Studio Bloom Co., Ltd. (hereinafter referred to as 'the Company') values the privacy of its users and strives to comply with the Act on Promotion of Information and Communications Network Utilization and Information Protection and the Personal Information Protection Act. Through this Privacy Policy, the Company informs users of the purposes and methods of using the personal information provided by them, as well as the measures taken to protect their personal information.

 

This Privacy Policy applies to all exhibitions (hereinafter referred to as 'Exhibitions') organized by the Company and will be effective from December 1, 2024.

 

1. Purpose of Collecting and Using Personal Information

The personal information is processed for the following purposes.

If the purpose of use changes, the Company will take necessary actions, including obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

 

(1) Purpose of Using Personal Information

- Personal information is processed for the purpose of providing the requested products.

- Used for membership management, service improvement, and the development of new services.

- Used for event/exhibition participation verification, marketing, and advertising.

- Used for analysis based on demographic characteristics and for service provision.

- Used for new service development, providing various services, handling inquiries or complaints,

and delivering notices.

- Used for service usage records, access frequency, and statistics on service use, building a service

environment for privacy protection, providing customized services, and improving services.

- If you consent to scanning your entry pass at participating company booths,

your information may also be used by the participating company in their database.

 

(2) Collection of Personal Information

During membership registration or the process of using the service, the minimum personal

information necessary to provide the service is collected through the website or

individual applications and programs, as follows:

 

- Member identification/confirmation of intent to join, identity/age verification, prevention of

fraudulent use.

- If collecting personal information of children under the age of 14, confirmation of consent from

a legal guardian and identity verification when exercising the legal guardian’s rights.

 

2. Items of Personal Information Collected and Collection Methods

 

(1) Items of Personal Information Collected

The Company collects the minimum necessary personal information for providing exhibition

information and related services.

 

Category

Detailed Information for Website Membership Registration

 

- Information required for membership registration Name, ID, password, email, email reception,

automatic login option.

- Additional information required for SNS membership registration Linked account information

(nickname, email, photo) from Facebook/Twitter, etc.

 

- Required items for exhibition registration Name, company name, department, position, gender, age,

phone/mobile number, email, address, industry, job, survey responses (interested items, purpose of

visit, source of information), etc.

- Optional items Profile photo (face photo)

(2) Methods of Collecting Personal Information

When collecting personal information, the Company always informs users in advance and

obtains consent. Personal information is collected through the following methods:

- When the user agrees to the collection of personal information and directly enters the information

during membership registration or exhibition visit.

- When personal information is provided by affiliated services or organizations.

- Participation in events/exhibitions held online or offline.

 

(3) Consent to the Collection of Personal Information

The Company provides a procedure where users can click the "I Agree" or "I Do Not Agree" button

regarding the Company's Privacy Policy or Terms of Service. By clicking the "I Agree" button,

it is considered that the user has consented to the collection of personal information.

 

(4) Additional Personal Information Collected During the Use of Services

During the use of PC web, mobile web/app, information such as device information

(OS, screen size, device ID), IP address, cookies, visit date and time, records of fraudulent use,

and service usage records may be automatically generated and collected.

 

3. Retention and Use Period of Personal Information

Once the purpose of collecting and using personal information has been achieved, the information will be promptly destroyed. However, if it is necessary to retain the information according to relevant laws and regulations, the Company will keep the member information for a certain period as prescribed by law. In such cases, the Company will move the personal information to a separate database (DB) or store it in a different location. (If you wish to request destruction, please call 070-7772-7055.)

 

Applicable Laws and Regulations Information to be Retained | Retention Period

- Consumer Protection in Electronic Commerce Act Records related to contracts or

withdrawal of applications: 5 years

- Consumer Protection in Electronic Commerce Act, Commercial Code, Basic National Tax Act, Income

Tax Act, Corporate Tax Act, Value-Added Tax Act

- Records related to payment and supply of goods, commercial books, and transaction slips,

supporting documents: 5 years

- Consumer Protection in Electronic Commerce Act Records related to consumer complaints or

dispute resolution: 3 years

- Consumer Protection in Electronic Commerce Act Records related to

displays/advertisements: 6 months

- Communications Privacy Protection Act Records related to site visits: 3 months

 

4. Procedure and Method of Destroying Personal Information

When the retention period of personal information has expired, or when the purpose of processing has been achieved and the personal information is no longer necessary, the Company will promptly destroy the personal information.

 

If the personal information, for which consent has been obtained from the data subject, needs to be retained due to other legal requirements, even after the retention period has elapsed or the processing purpose has been fulfilled, the information will be transferred to a separate database (DB) or stored in a different location. The procedure and method of destroying personal information are as follows:

 

(1) Destruction Procedure

The Company selects the personal information that needs to be destroyed due to the occurrence of

a destruction reason and obtains approval from the Company’s personal information protection officer

before destroying the information.

 

(2) Destruction Method

- For personal information stored in electronic file formats, the Company uses technical methods that

prevent the information from being restored.

- For personal information recorded/stored on paper documents, the Company destroys

the information by shredding it or incinerating it.

 

5. Outsourcing of Personal Information Processing Tasks

To provide smooth services, the Company outsources the following tasks. Some of the essential tasks for service provision are outsourced to external companies, and the Company supervises these outsourced companies to ensure compliance with relevant laws and regulations.

 

[Outsourcing Companies for Personal Information]

- Outsourced Task | Outsourcing Company Website maintenance | Studio Bloom Co., Ltd.

- Exhibition entry service operation

- Visitor booth visit information management

- Direct mail (DM) creation and dispatch, bulk message dispatch

- Kakao notification message dispatch

- Invitation card dispatch

 

6. Provision of Personal Information to Third Parties

The Company will only provide personal information to third parties in accordance with the consent of the data subject or in cases stipulated by the law, such as Articles 17 and 18 of the Personal Information Protection Act.

 

The name of the institution and the contact information of the person receiving the personal information provided for the purpose of use of the personal information of the person receiving the personal information; the period of possession and use of the personal information; the information submitted at the time of registration of the information delivery exhibition

- Five-year participating companies

- Information submitted at the time of registration of customer management exhibitions of participating

companies using booth terminals One year of information submitted at the time of registration of

domestic and foreign exhibitions by the Korea Exhibition Industry Promotion Agency

-If you tag the pass on the barcode reader of each company's booth in the exhibition hall,

the information registered in advance will be provided to the company, which can be used for

marketing purposes.

Please keep this in mind when visiting the exhibition and tag each company's booth barcode reader.

 

Participating companies (participating companies) that apply for customer management system (QR/Barcode reader) equipment among participating companies (participating companies) and tag QR/Barcode on the pass.

Name, company name, department, position, gender, age, phone/mobile number, e-mail, address, business type, job, survey response (items of interest, purpose of observation, cognitive path), etc

Telemarketing for enterprise products, technical information delivery and sales, mobile phones, text service, email/DM sending, etc

 

Until Withdrawal of Consent for Providing to Third Parties

Agreeing to this provision may affect the benefits associated with the services provided.

 

7. Rights and Obligations of the Data Subject and How to Exercise Them

 

The data subject may exercise the following rights related to personal information protection at any time with respect to the Company. If consent for collection is refused, access may be restricted.

- Request for access to personal information

- Request for correction if there are errors

- Request for deletion

- Request to cease processing

 

※ Rights may be limited or denied if there are legitimate reasons such as legal provisions.

- The rights specified in Article 1 can be exercised by the data subject through written request,

phone, email, or fax to the Company, and the Company will take prompt action in response.

- If the data subject requests correction or deletion of personal information due to errors,

the Company will not use or provide the relevant personal information until the correction or

deletion is completed.

- The rights specified in Article 1 may be exercised through a legal representative or authorized

person (such as an agent). In such cases, a power of attorney in the form of Annex 11 of

the Enforcement Rules of the Personal Information Protection Act must be submitted.

- The data subject must not violate the Personal Information Protection Act or any related laws, or

infringe upon the personal information or privacy of themselves or others while exercising their rights.

 

8. Installation/Operation of Automatic Personal Information Collection Devices and Refusal of Such Collection

The Company uses "cookies" to store and frequently retrieve user information in order to provide individualized services. A cookie is a small amount of information sent by the server (http) operating the website to the user's computer browser, which is sometimes stored on the hard disk of the user's PC.

 

(1) Purpose of Using Cookies and Other Automatic Collection Devices

The company uses cookies to implement the auto-login feature, analyze the frequency and duration

of access of members and non-members, track users' preferences and interests, monitor event

participation and visit frequency, and provide targeted marketing and personalized services.

 

(2) How to Refuse Cookie Settings

Users have the option to control the installation of cookies. You can set your web browser to

accept all cookies, confirm each time a cookie is saved, or refuse the storage of all cookies.

However, if you refuse the installation of cookies, there may be difficulties in providing services.

 

9. Implementation of Safety Measures for Collected Personal Information

(1) Safety Measures for Personal Information

The company takes the following measures to ensure the safety of personal information:

Administrative Measures: Establishment and implementation of internal management plans, regular

employee training, etc.

Technical Measures: Management of access rights to personal information processing systems,

installation of access control systems, encryption of sensitive information such as unique identifiers,

installation of security programs.

 

Physical Measures: Access control to data rooms and computer rooms.

 

(2) Policy on Unauthorized Collection of Emails

The company prohibits the unauthorized collection of email addresses posted on its website using

email collection programs or other technical devices.

Violation of this policy may result in penalties under the "Act on Promotion of Information and

Communications Network Utilization and Information Protection" and other related laws.

 

(3) Transmission of Promotional Information

The company will not send promotional information for commercial purposes without

the prior consent of the user.

 

10. Personal Information Protection Officer

The company has designated a Personal Information Protection Officer to be fully responsible for personal information processing and to handle complaints and damage relief related to personal information processing.

For any inquiries, complaints, advice, or other matters related to personal information protection during the use of services, please contact the Personal Information Protection Officer and the relevant department.

 

- Personal Information Protection Officer: Director Lee Hae-John

- Phone: 070-7772-7055

- Contact: biokoreainfo@gmail.com

 

11. Remedies for Infringement of Rights

In case of personal information infringement, you can seek remedies and consultation through the following organizations:

 

- Personal Information Infringement Reporting Center (operated by the Korea Internet & Security Agency)

- Responsible tasks: Reporting personal information infringement, requesting consultation

- Website: privacy.kisa.or.kr

- Phone: 118 (no area code required)

 

Personal Information Dispute Mediation Committee

 

- Responsible tasks: Personal information dispute mediation, group dispute mediation (civil resolution)

- Website: www.kopico.go.kr

- Phone: 1833-6972 (no area code required)

 

Supreme Prosecutors' Office Cyber Crime Investigation Unit

 

- Website: www.spo.go.kr

- Phone: 02-3480-3573

 

Cyber Safety Bureau, National Police Agency

 

- Website: http://cyberbureau.police.go.kr

- Phone: 182

 

12. Collection, Use, Provision, and Refusal of Behavioral Information

 

The company does not collect, use, or provide behavioral information for purposes such as online customized advertising.

 

13. Personal Information Access Requests

 

Data subjects may request access to their personal information pursuant to Article 35 of the Personal Information Protection Act, by contacting the department below. The company will make efforts to ensure that the personal information access requests are processed promptly.

 

Personal Information Access Request Department:

- Personal Information Protection Officer: Director Lee Hae-John

- Phone: 070-7772-7055

- Contact: biokoreainfo@gmail.com