The Privacy Policy consists of the following sections :
01. Purpose of Processing Personal Information
02. Items of Personal Information Processed
03. Provision of Personal Information to Third Parties
04. Processing Personal Information of Children Under 14
05. Entrustment of Collected Personal Information
06. Retention and Use Period of Personal Information
07. Procedure and Method of Personal Information Destruction
08. Rights and Obligations of Data Subjects and Legal Guardians, and Methods of Exercise
09. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices (Cookies)
10. Collection, Use, and Refusal of Behavioral Information by Third Parties via Automatic Collection Devices
11. Measures to Ensure the Safety of Personal Information
12. Chief Privacy Officer and Remedies for Rights Infringement
13. Amendments to the Privacy Policy and Duty to Notify
Wise On Media Co., Ltd. (hereinafter referred to as the "Company") strictly complies with domestic personal information protection laws and regulations, including the Act on Promotion of Information and Communications Network Utilization and Information Protection and the Personal Information Protection Act (PIPA).
The Company has established and disclosed this Privacy Policy to protect the personal information of data subjects (users) and to resolve any related grievances swiftly and efficiently.
01. Purpose of Processing Personal Information
The Company utilizes collected personal information for the following purposes. The information provided by users will not be used for any purpose other than those specified below, and prior consent will be sought if the purpose of use changes.
1) Member Management
- Identity verification and personal identification required to access membership services and restricted identity verification systems.
- Prevention of fraudulent or unauthorized use by abusive or malicious members.
- Preservation of records for dispute resolution, handling of civil complaints/grievances, and delivery of official notices.
2) Service Information Provision
- Providing access to content and services requested through service applications.
- Research, development, and validation of service efficacy based on statistical analysis.
3) Marketing & Event Notices
- Providing information on various promotional events, giveaways, and campaigns.
- Delivering event-related updates and conducting comprehensive marketing activities.
- Introducing and recommending products and services offered by the Company and its strategic partners.
02. Items of Personal Information Processed
The Company processes the following items of personal information:
1) Account Registration
- General Members: User ID, Password
- Teacher Members: Name, User ID, Password, Mobile Phone Number, Email Address, School Name
2) Marketing Utilization
- Teachers and Event Participants: Name, School Information, Email Address, Mobile Phone Number
- Purpose: Managing member service utilization histories, developing new services, providing customized services and advertisements based on demographic characteristics, validating service efficacy, offering event participation opportunities, analyzing access frequency, compiling service statistics, and restricting abusive users.
3) Automatically Collected Data
Information such as service utilization logs, website visit histories, and cookies may be automatically generated and collected during service use or business processing.
Note: Cookie information is collected in a form that cannot identify individuals, and the Company does not engage in any activities to identify individuals based on arbitrarily collected data.
4) Additional Services & Customization
be collected exclusively from users who have given separate explicit consent for additional data collection:
Shipping address (for delivery of event prizes, etc.), Name, Mobile Phone Number, Email Address, Grade/Class.
03. Provision of Personal Information to Third Parties
The Company does not fundamentally provide personal information to third parties. Should such a need arise, information will be provided strictly based on the following criteria:
1) The Company will only provide personal information to third parties under Articles 17 and 18 of the Personal Information Protection Act (PIPA), such as with the consent of the data subject or under special provisions of law:
- Where separate consent has been obtained from the data subject.
- Where special provisions exist in other laws.
- Where it is clearly recognized as urgently necessary for the life, bodily integrity, or property interests of the data subject or a third party.
- Where it is impossible to perform statutory duties without using personal information for purposes other than intended or providing it to a third party, and such action has undergone deliberation and resolution by the Personal Information Protection Commission.
- Where it is necessary to provide information to foreign governments or international organizations to fulfill treaties or other international agreements.
- Where it is necessary for criminal investigation and the institution and maintenance of public prosecution.
- Where it is necessary for a court to perform its judicial duties.
- Where it is necessary for the execution of sentences, custody, or protective dispositions.
- Where it is urgently necessary for public health, safety, and public welfare.
2) If the Company provides personal information to a third party, it will notify the user of the following items and obtain explicit consent:
- The recipient of the personal information.
- The recipient's purpose of using the personal information.
- The specific items of personal information to be provided.
- The recipient's retention and use period of the personal information.
- The fact that the user has the right to refuse consent, along with a description of any disadvantages resulting from such refusal.
04. Processing Personal Information of Children Under 14
1) When collecting personal information from children under the age of 14, the Company obtains the consent of their legal guardian and collects only the minimum personal information necessary to perform the corresponding service.
2) To obtain the consent of a legal guardian, the Company may request the minimum necessary information, such as the legal guardian's name and contact information. In such cases, the purpose of collection, use, or provision, and the requirement for parental consent will be notified to the child in clear, plain language that is easily understood.
3) The Company obtains the consent of the child's legal guardian before performing any of the following actions regarding the child's personal information:
- Collecting personal information for service registration, or using/providing it to a third party beyond the scope notified at registration or specified in the Terms of Service.
- Instances where a recipient of the child's personal information uses it for purposes other than intended or provides it to another third party.
Note: The personal information of a legal guardian collected to obtain consent will not be used for any purpose other than verifying the guardian's consent, nor will it be provided to third parties.
05. Entrustment of Collected Personal Information
To enhance service quality, the Company entrusts the processing of personal information to third-party service providers. The Company takes all necessary contractual measures to ensure personal information is safely managed during outsourcing in compliance with relevant laws. The information entrusted is strictly limited to the minimum data required to provide seamless services.
When executing entrustment contracts, the Company explicitly outlines responsibilities in documentation—such as compliance with Article 26 of the Personal Information Protection Act (PIPA)—prohibiting personal information processing outside the purpose of the outsourced work, outlining technical and administrative safeguards, enforcing restrictions on re-entrustment, managing and supervising the trustee, and clarifying liabilities such as damages. The Company actively monitors the entrusted entities to ensure safe data processing.
Any changes to the scope of outsourced work or the assigned service providers will be disclosed through this Privacy Policy without delay.
1) Entrusted Entity (Processor): Bizcon Co., Ltd. (비즈콘㈜)
Entrusted Task / Purpose: Sending mobile gift icons (Gifticons) to event winners.
2) Entrusted Entity (Processor): Sales Insight Co., Ltd. (세일즈인사이트㈜)
Entrusted Task / Purpose: CRM data management, registration, and management of school sales data.
06. Retention and Use Period of Personal Information
Personal information collected for membership registration and management is retained and used from the date of subscription until the user deactivates their account (membership withdrawal). Upon membership withdrawal, the data is destroyed immediately. However, the following information will be preserved for the specified periods due to the reasons listed below:
1) Preservation of Information Based on Data Subject Consent
- Preserved Items: Name, User ID, Password, Mobile Phone Number, Email Address
- Grounds for Retention: Prevention of service disruption/confusion and cooperation with investigative authorities regarding fraudulent or illegal users.
- Retention Period: 1 year
2) Preservation of Information Based on Relevant Laws
If it is necessary to retain member information under statutory provisions, the Company stores the data for the duration mandated by the respective laws. In such cases, data is used solely for the specified statutory purpose:
- Records on contracts or withdrawal of subscriptions:
Grounds: Act on the Consumer Protection in Electronic Commerce
Retention Period: 5 years
- Records on electronic financial transactions (payment settlements and supply of goods):
Grounds: Electronic Financial Transactions Act
Retention Period: 5 years
- Records on consumer complaints or dispute resolutions:
Grounds: Act on the Consumer Protection in Electronic Commerce
Retention Period: 3 years
- Records on identity verification:
Grounds: Act on Promotion of Information and Communications Network Utilization and Information Protection
Retention Period: 6 months
- Service utilization logs (website visit history):
Grounds: Protection of Communications Secrets Act
Retention Period: 3 months
- Records on personal location information:
Grounds: Act on the Protection and Use of Location Information
Retention Period: 6 months
07. Procedure and Method of Personal Information Destruction
Personal information is immediately destroyed once its retention period expires or the purpose of collection is achieved. The Company's data destruction procedures and methods are as follows:
1) Destruction Procedure
- Personal information that must be preserved under relevant laws or prior user consent—as outlined in '06. Retention and Use Period'—is separated from other personal information databases, stored for the designated timeframe, and then destroyed.
- Such isolated data will not be used for any purpose other than preservation unless required by law. Under relevant regulations, if a user has no login history for a specified validity period (default: 1 year), their account is converted to a "dormant account," and their data is stored separately. In this scenario, the Company will send a prior notification via email at least 30 days before the scheduled dormant account processing date.
- Personal information that has exceeded its retention period is completely purged upon obtaining approval from the designated data privacy manager.
2) Destruction Method
- Personal information printed on paper is shredded using a cross-cut shredder or permanently incinerated.
- Personal information stored in electronic file formats is permanently deleted using technical methods that render the records completely irrecoverable.
08. Rights and Obligations of Data Subjects and Legal Guardians, and Methods of Exercise
1) Rights and Obligations
- Data subjects may exercise their rights to request access, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information at any time. They may also object to or request explanations regarding automated decisions. These rights can be exercised through a legal representative or authorized proxy in accordance with Article 38, Paragraph 1 of the Personal Information Protection Act (PIPA).
Note: While the Company does not intentionally process information of children under 14, if such processing occurs, legal guardians may request access to, correction, or deletion of the child's data in accordance with Article 38, Paragraph 2 of PIPA.
2) Methods of Exercising Rights
- Rights may be exercised by a data subject's legal representative or an authorized agent holding a power of attorney. In this case, a formal power of attorney must be submitted in accordance with Form 11 of the "Notice on Personal Information Processing Methods (No. 2020-7)."
- The right to request access and suspension of data processing may be restricted under Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act (PIPA).
- Requests for the deletion of personal information cannot be fulfilled if that specific data is explicitly mandated as a target for collection under other applicable statutes.
- If the data subject has consented to automated decision-making, was notified in advance via a contract, or explicit legal provisions exist, the right to refuse automated decisions is not recognized; only the right to request explanations and reviews remains. Furthermore, requests to refuse or explain automated decisions may be denied if there are justifiable grounds, such as risking unfair infringement on the life, body, property, or other interests of another person.
- When a request for access, correction, deletion, suspension of processing, or withdrawal of consent is filed, the Company verifies whether the requestor is the data subject themselves or a legitimate, authorized representative.
3) Department Responsible for Processing Rights Requests
Department: Education Division (에듀케이션 본부)
Phone: +82-2-6956-8869
Email: master@wiseonm.com
09. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices (Cookies)
The Company utilizes 'cookies' to store and periodically retrieve user information in order to provide highly customized, specialized services. Cookies are small text files sent by the web server (HTTP) to the user's computer browser, and may be stored on the hard drive or storage of the user's PC or mobile device.
1) Purpose of Using Cookies
- Cookies are used to authenticate users across the various services and websites operated by the Company.
2) Installation, Operation, and Refusal of Cookies
- Users retain full control over cookie installations. By adjusting web browser options, users can allow all cookies, require a confirmation prompt each time a cookie is saved, or completely block the storage of all cookies. Please note that if you refuse to store cookies, you will not be able to log in to the platform.
- Purpose summary: Used to compile visitor access statistics and drive continuous service improvements.
- Management: Cookie settings (allow, block, delete) can be configured via browser settings.
3) Allowing/Blocking Cookies on Web Browsers
- Chrome: Click the three-dot menu icon (⁝) in the top-right corner > Select 'New Incognito Window' (Shortcut: Ctrl+Shift+N)
- Edge: Click the three-dot menu icon (…) in the top-right corner > Select 'New InPrivate Window' (Shortcut: Ctrl+Shift+N)
4) Allowing/Blocking Cookies on Mobile Browsers
- Chrome (Mobile): Tap the three-dot menu icon (⁝) in the top-right corner > Select 'New Incognito Tab'
- Safari (iOS): Open Device Settings > Safari > Advanced > Toggle 'Block All Cookies'
- Samsung Internet: Tap the 'Tabs' icon at the bottom of the screen > Select 'Turn on Secret Mode' > Start
10. Collection, Use, and Refusal of Behavioral Information by Third Parties via Automatic Collection Devices
The Company does not collect, utilize, or provide behavioral or tracking data to third parties. Therefore, this section is not applicable.
11. Measures to Ensure the Safety of Personal Information
The Company implements the following security measures to safeguard personal information:
- Administrative Measures: Formulation and enforcement of internal management plans, regular privacy training for employees, and the operation of a dedicated data protection task force.
- Technical Measures: Access control lists and permission management for personal information processing systems, installation of intrusion prevention/detection systems, deployment of encryption mechanisms for sensitive transmission data, and installation of anti-malware security software.
- Physical Measures: Strict access control protocols for server rooms and data archives, storing documents and auxiliary storage media in secure, locked containers, establishing protection protocols against disasters (fires, floods), and enforcing strict logging procedures for the checkout and return of storage devices.
12. Chief Privacy Officer and Remedies for Rights Infringement
The Company formulates and executes policies to safeguard customer personal information and handles related complaints through a designated Chief Privacy Officer (CPO).
1) Chief Privacy Officer (CPO)
- Privacy Officer: Jae-young Lee (이재영)
- Division: Education Division (에듀케이션본부)
- Phone: +82-2-6956-8869
- Email: soo@wiseonm.com
2) Remedies for Personal Information Infringement
Data subjects may contact the following independent organizations to seek consultation, file complaints, or request damage remediation regarding personal information breaches:
- Personal Information Dispute Mediation Committee (KOPICO): 1833-6972
(www.kopico.go.kr)
- Personal Information Infringement Report Center (KISA): Dial 118 without area code
(privacy.kisa.or.kr)
- Supreme Prosecutors' Office Cyber Crime Investigation Division: Dial 1301 without area code
(www.spo.go.kr)
- National Police Agency Cyber Crime Investigation: Dial 182 without area code
(ecrm.police.go.kr)
13. Amendments to the Privacy Policy and Duty to Notify
Should any content be added, deleted, or modified within this Privacy Policy, the Company will notify members through the platform's Announcements section at least 10 days prior to the effective date.
This Privacy Policy shall enter into force and be applied effective March 3, 2026.