1. Purpose of processing personal information
ONYOUSOFT (hereinafter referred to as the "Company") processes personal information for the following purposes and does not use it for any purpose other than the following.
- Confirmation of your intention to subscribe, identification and authentication for the provision of services to you, maintenance and management of your membership, payment for the supply of goods or services, supply of goods or services, delivery of goods or services, etc.
- LPKMusic may allow you to connect and access your Google Drive. In this case, we will access certain information from Google Drive using Google API Services. We may collect email and access tokens. When disconnecting a Google Drive account on LPKMusic, LPKMusic will delete the stored data associated with that Google Drive. In addition, you can revoke access via Google’s security settings page.
2. Processing and retention period of personal data
① The Company shall process and retain personal information within the period of personal information retention and use agreed upon when collecting personal information from the information subject or within the period of personal information retention and use in accordance with laws and regulations.
② The specific personal data processing and retention periods are as follows
Customer subscription and management: Until the termination of the service use contract or membership, but in the case of debt or debt relationship, until the settlement of such debt or debt relationship
- Records of contract and contract withdrawal, payment, and supply of goods in e-commerce: 5 years
3. Disclosure of personal information to third parties
① The Company will only provide personal information to third parties in accordance with Articles 17 and 18 of the Personal Information Protection Act, including the consent of the data subject and special provisions of the law.
② We provide personal information to third parties as follows
4. Outsourcing the processing of personal data
① The Company entrusts the processing of personal information as follows to ensure the smooth processing of personal information.
② In accordance with Article 25 of the Personal Information Protection Act, when entering into an entrustment contract, the Company specifies in documents such as contracts the prohibition of processing personal information for purposes other than the performance of entrusted tasks, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the entrustee, and responsibilities such as compensation for damages, and supervises whether the entrustee handles personal information safely.
③ If the content of the consignment or the trustee changes, we will disclose it through this privacy policy without delay.
5. Rights and obligations of the information subject and legal representative and how to exercise them You may exercise the following rights as a personal information subject.
① The data subject may exercise any of the following privacy rights against the Company at any time
1. Request access to personal information
2. Require correction of errors, etc.
3. Request deletion
4. Request a stop processing
6. Create an entry for the personal data you process
① We process the following categories of personal data
7. Destruction of personal information In principle, the Company will destroy personal information without delay when the purpose of processing personal information has been achieved. The procedure, deadline and method of destruction are as follows.
-Destruction process
The information entered by the user is transferred to a separate database (separate documents in case of paper) after the purpose is achieved and stored for a certain period of time in accordance with internal policies and other relevant laws or destroyed immediately. In this case, the personal information transferred to the DB will not be used for any other purpose unless required by law.
-Destroyed
Your personal information will be destroyed within 5 days from the end of the retention period if the retention period has expired, or within 5 days from the date the personal information is deemed unnecessary, such as when the purpose of processing the personal information is achieved, the service is abolished, or the business is terminated.
8. Installation, operation and refusal of automatic personal information collection devices
The following information may be automatically generated and collected in the course of service use or business processing.
Your browser type and OS, browsing history (IP address, access times), cookies
9. Create a privacy officer
① The Company has designated a personal information protection officer as follows to take overall responsibility for the processing of personal information and to handle complaints and damage relief from information subjects related to the processing of personal information.
▶ Privacy Officer
Contact : support@onu-soft.com
※ You will be directed to the Privacy Office.
▶ Privacy Officer
Contact : support@onu-soft.com
② The information subject may inquire about all personal information protection-related inquiries, complaints, damage relief, etc. arising from the use of the Company's services (or business) to the person in charge of personal information protection and the department in charge. The Company will respond to and handle inquiries from information subjects without delay.
10. Changing your privacy policy
①This Privacy Policy will be applied from the effective date, and any additions, deletions, and corrections to the contents in accordance with laws and policies will be notified through a notice 7 days prior to the effective date of the changes.
11. Measures to ensure the safety of personal information In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical/administrative and physical measures to ensure safety.
1. Conduct regular self-audits
We conduct self-audits on a regular basis (once a quarter) to ensure the reliability of our handling of personal information.
2. Minimise and train personal information handling staff
We take measures to manage personal information by designating and limiting the number of employees who handle personal information to those in charge.
3. Establish and implement an internal control plan
We have established and implemented an internal management plan for the safe handling of personal information.
4. Encryption of personal data
Your personal information is stored and managed in encrypted form so that only you know your password, and for sensitive data, we use additional security features such as encrypting files and transmitted data or locking files.
5. Restrict access to personal information
The Company takes necessary measures to control access to personal information by granting, changing, and cancelling access rights to the database system that processes personal information, and controls unauthorised access from the outside using an intrusion prevention system.
6. Controlling access for unauthorised people
We have a separate physical storage location for personal information and have established and operated access control procedures for it.