Privacy Policy

Privacy Policy
In order to protect personal information according to the Personal Information Protection Act and handle related complaints quickly and smoothly, the Commons Foundation Golden Goose team('https://www.goldengoose.farm; hereinafter referred to as the "Company") establishes and launches the privacy policy as follows:
  • 1. Collected Personal Information Items
    The Company collects the following personal information to provide various and convenient Internet services to the members:
    1)
    Required information
    • Items for identifying information subject : E-mail address, customer's name, ID, password, mobile phone number
    • Items for notification for contact and guidance regarding contract execution: E-mail address
    2)
    The following information may be generated and collected during the service use process or business process:
    • Service usage records, access logs, cookies, connected IP information, payment records, use suspension records, OS information, bad or abnormal usage records
    3)
    How to collect personal information
    The Company collects personal information in the following ways:
    • Websites, mobile phone applications, mobile phone webpages, fax numbers, phone numbers, forums, email addresses, event applications
    • Collecting through the created information collection tool
  • 2. Purpose of Collecting and Using Personal Information
    The Company handles personal information for the following purposes: The handled personal information will not be used for any purpose other than as specified below. If the purpose of use is changed, the Company will take necessary measures including but not limited to obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
    1)
    Registering membership and management at the website
    The Company handles personal information for the following purposes: confirmation of intention to sign up, identification and authentication for providing membership services, maintenance and management of membership, identity verification under the enforced limited identity verification system, prevention of illegal use of services, confirmation of consent of legal guardian upon processing personal information of a child under the age of 14, various notices, and grievance settlement, etc.
    2)
    Implementation and settlement of contract regarding service provision
    The Company handles personal information for the purpose of providing services, sending contracts and invoices, providing contents, providing personalized services, verifying identity, verifying age, making fee payment and settlement, guiding events and prize winning results, delivering goods, etc.
    3)
    Customer services
    The Company handles personal information for the purpose of verifying the identity of a complaining customer, checking complaints, contacting and notifying for fact investigation, notifying the result of processing, etc.
    4)
    Use for marketing and advertising
    The Company handles personal information for the purpose of developing new services (products), providing customized services, providing information on, and opportunities to participate in, events and advertisements, providing services and displaying advertisements according to demographic characteristics, verifying the effectiveness of services, understanding access frequencies or getting statistics on use of services by members.
  • 3. Retention and Use of Personal Information
    The Company handles and retains personal information during the period of retaining and using the personal information prescribed by the laws or regulations or collected with consent of the information subject that has been received upon the collection of the personal information. The period of handling and retaining personal information is as follows:
    1)
    Website sign-up and membership management : until canceling the membership
    For the following cases, the personal information is retained until the cases are closed:
    • Investigation, etc. due to violation of the relevant laws and regulations; and
    • Payment of all debts and obligations related to the use of the website.
    2)
    Supply of services, contents, or goods: until the completion of the supply and payment, and settlement of bills or fees
    For the following cases, the personal information is retained until the period of each of the following cases ends:
    • Records relating to transactions such as representations and advertisements, contract terms and conditions, contract implementation, etc. in accordance with the Act on Consumer Protection in Electronic Commerce, Etc.
      Records of representations and advertisements : 6 months
      Records of cancellation of contracts or subscriptions, payment, or provision of goods, etc. : 5 years
      Recrods of handling of consumer complaints or disputes : 3 years
    • Archiving the communication verification data according to the Article 41 of the Protection of communications Secrets Act
      Records of date and time of telecommunications by subscribers, start and end time of telecommunications, the other party's subscriber number, frequency of use, data on tracing of location of the outgoing base station: 1 year
      Records of computer communication, Internet logs, data on tracing a connection location: 3 months
    • Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.
      Keeping identification information according to Article 29 of the Enforcement Decree: 6 months after the information is posted on the bulletin board
    3)
    Personal information expiry system
    If the member does not have a record of using the service for one year or more, it shall be separately stored based on Article 29 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. However, if preservation is required, it shall be kept for the period stipulated by the relevant laws and regulations.
  • 4. Provision of Personal Information
    The Company does not use, or provide to a third party, the personal information of customers beyond the scope notified to the customers upon collecting the personal information, or specified in the Terms and Conditions of the Service. However, if the customer agrees or under any of the following cases, exceptions will apply:
    1)
    Partnerships: The Company may provide personal information of customers to its partners or share with them for better service. To provide or share personal information of customers, the Company shall go through a process of obtaining prior consent of a customer by giving notice to the customer in writing or by email individually regarding who our partners are, what personal information items are provided or shared, why such personal information should be provided or shared, and until when and how the personal information is protected and managed. If the customer doesn't give consent, the Company shall not provide to, or share, with the partners. Also if the the partnership is changed or terminated, the Company shall give notice to, or get consent from, the customer under the same process.
    2)
    Sale, merger, acquisition, etc.: In the event that all or part of the business is assigned, merged, or inherited or the rights and duties of the service provider are transferred or succeeded due to merger, inheritance, etc. In order to guarantee the rights of customers regarding protection of personal information, the fact must be notified to the customer.
    3)
    In the event that it is very difficult to obtain normal consent for economic·and technical reasons regarding the personal information necessary for the implementation of the contract on the provision of services
    4)
    The settlement of charges after the provision of services
    5)
    In the event that there is any special provision specified by the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., the Act on Real Name Financial Transaction and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act , the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act, and other laws and regulations However, even if an administrative authority or an investigation agency requests for the reason that "there is any special provision specified by the laws and regulations" for an administrative or investigative purpose, the Company shall not provide personal information of customers unconditionally and will provide the information by going through the legal process, for example, a warrant or a letter with the stamped seal of the head of the agency.
    6)
    In the event that there are sufficient grounds to determine that the personal information should be disclosed in order to take legal actions when our services are used to bring mental or physical harm to others
  • 5. User and legal representative's rights, and obligations and exercise method
    1)
    The user may exercise his or her rights to request to view, correct, delete, or stop handling, personal information at any time.
    2)
    The rights pursuant to Paragraph 1) above may be executed in writing, by e-mail, or by fax according to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act and the Company will take an action regarding the execution immediately.
    3)
    The rights under Paragraph 1) above may be executed through the user's legal representative or proxy. In this case, the user must submit a power of attorney under Attachment Form No. 11 of the Enforcement Regulation of the Personal Information Protection Act.
    4)
    The rights of the user, including a request to view, or stop handling, personal information, may be restricted under Article 35(5) and Article 37(2) of the Personal Information Protection Act.
    5)
    If personal information is prescribed to be collectible by any other laws and regulations, the request for correction and deletion of personal information shall not be requested.
    6)
    If an information owner requests to view, correct or delete, or stop handling, his or her personal information, the Company shall ensure that the requesting person is the information principal or his or her authorized representative.
    7)
    The user has the right to protect his or her own personal information along with the obligation not to infringe on the information of others. It must be careful not to disclose personal information including the password and not to damage personal information of others including postings. If the user has failed to fulfill such responsibilities and has damaged the information and dignity of others, the user may be punished under the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.
  • 6. Destruction of Personal Information
    1)
    Once the purpose of use of collected personal information is accomplished, the Company will destroy or archive separately the information without delay according to the storage period and the period of use. The procedures, points of time, and methods are as follows:
    • Destruction procedures and points of time
      The personal information provided by the customer for the purpose of subscription to the service, etc. will be destroyed immediately when the retention period expires after the purpose of use, such as termination of the service, is accomplished according to the internal policy and other related laws. If there are no debts or obligations remaining in the general meaning, the personal information collected at the time of sign-up and managed in the form of electronic files will be deleted immediately at the time of cancellation of membership.
    • Destruction method
      The personal information printed on paper shall be shredded, incinerated, or destroyed by using chemicals and the personal information stored in electronic files shall be deleted by using a technical method under which records cannot be restored.
    2)
    In the event that personal information should be kept in accordance with any other laws and regulations even though the period of personal information has expired, or even though the purpose of handling has been accomplished, the personal information shall be transfered to a separate database (DB) for storage or be kept at a different storage place.
  • 7. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
    1)
    The Company may install and operate cookies to store and retrieve customer information for internet services. A cookie is string information that a web server keeps in the web browser and sends back to the server when requested by the server. When a customer accesses the Company website, the Company can read the contents of the cookie in the customer's browser, find additional information, and provide services without further input by the customer such as the name.
    2)
    The Company may use the information of the customers collected through cookies for the following purposes:
    • To provide differentiated information according to individual interests;
    • To analyze the connection frequencies and stay duration of members and non-members to identify their preferences and areas of interest and use them in targeted marketing;
    • To keep tracking what the customer has browsed with interest and provide personalized services when he or she visits later;
    • To analyze customers' habits and use them as a measure of service reorganization;
    3)
    The customer has the option to install cookies. The customer may go to "Tools > Internet Options > Privacy > Advanced" at the top of the web browser and select to accept all cookies, send a notification when a cookie is installed, or reject all cookies. But, if the customer refuses to install cookies, it may cause inconvenience in use of the service or difficulty in provision of the service.
  • 8. Measures to Secure Safety of Personal Information
    1)
    Establishment and execution of internal management plan
    The Company has established and executed an internal management plan for the safe handling of personal information.
    2)
    Encryption of personal information
    The personal information of the customer is encrypted, stored, and managed so that only the customer can view. In case of critical data, the Company uses separate security functions such as encrypting the file and transmission data or using the file lock function.
    3)
    Restricted access to personal information
    The Company takes necessary measures to control access to personal information without permission through granting, changing, and cancellation of access rights to the database system that handles personal information and also controls unauthorized access from outside.
  • 9. Personal Information Protection Manager
    1)
    The Company designates a personal information protection manager who takes responsibilities for all duties regarding handling personal information, handles complaints of information owners, and relives damages in connection with personal information handling as follows:
    Personal information protection manager
    Name: Jun-Gyu Jeong
    Job Title : team leader
    Contact: 82-2-796-1839 / E-Mail : vincent@commons.foundation
    Personal information protection department
    Name of department : Maketing Team
    Contact: 82-2-796-1839 / E-Mail : vincent@commons.foundation
    2)
    The information owner may inquire of the personal information protection manager or department regarding protection of personal information, handling complaints, relief from damages, etc. that occur while using the Company's service (or business). The Company will respond to your inquiries without delay.
  • 10. Viewing and Correcting Personal Information
    The information owner may request the personal information protection department to make him or her view his or her personal information pursuant to Article 35 of the Personal Information Protection Act. The Company will make reasonable efforts to ensure that a request for viewing personal information can be processed quickly.
  • 11. Obligation of Notification
    The current personal information handling policy applies from March 1, 2019. If any of terms or conditions of the policy are added, deleted, or modified, the Company will notify such addition, deletion, or modification on the website at least 7 days before the revision (at least 30 days before the important information changes). If consent is required due to any change made to collection and use of personal information or provision to third parties, a separate consent procedure will be prepared and conducted.