Privacy Policy
Effective Date: June 22, 2025
Stenka Community (hereinafter referred to as “the Company”) establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect users’ personal information and to ensure prompt and smooth processing of user complaints related to personal data.
Article 1 (Items of Personal Information Collected and Collection Methods)
| Type | Collection Time | Items Collected | Collection Method |
|---|---|---|---|
| Required | At Sign-up | Email, Password, Nickname | User input on registration page |
| Optional | During Profile Edit | Profile photo, Bio | Entered by user |
| Automatic | During Use | IP, cookies, access logs, device info (OS, browser, etc.) | Collected via log analysis tools |
| Payment | Paid Service Usage | Payment method info (card company name, approval number) — credit card numbers and CVCs are not stored | Via payment gateway integration |
Article 2 (Purpose of Personal Information Processing)
The Company processes personal information only within the following purposes. If the purpose of processing changes, the Company will obtain prior consent.
-
Membership management: Identity verification, prevention of fraudulent use, handling inquiries, and notifications
-
Service provision: Content posting, search, recommendation, personalized UI, and error resolution
-
Paid services: Purchase history management, refunds, and financial settlement
-
Marketing/Advertising (optional): Event updates, new service announcements, and statistical analysis
Article 3 (Retention and Use Period of Personal Information)
| Item | Retention Period | Legal Basis |
|---|---|---|
| Membership info | Until account deletion | Article 29 of the Information and Communications Network Act (Inactive accounts stored separately after 1 year of inactivity) |
| Contract/payment records | 5 years | Article 6 of the Act on Consumer Protection in E-commerce |
| Electronic transactions | 5 years | Article 22 of the Electronic Financial Transactions Act |
| Logs and access records | 3 months | Article 15 of the Protection of Communications Secrets Act |
※ If there are separate retention obligations under applicable laws, the data will be stored accordingly and destroyed after that period.
Article 4 (Provision of Personal Information to Third Parties)
In principle, the Company does not provide personal information to third parties. However, exceptions apply when:
-
The data subject has given separate consent
-
It is required by law or requested by an investigative agency through legal procedures
As of now, no personal information is being provided to third parties. If such provision occurs in the future, the Company will notify users in advance of the items, purpose, and retention period and obtain consent.
Article 5 (Entrustment of Personal Information Processing)
To ensure smooth service operations, the Company may entrust certain personal information processing tasks to third-party service providers. In such cases, proper safeguards are ensured under Article 26 of the Personal Information Protection Act.
| Entrusted Party | Purpose of Entrustment | Retention/Use Period |
|---|---|---|
| Amazon Web Services, Inc. | Infrastructure (Cloud) operations | Until withdrawal or contract termination |
| [Name of PG company] | Payment processing | Same as above |
Article 6 (Overseas Transfer of Personal Information)
The Company uses AWS Seoul Region, which does not involve overseas data transfers. If an overseas region is used in the future, the Company will notify users of the destination country, transfer method, date, and protection measures, and will obtain separate consent.
Article 7 (Rights and Duties of Data Subjects and Legal Representatives)
Users (data subjects) may at any time exercise the following rights:
-
Request to view, correct, delete, or suspend processing of their personal information
These rights can be exercised via the “Account Info” menu on the website or by contacting customer support ([email]).
Legal guardians of users under the age of 14 may exercise the same rights on behalf of the child.
Article 8 (Procedures and Methods of Destroying Personal Information)
-
Destruction Procedure: After the purpose is achieved or the retention period expires, the data is moved to a separate database and destroyed within 30 days.
-
Destruction Methods:
-
Electronic files → Permanently deleted using technical methods (e.g., degaussing)
-
Paper documents → Shredded or incinerated
-
Article 9 (Measures for Ensuring Safety of Personal Information)
-
Administrative: Regular employee training, internal audits
-
Technical: Encryption (passwords and sensitive data), access control (firewalls, WAF), intrusion detection system (IDS)
-
Physical: Access control to data centers and document storage rooms, CCTV monitoring
Article 10 (Personal Information Protection Officer)
-
Chief Privacy Officer: [Representative Name]
-
Responsible Department: Operations Team
-
Contact Info: [Phone number], [Email address]
(Connects to the personal information protection department.)
Article 11 (Remedies for Infringement of Rights)
If you experience any personal data breaches, you may seek consultation or dispute resolution via the following organizations:
-
Personal Information Dispute Mediation Committee: www.kopico.go.kr / 1833-6972
-
Personal Information Infringement Report Center: privacy.kisa.or.kr / 118
-
Supreme Prosecutors’ Office Cybercrime Division: www.spo.go.kr / 1301
-
Korean National Police Cyber Bureau: cyberbureau.police.go.kr / 182
Article 12 (Request to View Personal Information)
Under Article 35 of the Personal Information Protection Act, users may request access to their personal data through:
-
Ministry of the Interior and Safety – Personal Information Protection Division: www.mois.go.kr / 2100-3394
Article 13 (Changes to this Privacy Policy)
This policy may be amended to reflect changes in laws, policies, or services.
If any additions, deletions, or modifications occur, they will be announced on the website at least 7 days in advance.