EarthPaper Terms and Privacy Policy
The company collects the following personal information to provide this service. The company does not process personal information of children under the age of 14.
The company collects the minimum necessary personal information required for providing the service.-
When signing up for an EARTHPAPER account
(Required) Email, Password, Name, Nickname, Date of Birth, Company and Affiliated Institution
* The personal information collected at the time of registration will be retained until the membership is terminated. However, to minimize potential damages caused by unauthorized account termination or payment fraud—such as internal settlement issues or identity theft—the information may be retained for up to 30 days after a membership termination request.
-
When using paid services
When paying with a credit card: Card number (partial), card issuer name
When making a bank transfer: Account holder's name, account number, bank name
When paying with a mobile phone number: Mobile phone number, payment authorization number
* Personal information collected for payment is collected and stored by the payment gateway (PG) company, and the company only receives transaction details provided by the payment gateway company. -
When processing refunds
Bank name, account number, account holder's name, email address
* Personal information collected for payment is collected and stored by the payment gateway (PG) company, and the company only receives transaction details provided by the payment gateway company. -
When a cash receipt is generated
Mobile phone number, cash receipt card number
* Personal information collected for payment is collected and stored by the payment gateway (PG) company, and the company only receives transaction details provided by the payment gateway company. -
When providing customer support
When contacting and consulting with the customer center, additional information may be collected for consultation processing. Depending on the type of inquiry, additional personal information such as a mobile phone number may be required from you.
- · Phone Customer Service : (+82) 051-404-0331
- · Web Customer Service : earthpaper@naraspace.com
We generally inform users in advance and obtain their consent before collecting personal information. We collect personal information through the following methods
- When users agree to the collection of personal information and enter it directly during the membership registration and service usage process.
- When personal information is provided by partner services or organizations.
- During the consultation process through the customer center, including webpages, email, fax, and phone.
- Participation in events, promotions, or activities conducted online and offline.
In addition to the information provided directly by users, the company may also collect information during the process of users using the company's services.
List | Collected Items |
---|---|
Device Information | Device identifiers, operating system, hardware version, device settings, browser type and settings, usage information for websites and apps, phone number, etc. |
Log Information | IP address, log data, usage time, user-entered search terms, internet protocol address, cookies |
Other Information | User preferences, advertising preferences, visited pages, etc. in the user's service usage. |
In addition, for the smooth provision of services, the 'Company' may request additional information from users. However, the Company shall not be held liable for any damages incurred by the user due to the loss, theft, leakage, unauthorized third-party disclosure, or alteration of the user's personal information, including credit card or bank account details, unless such damages result from the Company's willful misconduct or negligence.
2. Use of Personal Information The company processes the collected personal information for the following purposes, and in case of any change in the purpose, it obtains the user's consent after providing detailed information about the changes.-
Provision of Services and Contract Performance
- To manage members and verify identities.
- To process payments for paid services, including payment and refunds.
- To handle complaints or inquiries from users.
- To improve user services and quality.
- To provide notices regarding service disruptions, changes in terms, and personal information usage history.
-
Developing and providing services that are more suitable for users.
- To develop new services or provide specialized services based on demographic characteristics.
- To plan and provide various customized content.
- To provide additional services directly or indirectly related to the main service.
-
Improving the service environment.
- To create an environment where users can use the service comfortably and safely.
- To investigate service errors and various bugs and improve them.
- To analyze the service usage environment and provide services considering user characteristics.
- To restrict the use of fraudulent registrations or malicious users.
- To investigate illegal activities and comply with relevant laws and regulations.
-
Delivering advertising and promotional information.
- To send notifications for events and promotions.
- To provide additional services and customized advertising based on demographic characteristics.
- To confirm the intention to participate in events or promotions and process information about participants.
However, there are exceptions in the following cases
-
When the user has given prior consent
If the company determines that it is necessary to provide the user's personal information to a third party, the company will inform the user of who will receive the personal information, what personal information will be provided, and for what reasons before obtaining separate consent. If the user does not agree, the personal information will not be provided to the third party.
- When required by law or when there is an obligation to submit to investigative agencies according to the procedures and methods specified by law for investigative purposes.
The Company outsources personal information processing tasks to the following subcontractors, and the details of the outsourced tasks are as follows
The name of the subcontractor | The contents of the outsourced tasks are as follows |
---|---|
StepPay | The outsourced tasks include payment processing and the operation of the payment system. |
Amazon Web Services Inc. | The outsourced tasks involve the operation and management of cloud servers. |
Stibee | managing email delivery systems, as well as external email delivery systems. |
Users are informed and obtain separate consent regarding the recipients and the countries to which personal information will be transferred overseas.
5. Retention and Use Period of Personal Information The company retains and uses the user's personal information during the agreed-upon period and follows the principle of disposing of it when the purposes of collecting and using personal information are achieved or when the retention period expires.However, in order to minimize damage caused by internal accounting processes, unauthorized use of personal information, unwanted member withdrawals, payment fraud, and similar situations, the company may temporarily retain information for a maximum of 30 days after receiving a withdrawal request. After this period, the information will be permanently destroyed in an irreversible manner.
Regarding the following information, it will be retained for a specific period based on the stated reasons and will not be used for purposes other than those specified.
-
Consumer Protection in Electronic Commerce Act
- Records related to display and advertisements: 6 months
- Records related to contracts or withdrawal of subscriptions: 5 years
- Records related to payment and supply of goods, etc.: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
-
Act on the Protection of Communications Secrets
- Records of service usage, including logins: 3 months
-
Reasons for Separation and Retention of Personal Information for Inactive (Dormant) Accounts
The company will permanently destroy the accounts and personal information of users who have not used the service for 2 years following their last login, in accordance with the Personal Information Protection Act and personal information retention expiration. In this case, we will notify users at least 30 days before the expiration date of personal information validity and its transition to dormant status. If you wish to continue using the services provided by the company, we kindly request that you re-use the service within 30 days after your last login.
-
Reasons for Information Retention According to Company Internal Policy
The company may retain personal information collected for events or promotions for a maximum of 1 year. However, the specific duration may vary for each individual event or promotion, and the period specified during each individual event or promotion will take precedence.
The procedure and method for personal information destruction are as follows
-
Destruction Procedure
Personal information is destroyed according to the '6. Personal Information Retention and Use Period' after the purposes of personal information use have been achieved.
-
Destruction Method
For printed materials, they are shredded or incinerated. For electronic files, they are permanently deleted using irretrievable technical methods.
The 'Company' does not provide services to children under the age of 14. If it becomes aware that a user under 14 years old is using the service, the Company will immediately restrict or delete the account in question.
Users have the right to access, correct, delete, restrict processing, withdraw consent, and object to automated decision-making regarding their personal information at any time (hereinafter referred to as "Exercise of Rights"). If a user requests account withdrawal or processing suspension, the 'Company' will take the necessary measures accordingly.
-
Users can exercise the following rights at any time with respect to the company
- Right to request access to personal information
- Right to request correction of personal information errors
- Right to request the suspension of personal information processing
- Right to request the deletion of personal information or membership withdrawal processing
- Right to Object to or Request an Explanation of Automated Decisions
- Users can exercise the rights specified in Section 1 through the Company's main phone number, email, or written communication. For any privacy-related inquiries, they may also contact the Data Protection Officer or the Personal Information Grievance Handling Department at earthpaper@naraspace.com. The 'Company' will take the necessary measures upon receiving a user request to exercise their rights.
- If users request corrections, processing suspensions, or deletions of personal information, the company will not use the relevant personal information or provide it to third parties until the necessary actions are completed.
- If users request the deletion of personal information or membership withdrawal, the company processes the relevant personal information in accordance with the provisions of "6. Personal Information Retention and Use Period" and ensures that it cannot be accessed or used for other purposes. If there are legitimate reasons for the company to refuse access or correction requests for all or part of the personal information, the company will notify the requestor and provide an explanation for such reasons.
- Rights may also be exercised through a legal representative or an authorized agent of the data subject. In such cases, a power of attorney, as prescribed in Form No. 11 of the "Public Notice on the Methods of Processing Personal Information," must be submitted. The 'Company' will verify whether the person exercising the rights is the data subject themselves or a legitimate representative.
- The right of users to request access to or suspension of the processing of their personal information may be restricted under Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act.
- You may not request the deletion of personal information if its collection is explicitly required by other applicable laws.
-
The company uses "cookies" for the purpose of providing users with customized services and enhancing the
convenience of the website environment. Users have the option to refuse cookies.
-
What are Cookies?
-
Cookies are very small text files sent by the server operating a website to the user's browser, which are
stored on the user's computer hard drive. When users use the company's services, the server reads the contents
of the cookies stored on the user's computer to verify the user's information.
-
Purpose of Using Cookies
- The company uses cookies to analyze factors such as user service access frequency, visit times, and visit counts. Additionally, it aims to understand user preferences, interests, and other related information. These insights are used to provide personalized services to users.
-
Installation and Operation of Cookies
- Users have the voluntary right to allow or disallow cookies by changing the options in their web browser.
- If you do not allow the use of cookies, you may encounter difficulties in using certain services provided by the company.
-
Cookie Settings and Rejection Methods
- Users can autonomously change their web browser's options to prevent the collection of cookies.
- For Internet Edge: [Tools] → [Internet Options] → [Privacy] → [Advanced]
- For Chrome: [⋮] (upper right corner of the web browser) → [Settings] → [Privacy and Security] → [Cookies and other site data]
※ For other web browsers, the settings may vary according to each browser's specific methods.
-
What are Cookies?
-
The Company may use various external web analytics tools to track, evaluate, and improve website visits and email
marketing. Users have the right to opt-out of the use of their data. The opt-out methods will adhere to the specific
procedures for each analytics tool.
CookieName Provider Purpose HubSpot HubSpot We use user data to provide, maintain, and improve our services, to offer support, and to prevent or address technical or security issues. HubSpot's privacy policy can be viewed here .
※ For additional information on the use of HubSpot cookiesGoogle Analytics Google Content reports help identify the best-performing areas of the website and the most popular pages to create a better experience for customers. Google's privacy policy can be viewed here .
※ For additional information on the use of Google cookiesGoogle AdSense Google We use Google Analytics to collect information about how our website is used. The purpose is to understand if the website meets users' needs and how it can be improved. Google's privacy policy can be viewed here.
※ For additional information on the use of Google cookies
The company complies with regulations regarding the protection of personal information, including the 'Personal Information Protection Act' and the 'Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.'
However, in cases where the company has fulfilled its obligation to protect personal information but issues arise due to insufficient security management of the user's PC or the user's own negligence resulting in the leakage of passwords, important information, or personal information, the company assumes no responsibility.
-
Technical Measures
- The company securely stores the password and personal information specified by relevant laws, which users enter during registration, by encrypting them through tokens and SSL certification. The encrypted password can only be known by the user, and the confirmation and modification of personal information can only be performed by the user.
- The company encrypts communication channels internally and externally to protect personal information during transmission over the network.
- To prepare for unforeseen circumstances, the company regularly backs up personal information and takes necessary security measures, including the use of antivirus programs, to prevent unauthorized leakage or tampering of user's personal information due to hacking, viruses, or other threats.
- We employ intrusion prevention systems to control unauthorized access from external sources, and we continuously review and improve our personal information protection compliance program in line with changes in the social and business IT environment.
-
Administrative Measures
- The company restricts access rights and personnel for personal information to a minimum, and limits the personnel who can process personal information to the following categories:
- Personnel who directly handle tasks related to addressing complaints, grievances, inquiries, and responses with users
- Personnel who oversee, manage, or supervise tasks related to personal information.
- Individuals responsible for managing events, promotions, or marketing-related tasks.
- Individuals responsible for developing, maintaining, and operating the personal information processing system.
- Individuals for whom the processing of personal information is unavoidable during the course of their duties.
- The company conducts regular annual privacy protection training for individuals involved in processing personal information and subcontractors.
- The company ensures compliance with its privacy policy and the protection of personal information by using internal (individual) information protection departments or similar entities. In case any issues are identified, the company takes immediate corrective measures to address and rectify them.
-
Physical Security Measures
- The company stores documents and removable storage media containing personal information in secure locations with locking mechanisms.
- The company implements physical access controls for personal information processing systems and has established and follows procedures.
If the company provides services to users within the European Union, the following may apply
-
Purpose and Legal Basis for Processing Personal Information
EARTHPAPER only uses collected personal information for the purposes stated in '3. Use of Personal Information' and obtains prior consent from users after informing them of this fact.
-
Under the GDPR and similar regulations, EARTHPAPER may process user's personal information in the following
circumstances
- Consent of the data subject
- In order to enter into and fulfill a contract with the data subject
- For compliance with legal obligations
- For the vital interests of the data subject
- For the legitimate interests pursued by the company
-
Under the GDPR and similar regulations, EARTHPAPER may process user's personal information in the following
circumstances
-
Ensuring the Rights of Users within the European Union
Under GDPR and similar regulations, users have the right to request the transfer of their personal information to another controller and can also request the refusal of their information processing. Users also have the right to file complaints with data protection authorities.
EARTHPAPER may use personal information for marketing purposes, such as events and advertising, with the user's prior consent. Users can withdraw their consent at any time if they do not wish to receive such communications.
Requests related to the above can be made by contacting our customer support via mail, phone, or email, and we will take the necessary actions. If you request a correction to your personal information, we will not use or provide it until the correction is completed.
-
Users can report complaints regarding personal information related to the company's services to the Complaints
Handling Department or Data Protection Officer of the company. The company will provide a prompt response as soon as
the report is received.
Privacy Protection Officer and Responsible Department
- · Personal Information Protection Manager: Jaepil Park (CEO)
- · Personal Information Protection Officer: Dongmin Lee (Team Leader)
- · Contact: +82) 051-404-0331
- · Email: earthpaper@naraspace.com
-
If you require assistance with any other matters related to personal information, you can seek help from the
following organizations.
- · KISA Report Center for Personal Information Breach : privacy.kisa.or.kr / (Toll free)118
- · Cyber Crime Investigation, Supreme Prosecutors' Office : www.spo.go.kr / (Toll free)1301
- · National Police Agency Cyber Bureau : https://ecrm.cyber.go.kr / (Toll free)182
- · Personal Information Dispute Mediation Committee : kopico.go.kr / (Toll free)1833-6972
This Privacy Policy will take effect on June 09, 2025.
- · Notification Date : May 09, 2025
- · Enforcement Date : June 09, 2025