1. What Personal Information We
Collect

STARINDEX, Inc. (the “Company”)
collects and uses mandatory information only for the purposes of rendering
efficient management of membership, customer consulting service, and all types
of services. The Company also collects and uses optional information to provide
customized service, and other various services.

  1. Items of Information to be collected
  • Mandatory Information(Upon signing up for
    membership):

    ID, name, email address, and some other information that the member
    agrees to give it to the company
  • Optional Information (It will be collected
    upon necessary, and the member may refuse to provide optional
    information, but in such case, the member may be restricted from
    accessing or using the services we provide.): Photo, residence,
    self-introduction, occupation, cell-phone number, phone number (house),
    facsimile number, external membership provider service ID, voucher
    number, approval number, contact number and photo of a third person
    stored in the mobile phone of a member
  • Following information may be automatically
    created and collected in the course of rendering or accessing the service
    we provide. Record on the use of the service, log file information (time
    and date that the member visits web site), Cookies and IP address,
    inappropriate using record, model and SN (Serial Number) of mobile phone,
    and mobile phone carrier
  1. How to Collect Personal Information

    We collect the member’s personal information through mobile phone
    application and website, external membership provider service login,
    written documents, facsimile, phone, use of service, feedback site and
    email, subscription for event, tools gathering created information, and
    change of membership information, etc.
  2. Consent to Personal Information Collection

    The member is considered to consent to this Privacy Policy and to give
    personal information by signup and login[Consent] in ComeUp service.
  3. The Company does not collect any sensitive
    information that may infringe on the basic human rights (ethnic group,
    ideology and creed, political bias and criminal record, health condition
    and sexual life, etc.) of a member.

2. Purpose of Collection and Use
of Personal Information

The personal information
collected is used for the following purposes. Any and all information provided
by the member will not be used for any purpose other than the purposes
described below, and in case that the purposes are changed, the Company will
obtain the prior consent from the member.

  1. Provision of Service

    Provision of contents and specific service on demand, delivery of products
    or invoice, verification of identity, purchase and payment, collection of
    fee
  2. Membership Identification and Management

    Confirmation and verification of identity, prevention of inappropriate use
    and unauthorized use by bad user, confirmation of membership intent,
    handling of customer complaint, and delivery of notice
  3. Utilization for marketing and advertisement,
    provision of customer information and personalized service in accordance
    with the development of new service and special event, provision of
    service in accordance with the demographic characteristics and publish of
    advertisement, identifying the access frequency or compilation of
    statistics on service use
  4. Notification of information that a member
    should know such as material changes and improvement of Company’s service,
    and announcement of new service

3. Period for Retention and Use
of Personal Information

The Company will retain and use
the personal information of a member for the time span from the membership
application date to the termination date of membership. In case that a member
withdraws his/her consent for collection and use of personal information, or in
case that the Company fulfills the purposes outlined in this Privacy Policy and
that the retention period hereunder is expired, the concerned personal
information will be destroyed immediately. In such case, the personal
information may not be either inspected or used for any other purposes.
However, the following information will be retained for a specified time only
for the causes described below.

Items to be retained: any and all
records of membership register and its management including name, nickname, gender,
date of birth, residence, personal introduction and photo, statement of
settlement and purchase and records of fee-based commercial service.

Reasons for retention: prevention
of confusion or interference in using the service, cooperation with the relevant
authority which investigates the illegal user, and settlement of
debtor-creditor relations between the Company and the Member

Retention period: 1 year

If any personal information of a member is required to be retained under the
applicable laws and regulations, the Company will keep the information for a
certain period of time.

Record of
indication/advertisement: 6months (Act on the Consumer Protection in the
Electronic Commerce Transactions, etc.)

Records of contract or withdrawal of subscription: 5years (Act on the Consumer
Protection in the Electronic Commerce Transactions, etc.)

Records of payment and supply of goods: 5years (Act on the Consumer Protection
in the Electronic Commerce Transactions, etc.)

Records of consumer complaint or handling of disputes: 3 years (Act on the
Consumer Protection in the Electronic Commerce Transactions, etc.)

4. Procedures and Method of
Destruction of Personal Information

After fulfilling the purposes of
collection and use of the personal information, the member’s personal
information will be discarded, in principle. Any personal information stored in
electronic files will be discarded using technical methods preventing
restoration thereof and the personal information printed on paper will be
discarded by method of shredding or incineration.

5. Provision of Personal
Information to Third Person

Personal information of a member
will be used to the extent of being described in the “Purpose of Collection and
Use of Personal Information”, and it cannot be used for other purposes without
the prior consent of the member, and opened to the public, in principle. Any
personal information will not be divulged or disclosed to a third person,
corporate or organization without the consent of a member. However, in cases
falling under any of the following, the Company may use or provide the personal
information with caution:

  • Where a member gives the prior consent for
    disclosure. The member may refuse to consent but in such case, he/she may
    be restricted in using the service.
  • Where the personal information is required
    for the performance of any contract related to the provision of service,
    but it is remarkably difficult to obtain normal consent due to
    economic/technical reasons
  • Where it is required under the applicable
    laws and regulations, or where it is required by the enforcement authority
    in accordance with the statutory procedures for the purpose of
    investigation
  • Where it is necessary for operation of new
    service to be rendered by the Company
  • Where it is provided to sponsor, affiliate or
    research institute, etc. in the form of non-identifiable information for
    the purpose of compiling statistics, conducting academic research or
    market research
  • Where it is requested in accordance with the
    procedures defined in the applicable laws and regulations

However, even in
case that any personal information is provided pursuant to applicable laws and
regulation or at the request of enforcement authority, the Company should
notify the concerned member of the fact, in principle. However, legal issues
may force the Company to omit notification to the concerned member. The Company
will exert our best efforts to prevent the personal information from being
disclosed or provided indiscreetly contrary to the intended purposes of
collection and use.

Provided however, even though the Company collects information related to the
use pattern of the service of the user using Google Analytics and user analysis
service, the Company will not disclose the information gathered to third
parties.

6. Entrustment of Management of
Personal Information

The Company may entrust an
outside company with the management of some of the personal information for
smooth process, and upon executing the consignment agreement, the Company
should stipulate the provisions about purpose and scope of entrustment,
prevention from handling personal information for the purpose other than that
entrusted, restriction on sub-entrustment, management and supervision of
trustee, measures for security and responsibility in the document, and supervise
whether the trustee handles the personal information entrusted in safe ways.

7. Matters about Installation,
Operation and Denial of Device for Automatic Collection of Personal Information

The Company may operate ‘Cookies’
which stores and finds the member’s information from time to time in order to
personalized service to the member. Cookies are used to operate the web site
server sent to a member’s browser as a very small text file, which is stored on
a member’s computer hard disk. Company (s) use cookies for the following
purposes:

Company provides targeted marketing and personalized services through analysis
of the frequencies of access and visiting-hour of the member and non-member,
the user's tastes and interests and identification of various events such as
participation rate and number of visits. You have a choice in the placement of
Cookies. Thus, by setting your web browser options you may allow all Cookies,
or confirm each time Cookie is stored, or you can refuse all Cookies stored.

How to reject Cookies set:

For example, as methods to reject Cookies, by setting your web browser options
you may allow all Cookies, or confirm each time a Cookie is stored, or you can
refuse all Cookies stored.

How to set (Internet Explorer only):

Web browser at the top of the tools> Internet Options> Personal
Information

However, if you reject the placement of Cookies, it may be difficult to provide
services which require log-on.

8. How to Exercise the Rights of
User

The member reserves the rights to
access, correct and delete personal information and to request the company to
suspend the handling of the information at any time. Upon request of the
member, the Company manages the member’s request without delay. However, upon
request, the Company deletes the personal information in accordance with the
procedures and method described in Section 4 hereof.

9. Linked Sites

The service provided by the
Company may contain links to other company’s web sites or data. In such case,
the Company does not reserve any rights to control the external web sites and
data, and thus the Company should not be liable for or guarantee the utility of
the service or data provided by outside company. In particular, if the member
clicks on the links contained and transfers to other web site, the privacy
policy of the concerned web site will be applied.

10. Technical and Managerial
Measures to Protect the Personal Information

In handling the personal
information of a member, the Company applies the technical and managerial
measures as follows in order to prevent loss, stolen, divulge, falsification or
compromise and to secure the safety.

  1. Encryption of personal information: Personal
    information of a member is protected by password, and important data is
    encrypted or locked so that all the files and transferred data are not
    read by other person.
  2. Technical measures against hacking: The
    Company operates system which blocks hacking and prevents personal
    information from being leaked or compromised and the Company also installs
    a system detecting external invasion and monitoring external access around
    the clock.
  3. Restriction on access to Personal Information
    Management System: The Company takes any and all necessary measures to
    control the access to the personal information by establishing criteria
    regulating the grant of accessibility to, changes and cancellation of the
    database system which is systematically composed to manage the personal
    information, and operating the regulations on creation method of password
    and cycle of its change.
  4. Education of Personnel in charge of Personal
    Information: The Company takes measures for efficient management of
    accessibility by limiting the number of the personnel managing personal
    information at the very least, providing training and education about
    acquisition of new security technology and obligation to protect the
    personal information on a regular basis and granting separate password to
    the member.
  5. Management of Personal ID and Password: ID
    and password of a member is used only by the member in principle. The
    Company shall not be liable for any damages incurred due to the member’s
    negligence in connection with the leaks of personal information including
    ID, password and email address and due to the inherent risks in Internet.

11. Civil Service about Personal
Information

The Company designates personal
information manager to protect customers' personal information and to handle
customer’s complaints regarding personal information.

The user may report any complaint related to Privacy Policy which occurs in the
course of using the Company’s service to the personal information manager, and
the Company will make prompt and sufficient response to the user’s complaint.

  • Personal information manager
  • Name: Wook Kim
  • Phone number: +82.2.6243.0771
  • Email address: cs@starindex.com

For report about
infringement on personal information or more consultation, please contact the
following agencies.

  • Private Dispute Resolution Committee
    (+82.1336)
  • Privacy Mark Certification Committee (+82.2.580.0533~
    4)
  • Internet criminal investigation center of
    Supreme Prosecutor Office (+82.2.3480.3600)
  • Cyber Terror Response Center of National
    Police Agency (+82.2.392.0330)

12. Miscellaneous

If the Company makes additions,
deletions and changes to any terms or conditions of this Privacy Policy in
accordance with the laws/ policy or changes in the security technology, such
changes will be notified through a post through the service or email 7 days
prior to the implementation of new Privacy Policy.

Addendum

This Privacy Policy was enacted on June 15, 2015.