Privacy Policy
Please review the key policies and terms applicable to Paystory services.
Privacy Policy
Pay Story Co., Ltd. (hereinafter referred to as the "Company") values the personal information of its users and complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, and the Use and Protection of Credit Information Act.
The Company has established this Privacy Policy in accordance with applicable laws and regulations and is committed to protecting the rights and interests of its users.
1. Purpose of Collection and Use of Personal Information
The Company collects and uses personal information for the following purposes:
• Identification and verification of users, membership management, execution, maintenance, and termination of service agreements, and delivery of contractual documents.
• User identification, authentication, real-name verification, and the provision of notices and announcements during the service process.
• Prevention of fraudulent transactions and unauthorized use.
• Confirmation of user consent or withdrawal required for service provision and related business operations.
• Analysis of service usage frequency, provision of services based on demographic characteristics, and customer relationship management (CRM).
• Registration of merchant information required for each payment method used in providing services.
• Sending emails related to consumer protection laws and regulations.
• Providing customized services, delivering promotional information (including payment notification emails), displaying advertisements based on statistical characteristics, conducting marketing activities, and notifying users of events and promotions provided by the Company.
• Providing payment information and personal information retention records to the issuer of the payment method contracted by the user for purposes including payment authorization, customer support, and other related business operations.
• Compliance with legal obligations under the Act on Reporting and Using Specified Financial Transaction Information and its Enforcement Decree, including customer due diligence (CDD), reporting of specified financial transactions, and identity verification.
* Payment Method Issuers
| Category | Issuing Institution |
|---|---|
| Credit Cards | KB Kookmin, BC Card, Lotte Card, Samsung Card, NH NongHyup Card, Hyundai Card, Shinhan Card, Hana Card, Woori Card, and others. |
| Bank Transfer | Kyongnam Bank, Kwangju Bank, KB Kookmin Bank, IBK Industrial Bank of Korea, NH NongHyup Bank, Daegu Bank, Busan Bank, Korea Development Bank, MG Community Credit Cooperatives, National Federation of Fisheries Cooperatives, Shinhan Bank, National Credit Union Federation, Korea Exchange Bank, Woori Bank, Korea Post, Jeonbuk Bank, Jeju Bank, Hana Bank, Citibank Korea, Standard Chartered Korea, National Forestry Cooperative Federation, K Bank, KakaoBank, other financial institutions, Yuanta Securities, Mirae Asset Securities, Samsung Securities, Shinhan Investment, Korea Investment & Securities, Hanwha Investment & Securities, and the Korea Financial Telecommunications & Clearings Institute (KFTC). |
| Virtual Account | IBK Industrial Bank of Korea, Woori Bank, Shinhan Bank, Hana Bank, SettleBank Co., Ltd. |
| Mobile Payment | SK Telecom Co., Ltd., KT Corporation, LG Uplus Corp., Danal Co., Ltd. |
| Cash Receipt | National Tax Service (NTS) |
| Identity Verification | NICE Information Service Co., Ltd., SettleBank Co., Ltd. |
| Simple Payment | Kakao Pay Corp., NHN Corp., SSG.COM Corp., NHN PAYCO Corp., Samsung Electronics Co., Ltd., Naver Financial Corp., Tenpay Payment Technology Co., Ltd. |
| Gift Certificates | Korea Culture Promotion Inc., Korea Pays Service Co., Ltd., Happy Money Inc. |
2. Personal Information Collected and Methods of Collection
1) Personal Information Collected
A. Required Information
• Identity verification number (Resident Registration Number, Driver's License Number, Alien Registration Number, or Passport Number)
• Name (representative, person in charge, and beneficial owner), contact information (telephone/mobile number and email address of the representative or person in charge), nationality (representative and beneficial owner), date of birth (representative and beneficial owner), representative's address, business information (business type, online store URL, contact information, address), gender of the beneficial owner (for sole proprietorships), settlement account information (bank name, account holder, account number), representative telephone number, user ID, password, and information relating to transactions for goods or services.
• Payment information (information provided by the user through the Company's payment services when purchasing goods or services from a merchant, including credit card number, card expiration date, cardholder name, bank account number, mobile phone number, landline telephone number, and other payment-related information.)
In addition to the personal information listed above, additional information such as IP address, MAC address, cookies, email address, service access date and time, service usage history, abnormal or fraudulent usage records, and payment records may be automatically or manually collected during the course of using the services.
B. Optional Information
• Information contained in contractual documents or voluntarily provided by the customer, other than the required information.
• Address, fax number, and other optional contact information.
2) Methods of Collecting Personal Information
The Company collects personal information through the following methods:
• Information directly provided by users through the Company's website (including new service application forms), written documents, fax, email, payment windows for electronic financial services, or through business partners with whom the Company has entered into partnership agreements.
• Information generated during customer support consultations via mobile applications, web pages, email, fax, telephone, or offline channels.
• Information automatically collected during the use of the Company's services.
* Payment Method Issuers
• Credit Cards: KB Kookmin Card, BC Card, Lotte Card, Samsung Card, NH NongHyup Card, Hyundai Card, Shinhan Card, Hana Card, Woori Card, and other credit card companies.
• Bank Transfer: Kyongnam Bank, Kwangju Bank, KB Kookmin Bank, IBK Industrial Bank of Korea, NH NongHyup Bank, Daegu Bank, Busan Bank, Korea Development Bank, MG Community Credit Cooperatives, National Federation of Fisheries Cooperatives, Shinhan Bank, National Credit Union Federation, Korea Exchange Bank, Woori Bank, Korea Post, Jeonbuk Bank, Jeju Bank, Hana Bank, Citibank Korea, Standard Chartered Korea, National Forestry Cooperative Federation, K Bank, KakaoBank, other domestic banks, Yuanta Securities, Mirae Asset Securities, Samsung Securities, Shinhan Investment, Korea Investment & Securities, Hanwha Investment & Securities, and the Korea Financial Telecommunications & Clearings Institute (KFTC).
• Virtual Accounts: IBK Industrial Bank of Korea, Woori Bank, Shinhan Bank, Hana Bank, SettleBank Co., Ltd.
• Mobile Payment: SK Telecom Co., Ltd., KT Corporation, LG Uplus Corp., Danal Co., Ltd.
• Cash Receipt Issuance: National Tax Service (NTS)
• Identity Verification: NICE Information Service Co., Ltd., SettleBank Co., Ltd.
• Simple Payment Partners: Kakao Pay Corp., NHN Corp., SSG.COM Corp., NHN PAYCO Corp., Samsung Electronics Co., Ltd., Naver Financial Corp., Tenpay Payment Technology Co., Ltd.
• Gift Certificates: Korea Culture Promotion Inc., Korea Pays Service Co., Ltd., Happy Money Inc.
3. Provision of Personal Information to Third Parties
The Company uses users' personal information only within the scope described in the Purpose of Collection and Use of Personal Information. The Company does not use personal information beyond such scope or disclose it to third parties without the user's prior consent, except as otherwise required by applicable laws.
Exceptions include the following cases:
• Where the user has given prior consent to the disclosure of his or her personal information to a third party.
• Where disclosure is required by applicable laws or regulations, or where requested by investigative authorities in accordance with legally prescribed procedures for investigative purposes.
• Where personal information is provided to business partners in a form that does not identify any individual for the purpose of providing personalized advertising services.
When the Company provides personal information to a third party, it will notify users in advance of the following matters and obtain their explicit consent:
• Recipient of the personal information
• Purpose of use
• Categories of personal information to be provided
• Retention and use period
The Company currently provides personal information to the following third parties for the purpose of providing its services:
| Recipient | Purpose | Personal Information | Retention and Use Period |
|---|---|---|---|
| Credit card companies (KB Kookmin, BC Card, Lotte Card, Samsung Card, NH NongHyup Card, Hyundai Card, Shinhan Card, Hana Card, Woori Card), banks, and VAN providers (NICE Information & Telecommunication, KIS Information & Communications, KOVAN, etc.) | Credit Card Payment Processing | Payment Information |
Personal information will be destroyed without delay once the purpose
of collection and use has been fulfilled. (However, where retention is required under applicable laws or regulations, such information will be retained for the period prescribed by law.) |
| Korea Financial Telecommunications & Clearings Institute (KFTC), Banks, and Securities Companies | Bank Transfer Processing | Payment Information | |
| IBK Industrial Bank of Korea, Woori Bank, Shinhan Bank, Hana Bank, SettleBank Co., Ltd. | Virtual Account Payment Processing | Payment Information | |
| SK Telecom Co., Ltd., KT Corporation, LG Uplus Corp., Danal Co., Ltd. | Mobile Payment Processing | Payment Information | |
| National Tax Service (NTS) | Cash Receipt Issuance | Payment Information | |
| SettleBank Co., Ltd., KG Mobilians Co., Ltd. | Identity Verification | Payment Information | |
| Kakao Pay Corp., NHN Corp., NHN KCP Corp., SSG.COM Corp., NHN PAYCO Corp., Samsung Electronics Co., Ltd., Lotte Members Co., Ltd., Naver Financial Corp., Tenpay Payment Technology Co., Ltd., Korea Culture Promotion Inc., Korea Pays Service Co., Ltd., Happy Money Inc., Korea Financial Intelligence Unit (KoFIU) | Simple Payment Services, Gift Certificate Payments, Customer Due Diligence (CDD) | Payment Information |
4. Procedures and Methods for Destruction of Personal Information
As a general rule, the Company destroys users' personal information without delay once the purpose for which it was collected and used has been fulfilled. Personal information may also be destroyed upon the user's request.
The procedures and methods for destroying personal information are as follows:
1) Destruction Procedures
The Company identifies personal information subject to destruction and destroys it upon approval by the Company's Chief Privacy Officer.
2) Destruction Methods
• Personal information printed on paper is destroyed by shredding or incineration.
• Personal information stored in electronic files is permanently deleted using technical methods that prevent the recovery or restoration of the data.
5. Rights and Obligations of Users and Their Legal Representatives
Users may request access to their personal information held by the Company at any time and may request correction or deletion if such information is inaccurate.
If a user requests correction of personal information, the Company will not use the relevant information until the correction has been completed. If deletion is requested, the Company will promptly destroy the personal information so that it can no longer be used for any purpose.
These rights may also be exercised by a legal representative or an authorized agent of the data subject. In such cases, a power of attorney must be submitted using Form No. 11 attached to the Notice on the Methods of Processing Personal Information (Notice No. 2020-7).
• Requests for access to or suspension of the processing of personal information may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act.
• Personal information that is required by other applicable laws to be collected may not be subject to deletion requests.
The Company does not knowingly collect personal information from children under the age of 14. Where the collection of a child's personal information is required, the Company will obtain prior consent from the child's legal representative. The legal representative may request access to, correction of, or deletion of the child's personal information by written request, telephone, email, or fax, and the Company will promptly take the necessary measures.
6. Measures to Ensure the Security of Personal Information
1) Administrative Measures
• Appointment of a Chief Privacy Officer and operation of a personal information protection organization.
• Establishment and regular review of internal personal information protection policies.
• Regular education, supervision, and management of personnel handling personal information.
2) Technical Measures
• Encryption and secure storage of personally identifiable information and personal information.
• Access control management and operation of access control systems.
• Prevention of tampering with access logs and periodic security inspections.
• Installation of security software to protect against hacking attempts and malicious software.
3) Physical Measures
• Installation of access control systems for critical facilities such as server rooms.
• Restriction of unauthorized access and maintenance of access records.
7. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
The Company uses cookies to improve users' convenience when using its services.
A cookie is a small text file that is stored on a user's computer through the web browser when the user visits a website.
Users may configure their web browser settings to manage cookies in the following ways:
• Accept all cookies
• Prompt before storing cookies
• Block all cookies
Example (Google Chrome):
Settings → Advanced Settings → Privacy and Security → Cookies
8. Privacy Officer and Complaint Handling Information
Users may contact the person or department below for inquiries regarding personal information protection, complaints, and remedies for damages related to personal information.
1) Privacy Officer
| Name | Dong-Sik Oh |
|---|---|
| Position | General Manager |
| Phone Number | 1660-3171 |
| it@pay-story.co.kr |
2) Complaint Handling Department
| Department | Information Technology Division |
|---|---|
| Phone Number | 1660-3171 |
| it@pay-story.co.kr |
9. Remedies for Infringement of Data Subject Rights
If users require consultation or assistance regarding damages caused by personal information infringement, they may contact the following organizations:
• Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
• Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
• Supreme Prosecutors' Office Cyber Crime Investigation Division: 1301 (www.spo.go.kr)
• National Police Agency Cyber Investigation Bureau: 182 (ecrm.cyber.go.kr)
10. Amendments to the Privacy Policy
This Privacy Policy shall become effective from the effective date stated below. If any additions, deletions, or modifications are made due to changes in applicable laws, regulations, or Company policies, such changes will be announced through notices on the Company's website prior to implementation.
Effective Date: March 2, 2024
[View Previous Privacy Policy] Applicable from October 28, 2020 to March 1, 2024