The original version of this Privacy Policy is written in Korean, and translations into other languages are provided for reference only.
In the event of any discrepancy in interpretation, the Korean version shall prevail.

TourCast (tourcast.co.kr, hereinafter “TourCast”) establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly handle related grievances.

○ This Privacy Policy is effective as of August 1, 2023.

Article 1 (Purpose of Processing Personal Information)

TourCast (tourcast.co.kr, hereinafter “TourCast”) processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those stated below. If the purpose of use changes, TourCast will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Membership registration and management on the website

TourCast processes personal information for purposes such as confirming the intention to sign up, identifying and authenticating users for member services, maintaining and managing membership status, and preventing fraudulent use of the service.

2. Provision of goods or services

TourCast processes personal information for the purposes of providing services, providing content, and providing customized services.

3. Use for marketing and advertising

TourCast processes personal information for purposes such as developing new services (products) and providing customized services, providing event and promotional information and opportunities to participate, providing services and placing advertisements based on demographic characteristics, verifying the effectiveness of services, identifying access frequency, or compiling statistics on members’ service usage.

Article 2 (Processing and Retention Period of Personal Information)

① TourCast processes and retains personal information within the retention and use period prescribed by applicable laws or within the retention and use period consented to by the data subject at the time of collection.

② The processing and retention periods for each item are as follows.

1. Membership registration and management on the website
Personal information related to membership registration and management is retained and used for the above purposes from the date of consent for collection and use until the user requests withdrawal (account deletion).
Legal basis for retention: Provision of services
Applicable laws: 1) Records on contracts or withdrawal of subscription: 5 years
2) Records on payments and supply of goods, etc.: 5 years
3) Records on consumer complaints or dispute resolution: 3 years
4) Records on collection/processing/use of credit information, etc.: 3 years
Exceptions: None.

Article 3 (Items of Personal Information Processed)

① TourCast processes the following items of personal information.

1. Membership registration and management on the website
Required: Email address
Optional: None.

Article 4 (Provision of Personal Information to Third Parties)

① TourCast processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or pursuant to special provisions of law.
② TourCast provides personal information to third parties as follows.

1. Not applicable.
Recipient(s) of personal information: Not applicable.
Purpose of use by recipient(s): Not applicable.
Retention/use period by recipient(s):

Article 5 (Entrustment of Personal Information Processing)

① To ensure smooth processing of personal information, TourCast entrusts personal information processing tasks as follows.

1. Not applicable
Entrusted party (processor): Not applicable
Details of entrusted tasks: Not applicable
Entrustment period: Not applicable
② When entering into an entrustment agreement, TourCast specifies in written documents such as contracts, in accordance with Article 26 of the Personal Information Protection Act, matters including prohibition of processing personal information beyond the purpose of entrusted work, technical and administrative safeguards, restrictions on sub-entrustment, management and supervision of the entrusted party, and liability such as compensation for damages, and supervises whether the entrusted party processes personal information safely.

③ If the details of entrusted work or the entrusted party changes, TourCast will disclose it without delay through this Privacy Policy.

Article 6 (Procedures and Methods for Destruction of Personal Information)

① TourCast destroys personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.

② If the retention period consented to by the data subject has expired or the processing purpose has been achieved, but the personal information must be retained under other laws, TourCast will keep the information by transferring it to a separate database (DB) or storing it in a different location.

③ The procedures and methods for destruction are as follows.
1. Destruction procedure
TourCast selects the personal information for which a reason for destruction has arisen and destroys it upon obtaining approval from TourCast’s Chief Privacy Officer.

2. Destruction method

Information in electronic file form is destroyed using technical methods that render the records irrecoverable.

Article 7 (Rights and Obligations of the Data Subject and Legal Representative and How to Exercise Them)

① Data subjects may exercise the right to request access, correction, deletion, suspension of processing, etc. of their personal information with respect to TourCast at any time.

② The exercise of rights under paragraph 1 may be made to TourCast in writing, by email, by facsimile (FAX), etc. in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and TourCast will take action without delay.

③ The exercise of rights under paragraph 1 may be made through a representative such as a legal representative of the data subject or a person delegated by the data subject. In such cases, a power of attorney in the form attached as Form No. 11 to the “Public Notice on Personal Information Processing Methods (No. 2020-7)” must be submitted.

④ Requests to access personal information and to suspend processing may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.

⑤ Requests to correct or delete personal information cannot be made where such personal information is specified as a required collection item under other laws.

⑥ TourCast verifies whether the person making a request for access, correction, deletion, or suspension of processing is the data subject or a legitimate representative.

Article 8 (Measures to Ensure the Security of Personal Information)

TourCast takes the following measures to ensure the security of personal information.

1. Establishment and implementation of an internal management plan
TourCast establishes and implements an internal management plan for secure processing of personal information.

2. Minimization and training of employees who handle personal information
TourCast designates employees who handle personal information and limits handling to responsible personnel to minimize and manage personal information, and provides training.

3. Regular internal audits
TourCast conducts regular internal audits (once per quarter) to ensure stability in handling personal information.

4. Restriction of access to personal information
TourCast takes necessary measures to control access to personal information by granting, changing, and revoking access rights to database systems that process personal information, and controls unauthorized access from outside using intrusion prevention systems.

5. Storage and prevention of tampering with access records
TourCast stores and manages access records to personal information processing systems for at least one year. However, when adding personal information for 50,000 or more data subjects, or processing unique identification information or sensitive information, such records are stored and managed for at least two years.
TourCast also uses security functions to prevent access records from being forged, altered, stolen, or lost.

6. Encryption of personal information
Users’ personal information, including passwords, is stored and managed in encrypted form so that only the user can know it. For important data, additional security functions are used such as encrypting files and transmitted data or using file-locking functions.

7. Technical measures against hacking, etc.
TourCast (“TourCast”) installs security programs to prevent leakage and damage of personal information due to hacking or computer viruses, regularly updates and checks them, installs systems in areas where access from outside is controlled, and monitors and blocks access technically and physically.

8. Access control for unauthorized persons
TourCast maintains a separate physical storage location for personal information and establishes and operates access control procedures for it.

9. Use of lock devices for document security
TourCast stores documents and auxiliary storage media containing personal information in a secure location with locking devices.

Article 9 (Installation/Operation of Devices that Automatically Collect Personal Information and Refusal Thereof)

TourCast does not use cookies that store and retrieve usage information of data subjects.

Article 10 (Collection/Use/Provision of Behavioral Information and Refusal, etc.)

Matters regarding the collection, use, provision, and refusal of behavioral information

The personal information controller does not collect, use, or provide behavioral information for online customized advertising, etc.

Article 11 (Standards for Determining Additional Use/Provision)

In accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act, TourCast may additionally use or provide personal information without the data subject’s consent by considering matters under Article 14-2 of the Enforcement Decree of the Personal Information Protection Act. Accordingly, TourCast considered the following in order to additionally use or provide personal information without consent.
▶ Whether the purpose of additional use/provision is related to the original purpose of collection

▶ Whether there is predictability of additional use/provision in light of the circumstances of collection or processing practices

▶ Whether additional use/provision of personal information unfairly infringes on the interests of the data subject

▶ Whether necessary measures for security, such as pseudonymization or encryption, have been taken

※ The criteria for considerations in additional use/provision are prepared and disclosed autonomously by each business/entity.

Article 12 (Matters Regarding Pseudonymized Information When Processed)

TourCast processes pseudonymized information for the following purposes.

▶ Purpose of processing pseudonymized information
- Personal information is processed for the purpose of distinguishing users on bulletin boards, etc.

▶ Processing and retention period of pseudonymized information
- Retained and used for the above purposes until the user requests withdrawal (account deletion).

▶ Provision of pseudonymized information to third parties (only if applicable)
- Not applicable.

▶ Entrustment of processing of pseudonymized information (only if applicable)
- Not applicable.

▶ Items of personal information to be pseudonymized
- Users may directly enter a nickname (alias).

▶ Measures to ensure the security of pseudonymized information pursuant to Article 28-4 of the Act (obligation to take security measures, etc.)
- The pseudonym (nickname) can be directly entered by the user.

Article 13 (Chief Privacy Officer)

① TourCast appoints a Chief Privacy Officer as follows to take overall responsibility for personal information processing and to handle complaints and provide remedies related to personal information processing.

▶ Chief Privacy Officer
Name: Kim Junhwa
Title: CEO
Position: CEO
Contact: 070-5101-9618, tourcast.help@gmail.com
※ Connected to the department in charge of personal information protection.

▶ Department in charge of personal information protection
Department name: Personal Information Protection Department
Contact person: Kim Junhwa
Contact: 070-5101-9618, tourcast.help@gmail.com
② Data subjects may contact the Chief Privacy Officer and the responsible department regarding all inquiries, complaints, and remedies related to personal information protection arising from using TourCast’s services (or business). TourCast will respond and handle such inquiries without delay.

Article 14 (Department Receiving and Processing Requests to Access Personal Information)
Data subjects may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the department below.
TourCast will endeavor to ensure that requests for access are handled promptly.

▶ Department for receiving/processing access requests
Department name: Personal Information Protection Department
Contact person: Kim Junhwa
Contact: 070-5101-9618, tourcast.help@gmail.com

Article 15 (Remedies for Infringement of Rights and Interests of Data Subjects)

Data subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc. For reporting or consultation on other personal information infringements, please contact the organizations below.

1. Personal Information Dispute Mediation Committee: 1833-6972 (without area code) (www.kopico.go.kr)
2. Personal Information Infringement Report Center: 118 (without area code) (privacy.kisa.or.kr)
3. Supreme Prosecutors’ Office: 1301 (without area code) (www.spo.go.kr)
4. National Police Agency: 182 (without area code) (ecrm.cyber.go.kr)

A person whose rights or interests have been infringed due to a disposition or omission by the head of a public institution in response to a request under Articles 35 (Access), 36 (Correction/Deletion), and 37 (Suspension of Processing, etc.) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.

※ For more information on administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).

Article 15 (Amendment of the Privacy Policy)

① This Privacy Policy is effective as of August 1, 2023.