Privacy Policy

CONTENTS DEAL PTE. LTD. (hereinafter “ContentsDeal”) highly values the personal information of our customers and complies with the applicable privacy laws of the Republic of Korea laws including the following: “Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc.,” “Act on the Consumer Protection in Electronic Commerce, etc.,” “Protection of Communications Secrets Act,” “Telecommunications Business Act,” and “Personal Information Protection Act”, as well as the administrative procedures guidelines of administrative institutions. The rights of the user are protected as the privacy policy has been drafted according to the concerned laws and regulations. Please check the privacy policy whenever you visit the website, as the ContentsDeal privacy policy is subject to change as laws or regulations concerning personal regulation undergo revision. The contents contained within this document may be provided in other languages at the user’s request, but in the event that a mistranslation or translation error occurs, the Korean version will take precedence.

The ContentsDeal privacy policy contains following items:

Table of Contents

1. Collected Personal Information, Method, and Purpose of Use
  • A. Required personal information
  • B. Optional personal information
  • C. Prevention of improper or unauthorized use by unauthorized parties
  • D. Items created and collected during use of service
  • E. Purpose and period of legally complaint user information collection and use
2. Personal Information Provision
  • A. Partnership
  • B. Selling, merger & acquisition, etc.
  • C. Service provision agreement
  • D. Service provision based price adjustment
  • E. Pertinent provision exists in other regulation
  • F. Psychological or physical damage incurred to others from use of our service
  • G. Disclosure of personal information to 3rd parties
3. Entrustment of Personal Information Handling
4. International Personal Information Transfer
5. Personal Information Deletion Procedure and Method
  • A. Procedure and time
  • B. Method
  • C. Separate storage time and method
6. User/Legal Representative Rights and How to Exercise these Rights
7. Safety Precautions for Personal Information Safety
  • A. Establishment and execution of internal management plan
  • B. Execution of regular self-audit
8. Regarding the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
9. Personal Information Protector and Overseer
10. Privacy Policy Change Notice
1. Collected Personal Information, Method, and Purpose of Use

ContentsDeal only collects the minimal essential personal information according to the provisions outlined in the following sections, and collection of sensitive information (race, ethnic group, ideology, beliefs, birth place, domicile of origin, political orientation, criminal records, health condition, sexual preference, etc.) deemed unethical will not be collected.

A. Required personal information

The following information is collected according to legal requirement such that ContentsDeal can verify user identification during registration and during future website use.

Collection Method Purpose of Use Collected Items Period of Possession
Registration - Basic service use and consultation management
- Prevention of improper membership use
- Basic data for service organization
- Notification communication path security
- Verification of user intention and membership/sign up restriction
E-mail address (login ID), password, nationality Disposed of immediately once purpose is fulfilled (e.g., account deletion). This does not apply, however, to information stored separately due to legal necessity or corporate policy. E-mail address is stored permanently after encryption to prevent rejoining after deleting account.
Exchange service use Mandatory transaction authentication
- Check for duplicate registration
- Checking for unserviceable customers
- User/real-name verification for membership service use
Name, birth date, mobile phone number (SMS), duplicate registration information (DI), connected information (CI)
Withdrawal verification
- Prevention of improper membership use
- Duplicate registration check
- Withdrawal information for transaction service use
- Fee payment and calculation
KYC authentication (ID card copy with last few digits of resident identification number/passport number covered), duplicate registration information (DI), connected information (CI)
Integrated wallet address name for STAR and KST sending Simplified address
Phone call information Verification of communication logistics and service quality statistics Caller identification, call send/receive time, conversation details and processing result Stored for 12 months according to the Protection of Communications Secrets Act.
B. Optional personal information
Collection method Purpose of use Collected Items Period of Possession
Registration Provision of personal benefits Recommender code Disposed of immediately once purpose is fulfilled (e.g., account deletion). This does not apply, however, to information stored separately due to legal necessity or corporate policy.
Exchange service use Simple access and prevention of improper membership use. Face ID, one-time security number (Google OTP), PIN number (secondary password)
Site, APP, fax, phone, SMS, e-mail Customer survey, event submission information, distribution of periodical publications, new product/service information E-mail (ID), name, mobile phone number, address, simple wallet (may vary based on event) Disposed of once purpose is fulfilled. However, if legal necessity dictates that information must be preserved or if given user consent, information will be stored for the required period.
Entered information Preservation of records for user consultation and support inquiries, dispute resolution Name, contact info., e-mail Stored for 3 years according to the Act on the Consumer Protection in Electronic Commerce, etc.
C. Prevention of improper or unauthorized use by unauthorized parties
Collection method Grounds for Preservation Preservation Period
Improper use record For the prevention of improper use and investigation data submission 5 years
Deleted account information Responding to user inquiry regarding past service use 6 months
Encrypted ID information Prevention of rejoining with the same ID Permanent
D. Items created and collected during use of service
Collected Items Purpose of use Period of Possession
Service usage record, site visitation record, payment and transaction record, service suspension and withdrawal record, access logs, user IP address, cookies that record invalid or improper usage Service usage record confirmation, prohibition of illegal activities and improper usage specifically prohibited by law, service terms and conditions & detailed user guide, fulfillment of duty to provide the information required by law, analysis of the frequency of access, statistics analysis for the provision of individualized user service, service system infrastructure expansion for the provision of smooth service Until purpose of personal information use is achieved or until account is deleted. However, if preservation is deemed necessary by law, information will be stored separately for as long as required.
E. Purpose and period of legally complaint user information collection and use
Legal/corporate policy Purpose of collection and use Items to be collected Possession and usage period
Protection of Communications Secrets Act Communication logistics data provision Log record, access location, etc. 3 months
Act on the Consumer Protection in Electronic Commerce, etc. Collection of display/advertisement records Display/advertisement records 6 months
Record payment settlement and product supply Payment settlement and product supply records 5 years
Record contract or subscription withdrawal Customer identification information contract/subscription withdrawal records 5 years
Record user service interactions and disputes Customer service disputes and ID information records 3 years
Corporate policy Membership abuse (improper transaction) Electronic messages, mobile phone number, unique device number, e-mail, etc. 3 years after account deletion
2. Personal Information Provision

ContentsDeal does not use user personal information for reasons beyond those notified to the user at the time of the collection or specified in the service terms and conditions nor will it be provided to any 3rd parties. This does not apply, however, to cases in which user permission has already been obtained or in the cases listed below:

A. Partnership: For the provision of better service, user personal information may be provided to or shared with affiliated companies. In such cases, the identity of the affiliated company, the nature of the personal information being provided or shared, why such personal information needs to be shared, and the duration and security of information keeping will be informed to the user in advance via letter, e-mail or website notification. Permission is obtained for each incident of the above case and personal information will not be provided or shared with affiliated companies if the user chooses not to agree. However, this may cause issues in using partnered services.

In the event that a partnership is terminated and the partnered service is discontinued, users will be notified through the above procedure, but user agreement may be omitted. Information that has been provided to the partner company will no longer be provided unless there is a separate agreement between the partnered company and the user.

B. Selling, merger & acquisition, etc.: In the event that all or part of the enterprise is transferred or rights/duties of the service provider are transferred/succeeded due to merger or inheritance, the details of the procedure will be notified to customers through a letter, e-mail, or website notification to guarantee the protection of personal information. User agreement is omitted.

C. Service provision agreement: In the event that economic/technical reasons cause the process of collecting personal information agreement necessary for the implementation of a service provision agreement to be noticeably difficult, the details of the event will be notified to the user through a letter, e-mail, and website notification, but the user agreement will be omitted.

D. Service provision based price adjustment: In the event that service provision based price adjustment is required, the separate user notification and agreement will be omitted.

E. Pertinent provision exists in other regulation: In the event that pertinent provisions exist in other regulations (Protection of Communications Secrets Act, Framework Act on National Taxes, Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc., Real Name Financial Transactions Act, Use and Protection of Credit Information Act, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Law, Framework Act on Consumers, Bank of Korea Act, Criminal Procedure Code, etc.), the request of personal information for investigative purposes from an administrative institution will not prompt the unconditional provision of the requested personal information. In such cases, personal information will be provided in accordance to lawful procedure only when a warrant or letter with the seal of the head of the institution has been provided, and a separate user notification/request for agreement will be omitted.

F. Psychological or physical damage incurred to others from use of our service: In the event that there is sufficient evidence (i.e., a letter with a seal of the head of the institution) that there is a need to disclose user personal information in order to take a legal action prompted by psychological or physical damage to others from use of our service, the requested information will be provided without user agreement.

G. Disclosure of personal information to 3rd parties: ContentsDeal does not provide user personal information to third parties. However, ContentsDeal will provide personal information to third parties when there permission from the user has been obtained or when obligated to by law.

3. Entrustment of Personal Information Handling

ContentsDeal may provide other companies within scope of the establishment with user personal information to ensure a high-quality and reliable service environment for our users. The following parties are entrusted with the handling of personal information in compliance with service contract are as follows, and these companies entrusted are held liable by the Information Communications Network Act to process and handle personal information safely:

[Parties Entrusted with Personal Information Processing]

Trustee Purpose Period of Possession
Seoul Credit Rating & Information Inc. Mobile identification (occupation) service Not stored separately
(Information possessed by identification service provider)
KSNet Confirmation of financial account information, use of purchasing/financial VAN Until account deletion,
expiration of the entrustment contract,
or date specified by law
(possessed by KSNet and ContentsDeal)
Amazon Web Services E-mail delivery
Amazon Web Services
HHH LAB
SMS, LMS, and notification delivery
ContentsDeal development and maintenance
STAR KST Co.,Ltd Customer service center and customer information management
KSTAR PLAY Co.,Ltd Events, advertising and marketing
KSTAR AD Co.,Ltd
KSTAR MUSIC Co.,Ltd ContentsDeal operation
4. International Personal Information Transfer

International cloud service is employed for smooth provision of service and the enhancement of user convenience. The transfer of personal information internationally resulting from this is as follows:

Recipient Sent items Transfer country/date/method Purpose Possession/usage period
- Company: Amazon Web Services, Inc.
- Address: P.O. Box 81226 Seattle, WA 98108-1226
- Phone: +1 (206) 266-4064
- Fax: +1 (206) 266-7010
E-mail, access IP, cookies, service usage records, access logs, personal identification verification data - Country: Amazon Global Cloud service provider country (US)
- Date: Dates members signed up and used service and uploaded files
- Method: Data location will be uploaded to server in the Global Cloud through a private network equipped with enhanced security.
Provision of Global Cloud service essential for site operation Until member deletes account or contract expires
5. Personal Information Deletion Procedure and Method

ContentsDeal will immediately dispose of personal information after the purpose of use has been achieved. The disposal procedure, method, and time are as follows:

A. Procedure and time

Personal information registered by the user upon creating an account will be immediately disposed of after the period of possession has expired according to corporate policy and legal obligation (Refer to personal information possession and usage period above) has been achieved due to service cancellation, etc. If there are no remaining financial ties between the user and ContentsDeal, personal information collected upon joining ContentsDeal and managed as electronic files will be immediately deleted at the time of account deletion.

B. Method

Personal information printed on paper will be disposed of via paper shredder or chemical treatment. Personal information stored as an electronic file will be deleted using technology that ensures that records cannot be restored.

C. Separate storage time and method

According to the “valid period for personal information,” if the service has not been used for 1 year, the account of the user will be rendered inactive. The personal information of an inactive account will be stored separately and will be managed by limiting access and applying security measures.

6. User/Legal Representative Rights and How to Exercise these Rights

A. A user or the user’s legal representative may view or correct personal information by logging into the ContentsDeal website and clicking the “Revise Member Information” menu, or by sending an e-mail or letter to a ContentsDeal personal information protection manager. Member ID and name cannot be edited. Changing information deemed to be critical, such as passwords, may prompt ContentsDeal to request additional data or face-to-face verification to verify the user’s identify.
B. Withdrawal from a personal information collection and use agreement can be done in person or via e-mail, phone, or fax according to the designated procedure. In such cases, member ID and e-mail address must be provided.
C. In the event that a personal information correction or deletion is requested, the personal information will not be used or distributed until the process is complete. Furthermore, ContentsDeal will process personal information that has been withdrawn or deleted at user or legal representative request according to the parameters specified in “Personal Information Possession and Usage Period,” and personal information will be protected to prevent it from being viewed or used for other purposes.

7. Safety Precautions for Personal Information Safety

ContentsDeal implements required safety precautions necessary for providing secure service compliant with the Personal Information Protection Act as stated in each of following items below:

A. Establishment and execution of internal management plan
- Designation of a personal information protection manager
- Roles and responsibilities of a personal information protection manager and a personal information handler
- Measures required to secure personal information security
- Personal information handler and entrusted company training
- Other provisions necessary for personal information security

B. Regular self-audit
- Separation of personal information protection manager and auditor roles
- Personal information auditor roles and responsibilities
- Regular self audit for personal information security

ContentsDeal implements required safety precautions necessary for providing secure service compliant with the Personal Information Protection Act as stated in each of following items below:

C. To prevent the release of user personal information from personal information handlers, a personal information release prevention system is in full effect along with a safe encryption algorithm for information sent to the PC or is transmitted on the network.

D. Personal information processing system access privileges the personal information are limited to the minimum range required for task execution and only one user account is assigned to each overseer. If the personal information handler is changed, personal information system access privileges will be changed or revoked, and records of this will be stored for 5 years. Additionally, password creation standards for personal information handlers are in full effect.

E. In the event that unique identification information and the password of a user is sent/received through the information network or supplementary storage media, the information will be saved as commercial encryption software and the password will be saved after encryption via safe encryption algorithm.

F. Personal information handler must store/manage the record of accessing the personal information processing system for at least 6 months and the access record will be safely stored so as to not become forged, stolen or lost.

G. Security programs such as vaccine software that can prevent and treat malware in the personal information processing system and office PCs are active, and security program automatic updates are in effect along with periodic terminal (PC) inspection.

ContentsDeal implements required physical precautions necessary for providing secure service compliant with the Personal Information Protection Act as stated in each of following items below:

H. A controlled access procedure for the personal information physical storage space is in full effect, and documents and supplementary storage media that contain personal information are stored and managed in a safe place equipped with a locking device.

I. Separation between internal and external networks policy is in effect.

8. Regarding the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

A. Cookies are small amounts of user information that the website transmits to the browser (Internet Explorer, Chrome, Firefox, etc.) ContentsDeal uses cookies that constantly saves user information to provide them with a personalized and tailored service. Although the cookie identifies the computer or mobile device of the user, it will not identify the user individually. Also, the user has the right to refuse to comply with cookie use.

B. ContentsDeal will provide optimized information and advertisements to the user based on browser history and service usage patterns, search words, connection security details, and the number of users.
- Individualized provision of information according to interest
- Identification of preference and the interest area by analyzing frequency of access for members and nonmembers as well as time spent on the website to use as information in target marketing
- Provision of individually tailored service on next visit by analyzing details of clicked information or information that the user has viewed with interest
- Usage period information
- Usage of information acquired by analyzing the habits of members as a yardstick for service enhancement.

C. User Cookie Use Rights.
- On the PC version, users may choose to accept all cookies, be notified before installing cookies, or disable all cookies in Tools > Internet Options (option tab) in the upper part of the web browser.
- Mobile devices can configure cookie settings from the “Settings” menu or from the mobile browser settings menu. Disabling cookies may cause issues in using login required services.

9. Personal Information Protector and Overseer

A. ContentsDeal highly values our users’ personal information and does its utmost to prevent damage, violation, or release of user personal information. However, ContentsDeal is free from liability in the event that users incur damage or loss from an unexpected information release due to basic network risks such as hacking despite maximum security measures taken by ContentsDeal or for disputes caused by user posts.

B. When a user makes a personal information inquiry, the ContentsDeal customer service center will answer the question promptly and sincerely. If a user wishes to contract the manager of ContentsDeal personal information protection, please contact us through the contact number or e-mail address stated below. We will promptly and sincerely answer any questions regarding personal information.

Personal information protection overseer Personal information protection manager
Name Ahn, Tae-Woong Seo, Young-Hyun
Position CEO Team Leader
Department ContentsDeal KSTAR MUSIC


C. In the event that a consultation is required to obtain relief from loss caused by violation of personal information, users may contact the Personal Information Dispute Mediation Committee, Supreme Prosecutors' Office, National Police Agency, or Korea Internet & Security Agency.

Institution Phone URL
Personal Information Infringement Reporting Center (No area code) 118 http://privacy.kisa.or.kr
Personal Information Dispute Mediation Committee 1833-6972 http://kopico.go.kr
Cyber Safety Administration of National Police Agency (No area code) 182 http://www.cyberbureau.police.go.kr
Cyber Investigation Section of Supreme Prosecutors' Office (No area code) 1301 http://www.spo.go.kr
10. Privacy Policy Change Notice

This privacy policy will take effect from January 23, 2019. Its contents may be added, deleted, or revised according to government and/or corporate policy changes; in such cases, details of the changed contents will be immediately notified through the website 7 days before date of application and notifications for important changes will be given 30 days in advance.