Delio Co., Ltd. (hereinafter referred to as the "Company") complies with the privacy policy regulations under the relevant statutes such as the “Act on the Promotion of Information and Communications Network Utilization and Information Protection, Etc”, “Act on Consumer Protection in Electronic Commerce, etc.”, “Telecommunication Business Act”, “Personal Information Protection Act”, etc., and user rights and interests are protected by establishing a personal information processing policy in accordance with relevant laws.
The personal information processing policy of the “company” may be changed according to changes in laws or guidelines related to personal information protection and changes in our policies, so please check it frequently when visiting our site.
The privacy policy of the "Company" contains the following contents.
1. Details of personal information collected and methods of collection
2. Purpose of collection and use of personal information
3. Provision of personal information
4. Consignment of processing of personal information
5. Period of retention and use of personal information
6. Personal information destruction procedure and method
7. The Exercise of Rights between Users and their Legal Representatives
8. Measures to ensure the safety of personal information
9. Matters concerning the installation, operation and rejection of an automatic personal information collection device
10. Person in charge of personal information protection and other people in charge
11. Duty of notice
1. Details of personal information collected and methods of collection
a. Details of personal information collected
① The “Company” does not collect sensitive personal information that may violate users’ basic human rights (race and ethnicity, ideology and religion, place of birth and domicile, political orientation and criminal record, health status and sex orientation, etc.).
② “Company” collects and uses only essential personal information as follows.
1) Confirmation of identity and intention to sign up
– [Required] Name, mobile phone number, telecommunication company, duplicate subscription confirmation information (DI), email address, password
[Optional] Receive marketing/event information
2) Identity verification for payment and withdrawal
- Name, date of birth, gender, telecommunication company, mobile phone number, connection information (CI)
3) Password reset
– email address
4) Prevention of illegal use and unauthorized access
- User IP address, visit date and time, mobile device information
6) Identity verification for processing CS inquiries
– A copy of your ID (only the first 6 digits of your resident registration card, driver’s license, or alien registration card), call recording for identity verification, your face taken with a selfie, and information about your face and voice received through self-video for self-verification
7) Request confirmation of incorrect coin deposit
– Coin withdrawal history from other exchanges, including Delio login process
※ Masking (masking) information: A copy of the ID must be attached with masking (masking) of personal information other than the first 6 digits of the name, date of birth, and resident number
③ The following information may be generated and collected during the use of ‘services’.
- Service use record, payment record, use suspension and cancellation record, access log, cookie, user access IP address, bad or abnormal usage record
b. Methods of collection of personal information
“Company” collects personal information in the following ways.
Homepage, mobile phone application, mobile phone web page, fax, telephone, consultation board, e-mail, event application
Collection through the tool that collects generated information
The "Company" collects the minimum personal information necessary for the establishment and implementation of the service use contract in a legal and fair way, and provides the contents of consent to the collection and use of personal information before collecting information that can be used to identify the user.
2. Purpose of collection and use of personal information
The “Company” collects and uses users' personal information for the following purposes.
a. User management
- Verification and personal identification according to the use of service
- Prevention of illegal use and prevention of unauthorized access
- Confirmation of registration
- Minors’ identification
- Records keeping for customer consultation, customer complaint handling, and dispute resolution
- Disclaimer
b. Implementation of contract for service provision and settlement of charges
- Provision of services, provision of content, provision of customized services
- Fee payment and settlement
- Event/Giveaway result announcement and prizes delivery
c. Marketing and advertising
- Provision of optimized service to customers
- Development and specialization of new services (products)
- Provision of services and advertisements according to demographic characteristics
- Identification of web page access frequency
- Statistics on service use
- Sending periodicals, introduction of new products or services
- Web services and event planning that meet customer needs and interests
- Operation of a shared user space and sharing advertising information such as news of affiliates/partners that may include events, company news, etc.
- Customer survey
3. Provision of personal information
The “Company” does not use or provide to third parties the personal information of the customer beyond the scope notified to the customer at the time of collection or the scope specified in the Terms of Service. However, with the customer's consent or in the following cases, exceptions are made.
a. Affiliate relationship: in order to provide better service, we may provide or share your personal information with our affiliates. When providing or sharing personal information, customers are informed about who the affiliates are, which personal information details are provided or shared, why such personal information should be provided or shared, and how long and for how long it will be protected and managed. We will go through the process of asking for consent by notifying users individually in written form or by e-mail, etc., and if the customer does not agree, we will not provide or share personal information with the affiliates. When there is a change in the partnership or when the partnership is terminated, the same procedure will be followed to notify or seek consent.
b. Sales, mergers and acquisitions, etc.: When all or part of a business is transferred or the rights and obligations of a service provider are transferred or succeeded due to a merger or inheritance, etc.
c. In those cases when it is remarkably difficult to obtain a consent for economic and technical reasons, but personal information is essential for the implementation of the contract for the provision of services
d. In case it is necessary for the settlement of charges according to the provision of services
e. In case of special provisions in related laws such as the Basic Act, the Bank of Korea Act, and the Criminal Procedure Act, Communication Secret Protection Act, Framework Act on National Taxes, Act on Promotion of Information and Communications Network Utilization and Information Protection, Act on Real Name Financial Transactions and Confidentiality Act, Act on Use and Protection of Credit Information, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Act, Consumers. However, even if there is any special provision in the law, the personal information of the customer will not be provided unconditionally, even if the administrative agency or investigative agency has requested it for administrative or investigation purposes, and will be only provided in accordance with legal procedures that require a warrant or the seal of the head of the agency and in the written form.
f. When there are sufficient grounds to determine that personal information should be disclosed in order to take legal action against mental and physical harm to others using the company's service
4. Consignment of processing of personal information
The “Company” may entrust the management of personal information to other companies within a limited range for smooth and improved services. Currently, the companies that we entrust the processing of personal information for the implementation of service contracts with users are as follows, and in accordance with relevant laws and regulations, necessary matters are stipulated so that personal information can be safely managed in the consignment contract.
• Personal information processing consignment company
Consignee |
Purpose |
Period of Possession |
NICE Information Service Co., Ltd. |
Simple real-name verification |
not stored separately
(Information owned by the identity verification service company)
|
The White Communication Co., Ltd. |
Customer consultation recording, consultation record, consultation chat |
Until deleting the account or the end of the consignment contract, or the time specified by law |
LinkHub Co., Ltd. |
SMS message delivery |
Until deleting the account or the end of the consignment contract, or the time specified by law |
SUREM Co., Ltd. |
SMS message delivery |
Alligo Co., Ltd. |
SMS message delivery |
Gabia Inc. |
IT Cloud Service |
Until deleting the account or the end of the consignment contract, or the time specified by law |
Hexlant Inc. |
Digital Asset Wallet Service |
Until deleting the account or the end of the consignment contract, or the time specified by law |
If the contents of the entrusted work or the consignee are added or changed, the “Company” shall disclose it through this Privacy Policy without delay, and the user’s consent will be obtained if required
5. Period of retention and use of personal information
a. The "Company" processes personal information according to the period of retention and use of personal information and according to related laws. The period of retention and use of personal information agreed upon when collecting personal information from customers.
b. The "Company" retains and uses personal information only when necessary, as follows.
① Period of retention and use of personal information for deposit·lending services
Category |
Purpose |
Retention Period |
User sign-up |
User Management |
Upon withdrawal |
Deposit·Lending |
Confirmation of account withdrawal, transaction history |
5 years after deleting the account |
② Preservation according to laws and regulations and according to the provision of goods or services
Category |
Item |
Related Laws |
Retention Period |
Display advertisement records |
Advertisemnt display information, such as advertisement text |
Act on Consumer Protection in Electronic Commerce, Etc. |
6 months |
Records on contract or subscription withdrawal |
Transaction history or cancellation information such as order number, user ID, order type, order time, order status, etc. |
5 years |
Records on the supply of goods, etc. |
Payment information such as payment date and time, order history, access IP, etc. |
5 years |
Records of consumer complaints or dispute resolution |
Complaint and dispute handling information, such as user ID, name, and phone number |
3 years |
Record of tax payment |
Supporting materials related to the payment of prizes, such as ID cards, copy of passbook, etc. |
Basic National Tax Act |
5 years |
Internet log records and access point tracking data |
Communication confirmation data such as user ID, access IP, access date, etc. |
Communication Secret Protection Act |
3 months |
※ However, in case of accident investigation, dispute resolution, civil complaint handling, and fulfillment of statutory obligations, it is stored separately.
c. If the user requests to view the transaction information held with the consent of the user, measures are taken so that the user can check it without delay.
6. Personal information destruction procedure and method
After the purpose of using the collected personal information is achieved, the “Company” destroys or separates the information without delay according to the retention period and period of use. The procedure, timing, and method are as follows.
a. Destruction procedure and schedule
After the purpose of use, such as service termination, is achieved, and the personal information filled by the customer for service subscription, etc., has passed the retention period according to information protection reasons (refer to the period of retention and use of personal information above) users’ personal information is destroyed immediately according to internal policies and other related laws. In general, if there is no residual bond-debt relationship, personal information collected and managed in the form of an electronic file that is deleted immediately at the time of account withdrawal
b. Destruction method
Personal information printed on paper is shredded or incinerated with a shredder, dissolved by chemical treatment, and personal information stored in electronic file format is deleted using a technical method that cannot reproduce records.
c. Methods of separate storage
According to the 'personal information validity period', if the service is not used for one year, the user's account becomes inactive. Personal information of inactive users is stored separately and managed by restricting access and applying security.
7. The Exercise of Rights between Users and their Legal Representatives
a. Users and their legal representatives can exercise the following rights with respect to their registered personal information at any time.
Request to read personal information
Request for correction if there is an error in personal information
Request to delete personal information
Request to suspend processing of personal information
b. Users and their legal representatives log in to the "Company" website (www.delio.io) and read or correct personal information in 'Change User Information' tab. Making corrections through e-mail or written request to the person in charge of personal information protection of the 'Company' is also possible.
c. The withdrawal (cancellation) of the ‘consent to the collection and use of personal information’ of users and their legal representatives can be done by e-mail, telephone, or fax.
d. If a user or legal representative requests correction or deletion of personal information errors, the personal information will not be used or provided until the processing is complete. In addition, the “Company” handles personal information that has been canceled or deleted at the request of a user or legal representative as specified in the “Period of Retention and Use of Personal Information”, and is processed so that it cannot be viewed or used for any other purpose.
8. Measures to ensure the safety of personal information
The “Company” is taking the following measures to ensure the safety of personal information.
a. Administrative safeguards
① Establishment and implementation of internal management plan
- Matters concerning the designation of the person in charge of personal information protection
- Matters concerning the roles and responsibilities of the personal information protection officer and personal information handler
- Matters concerning measures necessary to secure the safety of personal information
- Matters related to education for personal information handlers and consigned companies
- Other matters necessary for the protection of personal information
② Regular self-audits
- Division of duties between the person in charge of personal information protection and the auditor
- Matters concerning the role and responsibility of the personal information auditor
- Regular self-audit to ensure safety related to processing personal information
b. Technical safeguards
① In order to prevent leakage of customer information by personal information handlers, a personal information leakage prevention system is maintained. A secure encryption algorithm is applied to personal information transmitted over the terminal (PC) and network.
② By limiting the access right to the personal information processing system to the minimum range necessary for business performance, one user account is differentially assigned to each person in charge of the task. We keep those records for at least 5 years. In addition, we have established and applied the rules for creating passwords for personal information handlers.
③ When transmitting/receiving personal identification information and passwords through information and communication networks or transmitting them through auxiliary storage media, they are stored using commercial encryption software, and passwords are encrypted and stored with a secure encryption algorithm.
④ The records of personal information handlers accessing the personal information processing system are kept and managed for at least two years, and the access records of personal information handlers are safely stored to prevent forgery, alteration, theft, or loss.
⑤ We install and operate security programs such as vaccine software that can prevent and treat malicious programs on personal information processing systems or business computers, use the automatic update function of security programs, and conduct periodic terminal (PC) inspections are doing
c. Physical safeguards
We establish and operate access control procedures for physical storage places where personal information is stored, such as computer rooms and data storage rooms, and store and manage documents and media containing personal information in a safe place with a lock.
9. Matters concerning the installation, operation and rejection of an automatic personal information collection device
a. In some cases, cookies may be installed and operated to store and find customer information through the Internet service provided by the “Company”. Cookies are string information that the web server sends to the web browser to store and then sends back to the server when there is an additional request from the server. When a customer accesses the "Company" website, the contents of the cookie in the customer's browser can be read, additional information can be found, and the service can be provided without additional input such as the name of the connection.
b. The “Company” may use the customer information collected through cookies for the following purposes.
① Provide customized information according to individual interests
② By analyzing the frequency of access or time spent by users and non-users, the user's taste and interests are identified and utilized for target marketing.
③ Track traces of the contents you are interested in and provide personalized service the next time you connect
④ Obtain information on the period of use when using paid services
⑤ Analyze customer habits and use them as a basis for service improvements, etc.
c. Users have an option to install cookies. You can accept all cookies, send a notification when cookies are installed, or reject all cookies in “Tools > Internet Options > Privacy > Advanced” at the top of your web browser. However, if the user refuses to install cookies, there may be difficulties in using the service or providing the service.
d. Cookies expire when you close your browser or log out.
10. Person in charge of personal information protection and other people in charge
a. The “Company” acknowledges the importance of protection of customer personal information and is fully committed to do its best to prevent damage, infringement or leakage of customer personal information. However, in spite of taking technical supplementary measures, we are not responsible for information damage caused by unexpected accidents caused by basic network risks such as hacking, and for various disputes caused by internet posts made by netizens.
b. We ensure that the customer center responds promptly and faithfully to customer inquiries related to personal information protection. In addition, if the customer wants to contact the person in charge of personal information protection of the "company", please contact us at the contact information or e-mail below and we will respond promptly and sincerely to inquiries related to personal information.
Chief Information Security Officer |
Person in charge |
Name: Kim Seong-jin |
Name: Lee Dongsung |
Title: Director |
Title: Head of Department |
Phone number: 02-6713-0470 |
Email: private@delio.io |
c. If you need consultation for other personal information infringement, you can contact the Personal Information Dispute Mediation Committee, Supreme Prosecutors' Office, National Police Agency, Korea Internet & Security Agency, etc.
① Personal Information Dispute Mediation Committee (www.kopico.go.kr): 1833-6972
② Prosecutors’ Office Cyber Crime Center (http://www.spo.go.kr): 1301
③ National Policy Cyber Security Center (http://cyberbureau.police.go.kr): 182
④ Personal Information Infringement Report Center (http://privacy.kisa.or.kr): 118
11. Duty of notice
The current personal information processing policy was revised on September 9, 2021, and if there are additions, deletions, or modifications to the government policy or security technology changes, users will be notified through the website “Notice” section
These terms and conditions are effective from September 16, 2021.