Privacy Policy

Mnet Plus Privacy Policy

Mnet Plus service operator, CJ ENM Co., Ltd. Entertainment Division (hereinafter referred to as the “Company”), is fully committed to protecting users’ personal information (both members and non-members) and complies with the Personal Information Protection Act and all other relevant statutes. To that end, the Company has adopted, and strictly observes, this Privacy Policy (hereinafter referred to as the “Privacy Policy”).

Through the policy set out below, we inform you of the purposes and methods by which your personal information is used and what measures are being taken to protect your information.

This Privacy Policy is publicly available through the services operated by the Company and is made easily accessible to users at all times. The Company’s Privacy Policy includes the following information.

  1. Items of Personal Information Collected / Purposes of Use

  2. Retention and Use Period of Personal Information

  3. Procedures and Methods for Destruction of Personal Information

  4. Installation, Operation, and Refusal of Automatic Data Collection Devices

  5. Behavioral Data Collection and Refusal

  6. Overseas Transfer of Personal Information

  7. Outsourcing of Personal Information Processing

  8. Provision of Personal Information to Third Parties

  9. Users’ Rights and How to Exercise Them

  10. Protection of Personal Information of Children Under 14

  11. Personal Information Protection Officer and Grievance Handling Department

  12. Measures to Ensure the Safety of Personal Information

  13. Duty of Notification

1. Items of Personal Information Collected / Purposes of Use

(1) The Company collects and uses only the minimum personal information necessary to provide its services. Furthermore, the provided personal information will not be used for purposes other than those consented to by the user. If the purpose of use changes after consent, the Company will take necessary measures, such as obtaining additional consent in advance.

① Personal Information Items Processed Without Consent of the Data Subject

l Legal Basis: Article 15, Paragraph 1, Item 4 of the Personal Information Protection Act ('Execution and Performance of a Contract')

Category

Items Collected/Use

Purpose of Collection/Use

Retention and Use Period

Membership Registration (Common)

Email (ID), password, birth year, gender

Membership registration and user identification, prevention of fraudulent use, delivery of service-related guidance and notices, provision of customized services

30 days after membership withdrawal

SNS/Social Media Easy Sign-up/Account Linking

(Google, Apple, Kakao, LINE)

User identification information, SNS/social media account information (email, profile name)

Provision of simple registration and linkage services for customer convenience, user identification

30 days after membership withdrawal or upon unlinking

Inquiries

Email address, inquiry details, ID, inquiry details

Receipt and processing of customer inquiries, notification of processing results, and responding to related inquiries

3 years from the date the response is completed

② Personal Information Items Processed With Consent of the Data Subject

l Legal Basis: Article 15, Paragraph 1, Item 1 of the Personal Information Protection Act ('Consent')

Category

Items Collected/Use

Purpose of Collection/Use

Retention and Use Period

Provision of Marketing Services

Birth year, gender, service usage records

Tailored advertisements for marketing purposes, provision of events and benefits

Upon withdrawal of consent or 30 days after membership withdrawal

Provision of Events

Name, email address, contact information, address (when shipping prizes)

Identification of applicants and selection of winners, announcement of winning results, provision of event benefits

Until the period agreed upon by the user at the time of event application

Advertising Inquiries

Email, name

Inquiries and responses regarding advertising campaign execution

1 year from the date of inquiry

※ During the event participation process, additional personal information may be collected from users of the relevant service. As the collected items may vary depending on the event, the Company will obtain consent from users at the time of collection regarding the ‘personal information collection items, purpose of collection and use, and retention period.’

(2) Additionally, the following information may be generated and collected during the use or processing of services to provide personalized services:

  • Cookies, service usage records (visit date and time, usage duration, frequency), access country and IP, device information (OS, device ID), advertising identifiers (ADID, IDFA)

(3) The Company collects personal information through the following methods:

  1. Collection of personal information during membership registration and service use

  2. Collection of information through online/offline consent for personal information collection and use

  3. Collection of generated information through log analysis programs

  4. Collection of information via ‘cookies’

(4) The Company may use pseudonymized personal information for purposes such as statistics, scientific research, or public record preservation, in accordance with relevant laws.

2. Retention and Use Period of Personal Information

(1) The Company safely processes and retains personal information within the period necessary for the execution and performance of a contract, and within the personal information retention and use period agreed upon by the user at the time of collection. The retention and use period of personal information consented to by the user is as follows:

  1. Prevention of fraudulent registration and use: Up to 30 days after membership withdrawal

  2. Information collected for event participation: Until the period agreed upon by the user at the time of event participation

  3. Information collected for advertising inquiries: 1 years from the date of inquiry

 (2) If required by relevant laws, the Company will retain member information for the periods specified below in accordance with such laws:

Relevant Law

Items Retained

Retention Period

Protection of Communications Secrets Act

Service visit records

3 months

Act on Consumer Protection in Electronic Commerce, Etc.

Records related to contracts or withdrawal of subscription

5 years

Records related to payment and supply of goods, etc.

5 years

Records related to consumer complaints or dispute resolution

3 years

Records related to labeling and advertising

6 months

Framework Act on National Taxes

Books and evidence documents for all transactions as stipulated by tax laws

5 years

3. Procedures and Methods for Destruction of Personal Information

  1. The company shall promptly destroy personal information upon expiration of the retention period, achievement of the processing purpose, or when it becomes unnecessary. Notwithstanding the expiration of the retention period consented to by the user or achievement of the processing purpose, if the company must continue to retain the personal information in accordance with its internal policies or other laws, it shall isolate such personal information by transferring it to a separate database (DB) or storing it in a different location.  

  2. The methods of destruction of personal information are as follows.

  • Personal information written or printed on paper: Shredded or incinerated

  • Personal information stored in electronic file formats, such as databases: Deleted using technical methods that prevent recovery

4. Installation, Operation, and Refusal of Automatic Data Collection Devices

  1. The company installs and operates cookies for the purpose of providing services such as user service usage statistics analysis, service improvement, and personalized services.

  2. Cookies are small text files sent from the server used for website operation to the user's web browser, and are collected and stored on the user's access device (PC, mobile, etc.).

  3. Users have the right to choose whether to allow cookies. Through browser options, users can allow all cookies, refuse all cookies, or be notified each time a cookie is stored. However, refusing cookies may cause difficulties in using some parts of the website or services.

[Status of Collected Cookies]

Cookie

Types

Purpose

Information

Provider

Expiry

refreshToken

Essential Cookies

Re-issue user access token

HTTP Cookie

MNETPLUS

30 days

accessToken

Essential Cookies

Issue user access token

HTTP Cookie

MNETPLUS

1 day

_ga

Analytical/
Performance Cookies

Generate unique ID for user statistics

HTTP Cookie

google

1 day

_gat

Analytical/
Performance Cookies

Control request rate in Google Analytics

HTTP Cookie

google

1 day

gid

Analytical/
Performance Cookies

Generate unique ID for user behavior stats

HTTP Cookie

google

1 day

[How to Refuse Cookies]

▶ Web Browser Cookie Settings

  • Chrome: Select the ‘⋮’ icon in the top right of the web browser > New Incognito Window (Shortcut: Ctrl+Shift+N)

  • Microsoft Edge: Select the ‘…’ icon in the top right of the web browser > New InPrivate Window (Shortcut: Ctrl+Shift+N)

▶ Mobile Browser Cookie Settings

  • Chrome: Select the ‘⋮’ icon in the top right of the mobile browser > New Incognito Tab

  • Safari: Device Settings > Safari > Advanced > Block All Cookies

  • Samsung Internet: Device Settings > Safari > Advanced > Block All Cookies

(4) The company uses Google Analytics, a web log analysis tool provided by Google, to collect only non-identifiable information for the purpose of providing better services. Users can refuse the use of Google Analytics as follows:

5. Behavioral Data Collection and Refusal

  1. The company collects and uses online behavioral information in a non-identifiable manner to provide optimized customized services, benefits, and online tailored advertisements.

  2. When users visit or use the mobile app, online advertising operators are allowed to collect and process behavioral information as follows:

Collection Device Name

Collection Device Type

Collecting Entity

Collected Items

Purpose

Collection Country

Applovin SDK

SDK

Applovin

(dataprotection@applovin.com)

Hashed customer identification information, advertising identifier, device information

Provision of online tailored advertisements

Global data centers (not limited to a specific country)

Appsflyer SDK

SDK

Appsflyer

(privacy@appsflyer.com)

Hashed customer identification information, IP address, advertising identifier, device information

Service statistics and analysis, analysis of user behavior, service improvement, and research and development

Ireland, Belgium

Adjoe SDK

SDK

Adjoe

(privacy@adjoe.io

)

Device information, hashed customer identification information, advertising identifier, service usage records

Point accumulation following the provision of offerwall advertising content services

Germany

NBT SDK

SDK

NBT

(privacy@nbt.com

)

Hashed customer identification information, advertising identifier

Point accumulation following the provision of offerwall advertising content services

USA

(3) Users can configure settings to allow or block the collection of behavioral information by third parties:

  1. (Android) Settings → Privacy → Ads → Reset or delete Ad ID

  2. (iOS) Settings → Privacy → Tracking → Disable app tracking

※ Menu and method may vary depending on mobile OS version.

(4) For inquiries regarding behavioral information, refusal rights, or damage reports, contact:

[Personal Information Manager]

  • Name : Kim Ji Hoon

  • Department : CJ ENM ENTERTAINMENT DIV., Information Security

  • Contact : 02) 371-5501

6. Overseas Transfer of Personal Information

(1) To provide services and enhance user convenience, the Company transfers or manages customer information overseas as follows. The information transferred overseas is as follows:

·            Legal Basis: Article 28-8, Paragraph 1, Item 3 of the Personal Information Protection Act (Processing Entrustment/Storage) 

Recipient

Country

Contact

Purpose of Provision

Transfer Time & Method

Transferred Info

Retention & Usage Period

Braze Inc

USA

privacy@braze.com

Collection of customer activity information, service and behavior analysis, information statistics, CRM, tailored recommendations, message sending

Transmitted via network at the time of service use

gender, birthday, country (region), last app access, language, time zone, mobile device identification information (UUID/SSAID), device and OS, service usage info (viewed pages, dwell time, clicks, etc.)

Until 30 days after membership withdrawal or service contract termination

Zendesk Inc

Japan

privacy@zendesk.com

Customer inquiry management

Transmitted via network during customer inquiry service use

Email, ID, inquiry content

3 years from the date of inquiry

Adjoe

Germany

 privacy@adjoe.io

Point accumulation from offerwall ad content service provision

Transmitted via network at the time of service use

Device information, hashed customer identification information, ad identifier

Upon membership withdrawal or service agreement termination

NBT

USA

privacy@nbt.com

Point accumulation from offerwall ad content service provision

Transmitted via network at the time of service use

hashed customer identification information, ad identifier

Upon membership withdrawal or service agreement termination

(2) Users may refuse the overseas transfer of personal information, which may restrict service use. If users do not wish for overseas transfer, they can withdraw membership after accessing the service or request the suspension of personal information processing through the Company’s Personal Information Manager or grievance handling department. 

7. Outsourcing of Personal Information Processing

  1. The Company outsources personal information processing tasks to third parties for service operation, maintenance, and user convenience.

  2. The Company manages entrusted entities through personal information entrustment contracts, ensuring compliance with relevant laws and guidelines, information protection, confidentiality, prohibition of third-party provision, liability for accidents, and the obligation to return or destroy personal information immediately upon termination of the entrustment period. The Company ensures that entrusted entities take all necessary measures regarding personal information protection. If an entrusted entity causes damage to a customer due to intentional or negligent handling of personal information, the entrusted entity bears full responsibility.

※ For one-off entrustment tasks with very short entrustment periods, where public disclosure on the website or training of the entrusted entity is not feasible, the Company clearly notifies the entrusted entity of obligations through contract documents and requests that the entrusted entity trains its relevant employees.

Contractor

Purpose of Entrustment

Eximbay

Electronic payment service provision

Mailgun

Email sending

CJ Telenix

Customer service response and guidance entrustment operation

CJ OliveNetworks

Log analysis and notification services through Braze

OpenSurvey Co., Ltd.

Operation of Mnet Plus research and analysis of results

Communique

Event operation and management

(3) In cases where a trustee subcontracts the personal information processing tasks, the Company manages them to ensure they obtain the Company's consent. The status of subcontracting can be verified through the privacy policy of each outsourced company.
※ Clicking on the name of the outsourced company in the table will redirect you to the respective company's privacy policy page.

(4) If there are any changes to the details of the outsourced tasks or the trustee, we will disclose them through this Privacy Policy without delay.

※ If the outsourced work is a one-off task with a very short contract period, it may be impossible to publish the details online or train the contractor in time. In these cases, the contractor's obligations must be clearly stated in the contract documents at signing. Additionally, the contractor must be requested to train their own employees on these requirements.

8. Provision of Personal Information to Third Parties

(1) The company provides personal information to third parties only to the minimum extent necessary, with user consent, as required for smooth service provision under Article 17(1)1 of the Personal Information Protection Act.

(2) In accordance with Article 15, Paragraph 3 or Article 17, Paragraph 4 of the Personal Information Protection Act, the Company may additionally use or provide personal information without the consent of the data subject, taking into consideration the matters pursuant to Article 14-2 of the Enforcement Decree of the Personal Information Protection Act.

(3) To additionally use or provide personal information without the consent of the data subject, the Company considers the following factors:

① Whether it is relevant to the original purpose of collection;
② Whether the additional use or provision of personal information is predictable in light of the circumstances under which the personal information was collected or processing practices;
③ Whether it unfairly infringes upon the interests of the data subject;
④ Whether necessary measures to ensure safety, such as pseudonymization or encryption, have been taken.

(4)  In accordance with the "Guidelines for Processing and Protecting Personal Information in Emergencies" jointly announced by relevant government ministries, the Company may provide personal information to relevant authorities without the user's consent in the event of an emergency such as a disaster, infectious disease, incident/accident causing imminent danger to life or body, or imminent property loss.

(5) The Company may provide personal information without the user's consent if requested by an investigative agency in accordance with the procedures and methods prescribed by laws and regulations for the purpose of investigation or inquiry.

9. Users’ Rights and How to Exercise Them

(1) Users may access or modify their registered personal information, withdraw consent for collection/use/entrustment/provision, or request account deletion at any time via Mnet Plus services:

 ① View and edit: Log in > MY
② Delete and withdraw: Log in > MY > Your Account > Delete Mnet Plus account
③ Marketing and advertising consent: Log in > MY > Your Account > Consent to receive marketing messages

(2) Users may exercise their rights through an agent, in which case a power of attorney in the format specified in Annex 11 of the “Notice on Personal Information Processing Methods” must be submitted.

(3) Requests for access or suspension of processing may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act. Requests for correction or deletion of personal information cannot be made if the information is specified as a collection target under other laws.

(4) If a user requests correction of errors in personal information, the company will not use or provide the information until the correction is completed. If incorrect information has already been provided to a third party, the company will promptly notify the third party of the correction

(5) However, the Company may exceptionally restrict access or correction of personal information in the following cases:
 ① If there is a significant risk of harming the life, body, property, or rights of the user or a third party.
 ② If it is likely to significantly interfere with the service provider’s operations.
 ③ If it violates the law.

(6) The Company operates a separate customer center to handle related consultations and inquiries. If you contact the customer center or the Personal Information Protection Officer, we will take prompt action.

10. Protection of Personal Information of Children Under 14

The Mnet Plus service does not accept membership registration from children under 14 (in Korea) or under 16 (outside Korea) who require the consent of a legal guardian for the collection and use of personal information. Providing false birth date information during Mnet Plus membership registration is considered a violation of the Company’s Terms of Service, and the Company bears no responsibility for issues arising from this. If a child under the age limit has created an account, legal guardians may request account deletion or temporary suspension of use through [고객센터]. Account deletion requests can be withdrawn within 30 days from the application date by contacting the customer service center.

11. Personal Information Protection Officer and Grievance Handling Department

(1) The Company highly values users’ opinions. For inquiries, please contact the Personal Information Manager or the Mnet Plus service department, and we will provide prompt and accurate responses.

Personal Information Manager

Personal Information Protection Department

  • Name : Kim Ji Hoon

  • Department : CJ ENM ENTERTAINMENT DIV., Information Security

  • Contact : 02) 371-5501

(2) For further consultation on personal information infringement, contact:

☎ Korea Internet & Security Agency

Tel: (without country code) 118 / Homepage: https://privacy.kisa.or.kr

☎ Cyber Bureau of the Prosecution Service

Tel: (without country code) 1301 / Homepage: http://www.spo.go.kr

☎ Electronic Cybercrime Report & Management System (ECRM)

Tel: (without country code) 182 / Homepage: https://ecrm.police.go.kr/minwon/main

☎ Personal Information Dispute Mediation Committee

Tel: (without country code) 1833-6972 / Homepage: https://www.kopico.go.kr/

12. Technical and Managerial Protection of Personal Information

The company implements the following technical and managerial measures to ensure the safety of users' personal information from loss, theft, leakage, alteration, or damage:

(1) Technical Measures

  1. Personal information is protected by passwords, and important data is encrypted or protected with file lock functions.

  2. Antivirus software is used to prevent damage from computer viruses. The software is regularly updated, and immediate application of new vaccines ensures protection against sudden virus outbreaks.

  3. Security devices (SSL) are used for safe transmission of personal information over the network.

  4. Systems are installed in access-controlled areas and intrusion prevention devices are used to prevent external breaches.

(2) Administrative Measures

  1. Procedures for managing and accessing users' personal information are established and regularly checked for compliance.

  2. Access to users’ personal information is limited to a minimum number of staff, with managed access rights and education to ensure compliance with laws and policies. Personnel authorized to process personal information include:

  • Individuals directly or indirectly handling user-related tasks.

  • Personal Information Manager and personnel responsible for personal information management and protection tasks

  • Others for whom access to personal information is unavoidable for business purposes.

③ During new employee onboarding, information security pledges are signed to prevent information (including personal information) leakage by employees. Regular reminders and audits ensure compliance with personal information protection obligations.

④ Handover of duties involving personal information is conducted securely, and responsibilities are clearly defined after employment or upon resignation.

(3) Physical Protection Measures

① The Company stores documents, auxiliary storage media, etc., containing personal information in a secure location equipped with a locking device.

② The Company designates computer rooms, data storage rooms, etc., as protected areas and operates access control systems.


13. Duty of Notification

In the event of any addition, deletion, or modification to this Privacy Policy due to changes in applicable laws and regulations, policies, or security technologies related to personal information protection, the Company shall disclose such changes through the Mnet Plus service notice page at the time of revision. The Company may, where applicable, provide prior notice of such amendments before they take effect.

- Announcement Date : 26. 07. 01

- Effective Date : 26. 07. 08

※ Additional Notice for California Consumers

1.Notice on the Collection and Use of Personal Information

1) During the 12 months prior to the effective date of this Privacy Policy, the Company may have collected the following categories of personal information about users:

Information provided by the user directly

  • Personal Identifiers: Name, email address, phone number, nickname

  • Personal information listed in the California Customer Records statute (Cal. Civ. Code §1798.80): Name, address, telephone number, credit card number, debit card number, or any other financial information. (Some personal information included in this category may overlap with other categories.)

  • Protected Class Information under California or federal law: Age

  • Commercial information: products or services purchased, obtained, or considered

Information the Company Collects Automatically

  • Personal Identifiers: IP address, device identifier

  • Internet or other similar network activity: Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement, Internet Protocol address, country of access, or unique personal or online identifiers, advertising identifiers.

  • We may also receive the categories of information described above from other sources, including from internet service providers and data analytics service providers.

2) The purposes of the collection of the above personal information are as follows:

  • Subscription to membership and use of the product purchasing services

  • Delivery of notices regarding the Service

  • Prevention of improper use by delinquent members and unauthorized use of services

  • Responding to inquiries or complaints related to services

  • Statistical analysis and research for service improvement and optimization development

  • Purchase and delivery of products

  • Participation in events

  • Delivery of notices related to user verification and events participations, and the processing of related complaints

  • Award and delivery of gifts or prizes following an event, delivery of related notices and processing of related complaints

  • Notices related to various events

  • Customized advertisements and other marketing activities

2. Disclosure of User’s Personal Information

1) During the 12 months prior to the effective date of this Privacy Policy, the Company may have disclosed the user's personal information to the following categories of third parties for business purposes:

  • Consignees that provide services on our behalf (e.g. shipping company, payment company)

  • Business partners

  • Data analytics service providers

  • Professional services providers

2) The categories and purposes of the disclosed personal information are the same as those mentioned in '1. Notice on the Collection and Use of Personal Information.'

3. Sale or Sharing of User's Personal Information

1) The Company may have shared the user's personal information with third parties during the period prior to the effective date of this Privacy Policy.

  • Personal Information Categories: Personal identifiers, internet or other similar network activity

  • Third-Party Categories: Advertising networks, data analytics service providers

  • Purpose of Sharing: Provision of tailored advertisements through behavioral analysis

2) The Company does not sell personal information of California resident users collected from the Mnet Plus site to third parties.

If a user wishes to exercise his or her rights of access, the user may request such access [here]. The Company will need to verify the user’s identity in order to fulfill such request. The Company will verify the user in accordance with applicable law.

4. Privacy Rights of California Consumers

Pursuant to the CCPA, users who are California residents may exercise various rights related to their personal information that has been collected by the Company (Mnet Plus). Users will not be discriminated for exercising such rights when using the Site.

1) Right of Access

Users who are California residents may request access to their personal information collected through the Mnet Plus website related to the matters described below. However, the Company may deny such request if permitted under the CCPA.

  1.  Categories of personal information the Company has collected about the user over the past 12 months and categories of sources from which the personal information was collected

  2.  (Business or commercial purpose(s) for which the Company collected the user’s personal information

  3.  Categories of personal information that the Company disclosed for business purposes, and categories of the third parties with whom the Company has shared the user’s personal information

  4.  Specific personal information collected by the Company

If a user wishes to exercise his or her rights of access, the user may request such access [here]. The Company will need to verify the user’s identity in order to fulfill such request. The Company will verify the user in accordance with applicable law.

2) Right to Correct

California residents have the right to request correction of personal information collected through the Mnet Plus website if the information is inaccurate. Users may also log in to their account and update their personal information directly.

3) Right to Delete

Users who are California residents may request deletion of their personal information collected through the Mnet Plus website. However, the Company may deny such deletion request if permitted under the CCPA. Upon the user’s request for deletion, the Company will permanently delete all personal information of the users by withdrawing the user’s membership from the Service. Therefore, in order to reuse the Mnet Plus website after deletion of personal information, the user must resubscribe to the website. Please note that users will be prohibited from subscribing for a period of thirty (30) days after withdrawal in order to prevent improper use of the Company’s services.

If a user wishes to exercise the right to delete his or her personal information, the user may request such deletion [here]. The Company will need to verify the user’s identity in order to fulfill such request. The Company will verify the user in accordance with applicable law.

4) Right to Opt-Out of Sale or Sharing

The Company does not sell personal information of users residing in California that is collected through the ­Mnet Plus website. If the Company sells personal information in the future, users will be notified in advance, and if the user resides in California, the user shall have the right to opt-out of (suspend) the sale of their personal information.

If you wish to exercise your right to opt-out of sharing, please make a request through [here]. The Company must identify you to fulfill this request. The Company will verify the identity of the requester in accordance with applicable laws and regulations.

5) Right to Restrict Processing of Sensitive Information

You may request restrictions to prevent sensitive information from being used beyond the scope essential for providing services or from being disclosed to third parties. Currently, the Company does not collect or process sensitive information.

6) Shine the Light Request

The Company does not share personal information with third parties for the third party’s direct marketing purposes.

7) Eraser Law Request

If the user is a California resident under the age of 18 and is a registered user of the website, the user may request that the Company remove any submission the user publicly posted on or in the website. To request removal of a submission, please email a detailed description of the submission to the [help center]. The user may also be able to log into their account and delete their own submission. The Company reserves the right to ask the user to provide information that would enable the Company to confirm that the submission in question was created and posted by the specific user.

※ The user may appoint an authorized agent to exercise the user’s rights on their behalf. If a user wishes to exercise such rights through an agent, the user must submit proof that the user granted such authority to the agent in writing. The Company may also require the user to verify his or her identity through the verification procedures described above.

※ Additional Notice for European Consumers

The Company processes the user’s personal information in compliance with the European Union’s General Data Protection Regulation (GDPR) and applicable laws. The Company uses the user’s personal information for the following purposes:

  • For user subscription and provision of the Service: The Company may use the user’s personal information in order to execute an agreement with the user and to fulfill its obligations under such agreement. The Company may also use the user’s identification information, contact information, financial information, transactional information, marketing information, and communication data, etc. in the process of providing the Company’s Service to the user and for the operation of the Service, such as to notify users of an amendment to the Company’s Service and to process user’s requests, etc.

  • To strengthen the security of the Company’s Service: The Company may use the user’s personal information to protect the legitimate rights of users and the Company in strengthening information security and, within the extent necessary to fulfill its obligations under applicable law, to verify the user’s account, investigate suspicious activities, and apply the Terms of Use Agreement.

  • To improve the Service: The Company may analyze data, such as the user’s use records, in order to develop new businesses and to improve the Service by using more relevant contents and user experiences.

Members residing in the EU may exercise the following rights regarding their personal information collected on the Mnet Plus site in accordance with relevant laws, including the GDPR. However, the Company may refuse requests for exceptional matters under the GDPR.

  • Right of Access: You may request information such as the types of personal information held by the Company, the purpose of processing, and the recipients who receive it.

  • Right of Rectification: You may request the correction of personal information deemed incorrect or incomplete.

  • Right to Erasure: You may request the deletion of personal information if there is no clear reason to process it in light of the processing purpose or legal basis.

  • Right to Restrict Processing: You may request that the processing of personal information be temporarily suspended due to specific reasons, such as verifying the accuracy of personal information or exercising legal claims.

  • Right to Data Portability: If the processing of personal information is based on the data subject's consent or the performance of a contract and is processed by automated means, you may request that the personal information be transmitted to another company in a machine-readable format.

  • Right to Object: You may object to the processing of personal information for direct marketing, legitimate interests, or public interest purposes.

  • Right related to Automated Decision-Making (ADM): You may demand that decisions that have a legal or significant impact not be made based solely on automated processing by a computer, including profiling. Currently, the Company does not operate an automated decision-making system.

In addition to the above rights, users have the right to lodge a complaint with a data protection authority. Users can make inquiries regarding related matters to the [Help Center], and the Company will process them lawfully and promptly.

The Company’s Service is not for children. The Company does not collect the personal information of any children below the age of 16 who reside in the European Economic Area (EEA). If the personal information of children is collected unintentionally in relation to the provision of the Service, the Company will immediately delete such information. Please contact customer service for any questions regarding the personal information of children below the age of 16.  

In order to provide the Service to users, the Company may transfer, store, and process personal information outside of the EEA, including in Korea. Moreover, personal information may be stored in the EEA area by being stored in the device that the user used to access the Service. If the Company transfers the user’s personal information outside of the EEA, the Company will ensure that at least one of the safety measures listed below will be applied to ensure a similar level of protection as is ensured within the EEA.

  • The Company transfers personal information only to countries that the European Commission (EC) has deemed to provide an appropriate level of protection.

  • If the Company uses a particular service provider, the Company may execute an EC approved contract that ensures the same level of protection for personal information as is used in the EEA.

Please contact the Company for further information regarding the measures it takes to transfer personal information outside of the EEA.