Fintech Switch Co.,Ltd. (hereinafter "Company") considers the protection of the users' personal information very important and is committed to the protection of the personal information that the users provided to the company in order to use the company's service (cryptocurrency wallet service). Accordingly, the company complies with laws related to the protection of personal information, such as the "Act on Promotion of Information and Communication Network Utilization and Information Protection" and the "Personal Information Protection Act".
Article 1 (Collecting personal information)
The personal information collected by the company are as follows:
1. Personal information collected when registering or using service
① Membership: Email, nickname, profile photo
② Certification of owning a mobile phone number: mobile phone number
③ Authentication: Name, mobile phone number, date of birth, gender, local/foreigner information, subscribed mobile carrier, ID verification information (CI, DI) (A separate consent procedure is carried out through identification service for self-certification, etc.)
④ Advertisement/marketing (optional): Cell phone number, email address (receiving advertising/marketing information can optionally be determined depending whether or not to agree).
2. Information collected automatically during service use
Information can be automatically generated or collected in the process of using the service for the purpose of ensuring service stability, providing safe service, and restricting violations of legal and service terms.
① Service usage records, access logs, transaction logs, IP information, cookies, bad and fraudulent records, mobile device information (model name, mobile carrier information, OS information, screen size, language and national information, advertising ID, device identification, etc.)
② Illegal/negative access to services and service applications, records of access attempts to service applications, and information required to identify safe operating environments for services and service applications
3. Additional information to be collected for customer consultation
① Common: Cell phone number
② Mobile phone number change: evidence of mobile carrier
4. How to collect personal information
① Collecting via mobile app, email, customer center, phone call, etc.
② Collected by consent from third party service
③ Collecting through automatic collection device
Article 2 (Purpose of processing personal information)
The company processes users' personal information for the following purposes: The personal information that is being processed shall not be used for any other purpose than the following. In case of a change of the purpose of use, we will implement the necessary measures, such as obtaining separate consent under Article 18 of the Act on the Protection of Personal Information.
1. Managing user information
① Identifying users, managing user information, and informing various notices
② Developing new services and providing diverse services
③ User consultation, complaint handling, and customer damage compensation
④ Processing withdrawal through untact self-verification, changing personal information, and initializing the remittance password, etc.
2. Providing Services
① Self-identification and checking the details of the cryptocurrency remittance
② Items related to overall service management, such as processing cryptocurrency deposit
③ Settlement and cross-check of transactions when linked to exchanges and other wallets
3. Event information notice
① Provide various events and advertising information
② Provide new and customized services, etc.
Article 3 (Period of holding and using personal information)
The company processes personal information within the period of personal information holding/using under the company law or within the period agreed when personal information is collected from the users. Each period of personal information holding and using is as follows.
1. Personal Information Holding and Using Period
Category l Reason for holding l Period of use
Membership l User management, Consulting users l Cancelling membership
Additional authentication l membership withdrawal processing, mobile phone number change and initialization of remittance password l five years since membership withdrawal
Cryptocurrency deposit and withdrawal l Identification according to service use provided by the company, managing information for processing withdrawals when using cryptocurrency remittance, to determine whether in transaction relationship, 5 years since membership withdrawal
However, if investigation or examination is under way due to violation of the related statutes, the information shall be held and used until the end of investigation.
2. Preservation by law in accordance with the provision of services
① In principle, the users' personal information is destroyed without delay when the purpose of personal information collection and use is achieved. However, the records of fraudulent use can be preserved for one year in accordance with the internal policy to prevent disputes caused by fraudulent use of the service.
② The company separately stores, manages, or destroys the personal information of members who do not use the service for one year in accordance with the company's statute and the 'Personal Information Effective Period System'. Separate personal information is stored for four years and destroyed without delay. However, if a statute imposes an obligation to keep information for a certain period of time, personal information will be kept safe for that period.
Classification l Related laws l Period of use
Records on contracts or cancellations of subscriptions l Act on the consumer protection in the e-commerce transactions etc l 5 years
Records on consumer complaint or dispute handling l Act on the consumer protection in the e-commerce transactions etc l 3 years
Records on indication and advertising l Act on the consumer protection in the e-commerce transactions etc l 6 months
Records on wrong deposits l Act on the consumer protection in the e-commerce transactions etc l 5 years
Records on identification l Law regarding the promotion of information and communication network use and protection of information l 6 months
Login records l Protection of Communications Secrets Act l 3 months
Article 4 (Commission of Personal Information Processing)
The company entrusts personal information to external companies to perform part of the tasks required to provide the service. And the company manages and monitors to ensure that the commissioned company does not violate the related statutes. The following companies have been commissioned to handle personal information:
1. Commissioned company for personal information processing
Commissioned company l Purpose of commission l Period of use
Infobank Co.,Ltd. l Mobile phone number verification l Until the membership withdrawal or the commission contract termination
Danal Co.,Ltd. l Mobile phone self-identification service l Until the membership withdrawal or the commission contract termination
KCB Co.,Ltd. l Mobile phone self-identification service l Until the membership withdrawal or the commission contract termination
KT Hitel Co.,Ltd. l Kakao notification talk forwarding agent l Until the membership withdrawal or the commission contract termination
Article 5 (Rights, obligations of users and legal representatives and methods of exercise)
1. Users may exercise his or her right to access, correct, delete, or suspend his/her personal information at any time. However, as provided in the related statutes, such as Article 35 paragraph 4., Article 36 paragraph 1., Article 37 paragraph 2 of the Personal Information Protection Act, the exercise of rights such as the user's request for access, correction, deletion, and suspension of personal information may be restricted.
2. Users' rights exercise can be done through written e-mail or FAX in accordance with Article 41 paragraph 1 of enforcement ordinance of the Personal Information Protection Act and the company will take action without delay.
3. The rights under paragraph 1 may be exercised by the legal representative of the user or by the authorized representative. In this case, a letter of attorney shall be submitted in accordance with the annex form No. 11 of the enforcement regulation of the Personal Information Protection Act.
4. In case of a request for correction or deletion of personal information, the deletion of personal information cannot be requested if the personal information is specified as a collecting target in other statutes.
5. The company checks whether the person who made the request, such as the request for access, correction, deletion and suspension of processing according to the user's right to use, is himself or is a legitimate agent.
Article 6 (Destruction of personal information)
1. The company shall destroy the personal information without delay when it becomes unnecessary, such as the expiration of the period of personal information retention and the achievement of the purpose of processing.
2. In case that the period of personal information retention, agreed by the user, has expired or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or otherwise stored in a different location.
3. The destruction method of personal information is as follows:
① Personal information stored in electronic file format is permanently deleted to prevent recovery of records
② Personal information written or stored in a paper document is shredded with a shredder or incinerated
Article 7 (Technical and administrative protection measures of personal information)
The company prepares the following technical and administrative measures to ensure safety in order to prevent personal information from being lost, stolen, leaked, falsified or damaged while processing the users' personal information.
1. Establishing an internal management plan
The company develops and implements an internal management plan for the safe management of personal information handled by the company.
2. Encryption of users' personal information
The company encrypts personal information such as the user's password and bank account number by using safe encryption algorithm.
3. Countermeasures against hacking, etc.
The company does its best to prevent the leakage or damage of users' personal information due to hacking or computer viruses. In case of damage to personal information, the company frequently back up the data, prevents users from leaking or damaging personal information using the latest vaccine program, and ensures secure transmission of personal information on the network through encrypted communication.
4. Minimize and educate people who handle personal information
The company limits the number of people handling personal information to the minimum required for the task and impresses the importance of personal information protection through administrative measures such as training for personal information handlers.
Article 8 (Articles related to the installation, operation, and refusal of the automatic collector of personal information)
The company uses a cookie to store and retrieve information frequently to provide service convenience to users. Cookies are small amounts of information that the website sends to your computer browser (such as Internet Explorer).
1. Purpose of using Cookies
Through cookies, user's preferred settings are saved to support user's faster web environment, and is utilized for service improvement for convenient use. This makes it easier for users to use the service.
2. Installation, operation and rejection of cookies
Users have the option to install cookies and can refuse or delete the storage of these cookies at any time.
3. How to deny cookie settings
① Internet Explorer : Select 'Tools' menu > Select 'Internet Options' > Click the 'Privacy' tab > 'Advanced Privacy Settings' > 'Cookie Level Settings'
② Chrome : Select 'Settings' Menu > Select 'Show Advanced Settings' > 'Privacy and Security' > Select 'Contents Settings' > 'Cookie Level Settings'
③ Safari : Select 'Configuration' Menu > Select 'Privacy' Tab > Set 'Cookie and Website Data Levels'
Article 9 (Person in charge and responsible departments for the protection of personal information)
1. To protect users' personal information and to handle complaints related to personal information, the company designates the relevant departments and managers of personal information protection as follows:
(Person in charge of personal information protection)
- Name : Tae-hoon Kim
- Position : Responsible for personal information protection
- Phone Number :
- E-mail :
2. All complaints regarding personal information protection that occur when a user uses the company's service may be contacted by the personal information protection manager and the responsible department. The company will answer and process your questions.
Article 10 (Remedy for infringement of rights)
If you need help or counseling for personal information infringement, you can contact the following organizations:
Personal Information Infringement Report Center (Operated by the Korea Internet & Security Agency)
- Homepage : privacy.kisa.or.kr
- Phone : (without area code) 118
Personal Information Dispute Mediation Committee
- Homepage :
- Phone : (without area code) 1833-6972
Cyber Crime Investigation Team of the Prosecutor-General's Office
- Homepage :
- Phone : 02-3480-3573
National Police Agency Cyber Security Bureau
- Homepage : cyberbureau.police.go.kr
- Phone : (without area code) 182
Article 11 (Responsibility for link sites)