Mnet Plus Privacy Policy

CJ ENM Co., Ltd (the “Company”), the operator of the “Mnet Plus” service (the “Service”), has enacted this privacy policy (this “Privacy Policy”) in order to protect the users’ (including members and non-members) personal information and to comply with applicable law, such as the Personal Information Protection Act. Moreover, this Privacy Policy provides users with detailed information on the purposes and methods of collecting their personal information and the measures that are taken to protect their personal information.

This Privacy Policy is posted on the Company’s Service for easy access by users at any time. The Privacy Policy includes the following information:

Consent to the collection and use of personal information
Items of personal information collected and the purpose of the collection/use
Period of retention and use and the destruction of personal information
Installation, operation, and rejection of automatic personal information collection devices
Consent to the provision and sharing of personal information to third parties
Consent to the outsourcing of personal information processing
User’s rights regarding their personal information and the means of exercising those rights
Protection of personal information of children under the age of 14
User complaints and customer services
Technical and managerial protection of personal information
Violation of personal information related counseling and reports
Privacy policy notices and customer complaint services
Notice obligation

1. Consent to the Collection and Use of Personal Information

To express your consent to the collection, use, provision to third parties, and outsourced processing of your personal information, please click on the “Consent” button provided by the “Mnet Plus” Service after carefully reading the Terms of Service and this Privacy Policy, which are provided at the time of your subscription to the Service.

2. Items of Personal Information Collected and the Purpose of the Collection/Use

The Company collects and uses Mnet Plus user’s personal information only to the extent necessary to provide the Service. However, with the user’s consent, the Company may collect and use certain “optional information” as described below. The collected personal information is not used for any purpose other than the purposes for which consent was obtained. In the event the purpose of using personal information changes, necessary measures, such as obtaining consent from the user, will be taken.

1) Method of Collection

Information collected through the user’s subscription to the Service and the user’s use of the Service
Information generated and collected through the log-analysis program
Information collected through online and offline events
Information collected in the course of providing customer support

2) Purposes and Items of Personal Information Collected, and Retention Period

1. (Required) Consent to the collection and use of personal information for the use of the Service

Purposes of Collection / Use	Membership subscription, use of Service, verification of identity and membership management regarding the use of Service, responding to service related inquiries and complaints, delivery of notices and announcements regarding the Service, prevention of illegal or unauthorized use or participation, statistical analysis and research for Service improvements and developments, and provision of user-specific services
Items Collected	Email (ID), user name, community profile name, date of birth (deleted after confirming whether consent of the user’s legal representative is required), Mobile phone terminal identification information (UUID/SSAID)
Retention Period	Until 30 days after the withdrawal of membership or deletion immediately upon the data subject’s request to withdraw his or her consent to the collection and use of personal information

2. (Optional) Consent to the collection and use of personal information for the purchase of products or tickets

Purposes of Collection / Use

Purchase and use of online and offline event tickets and products, responding to related inquiries and delivery of notices

Items Collected

Purchase of ticket

- Purchaser information and recipient information (recipient name, mobile phone number, email), payment information, ticket booking information

Purchase of product

- Purchaser information and recipient information (recipient name, address, mobile phone number, email), payment information

Retention Period

Until 30 days after the withdrawal of membership or deletion immediately upon the data subject’s request to withdraw his or her consent to the collection and use of personal information

3. (Optional) Consent to the collection and use of personal information for refund of ticket and product purchases

Purposes of Collection / Use

Purchase and use of online and offline event tickets and products, responding to related inquiries, delivery of notices

Items Collected

Purchase of ticket

- Purchaser and recipient information (recipient name, mobile phone number, email), payment information, ticket booking and cancellation information

Purchase of product

- Purchaser information and recipient information (recipient name, address, mobile phone number, email), payment information, product purchase and cancellation information

Retention Period

Until 30 days after the withdrawal of membership or deletion immediately upon the data subject’s request to withdraw his or her consent to the collection and use of personal information

4. (Optional) Consent to the collection and use of personal information for participation in and attendance at events

Purposes of Collection / Use	Participation in voting, participation in online events and offline events, verification of identity and membership management regarding the use of Service, responding to service related inquiries and complaints, delivery of notices and announcements regarding the Service, prevention of illegal or unauthorized use or participation, statistical analysis and research for Service improvements and developments, and provision of user-specific services
Items Collected	Information of participants in events and voting, information of event winners (name, mobile phone number, email, community profile name, delivery information (recipient name, delivery address, telephone number))
Retention Period	Until 30 days after the withdrawal of membership or deletion immediately upon the data subject’s request to withdraw his or her consent to the collection and use of personal information.

5. (Optional) Consent to the collection and use of personal information for the delivery of prizes to event winners

Purposes of Collection / Use	Delivery or provision of prizes, and responding to inquiries regarding the delivery or exchange of prizes
Items Collected	Event winner information (name, mobile phone number, community profile name, delivery information (recipient name, delivery address, telephone number))
Retention Period	Until 90 days from the date the event winner’s information is collected

6. (Optional) Consent to the collection and use of personal information for transmission of advertisement-related information regarding the Service

Purposes of Collection/Use	Notification of information on events, personalized promotion of products and marketing
Items Collected	Email, Push Token
Retention Period	Until 30 days after the withdrawal of membership or deletion immediately upon the data subject’s request to withdraw his or her consent to the collection and use of personal information.

7. Information generated and collected during the use of the Service or the processing of business operations

The following information may be generated and collected to provide customized services during the use of the Service or processing of business operations:

Usage logs such as frequency and times of use of the Service and times of access
Connection logs, connection IP addresses, country of access, cookies
Device information collected during the use of the PC web and mobile web (OS, screen size, device ID, device model information)

8. Information collected by automatic collection devices during the use of the mobile service

The following information may be generated and collected by automatic collection devices during the use of the mobile services

Device model and device identification number (device ID)
OS (Android / iOS) and version information
Push token
Device connection times
IP, country of access
Device MAC Address

3. Period of Retention and Use and the Destruction of Personal Information

1) Period of retention and use

The Company retains and uses the user’s personal information during the time it provides the Service to the user (the “Use Period”) and during the period of dispute resolution (the “Retention Period”).

a. Use Period: Date of subscription – Date of withdrawal

b. Retention Period: Until 30 days from the termination date of the Terms of Use Agreement or until the expiration of the applicable retention period set forth in Article 2.2 above, to prevent the recurrence of a user’s illegal or unauthorized use of the Service, or to prevent the disruption of the Service.

2) Period of retention and preservation of personal information

If it is necessary to preserve any personal information after the period for which the user has given their consent pursuant to relevant laws, such as the Act on the Consumer Protection in Electronic Commerce, etc., the Company may retain such personal information for a period of time stipulated in the relevant laws and regulations. In such case, the Company uses the retained information only for the purpose of such retention, and the period of preservation is as follows:

Records related to cancellation of contracts or subscriptions: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)
Records related to payment and supply of goods: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)
Records related to handling of consumer complaints or disputes: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.)
Records relating to displays and advertisements: 6 months (Act on the Consumer Protection in Electronic Commerce, etc.)
Records related to access by visitors (logs) / location of access tracking data for information and communication devices: 3 months (Protection of Communications Secrets Act), other respective time periods for communication confirmation information pursuant to Article 15(2) of the Protection of Communications Secrets Act and Article 41 of the Enforcement Decree of the Protection of Communications Secrets Act
Other reasons for retention and preservation
- Where transaction records are required to be retained under the Framework Act on National Taxes, etc.
- Where the data subject’s consent has been obtained

3) Process and method of destruction of personal information

a. Process of Destruction: Information provided by users for Service subscription or other Service-related purposes is transferred to a separate database after the purpose of the provision is achieved, stored in the database for a certain period according to the Company’s internal policies and other relevant laws and regulations, and then destroyed by the method set forth below. Personal information transferred to a separate database will not be used for any purpose other than the purposes for which it is retained under applicable law.

b. Subject of Destruction: Any personal information for which the retention period and preservation period prescribed in applicable laws have expired.

c. Method of Destruction

Personal information that is written or printed: Shredded or incinerated
Personal information that is stored in the form of an electronic file, such as DB, etc.: Deleted using a technical method that makes it impossible to recover the record.

4. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

In this cookie notice, the Company provides a description of cookies, the content and methods of collection, reasons for using them, and the right of data subjects to refuse the installation of cookies when visiting a website. The Company may change its cookie notice at any time. Changes will take effect when the amended cookie notice is posted on the Service’s webpage or on the Company’s website(http://MNETPLUS.WORLD).

- What are cookies?

Cookies may be generated automatically in the process of using services that the Company provides. Cookies are small text files which are sent to the user’s web browser from servers used by the Company to operate the website and are collected and stored as data on the user’s access device.

- What do cookies do?

When a user visits the Company’s website, the Company reads the content of the cookies stored in the user’s access device (PC/mobile device) and uses it to authenticate the user. In addition, cookies allow the Company to improve the Service, prevent improper use, check user errors, and customize its services and advertising to each user by analyzing the Service visit history, access time and frequency, as well as other information generated or provided (entered) in the course of using the Service.

[Essential Cookies]

Cookie	Purpose of Use	Information	Installer	Expiry Date
refreshToken	Reissue User Access Tokens	HTTP Cookie	MNETPLUS	30 days
accessToken	Issue User Access Tokens	HTTP Cookie	MNETPLUS	1 day
_ga	Create a unique ID used to generate statistical data about users	HTTP Cookie	Google	1 day
_gat	Adjust request speed in Google Analytics	HTTP Cookie	Google	1 day
gid	Create a unique ID used to generate statistical data about the user’s method of use	HTTP Cookie	Google	1 day

※ Essential cookies are necessary for the website to operate and cannot be turned off by the Company’s system. They are generally set only in response to user actions that consist of service requests such as privacy default settings, logging in, or filling out forms. Users can set their browser to block or warn them about these cookies, but if these cookies are not accepted, users may not be provided with some parts of the website and the Service. These cookies do not store personally identifiable information of users.

- Cookie notice and applicability, third-party cookies

This cookie notice applies to “Mnet Plus” only. A user may receive third-party cookies from the Company’s service providers when using the Company’s website. However, the Company does not provide the cookies it collects to third parties. The Company’s service providers may send cookies to a user to track the user’s browser on various websites and to build a web surfing profile of the user.

- How to reject cookies

1) For Chrome

Settings menu on the right side of the web browser > Privacy and Security > Cookies and other site data

2) For Internet Explorer

Tools menu at the top of the web browser > Internet Options > Privacy > Settings > Advanced

3) For Microsoft Edge

Settings menu at the top of the web browser > Cookies and Site Permissions > Manage and delete cookies and site data

- Contact information for cookie related inquiries

Contact [the help center] for any inquiries or problems.

5. Consent to the Provision and Sharing of Personal Information to Third Parties

The Company uses user’s personal information only within the scope specified in the “Terms of Service” or this “Privacy Policy,” and does not use personal information beyond the specified scope or provide such information to third parties unless the Company obtains the prior consent of the user or such information is requested pursuant to regulations and procedures set by applicable laws.

[Personal information shared with third parties]

6. Consent to the Outsourcing of Personal Information Processing

The Company outsources the processing of personal information for greater user convenience and better management, including the management of Terms of Use agreements, provision of after-sales services, and performance of any other incidental tasks. All outsourced processors of personal information are strictly bound by contractual or other obligations to (i) comply with applicable laws, regulations, and guidelines; (ii) protect and keep confidential information to which they have access, (iii) not disclose personal information to any third party, (iv) be liable for any accident regarding personal information, and (v) return or destroy personal information immediately upon expiration of the outsourcing period.

The Company requires outsourced processors to take all necessary measures to protect the personal information transferred to them and remains liable for any damage users may suffer as a result of willful misconduct or negligence of any outsourced processor.

Outsourced Processors	Purpose of Outsourcing
STAYGE Labs, Inc.	Development, operation, maintenance, and repair of the Service
BIGC, Inc.	Development, operation, maintenance, and repair of the MAMA Service
SGRSOFT Inc.	Live streaming operation management
GRAVITY NEOCYON, Inc.	Operation, maintenance and repair of the Service, and event management
Amazon Web Service, Inc. (Subcontracting Company)	IDC for the operation of Service
GS Neotek (Subcontracting Company)	IDC for the operation of Service
Mailgun (Subcontracting Company)	Email delivery to the users
Pushwoosh (Subcontracting Company)	Provision of push service

7. User’s Rights Regarding their Personal Information and the Means of Exercising those Rights

Service users may visit the Mnet Plus Service at any time to access or modify their personal information, to request the withdrawal of their consent to the use, collection, outsourcing, and provision of their personal information, and to request the termination of their subscription.

1) Users may withdraw their consent to the collection, use, or provision of their personal information. To withdraw consent and subscription, please proceed with the identification procedures at the “My Page Membership Withdrawal” page in the Mnet Plus Service.

2) Users may request access to or proof of his or her personal information through the customer center.

3) The Company verifies the identity of the user through proper means upon the user’s request to access or proof of his or her personal information.

4) If the user’s representative requests access to or proof of the user’s personal information, the Company verifies the validity of the representative’s authority by requiring a certificate of delegation of the user that shows the representative’s relationship with the user, a certificate of seal impression of the user, and identification of the representative.

5) If the user requests a correction of their personal information, the Company will cease using or providing the respective personal information until it is corrected completely. Moreover, in the event the Company has provided incorrect information to a third party, the Company will notify the third party of any correctional measures taken without delay to allow for any corrections that must be made.

6) However, the Company may restrict access to and correction of personal information in the following exceptional cases:

a. If there is a risk of significant harm to life, body or property of the user or another person

b. If there is a risk of significant disruption to the Service provider’s work

c. If the access or correction is in violation of applicable law

8. Protection of Personal Information of Children Under the Age of 14

The Service does not accept any membership subscription from children under the age of 14 (in Korea) / 16 (outside of Korea) who require their legal representative to consent to the collection and use of their personal information. Entering false birth dates to subscribe to the Service constitutes a violation of the Company’s Terms of Service for which the Company shall not be liable under any circumstances. Moreover, if a child under the aforementioned age has created an account, the Company requests that the child’s legal representative contact the Company’s customer service and request the deletion or temporary suspension of the account. Users may cancel any account deletion requests within 30 days by contacting customer service.

9. User Complaints and Customer Services

The Company values your opinion very much. Accordingly, please contact Mnet Plus’ Service Manager whose contact information is set forth below if you have any questions, and we will respond as soon as possible with an accurate answer.

Data Protection Officer

Name: Gunchul Lee
Affiliation: Mnet Plus Lab of CJ ENM Entertainment Division
Contact/Email: 1655-2525 / mnetplus.privacy@cj.net

10. Technical and Managerial Protection of Personal Information

The Company has implemented the following technical and managerial measures to protect users’ personal information from loss, theft, disclosure, modification, or damage.

1) Technical Measures

a. Personal information is protected by a password, and important data is protected through separate security functions, such as encryption of files and transmitted data and use of file lock functions.

b. Antivirus software is used to prevent damage from computer viruses. Antivirus software is updated periodically, and in the event of a sudden virus outbreak, the vaccine for the virus will be applied as soon as it is released to prevent the infringement of personal information.

c. SSL, a security protocol, has been adopted to help ensure the safe transmission of personal information through the network.

d. In order to prevent unauthorized disclosure of users’ personal information by hacking or other unauthorized access, the system is maintained in an area where external access is restricted, and intrusion-blocking devices are used.

2) Managerial Measures

a. The Company has procedures in place needed for appropriate management of and access to users’ personal information. Company officers and employees are required to understand and comply with these procedures, and compliance is monitored regularly.

b. The Company limits the number of persons who can process users’ personal information to a minimum, controls their access rights, and educates such personnel to comply with applicable laws and policies. Persons who process users’ personal information are the following:

Persons who deal directly or indirectly with users as they handle business
The Data Protection Officer, Data Protection Personnel, and other persons engaged in personal information management and protection duties
Others whose access to user’s personal information is necessary for their work duties

c. The Company requires new employees to sign an information protection pledge, reminds all of its employees from time to time of their duty to protect personal information, and has in place internal procedures to audit their compliance with such duties to prevent the unauthorized disclosure of information by its employees (including, personal information).

d. The transfer of duties for personal information managers takes place under secure conditions, and the Company prescribes the scope of liability regarding any personal information incidents for both current and former employees.

11. Violation of Personal Information Related Counseling and Reports

If you need to consult or report infringement of your personal information, please contact the Data Protection Personnel by phone or e-mail, or contact the following institutions:

☎ Korea Internet & Security Agency

Tel: (without country code) 118 / Homepage: https://privacy.kisa.or.kr

☎ Cyber Bureau of the Prosecution Service

Tel: (without country code) 1301 / Homepage: http://www.spo.go.kr

☎ Electronic Cybercrime Report & Management System (ECRM)

Tel: (without country code) 182 / Homepage: https://ecrm.police.go.kr/minwon/main

☎ Personal Information Dispute Mediation Committee

Tel: (without country code) 1833-6972 / Homepage: https://www.kopico.go.kr/

12. Privacy Policy Notices and Customer Complaint Services

The Company will notify the users through the Mnet Plus Service’s Privacy Policy, etc., when outsourcing any tasks related to the collection, processing, management, etc., of the user’s personal information to any processors other than the outsourced processors set forth in Article 6 of this Privacy Policy.

Users may report any complaints regarding the protection of their personal information that arise from the use of the Company’s services to Mnet Plus’ customer service or the System/Privacy Manager. The Company will respond to user inquiries quickly and efficiently.

13. Notice Obligation

If there are any changes, additions, or deletions to the content of this Privacy Policy due to changes in the applicable privacy laws, policies and security technologies, etc., the Company will notify the users of the amendment by posting an announcement on the Mnet Plus Notice Board prior to the amendment of the Privacy Policy

Current Version of the Privacy Policy: 1.4

Date of Notice: January 18, 2023
Enforcement Date: February 1, 2023

※ Additional Notice for California Consumers

1. Notice on the Collection and Use of Personal Information

1) Prior to the effective date of this Privacy Policy, the Company may have collected the following personal information about users:

Information provided by the user directly

Name, email address
Personal information listed in the California Customer Records statute (Cal. Civ. Code §1798.80): Name, address, telephone number, credit card number, debit card number, or any other financial information. (Some personal information included in this category may overlap with other categories.)
Protected Class Information under California or federal law: Age
Commercial information: products or services purchased, obtained, or considered

Information the Company Collects Automatically

Internet or other similar network activity: Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement, Internet Protocol address, country of access, or unique personal or online identifiers
We may also receive the categories of information described above from other sources, including from internet service providers and data analytics service providers.

2) The purposes of the collection of the above personal information are as follows:

Subscription to membership and use of the product purchasing services
Delivery of notices regarding the Service
Prevention of improper use by delinquent members and unauthorized use of services
Responding to inquiries or complaints related to services
Statistical analysis and research for service improvement and optimization development
Purchase and delivery of products
Participation in events
Delivery of notices related to user verification and events participations, and the processing of related complaints
Award and delivery of gifts or prizes following an event, delivery of related notices and processing of related complaints
Notices related to various events
Customized advertisements and other marketing activities

2. Disclosure of User’s Personal Information

1) Prior to the effective date of this Privacy Policy, the Company may have disclosed certain personal information of users to a third party listed below:

Consignees that provide services on our behalf (e.g. shipping company, payment company)
Business partners
Data analytics service providers
Professional services providers

The categories of personal information disclosed are identical to the scope listed in 1.1) above.

The Company does not sell the personal information of users residing in California that was collected through the Mnet Plus website.

3. Privacy Rights of California Consumers

Pursuant to the CCPA, users who are California residents may exercise various rights related to their personal information that has been collected by the Company (Mnet Plus). Users will not be discriminated for exercising such rights when using the Site.

1) Right of Access

Users who are California residents may request access to their personal information collected through the Mnet Plus website related to the matters described below. However, the Company may deny such request if permitted under the CCPA.

(1) Categories of personal information the Company has collected about the user over the past 12 months and categories of sources from which the personal information was collected

(2) Business or commercial purpose(s) for which the Company collected the user’s personal information

(3) Categories of personal information that the Company disclosed for business purposes, and categories of the third parties with whom the Company has shared the user’s personal information

(4) Specific personal information collected by the Company

If a user wishes to exercise his or her rights of access, the user may request such access [here]. The Company will need to verify the user’s identity in order to fulfill such request. The Company will verify the user in accordance with applicable law.

2) Right to Delete

Users who are California residents may request deletion of their personal information collected through the Mnet Plus website. However, the Company may deny such deletion request if permitted under the CCPA. Upon the user’s request for deletion, the Company will permanently delete all personal information of the users by withdrawing the user’s membership from the Service. Therefore, in order to reuse the Mnet Plus website after deletion of personal information, the user must resubscribe to the website. Please note that users will be prohibited from subscribing for a period of thirty (30) days after withdrawal in order to prevent improper use of the Company’s services.

If a user wishes to exercise the right to delete his or her personal information, the user may request such deletion [here]. The Company will need to verify the user’s identity in order to fulfill such request. The Company will verify the user in accordance with applicable law.

3) Right to Opt-Out of Sale

The Company does not sell personal information of users residing in California that is collected through the Mnet Plus website. If the Company sells personal information in the future, users will be notified in advance, and if the user resides in California, the user shall have the right to opt-out of (suspend) the sale of their personal information.

4) Shine the Light Request

The Company does not share personal information with third parties for the third party’s direct marketing purposes.

5) Eraser Law Request

If the user is a California resident under the age of 18 and is a registered user of the website, the user may request that the Company remove any submission the user publicly posted on or in the website. To request removal of a submission, please email a detailed description of the submission to the [help center]. The user may also be able to log into their account and delete their own submission. The Company reserves the right to ask the user to provide information that would enable the Company to confirm that the submission in question was created and posted by the specific user.

※ The user may appoint an authorized agent to exercise the user’s rights on their behalf. If a user wishes to exercise such rights through an agent, the user must submit proof that the user granted such authority to the agent in writing. The Company may also require the user to verify his or her identity through the verification procedures described above.

※ Additional Notice for European Consumers

The Company processes the user’s personal information in compliance with the European Union’s General Data Protection Regulation (GDPR) and applicable laws. The Company uses the user’s personal information for the following purposes:

For user subscription and provision of the Service: The Company may use the user’s personal information in order to execute an agreement with the user and to fulfill its obligations under such agreement. The Company may also use the user’s identification information, contact information, financial information, transactional information, marketing information, and communication data, etc. in the process of providing the Company’s Service to the user and for the operation of the Service, such as to notify users of an amendment to the Company’s Service and to process user’s requests, etc.
To strengthen the security of the Company’s Service: The Company may use the user’s personal information to protect the legitimate rights of users and the Company in strengthening information security and, within the extent necessary to fulfill its obligations under applicable law, to verify the user’s account, investigate suspicious activities, and apply the Terms of Use Agreement.
To improve the Service: The Company may analyze data, such as the user’s use records, in order to develop new businesses and to improve the Service by using more relevant contents and user experiences.

Pursuant to the GDPR and other applicable law, the user may request the transfer of their personal information to a different manager or request the Company to cease processing of their personal information. Moreover, the user reserves the right to file complaints with the competent data protection authority. The user may contact customer service for any inquiries regarding the foregoing, and the Company will process such inquiries quickly in a lawful manner.

The Company’s Service is not for children. The Company does not collect the personal information of any children below the age of 16 who reside in the European Economic Area (EEA). If the personal information of children is collected unintentionally in relation to the provision of the Service, the Company will immediately delete such information. Please contact customer service for any questions regarding the personal information of children below the age of 16.

In order to provide the Service to users, the Company may transfer, store, and process personal information outside of the EEA, including in Korea. Moreover, personal information may be stored in the EEA area by being stored in the device that the user used to access the Service. If the Company transfers the user’s personal information outside of the EEA, the Company will ensure that at least one of the safety measures listed below will be applied to ensure a similar level of protection as is ensured within the EEA.

The Company transfers personal information only to countries that the European Commission (EC) has deemed to provide an appropriate level of protection.
If the Company uses a particular service provider, the Company may execute an EC approved contract that ensures the same level of protection for personal information as is used in the EEA.

Please contact the Company for further information regarding the measures it takes to transfer personal information outside of the EEA.

View previous Privacy Policy(November 28, 2022)

View previous Privacy Policy(November 6, 2022)

View previous Privacy Policy(October 24, 2022)

View previous Privacy Policy(October 4, 2022)

View previous Privacy Policy(April 6, 2022)