1. Collected Personal Information and Collection Method
A. Personal information collected by NAVER
  • 1) NAVER collects the following minimum personal information as required information upon initial user registration for purposes that include user registration, smooth customer consultation and provision of various services.
    • <General user registration>
    • Name, date of birth, gender, ID, password, nickname, contact information (choose one from email address and mobile phone number), registration authentication information
    • <Real name user registration: register optionally with resident registration number or i-PIN>
    • Name, real name authentication information, i-PIN number for users registering with i-PIN, date of birth, gender, ID, password, nickname, contact information (choose one from email address and mobile phone number), legal agent information of users under the age of 14, registration authentication number
    • <Group ID registration>
    • Required : Group ID, company name, name of representative, representative phone number, representative email address, group’s address, ID of administrator, contact information of administrator, department and position of administrator.
    • Optional information: representative website, representative fax number
    • <Foreigner general user registration>
    • Name, date of birth, gender, ID, password, nickname, contact information (choose one from email address and mobile phone number), registration authentication number
    • <Foreigner real name user registration>
    • Foreign residents in Korea: name, real name authentication information, ID, password, nickname, contact information (choose one from email address and mobile phone number), date of birth, gender, nationality of users registering with alien registration number, legal agent information of users under the age of 14, registration authentication information
    • Foreign residents abroad: name, ID, password, nickname, contact information (choose one from email address and mobile phone number), nationality, gender, date of birth, registration authentication information
  • 2) The following information may be automatically created and collected while services are used or businesses are processed.
    • IP Address, cookies, time of visit, service use records, delinquent use records
  • 3) When users use optional and customized service or enter events with a NAVER ID, the following information may be collected only from the users who use the corresponding services
  • 4) The following payment-related information may be collected when using paid services
    • When paying with credit cards: name of card company, credit card number, etc.
    • When paying with mobile phone: mobile phone number, mobile service provider, payment authentication number, etc.
    • When making credit transfer: bank name, account number, etc.
    • When paying with gift vouchers: voucher number
B. Personal information collection method
NAVER collects personal information using the following:
  • Website, written forms, fax, telephone, customer service board, email, event entry information, shipping request
  • Information provided by affiliated companies
  • Tool collecting generated information
2. Purpose for Collection and Use of Personal Information
A. Execution of service provision agreement and billing for the provided service
To provide contents and customized services, to deliver goods or invoices, to conduct self-authentication, to make purchase and payment, to collect fee
B. Member management
Provision of membership-based service, to verify personal identity, to prevent dishonest or unauthorized use by delinquent users (users who have permanently been forbidden to use services in accordance with first and second paragraphs of Article 20 of NAVER’s Terms of Use, due to the violation of the subparagraphs 1 to 8, paragraph 1 of Article 11), to verify intention to join membership, to limit acquisition of membership or number of accounts per user, to verify approval from a legal agent when collecting personal information of a user under the age of 14, to verify legal agent’s identity afterward, to retain records for settlement of conflicts, to process civil complaints including customer complaints and to deliver notices and to confirm users’ intention of member withdrawal.
C. Development, marketing and advertisement of new services
To develop new services and provide customized services, to provide services and place advertisements based on statistical characteristics, to confirm validity of the service, to provide information on events and advertisement as well as opportunity to participate, to identify access frequency, to make statistics on member’s service usage.
3. Disclosure and Provision of Personal Information
Company uses personal information of users within the scope indicated in “2. Purpose for Collection and Use of Personal Information,” does not go beyond that scope without prior consent of the user, and principally does not disclose personal information of users to third parties. However, the following cases are exceptions.
A. When the user agreed to disclose in advance
  • Naver online game (Click to see details)
  • Naver linked service (Click to see details)
B. When it is demanded by provisions of legislation or when an investigative agency makes a request based on process and method defined by the legislation for the purpose of investigation
4. Entrusting Personal Information
Company entrusts personal information as the following for the purpose of service enhancement, and in accordance with related legislation presents the necessary regulations upon signing of contract to ensure safe management of entrusted personal information.
Company entrusts personal information to the following organizations for the following purposes.
Organization
Organization Purpose
Naver I&S Service operation, event prize delivery, customer service support
inComms Customer service, photo printing service operation
Gplus, CommPartners Customer service
Greenweb Service Service operation
Naver Business Platform Consign system operation for service provision/analysis, customer consultation in regards to Naver cash
Happybean Foundation Happybean operation
Naver Cultural Foundation Operate Naver Cultural Foundation
NHN Technology Services Management of infrastructure, development and testing of services
Skylogis Delivery of service products or event prizes
NICE Group, National Information and Credit Evaluation Inc., Seoul Credit Rating and Information Inc., Korea Association for ICT Promotion Real name verification
Mobile service providers and credit card companies, which users are using Self identification
Period of retention and use
  • Until the termination of account by the user or the termination of the contract : Naver I&S, inComms, Gplus, CommPartners, Greenweb Service, Naver Business Platform, Happybean Foundation, Naver Cultural Foundation, NHN Technology Services, Skylogis
  • Personal information is not saved separately as the corresponding companies are already retaining the information : NICE Group, National Information and Credit Evaluation Inc., Seoul Credit Rating and Information Inc., Korea Association for ICT Promotion, Mobile service providers and credit card companies, which users are using are using
  • ※ For certain services, customer consultation regarding payment and refund can be carried out by external content providers (click).
5. Period of Retention and Use of Personal Information
In principle, the personal information of users is destroyed without delay once the purpose of collection and use of the personal information has been accomplished. However, the following information will be retained over the described period for the corresponding reasons.
A. In accordance with Company’s internal policy
  • - Record of misuse
    Reason: prevention of misuse
    Period: 1 year
B. In accordance with related legislation
If relevant legislation, including Commercial Law and Act on the Consumer Protection in the Electronic Commerce Transactions states to do so, Company retains the information for the period specified by legislation. In this case, Company uses the retained information only for the purpose of retention, the period of which is as stated below:
  • Record on agreement or withdrawal of subscription
    Reason: Act on the Consumer Protection in the Electronic Commerce Transactions
    Period: 5 years
  • Record on payment and supply of goods
    Reason: Act on the Consumer Protection in the Electronic Commerce Transactions
    Period: 5 years
  • Record on e-finance transaction
    Reason : Electronic Financial Transaction Act
    Period : 5 years
  • Record on settlement of customer complaints or conflict
    Reason: Act on the Consumer Protection in the Electronic Commerce Transactions
    Period: 3 years
  • Record on website visits
    Reason: Communication Privacy Protection Act
    Period: 3 months
6. Procedure and Method of Disposal of Personal Information
In principle, the personal information of users is destroyed without delay once the purpose of collection and use of the personal information has been accomplished. Company destroys personal information following the procedure and method stated below.
A. Procedure of disposal
  • The data entered by users for member registration is transferred to a separate database once the purpose is achieved (hard copies are moved to a separate cabinet), saved for a certain period in accordance with the internal policy and the reason of information protection stated by other relevant legislation (see period of retention and use), and destroyed.
  • The corresponding personal information is not used for the purpose other than for retention, unless that purpose derives from the law.
B. Method of disposal
  • Personal information printed on paper will be shredded or incinerated.
  • Personal information saved in electronic file format will be erased using a technology that does not allow recovery of records.
7. Rights of Users and Legal Representatives and Methods of Exercising the Rights
  • Users and legal representatives can view and modify their registered personal information or the personal information of children under 14 who they represent at any time, and if do not approve Company’s processing of personal information, users or their legal representatives can also refuse to agree or request termination of account (withdrawal of membership). However, in those cases users may have limited or no access to the services.
  • In order to view and modify their personal information, users or legal representatives of users under the age of 14 should click “update personal information” (or “edit account information”), and click “withdraw membership” to terminate account (cancel agreement). Users can view, modify the personal information or withdraw after user identification is confirmed.
  • Users can also contact the employee in charge of personal information management via telephone, email or in writing for immediate response to the request.
  • If users request correction of errors in the personal information, the concerned information will not be used or disclosed until the correction is made. In addition, if the incorrect personal information has already been provided to a third party, immediate action will be taken to make corrections by notifying the third party of the updates.
  • If users or legal representatives request termination of account or deletion of personal information, the concerned information will be processed only as indicated in “5. Period of Retention and Use of Personal Information,” and will not be viewed or used for any other purpose.
8. Installation, Operation and Rejection of Automatic Personal Information Collector
A. What is a cookie?
  • Company uses cookies that save and frequently recall user information, in order to provide personalized and customized services.
  • Cookies are very small text files sent to the user’s browser by the website’s server, and are saved in the hard disk of the user’s computer. When the user revisits the website, its server reads the saved cookies and uses them to maintain user configuration and provide customized service.
  • Cookies do not automatically or actively collect personal identification information, while users can always refuse saving cookies or delete them.
B. NAVER’s purpose of using cookies
NAVER utilizes cookies to provide users with the optimized and customized information including adverts based on the analysis of user’s patterns of visiting and using NAVER’s services and websites, popular search terms as well as the data about connection using SSL, news page editing and number of users.
C. Installation, operation and rejection of cookies
  • Users have the right to choose whether cookies are installed or not. Thus users can adjust options on their web browser allow all cookies, confirm each time that a cookie may be stored, or disallow all cookies.
  • However, if a user rejects all cookies, there may be limitations in using certain services, which require log-in.
  • Here is how users can set their cookie preferences (if using Internet Explorer):
  • From the [Tools] dropdown, choose [Internet Option].
  • Click on [Privacy] tab.
  • Adjust the privacy slider.
9. Technical and Administrative Measures of Personal Information Protection
Company takes the following technical and administrative measures for the purpose of safety acquisition that will prevent loss, theft, leak, falsification or damage of personal information while it is handling the personal information of its users.
A. Codification of passwords
Passwords of NAVER user IDs are known only by the users as they are stored and managed in encrypted form, and only the users who know their passwords can view and make changes to their personal information.
B. Countermeasures against hackers
Company does its best to prevent leakage or damage of the user’s personal information by hacking or computer viruses.
Company also frequently makes back-up copies of the personal information in case of deterioration, prevents leakage or damage of the information by using the latest vaccine programs, uses encrypted communication to facilitate safe transmission of personal information on the network.
In addition, NAVER controls external intrusion utilizing intrusion prevention system, and does its best to be equipped with all possible technological instruments to ensure system security.
C. Recruitment of minimum number of employees involved and education
Company restricts handling of the information only to authorized employee who is issued with a separate password, which is periodically updated. The employee in charge of the personal information management is constantly reminded of the importance of adherence to the privacy policy through employee training conducted frequently.
D. Special team for privacy protection
Company also does its best to resolve and correct any problem should it occur, through its special team for privacy protection that monitors enforcement of NAVER Privacy Policy as well as employees’ adherence to it.
However, Company does not take any responsibility for problems related to leakage of ID, password and resident registration number caused by user’s carelessness or internet connection.
10. Contact Information of Manager and Employee in Charge of Personal Information Management
You may file all your complaints with regard to personal information protection in NAVER services to the manager or the department in charge of protection of personal information.
Company will swiftly and fully respond to users’ reports.
  • Manager in charge
  • Name: Jun Ho Lee
  • Information Protection Center
  • Tel: 1588-3820
  • Position: Director
  • email: privacy@naver.com
  • Manager in charge Employee in charge
  • Name: Jin Kyu Lee
  • Personal information protection team
  • Tel: 1588-3820
  • Position: Team manager
  • email: navercc@naver.com
Please refer to the organizations below for further consultation or report on other cases of personal information infringement:
  • Personal Information Infringement Report Center
    (www.118.or.kr / 118)
  • High-tech Crime Investigation Section, Supreme Prosecutors’
    (www.spo.go.kr / 02-3480-2000)
  • Cyber Terror Response Center
    (www.ctrc.go.kr / 182)
11. Others
We notify you that this NAVER Privacy Policy does not apply to the act of collecting personal information by websites linked to NAVER.
In addition, detailed information on protection of personal information in NAVER mobile services is available on NAVER Mobile Privacy Protection page.
12. Obligation to Notify
Any addition, deletion or modification of this document will be notified through Notification on the homepage at least seven days prior to such revision taking effect. However, if significant changes are made to user rights, including changes to collection and use of personal information and disclosure of the information to third parties, users will be notified at least 30 days prior to intended changes.
  • Date of notification: September 4, 2012
  • Date of implementation: September 11, 2012