Privacy policy

Article 1 (General Rules) 
Albam services (hereinafter ‘Service’) including Albam Time & attendance, Albam Time & attendance plus+, Albam Payroll automator of Blue Night Co. Ltd., (hereinafter referred to as ‘Company’) always values the member’s personal information and makes all efforts to protect the member’s personal information. 
With regards to privacy, the Company in accordance with 「Acts on Promotion of Information and Communications Network」, 「Privacy Protection Act」, establishes and complies with the 「Privacy Statement」 and this is published at the bottom of the first page of the Albam website (www.albam.me), so that the member can access it anytime. 
In the following statements, the general details on the collection and use of personal information that is provided through Albam Service until termination, is provided, and while the details of the Albam Service’s 「Privacy Statement」 may be amended depending on the relevant Acts or the Company’s management policies, the amended details will be published through the Company website.

 

Article 2 (Agreement on Collection and Use of Personal Information) 
The Company collects the minimum amount of personal information needed to establish and implement the Service Use Agreement using lawful and just methods, and in order to collect information that can be used to identify the user, the Company shall provide details for the consent of the collection and usage of personal information; and once the member carries on with the registration process after clicking or checking the ‘I Agree’ button, it will be considered that the member has agreed to the collection and use of the personal information. Also, the Company may use the website to link to other material or websites of other companies for the member. In such cases, the materials on other companies’ websites are unrelated to the Company’s ‘Privacy Statement’, and therefore, please check the ‘Privacy Statement’ of the new website you are visiting. 

 

Article 3 (Scope of Personal Information Collected and Collection Method) 
1. The Company shall collect the following personal information for registration, consultation, Service registration and to carry out the contract. The scope of personal information that is collected for members using Albam’s free of charge Service is as follows. 
– Required: ID (E-mail or cell phone number), password, user authentication information (verification via E-mail or cell phone number), date of birth 
2. When the member wishes to use the charged Service, the Company shall collect the following information needed to make the payment at the time of payment. 
– Payment method owner’s information (name), credit card information, cell phone number, landline number, CMS registration details, business registration certificate, copy of a bank statement 
3. When the member takes part in an event or promotion, the Company shall collect the following information. 
– Name, E-mail, address, cell phone number, workplace name, workplace address 
4. In an event where age verification or personal authentication for complying with the law is required, the following information shall be collected. 
– Name, date of birth, gender, whether resident or alien, i-PIN number (if i-PIN user), cell phone number, connection information (CI), duplicate verification information (DI) 
– However, minors under the age of 14 (hereinafter “Child”) are not allowed to register, consult, or apply for the Service. 
5. While using the service, the following information may be created and collected. 
– PC: Browser information, program version information when using other Services 
– Cell phone (smartphone) & Smart OS installed mobile devices (Tablet PC etc.): Model name, unique device ID (UDID etc), OS details, advertisement ID, details of the application installed on the user’s device (including application installation date and time of operation) 
– Other information: Service use (termination) records, log in records, cookies, connection IP details 
6. The Company may use the following methods to collect the personal information. 
– Using the website, or written forms, entry form for a free gift event, delivery request 
– Provided by an affiliated company 
– Collection using tools for collecting created information 
7. Personal information with concerns of basic human rights violations (race and ethnic group, belief and articles of faith, political disposition and criminal records, health status and sexual life etc.) shall not be requested and the above information is collected and used for no other reason and purpose than what has been stated in the clauses. 

 

Article 4 (Personal Information Collection and Purpose of Use) 
The Company shall use the collected personal information for the following purposes. 
1.  To calculate the charges for using the charged Service to carry out the agreement regarding the offered Service. 
Offer Services and to charge the amount for charged Services, to make payment of purchases or charges, for personal authentication, to ship the provided devices or networks, to post invoices, to collect payment etc. 
2. Manage Member 
Member verification, individual identification, prevention of illegal use or unauthorized use by noncompliant members, duplicate registration verification, confirmation of intention to join, verification of age, verification of business operator, preservation of records to resolve disputes, customer service such as handling complaints and delivering notices that occur when using the membership Service. 
3. Use for Marketing and Advertisements 
Developing new Services and providing customized Service, providing Services according to statistical characteristics and publishing advertisements, efficient provision of Services linked to other partner companies (accountants, tax accountants and certified labor attorney), verify validity, assess log in frequency, statistics on the member’s Service use, providing advertisement information and a chance to participate in events. 

 

Article 5 (Details on Installing and Managing Automatic Collection Devices of Personal Information) 
1.  When you first join the Service or while using the application and web Service, the Company is required to collect the member’s cell phone number, name and surname of the member, details of the devices such as smartphones (OS version and device information), E-mail and password etc., when using the Service. During this process, when using the cell phone verification method, the cell phone number is collected by using the same person identification (CI) and the Service’s same person identification number (DI), and when using the E-mail verification method, only the E-mail details that have been entered in are collected. Also, date of birth and photo (including meta-information), and registered workplace’s location information are collected as an option. In addition, when using charged Services, while using the Service, or during the business process, location information (checking whether the corresponding device is within the Bluetooth signal range through the Beacon) or cookie information might be created automatically and collected. 
Also, when using the charged Service, for shipping (name, cell phone number, address, workplace name and workplace address) and workplace verification, business license certification information is collected and while you are using the charged Service, when required for inevitable circumstances, to make a payment etc., information needed to make the payment such as credit card information, user details for CMS (Cash Management System) registration, details of the telecommunications company, unique number and account information for creating a tax invoice etc., may be collected. While using the Service or managing the business, the Service use records, login connections, connected IP details, workplace sales records, records of payment of wages, sanctions and suspension of Service records, details regarding interruption of Service may be created and collected. These types of personal information may be collected while running or using the Service program or provided by joint ventures or using the collection tool of created information. 
2. The Company may install and manage cookies that store and search for member’s details through the internet. Cookies are character string information (text file) that the web server sends to the web browser which are then stored and sent back to the server when there are additional requests and are stored in the member’s hard disk, and cookies may include website information and user information. When the member logs on to the website, the cookies in the member’s browser are read and will start searching for additional information without the need of additional inputs such as names related to the log on information, to be able to provide the Service. 
3. The member has a choice whether to install the cookies, and by configuring the web browser settings, can either allow all cookies, or ask for confirmation whenever cookies are stored, or can reject all cookies. However, if the member has set to reject all cookies, there may be difficulties when accessing the Service. 
First. How to allow/disallow cookie installation 
(1) Choose [Internet Options] from the [Tools] menu. 
(2) Click and open the [Personal Information Tab]. 
(3) Choose settings for [Internet Zone]. (However, if you have rejected cookie installation, Services requiring the member to login may not be available.)   
Second. How to view cookies   
(1) Click [Tools] on the [Task Bar]. 
(2) Select [Internet Options]. 
(3) Click [Settings] from the [Basics Tab (Default Tab)]. 
(4) Choose [View File]. 
4. Cookies expire when closing the browser or logging out. 
5. The only information that the Company collects through the cookies, is the member’s Unique number (User ID), and no other information is collected. The member’s unique number that the Company collects through cookies may be used for the following purposes. 
(1) Providing differentiated services to match the individual’s area of interest   
(2) To use it for target marketing purposes by assessing the user’s interests and preferences by analyzing log in frequency of members and non-members or the amount of time spent 
(3) Use as a scale to reorganize the Service to provide customized Service through tracking and analyzing Service use records 
(4) To notify period of use when using charged Services 

 

Article 6 (Entrustment of Processing Collected Personal Information) 
n order to provide a better Service, the Company has entrusted the personal information processing to a third party, and when agreeing to the above Privacy Statement, it is considered that you have agreed to the entrustment of the processing of the collected information. 
Entrusted Company | Contents of Entrusted Work | Possession of Personal Information and Period of Use 
LG U Plus Co. Ltd. | Management / consultation using the customer center platform or using main number | When withdrawing membership or until contract of entrustment has terminated 
NICE Payments Co. Ltd. / NICE Information and Telecommunications, Inc. | Agency for payment via credit card and CMS | Stored for 5 years starting from the date of payment 
ePost (Post office delivery) | To ship the rental device | Stored for 30 days after shipping is complete 
BGF Post Co. Ltd. (CJ Logistics Co.) | To return the rental device | Stored for 30 days after shipping is complete 
Café 24 corp. | To manage using SMS sending system platform | When withdrawing membership or until contract of entrustment has terminated 
Amazon Web Services, Inc. | Information System (Server, DB, Network) | When withdrawing membership or until contract of entrustment has terminated 
Delphicom Co. Ltd. | To use 050 business call service | When withdrawing membership or until contract of entrustment has terminated 

 

Article 7 (Providing and Sharing Personal Information) 
1. The Company shall not use the member’s personal information in ways that go beyond the scope stated in the Privacy Statement, or share personal information with any third party (others, other company or other organizations). However, when the member has agreed or in any event corresponding to the following, it shall be considered as an exception. 
– The Member has agreed to a prior consent form 
– When needed for calculating charges following the provision of the Service 
– When requested by authorities for investigation, cases or administrative purposes on the grounds of relevant Acts 
– When provided after processing the data so that the individual cannot be identified, for statistics, academic research or market research purposes 
– When requested for procedures in accordance with the 「Real Name Financial Transactions Act」, 「The Use and Protection of Credit Information Act」, 「Framework Act on Telecommunications」, 「Telecommunications Business Act」, 「Local Tax Act」, 「Bank of Korea Act」, 「Criminal Procedure Act」 and other relevant laws 
2. When transferring the whole or part of the business, or transfer or succession of the rights and obligations of the Service provider due to amalgamation / inheritance, in order to provide better Service to the member, these situations must be announced to the member to guarantee the member’s rights relating to personal information. 
3. When the Company needs to provide the member’s personal information to a third party including another company to provide better Services, the Company must provide and share information about the affiliated company, which personal information categories shall be shared or provided, the purpose that the provided or shared personal information will be used for, until when the information will be shared and how it will be managed and protected, and request for consent, and any information that has not been agreed upon shall not be provided to the third party or shared with the third party. In this case, the Company shall use the website’s notice board to announce and receive consent, at least seven (7) days prior to the event and at the same time shall individually publish these notices using the notice screen on the application/web and E-mail one (1) or more times or receive consent using the website, written form, telephone or E-mail etc. However, for events where it is impossible to give prior notification, provision and sharing may occur at the same time that the announcement is made. The Company shall make all efforts to prevent the member’s personal information from being indiscreetly provided against the original collection and use purposes stated in the Privacy Statement. 

 

Article 8 (Period for Keeping and Using Personal Information) 
1. The user’s personal information that has been provided shall be destroyed as soon as the purpose for which it was collected or provided has been achieved. The personal information of members who have canceled membership or who have been forced to delete their member ID due to false entry of personal information will be completely deleted so that it cannot be used in any other way. However, there may be cases where membership is canceled due to ID theft, or other unexpected damages, in which case, the personal information shall be kept during the grace period which is 30 (thirty) days after cancellation of membership and this is notified when the use of Service is canceled. After 30 (thirty) days, it will be completely deleted from the Company’s member information database (DB) 
2. The copy of your ID card which was used to verify identity when handling disputes that occur due to illegal use of another’s name shall be destroyed as soon as identity is confirmed. 
3. The user’s personal information shall be destroyed immediately as soon as the collection and use purposes have been accomplished, and only in events corresponding to the following, may it be kept for the period of time stated, and shall not be used for any other purpose. 
(1) Reasons for Holding Information in Accordance with the Company’s Internal Policies 
– Records of abusing Service 
– Reason: To protect other members or to request for investigation by law enforcement institutes 
– Period: 1 Year 
(2) For reasons in compliance with relevant Acts if personal information needs to be kept, even after the collection and use purposes have been accomplished, the Company shall keep the information for the period of time determined by the relevant Acts. 
A. Website Visit History 
– Reason: Protection of Communications Secrets Act 
– Period: 3 Months 
B. Records about Customer Claims or Dispute Settlements 
– Reason: Acts on the Consumer Protection in Electronic Commerce, etc. 
– Period: 3 Years 
C. Records about the Contract or Withdrawal of Agreement 
– Reason: Acts on the Consumer Protection in Electronic Commerce, etc. 
– Period: 5 Years 
D. Records about Payment and Provision of Goods, etc. 
– Reason: Acts on the Consumer Protection in Electronic Commerce, etc. 
– Period: 5 Years 
E. Records about Marks and Advertisements 
– Reason: Acts on the Consumer Protection in Electronic Commerce, etc. 
– Period: 6 Months 

 

Article 9 (Procedures and Methods for Destroying Personal Information) 
After the purpose has been accomplished, the Company shall immediately destroy the corresponding information in accordance with the storage period and period of use. The subject to be destroyed, the procedures and methods for destroying information are as follows. 
1. Subject to be destroyed: 
(1) Member Registration Information 
(2) Card and bank account details, etc., apart from registration information collected for refunds and other information collected for the purposes of making payment. 
2. Procedures 
The personal information entered by the member in order to register to use the Service, shall be kept for a certain period of time (please refer to Period for Keeping and Using Personal Information) for information protection reasons in accordance with the internal policies and other relevant Acts, and then shall be deleted or destroyed. 
3. Methods 
Personal information in written forms or copies of the ID card, or printed on paper shall be destroyed using a paper shredder, and personal information stored electronically in files, shall be deleted so that it cannot be restored again, using technical methods. 

 

Article 10 (Obligations to Notify) 
In events where the Company needs to add, delete or amend information of the current 「Privacy Statement」, such shall be announced through the ‘notifications’ on the website at least seven (7) days prior to the amendment, and if the amended details cause a disadvantage to the User, such shall be announced for 30 (thirty) days. For inquiries related to amendments, directly contact the administrator or manager, or contact the Company’s Customer Center. 

 

Article 11 (Measures for Protecting Personal Information) 
1. Technical Measures 
The Company has applied the following technical measures to secure safety so that personal information may not be lost, stolen, leaked, changed or damaged while the Company manages the member’s personal information. 
(1) The member’s personal information is being managed using an internal network which is impossible to access or invade through an external network. 
(2) The member’s personal information is protected through a password that only the member him/herself knows, and accessing and amending personal information can only be done by the member him/herself who knows the password. In addition, when changing personal information through the Customer Center, he/she must prove his/her identity. 
(3) The Company uses vaccine programs to prevent damages caused by computer viruses. Vaccine programs are periodically updated and when a virus appears suddenly, the vaccine is provided immediately to prevent invasion of personal information. 
(4) In order to prepare to defend against hacking or other external attacks, the Company uses measures to block external attacks or hacking to prevent personal information from being leaked. 
2. Administrative Measures 
(1) The Company has set required procedures for managing and accessing member’s personal information, and makes sure the employees are fully aware of and comply with such.    
(2) The Company limits the number of individuals who are allowed to manage the member’s personal information to the minimum. Those who are authorized to manage the member’s information are as follows: 
A. He/she who deals with the member directly/indirectly and for marketing and consulting purposes; 
B. He/she who carries out protection measures such as the privacy officer or someone who is in charge of the privacy department; 
C. He/she who for other business purposes inevitably has to deal with personal information; 
(3) For employees who are managing personal information, we carry out corporate training or external commissioned training periodically on privacy rights to obtain new security technology.    
(4) Employees dealing with personal information have signed a pledge to prevent information leakage in advance and in order to audit conducts on privacy statements and whether the employee is complying with such, we are continuously executing internal procedures. The corresponding privacy pledge has been signed and sealed by each employee and is being kept by the Company. 
(5) The changeover of the work of those who are dealing with personal information is being carried out thoroughly under well-maintained security, and we have clearly stated the responsibilities in the event that personal information infringement accidents occur when the employee joins or leaves the company. In addition, when the employee resigns, the employee signs a written consent form agreeing not to disclose or leak any information obtained directly or indirectly while working at the Company to a third party, so that individuals dealing with member’s personal information do not leak or damage/harm personal information obtained while working at the Company. 
(6) When collecting the member’s credit card details, bank account or other information related to payment while establishing the Service Use Agreement for the charged Services, or when providing the charged Services to the member, measures are taken to prove the member’s identification. 
(7) The Company is not held liable for personal information that may be leaked due to the member’s personal mistakes or the Internet’s inherent risks. The member must properly manage his/her ID and password and take responsibility for it. 

 

Article 12 (Privacy Officer) 
The Company considers members’ personal information of utmost importance and makes all efforts so that the member’s personal information is not damaged, infringed upon or leaked. While using the Service, if you report any complaints regarding privacy to the privacy officer, we will respond to you as quickly as reasonably possible. 
[Privacy Officer] 
– Name: Wonyoung Choi 
– Position: Development Team Leader 
– E-mail: wychoi@albamapp.com 
– Phone Number: +82 (0)2-556-4660