Privacy Policy

CJ ENM Co., Ltd Entertainment Division (hereinafter “Company”) has established, and is in compliance with, the Company’s privacy policy (hereinafter “Privacy Policy”) for the purpose of actively protecting users’ personal information and complying with all personal information-related laws and regulations. Through the Privacy Policy set forth below, the Company informs users of the purpose and method of how users’ personal information is being used and the measures being taken to protect their personal information. This Privacy Policy is published on the Company’s website and is easily accessible at any time. The Privacy Policy includes the following subject matters:

  1. 1. Procedure on providing consent for the collection and use of personal information
  2. 2. Personal information items to be collected and the purpose of collecting and using personal information
  3. 3. Retention, period of use, and destruction of personal information
  4. 4. Installation, operation, and rejection of automatic personal information collection device
  5. 5. Users' rights to personal information and method of exercise
  6. 6. Chief Privacy Officer and customer center
  7. 7. Consent for providing and sharing personal information to a third party
  8. 8. Consent to the consignment of personal information processing
  9. 9. Withdrawal of consent for collecting and providing personal information
  10. 10. Information on the collection of personal information of children under the age of 14
  11. 11. Technical and administrative protection of personal information
  12. 12. Duty to notify
1. Procedure on providing consent for the collection and use of personal information

Users may provide consent to the collection and use of their personal information, provision to third parties, the consignment of processing work, etc. by reading the “Privacy Policy” and “Consent Form for the Collection and Use of Personal Information” posted on the Company’s website (htttps://ocean.cjenm.com), and clicking on the button “consent for the collection and use of personal information” provided on the website.

2. Personal information items to be collected and the purpose of collecting and using personal information

The Company collects and uses minimum personal information that is necessary to provide its service. The collected personal information is not used for any purpose other than for which consent was obtained. In the event the purpose of using personal information is changed, necessary measures, such as obtaining consent from the owner of personal information, will be taken.

  1. (1) Method of collection
    • Collection of information by using the Company’s website services via PC and/or mobile
    • Collection of information generated by using a log analysis program
    • Collection of information by using internet cookies
  2. (2) Collected items, purpose, and retention Period


    (Required Consent). Use of the “Contact Us” Service

    1. Purpose of collection and useTo use Contact Us service, receive and handle inquiries, and notify processing results
      Collected itemsName, email address, mobile phone number, country name
      Retention periodWithin one (1) month from the completion of the application process or within five (5) days from the date of request for withdrawal by the owner of personal information
  3. (3) Information generated and collected during the use or process of service The following information may be generated and collected to provide personalized services during the use or process of service.
    • Frequency of use, service usage time, and usage records
    • Access log and access IP information, cookies, usage records, session information, terminal information, and MAC address
3. Retention, period of use, and destruction of personal information
  1. (1) Period of use and retention period
    The Company retains and uses personal information only for the period agreed upon by the user (period of use) to provide services and handle inquiries.
  2. (2) Storage and preservation period of personal information
    If it is necessary for the Company to preserve personal information based on the personal information owner’s consent or pursuant to laws or other related laws and regulations, the Company shall keep and preserve the personal information for a certain period as required.
    • Records related to visitor access (logs) and tracking data that can confirm the location of information and communication devices: Three (3) months (Protection of Communications Secrets Act)
    • respective period for each type of communication confirmation data pursuant to Article 15-2 of the Communications Secret Protection Act and Article 41 of the Enforcement Decree of the same Act
    • Other storage and preservation periods: Applicable when consent from the owner of the personal information was separately obtained
  3. (3) Procedure and method of destroying personal information
    1. A. Destruction procedure
      The information provided by a user for the use of service is transferred to a separate DB after its purpose is achieved, stored for a certain period in accordance with the Company’s internal policy set forth under Section (2) above and other related laws and regulations, and then destroyed by the method specified in Item C below. Personal information transferred to a separate DB will not be used for any other purpose unless it is preserved pursuant to related laws and regulations.
    2. B. Information subject to destruction
      Information for which the retention period and the preservation period set forth under Section (2) above have expired in accordance with related laws and regulations
    3. C. Destruction method
      • Personal information in written and/or printed form: To be shredded or incinerated
      • Personal information stored in the form of electronic files such as DB: To be deleted using technology that does not allow restoration or recovery of records
4. Installation, operation, and rejection of automatic personal information collection device

Cookies, records of service usage, and information accessed from the connected device may be generated automatically and collected in the process of using Company services and handling user inquiries.
Cookies are data that websites send to the users’ web browsers (Internet Explorer, Chrome, Firefox, etc.). When a user visits the Company's website and uses its service through a cookie, the Company reads the details of the cookies stored in the user’s PC and analyzes information such as visit records and services used, service connection time and frequency, and information generated or provided (entered) in the process of using the service to improve services, prevent illegal use, and check user errors

  1. Strictly necessary cookies
    CookiesPurposeAboutExpiration dateDeployer
    CookieConsentStores the user's cookie consent statusHTTPcookies1 dayocean.cjenm.com
    _gaRegisters a unique ID that is used to generate statistical data about how visitors use the websiteHTTPcookies2 yeargoogle
    _gatUsed by Google Analytics to control the request speedHTTPcookies1 daygoogle
    _gidRegisters a unique ID that is used to generate statistical data about how visitors use the websiteHTTPcookies1 daygoogle
  2. - Notice of Cookies, Effective Scope, Third-Party Cookies
    Notice of cookies is only valid in https://ocean.cjenm.com. The user may also receive third-party cookies from the Company’s service providers when using the website. However, the cookies collected by the Company are not provided to third parties. The Company will notify the user when it collects cookies and provide an option to decline cookies. However, if the user declines cookies, there may be limitations in using some services.
  3. - Right to decline cookies
    1. 1) For Chrome : Settings > Security and Privacy > Cookies and other site data
    2. 2) For Internet Explorer : Tools > Internet Options > Privacy > Advanced
    3. 3) For Microsoft Edge : Settings > Cookies and Site Permissions > Manage and delete cookies and site data
5. Users' rights to personal information and how to exercise them

Users can always visit the Company website and request to view, correct, or delete their stored personal information.

  1. (1) Users may request to view or verify personal information through the Company website or customer center.
  2. (2) When a user requests to view or verify his or her own personal information, the user must present his or her ID (copy) such as a resident registration card, passport, driver’s license, or other forms of IDs for proof of identification.
  3. (3) When a user’s delegate requests to view or verify the user’s personal information, the delegate must present proof of identification, a POA (power of attorney) indicating the relationship between the user and the delegate, a seal certificate of the user, and the ID of the delegate.
  4. (4) When a request is made by a user to correct any errors in personal information, the subject personal information will not be used or provided until the correction is completed. If any incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the third party may also make corrections accordingly.
  5. (5) However, the viewing and correction of personal information may be restricted in the following cases:
    1. A. Existence of a risk of significantly harming the life, body, property, or rights and interests of the user or a third party
    2. B. Existence of a risk of significantly impairing the service provider’s work
    3. C. Violation of any laws and/or regulations
6. Chief Privacy Officer and Customer Center
  • The Company has designated a Chief Privacy Officer and a department in charge as provided below and operates a consultation counter for smooth communication with users in relation to personal information inquiries and requests.

    1. - Chief Privacy Officer
      • Department/Name: Kang Bong-kwan, Information Security Team, CJ ENM Co., Ltd Entertainment Div.
      • Phone number: 82 2-371-5501
    2. - Customer Center
      • Phone number: 82 2-371-5501

  • Please contact the Chief Privacy Officer by phone or contact any of the institutions below for any advice on, or to report any instance of, infringement of personal information.

    Name of institutionsURLContact information
    KISA Personal Information Infringement Report Centerhttp://privacy.kisa.or.kr118 without area code
    Supreme Prosecutor's Office Cyber Crime Investigation Teamhttp://www.spo.go.kr82 2-3480-3573
    Korean National Police Agency Cyber Bureauhttps://ecrm.police.go.kr/minwon/main182 without area code
    Personal Information Dispute Mediation Committeehttp://kopico.go.kr1833-6972 without area code
7. Consent for providing and sharing personal information to a third party

The Company uses a user’s personal information only within the scope specified in the Privacy Policy, and does not use personal information beyond the specified scope nor provide it to a third party. However, personal information may be provided in exceptional cases such as when the user gives prior consent or when a request is made pursuant to the provisions and procedures set forth by related laws and regulations.

8. Consent to the consignment of personal information processing

The Company consigns personal information processing work to the consignment companies listed below for purposes including the operation and maintenance of services and provision and management of user convenience . The Company manages the consignment companies by entering into service agreements which require the consignment companies to be and remain in compliance with related laws, regulations, and guidelines, protect personal information and comply with confidentiality provisions, and return and destroy personal information immediately upon the expiration or termination of the service agreement.

Consignment companyPurpose of consignment work
MEDIA4THONE Inc.Website construction/operation and management, maintenance
CJ OliveNetworks Co., Ltd.IT asset management
9. Withdrawal of consent for collecting and providing personal information

  1. · Users may request to withdraw their consent for the collection and use of personal information and to delete or stop the processing of the personal information. To submit such request, please contact the Chief Privacy Officer, and the Company will process it immediately after completing the identity verification process
10. Information on the collection of personal information of children under the age of 14
  1. (1) In principle, the Company does not collect personal information of children under the age of 14. However, in the inevitable case of collecting personal information for the purpose of providing services, the Company requests the consent of the LAR (legally authorized representative) of the child as a mandatory procedure.
  2. (2) In order to obtain the consent of the LAR (e.g. parent), the Company collects from the child a minimum amount of personal information such as the name and phone number of the LAR. The LAR may view, correct, and delete the child’s personal information, and if they wish to do any of the foregoing, the LAR can make a request to the Chief Privacy Officer by phone or email and the Company will take necessary measures.
11. Technical and administrative protection of personal information

The Company is preparing the following technical and administrative safety measures to ensure that users’ personal information is not lost, stolen, leaked, altered, or damaged.

  1. (1) Technical protection measures
    1. A. Personal information is protected by a password, and important data is protected by using separate security features such as encrypting files and transmitted data or setting a lock on the file.
    2. B. The Company is taking measures to prevent damage caused by computer viruses by using an antivirus program. Antivirus programs are updated regularly, and in the event a virus unexpectedly appears, the Company applies the antivirus program immediately to prevent infringement of personal information.
    3. C. The Company uses a Secure Sockets Layer (SSL) device to safely transmit personal information in the network.
    4. D. The Company has installed the antivirus program in an area where access is restricted from outside users and is using a device that blocks attacks and unauthorized access to prevent leakage of users’ personal information from events such as hacking.
  2. (2) Administrative protection measures
    1. A. The Company has prepared the necessary procedures for managing and accessing users’ personal information so that officers and employees become familiar and comply with such procedures. The Company periodically conducts compliance checks to ensure compliance of such procedures.
    2. B. The Company limits the number of people who can process users’ personal information to a minimum and manages access rights, and ensures compliance with laws and policies through internal trainings. The people who process users’ personal information is as follows.
      • Person whose work involves direct or indirect communication with users
      • Person whose work involves the management and protection of personal information, such as the Chief Privacy Officer
      • Person whose work involves inevitable access to personal information
    3. C. The Company prevents any leakage of information (including personal information) by requiring new hires and employees to sign the information protection pledge, reminding them of their obligations to protect personal information as often as necessary, and preparing internal procedures for compliance auditing.
    4. D. The handover of work by the personal information manager is carried out securely, and the responsibility of each onboarding and offboarding employee for any case of personal information infringement is clearly provided in the Company’s internal policy.
12. Duty to notify

In the event of any amendments to this Privacy Policy due to changes in Company policies, government policies, or security technology, the Company post a notice on the website prior to such amendment.

  • Current Privacy Policy Version: v1.0
  • Notification date: July 11, 2022 / Implementation date: July 11, 2022