We appreciate all your support for using the Mnet Plus.
1. Main Changes
- Update of “Items of Personal Information to be Collected and the Purpose of the Collection/Use”
- Inclusion of an outsourced processor and subcontracting companies
- Inclusion of “User’s Rights Regarding their Personal Information and the Means to Exercise those Rights”
2. Effective Date: October 24, 2022
- How to cancel membership : 1) Mnet Plus login → 2) Member information → 3) Delete account
- Contact : Help Center
CJ ENM Co., Ltd. (‘the Company’) collects, uses, and provides the User’s personal information based on the User’s consent, and actively protects the User’s rights (to self-determination concerning their personal information).
The Company, as an information and communications service provider, is subject to and complies with the applicable laws, personal information protection provisions, and guidelines of the Republic of Korea.
2. Collection of Personal Information
The Company collects personal information to the minimum extent necessary for service provision.
The Company collects minimum personal information necessary to provide the User with the Services when the User signs up or uses the Services on the website, applications, or programs as follows:
[Basic information collected]
For some Services, the Company may collect additional personal information, upon obtaining the User’s consent, to provide specialized services.
How personal information is collected:
The Company provides the User with prior notice of its collection of personal information. The Company collects personal information when:
The Company collects personal information as follows when the User uses the Services:
Information that may be automatically created and collected when the User uses the PC web, mobile web/app includes device information (OS, screen size, device ID, mobile phone type, model of the device), IP address (to confirm the User’s country of access), cookies, date and time of visit, records of fraudulent use, records of service use.
The Company may obtain personal information from third parties for affiliated or connected services.
3. Use of personal information
The Company uses personal information for the purposes of member administration, service provision, and improvement, new service development, etc. The Company collects the minimum personal information necessary to provide the User with Services as follows when the User signs up or uses the Services on the website, applications, or programs:
4. Provision and consignment
CJ ENM does NOT provide the User’s personal information to a third party unless consented to by the User or required by the laws.
The Company provides personal information to connect to the third party services as follows: The Company does NOT provide the User’s personal information to a third party without the User’s prior consent. However, the Company may request the User’s consent and provide personal information to a third party to the extent necessary for the User to use the services of the external affiliates.
[Personal information shared with the third party]
[The Company consigns the following task to a third party]
The Company consigns personal information to a third party to perform tasks needed to provide the Services. The Company manages and supervises the consignee to comply with the applicable laws.
5. Retention and disposal
The Company retains personal information until the purposes of the personal information use are fulfilled or the User deletes their account, with some exceptions applied.
The Company destroys personal information without delay once the purposes of collection and use are fulfilled. The Company will employ the disposal methods and procedures as follows: The Company destroys personal information in the form of electronic files securely to make the data unrecoverable and unrevivable. For other forms of personal information such as records, printouts, written forms, etc., the Company disposes of them by shredding or burning.
To comply with the internal policy, however, the Company keeps some types of personal information for certain periods before destroying them.
[Records regarding contract or withdrawal of subscription or records regarding payment and supply of goods]
[Records regarding consumer complaint or dispute handling]
[Records regarding marks and advertisements]
[Records regarding books and supporting documentation related to transactions as required by the tax laws]
[Records regarding electronic financial transactions]
[Records regarding website visits]
The Company stores separately or deletes personal information of a User who has not used the Services for 1 year or a period set by the User under the “Personal Information Expiration Date” scheme. Once personal information reaches its expiration date, the Company destroys the information immediately in an unrecoverable manner, even if the information is obligated to be retained by the laws.
CJ ENM is committed to protecting the User’s rights.
The User can request to view, modify, delete, or suspend the processing of their personal information at any time.
More specifically, the User can adjust settings or delete the account in the Services. The User can also contact the Customer Center and submit a request in writing or via email. The Company will take immediate actions upon receiving such a request.
If the User requests to correct errors in personal information, the Company will not use or provide such personal information to third parties until the requested correction is made.
The User can exercise their rights through their legal representative or designated person by submitting a power of attorney to verify such representation or designation.
Cookies are used to assist the User with faster and more convenient navigation of the website and offer customized services.
[What is a cookie?]
A cookie is a small piece of data (text file) that the server sends to the User’s browser to operate a website. A cookie is stored on the User’s personal computer.
[Purpose of cookies]
Cookies are used to provide personalized and customized services to the User by storing and recalling the User's information. When the User visits a website, the website server reads the cookies saved in the User’s device to maintain the User’s settings and provide customized services. Cookies help the User access the website conveniently by using existing settings. Cookies are also used to provide the User with customized information such as optimized advertisement based on the User’s website visit history and use patterns.
[Detailed cookie list]
• Detailed cookie list
- Purpose: refreshToken stores refresh tokens to re-issue the User’s access tokens
- Type: HTTP cookie
- Placed by: Mnet Plus
- Lifespan: 30 days
• Cookies used by a third party software (Google Analytics)
৹ _ga, _gat, gid
• Type: HTTP cookies
• Placed by: Google
৹ The Company uses these cookies to improve the Services and deliver better user experiences.
৹ The cookies register a unique ID used to create statistical data on the visitor’s website usage patterns.
৹ The cookies are used by Google Analytics to adjust request speed.
• Notice of cookies, the scope of the notice, and third party cookies
This Notice of Cookie is valid only on https://mnetplus.world. However, the Company will NOT provide its collected cookies to third parties. The Company’s service provider (Google Analytics) may send cookies to the User in order to track the User’s browser on other websites and build the User’s web surfing profile.
[Rejection of cookies]
Cookies do not store identification information such as names and phone numbers. and the User reserves the right to choose to install cookies. The User can thus adjust web browser settings to accept all cookies, be asked about cookies every time they are saved or refuse all cookies. Provided that, if the User refuses the installation of cookies, the User may find it harder to navigate the web or use services that require login.
• How to adjust cookie preferences or reject them
1) Internet Explorer
Select “Tools” menu at the top of the browser window > Select “Internet Options” > Select the “Privacy” tab > Set cookie options
Click “Settings” at the top right > Click “Security and Privacy” > Click “Cookies and other site data”
CJ ENM is making efforts as follows to safeguard the User’s personal information.
The Company regards the protection of the User’s personal information as the highest priority and is making efforts as follows when handling personal information:
• Encrypting the User’s personal information
৹ The Company transmits the User’s personal information through encrypted communication channels. The Company encrypts critical information such as passwords before storing it.
• Measures against hacking or computer viruses
৹ The Company has installed its systems where external access is restricted so as to prevent data leaks or damage due to hacking or computer viruses. The Company also installed a system that detects and blocks hacker intrusions 24/7 along with vaccine programs that prevent the latest malware or viruses. The Company consistently examines new hacking/security technologies and implements them for the Services.
• Minimizing the number of personnel with access to personal information
৹ The Company works to reduce the risk of personal information leaks by minimizing the number of staff handling personal information and restricting the use of external internet services on the staff’s work PCs. The Company also implemented a systematic set of standards for the creation and modification of passwords and access privileges for the database system (for storing personal information) and the system for processing personal information and consistently conducts inspections.
• Conducting regular trainings on personal information protection
৹ The Company holds regular training sessions and campaigns on personal information protection accountability and security for the staff in charge of handling personal information.
CJ ENM complies with the European Union’s General Data Protection Regulation (GDPR).
The Company complies with the GDPR and other data protection laws. The Company uses the User’s personal information for purposes as follows:
Under the GDPR and other relevant laws and regulations, the User can request to transfer their personal information to another controller or to suspend the processing of the personal information. The User also reserves the right to bring complaints to the information protection authorities. The User can make inquiries about data protection to the Customer Center. The Company processes such inquiries lawfully and quickly.
The Company’s Services are NOT intended for children. The Company collects personal information of children under the age of 16 who reside in the European Economic Area (EEA). In case the personal information of a child under the age of 16 living in the EEA is collected unintentionally in connection with the provision of the Services, the Company removes the information immediately. For inquiries about the personal information of children under the age of 16, please contact the Customer Center via phone or email.
To provide Services to the User, the Company may transfer, retain, and process personal information outside the EEA including the Republic of Korea. The User’s personal information may also be saved within the EEA when the information is stored in the device that the User uses to access the Services. When the Company transfers the User’s personal information outside the EEA, the Company guarantees a similar level of data protection as within the EEA by ensuring to take any one of the following measures:
For further inquiries about the measures to be taken by the Company when transferring personal information outside the EEA, please contact the Company.
CJ ENM complies with the California Consumer Privacy Act (CCPA).
The following notice applies only to California residents. Under the CCPA, consumers who reside in California can request to view, delete, or suspend the sale of personal information collected by the Company and NOT to be discriminated against for exercising the aforementioned rights. If the User exercises the right to opt-out-of-sale, the Company will not sell the User’s personal information and the Company will not discriminate against the User for exercising their rights related to personal information.
• The User can request to view the personal information collected by the Company for the 12 months preceding the User’s request, including:
৹ The categories and specific content of the User’s personal information collected;
৹ The sources from which the Company collected personal information; and
৹ The business or commercial purposes for collecting or selling the personal information
• The User can request that the Company delete the collected personal information related to the User and the User’s device.
• The Company will NOT provide personal information to third parties for them to use for direct marketing activities.
• Under California laws, the Company is obligated to disclose how the Company responds to web browser’s Do Not Track (DNT) requests. With no commercial or legal standards currently available for honoring DNT requests, the Company does NOT respond to DNT requests.
• In case the User wishes to exercise their personal information rights under the California laws or has any questions on the Company’s personal information protection measures, please send email or contact the Customer Center. The Company will verify the User’s request and take reasonable measures to implement the request to the extent that the request does not violate the applicable laws. If the Company denies the User’s request, the Company will provide a reasonable reason for such denial.
Questions about personal information protection?
If you have any questions, complaints, suggestions, and other matters related to personal information protection while using the Services, please contact the Company’s Data Protection Offer (DPO) or Data Protection Department. CJ ENM is committed to listening and responding to our Users quickly and sincerely.
[Data Protection Officer & Data Protection Department]
Data Protection Officer
If the User wishes to make a report or to consult about a potential infringement of personal information protection, please contact the following organizations:
[Personal Information Infringement Report Center]
[Supreme Prosecutor’s Office, Cybercrime Investigation Division]
[National Police Agency, Cyber Terror Response Center]
1. Consent to the collection and use of personal information
2. Items of personal information collected and the purpose of the collection/use
3. Period of retention and use and the destruction of personal information
4. Installation, operation, and rejection of automatic personal information collection devices
5. Consent to the provision and sharing of personal information to third parties
6. Consent to the outsourcing of personal information processing
7. User’s rights regarding their personal information and the means of exercising those rights
8. Protection of personal information of children under the age of 14
9. User complaints and customer services
10. Technical and managerial protection of personal information
11. Violation of personal information related counseling and reports
13. Notice obligation
1.Consent to the Collection and Use of Personal Information
2.Items of Personal Information Collected and the Purpose of the Collection/Use
The Company collects and uses Mnet Plus user’s personal information only to the extent necessary to provide the Service. However, with the user’s consent, the Company may collect and use certain “optional information” as described below. The collected personal information is not used for any purpose other than the purposes for which consent was obtained. In the event the purpose of using personal information changes, necessary measures, such as obtaining consent from the user, will be taken.
1)Method of Collection
2)Purposes and Items of Personal Information Collected, and Retention Period
1.(Required) Consent to the collection and use of personal information for the use of the Service
2.(Optional) Consent to the collection and use of personal information for the purchase of products or tickets
3.(Optional) Consent to the collection and use of personal information for refund of ticket and product purchases
4.(Optional) Consent to the collection and use of personal information for participation in and attendance at events
5.(Optional) Consent to the collection and use of personal information for the delivery of prizes to event winners
6.Information generated and collected during the use of the Service or the processing of business operations
The following information may be generated and collected to provide customized services during the use of the Service or processing of business operations:
7.Information collected by automatic collection devices during the use of the mobile service
The following information may be generated and collected by automatic collection devices during the use of the mobile services
3.Period of Retention and Use and the Destruction of Personal Information
1)Period of retention and use
The Company retains and uses the user’s personal information during the time it provides the Service to the user (the “Use Period”) and during the period of dispute resolution (the “Retention Period”).
a. Use Period: Date of subscription – Date of withdrawal
2)Period of retention and preservation of personal information
If it is necessary to preserve any personal information after the period for which the user has given their consent pursuant to relevant laws, such as the Act on the Consumer Protection in Electronic Commerce, etc., the Company may retain such personal information for a period of time stipulated in the relevant laws and regulations. In such case, the Company uses the retained information only for the purpose of such retention, and the period of preservation is as follows:
• Records related to cancellation of contracts or subscriptions: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)
• Records related to payment and supply of goods: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)
• Records related to handling of consumer complaints or disputes: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.)
• Records relating to displays and advertisements: 6 months (Act on the Consumer Protection in Electronic Commerce, etc.)
• Records related to access by visitors (logs) / location of access tracking data for information and communication devices: 3 months (Protection of Communications Secrets Act), other respective time periods for communication confirmation information pursuant to Article 15(2) of the Protection of Communications Secrets Act and Article 41 of the Enforcement Decree of the Protection of Communications Secrets Act
• Other reasons for retention and preservation
৹ Where transaction records are required to be retained under the Framework Act on National Taxes, etc.
৹ Where the data subject’s consent has been obtained
3)Process and method of destruction of personal information
a. Process of Destruction: Information provided by users for Service subscription or other Service-related purposes is transferred to a separate database after the purpose of the provision is achieved, stored in the database for a certain period according to the Company’s internal policies and other relevant laws and regulations, and then destroyed by the method set forth below. Personal information transferred to a separate database will not be used for any purpose other than the purposes for which it is retained under applicable law.
b. Subject of Destruction: Any personal information for which the retention period and preservation period prescribed in applicable laws have expired.
c. Method of Destruction
4.Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
In this cookie notice, the Company provides a description of cookies, the content and methods of collection, reasons for using them, and the right of data subjects to refuse the installation of cookies when visiting a website. The Company may change its cookie notice at any time. Changes will take effect when the amended cookie notice is posted on the Service’s webpage or on the Company’s website(http://MNETPLUS.WORLD).
- What are cookies?
Cookies may be generated automatically in the process of using services that the Company provides. Cookies are small text files which are sent to the user’s web browser from servers used by the Company to operate the website and are collected and stored as data on the user’s access device.
- What do cookies do?
When a user visits the Company’s website, the Company reads the content of the cookies stored in the user’s access device (PC/mobile device) and uses it to authenticate the user. In addition, cookies allow the Company to improve the Service, prevent improper use, check user errors, and customize its services and advertising to each user by analyzing the Service visit history, access time and frequency, as well as other information generated or provided (entered) in the course of using the Service.
※ Essential cookies are necessary for the website to operate and cannot be turned off by the Company’s system. They are generally set only in response to user actions that consist of service requests such as privacy default settings, logging in, or filling out forms. Users can set their browser to block or warn them about these cookies, but if these cookies are not accepted, users may not be provided with some parts of the website and the Service. These cookies do not store personally identifiable information of users.
- Cookie notice and applicability, third-party cookies
This cookie notice applies to “Mnet Plus” only. A user may receive third-party cookies from the Company’s service providers when using the Company’s website. However, the Company does not provide the cookies it collects to third parties. The Company’s service providers may send cookies to a user to track the user’s browser on various websites and to build a web surfing profile of the user.
- How to reject cookies
1) For Chrome
Settings menu on the right side of the web browser > Privacy and Security > Cookies and other site data
2) For Internet Explorer
Tools menu at the top of the web browser > Internet Options > Privacy > Settings > Advanced
3) For Microsoft Edge
Settings menu at the top of the web browser > Cookies and Site Permissions > Manage and delete cookies and site data
- Contact information for cookie related inquiries
Contact [the help center] for any inquiries or problems.
5.Consent to the Provision and Sharing of Personal Information to Third Parties
6.Consent to the Outsourcing of Personal Information Processing
The Company requires outsourced processors to take all necessary measures to protect the personal information transferred to them and remains liable for any damage users may suffer as a result of willful misconduct or negligence of any outsourced processor.
7.User’s Rights Regarding their Personal Information and the Means of Exercising those Rights
Service users may visit the Mnet Plus Service at any time to access or modify their personal information, to request the withdrawal of their consent to the use, collection, outsourcing, and provision of their personal information, and to request the termination of their subscription.
1) Users may withdraw their consent to the collection, use, or provision of their personal information. To withdraw consent and subscription, please proceed with the identification procedures at the “My Page Membership Withdrawal” page in the Mnet Plus Service.
2) Users may request access to or proof of his or her personal information through the customer center.
3) The Company verifies the identity of the user through proper means upon the user’s request to access or proof of his or her personal information.
4) If the user’s representative requests access to or proof of the user’s personal information, the Company verifies the validity of the representative’s authority by requiring a certificate of delegation of the user that shows the representative’s relationship with the user, a certificate of seal impression of the user, and identification of the representative.
5) If the user requests a correction of their personal information, the Company will cease using or providing the respective personal information until it is corrected completely. Moreover, in the event the Company has provided incorrect information to a third party, the Company will notify the third party of any correctional measures taken without delay to allow for any corrections that must be made.
6) However, the Company may restrict access to and correction of personal information in the following exceptional cases:
a. If there is a risk of significant harm to life, body or property of the user or another person
b. If there is a risk of significant disruption to the Service provider’s work
c. If the access or correction is in violation of applicable law
8.Protection of Personal Information of Children Under the Age of 14
The Service does not accept any membership subscription from children under the age of 14 (in Korea) / 16 (outside of Korea) who require their legal representative to consent to the collection and use of their personal information. Entering false birth dates to subscribe to the Service constitutes a violation of the Company’s Terms of Service for which the Company shall not be liable under any circumstances. Moreover, if a child under the aforementioned age has created an account, the Company requests that the child’s legal representative contact the Company’s customer service and request the deletion or temporary suspension of the account. Users may cancel any account deletion requests within 30 days by contacting customer service.
9.User Complaints and Customer Services
The Company values your opinion very much. Accordingly, please contact Mnet Plus’ Service Manager whose contact information is set forth below if you have any questions, and we will respond as soon as possible with an accurate answer.
Data Protection Officer
10.Technical and Managerial Protection of Personal Information
The Company has implemented the following technical and managerial measures to protect users’ personal information from loss, theft, disclosure, modification, or damage.
a. Personal information is protected by a password, and important data is protected through separate security functions, such as encryption of files and transmitted data and use of file lock functions.
b. Antivirus software is used to prevent damage from computer viruses. Antivirus software is updated periodically, and in the event of a sudden virus outbreak, the vaccine for the virus will be applied as soon as it is released to prevent the infringement of personal information.
c. SSL, a security protocol, has been adopted to help ensure the safe transmission of personal information through the network.
d. In order to prevent unauthorized disclosure of users’ personal information by hacking or other unauthorized access, the system is maintained in an area where external access is restricted, and intrusion-blocking devices are used.
a. The Company has procedures in place needed for appropriate management of and access to users’ personal information. Company officers and employees are required to understand and comply with these procedures, and compliance is monitored regularly.
b. The Company limits the number of persons who can process users’ personal information to a minimum, controls their access rights, and educates such personnel to comply with applicable laws and policies. Persons who process users’ personal information are the following:
c. The Company requires new employees to sign an information protection pledge, reminds all of its employees from time to time of their duty to protect personal information, and has in place internal procedures to audit their compliance with such duties to prevent the unauthorized disclosure of information by its employees (including, personal information).
d. The transfer of duties for personal information managers takes place under secure conditions, and the Company prescribes the scope of liability regarding any personal information incidents for both current and former employees.
11.Violation of Personal Information Related Counseling and Reports
If you need to consult or report infringement of your personal information, please contact the Data Protection Personnel by phone or e-mail, or contact the following institutions:
☎ Korea Internet & Security Agency
Tel: (without country code) 118 / Homepage: https://privacy.kisa.or.kr
☎ Cyber Bureau of the Prosecution Service
Tel: (without country code) 1301 / Homepage: http://www.spo.go.kr
☎ Electronic Cybercrime Report & Management System (ECRM)
Tel: (without country code) 182 / Homepage: https://ecrm.police.go.kr/minwon/main
☎ Personal Information Dispute Mediation Committee
Tel: (without country code) 1833-6972 / Homepage: https://www.kopico.go.kr/
Users may report any complaints regarding the protection of their personal information that arise from the use of the Company’s services to Mnet Plus’ customer service or the System/Privacy Manager. The Company will respond to user inquires quickly and efficiently.
※ Additional Notice for California Consumers
1.Notice on the Collection and Use of Personal Information
Information provided by the user directly
Information the Company Collects Automatically
2) The purposes of the collection of the above personal information are as follows:
2.Disclosure of User’s Personal Information
The categories of personal information disclosed are identical to the scope listed in 1.1) above.
3.Privacy Rights of California Consumers
Pursuant to the CCPA, users who are California residents may exercise various rights related to their personal information that has been collected by the Company (Mnet Plus). Users will not be discriminated for exercising such rights when using the Site.
1)Right of Access
Users who are California residents may request access to their personal information collected through the Mnet Plus website related to the matters described below. However, the Company may deny such request if permitted under the CCPA.
(1) Categories of personal information the Company has collected about the user over the past 12 months and categories of sources from which the personal information was collected
(2) Business or commercial purpose(s) for which the Company collected the user’s personal information
(3) Categories of personal information that the Company disclosed for business purposes, and categories of the third parties with whom the Company has shared the user’s personal information
(4) Specific personal information collected by the Company
If a user wishes to exercise his or her rights of access, the user may request such access [here]. The Company will need to verify the user’s identity in order to fulfill such request. The Company will verify the user in accordance with applicable law.
2)Right to Delete
Users who are California residents may request deletion of their personal information collected through the Mnet Plus website. However, the Company may deny such deletion request if permitted under the CCPA. Upon the user’s request for deletion, the Company will permanently delete all personal information of the users by withdrawing the user’s membership from the Service. Therefore, in order to reuse the Mnet Plus website after deletion of personal information, the user must resubscribe to the website. Please note that users will be prohibited from subscribing for a period of thirty (30) days after withdrawal in order to prevent improper use of the Company’s services.
If a user wishes to exercise the right to delete his or her personal information, the user may request such deletion [here]. The Company will need to verify the user’s identity in order to fulfill such request. The Company will verify the user in accordance with applicable law.
3)Right to Opt-Out of Sale
The Company does not sell personal information of users residing in California that is collected through the Mnet Plus website. If the Company sells personal information in the future, users will be notified in advance, and if the user resides in California, the user shall have the right to opt-out of (suspend) the sale of their personal information.
4)Shine the Light Request
The Company does not share personal information with third parties for the third party’s direct marketing purposes.
5)Eraser Law Request
If the user is a California resident under the age of 18 and is a registered user of the website, the user may request that the Company remove any submission the user publicly posted on or in the website. To request removal of a submission, please email a detailed description of the submission to the [help center]. The user may also be able to log into their account and delete their own submission. The Company reserves the right to ask the user to provide information that would enable the Company to confirm that the submission in question was created and posted by the specific user.
※ The user may appoint an authorized agent to exercise the user’s rights on their behalf. If a user wishes to exercise such rights through an agent, the user must submit proof that the user granted such authority to the agent in writing. The Company may also require the user to verify his or her identity through the verification procedures described above.
※ Additional Notice for European Consumers
The Company processes the user’s personal information in compliance with the European Union’s General Data Protection Regulation (GDPR) and applicable laws. The Company uses the user’s personal information for the following purposes:
Pursuant to the GDPR and other applicable law, the user may request the transfer of their personal information to a different manager or request the Company to cease processing of their personal information. Moreover, the user reserves the right to file complaints with the competent data protection authority. The user may contact customer service for any inquiries regarding the foregoing, and the Company will process such inquiries quickly in a lawful manner.
The Company’s Service is not for children. The Company does not collect the personal information of any children below the age of 16 who reside in the European Economic Area (EEA). If the personal information of children is collected unintentionally in relation to the provision of the Service, the Company will immediately delete such information. Please contact customer service for any questions regarding the personal information of children below the age of 16.
In order to provide the Service to users, the Company may transfer, store, and process personal information outside of the EEA, including in Korea. Moreover, personal information may be stored in the EEA area by being stored in the device that the user used to access the Service. If the Company transfers the user’s personal information outside of the EEA, the Company will ensure that at least one of the safety measures listed below will be applied to ensure a similar level of protection as is ensured within the EEA.
Please contact the Company for further information regarding the measures it takes to transfer personal information outside of the EEA.