Privacy Policy

Privacy Statement

  • In order to protect the personal information of the customer and to prevent the damage caused by leakage of personal information, BICTI Korea Corporation takes the customer's personal information very seriously, and we comply with the related laws and regulations that information and communication service, such as the Act on Promotion of Information Network Usage and Information Protection, and the Personal Information Protection Act
  • Our privacy policy is subject to change due to changes in laws or guidelines related to the protection of personal information or changes in our policies, so please check with us whenever you visit our site

General Rules

  • BICTI Korea Corporation (hereinafter referred to as "the Company") is committed to protecting the privacy of users\' personal information and is committed to protecting the personal information that the user provides to the company while using the company\'s services Accordingly, the Company complies with the personal information protection regulations of the related laws and regulations and the personal information protection guidelines established by the Ministry of Information and Communication, which should be complied with by the providers of information and communication services, such as the Promotion of Information Network Usage and Information Protection Act
  • The Company will disclose through its Privacy Policy how and in what manner personal information provided by users is being used and what measures are being taken to protect personal information
  • The company discloses its privacy policy at the front page of the homepage so that users can easily view it at any time
  • The privacy policy of the company may change from time to time due to changes in the laws and guidelines of the government or changes in the company\'s internal policy Users are requested to check the privacy policy on the first page of the website from time to time

1 Agreement to collect personal information

  • The Company shall establish a procedure by which users can click the [Accept] button or the [Cancel] button on the contents of the company's personal information handling method or terms and conditions, if you click the [Accept] button, you agree to the collection of personal information

2. Purpose of usage and collection of personal information

    • Personal information means information about an individual who is alive and includes information that can identify the individual by the name, date of birth, etc included in the information (even if the information alone can not identify a particular individual, including those that can be easily identified and combined with)
    • Personal information collected about individual customers and the purpose of collection and use are as follows
    - Name, ID, Password, Passport number (for foreigners only), Email address: Confirm your identity and confirm your customership
    - Your bank account, a copy of your photo ID (cover up the details other than your birth date), mobile number: ID verification for payment and withdrawal
    - Optional: Materials to provide personalized services
    - Preventing fraudulent use of fraudulent customers and preventing unauthorized use

3. Collecting personal information items and collection methods

    • When a user joins a customer to use a customership service, the company receives online information that is essential for providing the service   The essential information you receive when you sign up is your name, email address, and so on Also, in order to provide high quality service, user can input optional phone number and bank account number And we can also request personal information for statistical analysis or offer of prizes during surveys or events at the exchange
    • We do not collect sensitive personal information (such as race and ethnicity, ideology, creed, hometown and homeland, political orientation and criminal record, health status, and sex life) that may be of concern to your basic human rights violations If we collect inevitably, we will ask for your prior consent And, in any case, the information you enter will not be used for any other purpose other than for the purpose previously provided to you, and will not be leaked out

4. Retention and use period of personal information collected

    • When a company collects personal information of a user, the period of retention is until customership termination (including withdrawal application, withdrawal of directorship) In addition, at the time of termination, the Company destroys the personal information of the user and instructs the third party to destroy the personal information provided to the third party However, if there is a necessity to preserve it in accordance with laws and regulations such as commercial law, we have transaction history and minimum basic information for the period of preservation prescribed by laws and ordinances In addition, we will keep your personal information for the duration of your promised period if you notify the user in advance of the period of retention, if the period of retention has not elapsed and if the individual consents of the user
      - Records on contract or withdrawal of subscription: 5 years
      - Record of payment and goods supply: 5 years
      - Records of consumer complaints or disputes: 3 years
    • In the event that a user requests access to transaction information, etc, which is held with the consent of the user, the Company shall take measures so that it can be read and confirmed without delay

5 Procedures and methods of personal information destruction

  • In principle, the personal information of the user is destroyed without delay when the purpose of collecting and using the personal information is achieved And the procedure and method of destroying company's personal information is as follows
    • Destruction procedure
    • - The information entered by the user for customership purposes is transferred to a separate DB after the purpose has been achieved (in the case of paper, separate documents) According to internal policies and other relevant laws and regulations, it will be destroyed after a certain period of storage
    • Destruction Methods
    - Personal information printed on paper is crushed or destroyed by crushing
    - Personal information stored in the form of electronic files is deleted using a technical method that can not reproduce the record

6 Commitment of Personal Information

    • BTC KOREA Co, Ltd Has been entrusting the following personal information to improve service And in accordance with the relevant laws and regulations, we provide the necessary information so that personal information can be safely managed when contracted
    • The company's personal information processing agency and commissioned business are as follows
    • Partners Contents of trust business Period of Retention and Use of Personal Information
      Danal Co., Ltd. Payment of cultural gift certificates, settlement of book cultural gift certificates, payment of game culture gift certificates, settlement of Happy Money cultural gift certificates At the time of the withdrawal of the customership or until the termination of the trust agreement, when the statute establishes
      Think Full Co., Ltd. Service to prevent sign in stealing
      Settle Bank Co., Ltd. Payment without account (virtual account)
      Shinhan Bank Co., Ltd.
      NH Nonghyup
      KG INICIS Service of settling credit card payments
      IMI Corporation B Point mall service
      Kookmin Bank Co., Ltd. KB Escrow Service
      Korea Credit Bureau Co., Ltd. Ipin self-certification service Do not Save Separately (Information of the certified service provider)
      Korea Mobile Certification Co., Ltd. Mobile phone verification service
      Will & Vision Operation of customer centers and customer consulting Not separately stored
      Transcosmos Korea Inc.
      Info Bank Co., Ltd. Send SMS
      SUREM Co., Ltd.
      Daou Technology Co., Ltd.

7 Sharing and providing personal information collected

    • The Company shall use the personal information of the users within the range of the purpose of collecting and using personal information, and shall not use it beyond the scope of this information or give it to any third party without prior consent of the user However, except in the following cases: - If there are special regulations in statutes such as the Act on Financial Real Name Transactions and Confidentiality, the Use and Protection of Credit Information, the Telecommunications Basic Act, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act and the Criminal Procedure Act
      - In cases where it is judged in good faith that it is required by other laws (ex when there is a request from a government / investigative agency by lawful procedure under applicable law);
      - Users agree to release in advance
      - In violation of Terms of Service or Operating Principles, such as the Terms of Service and any other customer Services posted on the Website
      - If you have reason to believe that your personal information must be disclosed in order to take legal action against it by causing mental or physical harm to others through our services
      - When necessary for settlement of fees according to service provision
      - When it is necessary for statistical writing, academic research or market research to provide a specific individual in an unidentifiable form
    • The Company may provide or share personal information with its affiliates or partners in order to provide better services to its users If we provide or share your personal information, you will need to know in advance what your affiliates are, what personal information items are shared or shared, why such personal information should be provided or shared, The individual will be informed and will be asked to obtain consent If the user does not consent, it will not be provided or shared with affiliates You may also withdraw your consent at any time, even if you consent to the provision of personal information

8 Regarding the user's personal information management (reading, correcting, deleting, etc)

    • Users can log in to the BTC KOREA Corporation website (wwwxcoincokr) at any time and read or correct the user's personal information by changing the customer's information In addition, we will correct if you request by e-mail or in writing to the person in charge of personal information management on the company's homepage However, the customer ID and the name can not be corrected
    • Users may withdraw your consent to withdraw or terminate your consent to the collection and use of your personal information and to withdraw your consent to third parties through e-mail, telephone, fax or other means In this case, the user must provide his / her ID and e-mail address for proof of identity

9 Matters concerning the operation of cookies(cookies)

    • In order to provide customized services tailored to the customers, the company operates 'cookies' (cookies) to store and retrieve information from time to time The Company identifies your computer with respect to cookie management, but does not personally identify you
    • The user has a choice of 'cookies' And the user can accept all cookies by selecting [Tools]> [Internet Options]> [Security]> [User Defined Level] in the web browser, check each time a cookie is saved, or refuse to store all cookies However, if you refuse to store all cookies, you will not be able to use the services provided by the company through cookies

10 Measures to Ensure the Safety of Personal Information

  • The Company, pursuant to Article 29 of the Personal Data Protection Act, has the following technical, administrative and physical measures to ensure safety:
    • Minimization and training of personal information handling staff
      We designate employees who handle personal information and limit them to the person in charge, and implement measures to manage personal information
    • Regular self-audit conducted
      We conduct our own audits on a regular basis (quarterly basis) to ensure the safety of handling personal information
    • Establishment and implementation of internal management plan
      We have established and implemented an internal management plan for the safe handling of personal information
    • Encryption of personal information
      The personal information of the user is encrypted and stored and managed so that only the user can know it, and the important data is using separate security functions such as encrypting the file and transmission data or using the file lock function
    • Technical measures against hacking
      The company installs security programs, periodically updates and checks, installs systems from outside controlled areas, and technically and physically monitors and blocks them to prevent leakage and damage of personal information caused by hacking or computer viruses
    • Restrict access to personal information
      We take necessary measures to control access to personal information through granting, modifying, and deleting access to the database system that handles personal information, and we control unauthorized access from outside by using an intrusion prevention system
    • Keeping connection logs and preventing forgery
      We keep and manage the records of access to the personal information processing system for at least six months, and we use security features to prevent forgery, theft and loss of access records
    • Using a lock for document security
      We keep the documents containing the personal information and the auxiliary storage medium in a safe place with a lock
    • Access control to unauthorized persons
      We keep separate physical storage places for personal information and set up access control procedures for them

11 Personal Information Management Officer and Person in Charge

    • The company is doing its best to make sure that you use the good information securely In case of any incidents that are against the notice to you in protecting personal information, the person in charge of personal information management is responsible
    • The responsibility for maintaining the security of the password of the user ID is related to the user himself / herself The company does not ask the user directly about the password in any way, so please be careful not to let the password leak to the other person Especially if you are online in a public place
    • Despite the company's technical remedies, we are not liable for damage to information due to unforeseen accidents caused by basic network dangers such as hacking
    • The company has designated the personal information administrator and person in charge of collecting opinions and complaints about personal information, and the contact information is as follows [Personal information administrator]
      Responsibility: Representative Kim Dae Sik
      Charge: Representative Kim Dae Sik
      Position: CEO
      Customer Support Office: 1661-5566
      E-mail : contact2@bithumb.com

12 Duty of Notification

  • The contents of the current Privacy Policy will be notified through the" Notice "on the website 7 days before the implementation of the changes, if there is any addition or deletion or modification of the contents due to the change of government policy or security technology

Privacy Policy

  • BTC KoreaCom Corporation (hereinafter “Company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. The Company has also established the Guideline on Processing Personal Information in accordance with relevant statutes and protects the rights and interests of users.
  • As the Company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the Company’s policies, customers are recommended to pay frequent visits to our website and check details.
  • The Company’s Guideline on Processing Personal Information includes the following sections:

1. Personal Information Items Collected and Collection Method;

2. Purpose of Collecting and Using Personal Information;

3. Provision of Personal Information;

4. Outsourcing of Personal Information Processing;

5. Period of Retention and Use of Personal Information;

6. Procedure and Method for Destroying Personal Information;

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

8. Measures for Ensuring the Security of Personal Information;

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

10. Chief Privacy Officer and Personal Information Handling Employees

11. Notices

1. Personal Information Items Collected and Collection Method;

  • A.Personal information items collected
  • 1.The Company shall not collect any sensitive personal information which may lead to the infringement of human rights of users, including their race, ethnicity, ideas and creeds, place of birth and legal domicile, political orientations and criminal records, health status, and sexual life.
  • 2.The Company shall collect and use the following essential personal information:
    • 1)Verification of a user’s identity and his/her willingness to obtain membership
    • - general members: name, ID, password, passport no. (for foreigners only), cell phone number, email address, country of origin, secure password
    • - corporate members: name of company, name of representative, business registration number, contact telephone number, place of workplace address, e-mail address, password, country of operation, cell phone number, secure password
    • 2) Self-authentication for payments and funds withdrawals
    • - name, date of birth, account number, a copy of an identification card (any remaining information masked except for date of birth), cell phone number, secure password.
    • 3)Self-authentication for level up
    • - cell phone number, e-mail address, i-pin number, a copy of an identification card (any remaining information masked except for date of birth)
    • 4)Secure password initialization
    • - name, e-mail address, cell phone number, a copy of an identification card (any remaining information masked except for date of birth), a facial photo
    • 5)Prevention of use by fraudulent members and prevention of unauthorized use
    • - users’ IP address and date and time of their visit to the Company’s website
    • 6) Verification of users’ real name
    • - name, date of birth, gender
    • 3.The following information may be created and collected in the process of using or processing services:
    • - Records on using services, payment records, records on the suspension and termination of services, access logs, cookies, users’ IP address, records on fraudulent or abnormal uses of services.
    • B.Collection method
    • The Company shall collect personal information through the following methods:
    • - homepage, cell phone applications, cell phone web page, fax, telephone, consumer bulletin board, e-mail, and event application
    • - Collection of personal information through a tool for collecting created information

2. Purpose of Collecting and Using Personal Information;

  • The Company shall collect and use customers’ personal information for the following purposes:
  • A.Member management
  • - Self-authentication for the use of membership-based services, verification of individuals’ identity
  • - Prevention of use of services by fraudulent members and of unauthorized use
  • - Verification of users’ willingness to obtain membership and limitation on membership and the number of obtaining membership
  • - Identification of minors
  • - Records retention for consulting with customers, acceptance and handling of customers’ complaints and disputes resolution
  • - Delivery of notices
  • B.Performance of agreements on the provision of services and payment of charges
  • - Provision of services and contents, as well as tailored-made services
  • - Payment and settlement of fees
  • - Notification of the result of winning prizes at events/giveaways and delivery of products
  • C.Use for marketing and advertisements
  • - Providing optimized services for customers
  • - Developing and specializing in new services (products)
  • - Providing services and posting advertisements according to demographic traits
  • - Identifying the frequency of access to the Company’s homepage
  • - Statistics on the use of services
  • - Mailing periodicals and offering guidance on new products or services
  • - Planning web services and events that meet customers’ interests
  • - Delivering information on advertisements, such as giveaways and events, and operation of member communities
  • - Conducting customer questionnaire based survey

3. Provision of Personal Information;

  • The Company shall neither use nor provide customers’ personal information for any third party beyond the scope of which customers are notified upon collection of their information or the scope that is specified at the terms and conditions of the use of services, unless the customers agree or except for the following cases:
  • A. Partnership: The Company may provide customers’ personal information for its partners or share such information with its partners for the provision of better services. In case the Company does the foregoing acts, individual customers shall be notified in advance of who are our partners, what kinds of personal information items are provided or shared and why such personal information should be provided or shared and until when such information should be protected and managed, either in writing or e-mail, and give their consent to the provision and sharing of their personal information. If customers do not agree, the Company shall neither provide for its partners nor share their personal information with its partners. If there is any change in or termination of the Company’s partnership, the Company shall notify customers of such change or termination or seek their consent through the same procedure as described above.
  • B. Sale and merger and acquisition: If the Company sells its business, in whole or in part, or transfers and assumes the rights and obligations of any service providers, due to mergers and inheritances, the Company shall be sure to notify customers of such mergers and inheritances to guarantee customers their right related to the protection of their personal information.
  • C. Customers’ personal information is required for the performance of an agreement on the provision of services but it is significantly difficult to obtain customers’ ordinary consent due to economic and technological reasons.
  • D. Customers’ personal information is required for payments of fees in return for services
  • E. There is a special provision in other laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act. However, even if there is a special provision in laws compelling the provision of customers’ personal information and customers’ personal information is requested by an administrative or investigation agency for administrative or investigative purposes, the Company shall not provide such personal information unconditionally but only do so in accordance with legal procedures, including by way of a writ or a written request affixed with a seal of head of such agency as stipulated in laws.
  • F. A user inflicts mental and physical damage on others using the Company’s services and therefore, the Company has sufficient grounds to determine that such user’s personal information should be disclosed for the Company to take legal action against such infliction of harm.

4. Outsourcing of Personal Information Processing;

  • The Company may entrust the management of personal information to other entities to a limited extent to provide smooth and improved services. The following is a list of companies which are entrusted with the processing of personal information for the performance of service agreements with members. The Company stipulates matters required for the secure management of personal information upon execution of outsourcing agreements in accordance with relevant statutes.
  • Outsourced company Purpose of outsourcing Retention period
    Danal Co., Ltd. Payment of gift certificates At the time of the withdrawal of the customership or until the termination of the trust agreement, when the statute establishes
    Think Full Co., Ltd. Service to prevent sign in stealing
    Settle Bank Co., Ltd. Payment without account (virtual account)
    Shinhan Bank Co., Ltd.
    NH Nonghyup
    KG INICIS Service of settling credit card payments
    IMI Corporation B Point mall service
    Kookmin Bank Co., Ltd. KB Escrow Service
    Korea Credit Bureau Co., Ltd. Ipin self-certification service Do not Save Separately (Information of the certified service provider)
    Korea Mobile Certification Co., Ltd. Mobile phone verification service
    Will & Vision Operation of customer centers and customer consulting Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Transcosmos Korea Inc.
    Info Bank Co., Ltd. Send SMS
    SUREM Co., Ltd.
    Nice information Service Simple verification of real names Do not Save Separately (Information of the certified service provider)

5. Period of Retention and Use of Personal Information;

  • A.Customers’ personal information shall be retained and used during a period when the Company provides services for customers. Upon a user’s withdrawal of membership, such user’s personal information shall be destroyed to ensure that his/her/its personal information is neither accessed nor used. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.
  • Records on payments and the supply of goods: three (5) years
  • - Records on payments and the supply of goods: three (5) years
  • - Records on the handling of customers’ complaints and disputes: three (3) years
  • B.If a customer demands access to transaction information that has been retained by the Company after obtaining the consent of such a customer, the Company shall immediately take a step to ensure that such information can be accessed and checked by such a customer.
  • C.A customer may illegally or expediently receive economic benefits offered by the Company, such as discount coupons and event giveaways, or is likely to use another’s name by repeatedly re-obtaining and re-terminating membership after withdrawing his/her/its membership. Therefore, the Company shall retain members’ names, dates of birth, IDs, and passwords for one month after withdrawal of their membership for the purpose of preventing such illegal and expedient acts.

6. Procedure and Method for Destroying Personal Information;

  • The Company shall immediately destroy personal information depending on the period of retention and use of such information once the purpose of using such information collected has been fulfilled through the following procedure and method and at the following timing:
  • A.Procedure and Timing for Destroying Personal Information
  • The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled, including termination of services, and a retention period of such information as stipulated by its internal guidelines and other relevant statutes (please, refer to the above period of retention and use of personal information) has elapsed. In general, if there is no remaining creditor and debtor relationship, the Company shall, upon withdrawal of membership, immediately delete any personal information that has been collected by the Company at the time of obtaining membership and afterwards managed in the form of electronic files.
  • B.Destruction method
  • Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

  • A. Users and legal representatives of children under fourteen years of age may, at any time, exercise the following rights to the personal information of themselves or such children that are registered at the Company.
  • - Right to demand access to personal information

    - Right to demand correcting errors in personal information, if any

    - Right to demand the deletion of personal information

    - Right to demand the suspension of personal information processing

  • B. Users and legal representatives of children under fourteen years of age may log into the Company’s homepage (www.bithumb.com) and access or modify the personal information of themselves or such children in the Member’s Information Change menu or may do so by sending e-mails or written requests to a chief privacy officer at the Company. However, members’ ID and names may not be modified.
  • C. Users and legal representatives of children under fourteen years of age may withdraw their consent to the ‘collection and use of personal information’ by e-mail, telephone or fax and in such case, shall reveal their or such children’s ID and e-mail address.
  • D. If users and legal representatives of children under fourteen years of age request the correction and deletion of errors in their personal information, the Company shall neither use nor provide such personal information until such errors are corrected or deleted. The Company shall handle the personal information that is terminated or deleted at the request of such users and legal representatives in accordance with ‘Period of Retention and Use of Personal Information’ and prohibit such information from being accessed or used for any purposes other than those stipulated in the ‘Period of Retention and Use of Personal Information.’

8. Measures for Ensuring the Security of Personal Information;

  • The Company has implemented the following measures required for ensuring security under the Personal Information Protection Act:
    • A. Protective measures for administrative purposes
    • 1)Establishment and implementation of an internal management plan
    • - Matters on the appointment of the chief privacy officer
    • - Matters on roles and responsibilities of a chief privacy officer and a personal information- handling employee
    • - Matters on measures for ensuring the security of personal information
    • - Matters on training on the personal information handling employee and companies entrusted with personal information processing
    • - Other matters required for the protection of personal information
    • 2) Conducting its own internal audits
    • - Matters on divisions of duties between the chief privacy officer and an auditor
    • - Matters on roles and responsibilities of an auditor on personal information-related matters
    • - Conducting regular internal audits for ensuring the security of personal information handling
    • B. Technological protection measures
    • 1) The Company operates a system designed to prevent the leakage of personal information in order to prevent the personal information-handling employee from leaking customers’ information. It also applies secure password algorithm to personal information that is transmitted via PCs and networks.
    • 2) The Company grants each personal information handling employee one user account that has different functions and the least right to access a personal information handling system, which is required for performing his/her duties. If such personal information handling employee is replaced, the Company shall modify or delete his/her right to access the system and retain related records for at least five (5) years. In addition, the Company has established and applies a rule of creating a password for the personal information handling employee.
    • 3) If the Company sends or receives individuals’ peculiar identification information and passwords via information communication networks or delivers them through supplementary storage mediums, it shall store them using commercial encryption software and encrypt passwords with secure password algorithms and store them in encrypted forms.
    • 4) The Company retains and manages records on the personal information handling employee’ s access to the personal information processing system for at least six (6) months and securely stores such records to ensure that such records are not forged, modified, stolen or lost.
    • 5) The Company installs and operates security programs, such as vaccine programs that can prevent or cure malicious programs in the personal information processing system or computers used for business purposes. It also conducts regular PC checkups by using the automatic update function of such security programs.
    • C. Physical protective measures
    • The Company has established and operates a procedure for controlling entry to and exit from physical sites where personal information is stored, such as computer rooms and archives. It also stores and manages documents and supplementary storage mediums containing personal information at locations secured with locks.

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

  • A. The Company may install and operate cookies that store and frequently retrieve customers’ information through Internet services provided by the Company. Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server. If a customer accesses the Company’s website, the Company may read the contents of cookies stored at such a customer’s web browser and provide services by searching for additional information, without requiring such a customer to enter such additional information, including his/her/its name.
    • B. The Company may use customers’ information collected through cookies for the following purposes:
    • 1) Providing different information depending on individuals’ interests
    • 2) Identifying users’ tastes and interests by analyzing the access frequency or staying time of members or non-members, and using them for target marketing.
    • 3) Tracing the contents that users read attentively and providing tailor-made services in his/her next visit to the Company’s website.
    • 4) Providing guidance on a use period in using paid services.
    • 5) Analyzing customers’ habits and using them as a measure for the reshuffling of services.
  • C. All customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed, by clicking “Tools>Internet Options> Personal Information > Advanced on the upper menu bar of a web browser. However, if a customer rejects the installation of cookies, he/she/it may have inconvenience or difficulty in using services.
  • D. Cookies expire at the termination of a web browser or when users log out of services.

10. Chief Privacy Officer and Personal Information Handling Employees

  • A. The Company values the protection of customers’ personal information highly and does its best to ensure that their personal information is not damaged, compromised or leaked. However, the Company shall not be responsible for the information damaged by unexpected accidents that arise from basic dangers inherent at networks and all kinds of disputes that arise from postings made by visitors to the Company’s website, even though the Company has taken technological security measures.
  • B. The Company’s customer center offers swift and sincere replies to customers’ inquiries about the protection of their personal information. In addition, customers who wish to contact the chief privacy officer at the Company may contact him/her at the below telephone number or by e-mail. We will answer your inquiries on the protection of personal information swiftly and sincerely.
  • 1) Chief Privacy Officer
  • - Name: Myoungsoo Jeong
  • - Title: The Chairman of the Board
  • - Telephone number: 82-1661-5551
  • - E-mail: private@bitcash.com
  • 2) Personal Information Handling Employee
  • - Name: Cheolgeun Lee
  • - Title: Assistant Manager
  • - Telephone No.: 82-1661-5551
  • - E-mail: private@bitcash.com
  • C. You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.
  • 1. Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
  • 2. Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 1301
  • 3. Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 182
  • 4. Personal Information Response Center (http://privacy.kisa.or.kr): 118

Privacy Policy

  • BTC KoreaCom Corporation (hereinafter “Company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. The Company has also established the Guideline on Processing Personal Information in accordance with relevant statutes and protects the rights and interests of users.
  • As the Company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the Company’s policies, customers are recommended to pay frequent visits to our website and check details.
  • The Company’s Guideline on Processing Personal Information includes the following sections:

1. Personal Information Items Collected and Collection Method;

2. Purpose of Collecting and Using Personal Information;

3. Provision of Personal Information;

4. Outsourcing of Personal Information Processing;

5. Period of Retention and Use of Personal Information;

6. Procedure and Method for Destroying Personal Information;

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

8. Measures for Ensuring the Security of Personal Information;

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

10. Chief Privacy Officer and Personal Information Handling Employees

11. Notices

1. Personal Information Items Collected and Collection Method;

  • A.Personal information items collected
  • 1.The Company shall not collect any sensitive personal information which may lead to the infringement of human rights of users, including their race, ethnicity, ideas and creeds, place of birth and legal domicile, political orientations and criminal records, health status, and sexual life.
  • 2.The Company shall collect and use the following essential personal information:
    • 1)Verification of a user’s identity and his/her willingness to obtain membership
    • - general members: name, ID, password, passport no. (for foreigners only), cell phone number, email address, country of origin, secure password
    • - corporate members: name of company, name of representative, business registration number, contact telephone number, place of workplace address, e-mail address, password, country of operation, cell phone number, secure password
    • 2) Self-authentication for payments and funds withdrawals
    • - name, date of birth, account number, a copy of an identification card (any remaining information masked except for date of birth), cell phone number, secure password.
    • 3)Self-authentication for level up
    • - cell phone number, e-mail address, i-pin number, a copy of an identification card (any remaining information masked except for date of birth)
    • 4)Secure password initialization
    • - name, e-mail address, cell phone number, a copy of an identification card (any remaining information masked except for date of birth), a facial photo
    • 5)Prevention of use by fraudulent members and prevention of unauthorized use
    • - users’ IP address and date and time of their visit to the Company’s website
    • 6) Verification of users’ real name
    • - name, date of birth, gender
    • 3.The following information may be created and collected in the process of using or processing services:
    • - Records on using services, payment records, records on the suspension and termination of services, access logs, cookies, users’ IP address, records on fraudulent or abnormal uses of services.
    • B.Collection method
    • The Company shall collect personal information through the following methods:
    • - homepage, cell phone applications, cell phone web page, fax, telephone, consumer bulletin board, e-mail, and event application
    • - Collection of personal information through a tool for collecting created information

2. Purpose of Collecting and Using Personal Information;

  • The Company shall collect and use customers’ personal information for the following purposes:
  • A.Member management
  • - Self-authentication for the use of membership-based services, verification of individuals’ identity
  • - Prevention of use of services by fraudulent members and of unauthorized use
  • - Verification of users’ willingness to obtain membership and limitation on membership and the number of obtaining membership
  • - Identification of minors
  • - Records retention for consulting with customers, acceptance and handling of customers’ complaints and disputes resolution
  • - Delivery of notices
  • B.Performance of agreements on the provision of services and payment of charges
  • - Provision of services and contents, as well as tailored-made services
  • - Payment and settlement of fees
  • - Notification of the result of winning prizes at events/giveaways and delivery of products
  • C.Use for marketing and advertisements
  • - Providing optimized services for customers
  • - Developing and specializing in new services (products)
  • - Providing services and posting advertisements according to demographic traits
  • - Identifying the frequency of access to the Company’s homepage
  • - Statistics on the use of services
  • - Mailing periodicals and offering guidance on new products or services
  • - Planning web services and events that meet customers’ interests
  • - Delivering information on advertisements, such as giveaways and events, and operation of member communities
  • - Conducting customer questionnaire based survey

3. Provision of Personal Information;

  • The Company shall neither use nor provide customers’ personal information for any third party beyond the scope of which customers are notified upon collection of their information or the scope that is specified at the terms and conditions of the use of services, unless the customers agree or except for the following cases:
  • A. Partnership: The Company may provide customers’ personal information for its partners or share such information with its partners for the provision of better services. In case the Company does the foregoing acts, individual customers shall be notified in advance of who are our partners, what kinds of personal information items are provided or shared and why such personal information should be provided or shared and until when such information should be protected and managed, either in writing or e-mail, and give their consent to the provision and sharing of their personal information. If customers do not agree, the Company shall neither provide for its partners nor share their personal information with its partners. If there is any change in or termination of the Company’s partnership, the Company shall notify customers of such change or termination or seek their consent through the same procedure as described above.
  • B. Sale and merger and acquisition: If the Company sells its business, in whole or in part, or transfers and assumes the rights and obligations of any service providers, due to mergers and inheritances, the Company shall be sure to notify customers of such mergers and inheritances to guarantee customers their right related to the protection of their personal information.
  • C. Customers’ personal information is required for the performance of an agreement on the provision of services but it is significantly difficult to obtain customers’ ordinary consent due to economic and technological reasons.
  • D. Customers’ personal information is required for payments of fees in return for services
  • E. There is a special provision in other laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act. However, even if there is a special provision in laws compelling the provision of customers’ personal information and customers’ personal information is requested by an administrative or investigation agency for administrative or investigative purposes, the Company shall not provide such personal information unconditionally but only do so in accordance with legal procedures, including by way of a writ or a written request affixed with a seal of head of such agency as stipulated in laws.
  • F. A user inflicts mental and physical damage on others using the Company’s services and therefore, the Company has sufficient grounds to determine that such user’s personal information should be disclosed for the Company to take legal action against such infliction of harm.

4. Outsourcing of Personal Information Processing;

  • The Company may entrust the management of personal information to other entities to a limited extent to provide smooth and improved services. The following is a list of companies which are entrusted with the processing of personal information for the performance of service agreements with members. The Company stipulates matters required for the secure management of personal information upon execution of outsourcing agreements in accordance with relevant statutes.
  • Outsourced company Purpose of outsourcing Retention period
    Danal Co., Ltd. Payment of gift certificates At the time of the withdrawal of the customership or until the termination of the trust agreement, when the statute establishes
    Think Full Co., Ltd. Service to prevent sign in stealing
    Settle Bank Co., Ltd. Payment without account (virtual account)
    Shinhan Bank Co., Ltd.
    NH Nonghyup
    KG INICIS Service of settling credit card payments
    IMI Corporation B Point mall service
    Kookmin Bank Co., Ltd. KB Escrow Service
    Korea Credit Bureau Co., Ltd. Ipin self-certification service Do not Save Separately (Information of the certified service provider)
    Korea Mobile Certification Co., Ltd. Mobile phone verification service
    BTC Korea Service Co., Ltd. Operation of customer centers and customer consulting Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Transcosmos Korea Inc.
    Info Bank Co., Ltd. Send SMS
    SUREM Co., Ltd.
    Nice information Service Simple verification of real names Do not Save Separately (Information of the certified service provider)

5. Period of Retention and Use of Personal Information;

  • A.Customers’ personal information shall be retained and used during a period when the Company provides services for customers. Upon a user’s withdrawal of membership, such user’s personal information shall be destroyed to ensure that his/her/its personal information is neither accessed nor used. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.
  • Records on payments and the supply of goods: three (5) years
  • - Records on payments and the supply of goods: three (5) years
  • - Records on the handling of customers’ complaints and disputes: three (3) years
  • B.If a customer demands access to transaction information that has been retained by the Company after obtaining the consent of such a customer, the Company shall immediately take a step to ensure that such information can be accessed and checked by such a customer.
  • C.A customer may illegally or expediently receive economic benefits offered by the Company, such as discount coupons and event giveaways, or is likely to use another’s name by repeatedly re-obtaining and re-terminating membership after withdrawing his/her/its membership. Therefore, the Company shall retain members’ names, dates of birth, IDs, and passwords for one month after withdrawal of their membership for the purpose of preventing such illegal and expedient acts.

6. Procedure and Method for Destroying Personal Information;

  • The Company shall immediately destroy personal information depending on the period of retention and use of such information once the purpose of using such information collected has been fulfilled through the following procedure and method and at the following timing:
  • A.Procedure and Timing for Destroying Personal Information
  • The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled, including termination of services, and a retention period of such information as stipulated by its internal guidelines and other relevant statutes (please, refer to the above period of retention and use of personal information) has elapsed. In general, if there is no remaining creditor and debtor relationship, the Company shall, upon withdrawal of membership, immediately delete any personal information that has been collected by the Company at the time of obtaining membership and afterwards managed in the form of electronic files.
  • B.Destruction method
  • Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

  • A. Users and legal representatives of children under fourteen years of age may, at any time, exercise the following rights to the personal information of themselves or such children that are registered at the Company.
  • - Right to demand access to personal information

    - Right to demand correcting errors in personal information, if any

    - Right to demand the deletion of personal information

    - Right to demand the suspension of personal information processing

  • B. Users and legal representatives of children under fourteen years of age may log into the Company’s homepage (www.bithumb.com) and access or modify the personal information of themselves or such children in the Member’s Information Change menu or may do so by sending e-mails or written requests to a chief privacy officer at the Company. However, members’ ID and names may not be modified.
  • C. Users and legal representatives of children under fourteen years of age may withdraw their consent to the ‘collection and use of personal information’ by e-mail, telephone or fax and in such case, shall reveal their or such children’s ID and e-mail address.
  • D. If users and legal representatives of children under fourteen years of age request the correction and deletion of errors in their personal information, the Company shall neither use nor provide such personal information until such errors are corrected or deleted. The Company shall handle the personal information that is terminated or deleted at the request of such users and legal representatives in accordance with ‘Period of Retention and Use of Personal Information’ and prohibit such information from being accessed or used for any purposes other than those stipulated in the ‘Period of Retention and Use of Personal Information.’

8. Measures for Ensuring the Security of Personal Information;

  • The Company has implemented the following measures required for ensuring security under the Personal Information Protection Act:
    • A. Protective measures for administrative purposes
    • 1)Establishment and implementation of an internal management plan
    • - Matters on the appointment of the chief privacy officer
    • - Matters on roles and responsibilities of a chief privacy officer and a personal information- handling employee
    • - Matters on measures for ensuring the security of personal information
    • - Matters on training on the personal information handling employee and companies entrusted with personal information processing
    • - Other matters required for the protection of personal information
    • 2) Conducting its own internal audits
    • - Matters on divisions of duties between the chief privacy officer and an auditor
    • - Matters on roles and responsibilities of an auditor on personal information-related matters
    • - Conducting regular internal audits for ensuring the security of personal information handling
    • B. Technological protection measures
    • 1) The Company operates a system designed to prevent the leakage of personal information in order to prevent the personal information-handling employee from leaking customers’ information. It also applies secure password algorithm to personal information that is transmitted via PCs and networks.
    • 2) The Company grants each personal information handling employee one user account that has different functions and the least right to access a personal information handling system, which is required for performing his/her duties. If such personal information handling employee is replaced, the Company shall modify or delete his/her right to access the system and retain related records for at least five (5) years. In addition, the Company has established and applies a rule of creating a password for the personal information handling employee.
    • 3) If the Company sends or receives individuals’ peculiar identification information and passwords via information communication networks or delivers them through supplementary storage mediums, it shall store them using commercial encryption software and encrypt passwords with secure password algorithms and store them in encrypted forms.
    • 4) The Company retains and manages records on the personal information handling employee’ s access to the personal information processing system for at least six (6) months and securely stores such records to ensure that such records are not forged, modified, stolen or lost.
    • 5) The Company installs and operates security programs, such as vaccine programs that can prevent or cure malicious programs in the personal information processing system or computers used for business purposes. It also conducts regular PC checkups by using the automatic update function of such security programs.
    • C. Physical protective measures
    • The Company has established and operates a procedure for controlling entry to and exit from physical sites where personal information is stored, such as computer rooms and archives. It also stores and manages documents and supplementary storage mediums containing personal information at locations secured with locks.

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

  • A. The Company may install and operate cookies that store and frequently retrieve customers’ information through Internet services provided by the Company. Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server. If a customer accesses the Company’s website, the Company may read the contents of cookies stored at such a customer’s web browser and provide services by searching for additional information, without requiring such a customer to enter such additional information, including his/her/its name.
    • B. The Company may use customers’ information collected through cookies for the following purposes:
    • 1) Providing different information depending on individuals’ interests
    • 2) Identifying users’ tastes and interests by analyzing the access frequency or staying time of members or non-members, and using them for target marketing.
    • 3) Tracing the contents that users read attentively and providing tailor-made services in his/her next visit to the Company’s website.
    • 4) Providing guidance on a use period in using paid services.
    • 5) Analyzing customers’ habits and using them as a measure for the reshuffling of services.
  • C. All customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed, by clicking “Tools>Internet Options> Personal Information > Advanced on the upper menu bar of a web browser. However, if a customer rejects the installation of cookies, he/she/it may have inconvenience or difficulty in using services.
  • D. Cookies expire at the termination of a web browser or when users log out of services.

10. Chief Privacy Officer and Personal Information Handling Employees

  • A. The Company values the protection of customers’ personal information highly and does its best to ensure that their personal information is not damaged, compromised or leaked. However, the Company shall not be responsible for the information damaged by unexpected accidents that arise from basic dangers inherent at networks and all kinds of disputes that arise from postings made by visitors to the Company’s website, even though the Company has taken technological security measures.
  • B. The Company’s customer center offers swift and sincere replies to customers’ inquiries about the protection of their personal information. In addition, customers who wish to contact the chief privacy officer at the Company may contact him/her at the below telephone number or by e-mail. We will answer your inquiries on the protection of personal information swiftly and sincerely.
  • 1) Chief Privacy Officer
  • - Name: Myoungsoo Jeong
  • - Title: The Chairman of the Board
  • - Telephone number: 82-1661-5551
  • - E-mail: private@bitcash.com
  • 2) Personal Information Handling Employee
  • - Name: Cheolgeun Lee
  • - Title: Assistant Manager
  • - Telephone No.: 82-1661-5551
  • - E-mail: private@bitcash.com
  • C. You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.
  • 1. Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
  • 2. Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 1301
  • 3. Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 182
  • 4. Personal Information Response Center (http://privacy.kisa.or.kr): 118

Privacy Policy

  • BTC KoreaCom Corporation (hereinafter “Company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. The Company has also established the Guideline on Processing Personal Information in accordance with relevant statutes and protects the rights and interests of users.
  • As the Company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the Company’s policies, customers are recommended to pay frequent visits to our website and check details.
  • The Company’s Guideline on Processing Personal Information includes the following sections:

1. Personal Information Items Collected and Collection Method;

2. Purpose of Collecting and Using Personal Information;

3. Provision of Personal Information;

4. Outsourcing of Personal Information Processing;

5. Period of Retention and Use of Personal Information;

6. Procedure and Method for Destroying Personal Information;

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

8. Measures for Ensuring the Security of Personal Information;

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

10. Chief Privacy Officer and Personal Information Handling Employees

11. Notices

1. Personal Information Items Collected and Collection Method;

  • A.Personal information items collected
  • 1.The Company shall not collect any sensitive personal information which may lead to the infringement of human rights of users, including their race, ethnicity, ideas and creeds, place of birth and legal domicile, political orientations and criminal records, health status, and sexual life.
  • 2.The Company shall collect and use the following essential personal information:
    • 1)Verification of a user’s identity and his/her willingness to obtain membership
    • - general members: name, ID, password, passport no. (for foreigners only), cell phone number, email address, country of origin, secure password, residency(address)
    • - corporate members: name of company, name of representative, business registration number, contact telephone number, place of workplace address, e-mail address, password, country of operation, cell phone number, secure password
    • 2) Self-authentication for payments and funds withdrawals
    • - name, date of birth, account number, a copy of an identification card (any remaining information masked except for date of birth), cell phone number, secure password.
    • 3)Self-authentication for level up
    • - cell phone number, e-mail address, i-pin number, a copy of an identification card (any remaining information masked except for date of birth)
    • 4)Secure password initialization
    • - name, e-mail address, cell phone number, a copy of an identification card (any remaining information masked except for date of birth), a facial photo
    • 5)Prevention of use by fraudulent members and prevention of unauthorized use
    • - users’ IP address and date and time of their visit to the Company’s website
    • 6) Verification of users’ real name
    • - name, date of birth, gender
    • 3.The following information may be created and collected in the process of using or processing services:
    • - Records on using services, payment records, records on the suspension and termination of services, access logs, cookies, users’ IP address, records on fraudulent or abnormal uses of services.
    • B.Collection method
    • The Company shall collect personal information through the following methods:
    • - homepage, cell phone applications, cell phone web page, fax, telephone, consumer bulletin board, e-mail, and event application
    • - Collection of personal information through a tool for collecting created information

2. Purpose of Collecting and Using Personal Information;

  • The Company shall collect and use customers’ personal information for the following purposes:
  • A.Member management
  • - Self-authentication for the use of membership-based services, verification of individuals’ identity
  • - Prevention of use of services by fraudulent members and of unauthorized use
  • - Verification of users’ willingness to obtain membership and limitation on membership and the number of obtaining membership
  • - Identification of minors
  • - Records retention for consulting with customers, acceptance and handling of customers’ complaints and disputes resolution
  • - Delivery of notices
  • B.Performance of agreements on the provision of services and payment of charges
  • - Provision of services and contents, as well as tailored-made services
  • - Payment and settlement of fees
  • - Notification of the result of winning prizes at events/giveaways and delivery of products
  • C.Use for marketing and advertisements
  • - Providing optimized services for customers
  • - Developing and specializing in new services (products)
  • - Providing services and posting advertisements according to demographic traits
  • - Identifying the frequency of access to the Company’s homepage
  • - Statistics on the use of services
  • - Mailing periodicals and offering guidance on new products or services
  • - Planning web services and events that meet customers’ interests
  • - Delivering information on advertisements, such as giveaways and events, and operation of member communities
  • - Conducting customer questionnaire based survey

3. Provision of Personal Information;

  • The Company shall neither use nor provide customers’ personal information for any third party beyond the scope of which customers are notified upon collection of their information or the scope that is specified at the terms and conditions of the use of services, unless the customers agree or except for the following cases:
  • A. Partnership: The Company may provide customers’ personal information for its partners or share such information with its partners for the provision of better services. In case the Company does the foregoing acts, individual customers shall be notified in advance of who are our partners, what kinds of personal information items are provided or shared and why such personal information should be provided or shared and until when such information should be protected and managed, either in writing or e-mail, and give their consent to the provision and sharing of their personal information. If customers do not agree, the Company shall neither provide for its partners nor share their personal information with its partners. If there is any change in or termination of the Company’s partnership, the Company shall notify customers of such change or termination or seek their consent through the same procedure as described above.
  • B. Sale and merger and acquisition: If the Company sells its business, in whole or in part, or transfers and assumes the rights and obligations of any service providers, due to mergers and inheritances, the Company shall be sure to notify customers of such mergers and inheritances to guarantee customers their right related to the protection of their personal information.
  • C. Customers’ personal information is required for the performance of an agreement on the provision of services but it is significantly difficult to obtain customers’ ordinary consent due to economic and technological reasons.
  • D. Customers’ personal information is required for payments of fees in return for services
  • E. There is a special provision in other laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act. However, even if there is a special provision in laws compelling the provision of customers’ personal information and customers’ personal information is requested by an administrative or investigation agency for administrative or investigative purposes, the Company shall not provide such personal information unconditionally but only do so in accordance with legal procedures, including by way of a writ or a written request affixed with a seal of head of such agency as stipulated in laws.
  • F. A user inflicts mental and physical damage on others using the Company’s services and therefore, the Company has sufficient grounds to determine that such user’s personal information should be disclosed for the Company to take legal action against such infliction of harm.

4. Outsourcing of Personal Information Processing;

  • The Company may entrust the management of personal information to other entities to a limited extent to provide smooth and improved services. The following is a list of companies which are entrusted with the processing of personal information for the performance of service agreements with members. The Company stipulates matters required for the secure management of personal information upon execution of outsourcing agreements in accordance with relevant statutes.
  • Outsourced company Purpose of outsourcing Retention period
    Danal Co., Ltd. Payment of gift certificates At the time of the withdrawal of the customership or until the termination of the trust agreement, when the statute establishes
    Think Full Co., Ltd. Service to prevent sign in stealing
    Settle Bank Co., Ltd. Payment without account (virtual account)
    Shinhan Bank Co., Ltd.
    NH Nonghyup
    KG INICIS Service of settling credit card payments
    IMI Corporation B Point mall service
    Kookmin Bank Co., Ltd. KB Escrow Service
    Korea Credit Bureau Co., Ltd. Ipin self-certification service Do not Save Separately (Information of the certified service provider)
    Korea Mobile Certification Co., Ltd. Mobile phone verification service
    BTC Korea Service Co., Ltd. Operation of customer centers and customer consulting Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Transcosmos Korea Inc.
    Info Bank Co., Ltd. Send SMS
    SUREM Co., Ltd.
    Nice information Service Simple verification of real names Do not Save Separately (Information of the certified service provider)

5. Period of Retention and Use of Personal Information;

  • A.Customers’ personal information shall be retained and used during a period when the Company provides services for customers. Upon a user’s withdrawal of membership, such user’s personal information shall be destroyed to ensure that his/her/its personal information is neither accessed nor used. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.
  • Records on payments and the supply of goods: three (5) years
  • - Records on payments and the supply of goods: three (5) years
  • - Records on the handling of customers’ complaints and disputes: three (3) years
  • B.If a customer demands access to transaction information that has been retained by the Company after obtaining the consent of such a customer, the Company shall immediately take a step to ensure that such information can be accessed and checked by such a customer.
  • C.A customer may illegally or expediently receive economic benefits offered by the Company, such as discount coupons and event giveaways, or is likely to use another’s name by repeatedly re-obtaining and re-terminating membership after withdrawing his/her/its membership. Therefore, the Company shall retain members’ names, dates of birth, IDs, and passwords for one month after withdrawal of their membership for the purpose of preventing such illegal and expedient acts.

6. Procedure and Method for Destroying Personal Information;

  • The Company shall immediately destroy personal information depending on the period of retention and use of such information once the purpose of using such information collected has been fulfilled through the following procedure and method and at the following timing:
  • A.Procedure and Timing for Destroying Personal Information
  • The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled, including termination of services, and a retention period of such information as stipulated by its internal guidelines and other relevant statutes (please, refer to the above period of retention and use of personal information) has elapsed. In general, if there is no remaining creditor and debtor relationship, the Company shall, upon withdrawal of membership, immediately delete any personal information that has been collected by the Company at the time of obtaining membership and afterwards managed in the form of electronic files.
  • B.Destruction method
  • Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

  • A. Users and legal representatives of children under fourteen years of age may, at any time, exercise the following rights to the personal information of themselves or such children that are registered at the Company.
  • - Right to demand access to personal information

    - Right to demand correcting errors in personal information, if any

    - Right to demand the deletion of personal information

    - Right to demand the suspension of personal information processing

  • B. Users and legal representatives of children under fourteen years of age may log into the Company’s homepage (www.bithumb.com) and access or modify the personal information of themselves or such children in the Member’s Information Change menu or may do so by sending e-mails or written requests to a chief privacy officer at the Company. However, members’ ID and names may not be modified.
  • C. Users and legal representatives of children under fourteen years of age may withdraw their consent to the ‘collection and use of personal information’ by e-mail, telephone or fax and in such case, shall reveal their or such children’s ID and e-mail address.
  • D. If users and legal representatives of children under fourteen years of age request the correction and deletion of errors in their personal information, the Company shall neither use nor provide such personal information until such errors are corrected or deleted. The Company shall handle the personal information that is terminated or deleted at the request of such users and legal representatives in accordance with ‘Period of Retention and Use of Personal Information’ and prohibit such information from being accessed or used for any purposes other than those stipulated in the ‘Period of Retention and Use of Personal Information.’

8. Measures for Ensuring the Security of Personal Information;

  • The Company has implemented the following measures required for ensuring security under the Personal Information Protection Act:
    • A. Protective measures for administrative purposes
    • 1)Establishment and implementation of an internal management plan
    • - Matters on the appointment of the chief privacy officer
    • - Matters on roles and responsibilities of a chief privacy officer and a personal information- handling employee
    • - Matters on measures for ensuring the security of personal information
    • - Matters on training on the personal information handling employee and companies entrusted with personal information processing
    • - Other matters required for the protection of personal information
    • 2) Conducting its own internal audits
    • - Matters on divisions of duties between the chief privacy officer and an auditor
    • - Matters on roles and responsibilities of an auditor on personal information-related matters
    • - Conducting regular internal audits for ensuring the security of personal information handling
    • B. Technological protection measures
    • 1) The Company operates a system designed to prevent the leakage of personal information in order to prevent the personal information-handling employee from leaking customers’ information. It also applies secure password algorithm to personal information that is transmitted via PCs and networks.
    • 2) The Company grants each personal information handling employee one user account that has different functions and the least right to access a personal information handling system, which is required for performing his/her duties. If such personal information handling employee is replaced, the Company shall modify or delete his/her right to access the system and retain related records for at least five (5) years. In addition, the Company has established and applies a rule of creating a password for the personal information handling employee.
    • 3) If the Company sends or receives individuals’ peculiar identification information and passwords via information communication networks or delivers them through supplementary storage mediums, it shall store them using commercial encryption software and encrypt passwords with secure password algorithms and store them in encrypted forms.
    • 4) The Company retains and manages records on the personal information handling employee’ s access to the personal information processing system for at least six (6) months and securely stores such records to ensure that such records are not forged, modified, stolen or lost.
    • 5) The Company installs and operates security programs, such as vaccine programs that can prevent or cure malicious programs in the personal information processing system or computers used for business purposes. It also conducts regular PC checkups by using the automatic update function of such security programs.
    • C. Physical protective measures
    • The Company has established and operates a procedure for controlling entry to and exit from physical sites where personal information is stored, such as computer rooms and archives. It also stores and manages documents and supplementary storage mediums containing personal information at locations secured with locks.

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

  • A. The Company may install and operate cookies that store and frequently retrieve customers’ information through Internet services provided by the Company. Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server. If a customer accesses the Company’s website, the Company may read the contents of cookies stored at such a customer’s web browser and provide services by searching for additional information, without requiring such a customer to enter such additional information, including his/her/its name.
    • B. The Company may use customers’ information collected through cookies for the following purposes:
    • 1) Providing different information depending on individuals’ interests
    • 2) Identifying users’ tastes and interests by analyzing the access frequency or staying time of members or non-members, and using them for target marketing.
    • 3) Tracing the contents that users read attentively and providing tailor-made services in his/her next visit to the Company’s website.
    • 4) Providing guidance on a use period in using paid services.
    • 5) Analyzing customers’ habits and using them as a measure for the reshuffling of services.
  • C. All customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed, by clicking “Tools>Internet Options> Personal Information > Advanced on the upper menu bar of a web browser. However, if a customer rejects the installation of cookies, he/she/it may have inconvenience or difficulty in using services.
  • D. Cookies expire at the termination of a web browser or when users log out of services.

10. Chief Privacy Officer and Personal Information Handling Employees

  • A. The Company values the protection of customers’ personal information highly and does its best to ensure that their personal information is not damaged, compromised or leaked. However, the Company shall not be responsible for the information damaged by unexpected accidents that arise from basic dangers inherent at networks and all kinds of disputes that arise from postings made by visitors to the Company’s website, even though the Company has taken technological security measures.
  • B. The Company’s customer center offers swift and sincere replies to customers’ inquiries about the protection of their personal information. In addition, customers who wish to contact the chief privacy officer at the Company may contact him/her at the below telephone number or by e-mail. We will answer your inquiries on the protection of personal information swiftly and sincerely.
  • 1) Chief Privacy Officer
  • - Name: Myoungsoo Jeong
  • - Title: The Chairman of the Board
  • - Telephone number: 82-1661-5551
  • - E-mail: private@bitcash.com
  • 2) Personal Information Handling Employee
  • - Name: Cheolgeun Lee
  • - Title: Assistant Manager
  • - Telephone No.: 82-1661-5551
  • - E-mail: private@bitcash.com
  • C. You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.
  • 1. Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
  • 2. Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 1301
  • 3. Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 182
  • 4. Personal Information Response Center (http://privacy.kisa.or.kr): 118

Privacy Policy

  • BTC KoreaCom Corporation (hereinafter “Company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. The Company has also established the Guideline on Processing Personal Information in accordance with relevant statutes and protects the rights and interests of users.
  • As the Company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the Company’s policies, customers are recommended to pay frequent visits to our website and check details.
  • The Company’s Guideline on Processing Personal Information includes the following sections:

1. Personal Information Items Collected and Collection Method;

2. Purpose of Collecting and Using Personal Information;

3. Provision of Personal Information;

4. Outsourcing of Personal Information Processing;

5. Period of Retention and Use of Personal Information;

6. Procedure and Method for Destroying Personal Information;

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

8. Measures for Ensuring the Security of Personal Information;

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

10. Chief Privacy Officer and Personal Information Handling Employees

11. Notices

1. Personal Information Items Collected and Collection Method;

  • A.Personal information items collected
  • 1.The Company shall not collect any sensitive personal information which may lead to the infringement of human rights of users, including their race, ethnicity, ideas and creeds, place of birth and legal domicile, political orientations and criminal records, health status, and sexual life.
  • 2.The Company shall collect and use the following essential personal information:
    • 1)Verification of a user’s identity and his/her willingness to obtain membership
    • - general members: name, ID, password, passport no. (for foreigners only), cell phone number, email address, country of origin, secure password, residency(address)
    • - corporate members: name of company, name of representative, business registration number, contact telephone number, place of workplace address, e-mail address, password, country of operation, cell phone number, secure password
    • 2) Self-authentication for payments and funds withdrawals
    • - name, date of birth, account number, a copy of an identification card (any remaining information masked except for date of birth), cell phone number, secure password.
    • 3)Self-authentication for level up
    • - cell phone number, e-mail address, i-pin number, a copy of an identification card (any remaining information masked except for date of birth), Bank account no. for withdrawals, address
    • 4)Secure password initialization
    • - name, e-mail address, cell phone number, a copy of an identification card (any remaining information masked except for date of birth), a facial photo
    • 5)Prevention of use by fraudulent members and prevention of unauthorized use
    • - users’ IP address and date and time of their visit to the Company’s website
    • 6) Verification of users’ real name
    • - name, date of birth, gender
    • 3.The following information may be created and collected in the process of using or processing services:
    • - Records on using services, payment records, records on the suspension and termination of services, access logs, cookies, users’ IP address, records on fraudulent or abnormal uses of services.
    • B.Collection method
    • The Company shall collect personal information through the following methods:
    • - homepage, cell phone applications, cell phone web page, fax, telephone, consumer bulletin board, e-mail, and event application
    • - Collection of personal information through a tool for collecting created information

2. Purpose of Collecting and Using Personal Information;

  • The Company shall collect and use customers’ personal information for the following purposes:
  • A.Member management
  • - Self-authentication for the use of membership-based services, verification of individuals’ identity
  • - Prevention of use of services by fraudulent members and of unauthorized use
  • - Verification of users’ willingness to obtain membership and limitation on membership and the number of obtaining membership
  • - Identification of minors
  • - Records retention for consulting with customers, acceptance and handling of customers’ complaints and disputes resolution
  • - Delivery of notices
  • B.Performance of agreements on the provision of services and payment of charges
  • - Provision of services and contents, as well as tailored-made services
  • - Payment and settlement of fees
  • - Notification of the result of winning prizes at events/giveaways and delivery of products
  • C.Use for marketing and advertisements
  • - Providing optimized services for customers
  • - Developing and specializing in new services (products)
  • - Providing services and posting advertisements according to demographic traits
  • - Identifying the frequency of access to the Company’s homepage
  • - Statistics on the use of services
  • - Mailing periodicals and offering guidance on new products or services
  • - Planning web services and events that meet customers’ interests
  • - Delivering information on advertisements, such as giveaways and events, and operation of member communities
  • - Conducting customer questionnaire based survey

3. Provision of Personal Information;

  • The Company shall neither use nor provide customers’ personal information for any third party beyond the scope of which customers are notified upon collection of their information or the scope that is specified at the terms and conditions of the use of services, unless the customers agree or except for the following cases:
  • A. Partnership: The Company may provide customers’ personal information for its partners or share such information with its partners for the provision of better services. In case the Company does the foregoing acts, individual customers shall be notified in advance of who are our partners, what kinds of personal information items are provided or shared and why such personal information should be provided or shared and until when such information should be protected and managed, either in writing or e-mail, and give their consent to the provision and sharing of their personal information. If customers do not agree, the Company shall neither provide for its partners nor share their personal information with its partners. If there is any change in or termination of the Company’s partnership, the Company shall notify customers of such change or termination or seek their consent through the same procedure as described above.
  • B. Sale and merger and acquisition: If the Company sells its business, in whole or in part, or transfers and assumes the rights and obligations of any service providers, due to mergers and inheritances, the Company shall be sure to notify customers of such mergers and inheritances to guarantee customers their right related to the protection of their personal information.
  • C. Customers’ personal information is required for the performance of an agreement on the provision of services but it is significantly difficult to obtain customers’ ordinary consent due to economic and technological reasons.
  • D. Customers’ personal information is required for payments of fees in return for services
  • E. There is a special provision in other laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act. However, even if there is a special provision in laws compelling the provision of customers’ personal information and customers’ personal information is requested by an administrative or investigation agency for administrative or investigative purposes, the Company shall not provide such personal information unconditionally but only do so in accordance with legal procedures, including by way of a writ or a written request affixed with a seal of head of such agency as stipulated in laws.
  • F. A user inflicts mental and physical damage on others using the Company’s services and therefore, the Company has sufficient grounds to determine that such user’s personal information should be disclosed for the Company to take legal action against such infliction of harm.
  • Verification of details of personal information to be provided
  • Service Entity receiving personal information Items to be provided Retention period
    Verification of users’ real names, service of providing accounts for withdrawals and deposits NH Nonghyup Name, Date of birth, sex, mobile phone no. residential address, account no. Until withdrawal of membership or termination of a partnership agreement

4. Outsourcing of Personal Information Processing;

  • The Company may entrust the management of personal information to other entities to a limited extent to provide smooth and improved services. The following is a list of companies which are entrusted with the processing of personal information for the performance of service agreements with members. The Company stipulates matters required for the secure management of personal information upon execution of outsourcing agreements in accordance with relevant statutes.
  • Verification of Outsourced Companies
  • Outsourced company Purpose of outsourcing Retention period
    Think Full Co., Ltd. Service to prevent sign in stealing At the time of the withdrawal of the customership or until the termination of the trust agreement, when the statute establishes
    Settle Bank Co., Ltd. Payment without account (virtual account)
    IMI Corporation B Point mall service
    Korea Credit Bureau Co., Ltd. Ipin self-certification service Do not Save Separately (Information of the certified service provider)
    Korea Mobile Certification Co., Ltd. Mobile phone verification service
    BTC Korea Service Co., Ltd. Operation of customer centers and customer consulting Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Transcosmos Korea Inc.
    SUREM Co., Ltd. Send SMS
    LG U Plus
    Sweet Tracker
    Nice information Service Simple verification of real names Do not Save Separately (Information of the certified service provider)
    Coocon Nice information Service Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Korea Culture Promotion Inc. Barcode payment
    Win Cube Marketing Mobile coupons and payments via Bithumb Cash
    Korea Pay’s Service Payments via Bithumb Cash

5. Period of Retention and Use of Personal Information;

  • A.Customers’ personal information shall be retained and used during a period when the Company provides services for customers. Upon a user’s withdrawal of membership, such user’s personal information shall be destroyed to ensure that his/her/its personal information is neither accessed nor used. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.
  • Records on payments and the supply of goods: three (5) years
  • - Records on payments and the supply of goods: three (5) years
  • - Records on the handling of customers’ complaints and disputes: three (3) years
  • B.If a customer demands access to transaction information that has been retained by the Company after obtaining the consent of such a customer, the Company shall immediately take a step to ensure that such information can be accessed and checked by such a customer.
  • C.A customer may illegally or expediently receive economic benefits offered by the Company, such as discount coupons and event giveaways, or is likely to use another’s name by repeatedly re-obtaining and re-terminating membership after withdrawing his/her/its membership. Therefore, the Company shall retain members’ names, dates of birth, IDs, and passwords for one month after withdrawal of their membership for the purpose of preventing such illegal and expedient acts.

6. Procedure and Method for Destroying Personal Information;

  • The Company shall immediately destroy personal information depending on the period of retention and use of such information once the purpose of using such information collected has been fulfilled through the following procedure and method and at the following timing:
  • A.Procedure and Timing for Destroying Personal Information
  • The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled, including termination of services, and a retention period of such information as stipulated by its internal guidelines and other relevant statutes (please, refer to the above period of retention and use of personal information) has elapsed. In general, if there is no remaining creditor and debtor relationship, the Company shall, upon withdrawal of membership, immediately delete any personal information that has been collected by the Company at the time of obtaining membership and afterwards managed in the form of electronic files.
  • B.Destruction method
  • Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

  • A. Users and legal representatives of children under fourteen years of age may, at any time, exercise the following rights to the personal information of themselves or such children that are registered at the Company.
  • - Right to demand access to personal information

    - Right to demand correcting errors in personal information, if any

    - Right to demand the deletion of personal information

    - Right to demand the suspension of personal information processing

  • B. Users and legal representatives of children under fourteen years of age may log into the Company’s homepage (www.bithumb.com) and access or modify the personal information of themselves or such children in the Member’s Information Change menu or may do so by sending e-mails or written requests to a chief privacy officer at the Company. However, members’ ID and names may not be modified.
  • C. Users and legal representatives of children under fourteen years of age may withdraw their consent to the ‘collection and use of personal information’ by e-mail, telephone or fax and in such case, shall reveal their or such children’s ID and e-mail address.
  • D. If users and legal representatives of children under fourteen years of age request the correction and deletion of errors in their personal information, the Company shall neither use nor provide such personal information until such errors are corrected or deleted. The Company shall handle the personal information that is terminated or deleted at the request of such users and legal representatives in accordance with ‘Period of Retention and Use of Personal Information’ and prohibit such information from being accessed or used for any purposes other than those stipulated in the ‘Period of Retention and Use of Personal Information.’

8. Measures for Ensuring the Security of Personal Information;

  • The Company has implemented the following measures required for ensuring security under the Personal Information Protection Act:
    • A. Protective measures for administrative purposes
    • 1)Establishment and implementation of an internal management plan
    • - Matters on the appointment of the chief privacy officer
    • - Matters on roles and responsibilities of a chief privacy officer and a personal information- handling employee
    • - Matters on measures for ensuring the security of personal information
    • - Matters on training on the personal information handling employee and companies entrusted with personal information processing
    • - Other matters required for the protection of personal information
    • 2) Conducting its own internal audits
    • - Matters on divisions of duties between the chief privacy officer and an auditor
    • - Matters on roles and responsibilities of an auditor on personal information-related matters
    • - Conducting regular internal audits for ensuring the security of personal information handling
    • B. Technological protection measures
    • 1) The Company operates a system designed to prevent the leakage of personal information in order to prevent the personal information-handling employee from leaking customers’ information. It also applies secure password algorithm to personal information that is transmitted via PCs and networks.
    • 2) The Company grants each personal information handling employee one user account that has different functions and the least right to access a personal information handling system, which is required for performing his/her duties. If such personal information handling employee is replaced, the Company shall modify or delete his/her right to access the system and retain related records for at least five (5) years. In addition, the Company has established and applies a rule of creating a password for the personal information handling employee.
    • 3) If the Company sends or receives individuals’ peculiar identification information and passwords via information communication networks or delivers them through supplementary storage mediums, it shall store them using commercial encryption software and encrypt passwords with secure password algorithms and store them in encrypted forms.
    • 4) The Company retains and manages records on the personal information handling employee’ s access to the personal information processing system for at least six (6) months and securely stores such records to ensure that such records are not forged, modified, stolen or lost.
    • 5) The Company installs and operates security programs, such as vaccine programs that can prevent or cure malicious programs in the personal information processing system or computers used for business purposes. It also conducts regular PC checkups by using the automatic update function of such security programs.
    • C. Physical protective measures
    • The Company has established and operates a procedure for controlling entry to and exit from physical sites where personal information is stored, such as computer rooms and archives. It also stores and manages documents and supplementary storage mediums containing personal information at locations secured with locks.

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

  • A. The Company may install and operate cookies that store and frequently retrieve customers’ information through Internet services provided by the Company. Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server. If a customer accesses the Company’s website, the Company may read the contents of cookies stored at such a customer’s web browser and provide services by searching for additional information, without requiring such a customer to enter such additional information, including his/her/its name.
    • B. The Company may use customers’ information collected through cookies for the following purposes:
    • 1) Providing different information depending on individuals’ interests
    • 2) Identifying users’ tastes and interests by analyzing the access frequency or staying time of members or non-members, and using them for target marketing.
    • 3) Tracing the contents that users read attentively and providing tailor-made services in his/her next visit to the Company’s website.
    • 4) Providing guidance on a use period in using paid services.
    • 5) Analyzing customers’ habits and using them as a measure for the reshuffling of services.
  • C. All customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed, by clicking “Tools>Internet Options> Personal Information > Advanced on the upper menu bar of a web browser. However, if a customer rejects the installation of cookies, he/she/it may have inconvenience or difficulty in using services.
  • D. Cookies expire at the termination of a web browser or when users log out of services.

10. Chief Privacy Officer and Personal Information Handling Employees

  • A. The Company values the protection of customers’ personal information highly and does its best to ensure that their personal information is not damaged, compromised or leaked. However, the Company shall not be responsible for the information damaged by unexpected accidents that arise from basic dangers inherent at networks and all kinds of disputes that arise from postings made by visitors to the Company’s website, even though the Company has taken technological security measures.
  • B. The Company’s customer center offers swift and sincere replies to customers’ inquiries about the protection of their personal information. In addition, customers who wish to contact the chief privacy officer at the Company may contact him/her at the below telephone number or by e-mail. We will answer your inquiries on the protection of personal information swiftly and sincerely.
  • 1) Chief Privacy Officer
  • - Name: Myoungsoo Jeong
  • - Title: The Chairman of the Board
  • - Telephone number: 82-1661-5551
  • - E-mail: private@bitcash.com
  • 2) Personal Information Handling Employee
  • - Name: Cheolgeun Lee
  • - Title: Senior Manager
  • - Telephone No.: 82-1661-5551
  • - E-mail: private@bitcash.com
  • C. You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.
  • 1. Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
  • 2. Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 1301
  • 3. Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 182
  • 4. Personal Information Response Center (http://privacy.kisa.or.kr): 118

11. Notices

  • guideline that is caused by changes in the government’s policies or security technologies on the Notices menu on its homepage seven (7) days before the effectuation of such addition, deletion or modification.
  • - Date of effectuation: June 22, 2018

Privacy Policy

  • BTC KoreaCom Corporation (hereinafter “Company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. The Company has also established the Guideline on Processing Personal Information in accordance with relevant statutes and protects the rights and interests of users.
  • As the Company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the Company’s policies, customers are recommended to pay frequent visits to our website and check details.
  • The Company’s Guideline on Processing Personal Information includes the following sections:

1. Personal Information Items Collected and Collection Method;

2. Purpose of Collecting and Using Personal Information;

3. Provision of Personal Information;

4. Outsourcing of Personal Information Processing;

5. Period of Retention and Use of Personal Information;

6. Procedure and Method for Destroying Personal Information;

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

8. Measures for Ensuring the Security of Personal Information;

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

10. Chief Privacy Officer and Personal Information Handling Employees

11. Notices

1. Personal Information Items Collected and Collection Method;

  • A.Personal information items collected
  • 1.The Company shall not collect any sensitive personal information which may lead to the infringement of human rights of users, including their race, ethnicity, ideas and creeds, place of birth and legal domicile, political orientations and criminal records, health status, and sexual life.
  • 2.The Company shall collect and use the following essential personal information:
    • 1)Verification of a user’s identity and his/her willingness to obtain membership
    • - general members: name, ID, password, passport no. (for foreigners only), cell phone number, email address, country of origin, secure password, residency(address)
    • - corporate members: name of company, name of representative, business registration number, contact telephone number, place of workplace address, e-mail address, password, country of operation, cell phone number, secure password
    • 2) Self-authentication for payments and funds withdrawals
    • - name, date of birth, account number, a copy of an identification card (any remaining information masked except for date of birth), cell phone number, secure password.
    • 3)Self-authentication for level up
    • - cell phone number, e-mail address, i-pin number, a copy of an identification card (any remaining information masked except for date of birth), Bank account no. for withdrawals, address
    • 4)Secure password initialization
    • - name, e-mail address, cell phone number, a copy of an identification card (any remaining information masked except for date of birth), a facial photo
    • 5)Prevention of use by fraudulent members and prevention of unauthorized use
    • - users’ IP address and date and time of their visit to the Company’s website
    • 6) Verification of users’ real name
    • - name, date of birth, gender
    • 3.The following information may be created and collected in the process of using or processing services:
    • - Records on using services, payment records, records on the suspension and termination of services, access logs, cookies, users’ IP address, records on fraudulent or abnormal uses of services.
    • B.Collection method
    • The Company shall collect personal information through the following methods:
    • - homepage, cell phone applications, cell phone web page, fax, telephone, consumer bulletin board, e-mail, and event application
    • - Collection of personal information through a tool for collecting created information

2. Purpose of Collecting and Using Personal Information;

  • The Company shall collect and use customers’ personal information for the following purposes:
  • A.Member management
  • - Self-authentication for the use of membership-based services, verification of individuals’ identity
  • - Prevention of use of services by fraudulent members and of unauthorized use
  • - Verification of users’ willingness to obtain membership and limitation on membership and the number of obtaining membership
  • - Identification of minors
  • - Records retention for consulting with customers, acceptance and handling of customers’ complaints and disputes resolution
  • - Delivery of notices
  • B.Performance of agreements on the provision of services and payment of charges
  • - Provision of services and contents, as well as tailored-made services
  • - Payment and settlement of fees
  • - Notification of the result of winning prizes at events/giveaways and delivery of products
  • C.Use for marketing and advertisements
  • - Providing optimized services for customers
  • - Developing and specializing in new services (products)
  • - Providing services and posting advertisements according to demographic traits
  • - Identifying the frequency of access to the Company’s homepage
  • - Statistics on the use of services
  • - Mailing periodicals and offering guidance on new products or services
  • - Planning web services and events that meet customers’ interests
  • - Delivering information on advertisements, such as giveaways and events, and operation of member communities
  • - Conducting customer questionnaire based survey

3. Provision of Personal Information;

  • The Company shall neither use nor provide customers’ personal information for any third party beyond the scope of which customers are notified upon collection of their information or the scope that is specified at the terms and conditions of the use of services, unless the customers agree or except for the following cases:
  • A. Partnership: The Company may provide customers’ personal information for its partners or share such information with its partners for the provision of better services. In case the Company does the foregoing acts, individual customers shall be notified in advance of who are our partners, what kinds of personal information items are provided or shared and why such personal information should be provided or shared and until when such information should be protected and managed, either in writing or e-mail, and give their consent to the provision and sharing of their personal information. If customers do not agree, the Company shall neither provide for its partners nor share their personal information with its partners. If there is any change in or termination of the Company’s partnership, the Company shall notify customers of such change or termination or seek their consent through the same procedure as described above.
  • B. Sale and merger and acquisition: If the Company sells its business, in whole or in part, or transfers and assumes the rights and obligations of any service providers, due to mergers and inheritances, the Company shall be sure to notify customers of such mergers and inheritances to guarantee customers their right related to the protection of their personal information.
  • C. Customers’ personal information is required for the performance of an agreement on the provision of services but it is significantly difficult to obtain customers’ ordinary consent due to economic and technological reasons.
  • D. Customers’ personal information is required for payments of fees in return for services
  • E. There is a special provision in other laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act. However, even if there is a special provision in laws compelling the provision of customers’ personal information and customers’ personal information is requested by an administrative or investigation agency for administrative or investigative purposes, the Company shall not provide such personal information unconditionally but only do so in accordance with legal procedures, including by way of a writ or a written request affixed with a seal of head of such agency as stipulated in laws.
  • F. A user inflicts mental and physical damage on others using the Company’s services and therefore, the Company has sufficient grounds to determine that such user’s personal information should be disclosed for the Company to take legal action against such infliction of harm.
  • Verification of details of personal information to be provided
  • Service Entity receiving personal information Items to be provided Retention period
    Verification of users’ real names, service of providing accounts for withdrawals and deposits NH Nonghyup Name, Date of birth, sex, mobile phone no. residential address, account no. Until withdrawal of membership or termination of a partnership agreement

4. Outsourcing of Personal Information Processing;

  • The Company may entrust the management of personal information to other entities to a limited extent to provide smooth and improved services. The following is a list of companies which are entrusted with the processing of personal information for the performance of service agreements with members. The Company stipulates matters required for the secure management of personal information upon execution of outsourcing agreements in accordance with relevant statutes.
  • Verification of Outsourced Companies
  • Outsourced company Purpose of outsourcing Retention period
    Think Full Co., Ltd. Service to prevent sign in stealing At the time of the withdrawal of the customership or until the termination of the trust agreement, when the statute establishes
    Settle Bank Co., Ltd. Payment without account (virtual account)
    IMI Corporation B Point mall service
    Korea Credit Bureau Co., Ltd. Ipin self-certification service Do not Save Separately (Information of the certified service provider)
    Korea Mobile Certification Co., Ltd. Mobile phone verification service
    BTC Korea Service Co., Ltd. Operation of customer centers and customer consulting Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Transcosmos Korea Inc.
    SUREM Co., Ltd. Send SMS
    LG U Plus
    Sweet Tracker
    Nice information Service Simple verification of real names Do not Save Separately (Information of the certified service provider)
    Coocon Nice information Service Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Korea Culture Promotion Inc. Barcode payment
    Win Cube Marketing Mobile coupons and payments via Bithumb Cash
    Korea Pay’s Service Payments via Bithumb Cash
    Inbiznet ARS Certification

5. Period of Retention and Use of Personal Information;

  • A.Customers’ personal information shall be retained and used during a period when the Company provides services for customers. Upon a user’s withdrawal of membership, such user’s personal information shall be destroyed to ensure that his/her/its personal information is neither accessed nor used. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.
  • Records on payments and the supply of goods: three (5) years
  • - Records on payments and the supply of goods: three (5) years
  • - Records on the handling of customers’ complaints and disputes: three (3) years
  • B.If a customer demands access to transaction information that has been retained by the Company after obtaining the consent of such a customer, the Company shall immediately take a step to ensure that such information can be accessed and checked by such a customer.
  • C.A customer may illegally or expediently receive economic benefits offered by the Company, such as discount coupons and event giveaways, or is likely to use another’s name by repeatedly re-obtaining and re-terminating membership after withdrawing his/her/its membership. Therefore, the Company shall retain members’ names, dates of birth, IDs, and passwords for one month after withdrawal of their membership for the purpose of preventing such illegal and expedient acts.

6. Procedure and Method for Destroying Personal Information;

  • The Company shall immediately destroy personal information depending on the period of retention and use of such information once the purpose of using such information collected has been fulfilled through the following procedure and method and at the following timing:
  • A.Procedure and Timing for Destroying Personal Information
  • The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled, including termination of services, and a retention period of such information as stipulated by its internal guidelines and other relevant statutes (please, refer to the above period of retention and use of personal information) has elapsed. In general, if there is no remaining creditor and debtor relationship, the Company shall, upon withdrawal of membership, immediately delete any personal information that has been collected by the Company at the time of obtaining membership and afterwards managed in the form of electronic files.
  • B.Destruction method
  • Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

  • A. Users and legal representatives of children under fourteen years of age may, at any time, exercise the following rights to the personal information of themselves or such children that are registered at the Company.
  • - Right to demand access to personal information

    - Right to demand correcting errors in personal information, if any

    - Right to demand the deletion of personal information

    - Right to demand the suspension of personal information processing

  • B. Users and legal representatives of children under fourteen years of age may log into the Company’s homepage (www.bithumb.com) and access or modify the personal information of themselves or such children in the Member’s Information Change menu or may do so by sending e-mails or written requests to a chief privacy officer at the Company. However, members’ ID and names may not be modified.
  • C. Users and legal representatives of children under fourteen years of age may withdraw their consent to the ‘collection and use of personal information’ by e-mail, telephone or fax and in such case, shall reveal their or such children’s ID and e-mail address.
  • D. If users and legal representatives of children under fourteen years of age request the correction and deletion of errors in their personal information, the Company shall neither use nor provide such personal information until such errors are corrected or deleted. The Company shall handle the personal information that is terminated or deleted at the request of such users and legal representatives in accordance with ‘Period of Retention and Use of Personal Information’ and prohibit such information from being accessed or used for any purposes other than those stipulated in the ‘Period of Retention and Use of Personal Information.’

8. Measures for Ensuring the Security of Personal Information;

  • The Company has implemented the following measures required for ensuring security under the Personal Information Protection Act:
    • A. Protective measures for administrative purposes
    • 1)Establishment and implementation of an internal management plan
    • - Matters on the appointment of the chief privacy officer
    • - Matters on roles and responsibilities of a chief privacy officer and a personal information- handling employee
    • - Matters on measures for ensuring the security of personal information
    • - Matters on training on the personal information handling employee and companies entrusted with personal information processing
    • - Other matters required for the protection of personal information
    • 2) Conducting its own internal audits
    • - Matters on divisions of duties between the chief privacy officer and an auditor
    • - Matters on roles and responsibilities of an auditor on personal information-related matters
    • - Conducting regular internal audits for ensuring the security of personal information handling
    • B. Technological protection measures
    • 1) The Company operates a system designed to prevent the leakage of personal information in order to prevent the personal information-handling employee from leaking customers’ information. It also applies secure password algorithm to personal information that is transmitted via PCs and networks.
    • 2) The Company grants each personal information handling employee one user account that has different functions and the least right to access a personal information handling system, which is required for performing his/her duties. If such personal information handling employee is replaced, the Company shall modify or delete his/her right to access the system and retain related records for at least five (5) years. In addition, the Company has established and applies a rule of creating a password for the personal information handling employee.
    • 3) If the Company sends or receives individuals’ peculiar identification information and passwords via information communication networks or delivers them through supplementary storage mediums, it shall store them using commercial encryption software and encrypt passwords with secure password algorithms and store them in encrypted forms.
    • 4) The Company retains and manages records on the personal information handling employee’ s access to the personal information processing system for at least six (6) months and securely stores such records to ensure that such records are not forged, modified, stolen or lost.
    • 5) The Company installs and operates security programs, such as vaccine programs that can prevent or cure malicious programs in the personal information processing system or computers used for business purposes. It also conducts regular PC checkups by using the automatic update function of such security programs.
    • C. Physical protective measures
    • The Company has established and operates a procedure for controlling entry to and exit from physical sites where personal information is stored, such as computer rooms and archives. It also stores and manages documents and supplementary storage mediums containing personal information at locations secured with locks.

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

  • A. The Company may install and operate cookies that store and frequently retrieve customers’ information through Internet services provided by the Company. Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server. If a customer accesses the Company’s website, the Company may read the contents of cookies stored at such a customer’s web browser and provide services by searching for additional information, without requiring such a customer to enter such additional information, including his/her/its name.
    • B. The Company may use customers’ information collected through cookies for the following purposes:
    • 1) Providing different information depending on individuals’ interests
    • 2) Identifying users’ tastes and interests by analyzing the access frequency or staying time of members or non-members, and using them for target marketing.
    • 3) Tracing the contents that users read attentively and providing tailor-made services in his/her next visit to the Company’s website.
    • 4) Providing guidance on a use period in using paid services.
    • 5) Analyzing customers’ habits and using them as a measure for the reshuffling of services.
  • C. All customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed, by clicking “Tools>Internet Options> Personal Information > Advanced on the upper menu bar of a web browser. However, if a customer rejects the installation of cookies, he/she/it may have inconvenience or difficulty in using services.
  • D. Cookies expire at the termination of a web browser or when users log out of services.

10. Chief Privacy Officer and Personal Information Handling Employees

  • A. The Company values the protection of customers’ personal information highly and does its best to ensure that their personal information is not damaged, compromised or leaked. However, the Company shall not be responsible for the information damaged by unexpected accidents that arise from basic dangers inherent at networks and all kinds of disputes that arise from postings made by visitors to the Company’s website, even though the Company has taken technological security measures.
  • B. The Company’s customer center offers swift and sincere replies to customers’ inquiries about the protection of their personal information. In addition, customers who wish to contact the chief privacy officer at the Company may contact him/her at the below telephone number or by e-mail. We will answer your inquiries on the protection of personal information swiftly and sincerely.
  • 1) Chief Privacy Officer
  • - Name: Myoungsoo Jeong
  • - Title: The Chairman of the Board
  • - Telephone number: 82-1661-5551
  • - E-mail: private@bitcash.com
  • 2) Personal Information Handling Employee
  • - Name: Cheolgeun Lee
  • - Title: Senior Manager
  • - Telephone No.: 82-1661-5551
  • - E-mail: private@bitcash.com
  • C. You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.
  • 1. Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
  • 2. Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 1301
  • 3. Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 182
  • 4. Personal Information Response Center (http://privacy.kisa.or.kr): 118

11. Notices

  • guideline that is caused by changes in the government’s policies or security technologies on the Notices menu on its homepage seven (7) days before the effectuation of such addition, deletion or modification.
  • - Date of effectuation: August 14, 2018

Privacy Policy

  • BTC KoreaCom Corporation (hereinafter “Company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. The Company has also established the Guideline on Processing Personal Information in accordance with relevant statutes and protects the rights and interests of users.
  • As the Company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the Company’s policies, customers are recommended to pay frequent visits to our website and check details.
  • The Company’s Guideline on Processing Personal Information includes the following sections:

1. Personal Information Items Collected and Collection Method;

2. Purpose of Collecting and Using Personal Information;

3. Provision of Personal Information;

4. Outsourcing of Personal Information Processing;

5. Period of Retention and Use of Personal Information;

6. Procedure and Method for Destroying Personal Information;

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

8. Measures for Ensuring the Security of Personal Information;

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

10. Chief Privacy Officer and Personal Information Handling Employees

11. Notices

1. Personal Information Items Collected and Collection Method;

  • A.Personal information items collected
  • 1.The Company shall not collect any sensitive personal information which may lead to the infringement of human rights of users, including their race, ethnicity, ideas and creeds, place of birth and legal domicile, political orientations and criminal records, health status, and sexual life.
  • 2.The Company shall collect and use the following essential personal information:
    • 1)Verification of a user’s identity and his/her willingness to obtain membership
    • - general members: name, ID, password, passport no. (for foreigners only), cell phone number, email address, country of origin, secure password, residency(address)
    • - corporate members: name of company, name of representative, business registration number, contact telephone number, place of workplace address, e-mail address, password, country of operation, cell phone number, secure password
    • 2) Self-authentication for payments and funds withdrawals
    • - name, date of birth, account number, a copy of an identification card (any remaining information masked except for date of birth), cell phone number, secure password.
    • 3)Self-authentication for level up
    • - cell phone number, e-mail address, i-pin number, a copy of an identification card (any remaining information masked except for date of birth), Bank account no. for withdrawals, address
    • 4)Secure password initialization
    • - name, e-mail address, cell phone number, a copy of an identification card (any remaining information masked except for date of birth), a facial photo
    • 5)Prevention of use by fraudulent members and prevention of unauthorized use
    • - users’ IP address and date and time of their visit to the Company’s website
    • 6) Verification of users’ real name
    • - name, date of birth, gender
    • 3.The following information may be created and collected in the process of using or processing services:
    • - Records on using services, payment records, records on the suspension and termination of services, access logs, cookies, users’ IP address, records on fraudulent or abnormal uses of services.
    • B.Collection method
    • The Company shall collect personal information through the following methods:
    • - homepage, cell phone applications, cell phone web page, fax, telephone, consumer bulletin board, e-mail, and event application
    • - Collection of personal information through a tool for collecting created information

2. Purpose of Collecting and Using Personal Information;

  • The Company shall collect and use customers’ personal information for the following purposes:
  • A.Member management
  • - Self-authentication for the use of membership-based services, verification of individuals’ identity
  • - Prevention of use of services by fraudulent members and of unauthorized use
  • - Verification of users’ willingness to obtain membership and limitation on membership and the number of obtaining membership
  • - Identification of minors
  • - Records retention for consulting with customers, acceptance and handling of customers’ complaints and disputes resolution
  • - Delivery of notices
  • B.Performance of agreements on the provision of services and payment of charges
  • - Provision of services and contents, as well as tailored-made services
  • - Payment and settlement of fees
  • - Notification of the result of winning prizes at events/giveaways and delivery of products
  • C.Use for marketing and advertisements
  • - Providing optimized services for customers
  • - Developing and specializing in new services (products)
  • - Providing services and posting advertisements according to demographic traits
  • - Identifying the frequency of access to the Company’s homepage
  • - Statistics on the use of services
  • - Mailing periodicals and offering guidance on new products or services
  • - Planning web services and events that meet customers’ interests
  • - Delivering information on advertisements, such as giveaways and events, and operation of member communities
  • - Conducting customer questionnaire based survey

3. Provision of Personal Information;

  • The Company shall neither use nor provide customers’ personal information for any third party beyond the scope of which customers are notified upon collection of their information or the scope that is specified at the terms and conditions of the use of services, unless the customers agree or except for the following cases:
  • A. Partnership: The Company may provide customers’ personal information for its partners or share such information with its partners for the provision of better services. In case the Company does the foregoing acts, individual customers shall be notified in advance of who are our partners, what kinds of personal information items are provided or shared and why such personal information should be provided or shared and until when such information should be protected and managed, either in writing or e-mail, and give their consent to the provision and sharing of their personal information. If customers do not agree, the Company shall neither provide for its partners nor share their personal information with its partners. If there is any change in or termination of the Company’s partnership, the Company shall notify customers of such change or termination or seek their consent through the same procedure as described above.
  • B. Sale and merger and acquisition: If the Company sells its business, in whole or in part, or transfers and assumes the rights and obligations of any service providers, due to mergers and inheritances, the Company shall be sure to notify customers of such mergers and inheritances to guarantee customers their right related to the protection of their personal information.
  • C. Customers’ personal information is required for the performance of an agreement on the provision of services but it is significantly difficult to obtain customers’ ordinary consent due to economic and technological reasons.
  • D. Customers’ personal information is required for payments of fees in return for services
  • E. There is a special provision in other laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act. However, even if there is a special provision in laws compelling the provision of customers’ personal information and customers’ personal information is requested by an administrative or investigation agency for administrative or investigative purposes, the Company shall not provide such personal information unconditionally but only do so in accordance with legal procedures, including by way of a writ or a written request affixed with a seal of head of such agency as stipulated in laws.
  • F. A user inflicts mental and physical damage on others using the Company’s services and therefore, the Company has sufficient grounds to determine that such user’s personal information should be disclosed for the Company to take legal action against such infliction of harm.
  • Verification of details of personal information to be provided
  • Service Entity receiving personal information Items to be provided Retention period
    Verification of users’ real names, service of providing accounts for withdrawals and deposits NH Nonghyup Name, Date of birth, sex, mobile phone no. residential address, account no. Until withdrawal of membership or termination of a partnership agreement

4. Outsourcing of Personal Information Processing;

  • The Company may entrust the management of personal information to other entities to a limited extent to provide smooth and improved services. The following is a list of companies which are entrusted with the processing of personal information for the performance of service agreements with members. The Company stipulates matters required for the secure management of personal information upon execution of outsourcing agreements in accordance with relevant statutes.
  • Verification of Outsourced Companies
  • Outsourced company Purpose of outsourcing Retention period
    Think Full Co., Ltd. Service to prevent sign in stealing At the time of the withdrawal of the customership or until the termination of the trust agreement, when the statute establishes
    Settle Bank Co., Ltd. Payment without account (virtual account)
    IMI Corporation B Point mall service
    Korea Credit Bureau Co., Ltd. Ipin self-certification service Do not Save Separately (Information of the certified service provider)
    Korea Mobile Certification Co., Ltd. Mobile phone verification service
    BTC Korea Service Co., Ltd. Operation of customer centers and customer consulting Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Transcosmos Korea Inc.
    SUREM Co., Ltd. Send SMS
    LG U Plus
    Sweet Tracker
    Nice information Service Simple verification of real names Do not Save Separately (Information of the certified service provider)
    Coocon Nice information Service Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Korea Culture Promotion Inc. Barcode payment
    Win Cube Marketing Mobile coupons and payments via Bithumb Cash
    Korea Pay’s Service Payments via Bithumb Cash
    Inbiznet ARS Certification
    Slowalk Send E-mail

5. Period of Retention and Use of Personal Information;

  • A.Customers’ personal information shall be retained and used during a period when the Company provides services for customers. Upon a user’s withdrawal of membership, such user’s personal information shall be destroyed to ensure that his/her/its personal information is neither accessed nor used. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.
  • Records on payments and the supply of goods: three (5) years
  • - Records on payments and the supply of goods: three (5) years
  • - Records on the handling of customers’ complaints and disputes: three (3) years
  • B.If a customer demands access to transaction information that has been retained by the Company after obtaining the consent of such a customer, the Company shall immediately take a step to ensure that such information can be accessed and checked by such a customer.
  • C.A customer may illegally or expediently receive economic benefits offered by the Company, such as discount coupons and event giveaways, or is likely to use another’s name by repeatedly re-obtaining and re-terminating membership after withdrawing his/her/its membership. Therefore, the Company shall retain members’ names, dates of birth, IDs, and passwords for one month after withdrawal of their membership for the purpose of preventing such illegal and expedient acts.

6. Procedure and Method for Destroying Personal Information;

  • The Company shall immediately destroy personal information depending on the period of retention and use of such information once the purpose of using such information collected has been fulfilled through the following procedure and method and at the following timing:
  • A.Procedure and Timing for Destroying Personal Information
  • The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled, including termination of services, and a retention period of such information as stipulated by its internal guidelines and other relevant statutes (please, refer to the above period of retention and use of personal information) has elapsed. In general, if there is no remaining creditor and debtor relationship, the Company shall, upon withdrawal of membership, immediately delete any personal information that has been collected by the Company at the time of obtaining membership and afterwards managed in the form of electronic files.
  • B.Destruction method
  • Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

  • A. Users and legal representatives of children under fourteen years of age may, at any time, exercise the following rights to the personal information of themselves or such children that are registered at the Company.
  • - Right to demand access to personal information

    - Right to demand correcting errors in personal information, if any

    - Right to demand the deletion of personal information

    - Right to demand the suspension of personal information processing

  • B. Users and legal representatives of children under fourteen years of age may log into the Company’s homepage (www.bithumb.com) and access or modify the personal information of themselves or such children in the Member’s Information Change menu or may do so by sending e-mails or written requests to a chief privacy officer at the Company. However, members’ ID and names may not be modified.
  • C. Users and legal representatives of children under fourteen years of age may withdraw their consent to the ‘collection and use of personal information’ by e-mail, telephone or fax and in such case, shall reveal their or such children’s ID and e-mail address.
  • D. If users and legal representatives of children under fourteen years of age request the correction and deletion of errors in their personal information, the Company shall neither use nor provide such personal information until such errors are corrected or deleted. The Company shall handle the personal information that is terminated or deleted at the request of such users and legal representatives in accordance with ‘Period of Retention and Use of Personal Information’ and prohibit such information from being accessed or used for any purposes other than those stipulated in the ‘Period of Retention and Use of Personal Information.’

8. Measures for Ensuring the Security of Personal Information;

  • The Company has implemented the following measures required for ensuring security under the Personal Information Protection Act:
    • A. Protective measures for administrative purposes
    • 1)Establishment and implementation of an internal management plan
    • - Matters on the appointment of the chief privacy officer
    • - Matters on roles and responsibilities of a chief privacy officer and a personal information- handling employee
    • - Matters on measures for ensuring the security of personal information
    • - Matters on training on the personal information handling employee and companies entrusted with personal information processing
    • - Other matters required for the protection of personal information
    • 2) Conducting its own internal audits
    • - Matters on divisions of duties between the chief privacy officer and an auditor
    • - Matters on roles and responsibilities of an auditor on personal information-related matters
    • - Conducting regular internal audits for ensuring the security of personal information handling
    • B. Technological protection measures
    • 1) The Company operates a system designed to prevent the leakage of personal information in order to prevent the personal information-handling employee from leaking customers’ information. It also applies secure password algorithm to personal information that is transmitted via PCs and networks.
    • 2) The Company grants each personal information handling employee one user account that has different functions and the least right to access a personal information handling system, which is required for performing his/her duties. If such personal information handling employee is replaced, the Company shall modify or delete his/her right to access the system and retain related records for at least five (5) years. In addition, the Company has established and applies a rule of creating a password for the personal information handling employee.
    • 3) If the Company sends or receives individuals’ peculiar identification information and passwords via information communication networks or delivers them through supplementary storage mediums, it shall store them using commercial encryption software and encrypt passwords with secure password algorithms and store them in encrypted forms.
    • 4) The Company retains and manages records on the personal information handling employee’ s access to the personal information processing system for at least six (6) months and securely stores such records to ensure that such records are not forged, modified, stolen or lost.
    • 5) The Company installs and operates security programs, such as vaccine programs that can prevent or cure malicious programs in the personal information processing system or computers used for business purposes. It also conducts regular PC checkups by using the automatic update function of such security programs.
    • C. Physical protective measures
    • The Company has established and operates a procedure for controlling entry to and exit from physical sites where personal information is stored, such as computer rooms and archives. It also stores and manages documents and supplementary storage mediums containing personal information at locations secured with locks.

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

  • A. The Company may install and operate cookies that store and frequently retrieve customers’ information through Internet services provided by the Company. Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server. If a customer accesses the Company’s website, the Company may read the contents of cookies stored at such a customer’s web browser and provide services by searching for additional information, without requiring such a customer to enter such additional information, including his/her/its name.
    • B. The Company may use customers’ information collected through cookies for the following purposes:
    • 1) Providing different information depending on individuals’ interests
    • 2) Identifying users’ tastes and interests by analyzing the access frequency or staying time of members or non-members, and using them for target marketing.
    • 3) Tracing the contents that users read attentively and providing tailor-made services in his/her next visit to the Company’s website.
    • 4) Providing guidance on a use period in using paid services.
    • 5) Analyzing customers’ habits and using them as a measure for the reshuffling of services.
  • C. All customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed, by clicking “Tools>Internet Options> Personal Information > Advanced on the upper menu bar of a web browser. However, if a customer rejects the installation of cookies, he/she/it may have inconvenience or difficulty in using services.
  • D. Cookies expire at the termination of a web browser or when users log out of services.

10. Chief Privacy Officer and Personal Information Handling Employees

  • A. The Company values the protection of customers’ personal information highly and does its best to ensure that their personal information is not damaged, compromised or leaked. However, the Company shall not be responsible for the information damaged by unexpected accidents that arise from basic dangers inherent at networks and all kinds of disputes that arise from postings made by visitors to the Company’s website, even though the Company has taken technological security measures.
  • B. The Company’s customer center offers swift and sincere replies to customers’ inquiries about the protection of their personal information. In addition, customers who wish to contact the chief privacy officer at the Company may contact him/her at the below telephone number or by e-mail. We will answer your inquiries on the protection of personal information swiftly and sincerely.
  • 1) Chief Privacy Officer
  • - Name: Myoungsoo Jeong
  • - Title: The Chairman of the Board
  • - Telephone number: 82-1661-5551
  • - E-mail: private@bitcash.com
  • 2) Personal Information Handling Employee
  • - Name: Cheolgeun Lee
  • - Title: Senior Manager
  • - Telephone No.: 82-1661-5551
  • - E-mail: private@bitcash.com
  • C. You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.
  • 1. Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
  • 2. Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 1301
  • 3. Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 182
  • 4. Personal Information Response Center (http://privacy.kisa.or.kr): 118

11. Notices

  • guideline that is caused by changes in the government’s policies or security technologies on the Notices menu on its homepage seven (7) days before the effectuation of such addition, deletion or modification.
  • - Date of effectuation: September 4, 2018

Privacy Policy

  • BTC KoreaCom Corporation (hereinafter “Company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. The Company has also established the Guideline on Processing Personal Information in accordance with relevant statutes and protects the rights and interests of users.
  • As the Company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the Company’s policies, customers are recommended to pay frequent visits to our website and check details.
  • The Company’s Guideline on Processing Personal Information includes the following sections:

1. Personal Information Items Collected and Collection Method;

2. Purpose of Collecting and Using Personal Information;

3. Provision of Personal Information;

4. Outsourcing of Personal Information Processing;

5. Period of Retention and Use of Personal Information;

6. Procedure and Method for Destroying Personal Information;

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

8. Measures for Ensuring the Security of Personal Information;

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

10. Chief Privacy Officer and Personal Information Handling Employees

11. Notices

1. Personal Information Items Collected and Collection Method;

  • A.Personal information items collected
  • 1.The Company shall not collect any sensitive personal information which may lead to the infringement of human rights of users, including their race, ethnicity, ideas and creeds, place of birth and legal domicile, political orientations and criminal records, health status, and sexual life.
  • 2.The Company shall collect and use the following essential personal information:
    • 1)Verification of a user’s identity and his/her willingness to obtain membership
    • - general members: name, ID, password, passport no. (for foreigners only), cell phone number, email address, country of origin, secure password, residency(address)
    • - corporate members: name of company, name of representative, business registration number, contact telephone number, place of workplace address, e-mail address, password, country of operation, cell phone number, secure password
    • 2) Self-authentication for payments and funds withdrawals
    • - name, date of birth, account number, a copy of an identification card (any remaining information masked except for date of birth), cell phone number, secure password.
    • 3)Self-authentication for level up
    • - cell phone number, e-mail address, i-pin number, a copy of an identification card (any remaining information masked except for date of birth), Bank account no. for withdrawals, address
    • 4)Secure password initialization
    • - name, e-mail address, cell phone number, a copy of an identification card (any remaining information masked except for date of birth), a facial photo
    • 5)Prevention of use by fraudulent members and prevention of unauthorized use
    • - users’ IP address and date and time of their visit to the Company’s website
    • 6) Verification of users’ real name
    • - name, date of birth, gender
    • 3.The following information may be created and collected in the process of using or processing services:
    • - Records on using services, payment records, records on the suspension and termination of services, access logs, cookies, users’ IP address, records on fraudulent or abnormal uses of services.
    • B.Collection method
    • The Company shall collect personal information through the following methods:
    • - homepage, cell phone applications, cell phone web page, fax, telephone, consumer bulletin board, e-mail, and event application
    • - Collection of personal information through a tool for collecting created information

2. Purpose of Collecting and Using Personal Information;

  • The Company shall collect and use customers’ personal information for the following purposes:
  • A.Member management
  • - Self-authentication for the use of membership-based services, verification of individuals’ identity
  • - Prevention of use of services by fraudulent members and of unauthorized use
  • - Verification of users’ willingness to obtain membership and limitation on membership and the number of obtaining membership
  • - Identification of minors
  • - Records retention for consulting with customers, acceptance and handling of customers’ complaints and disputes resolution
  • - Delivery of notices
  • B.Performance of agreements on the provision of services and payment of charges
  • - Provision of services and contents, as well as tailored-made services
  • - Payment and settlement of fees
  • - Notification of the result of winning prizes at events/giveaways and delivery of products
  • C.Use for marketing and advertisements
  • - Providing optimized services for customers
  • - Developing and specializing in new services (products)
  • - Providing services and posting advertisements according to demographic traits
  • - Identifying the frequency of access to the Company’s homepage
  • - Statistics on the use of services
  • - Mailing periodicals and offering guidance on new products or services
  • - Planning web services and events that meet customers’ interests
  • - Delivering information on advertisements, such as giveaways and events, and operation of member communities
  • - Conducting customer questionnaire based survey

3. Provision of Personal Information;

  • The Company shall neither use nor provide customers’ personal information for any third party beyond the scope of which customers are notified upon collection of their information or the scope that is specified at the terms and conditions of the use of services, unless the customers agree or except for the following cases:
  • A. Partnership: The Company may provide customers’ personal information for its partners or share such information with its partners for the provision of better services. In case the Company does the foregoing acts, individual customers shall be notified in advance of who are our partners, what kinds of personal information items are provided or shared and why such personal information should be provided or shared and until when such information should be protected and managed, either in writing or e-mail, and give their consent to the provision and sharing of their personal information. If customers do not agree, the Company shall neither provide for its partners nor share their personal information with its partners. If there is any change in or termination of the Company’s partnership, the Company shall notify customers of such change or termination or seek their consent through the same procedure as described above.
  • B. Sale and merger and acquisition: If the Company sells its business, in whole or in part, or transfers and assumes the rights and obligations of any service providers, due to mergers and inheritances, the Company shall be sure to notify customers of such mergers and inheritances to guarantee customers their right related to the protection of their personal information.
  • C. Customers’ personal information is required for the performance of an agreement on the provision of services but it is significantly difficult to obtain customers’ ordinary consent due to economic and technological reasons.
  • D. Customers’ personal information is required for payments of fees in return for services
  • E. There is a special provision in other laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act. However, even if there is a special provision in laws compelling the provision of customers’ personal information and customers’ personal information is requested by an administrative or investigation agency for administrative or investigative purposes, the Company shall not provide such personal information unconditionally but only do so in accordance with legal procedures, including by way of a writ or a written request affixed with a seal of head of such agency as stipulated in laws.
  • F. A user inflicts mental and physical damage on others using the Company’s services and therefore, the Company has sufficient grounds to determine that such user’s personal information should be disclosed for the Company to take legal action against such infliction of harm.
  • Verification of details of personal information to be provided
  • Service Entity receiving personal information Items to be provided Retention period
    Verification of users’ real names, service of providing accounts for withdrawals and deposits NH Nonghyup Name, Date of birth, sex, mobile phone no. residential address, account no. Until withdrawal of membership or termination of a partnership agreement

4. Outsourcing of Personal Information Processing;

  • The Company may entrust the management of personal information to other entities to a limited extent to provide smooth and improved services. The following is a list of companies which are entrusted with the processing of personal information for the performance of service agreements with members. The Company stipulates matters required for the secure management of personal information upon execution of outsourcing agreements in accordance with relevant statutes.
  • Verification of Outsourced Companies
  • Outsourced company Purpose of outsourcing Retention period
    Think Full Co., Ltd. Service to prevent sign in stealing At the time of the withdrawal of the customership or until the termination of the trust agreement, when the statute establishes
    Settle Bank Co., Ltd. Payment without account (virtual account)
    IMI Corporation B Point mall service
    Korea Credit Bureau Co., Ltd. Ipin self-certification service Do not Save Separately (Information of the certified service provider)
    Korea Mobile Certification Co., Ltd. Mobile phone verification service
    BTC Korea Service Co., Ltd. Operation of customer centers and customer consulting Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Transcosmos Korea Inc.
    SUREM Co., Ltd. Send SMS
    LG U Plus
    Sweet Tracker
    Nice information Service Simple verification of real names Do not Save Separately (Information of the certified service provider)
    Coocon Nice information Service Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Korea Culture Promotion Inc. Barcode payment
    Win Cube Marketing Mobile coupons and payments via Bithumb Cash
    Korea Pay’s Service Payments via Bithumb Cash
    Inbiznet ARS Certification
    Slowalk Send E-mail
    Omnitel Mobile coupons

5. Period of Retention and Use of Personal Information;

  • A.Customers’ personal information shall be retained and used during a period when the Company provides services for customers. Upon a user’s withdrawal of membership, such user’s personal information shall be destroyed to ensure that his/her/its personal information is neither accessed nor used. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.
  • Records on payments and the supply of goods: three (5) years
  • - Records on payments and the supply of goods: three (5) years
  • - Records on the handling of customers’ complaints and disputes: three (3) years
  • B.If a customer demands access to transaction information that has been retained by the Company after obtaining the consent of such a customer, the Company shall immediately take a step to ensure that such information can be accessed and checked by such a customer.
  • C.A customer may illegally or expediently receive economic benefits offered by the Company, such as discount coupons and event giveaways, or is likely to use another’s name by repeatedly re-obtaining and re-terminating membership after withdrawing his/her/its membership. Therefore, the Company shall retain members’ names, dates of birth, IDs, and passwords for one month after withdrawal of their membership for the purpose of preventing such illegal and expedient acts.

6. Procedure and Method for Destroying Personal Information;

  • The Company shall immediately destroy personal information depending on the period of retention and use of such information once the purpose of using such information collected has been fulfilled through the following procedure and method and at the following timing:
  • A.Procedure and Timing for Destroying Personal Information
  • The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled, including termination of services, and a retention period of such information as stipulated by its internal guidelines and other relevant statutes (please, refer to the above period of retention and use of personal information) has elapsed. In general, if there is no remaining creditor and debtor relationship, the Company shall, upon withdrawal of membership, immediately delete any personal information that has been collected by the Company at the time of obtaining membership and afterwards managed in the form of electronic files.
  • B.Destruction method
  • Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

  • A. Users and legal representatives of children under fourteen years of age may, at any time, exercise the following rights to the personal information of themselves or such children that are registered at the Company.
  • - Right to demand access to personal information

    - Right to demand correcting errors in personal information, if any

    - Right to demand the deletion of personal information

    - Right to demand the suspension of personal information processing

  • B. Users and legal representatives of children under fourteen years of age may log into the Company’s homepage (www.bithumb.com) and access or modify the personal information of themselves or such children in the Member’s Information Change menu or may do so by sending e-mails or written requests to a chief privacy officer at the Company. However, members’ ID and names may not be modified.
  • C. Users and legal representatives of children under fourteen years of age may withdraw their consent to the ‘collection and use of personal information’ by e-mail, telephone or fax and in such case, shall reveal their or such children’s ID and e-mail address.
  • D. If users and legal representatives of children under fourteen years of age request the correction and deletion of errors in their personal information, the Company shall neither use nor provide such personal information until such errors are corrected or deleted. The Company shall handle the personal information that is terminated or deleted at the request of such users and legal representatives in accordance with ‘Period of Retention and Use of Personal Information’ and prohibit such information from being accessed or used for any purposes other than those stipulated in the ‘Period of Retention and Use of Personal Information.’

8. Measures for Ensuring the Security of Personal Information;

  • The Company has implemented the following measures required for ensuring security under the Personal Information Protection Act:
    • A. Protective measures for administrative purposes
    • 1)Establishment and implementation of an internal management plan
    • - Matters on the appointment of the chief privacy officer
    • - Matters on roles and responsibilities of a chief privacy officer and a personal information- handling employee
    • - Matters on measures for ensuring the security of personal information
    • - Matters on training on the personal information handling employee and companies entrusted with personal information processing
    • - Other matters required for the protection of personal information
    • 2) Conducting its own internal audits
    • - Matters on divisions of duties between the chief privacy officer and an auditor
    • - Matters on roles and responsibilities of an auditor on personal information-related matters
    • - Conducting regular internal audits for ensuring the security of personal information handling
    • B. Technological protection measures
    • 1) The Company operates a system designed to prevent the leakage of personal information in order to prevent the personal information-handling employee from leaking customers’ information. It also applies secure password algorithm to personal information that is transmitted via PCs and networks.
    • 2) The Company grants each personal information handling employee one user account that has different functions and the least right to access a personal information handling system, which is required for performing his/her duties. If such personal information handling employee is replaced, the Company shall modify or delete his/her right to access the system and retain related records for at least five (5) years. In addition, the Company has established and applies a rule of creating a password for the personal information handling employee.
    • 3) If the Company sends or receives individuals’ peculiar identification information and passwords via information communication networks or delivers them through supplementary storage mediums, it shall store them using commercial encryption software and encrypt passwords with secure password algorithms and store them in encrypted forms.
    • 4) The Company retains and manages records on the personal information handling employee’ s access to the personal information processing system for at least six (6) months and securely stores such records to ensure that such records are not forged, modified, stolen or lost.
    • 5) The Company installs and operates security programs, such as vaccine programs that can prevent or cure malicious programs in the personal information processing system or computers used for business purposes. It also conducts regular PC checkups by using the automatic update function of such security programs.
    • C. Physical protective measures
    • The Company has established and operates a procedure for controlling entry to and exit from physical sites where personal information is stored, such as computer rooms and archives. It also stores and manages documents and supplementary storage mediums containing personal information at locations secured with locks.

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

  • A. The Company may install and operate cookies that store and frequently retrieve customers’ information through Internet services provided by the Company. Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server. If a customer accesses the Company’s website, the Company may read the contents of cookies stored at such a customer’s web browser and provide services by searching for additional information, without requiring such a customer to enter such additional information, including his/her/its name.
    • B. The Company may use customers’ information collected through cookies for the following purposes:
    • 1) Providing different information depending on individuals’ interests
    • 2) Identifying users’ tastes and interests by analyzing the access frequency or staying time of members or non-members, and using them for target marketing.
    • 3) Tracing the contents that users read attentively and providing tailor-made services in his/her next visit to the Company’s website.
    • 4) Providing guidance on a use period in using paid services.
    • 5) Analyzing customers’ habits and using them as a measure for the reshuffling of services.
  • C. All customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed, by clicking “Tools>Internet Options> Personal Information > Advanced on the upper menu bar of a web browser. However, if a customer rejects the installation of cookies, he/she/it may have inconvenience or difficulty in using services.
  • D. Cookies expire at the termination of a web browser or when users log out of services.

10. Chief Privacy Officer and Personal Information Handling Employees

  • A. The Company values the protection of customers’ personal information highly and does its best to ensure that their personal information is not damaged, compromised or leaked. However, the Company shall not be responsible for the information damaged by unexpected accidents that arise from basic dangers inherent at networks and all kinds of disputes that arise from postings made by visitors to the Company’s website, even though the Company has taken technological security measures.
  • B. The Company’s customer center offers swift and sincere replies to customers’ inquiries about the protection of their personal information. In addition, customers who wish to contact the chief privacy officer at the Company may contact him/her at the below telephone number or by e-mail. We will answer your inquiries on the protection of personal information swiftly and sincerely.
  • 1) Chief Privacy Officer
  • - Name: Myoungsoo Jeong
  • - Title: The Chairman of the Board
  • - Telephone number: 82-1661-5551
  • - E-mail: private@bitcash.com
  • 2) Personal Information Handling Employee
  • - Name: Cheolgeun Lee
  • - Title: Senior Manager
  • - Telephone No.: 82-1661-5551
  • - E-mail: private@bitcash.com
  • C. You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.
  • 1. Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
  • 2. Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 1301
  • 3. Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 182
  • 4. Personal Information Response Center (http://privacy.kisa.or.kr): 118

11. Notices

  • The Personal info processing policy was enacted on September 19, 2018. The Company shall announce any addition, deletion or modification of the content that is caused by changes in the government’s policies or security technologies on the Notices menu on its homepage 7 days before the effectuation of such addition, deletion or modification.
  • - Date of effectuation: October 1, 2018

Privacy Policy

  • BTC KoreaCom Corporation (hereinafter “Company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. The Company has also established the Guideline on Processing Personal Information in accordance with relevant statutes and protects the rights and interests of users.
  • As the Company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the Company’s policies, customers are recommended to pay frequent visits to our website and check details.
  • The Company’s Guideline on Processing Personal Information includes the following sections:

1. Personal Information Items Collected and Collection Method;

2. Purpose of Collecting and Using Personal Information;

3. Provision of Personal Information;

4. Outsourcing of Personal Information Processing;

5. Period of Retention and Use of Personal Information;

6. Procedure and Method for Destroying Personal Information;

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

8. Measures for Ensuring the Security of Personal Information;

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

10. Chief Privacy Officer and Personal Information Handling Employees

11. Notices

1. Personal Information Items Collected and Collection Method;

  • A.Personal information items collected
  • 1.The Company shall not collect any sensitive personal information which may lead to the infringement of human rights of users, including their race, ethnicity, ideas and creeds, place of birth and legal domicile, political orientations and criminal records, health status, and sexual life.
  • 2.The Company shall collect and use the following essential personal information:
    • 1)Verification of a user’s identity and his/her willingness to obtain membership
    • - general members: name, ID, password, passport no. (for foreigners only), cell phone number, email address, country of origin, secure password, residency(address)
    • - corporate members: name of company, name of representative, business registration number, contact telephone number, place of workplace address, e-mail address, password, country of operation, cell phone number, secure password
    • 2) Self-authentication for payments and funds withdrawals
    • - name, date of birth, account number, a copy of an identification card (any remaining information masked except for date of birth), cell phone number, secure password.
    • 3)Self-authentication for level up
    • - cell phone number, e-mail address, i-pin number, a copy of an identification card (any remaining information masked except for date of birth), Bank account no. for withdrawals, address , Connected information(CI), Duplicate membership verifying information (DI)
    • 4)Secure password initialization
    • - name, e-mail address, cell phone number, a copy of an identification card (any remaining information masked except for date of birth), a facial photo
    • 5)Prevention of use by fraudulent members and prevention of unauthorized use
    • - users’ IP address and date and time of their visit to the Company’s website
    • 6) Verification of users’ real name
    • - name, date of birth, gender
    • 3.The following information may be created and collected in the process of using or processing services:
    • - Records on using services, payment records, records on the suspension and termination of services, access logs, cookies, users’ IP address, records on fraudulent or abnormal uses of services.
    • B.Collection method
    • The Company shall collect personal information through the following methods:
    • - homepage, cell phone applications, cell phone web page, fax, telephone, consumer bulletin board, e-mail, and event application
    • - Collection of personal information through a tool for collecting created information

2. Purpose of Collecting and Using Personal Information;

  • The Company shall collect and use customers’ personal information for the following purposes:
  • A.Member management
  • - Self-authentication for the use of membership-based services, verification of individuals’ identity
  • - Prevention of use of services by fraudulent members and of unauthorized use
  • - Verification of users’ willingness to obtain membership and limitation on membership and the number of obtaining membership
  • - Identification of minors
  • - Records retention for consulting with customers, acceptance and handling of customers’ complaints and disputes resolution
  • - Delivery of notices
  • B.Performance of agreements on the provision of services and payment of charges
  • - Provision of services and contents, as well as tailored-made services
  • - Payment and settlement of fees
  • - Notification of the result of winning prizes at events/giveaways and delivery of products
  • C.Use for marketing and advertisements
  • - Providing optimized services for customers
  • - Developing and specializing in new services (products)
  • - Providing services and posting advertisements according to demographic traits
  • - Identifying the frequency of access to the Company’s homepage
  • - Statistics on the use of services
  • - Mailing periodicals and offering guidance on new products or services
  • - Planning web services and events that meet customers’ interests
  • - Delivering information on advertisements, such as giveaways and events, and operation of member communities
  • - Conducting customer questionnaire based survey

3. Provision of Personal Information;

  • The Company shall neither use nor provide customers’ personal information for any third party beyond the scope of which customers are notified upon collection of their information or the scope that is specified at the terms and conditions of the use of services, unless the customers agree or except for the following cases:
  • A. Partnership: The Company may provide customers’ personal information for its partners or share such information with its partners for the provision of better services. In case the Company does the foregoing acts, individual customers shall be notified in advance of who are our partners, what kinds of personal information items are provided or shared and why such personal information should be provided or shared and until when such information should be protected and managed, either in writing or e-mail, and give their consent to the provision and sharing of their personal information. If customers do not agree, the Company shall neither provide for its partners nor share their personal information with its partners. If there is any change in or termination of the Company’s partnership, the Company shall notify customers of such change or termination or seek their consent through the same procedure as described above.
  • B. Sale and merger and acquisition: If the Company sells its business, in whole or in part, or transfers and assumes the rights and obligations of any service providers, due to mergers and inheritances, the Company shall be sure to notify customers of such mergers and inheritances to guarantee customers their right related to the protection of their personal information.
  • C. Customers’ personal information is required for the performance of an agreement on the provision of services but it is significantly difficult to obtain customers’ ordinary consent due to economic and technological reasons.
  • D. Customers’ personal information is required for payments of fees in return for services
  • E. There is a special provision in other laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act. However, even if there is a special provision in laws compelling the provision of customers’ personal information and customers’ personal information is requested by an administrative or investigation agency for administrative or investigative purposes, the Company shall not provide such personal information unconditionally but only do so in accordance with legal procedures, including by way of a writ or a written request affixed with a seal of head of such agency as stipulated in laws.
  • F. A user inflicts mental and physical damage on others using the Company’s services and therefore, the Company has sufficient grounds to determine that such user’s personal information should be disclosed for the Company to take legal action against such infliction of harm.
  • Verification of details of personal information to be provided
  • Service Entity receiving personal information Items to be provided Retention period
    Verification of users’ real names, service of providing accounts for withdrawals and deposits NH Nonghyup Name, Date of birth, sex, mobile phone no. residential address, account no. Until withdrawal of membership or termination of a partnership agreement

4. Outsourcing of Personal Information Processing;

  • The Company may entrust the management of personal information to other entities to a limited extent to provide smooth and improved services. The following is a list of companies which are entrusted with the processing of personal information for the performance of service agreements with members. The Company stipulates matters required for the secure management of personal information upon execution of outsourcing agreements in accordance with relevant statutes.
  • Verification of Outsourced Companies
  • Outsourced company Purpose of outsourcing Retention period
    Think Full Co., Ltd. Service to prevent sign in stealing At the time of the withdrawal of the customership or until the termination of the trust agreement, when the statute establishes
    Settle Bank Co., Ltd. Payment without account (virtual account)
    IMI Corporation B Point mall service
    Korea Credit Bureau Co., Ltd. Ipin self-certification service Do not Save Separately (Information of the certified service provider)
    Korea Mobile Certification Co., Ltd. Mobile phone verification service
    BTC Korea Service Co., Ltd. Operation of customer centers and customer consulting Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Transcosmos Korea Inc.
    SUREM Co., Ltd. Send SMS
    LG U Plus
    Sweet Tracker
    Nice information Service Simple verification of real names Do not Save Separately (Information of the certified service provider)
    Coocon Nice information Service Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Korea Culture Promotion Inc. Barcode payment
    Win Cube Marketing Mobile coupons and payments via Bithumb Cash
    Korea Pay’s Service Payments via Bithumb Cash
    Inbiznet ARS Certification
    Slowalk Send E-mail
    Omnitel Mobile coupons

5. Period of Retention and Use of Personal Information;

  • A.Customers’ personal information shall be retained and used during a period when the Company provides services for customers. Upon a user’s withdrawal of membership, such user’s personal information shall be destroyed to ensure that his/her/its personal information is neither accessed nor used. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.
  • Records on payments and the supply of goods: three (5) years
  • - Records on payments and the supply of goods: three (5) years
  • - Records on the handling of customers’ complaints and disputes: three (3) years
  • B.If a customer demands access to transaction information that has been retained by the Company after obtaining the consent of such a customer, the Company shall immediately take a step to ensure that such information can be accessed and checked by such a customer.
  • C.A customer may illegally or expediently receive economic benefits offered by the Company, such as discount coupons and event giveaways, or is likely to use another’s name by repeatedly re-obtaining and re-terminating membership after withdrawing his/her/its membership. Therefore, the Company shall retain members’ names, dates of birth, IDs, and passwords for one month after withdrawal of their membership for the purpose of preventing such illegal and expedient acts.

6. Procedure and Method for Destroying Personal Information;

  • The Company shall immediately destroy personal information depending on the period of retention and use of such information once the purpose of using such information collected has been fulfilled through the following procedure and method and at the following timing:
  • A.Procedure and Timing for Destroying Personal Information
  • The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled, including termination of services, and a retention period of such information as stipulated by its internal guidelines and other relevant statutes (please, refer to the above period of retention and use of personal information) has elapsed. In general, if there is no remaining creditor and debtor relationship, the Company shall, upon withdrawal of membership, immediately delete any personal information that has been collected by the Company at the time of obtaining membership and afterwards managed in the form of electronic files.
  • B.Destruction method
  • Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

  • A. Users and legal representatives of children under fourteen years of age may, at any time, exercise the following rights to the personal information of themselves or such children that are registered at the Company.
  • - Right to demand access to personal information

    - Right to demand correcting errors in personal information, if any

    - Right to demand the deletion of personal information

    - Right to demand the suspension of personal information processing

  • B. Users and legal representatives of children under fourteen years of age may log into the Company’s homepage (www.bithumb.com) and access or modify the personal information of themselves or such children in the Member’s Information Change menu or may do so by sending e-mails or written requests to a chief privacy officer at the Company. However, members’ ID and names may not be modified.
  • C. Users and legal representatives of children under fourteen years of age may withdraw their consent to the ‘collection and use of personal information’ by e-mail, telephone or fax and in such case, shall reveal their or such children’s ID and e-mail address.
  • D. If users and legal representatives of children under fourteen years of age request the correction and deletion of errors in their personal information, the Company shall neither use nor provide such personal information until such errors are corrected or deleted. The Company shall handle the personal information that is terminated or deleted at the request of such users and legal representatives in accordance with ‘Period of Retention and Use of Personal Information’ and prohibit such information from being accessed or used for any purposes other than those stipulated in the ‘Period of Retention and Use of Personal Information.’

8. Measures for Ensuring the Security of Personal Information;

  • The Company has implemented the following measures required for ensuring security under the Personal Information Protection Act:
    • A. Protective measures for administrative purposes
    • 1)Establishment and implementation of an internal management plan
    • - Matters on the appointment of the chief privacy officer
    • - Matters on roles and responsibilities of a chief privacy officer and a personal information- handling employee
    • - Matters on measures for ensuring the security of personal information
    • - Matters on training on the personal information handling employee and companies entrusted with personal information processing
    • - Other matters required for the protection of personal information
    • 2) Conducting its own internal audits
    • - Matters on divisions of duties between the chief privacy officer and an auditor
    • - Matters on roles and responsibilities of an auditor on personal information-related matters
    • - Conducting regular internal audits for ensuring the security of personal information handling
    • B. Technological protection measures
    • 1) The Company operates a system designed to prevent the leakage of personal information in order to prevent the personal information-handling employee from leaking customers’ information. It also applies secure password algorithm to personal information that is transmitted via PCs and networks.
    • 2) The Company grants each personal information handling employee one user account that has different functions and the least right to access a personal information handling system, which is required for performing his/her duties. If such personal information handling employee is replaced, the Company shall modify or delete his/her right to access the system and retain related records for at least five (5) years. In addition, the Company has established and applies a rule of creating a password for the personal information handling employee.
    • 3) If the Company sends or receives individuals’ peculiar identification information and passwords via information communication networks or delivers them through supplementary storage mediums, it shall store them using commercial encryption software and encrypt passwords with secure password algorithms and store them in encrypted forms.
    • 4) The Company retains and manages records on the personal information handling employee’ s access to the personal information processing system for at least six (6) months and securely stores such records to ensure that such records are not forged, modified, stolen or lost.
    • 5) The Company installs and operates security programs, such as vaccine programs that can prevent or cure malicious programs in the personal information processing system or computers used for business purposes. It also conducts regular PC checkups by using the automatic update function of such security programs.
    • C. Physical protective measures
    • The Company has established and operates a procedure for controlling entry to and exit from physical sites where personal information is stored, such as computer rooms and archives. It also stores and manages documents and supplementary storage mediums containing personal information at locations secured with locks.

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

  • A. The Company may install and operate cookies that store and frequently retrieve customers’ information through Internet services provided by the Company. Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server. If a customer accesses the Company’s website, the Company may read the contents of cookies stored at such a customer’s web browser and provide services by searching for additional information, without requiring such a customer to enter such additional information, including his/her/its name.
    • B. The Company may use customers’ information collected through cookies for the following purposes:
    • 1) Providing different information depending on individuals’ interests
    • 2) Identifying users’ tastes and interests by analyzing the access frequency or staying time of members or non-members, and using them for target marketing.
    • 3) Tracing the contents that users read attentively and providing tailor-made services in his/her next visit to the Company’s website.
    • 4) Providing guidance on a use period in using paid services.
    • 5) Analyzing customers’ habits and using them as a measure for the reshuffling of services.
  • C. All customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed, by clicking “Tools>Internet Options> Personal Information > Advanced on the upper menu bar of a web browser. However, if a customer rejects the installation of cookies, he/she/it may have inconvenience or difficulty in using services.
  • D. Cookies expire at the termination of a web browser or when users log out of services.

10. Chief Privacy Officer and Personal Information Handling Employees

  • A. The Company values the protection of customers’ personal information highly and does its best to ensure that their personal information is not damaged, compromised or leaked. However, the Company shall not be responsible for the information damaged by unexpected accidents that arise from basic dangers inherent at networks and all kinds of disputes that arise from postings made by visitors to the Company’s website, even though the Company has taken technological security measures.
  • B. The Company’s customer center offers swift and sincere replies to customers’ inquiries about the protection of their personal information. In addition, customers who wish to contact the chief privacy officer at the Company may contact him/her at the below telephone number or by e-mail. We will answer your inquiries on the protection of personal information swiftly and sincerely.
  • 1) Chief Privacy Officer
  • - Name: Myoungsoo Jeong
  • - Title: The Chairman of the Board
  • - Telephone number: 82-1661-5551
  • - E-mail: private@bitcash.com
  • 2) Personal Information Handling Employee
  • - Name: Cheolgeun Lee
  • - Title: Senior Manager
  • - Telephone No.: 82-1661-5551
  • - E-mail: private@bitcash.com
  • C. You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.
  • 1. Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
  • 2. Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 1301
  • 3. Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 182
  • 4. Personal Information Response Center (http://privacy.kisa.or.kr): 118

11. Notices

  • The Personal info processing policy was enacted on September 19, 2018. The Company shall announce any addition, deletion or modification of the content that is caused by changes in the government’s policies or security technologies on the Notices menu on its homepage 7 days before the effectuation of such addition, deletion or modification.
  • - Date of effectuation: October 31, 2018

Privacy Policy

  • BTC KoreaCom Corporation (hereinafter “Company”) values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Protection of Consumers in e-commerce and Other Transactions Act, the Protection of Communication Secrets Act, the Telecommunications Business Act, the Personal Information Protection Act, and administrative guidelines issued by administrative agencies. The Company has also established the Guideline on Processing Personal Information in accordance with relevant statutes and protects the rights and interests of users.
  • As the Company’s guideline on processing personal information may be changed, subject to changes in laws or guidelines related to the protection of personal information or the Company’s policies, customers are recommended to pay frequent visits to our website and check details.
  • The Company’s Guideline on Processing Personal Information includes the following sections:

1. Personal Information Items Collected and Collection Method;

2. Purpose of Collecting and Using Personal Information;

3. Provision of Personal Information;

4. Outsourcing of Personal Information Processing;

5. Period of Retention and Use of Personal Information;

6. Procedure and Method for Destroying Personal Information;

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

8. Measures for Ensuring the Security of Personal Information;

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

10. Chief Privacy Officer and Personal Information Handling Employees

11. Notices

1. Personal Information Items Collected and Collection Method;

  • A.Personal information items collected
  • 1.The Company shall not collect any sensitive personal information which may lead to the infringement of human rights of users, including their race, ethnicity, ideas and creeds, place of birth and legal domicile, political orientations and criminal records, health status, and sexual life.
  • 2.The Company shall collect and use the following essential personal information:
    • 1)Verification of a user’s identity and his/her willingness to obtain membership
    • - general members: name, ID, password, passport no. (for foreigners only), cell phone number, email address, country of origin, secure password, residency(address)
    • - corporate members: name of company, name of representative, business registration number, contact telephone number, place of workplace address, e-mail address, password, country of operation, cell phone number, secure password
    • 2) Self-authentication for payments and funds withdrawals
    • - name, date of birth, account number, a copy of an identification card (any remaining information masked except for date of birth), cell phone number, secure password.
    • 3)Self-authentication for level up
    • - cell phone number, e-mail address, i-pin number, a copy of an identification card (any remaining information masked except for date of birth), Bank account no. for withdrawals, address
    • 4)Secure password initialization
    • - name, e-mail address, cell phone number, a copy of an identification card (any remaining information masked except for date of birth), a facial photo
    • 5)Prevention of use by fraudulent members and prevention of unauthorized use
    • - users’ IP address and date and time of their visit to the Company’s website
    • 6) Verification of users’ real name
    • - name, date of birth, gender
    • 3.The following information may be created and collected in the process of using or processing services:
    • - Records on using services, payment records, records on the suspension and termination of services, access logs, cookies, users’ IP address, records on fraudulent or abnormal uses of services.
    • B.Collection method
    • The Company shall collect personal information through the following methods:
    • - homepage, cell phone applications, cell phone web page, fax, telephone, consumer bulletin board, e-mail, and event application
    • - Collection of personal information through a tool for collecting created information

2. Purpose of Collecting and Using Personal Information;

  • The Company shall collect and use customers’ personal information for the following purposes:
  • A.Member management
  • - Self-authentication for the use of membership-based services, verification of individuals’ identity
  • - Prevention of use of services by fraudulent members and of unauthorized use
  • - Verification of users’ willingness to obtain membership and limitation on membership and the number of obtaining membership
  • - Identification of minors
  • - Records retention for consulting with customers, acceptance and handling of customers’ complaints and disputes resolution
  • - Delivery of notices
  • B.Performance of agreements on the provision of services and payment of charges
  • - Provision of services and contents, as well as tailored-made services
  • - Payment and settlement of fees
  • - Notification of the result of winning prizes at events/giveaways and delivery of products
  • C.Use for marketing and advertisements
  • - Providing optimized services for customers
  • - Developing and specializing in new services (products)
  • - Providing services and posting advertisements according to demographic traits
  • - Identifying the frequency of access to the Company’s homepage
  • - Statistics on the use of services
  • - Mailing periodicals and offering guidance on new products or services
  • - Planning web services and events that meet customers’ interests
  • - Delivering information on advertisements, such as giveaways and events, and operation of member communities
  • - Conducting customer questionnaire based survey

3. Provision of Personal Information;

  • The Company shall neither use nor provide customers’ personal information for any third party beyond the scope of which customers are notified upon collection of their information or the scope that is specified at the terms and conditions of the use of services, unless the customers agree or except for the following cases:
  • A. Partnership: The Company may provide customers’ personal information for its partners or share such information with its partners for the provision of better services. In case the Company does the foregoing acts, individual customers shall be notified in advance of who are our partners, what kinds of personal information items are provided or shared and why such personal information should be provided or shared and until when such information should be protected and managed, either in writing or e-mail, and give their consent to the provision and sharing of their personal information. If customers do not agree, the Company shall neither provide for its partners nor share their personal information with its partners. If there is any change in or termination of the Company’s partnership, the Company shall notify customers of such change or termination or seek their consent through the same procedure as described above.
  • B. Sale and merger and acquisition: If the Company sells its business, in whole or in part, or transfers and assumes the rights and obligations of any service providers, due to mergers and inheritances, the Company shall be sure to notify customers of such mergers and inheritances to guarantee customers their right related to the protection of their personal information.
  • C. Customers’ personal information is required for the performance of an agreement on the provision of services but it is significantly difficult to obtain customers’ ordinary consent due to economic and technological reasons.
  • D. Customers’ personal information is required for payments of fees in return for services
  • E. There is a special provision in other laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act. However, even if there is a special provision in laws compelling the provision of customers’ personal information and customers’ personal information is requested by an administrative or investigation agency for administrative or investigative purposes, the Company shall not provide such personal information unconditionally but only do so in accordance with legal procedures, including by way of a writ or a written request affixed with a seal of head of such agency as stipulated in laws.
  • F. A user inflicts mental and physical damage on others using the Company’s services and therefore, the Company has sufficient grounds to determine that such user’s personal information should be disclosed for the Company to take legal action against such infliction of harm.
  • Verification of details of personal information to be provided
  • Service Entity receiving personal information Items to be provided Retention period
    Verification of users’ real names, service of providing accounts for withdrawals and deposits NH Nonghyup Name, Date of birth, sex, mobile phone no. residential address, account no. Until withdrawal of membership or termination of a partnership agreement

4. Outsourcing of Personal Information Processing;

  • The Company may entrust the management of personal information to other entities to a limited extent to provide smooth and improved services. The following is a list of companies which are entrusted with the processing of personal information for the performance of service agreements with members. The Company stipulates matters required for the secure management of personal information upon execution of outsourcing agreements in accordance with relevant statutes.
  • Verification of Outsourced Companies
  • Outsourced company Purpose of outsourcing Retention period
    Think Full Co., Ltd. Service to prevent sign in stealing At the time of the withdrawal of the customership or until the termination of the trust agreement, when the statute establishes
    Settle Bank Co., Ltd. Payment without account (virtual account)
    IMI Corporation B Point mall service
    Korea Credit Bureau Co., Ltd. Ipin self-certification service Do not Save Separately (Information of the certified service provider)
    Korea Mobile Certification Co., Ltd. Mobile phone verification service
    BTC Korea Service Co., Ltd. Operation of customer centers and customer consulting Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Transcosmos Korea Inc.
    SUREM Co., Ltd. Send SMS
    LG U Plus
    Sweet Tracker
    Nice information Service Simple verification of real names Do not Save Separately (Information of the certified service provider)
    Coocon Nice information Service Until the withdrawal of membership or the termination of outsourcing agreements or the time as stipulated by statutes
    Korea Culture Promotion Inc. Barcode payment
    Win Cube Marketing Mobile coupons and payments via Bithumb Cash
    Korea Pay’s Service Payments via Bithumb Cash
    Inbiznet ARS Certification
    Slowalk Send E-mail
    Omnitel Mobile coupons

5. Period of Retention and Use of Personal Information;

  • A.Customers’ personal information shall be retained and used during a period when the Company provides services for customers. Upon a user’s withdrawal of membership, such user’s personal information shall be destroyed to ensure that his/her/its personal information is neither accessed nor used. However, if such user’s personal information needs to be retained in accordance with the provisions of relevant statutes, it shall be retained in accordance with the following provisions.
  • Records on payments and the supply of goods: three (5) years
  • - Records on payments and the supply of goods: three (5) years
  • - Records on the handling of customers’ complaints and disputes: three (3) years
  • B.If a customer demands access to transaction information that has been retained by the Company after obtaining the consent of such a customer, the Company shall immediately take a step to ensure that such information can be accessed and checked by such a customer.
  • C.A customer may illegally or expediently receive economic benefits offered by the Company, such as discount coupons and event giveaways, or is likely to use another’s name by repeatedly re-obtaining and re-terminating membership after withdrawing his/her/its membership. Therefore, the Company shall retain members’ names, dates of birth, IDs, and passwords for one month after withdrawal of their membership for the purpose of preventing such illegal and expedient acts.

6. Procedure and Method for Destroying Personal Information;

  • Once the objectives of the collected personal information are fulfilled, "the Company" will destroy or store separately without hesitation said information according to the storage or usage terms. The process, time frame, and methods are as follows.
  • A.Procedure and Timing for Destroying Personal Information
  • The Company shall immediately destroy the personal information provided by customers to obtain membership after the purpose of using such information has been fulfilled, including termination of services, and a retention period of such information as stipulated by its internal guidelines and other relevant statutes (please, refer to the above period of retention and use of personal information) has elapsed. In general, if there is no remaining creditor and debtor relationship, the Company shall, upon withdrawal of membership, immediately delete any personal information that has been collected by the Company at the time of obtaining membership and afterwards managed in the form of electronic files.
  • B.Destruction method
  • Any person information printed out on papers shall be destroyed by being shredded through shredders or burnt or dissolved through chemical solutions and any personal information stored in electronic files shall be deleted through technological methods that cannot reproduce such files.
  • C. Separate storage time frame and method
  • As per the 'Personal information expiry system, a user account that has not used the service for 1 year will be switched to a dormant state. Dormant members' personal information are separately stored and managed with restricted access and security.

7. Rights of Users and Legal Representatives and Methods for Exercising Their Rights;

  • A. Users and legal representatives of children under fourteen years of age may, at any time, exercise the following rights to the personal information of themselves or such children that are registered at the Company.
  • - Right to demand access to personal information

    - Right to demand correcting errors in personal information, if any

    - Right to demand the deletion of personal information

    - Right to demand the suspension of personal information processing

  • B. Users and legal representatives of children under fourteen years of age may log into the Company’s homepage (www.bithumb.com) and access or modify the personal information of themselves or such children in the Member’s Information Change menu or may do so by sending e-mails or written requests to a chief privacy officer at the Company. However, members’ ID and names may not be modified.
  • C. Users and legal representatives of children under fourteen years of age may withdraw their consent to the ‘collection and use of personal information’ by e-mail, telephone or fax and in such case, shall reveal their or such children’s ID and e-mail address.
  • D. If users and legal representatives of children under fourteen years of age request the correction and deletion of errors in their personal information, the Company shall neither use nor provide such personal information until such errors are corrected or deleted. The Company shall handle the personal information that is terminated or deleted at the request of such users and legal representatives in accordance with ‘Period of Retention and Use of Personal Information’ and prohibit such information from being accessed or used for any purposes other than those stipulated in the ‘Period of Retention and Use of Personal Information.’

8. Measures for Ensuring the Security of Personal Information;

  • The Company has implemented the following measures required for ensuring security under the Personal Information Protection Act:
    • A. Protective measures for administrative purposes
    • 1)Establishment and implementation of an internal management plan
    • - Matters on the appointment of the chief privacy officer
    • - Matters on roles and responsibilities of a chief privacy officer and a personal information- handling employee
    • - Matters on measures for ensuring the security of personal information
    • - Matters on training on the personal information handling employee and companies entrusted with personal information processing
    • - Other matters required for the protection of personal information
    • 2) Conducting its own internal audits
    • - Matters on divisions of duties between the chief privacy officer and an auditor
    • - Matters on roles and responsibilities of an auditor on personal information-related matters
    • - Conducting regular internal audits for ensuring the security of personal information handling
    • B. Technological protection measures
    • 1) The Company operates a system designed to prevent the leakage of personal information in order to prevent the personal information-handling employee from leaking customers’ information. It also applies secure password algorithm to personal information that is transmitted via PCs and networks.
    • 2) The Company grants each personal information handling employee one user account that has different functions and the least right to access a personal information handling system, which is required for performing his/her duties. If such personal information handling employee is replaced, the Company shall modify or delete his/her right to access the system and retain related records for at least five (5) years. In addition, the Company has established and applies a rule of creating a password for the personal information handling employee.
    • 3) If the Company sends or receives individuals’ peculiar identification information and passwords via information communication networks or delivers them through supplementary storage mediums, it shall store them using commercial encryption software and encrypt passwords with secure password algorithms and store them in encrypted forms.
    • 4) The Company retains and manages records on the personal information handling employee’ s access to the personal information processing system for at least six (6) months and securely stores such records to ensure that such records are not forged, modified, stolen or lost.
    • 5) The Company installs and operates security programs, such as vaccine programs that can prevent or cure malicious programs in the personal information processing system or computers used for business purposes. It also conducts regular PC checkups by using the automatic update function of such security programs.
    • C. Physical protective measures
    • The Company has established and operates a procedure for controlling entry to and exit from physical sites where personal information is stored, such as computer rooms and archives. It also stores and manages documents and supplementary storage mediums containing personal information at locations secured with locks.

9. Matters on the Installation and Operation of Personal Information Automatic Collection Devices (cookies) and Rejection of Cookies;

  • A. The Company may install and operate cookies that store and frequently retrieve customers’ information through Internet services provided by the Company. Cookies mean a string of characters that a web server sends to a web browser to store it there and that is sent back to the server at the request of the server. If a customer accesses the Company’s website, the Company may read the contents of cookies stored at such a customer’s web browser and provide services by searching for additional information, without requiring such a customer to enter such additional information, including his/her/its name.
    • B. The Company may use customers’ information collected through cookies for the following purposes:
    • 1) Providing different information depending on individuals’ interests
    • 2) Identifying users’ tastes and interests by analyzing the access frequency or staying time of members or non-members, and using them for target marketing.
    • 3) Tracing the contents that users read attentively and providing tailor-made services in his/her next visit to the Company’s website.
    • 4) Providing guidance on a use period in using paid services.
    • 5) Analyzing customers’ habits and using them as a measure for the reshuffling of services.
  • C. All customers have the right of choice over installation of cookies. They may accept or reject all cookies or receive notices whenever cookies are installed, by clicking “Tools>Internet Options> Personal Information > Advanced on the upper menu bar of a web browser. However, if a customer rejects the installation of cookies, he/she/it may have inconvenience or difficulty in using services.
  • D. Cookies expire at the termination of a web browser or when users log out of services.

10. Chief Privacy Officer and Personal Information Handling Employees

  • A. The Company values the protection of customers’ personal information highly and does its best to ensure that their personal information is not damaged, compromised or leaked. However, the Company shall not be responsible for the information damaged by unexpected accidents that arise from basic dangers inherent at networks and all kinds of disputes that arise from postings made by visitors to the Company’s website, even though the Company has taken technological security measures.
  • B. The Company’s customer center offers swift and sincere replies to customers’ inquiries about the protection of their personal information. In addition, customers who wish to contact the chief privacy officer at the Company may contact him/her at the below telephone number or by e-mail. We will answer your inquiries on the protection of personal information swiftly and sincerely.
  • 1) Chief Privacy Officer
  • - Name: Myoungsoo Jeong
  • - Title: The Chairman of the Board
  • - Telephone number: 82-1661-5551
  • - E-mail: private@bitcash.com
  • 2) Personal Information Handling Employee
  • - Name: Cheolgeun Lee
  • - Title: Senior Manager
  • - Telephone No.: 82-1661-5551
  • - E-mail: private@bitcash.com
  • C. You may make inquiries to the Personal Information Dispute Mediation Committee, Supreme Prosecutors’ Office, Korea National Policy Agency, Korea Internet & Security Agency if you need consulting to seek remedies for your compromised personal information.
  • 1. Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
  • 2. Supreme Prosecutors’ Office, National Digital Forensic Center (http://www.spo.go.kr): 1301
  • 3. Korea National Policy Agency, Cyber Bureau (http://cyberbureau.police.go.kr): 182
  • 4. Personal Information Response Center (http://privacy.kisa.or.kr): 118

11. Notices

  • guideline that is caused by changes in the government’s policies or security technologies on the Notices menu on its homepage seven (7) days before the effectuation of such addition, deletion or modification.
  • - Date of effectuation: November 5, 2018

confirm