Measures to prevent hacking and malware
The Company has installed a security program to prevent leakage or damage of users' personal information from external intrusion such as hacking or malware, and periodically checks and updates it. In addition, the Company operates an intrusion prevention and intrusion detection system by installing a system in a place where external access is strictly controlled, and continuously monitors and manages it 24 hours a day.
3. Personal information access control and management
The Company minimizes the possibility of personal information leakage by limiting the number of employees who process personal information to the required number of employees, and establishes clear standards for granting, changing, and revoking personal information access rights and strictly manages them. In addition, the Company regularly checks personal information access records.
4. Employee training on personal information protection
The Company conducts regular and systematic training on the importance of personal information protection, related laws and regulations, and security technologies for all employees and staff to continuously raise the level of personal information management.
5. Storage and protection of personal information access records
The Company safely stores and manages personal information processing system access records and operates security devices to prevent unauthorized access, alteration, and theft.
6. Guidance on password management by users
To protect personal information, users themselves must thoroughly manage their IDs and passwords, and must be careful to change them regularly so that they are not exposed to others. In particular, please be aware of the possibility of information leakage in public places such as public PCs.
Article 11 (Personal Information Management Officer and Person in Charge)
The Company has designated the following personal information protection officer and person in charge to manage the collected personal information of members and requests for access, and will respond promptly and sincerely to inquiries related to personal information.
- Person in charge: Sanha Kim
- Position : CEO
- Email : help@bloomingbit.io
In addition, if your personal information has been infringed and you need to report or consult about it, you can contact the following organizations for help.
- Personal Information Infringement Report Center(privacy.kisa.or.kr)- (without area code) 118
- Personal Information Dispute Mediation Committee(https://www.kopico.go.kr) - 1833-6972
- Supreme Prosecutors' Office Cyber Investigation Division(http://www.spo.go.kr )- (without area code) 1301
- National Police Agency Cyber Investigation(http://ecrm.cyber.go.kr) - (without area code) 182
Article 12 (Obligation to Notify Changes)
1. Details of this Privacy Policy and other personal information protection policies are disclosed at the bottom of the first page of the BloomingBit homepage operated by the Company so that members can easily view them at all times. The contents of this Privacy Policy may change from time to time, so please check it every time you visit the homepage.
2. If this Privacy Policy is further deleted or modified due to changes in relevant laws and policies or security technology, we will notify the reason and content of the change through the BloomingBit homepage at least 7 days before the revision.
3. This Privacy Policy is applied as follows.
Date of Announcement: March 25, 2025
Effective Date: March 25, 2025
Privacy Policy Addendum
<1> Lawful Processing of Personal Information under the GDPR
The Company shall lawfully process your personal information only if any of the following applies.
• You have consented to the processing of your personal data
• Processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into the contract
- Member management, identification, etc. - Performance of a contract for the provision of services to you, payment and settlement of charges
• Compliance with a legal obligation to which we are subject
- Compliance with applicable laws, regulations, legal procedures and governmental requests - Protection of the vital interests of you or another natural person
- Fraud that may harm you or another natural person, detecting, preventing and responding to fraud, abuse, security risks and technical issues that may harm you or other natural persons
• Processing is necessary for the performance of a task of public interest or for the exercise of a public authority vested in us
• Processing is necessary for the purposes of a legitimate interest pursued by us or a third party (but not where such interest is overridden by your interests or fundamental rights and freedoms which require the protection of your personal data, in particular where you are a child).
<2> Your Rights under the GDPR
As a data subject, you or your legal representative may exercise the following rights with respect to our collection, use, and sharing of your personal information
• Right of access to personal information
- You or your legal representative may access your information and request confirmation of the collection, use, and sharing of your information in accordance with applicable law.
• Right to rectification of personal information - You or your legal representative may request that we correct inaccurate or incomplete information.
• Right to erasure of personal information
- You or your legal representative may request that we erase your information when the purpose has been achieved, consent has been withdrawn, etc.
• Right to restriction of processing of personal data
- You or your legal representative may request the restriction of processing of personal data if there is a dispute about the accuracy of the data, the lawfulness of the processing, or if it is necessary to preserve the data.
• Right to data portability
- You or your legal representative may request the provision or transfer of your data.
• Right to object
- You or your legal representative may request the cessation of processing for direct marketing, processing based on legitimate interests or the exercise of official duties and functions, and processing for research and statistical purposes.
• Right to object to automated individual decision-making, including profiling
- You or your legal representative can demand the suspension of automated data processing, including profiling, which has legal effects or significantly affects you.
To do so, you can use the 'Edit your personal data' menu on the webpage or contact us (or our data controller or representative) in writing, by phone or by e-mail, and we will act without delay. However, we may only refuse such a request if there is a legitimate reason or equivalent reason specified by law.
The original version of these Terms is written in Korean, so if there is any difference between the original Korean version and the English translation, the original Korean version shall take precedence.