Mnet Plus service operator, CJ ENM Co., Ltd. Entertainment Division (hereinafter referred to as the “Company”), is fully committed to protecting users’ personal information (both members and non-members) and complies with the Personal Information Protection Act and all other relevant statutes. To that end, the Company has adopted, and strictly observes, this Privacy Policy (hereinafter referred to as the “Privacy Policy”).
Through the policy set out below, we inform you of the purposes and methods by which your personal information is used and what measures are being taken to protect your information.
This Privacy Policy is publicly available through the services operated by the Company and is made easily accessible to users at all times. The Company’s Privacy Policy includes the following information.
- Items of Personal Information Collected / Purposes of Use
- Retention and Use Period of Personal Information
- Procedures and Methods for Destruction of Personal Information
- Installation, Operation, and Refusal of Automatic Data Collection Devices
- Behavioral Data Collection and Refusal
- Overseas Transfer of Personal Information
- Outsourcing of Personal Information Processing
- Provision of Personal Information to Third Parties
- Users’ Rights and How to Exercise Them
- Protection of Personal Information of Children Under 14
- Personal Information Protection Officer and Grievance Handling Department
- Technical and Managerial Protection of Personal Information
- Duty of Notification
1. Items of Personal Information Collected / Purposes of Use
(1) The Company collects and uses only the minimum personal information necessary to provide its services. Furthermore, the provided personal information will not be used for purposes other than those consented to by the user. If the purpose of use changes after consent, the Company will take necessary measures, such as obtaining additional consent in advance.
| Service | Category | Items Collected/Used | Purpose of Collection/Use |
| Common | Membership Registration | [Required] Email (ID), Password, Year of Birth, Gender | Membership registration and user identification, prevention of fraudulent use, service notices, personalized services |
|
SNS Easy Sign-up/Account Linking (Google, Apple, Kakao, LINE) |
[Required] User Identification Information, Email (Optional) Profile Photo(Google) |
Easy sign-up and linking for user convenience, identification, prevention of fraudulent use, service notices, personalized services | |
| MY | (Optional) Username, Profile Photo, Password | User identification and member management | |
| Inquiries | [Required] Email Address, Inquiry Content, Mnet Plus ID | Responding to customer inquiries | |
| Advertising Inquiry | [Required] Email, Name | Handling inquiries and responses related to advertising campaign execution | |
| Plus Chat | MY |
[Required] Nickname (Optional) Profile Photo |
Plus Chat use and user identification |
| Chat+ Subscription | [Required] Purchaser Information(Name, Email) | Chat+ use and user identification | |
| Membership Purchase | [Required] Purchaser Information(Name, Email), Membership Information(Name, Date of Birth, Phone Number) | Membership service use and issuance of digital membership cards | |
| Product Purchase, Exchange, Return | [Required] Purchaser Information(Name, Email), Recipient Information(Country, Name, Contact Number, Delivery Address) | Plus Chat product purchase, exchange, and return | |
| Event Participation and Prize Delivery | [Required] Name, Email Address, Phone Number, Address (for prize delivery) | Participant identification, winner selection, notification of winning results, prize delivery | |
| Merch | Mnet Plus Merch Use | [Required] Nickname | Merch use and user identification |
| Product Purchase, Exchange, Return | [Required] Purchaser Information(Name, Email), Recipient Information(Country, Name, Contact, Shipping address) | Merch product purchase, exchange, and return |
※ During the event participation process, additional personal information may be collected from users of the relevant service. As the collected items may vary depending on the event, the Company will obtain consent from users at the time of collection regarding the ‘personal information collection items, purpose of collection and use, and retention period.’
(2) Additionally, the following information may be generated and collected during the use or processing of services to provide personalized services:
- Cookies, service usage records (visit date and time, usage duration, frequency), access country and IP, device information (OS, device ID), advertising identifiers (ADID, IDFA)
(3) The Company collects personal information through the following methods:
① Collection of personal information during membership registration and service use
② Collection of information through online/offline consent for personal information collection and use
③ Collection of generated information through log analysis programs
④ Collection of information via ‘cookies’
(4) The Company may use pseudonymized personal information for purposes such as statistics, scientific research, or public record preservation, in accordance with relevant laws.
2. Retention and Use Period of Personal Information
(1) The company safely processes and retains personal information within the retention and usage period agreed upon by the user at the time of collection. The retention and usage periods for personal information, as agreed by the user, are as follows:
① Prevention of fraudulent registration and use: Up to 30 days after membership withdrawal
② Information collected for event participation: Until the period agreed upon by the user at the time of event participation
③ Information collected for advertising inquiries: 1 years from the date of inquiry
(2) If required by relevant laws, the Company will retain member information for the periods specified below in accordance with such laws:
| Relevant Law | Items Retained | Retention Period |
| Protection of Communications Secrets Act | Service visit records | 3 months |
| Act on Consumer Protection in Electronic Commerce, Etc. | Records related to contracts or withdrawal of subscription | 5 years |
| Records related to payment and supply of goods, etc. | 5 years | |
| Records related to consumer complaints or dispute resolution | 3 years | |
| Records related to labeling and advertising | 6 months | |
| Framework Act on National Taxes | Books and evidence documents for all transactions as stipulated by tax laws | 5 years |
3. Procedures and Methods for Destruction of Personal Information
(1) Personal information provided by users will be transferred to a separate DB after the purpose of collection is fulfilled and stored for a specified period in accordance with internal policies and relevant laws. It will then be destroyed as outlined below. Such information will not be used for any purpose other than retention by law.
- Personal information written or printed on paper: Shredded or incinerated
- Personal information stored in electronic file formats, such as databases: Deleted using technical methods that prevent recovery
4. Installation, Operation, and Refusal of Automatic Data Collection Devices
(1) The Company installs and operates cookies to provide users with customized services.
(2) Cookies are small text files sent from the server used for website operation to the user's web browser, and are collected and stored on the user's access device (PC, mobile, etc.).
(3) Users have the right to choose whether to allow cookies. Through browser options, users can allow all cookies, refuse all cookies, or be notified each time a cookie is stored. However, refusing cookies may cause difficulties in using some parts of the website or services.
[Mandatory Cookies]
| Cookie | Purpose | Information | Provider | Expiry |
| refreshToken | Re-issue user access token | HTTP Cookie | MNETPLUS | 30 days |
| accessToken | Issue user access token | HTTP Cookie | MNETPLUS | 1 day |
| _ga | Generate unique ID for user statistics | HTTP Cookie | 1 day | |
| _gat | Control request rate in Google Analytics | HTTP Cookie | 1 day | |
| gid | Generate unique ID for user behavior stats | HTTP Cookie | 1 day |
[How to Refuse Cookies]
▶ Web Browser Cookie Settings
- Chrome: Settings > Privacy and Security > Cookies and other site data
- Microsoft Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data
▶ Mobile Browser Cookie Settings
- Chrome: Settings > Privacy and Security > Clear browsing data
- Safari: Preferences > Privacy tab > Cookie blocking settings
(4) The company uses Google Analytics, a web log analysis tool provided by Google, to collect only non-identifiable information for the purpose of providing better services. Users can refuse the use of Google Analytics as follows:
- Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
5. Behavioral Data Collection and Refusal
(1) The company collects and uses online behavioral information in a non-identifiable manner to provide optimized customized services, benefits, and online tailored advertisements.
(2) When users visit or use the mobile app, online advertising operators are allowed to collect and process behavioral information as follows:
| Collection Device Name | Collection Device Type | Collecting Entity | Collected Items | Purpose |
| Marketing SDK | SDK | Applovin, Appsflyer | ADID, IDFA | Online targeted advertising |
(3) Users can configure settings to allow or block the collection of behavioral information by third parties:
① (Android) Settings → Privacy → Ads → Reset or delete Ad ID
② (iOS) Settings → Privacy → Tracking → Disable app tracking
※ Menu and method may vary depending on mobile OS version.
(4) For inquiries regarding behavioral information, refusal rights, or damage reports, contact:
[Personal Information Manager]
- Name : Kim Ji Hoon
- Department : CJ ENM ENTERTAINMENT DIV., Information Security
- Contact : 02) 371-5501
6. Overseas Transfer of Personal Information
(1) To provide services and enhance user convenience, the Company transfers or manages customer information overseas as follows. The information transferred overseas is as follows:
· Legal Basis: Article 28-8, Paragraph 1, Item 3 of the Personal Information Protection Act (Processing Entrustment/Storage)
| Recipient | Country | Contact | Purpose of Provision | Transfer Time & Method | Transferred Info | Retention & Usage Period |
| Braze Inc | USA | privacy@braze.com | Collection of customer activity information, service and behavior analysis, information statistics, CRM, tailored recommendations, message sending | Transmitted via network at the time of service use | Email, gender, birthday, country (region), last app access, language, time zone, mobile device identification information (UUID/SSAID), device and OS, service usage info (viewed pages, dwell time, clicks, etc.) | Until 30 days after membership withdrawal or service contract termination |
| Zendesk Inc | Japan | privacy@zendesk.com | Customer inquiry management | Transmitted via network during customer inquiry service use | Email, ID, inquiry content | 3 years from the date of inquiry |
(2) Users may refuse the overseas transfer of personal information, which may restrict service use. If users do not wish for overseas transfer, they can withdraw membership after accessing the service or request the suspension of personal information processing through the Company’s Personal Information Manager or grievance handling department.
7. Outsourcing of Personal Information Processing
(1) The Company outsources personal information processing tasks to third parties for service operation, maintenance, and user convenience.
(2) The Company manages entrusted entities through personal information entrustment contracts, ensuring compliance with relevant laws and guidelines, information protection, confidentiality, prohibition of third-party provision, liability for accidents, and the obligation to return or destroy personal information immediately upon termination of the entrustment period. The Company ensures that entrusted entities take all necessary measures regarding personal information protection. If an entrusted entity causes damage to a customer due to intentional or negligent handling of personal information, the entrusted entity bears full responsibility.
※ For one-off entrustment tasks with very short entrustment periods, where public disclosure on the website or training of the entrusted entity is not feasible, the Company clearly notifies the entrusted entity of obligations through contract documents and requests that the entrusted entity trains its relevant employees.
| Contractor | Purpose of Entrustment |
| STAYGE Labs, Inc. | Service development, operation, maintenance |
| bemyfriends Inc. | Plus Chat &Merch service development, operation, maintenance |
| Eximbay/Toss payments/Paypal (Subcontractor) | Electronic payment service provision |
| GRAVITY NEOCYON, INC. | Service development, operation, maintenance, and event management |
| PwC | MAMA voting and judging system review, vote recounting, judging tally agency |
| Mailgun | Email sending |
| CJ Telenix | Customer service response and guidance entrustment operation |
| CJ OliveNetworks | Log analysis and notification services through Braze |
| NBT | Point Offerwall system operation and customer inquiry response |
| NHN Cloud Corp. | SMS/LMS/MMS message sending |
| CJ Logistics | Order product storage and delivery |
(3) If the content of entrusted tasks or entrusted entities changes, the Company will promptly disclose this through this Privacy Policy.
8. Provision of Personal Information to Third Parties
(1) The company provides personal information to third parties only to the minimum extent necessary, with user consent, as required for smooth service provision under Article 17(1)1 of the Personal Information Protection Act.
| Recipient | Purpose of Provision | Provided Items | Retention & Usage Period |
| NOL UNIVERSE | Pre-sale service for Plus Chat membership | Membership number, name | 10 days after service provision |
(2) In accordance with the “Guidelines for Processing and Protecting Personal Information in Emergency Situations” announced jointly by government ministries, the Company may provide personal information to relevant authorities without user consent in emergency situations such as disasters, infectious diseases, incidents or accidents causing imminent danger to life or body, or urgent property loss.
(3) The company may provide personal information to investigative agencies without user consent when required by law and procedure for investigation or inquiry purposes.
9. Users’ Rights and How to Exercise Them
(1) Users may access or modify their registered personal information, withdraw consent for collection/use/entrustment/provision, or request account deletion at any time via Mnet Plus services:
① View and edit: Log in > MY
② Delete and withdraw: Log in > MY > Your Account > Delete Mnet Plus account
③ Marketing and advertising consent: Log in > MY > Your Account > Consent to receive marketing messages
(2) Users may exercise their rights through an agent, in which case a power of attorney in the format specified in Annex 11 of the “Notice on Personal Information Processing Methods” must be submitted.
(3) Requests for access or suspension of processing may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act. Requests for correction or deletion of personal information cannot be made if the information is specified as a collection target under other laws.
(4) If a user requests correction of errors in personal information, the company will not use or provide the information until the correction is completed. If incorrect information has already been provided to a third party, the company will promptly notify the third party of the correction
(5) However, the Company may exceptionally restrict access or correction of personal information in the following cases:
① If there is a significant risk of harming the life, body, property, or rights of the user or a third party.
② If it is likely to significantly interfere with the service provider’s operations.
③ If it violates the law.
(6) The Company operates a separate customer service center for related consultations and inquiries. Contact the Personal Information Manager for prompt action.
10. Protection of Personal Information of Children Under 14
The Mnet Plus service does not accept membership registration from children under 14 (in Korea) or under 16 (outside Korea) who require the consent of a legal guardian for the collection and use of personal information. Providing false birth date information during Mnet Plus membership registration is considered a violation of the Company’s Terms of Service, and the Company bears no responsibility for issues arising from this. If a child under the age limit has created an account, legal guardians may request account deletion or temporary suspension of use through [고객센터]. Account deletion requests can be withdrawn within 30 days from the application date by contacting the customer service center.
11. Personal Information Protection Officer and Grievance Handling Department
(1) The Company highly values users’ opinions. For inquiries, please contact the Personal Information Manager or the Mnet Plus service department, and we will provide prompt and accurate responses.
[Personal Information Manager]
- Name : Kim Ji Hoon
- Department : CJ ENM ENTERTAINMENT DIV., Information Security
- Contact : 02) 371-5501
[Personal Information Protection Department]
- Department: CJ ENM ENTERTAINMENT DIV. Mnet Plus Business Unit
- Contact: mnetplus.privacy@mnetplus.world
(2) For further consultation on personal information infringement, contact:
☎ Korea Internet & Security Agency
Tel: (without country code) 118 / Homepage: https://privacy.kisa.or.kr
☎ Cyber Bureau of the Prosecution Service
Tel: (without country code) 1301 / Homepage: http://www.spo.go.kr
☎ Electronic Cybercrime Report & Management System (ECRM)
Tel: (without country code) 182 / Homepage: https://ecrm.police.go.kr/minwon/main
☎ Personal Information Dispute Mediation Committee
Tel: (without country code) 1833-6972 / Homepage: https://www.kopico.go.kr/
12. Technical and Managerial Protection of Personal Information
The company implements the following technical and managerial measures to ensure the safety of users' personal information from loss, theft, leakage, alteration, or damage:
(1) Technical Measures
① Personal information is protected by passwords, and important data is encrypted or protected with file lock functions.
② Antivirus software is used to prevent damage from computer viruses. The software is regularly updated, and immediate application of new vaccines ensures protection against sudden virus outbreaks.
③ Security devices (SSL) are used for safe transmission of personal information over the network.
④ Systems are installed in access-controlled areas and intrusion prevention devices are used to prevent external breaches.
(2) Administrative Measures
① Procedures for managing and accessing users' personal information are established and regularly checked for compliance.
② Access to users’ personal information is limited to a minimum number of staff, with managed access rights and education to ensure compliance with laws and policies. Personnel authorized to process personal information include:
- Individuals directly or indirectly handling user-related tasks.
- Personal Information Manager and personnel responsible for personal information management and protection tasks
- Others for whom access to personal information is unavoidable for business purposes.
③ During new employee onboarding, information security pledges are signed to prevent information (including personal information) leakage by employees. Regular reminders and audits ensure compliance with personal information protection obligations.
④ Handover of duties involving personal information is conducted securely, and responsibilities are clearly defined after employment or upon resignation.
13. Duty of Notification
If there are additions, deletions, or modifications to this privacy policy due to changes in relevant laws, policies, or security technologies, the Company will notify users through the Mnet Plus service announcements prior to the revision.
Current Privacy Policy Version : 2. 8 (See previous version)
- Announcement Date : 2025.12.29
- Effective Date : 2026.01.07
※ Additional Notice for California Consumers
1.Notice on the Collection and Use of Personal Information
1) Prior to the effective date of this Privacy Policy, the Company may have collected the following personal information about users:
Information provided by the user directly
- Name, email address
- Personal information listed in the California Customer Records statute (Cal. Civ. Code §1798.80): Name, address, telephone number, credit card number, debit card number, or any other financial information. (Some personal information included in this category may overlap with other categories.)
- Protected Class Information under California or federal law: Age
- Commercial information: products or services purchased, obtained, or considered
Information the Company Collects Automatically
- Internet or other similar network activity: Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement, Internet Protocol address, country of access, or unique personal or online identifiers, advertising identifiers.
- We may also receive the categories of information described above from other sources, including from internet service providers and data analytics service providers.
2) The purposes of the collection of the above personal information are as follows:
- Subscription to membership and use of the product purchasing services
- Delivery of notices regarding the Service
- Prevention of improper use by delinquent members and unauthorized use of services
- Responding to inquiries or complaints related to services
- Statistical analysis and research for service improvement and optimization development
- Purchase and delivery of products
- Participation in events
- Delivery of notices related to user verification and events participations, and the processing of related complaints
- Award and delivery of gifts or prizes following an event, delivery of related notices and processing of related complaints
- Notices related to various events
- Customized advertisements and other marketing activities
2. Disclosure of User’s Personal Information
1) Prior to the effective date of this Privacy Policy, the Company may have disclosed certain personal information of users to a third party listed below:
- Consignees that provide services on our behalf (e.g. shipping company, payment company)
- Business partners
- Data analytics service providers
- Professional services providers
The categories of personal information disclosed are identical to the scope listed in 1.1) above.
- The Company does not sell the personal information of users residing in California that was collected through the Mnet Plus website.
3. Privacy Rights of California Consumers
Pursuant to the CCPA, users who are California residents may exercise various rights related to their personal information that has been collected by the Company (Mnet Plus). Users will not be discriminated for exercising such rights when using the Site.
1) Right of Access
Users who are California residents may request access to their personal information collected through the Mnet Plus website related to the matters described below. However, the Company may deny such request if permitted under the CCPA.
(1) Categories of personal information the Company has collected about the user over the past 12 months and categories of sources from which the personal information was collected
(2) Business or commercial purpose(s) for which the Company collected the user’s personal information
(3) Categories of personal information that the Company disclosed for business purposes, and categories of the third parties with whom the Company has shared the user’s personal information
(4) Specific personal information collected by the Company
If a user wishes to exercise his or her rights of access, the user may request such access [here]. The Company will need to verify the user’s identity in order to fulfill such request. The Company will verify the user in accordance with applicable law.
2) Right to Delete
Users who are California residents may request deletion of their personal information collected through the Mnet Plus website. However, the Company may deny such deletion request if permitted under the CCPA. Upon the user’s request for deletion, the Company will permanently delete all personal information of the users by withdrawing the user’s membership from the Service. Therefore, in order to reuse the Mnet Plus website after deletion of personal information, the user must resubscribe to the website. Please note that users will be prohibited from subscribing for a period of thirty (30) days after withdrawal in order to prevent improper use of the Company’s services.
If a user wishes to exercise the right to delete his or her personal information, the user may request such deletion [here]. The Company will need to verify the user’s identity in order to fulfill such request. The Company will verify the user in accordance with applicable law.
3) Right to Opt-Out of Sale
The Company does not sell personal information of users residing in California that is collected through the Mnet Plus website. If the Company sells personal information in the future, users will be notified in advance, and if the user resides in California, the user shall have the right to opt-out of (suspend) the sale of their personal information.
4) Shine the Light Request
The Company does not share personal information with third parties for the third party’s direct marketing purposes.
5) Eraser Law Request
If the user is a California resident under the age of 18 and is a registered user of the website, the user may request that the Company remove any submission the user publicly posted on or in the website. To request removal of a submission, please email a detailed description of the submission to the [help center]. The user may also be able to log into their account and delete their own submission. The Company reserves the right to ask the user to provide information that would enable the Company to confirm that the submission in question was created and posted by the specific user.
※ The user may appoint an authorized agent to exercise the user’s rights on their behalf. If a user wishes to exercise such rights through an agent, the user must submit proof that the user granted such authority to the agent in writing. The Company may also require the user to verify his or her identity through the verification procedures described above.
※ Additional Notice for European Consumers
The Company processes the user’s personal information in compliance with the European Union’s General Data Protection Regulation (GDPR) and applicable laws. The Company uses the user’s personal information for the following purposes:
- For user subscription and provision of the Service: The Company may use the user’s personal information in order to execute an agreement with the user and to fulfill its obligations under such agreement. The Company may also use the user’s identification information, contact information, financial information, transactional information, marketing information, and communication data, etc. in the process of providing the Company’s Service to the user and for the operation of the Service, such as to notify users of an amendment to the Company’s Service and to process user’s requests, etc.
- To strengthen the security of the Company’s Service: The Company may use the user’s personal information to protect the legitimate rights of users and the Company in strengthening information security and, within the extent necessary to fulfill its obligations under applicable law, to verify the user’s account, investigate suspicious activities, and apply the Terms of Use Agreement.
- To improve the Service: The Company may analyze data, such as the user’s use records, in order to develop new businesses and to improve the Service by using more relevant contents and user experiences.
Pursuant to the GDPR and other applicable law, the user may request the transfer of their personal information to a different manager or request the Company to cease processing of their personal information. Moreover, the user reserves the right to file complaints with the competent data protection authority. The user may contact customer service for any inquiries regarding the foregoing, and the Company will process such inquiries quickly in a lawful manner.
The Company’s Service is not for children. The Company does not collect the personal information of any children below the age of 16 who reside in the European Economic Area (EEA). If the personal information of children is collected unintentionally in relation to the provision of the Service, the Company will immediately delete such information. Please contact customer service for any questions regarding the personal information of children below the age of 16.
In order to provide the Service to users, the Company may transfer, store, and process personal information outside of the EEA, including in Korea. Moreover, personal information may be stored in the EEA area by being stored in the device that the user used to access the Service. If the Company transfers the user’s personal information outside of the EEA, the Company will ensure that at least one of the safety measures listed below will be applied to ensure a similar level of protection as is ensured within the EEA.
- The Company transfers personal information only to countries that the European Commission (EC) has deemed to provide an appropriate level of protection.
- If the Company uses a particular service provider, the Company may execute an EC approved contract that ensures the same level of protection for personal information as is used in the EEA.
Please contact the Company for further information regarding the measures it takes to transfer personal information outside of the EEA.
Comments
0 comments
Article is closed for comments.