① The Company implements administrative and technical safeguards necessary to ensure the security of personal information so that it is not lost, stolen, leaked, altered, or damaged. However, personal information voluntarily disclosed by users in online environments such as bulletin boards, emails, or chat services may be collected and used by other users, and the Company shall not be liable for any risks arising therefrom to the extent permitted by applicable laws.
② The Company designates a Personal Information Protection Officer and carries out personal information protection activities under a system led by such officer. The name, department, position, and contact details of the Personal Information Protection Officer are provided on a separate page or in this Privacy Policy in order to handle complaints related to personal information.
③ Pursuant to Article 47-2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., the Company may request users to take protective measures if a significant security incident occurs or is likely to occur in the information and communications network. If a user fails to comply with such request, the Company may temporarily restrict the use of its services. Details are as follows:
a. The Company may request users to take protective measures in cases where it is requested by relevant authorities to prevent the spread of security incidents; where services operated by the Company or its business partners are used as a channel for distributing malicious viruses or facilitating hacking attacks; or where a large-scale leak of user information (e.g., user IDs and passwords) is likely to result in financial loss or additional leakage of personal information if left unaddressed.
b. When requesting protective measures, the Company shall notify users, when they access the Company's services, by requesting the implementation of response measures related to the relevant security incident.
c. Users shall take necessary protective measures in accordance with the instructions provided by the Company.
d. If a user fails to comply with such protective measures, the Company may restrict the user's access to the services until the required measures have been completed.
e. If a user believes that the Company has unfairly restricted access due to non-compliance with protective measures, the user may raise an objection. Where the Company's actions result in clear financial loss to the user (e.g., restriction of time-limited or flat-rate services), compensation shall be provided in accordance with the applicable service terms.
① The Company collects the minimum personal information necessary from users for purposes such as membership registration and user identification, payment of service fees, community activities, participation in broadcasts and events, delivery of goods, customer support and complaint handling, and the provision of other individual services.
a. The Company uses personal information for purposes related to membership registration and management, including confirming the user's intent to register, identifying users, verifying age and obtaining consent from legal guardians for users under the age of 14, preventing duplicate registrations, updating member information, confirming intent to withdraw membership, managing improper users, and delivering notices.
b. The Company uses personal information for identity verification and confirmation of payment information when users purchase paid products or services.
c. The Company uses personal information to verify users during service use and participation in community activities (such as bulletin boards and comments), broadcasts, and events, and uses delivery address and contact information for shipping prizes to event winners.
d. The Company uses personal information for the purposes of improving services, developing new services, and providing services optimized for individual users, including analysis of users' service environments, demographic information, and usage behavior.
e. The Company may use personal information to provide event notifications, marketing information, and advertising information.
f. The Company uses personal information for customer support and complaint handling, including identity verification and notification of processing results.
② In principle, the Company's services may be used without membership registration. However, paid services, community services, and certain participatory services are provided based on membership registration. The specific personal information collected upon registration is as follows. Users may still register without providing optional information, but certain services may be restricted.
a. For domestic residents (aged 14 or older) upon registration:
▪ Required: Name, ID, password, date of birth, gender, mobile phone number, email address, CI
▪ Optional: Profile image
b. For domestic residents (under the age of 14) upon registration:
▪ Required: Name, ID, password, date of birth, gender, mobile phone number, email address, CI, and legal guardian information (name, date of birth, gender, mobile phone number, CI)
▪ Optional: Profile image
c. For overseas residents upon registration:
▪ Required: Name, ID, password, country, date of birth, email address
▪ Optional: Phone number, profile image
d. For convenience, the Company provides SNS account-linked login services (Kakao, Naver, Apple, Google), and collects the following personal information upon such linkage:
▪ Kakao: Name, email address, login identifier, CI
▪ Naver: Name (nickname), email address, login identifier, CI
▪ Apple: Email address, login identifier, CI
▪ Google: Name (nickname), email address, login identifier, CI
e. Among the information provided from SNS accounts, the Company does not store profile images or gender information other than name (nickname) and email address, and immediately destroys such information. In such cases, the Company does not additionally collect personal information and uses only the information necessary for identity verification.
f. During identity verification for membership registration or SNS-linked login, the Company may collect name, ID, password, date of birth, gender, mobile phone number, email address, and CI.
③ The following additional personal information may be collected in the course of using individual services:
a. When using paid services: bank account information, credit card information, mobile phone number, telephone number, and payment authorization number
b. When participating in broadcasts or events: name, date of birth, mobile phone number, email address, and address
c. When purchasing SBS paid MD products: name, date of birth, mobile phone number, email address, and address
① The Company deems that users have consented to the collection and use of their personal information when they click the [Agree] button to the Privacy Policy, the Terms of Paid Services, and the SBS Play Subscription Terms during membership registration, use of services, or payment for paid services.
② Where such consent is obtained, the Company collects essential personal information such as name, email address, and telephone number for the smooth provision of services. In addition, payment information may be collected where necessary for the provision of paid services.
③ The Company requires users under the age of 14 to provide mandatory information at the time of registration and proceeds with membership registration only after obtaining consent from a parent or legal guardian. The Company exercises special care and management in the membership registration process to protect children's personal information.
④ Personal information collected by the Company is limited to the minimum necessary for service provision. Information that may seriously infringe upon the user's human rights shall not be collected without the user's consent or unless otherwise permitted by applicable laws.
⑤ Advertisers posting advertisements on the Company's website or external websites linked through directories or search services may collect users' personal information. The Company's Privacy Policy does not apply to personal information collection activities conducted by such external websites.
① When a user modifies their personal information or requests membership withdrawal, the Company deletes such personal information using methods that prevent restoration using methods that prevent its restoration, rendering it inaccessible and unusable thereafter.
However, in order to prevent re-registration for the purpose of improper use of the service, the Company may retain such personal information for up to 30 days from the date of withdrawal.
② Personal information collected for the purpose of service use or participation shall be processed in a manner that prevents restoration once the purpose of collection has been achieved.
③ In principle, the Company shall promptly destroy personal information once the purpose of its collection or provision has been fulfilled. However, where retention is required under applicable laws or for the prevention of abuse or misuse of users' rights, the Company may retain personal information for the following periods, during which such information shall be used solely for the purpose of retention:
a. Records related to contracts or withdrawal of subscription, etc.: 5 years
b. Records related to payment and supply of goods or services: 5 years
c. Records related to consumer complaints or dispute resolution: 3 years
d. Login records pursuant to the Protection of Communications Secrets Act: 3 months
e. Records of use and provision of location information pursuant to the Location Information Act: 6 months
④ To prevent leakage of personal information, the Company destroys personal information printed on paper by shredding or incineration, and deletes personal information stored in electronic files using technical methods that prevent restoration.
① Where the Company shares users' personal information with a third party, it shall notify users in advance of the recipient, the main business activities of such recipient, the items of personal information to be provided or shared, and the purpose of such provision or sharing, and obtain users' consent.
② Notwithstanding the foregoing, the Company may provide personal information without users' consent in the following cases:
a. Where necessary for the settlement of fees arising from the provision of services
b. Where personal information is provided in a form that does not identify individuals for the purposes of statistical analysis, academic research, or market surveys
c. Where there are special provisions in applicable laws
③ The Company entrusts certain tasks necessary for the provision of services to external service providers and enters into agreements with such providers to ensure that they process personal information safely in accordance with the Personal Information Protection Act, and supervises and manages them accordingly. The service providers entrusted with personal information processing, the purposes of such entrustment, and the retention and use periods of personal information are as follows:
a. KG Mobilians Co., Ltd.: Operation of SMS transmission systems and payment processing (mobile payments, bank transfers, credit cards) for paid VOD services, including purchases, cancellations, and refunds; personal information is retained until the purpose of collection is achieved or the entrustment contract is terminated
b. Payletter Inc.: Payment processing (mobile payments, bank transfers, credit cards) for paid VOD services, including purchases, cancellations, and refunds; personal information is retained until membership withdrawal or termination of the entrustment contract
c. AWS (Korea): System development and operation for service provision; personal information is retained until membership withdrawal or termination of the entrustment contract
d. Korea Mobile Certification Inc.: Identity verification services; personal information is not separately stored as it is already retained by the provider
e. Andwise Inc.: Operation of email transmission systems; personal information is retained until membership withdrawal or termination of the entrustment contract
f. infobank Corp.: SMS transmission, bulletin board management, empathy log delivery, verification of broadcast participation, and delivery of event prizes; personal information is retained until the purpose of collection is achieved or the entrustment contract is terminated
g. transcosmos Korea Inc.: Customer support services; personal information is retained until membership withdrawal or termination of the customer service outsourcing contract
④ To prevent leakage of personal information, the Company destroys personal information printed on paper by shredding or incineration, and deletes personal information stored in electronic files using technical methods that prevent restoration.
① Users may, at any time, access or correct their personal information through the personal information editing menu on the information modification page or My Page using their ID and password. If a user has lost their ID or password, they may retrieve such information through the member information modification page. For other issues related to membership registration or service use, assistance may be obtained through the customer service center.
② Users may visit the Company's website and, after completing the identity verification procedures provided online, access, correct, or delete (through membership withdrawal) their personal information provided at the time of registration. However, if a user requests access to personal information that cannot be processed through the website, such access shall only be granted after the user visits the Company in person with identification and completes identity verification.
③ In the case of a child under the age of 14, the legal representative may request access to, correction of, or withdrawal of consent to the collection and use of the child's personal information.
④ Where a user or legal representative requests correction of personal information, the Company shall not use or provide such personal information until the correction is completed. If the information has already been provided to a third party, the Company shall notify such third party of the correction without delay.
⑤ Where a user has registered through an SNS account, the linkage may be terminated through the respective SNS service provider. However, termination of the linkage alone does not result in the deletion of personal information retained by the Company; such information will be deleted only upon membership withdrawal.
a. Naver: Naver ID > Activity History > Manage Connected Services > Withdraw Consent to Service
b. Apple: Settings > Password & Security > Apps Using Apple ID > Stop Using Apple ID
c. Kakao: More > Privacy/Security > Kakao Account > Manage Connected Services > Disconnect or Delete Information
d. Google: Google Account Management > Security > Manage Third-Party Access
① As part of providing customized and personalized services, the Company uses "cookies" to store and retrieve information about users from time to time. A "cookie" is a small piece of data sent by an HTTP server (the server hosting the website) to the user's browser and stored on the user's computer hard disk.
② In order to use services that require login through the Company's website, users must allow the storage of cookies.
③ Advertising networks of advertisers that post advertisements on the Company's website may also use cookies. In addition, the Company may collect IP addresses for system management and for providing aggregated data to advertisers.
④ The Company uses cookies to identify users and to access information relating to their accounts in order to provide more appropriate and useful services. Such cookies are set when users first register on the website.
⑤ Users have the option to accept or refuse the installation of cookies. Users may configure their web browser settings to allow all cookies, to be notified each time a cookie is stored, or to refuse the storage of all cookies.
⑥ Methods for setting cookie installation, acceptance, or refusal are as follows:
In the case of Internet Explorer, users may select "Internet Options" from the Tools menu in the browser and configure settings under the Privacy and Advanced tabs.
In the case of Chrome, users may select the Settings menu, click "Advanced" at the bottom of the page, and modify cookie settings under the Privacy and Security section.
① The Company implements necessary technical and administrative safeguards to ensure the security of personal information so that it is not lost, stolen, leaked, altered, or damaged.
② As part of its technical safeguards, the Company operates antivirus programs to prevent computer virus infections and applies security measures such as encryption algorithms to ensure that personal information is transmitted securely over networks where protection is required. In addition, the Company operates access control systems using intrusion prevention systems and implements other necessary technical measures to ensure security.
③ As part of its administrative safeguards, the Company prohibits storing personal information together with general data and establishes procedures to grant and verify access rights to personal information. Furthermore, the Company designates personnel responsible for systems handling personal information, assigns passwords, and maintains security.
④ The Company designates storage areas such as data rooms as restricted zones and controls access thereto. It also establishes contingency procedures in preparation for system failures and operates procedures to conduct regular inspections of online networks and equipment status, as well as to record and maintain the results of such inspections.
⑤ Access to personal information is limited to authorized personnel, and separate passwords are assigned and updated regularly. In addition, the Company conducts periodic training for relevant personnel to ensure continuous compliance with its personal information protection policies.
⑥ Users' IDs and passwords must be known only to the users themselves, and access to and modification of personal information is possible only by the user who knows the password. Users must not disclose their passwords to others and are advised to log out and close their web browser after using a PC. The Company shall not be liable for any issues arising from the leakage of personal information, including IDs and passwords, due to the user's negligence or problems on the Internet.
① The Company does not provide, share, or sell users' personal financial information to third parties.
② Certain services on the Company's website may require users to transmit credit card information for the purpose of purchasing products or verifying identity. In such cases, such information is securely transmitted in encrypted form using industry-standard security technology, namely SSL (Secure Socket Layer).
① Users' personal information is protected by passwords, and only the users themselves may access, review, or modify their personal information using their ID and password.
② Users must not disclose their passwords to others, and the Company does not request users' passwords via telephone, email, or any other means. Users are required to log out and close their web browser after using the services. In particular, when using a shared computer or accessing the services from public places such as internet cafés or libraries, users should take extra care to prevent the disclosure of personal information and communication data.
① Children under the age of 14 must obtain consent from a parent or legal guardian before providing personal information online to any individual or entity.
② The Company does not provide or share personal information of children under the age of 14 with third parties, nor does it sell or lease such information.
• Personal Information Protection Officer (SBSi): Yongsoo Kim
• Department/Title: Head of Digital Platform Division
• Email: copyright@sbs.co.kr
• Tel: +82-2-2654-6186
• Personal Information Protection Staff (SBSi): Shinok Won
• Department/Title: General Manager, Digital Business Team
• Email: copyright@sbs.co.kr
• Tel: +82-2-2654-6186