Privacy Policy
Privacy Policy
Snapshoot Co., Ltd. (hereinafter referred to as 'Company') complies with the Personal Information Protection Act and related laws to protect the freedom and rights of data subjects using the website (hereinafter referred to as 'Service') operated by the Company, and processes personal information lawfully and manages it safely. In order to inform data subjects about the procedures and standards for personal information processing and protection, and to enable them to report and smoothly handle related complaints, the Company establishes and discloses the following privacy policy.
Article 1 (Status of Personal Information Processing)
① The Company processes users' personal information for the following purposes. The personal information being processed is not used for purposes other than those stated below, and if the purpose of processing changes, the Company will obtain separate consent in accordance with Article 18 of the Personal Information Protection Act.
② Personal Information Items Processed Without Data Subject Consent [Required]
| Legal Basis | Category | Purpose of Collection | Items Collected (Collection Category) | Retention and Use Period |
|---|---|---|---|---|
| Personal Information Protection Act Article 15(1)(4) | SNS Simple Sign-up | SNS simple member registration and login linkage, data subject identification and authentication, member qualification maintenance and management | **[Required]** Kakao: Email, CI (Connected Information), Name, Mobile Phone Number Apple: Email, CI (Connected Information), Name, Mobile Phone Number | Until membership withdrawal |
③ Personal Information Items Processed with Data Subject Consent [Optional]
| Legal Basis | Category | Purpose of Collection | Items Collected (Collection Category) | Retention and Use Period |
|---|---|---|---|---|
| Personal Information Protection Act Article 15(1)(1) | SNS Simple Sign-up | Personal information processing for service promotion and sales solicitation | [Optional] Date of birth, Gender, Profile information (Nickname/Profile photo) | Until membership withdrawal |
Article 2 (Procedures and Methods for Destruction of Personal Information)
① The Company destroys personal information without delay when the purpose of collecting personal information is achieved or when the agreed retention and use period expires. However, records that must be preserved in accordance with the provisions of related laws such as the Act on Consumer Protection in Electronic Commerce shall be preserved for the relevant period and then destroyed.
② Personal information that must be retained for a certain period in accordance with the provisions of related laws is as follows.
| Related Law | Items Retained | Retention Period |
|---|---|---|
| Communications Secrecy Protection Act | Login records | 3 months |
| Act on Consumer Protection in Electronic Commerce | Records on display and advertising | 6 months |
| Records on contracts or withdrawal of subscription | 5 years | |
| Records on payment and supply of goods, etc. | 5 years | |
| Records on consumer complaints or dispute resolution | 3 years |
③ The procedures and methods for destruction of personal information are as follows.
- Destruction Procedure: Information collected during the service use process such as membership registration is automatically destroyed in the system after being stored for the period specified in internal policies and other related laws after the purpose is achieved, and personal information collected offline (not in the system) is manually destroyed when the retention period expires or the purpose is achieved.
- Destruction Method: The Company destroys personal information recorded and stored in electronic file format so that records cannot be reproduced, and destroys personal information recorded and stored on paper documents by shredding or incineration.
Article 3 (Matters Concerning Provision of Personal Information to Third Parties)
The Company processes data subjects' personal information only within the scope specified in the purpose of personal information processing, and provides personal information to third parties only in cases corresponding to Article 17 and Article 18 of the Personal Information Protection Act, such as data subject consent or special provisions of laws. Otherwise, the Company does not provide data subjects' personal information to third parties.
Article 4 (Criteria for Judgment When Additional Use or Provision of Personal Information Continues to Occur)
① The Company may additionally use or provide personal information without data subject consent in consideration of matters under Article 14-2 of the Enforcement Decree of the Personal Information Protection Act in accordance with Article 15(3) or Article 17(4) of the Personal Information Protection Act, and cases where personal information is additionally used or provided without user consent are as follows.
② The Company has considered the following matters in order to additionally use or provide without data subject consent.
- Whether it is related to the original purpose of collection
- Whether there is predictability regarding additional use or provision of personal information in light of the circumstances or processing practices in which personal information was collected
- Whether it unfairly infringes on the interests of data subjects
- Whether necessary measures for security such as pseudonymization or encryption have been taken
Article 5 (Matters Concerning Entrustment of Personal Information Processing)
① The Company entrusts personal information processing as follows for smooth personal information processing.
| Consignee | Entrusted Business Content |
|---|---|
| Toss Pay | Payment |
| Korea Post | Delivery |
② When concluding an entrustment contract, the Company specifies in documents such as contracts matters concerning prohibition of personal information processing for purposes other than performing entrusted business, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of consignees, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether consignees safely process personal information. If a consignee re-entrusts the Company's personal information processing, the Company obtains prior consent from the Company.
Article 6 (Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives)
Data subjects may exercise their rights as data subjects (access, correction, withdrawal of consent, deletion of registered personal information) at any time, and may request access, provision, correction, withdrawal of consent, deletion (withdrawal), suspension of processing, and filing of objections.
Article 7 (Personal Information Protection Officer and Remedies for Infringement of Data Subject Rights)
The Company designates the relevant department and personal information management officer as follows to protect customers' personal information and handle complaints related to personal information.
- Customer Service Manager: Jeong Min-gwan
- Contact Email: jeongmingwan3@gmail.com
Data subjects may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive relief for personal information infringement. For other reports and counseling on personal information infringement, please contact the following agencies.
- Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
- National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
Privacy Policy Effective Date: November 18, 2025