Festivall

Privacy Policy

Festivall (hereinafter referred to as "the Company") highly values the protection of personal information of users who use the services operated by the Company. The Company processes personal information legally and safely in compliance with relevant laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.

Through this Privacy Policy, we inform users about all aspects from collection to use and disposal of personal information provided by users. The policy may be changed according to changes in relevant laws or the Company's operational policies. In case of changes, modifications will be announced through the Company's website.

The Company's privacy policy contains the following:

  1. Purpose of Processing Personal Information
  2. Items of Personal Information Processed
  3. Retention and Usage Period of Personal Information
  4. Disposal of Personal Information
  5. Provision of Personal Information to Third Parties
  6. Outsourcing of Personal Information Processing
  7. Rights of Data Subjects and Legal Representatives and Methods of Exercise
  8. Measures to Ensure Safety of Personal Information
  9. Installation/Operation of Automatic Personal Information Collection Devices and Rejection
  10. Matters concerning Online Customized Advertising
  11. Privacy Officer and Contact Information
  12. Remedies for Rights Infringement
  13. Other Matters
  14. Obligation to Notify

1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes:

A. Service Fulfillment — Personal information is processed for purposes such as fulfilling service provision contracts, payment settlement, content provision, purchase and payment processing, goods delivery or billing dispatch, financial transaction identity verification and financial services, and user authentication and booking verification when using face entry (recognition) services.

B. User Management — For identity verification, personal identification, prevention of fraudulent use by malicious users and unauthorized use, confirmation of usage intent, usage frequency limitation, age verification, complaint handling, notification delivery, and confirmation of withdrawal intention.

C. Marketing and Advertising — For new service/product development and specialization, transmission of commercial advertising information for profit (phone, email, text, etc.), service provision and advertisement placement based on demographic characteristics, and access frequency analysis or usage statistics.

2. Items of Personal Information Processed

The Company processes the following personal information of users to provide a variety of services. The Company may collect additional personal information during service usage, including:

Name, Date of Birth, Phone Number

Additionally, the following may be generated and collected during service usage:

IP Address, Cookies, Visit Time, Service Usage Records, Fraudulent Use Records, Mobile Service Usage Information (Device Model, OS Type, Mobile Carrier Information, Hardware ID, Advertising ID, Basic Usage Statistics), Application Installation Information, and Payment/Purchase Records.

3. Retention and Usage Period of Personal Information

A. The Company generally retains users' personal information until service withdrawal. To prevent unwanted withdrawal due to misuse, the Company retains personal information for 3 days after withdrawal requests.

B. After withdrawal, internal identification information is retained for 1 year to prevent re-registration and fraud by malicious users.

C. If a user has not logged in for over 1 year, the Company will notify the user in advance and separately store and manage personal information.

D. The Company notifies users 30 days before transferring to dormant status. If the account is dormant and the service is not reused for 4 years, separately stored information is permanently deleted. To resume service, users may log in and complete the "ID Reuse Agreement" process.

Fraudulent Use Records — Basis: Prevention of Fraudulent Use; Retention Period: 1 year after Membership Withdrawal.

Where laws require retention, the Company retains user information for the following periods:

  • Records related to contracts or cancellations — Electronic Commerce Consumer Protection Act — 5 years
  • Records related to payment and supply of goods — Electronic Commerce Consumer Protection Act — 5 years
  • Records related to handling consumer complaints or disputes — Electronic Commerce Consumer Protection Act — 3 years
  • Website visit records — Telecommunications Secret Protection Act — 3 months

4. Disposal of Personal Information

Personal information is generally disposed of after the purpose of processing has been achieved. Disposal procedure and method are as follows:

A. Disposal Procedure — Personal information provided by users is moved to a separate DB after purpose achievement and stored for the period above before disposal. It is not used for any other purpose except as required by law.

B. Disposal Method — Personal information stored electronically is deleted using a technical method that prevents regeneration. Information printed on paper is shredded or incinerated.

5. Provision of Personal Information to Third Parties

The Company uses users' personal information within the scope notified in Article 1 and does not disclose it without prior consent. However, the following exceptions apply:

  • If the user has previously consented
  • If required by law or by a law enforcement agency following lawful procedures

6. Outsourcing of Personal Information Processing

The Company outsources personal information processing for service enhancement to the entities below, with appropriate measures stipulated in outsourcing contracts in accordance with relevant laws:

  • Payment services for ticket purchases (credit card, cash, small-amount payment)
  • Kakao AlimTalk and SMS sending

7. Rights of Data Subjects and Methods of Exercise

A. Rights and Methods — Data subjects and legal representatives may view/modify their (or a minor's) registered personal information at any time and may request membership withdrawal.

To view/modify personal information, users go through "Information Change" (or "Member Information Modification"). To withdraw, users go through "Membership Withdrawal" after identity verification.

Alternatively, users can contact the Privacy Officer by mail, phone, or email, and the Company will take immediate action.

If correction is requested due to errors, the Company will not use or provide the personal information until the correction is completed. If already provided to a third party, the Company notifies the third party of the correction immediately.

Personal information deleted/withdrawn by users or legal representatives is handled per Article 3 and ensured not to be viewed or used for any other purpose.

B. Withdrawal of Consent (Membership Withdrawal) — Users may withdraw consent at any time via the membership withdrawal menu or by contacting the Privacy Officer. Necessary measures including deletion of personal information will be taken.

8. Measures to Ensure Safety of Personal Information

The Company takes the following measures to prevent loss, theft, disclosure, tampering, or damage:

A. Administrative Measures — Number of personnel handling personal information is minimized; each is assigned a regularly updated separate password; regular training is provided. A Personal Information Protection Committee verifies policy implementation and personnel compliance, with corrective action taken on issues. The Company is not responsible for disclosure due to user negligence or general internet issues.

B. Technical Measures — Email IDs and passwords are encrypted; only users know passwords. Confirmation/modification requires user authentication. Anti-hacking and antivirus measures, regular backups, and encrypted network transmission are in place. An intrusion prevention system controls unauthorized external access.

C. Physical Measures — Personal information is stored in a location with security devices; access control procedures are established and operated.

9. Cookies and Similar Devices

The Company operates "cookies" that store and retrieve user information continuously.

A. Cookies — Small text files sent by the website server to the user's browser and stored on the hard drive.

B. Purpose — To analyze access frequency/visit time, understand user interests/preferences, track activities, and provide targeted marketing/personalized services.

C. How to Reject — Users may set their web browser to allow all cookies, confirm each storage, or reject all cookies. However, rejection may prevent login or reservations.

  • Chrome — Top-right menu → Settings → Privacy and Security → Site Settings → Cookies and Site Data
  • Microsoft Edge — Top-right menu → Settings → Cookies and Site Permissions → Manage and Delete Cookies and Site Data

D. Mobile — Cookies may be used on mobile devices similarly to PCs. The Company does not collect personal information through third-party cookies without explicit consent. Settings vary by OS/browser.

  • Chrome (mobile) — Settings → Site Settings → Cookies
  • Safari — Settings → Safari → Block Cookies
  • Samsung Internet — Settings → Internet Usage History → Delete Internet Usage History

10. Online Customized Advertising

A. Behavioral Information — Online user activity data (visits, app usage, purchase, search history, etc.) used to analyze user interests, preferences, habits, and tendencies.

B. Consent — The Company allows advertising partners to collect/process behavioral information through analytics tools to send targeted advertising. Users may set browser preferences to allow or reject such third-party collection/processing.

11. Privacy Officer and Contact

The Company designates the following personnel and department as Privacy Officer to handle personal information matters:

  • Privacy Officer: Sim Young-bo
  • Department: Information Security Team
  • Phone: —
  • Email: —

Users may report all privacy-related complaints to the Privacy Officer or relevant department. The Company will provide a sufficient response promptly.

12. Remedies for Rights Infringement

Data subjects may seek remedies through dispute resolution or consultation with the following organizations:

  • Personal Information Dispute Mediation Committee — https://www.kopico.go.kr — 1833-6972
  • Personal Information Infringement Report Center — https://privacy.kisa.or.kr — 118
  • Prosecutor's Office — https://www.spo.go.kr — 1301
  • Police — https://ecrm.cyber.go.kr — 182

13. Other Matters

The Company may provide links to other websites. The Company is not responsible for services or data provided by linked websites or for transactions between users and those sites. Users should review the privacy policy of any new website they visit.

14. Obligation to Notify

For any additions, deletions, or modifications to this privacy policy, the Company will notify users via the "Notice" section on the homepage at least 7 days in advance.