Privacy Policy
This agreement is in effect as of apr 27, 2020.


Introduction
BlockWork (hereinafter referred to as the 'Company') has the following processing policy to protect the privacy and rights of users and to handle the user's grievances related to personal information in accordance with the Personal Information Protection Act.
This privacy policy applies to all services on the company's website (http://www.block-work.net), and a separate privacy policy may apply to services provided on other websites.
When the company amends the personal information processing policy, it will notify through the website announcement (or individual notice).

1. Purpose of processing personal information
The company processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following, and prior consent will be obtained when the purpose of use is changed.

Homepage membership registration and management
We process personal information for the purpose of confirming the intention to join the membership, identifying and authenticating the member according to the provision of the membership service, maintaining and managing membership, preventing illegal use of the service, handling various notices / notifications, handling complaints, and maintaining records for dispute resolution.

Provision of goods or services
We process personal information for the purpose of service provision, content provision, personalized service provision, and payment and settlement.

Service user identification and member information change processing
Personal information is processed for the purpose of identity verification, occupancy verification, age verification, identification of identity, and identification of identification.

Marketing and Advertising
Development of new services (products) and provision of customized services, provision of event and advertisement information and participation opportunities, provision of services and advertisements according to demographic characteristics, validation of services, identification of access frequency, statistics of members' use of services, etc. For the purpose of processing personal information.

Providing data when requesting a legitimate and legitimate investigation according to investigation of hacking / fraud related accidents and fulfillment of other obligations

2. Processing and retention period of personal information
The company handles the following personal information items.

Personal information items
(Required) Email, mobile phone number, password, login ID, gender, date of birth, name, bank account information, address

(Information generated automatically during service use process or business process) Service use record, access log, cookie, access IP information, payment record

(In the case of personal identification) Copy of ID card, ID card stored in the form of video information when recording a video call, ID card photo taken when checking the authenticity of the ID card (masking process after the resident number) Passbook copy, money transfer confirmation

(When USIM is authenticated in the Android app) MCC (country code), MNC (network code), UICC ID (simulation ID), IMEI (terminal unique serial number), IMSI (network unique identification number)

(When verifying the authenticity of identification card) Copy of identification card, name, social security number, date of issue, license number, issuance code

How to collect: When registering as a member on the homepage / during the identity verification, the member provides it directly
Grounds for retention: Member's consent (when collecting personal information for children under 14 years of age, legal representative consent)
Retention period
Until you withdraw your request and withdraw your consent for personal information. However, the company keeps and destroys for 5 years from the time of collection despite the user's withdrawal request and withdrawal of personal information consent when there is a record of suspected misuse or misuse of the member according to the company's terms and conditions.

(When verifying the authenticity of the ID) After processing the identification authenticity, the above information is immediately destroyed.

Despite the company's personal information processing policy, the information that must be kept under the relevant laws and regulations are stored for a period determined by the law.

① Personal information related to service use (login record)
Grounds for Preservation: Communication Secrets Protection Act
Retention period: 3 months

② Records on display / advertising
Grounds for preservation: Act on Consumer Protection in Electronic Commerce, etc.
Retention period: 6 months

③ Records of contract or withdrawal of subscription
Grounds for preservation: Act on Consumer Protection in Electronic Commerce, etc.
Retention period: 5 years

④ Records on payment and supply of goods, etc.
Grounds for preservation: Act on Consumer Protection in Electronic Commerce, etc.
Retention period: 5 years

⑤ Records of consumer complaints or dispute handling
Grounds for preservation: Act on Consumer Protection in Electronic Commerce, etc.
Retention period: 3 years

⑥ Records of electronic financial transactions
Grounds for preservation: Electronic Financial Transactions Act
Retention period: 5 years

3. Personal information processing consignment
The company entrusts the following personal information processing tasks for smooth personal information processing. Members have the right to refuse to consent to the provision (provision) of personal information. However, if you refuse to consent, you may be restricted from using the service.

1) Recipient provided Korea Mobile Certification
Purpose To provide SMS authentication service to verify whether a mobile phone is owned or not
Do not store the retention period separately (personal authentication service company retention information)

2) Recipient Infobank
SMS sending service
Retention period Until membership withdrawal or termination of consignment contract

3) Recipient Settle Bank Co., Ltd.
Payment for payment without payment (virtual account)
Retention period Until membership withdrawal or termination of consignment contract

4) Recipients Korea Development Bank Co., Ltd.
Payment for payment without payment (virtual account)
Retention period Until membership withdrawal or termination of consignment contract

5) Recipients NH NH Bank
Payment for payment without payment (virtual account)
Retention period Until membership withdrawal or termination of consignment contract

6) Recipient The White Communication Co., Ltd.
Purpose of providing CS / agency service
Retention period Until membership withdrawal or termination of consignment contract

7) Recipients Cage Mobilians Co., Ltd.
Purpose To provide SMS authentication service to verify whether a mobile phone is owned or not
Do not store the retention period separately (personal authentication service company retention information)

8) Recipient Freshworks Inc.
Purpose of providing CS / operation solution
Retention period Until membership withdrawal or termination of consignment contract

9) Recipient Amazon Web Service Inc
Purpose Data storage
Retention period Until membership withdrawal or termination of consignment contract

10) Recipient Kakao Corporation
Purpose To send KakaoTalk notification talk
Retention period Until membership withdrawal or termination of consignment contract

11) Recipients SKT, KT, LGU +, virtual mobile communication network operators
Purpose Android app USIM certification
Do not store separately for the retention period (destruction is completed and destroyed without delay)

When the company provides personal information to the consigned company, the company manages and supervises the consigned company so as not to violate the privacy laws.
If the contents of the consignment service or the trustee are changed, we will disclose it through this personal information processing policy without delay.

4. Rights and obligations of the data subject and how to exercise them
As a personal information subject, users can exercise the following rights.
The data subject may exercise the following personal information protection rights at any time against the company.
① Request to read personal information
② If there is an error, request correction
③ Request for deletion
④ Request to stop processing

The exercise of rights pursuant to paragraph (1) may be made to the Company through written or e-mail in accordance with the Attached Form No. 8 of the Enforcement Rules of the Personal Information Protection Act, and the Company will take action without delay.
If the information subject requests correction or deletion of personal information errors, the company will not use or provide the personal information until the correction or deletion is completed.
The exercise of rights pursuant to paragraph (1) may be made through a legal representative of the data subject or an agent such as a person who has been delegated. In this case, you must submit a power of attorney in accordance with Appendix 11 of the Enforcement Rules of the Personal Information Protection Act.
You may refuse to consent to the collection and use of personal information, and if you refuse to consent, CoinWorlds face-to-face authentication is limited.

5. Destruction of personal information
In principle, when the purpose of processing personal information is achieved, the company destroys the personal information without delay. The procedure, deadline and method of destruction are as follows.
Destruction procedure: The information entered by the user is transferred to a separate DB after the purpose is achieved (separate documents in the case of paper) and stored for a certain period of time according to the internal policy and other related laws or immediately destroyed. At this time, personal information transferred to the DB will not be used for any other purpose unless required by law.
Destruction period: In the event that the retention period of personal information has elapsed, the user's personal information may have become unnecessary within 5 days from the end date of the retention period, such as the achievement of the purpose of processing personal information, the abolition of the service, the termination of the business, etc. In that case, the personal information is destroyed within 5 days from the date when it is deemed unnecessary.
Destruction method: Electronic file type information uses a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by shredding or incineration.

6. Safe protection and management of personal information
In accordance with Article 29 of the Personal Information Protection Act (obligation of safety measures) and Article 28 of the Information and Communication Network Act (protective measures of personal information), the company takes the necessary technical, administrative, and physical measures to ensure safety.
Technical measures against hacking
The company installs security programs, periodically updates and checks, and installs systems in areas where access is controlled from outside, and technically and physically monitors and blocks them to prevent leakage or damage of personal information caused by hacking or computer viruses. In addition, it is stored in a separate safe space to prevent forgery and tampering of access records.

Encryption of personal information
The user's personal information is encrypted and stored and managed, so only the user can know it, and important data uses separate security functions such as encrypting file and transmission data or using the file lock function.

Restrict access to personal information
We take necessary measures to control access to personal information through granting, changing, and canceling access rights to the database system that processes personal information. We control unauthorized access from the outside using an intrusion prevention system.

Using a lock for document security
We store documents containing personal information, auxiliary storage media, etc. in a safe place with a lock.

Access control for unauthorized persons
We have set up a separate physical storage location for personal information and established and operated access control procedures.

7. Personal information protection officer
The company is responsible for the handling of personal information, and has designated the person in charge of protection of personal information as follows to handle complaints and remedy of information subjects related to personal information processing.

Personal information protection officer
Name Cha KiSeok
Chief Operating Officer

Personal information protection officer
Name Cha KiSeok
Position general manager

Contact information for personal information protection
Email: coinbiz@block-work.net

The information subject can contact the person in charge of personal information protection for all inquiries, complaints, and remedies related to personal information protection that occurred while using the company's service (or business). The company will respond and process inquiries to information subjects without delay.
The user is responsible for maintaining the security of the ID and password related to the user's personal information. Since the company does not directly ask the user in any way about the password, please be very careful not to leak the password to others. In particular, you need to be more careful when you are connected online in a public place.
Despite the company's possible technical supplementary measures, we are not responsible for the loss of information due to unexpected accidents caused by network risks such as hacking using advanced technology.
Users can inquire all personal information protection related inquiries, complaints, damage relief, etc. that occurred while using the company's service (or business) to the person in charge of personal information protection and the department in charge. The company will respond and process inquiries to information subjects without delay.
In spite of this privacy policy, the company may provide it in accordance with the court's order if it is obliged to provide personal information in accordance with Korean laws and regulations.

8. Request to view personal information
The following organizations are separate from the company, so if you are not satisfied with the company's own personal information complaint handling, damage relief results or need more help, please contact us.

Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
Jurisdiction: Report on the infringement of personal information and apply for consultation
Website: privacy.kisa.or.kr
Phone: (without area code) 118
Address: (58324) Personal Information Infringement Reporting Center, 3F, 9, Jinheung-gil, Naju-si, Jeonnam (301-2, Bitgaram-dong)

Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
Jurisdiction: Personal information dispute mediation, collective dispute mediation (civil settlement)
Website: www.kopico.go.kr
Phone: 1833-6972
Address: (03171) 4th floor, Seoul Government Complex, 209 Sejong-daero, Jongno-gu, Seoul

Supreme Prosecutors' Office Cyber ​​Investigation Division
Website: www.spo.go.kr
Phone: 02-3480-3570

National Police Agency Cyber ​​Safety Bureau
Website: www.cyberbureau.go.kr
Phone: 1566-0112

9. Privacy Policy Change
This personal information processing policy is applied from the effective date, and if there are additions, deletions, and corrections of changes in accordance with laws and policies, the notice will be notified through 7 days prior to the enforcement of the changes.

10. The company installs and operates cookies, and users can refuse it.
Cookies are used to provide users with a faster and more convenient use of the website and to provide customized services. However, the user has the option to install cookies. Therefore, the user may allow all cookies by setting options in the web browser, check each time a cookie is stored, or refuse to store all cookies. In addition, if you refuse to install cookies, the use of the web becomes inconvenient and you may have difficulty using some services that require login.