Privacy Policy

Last Updated: October 25, 2019
This Privacy Policy describes how goorm, Inc. collects, uses and discloses information, and what choices you have with respect to the information.
A. Applicability of this Privacy Policy
The company processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following purposes, and if the purpose of use is changed, we will take necessary measures such as obtaining separate consent in accordance with Article 18 of the "ACT ON PERSONAL INFORMATION PROTECTION".
  1. Membership and management of services, confirmation of membership intent, identification and certification of membership service provision, maintenance and management of membership, identification of identity by enforcement of limited identity verification system, prevention of fraudulent use of service, notice and notification, and grievance handling We process personal information for the purpose.
  2. We process personal information for the purpose of delivering goods or services, delivering goods, providing services, sending bills, providing content, providing personalized services, verifying your identity, and paying your bills.
  3. Grievance processing We process personal information for the purpose of verifying the identity of the grievance person, confirming the complaint, contacting and notifying the fact investigation, and reporting the processing result.
  4. Marketing and Advertising, New service development and customized service provision, event and advertising information provision and participation opportunity provision, service provision and advertisement based on statistical characteristics, service validation, identification of access frequency or statistics on member's service use, etc. We process personal information for the purpose.
B. Information We Collect And Receive
We collect the minimum personal information necessary to provide the following services through the homepage at the time of membership registration or service use process.

<goorm Service General Account>
  • Required fields: email, username (nickname), profile picture
  • Optional fields: phone number, school / work information, student number, department, school email, copy of student ID
<goorm Service Lecturer Account>
  • Required fields: email, username (nickname), profile picture, phone number
  • Optional fields: school / work information, student number, department, school email, copy of student ID
<goorm Service Enterprise Account>
  • Required fields: email, username (nickname), profile picture, company information, phone number
<Data collected during service use>
  • Service usage record, access log, access IP, cookie, illegal use record, electronic device information
C. Data Retention
The Company processes and retains personal information within the period of retention and use of personal information pursuant to the law or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject. However, the company holds personal information for a certain period of time when there are the following reasons.
Preservation InformationRetention Act BasisRetention Period
Record of Contract or WithdrawalACT ON CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC5 years
Record of Payment or Supply of Goods, etc.ACT ON CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC5 years
Record of Consumer Complaint or Dispute HandlingACT ON CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC3 years
Record of Service UsageACT ON COMMUNICATION SECRET PROTECTION3 months
D. Your Rights
  1. You can request the following privacy rights at any time with respect to the company.
    • Personal information view request
    • Request correction if the personal information is incorrect
    • Personal information removal request
    • Request to stop processing personal information
  2. The exercise of rights under Paragraph 1 can be done in writing, by telephone, by e-mail, or by FAX. The company will take action without delay.
  3. If you request the correction or deletion of personal information errors, the company will not use or provide the personal information until the correction or deletion is completed.
  4. The exercise of rights under "Paragraph 1. of D. Your Rights" can be done through the legal representative of the you or the representative. In this case, you must submit a power of attorney according to Form 11 of the Enforcement Regulations of the "ACT ON PERSONAL INFORMATION PROTECTION".
  5. The information subject shall not infringe on the personal information or privacy of the information subject or others handled by the company in violation of related laws such as the "ACT ON PERSONAL INFORMATION PROTECTION".
E. Data Destruction
  1. The Company will immediately destroy the personal information when the personal information becomes unnecessary, such as the elapse of the retention period of personal information and the purpose of processing.
  2. If the personal information retention period agreed to by the data subject has passed or the purpose of processing has been achieved, and the personal information must be kept according to other laws and regulations, the personal information should be transferred to a separate database or stored in a different place to preserve.
  3. The procedures and methods of personal data destruction are as follows.
    • Destruction Procedure : The Company selects personal information for which the reason for destruction occurs and destroys the personal information with the approval of the company's personal information protection officer.
    • Destruction Method : The Company destroys personal information recorded and stored in the form of an electronic file using Low Level Format, etc., and shreds or incinerates the personal information recorded and stored on paper documents to destroy.
F. How We Share And Disclose Information
The Company takes the following measures to ensure the safety of personal information.
  1. Administrative Actions: establishment and implementation of internal management plan, regular employee training, etc.
  2. Technical Actions: Access authority management of personal information processing system, access control system installation, encryption of unique identification information, security program installation
  3. Physical Actions: access control of computer room, data storage room, etc.
G. Security
  1. The company is responsible for the handling of personal information, and appoints the person(CPO, DPO) in charge of personal information protection as follows to deal with complaints and damages of information subjects related to the processing of personal information.
    • Manager: Hyeonhwa Kim
    • Department: Management Support Team
    • Contact: (call) 031-600-8586, (mail) hyeonhwa.kim@goorm.io
    • You will be directed to the Privacy Office.
  2. The you can contact the personal information protection officer and the department in charge for all personal information related inquiries, complaints, and remedy that occurred while using the company's services (or business). The company will respond promptly to the information subject's inquiries.
H. Changes To This Privacy Policy
We may revise our privacy policy, for example, to reflect changes in the law or services. If the privacy policy changes, the company will post the changes, and the changed privacy policy will take effect seven days after the posting. However, we will notify you at least 30 days in advance of any significant changes in your rights, such as changes in the personal information we collect and the purpose of use.
I. Privacy Regulations in Accordance with GDPR
The company complies with the General Data Protection Regulation of the European Union and the laws of each Member State. If you provide services to users in the European Union, the following may apply.
  • The company uses personal information collected from users only for purposes specified in "A. Applicability of this Privacy Policy", informs users prior to any use thereof and asks for agreement.In addition, the company may process personal information in accordance with applicable laws including GDPR in any of the following cases:
    1. Consent of the data subject
    2. Sign and fulfil a contract with the data subject
    3. legal compliance
    4. When personal information processing is necessary for the material benefit of the data subject
    5. For the pursuit of legitimate interests of the company (except for cases where the benefits, rights or freedom of the data subject is more important than that of the company.)
  • In accordance with applicable laws including GDPR, a user may request that his or her personal information be transferred to another manager, and refuse the processing of his or her information. In addition, a user has a right to file a complaint with data privacy protection authorities.
  • The company may also use personal information for marketing purposes such as event promotion or advertisements, for which the company obtains a prior agreement. A user may withdraw the agreement at any time if he or she doesn't want it. A user may inquire the foregoing matters to the Customer Service via document, phone or email. The request will be handled in a proper and timely manner.
  • When a user requests for the correction of personal information, the concerned information shall not be displayed until such correction is completed.