Privacy Policy
1. What is a privacy policy? Kakao Entertainment (hereinafter referred to as “we”, “our”, or “us”) processes and manages personal information in accordance with the stipulations set forth in the Republic of Korea’s Personal Information Protection Act (PIPA) and other related laws with the utmost regard for protecting the freedom and rights of data subjects (hereinafter referred to “you”).
In compliance with Article 30 of the PIPA, Kakao Entertainment has established and disclosed the following privacy policy to inform you who use the services provided by Kakao Entertainment of the procedures and standards applicable to the processing of personal information, and ensure prompt and efficient handling of any related grievances.
Users residing in the European Union (EU), European Economic Area (EEA), California (USA) can refer to the additional provisions at the end of this policy for information related to the GDPR, CPRA.
In compliance with Article 30 of the PIPA, Kakao Entertainment has established and disclosed the following privacy policy to inform you who use the services provided by Kakao Entertainment of the procedures and standards applicable to the processing of personal information, and ensure prompt and efficient handling of any related grievances.
Users residing in the European Union (EU), European Economic Area (EEA), California (USA) can refer to the additional provisions at the end of this policy for information related to the GDPR, CPRA.
2. Purpose of personal information processing We process personal information for the following purposes. The processed personal information will not be used for purposes other than those specified below. If there is any change in the purpose of use, we will ensure that necessary measures are taken, such as providing prior notice to you or obtaining additional consent.
- Identification of members, confirmation of intent to subscribe, and verification of identity/age;
- Transmission of content, billing, and charging details when using paid services;
- Processing of inquiries and grievances, and communication of notifications;
- Preventive measures and penalties for actions that hinder the smooth operation of services, including account theft and unauthorized use;
- Service usage records, frequency of access, and statistical data related to service use;
- Establishment of service environments, improvement of services, and development of new services backed by data protection;
- Verification of participation in events and activities, and delivery of prizes.
3. Period of personal information processing and retention As a general principle, We retain and use personal information for the period for which separate consent has been obtained from you or as notified, and promptly destroys personal information once the purpose of its collection and use has been fulfilled or you withdraw membership. However, even after such events, we may retain such data for a certain period in accordance with applicable laws and service policies. [Personal information processing and retention in accordance with laws]
[Personal information processing and retention according to service policy]
| Category | Personal information | Legal basis | Retention and Use Period |
|---|---|---|---|
| Records related to cancellation of contracts or subscriptions, etc., Records related to payment for and supply of goods, etc. | Member ID (email addresses), purchaser name, country code, mobile phone number, order date and time, payment method type, card company/bank name, approval number (transaction number), payment date and time, payment amount, and delivery information(recipient name, recipient mobile phone number, delivery address). | Article 6 of ENFORCEMENT DECREE OF THE ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE | 5 years |
| Records related to resolution of consumer complaints or disputes | Membership number, name, email address, consultation records (consultation date and details), complaint or dispute resolution results | Article 6 of ENFORCEMENT DECREE OF THE ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE | 3 years |
| Login records related to service use | Login records | Article 15-2 of PROTECTION OF COMMUNICATIONS SECRETS ACT | 3 months |
- Upon delete account, email addresses are retained for 24 hours to prevent malicious users from re-registering and engaging in fraudulent activities.
- To prevent re-registration and respond to customer service inquiries, mobile phone numbers are retained for up to three months after the end of fanclub activities.
4. Category of personal information processing We collect only the minimum necessary personal information required to provide our services, If consent is required to process a child’s personal information, we obtain it from the child’s legal guardian. [Personal Information Collected with your Consent]
[Personal Information Provided by Third Parties] We are provided with personal information from third parties as part of inter-service partnerships or integration.
[Personal information processed without obtaining consent from you] We process the following personal information without your consent when legally justified, in accordance with the Personal Information Protection Act and related laws.
| Category | Collected Personal Information Items |
|---|---|
| Account Information (Creation and Changes) | (For children - Account Information (Creation and Changes)) ID, email address, (when linking external accounts) Google account, Apple account, (when signing up with an email address) password, Legal guardian’s email address. |
| Order and Payment | (For children - product purchase) Name, Country code, Mobile phone number, Email address, Payment information, Delivery information (recipient’s name, country code, mobile phone number, delivery address), (For children - Fanclub Registration) Name, Date of birth, Gender, Country code, Mobile phone number, Email address, Daum fan cafe ID, (For children - when Pre-Sale on Melon Ticket) Melon ID, Legal guardian’s email address. |
| Event Participation | (For children) Name, Date of birth, Country code, Mobile phone number, Email address, Nickname, Legal guardian’s email address. |
| Provider | Purpose | Provided | Retention |
|---|---|---|---|
| Account sign-up |
Google Account, email address | Retained and used until delete account | |
| Apple | Account sign-up |
Apple Account, email address | Retained and used until delete account |
- Account Information (Creation and Changes)
- - Legal basis: Article 15(1)(4) of the PIPA (“Where it is necessary to take measures at the request of you in the course of performing a contract concluded with you or concluding a contract”)
- - Collected and used: ID, email address, (when linking external accounts) Google account, Apple account, (when signing up with an email address) password
- Customer service(Direct inquiries)
- - Legal basis: Article 15(1)(4) of the PIPA (“Where it is necessary to take measures at the request of you in the course of performing a contract concluded with you or concluding a contract”)
- - Collected and used: User ID contact (i.e., email address), system environment (i.e., OS, browser, device model/version)
- ※ Depending on the type of inquiry/report to customer service, additional personal information may be required (i.e., mobile phone number).
- Order and Payment
- - Legal basis: Article 15(1)(4) of the PIPA (“Where it is necessary to take measures at the request of you in the course of performing a contract concluded with you or concluding a contract”)
- - Collected and used: (Product purchase) Name, Country code, Mobile phone number, Email address, Payment information, Delivery information (recipient’s name, country code, mobile phone number, delivery address), (Fanclub Registration) Name, Date of birth, Gender, Country code, Mobile phone number, Email address, Daum fan cafe ID, (When Pre-Sale on Melon Ticket) Melon ID
- Delivery information Management
- - Legal basis: Article 15(1)(4) of the PIPA (“Where it is necessary to take measures at the request of you in the course of performing a contract concluded with you or concluding a contract”)
- - Collected and used: Recipient’s name, country code, mobile phone number, delivery address
- Event Participation
- - Legal basis: Article 15(1)(4) of the PIPA (“Where it is necessary to take measures at the request of you in the course of performing a contract concluded with you or concluding a contract”)
- - Collected and used: Name, Date of birth, Country code, Mobile phone number, Email address, Address, Nickname.
- Creation of Biz Partner Center Account
- - Legal basis: Article 15(1)(4) of the PIPA (“Where it is necessary to take measures at the request of you in the course of performing a contract concluded with you or concluding a contract”)
- - Collected and used: Email address, Password
- Device information (i.e., model name, UDID/PCID, OS), IP address, access time, user history, etc
5. Processing of Children's Personal Information When we collect personal information from children, we obtain consent from their legal representative (parents or guardian) and collect only the minimum personal information necessary for providing the service. In this process, we may request minimal information from the child, such as the legal representative's email address, and we verify the legal representative's consent using the following method:
- Notifying the consent details to the legal representative and confirming their indication of consent.
6. Provision of personal information to third parties We provide users' personal information to third parties only with user consent or when there is a legitimate basis for processing, such as specific provisions under applicable laws, and only to the minimum extent necessary. [Disclosure of Personal Information to Third Parties with your consent]
[Third-Party Provision of Personal Information without your consent] We may provide personal information to third-parties without user consent as follows:
| Recipient Name | Purpose | Provided | Retention and Use Period |
|---|---|---|---|
| STARSHIP Entertainment, Antenna Co. Ltd | Provides a fanclub management and benefits | (For children) Name, Date of birth, Gender, Country code, Mobile phone number, Email address, (When operating a Daum fan cafe) Daum fan cafe ID, (When Pre-Sale on Melon Ticket) Melon ID, Legal guardian’s email address. | End of the fanclub membership period |
- Order and Payment
- - Legal Basis: Article 17(4) of the PIPA(“additional provision”)
- - Recipient: STARSHIP Entertainment, Antenna Co. Ltd.
- - Purpose of Provision: Provides a fanclub management and benefits
- - Provided Information: Name, Date of birth, Gender, Country code, Mobile phone number, Email address, (When operating a Daum fan cafe) Daum fan cafe ID, (When Pre-Sale on Melon Ticket) Melon ID
- - Retention and Use Period: End of the fanclub membership period
- Response to Investigation Agencies
- - Legal Basis: Article 18(2)(2) of the PIPA(“obligations under statutes or regulations”), Act Article 215 of the Criminal Procedure(Seizure, Search, and Inspection)
- - Recipient: Investigation agencies (National Police Agency, Prosecutor's Office, etc.)
- - Purpose of Provision: Requests through seizure, search, and Inspection warrants
- - Provided Information: Information within the scope of request
7. Personal Information Processing Subsequent to Entrustment of Work We entrust certain tasks necessary for providing services to third parties as follows while managing and supervising to ensure they do not violate related laws.
| Entrusted entity | Entrusted affairs |
|---|---|
| Kakao Corp. | Data analysis and statistical processing |
| Transcosmos Korea Inc. | Operation and management of the customer relationship management system (CRMS), customer support |
| Nicepayments Inc., Eximbay Inc. | Payment gateway service |
| SM Brand Marketing Co. | Order management, customer service inquiry response, and planning and operation of promotions/events |
| CJ Logistics | System integration for order fulfillment, order confirmation and delivery, processing of exchange/return requests, and retrieval of returned items |
| goodsFLOW Inc.(re-entrusted to LOTTE GLOBAL LOGISTICS CO., Hanjin Transportation Co., CJ Logistics, Logen Co., Korea Post, Ilyang Logistics) | Return Request and Shipping Label Printing |
| DAOU Tech.INC. | INC.Sending KakaoTalk Biz Message (AlimTalk) |
8. Destruction of personal information We promptly destroy personal information when it is no longer needed, such as upon delete account, expiration of retention period, and fulfillment of processing purpose. However, if retention is required by law or service policy, data is retained according to
3. “Period of personal information processing and retention” before being destroyed. The procedure and method for delete account (permanent deletion) are as follows. [Delete account]
3. “Period of personal information processing and retention” before being destroyed. The procedure and method for delete account (permanent deletion) are as follows. [Delete account]
- Settings > Account Settings > Delete Account
- We promptly destroy personal information once a reason for its destruction arises.
- Personal information recorded and stored in electronic files is destroyed to prevent recovery, and personal information recorded on paper documents is shredded or incinerated.
9. Your rights and duties You may exercise your rights and duties at any time as follows.
- You have the right to request access, correction, deletion, suspension of processing and withdrawal of consent to your personal information at any time.
- In the case of children, the legal representative of a child has the right to request access, correction, deletion, suspension of processing, and withdrawal of consent regarding the child’s personal information at any time.
- You are free to withdraw your consent to the collection, use and provision of your personal information at any time through the “Delete Account” function within the service.
- If it is difficult for you to correct or delete your personal information yourself (including Delete Account), you may contact our customer service center using the email address provided by us and we will process it without delay.
- When you request the rectification of your personal information, such personal information will not be used or provided until rectified.
- You may exercise your rights through an agent (e.g., a legal representative, a person delegated), by submitting a power of attorney(Annex 11), in the form prescribed by Notification of the Protection Commission to us.
- In the event of a request to access personal information, if such access is prohibited or restricted by law, if it may cause harm to the life or body of a third party, or result in an unjustified infringement of the property or other interests of another person, the request may be restricted or denied with notice of the reason.
- In the event of a request to suspend the processing of personal information, if there are special provisions under applicable laws or it is unavoidable to comply with legal obligations, if processing may cause harm to the life or body of a third party or result in an unjustified infringement of the property or other interests of another person, or if it is impracticable to perform a contract, such as providing the agreed-upon service, without processing the personal information in question, and if you have not clearly expressed your intent to terminate the agreement, the request may be denied with notice of the reason.
- You may request a correction or erasure of such personal information from us, provided that the erasure is not permitted where the said personal information shall be collected by other statutes.
- When we receive a request to access, delete, correct, suspend processing, or withdraw consent, we will verify that the requester is you or a legitimate representative.
10. Safeguards to ensure the safety of personal information We make the following efforts to protect your valuable personal information. [Managerial measures]
- We promptly adapt to legislative and regulatory changes by competent authorities, and enhance management levels to secure personal information.
- We formulate policies and guidelines for personal information, and conduct regular training on information security and privacy for our employees.
- We limit the number of personnel handling personal information to a minimum.
- We ensure compliance with both domestic and international information security and privacy management certification standards by undergoing yearly independent audits.
- We control access to the systems used to process personal information (i.e., assigning individual accounts, managing passwords, minimizing permissions, generating access logs, and monitoring).
- We encrypt personal information during transmission and storage (i.e., one-way encryption).
- We use antivirus software and operate 24-hour surveillance via intrusion detection and prevention systems to protect personal information from hacking and computer viruses.
- We conduct continuous research on the latest hacking and security technologies to apply suitable protective measures.
- Data and server rooms are designated as restricted and protected areas, with access control in place.
11. Installation and operation of an automatic personal information collection system and the denial thereof We use cookies to store and retrieve usage information to provide you with convenience. (window open)Cookie Policy
12. Privacy officer and Responsible department We designate a Privacy Officer to handle all inquiries, complaints, and damage relief related to personal information protection that arise during service use, and we remain committed to hearing the voice of the customer and delivering prompt and thorough answers. [Privacy officer and Responsible department]
- Privacy officer: Kim Hyun
- Department: Privacy Team
- Contact: Berriz customer support (메일쓰기)support@berriz.in
13. Remedies for infringements of rights To obtain relief for personal information infringement, you may apply for dispute resolution or consultation with the Personal Information Protection Commission's (PIPC) Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency's (KISA) Personal Information Infringement Report Center. For any other reports or inquiries related to personal information infringement, please contact the following organizations:
- Personal Information Dispute Mediation Committee
1833-6972 (without area code) ((window open)https://www.kopico.go.kr) - Personal Information Infringement Report Center
118 (without area code) ((window open)https://privacy.kisa.or.kr) - National Police Agency
182 (without area code) ((window open)https://ecrm.cyber.go.kr)
14. Other matters [External links]
- The website may provide members with links to other companies’ websites and/or resources. In this case, the Company does not bear responsibility for or guarantee the usefulness of services or resources provided by external sites.
- If you click a link on the website that takes you to another website, our privacy policy will no longer be applicable to your use of that external website.
15. Updates to the privacy policy The privacy policy may be updated to incorporate modifications to applicable laws or services. If the privacy policy is updated, the Company will post the updates, and the updated policy will become effective seven (7) days after being posted.
However, if such updates are significantly affecting user rights, such as changes in the collected personal information or purposes of use, you will be notified at least thirty (30) days in advance.
View the previous version
However, if such updates are significantly affecting user rights, such as changes in the collected personal information or purposes of use, you will be notified at least thirty (30) days in advance.
- Announcement of the privacy policy update on: August 22, 2025
- Effective implementation of the privacy policy on: August 29, 2025
Additional Provisions [Additional Provisions for GDPR]
1. Foreword This addendum complements the privacy policy and upholds the personal data protection rights of EU/EEA residents using our Services in compliance with the General Data Protection Regulation (GDPR).
2. Data protection officer DPO information
- Name: Kim Hyun
- Office: 8-10F, 235 Pangyoyeok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea
- Email: privacy@kakaoent.com
- Name: PLANIT LEGAL
- Office: Rechtsanwaltsgesellschaft mbH Jungfernstieg 1 20095 Hamburg Germany
- Email: kakaoent_eu_representative@planit.legal
3. Lawfulness of processing
| Purpose of data processing (refer to the privacy policy) |
Legal basis |
|---|---|
| Provision of services based on contractual relationships with users |
|
| Implementation of terms of use, privacy policies (including related additional provisions), and other agreements with third parties |
|
| Compliance with legal requirements |
|
| Performing customer services |
|
| Promoting services, events, and products |
|
4. Consequences of Failure to Provide Personal Data Some personal data is required for us to fulfill our contractual obligations to you, and additional information may be necessary to provide you with seamless services. If you refuse to provide such data or fail to do so, we may be unable to fulfill the contract or continue providing our services properly.
5. Your rights under the GDPR If you wish to exercise your rights over personal data as specified in the privacy policy, please contact support@berriz.in. In compliance with the GDPR, we will verify whether the requester is you or an authorized representative when requesting to exercise their rights.
6. Cross-Border Transfer of personal data Data provided by you to us will be transferred to the Republic of Korea (ROK). According to the European Commission, the ROK ensures an adequate level of personal data protection in line with the GDPR. However, if we transfer your data to a country not certified by the European Commission as having an adequate level of protection, we will inform you of the specific location and take the following protective measures.
- Standard contractual clauses (SCCs)
To meet GDPR requirements and protect your personal data, we make an agreement with Standard Contractual Clauses pre-approved by the European Commission.
7. Automated decision-making (incl. profiling) We do not carry out automated decision-making.
8. Updates to this privacy policy’s appendix We may amend, revise, add, or remove parts of this privacy policy’s addendum in compliance with the privacy policy.
[Additional Provisions for CPRA]
1. Foreword This addendum complements the privacy policy and upholds the personal information protection rights of California residents using our Services in compliance with the privacy laws of California.
2. Categories of personal information we collect
- Identifiers (e.g., email address, IP address, phone number, and similar identifiers)
- Characteristics of protected categories (e.g., demographic information like age and nationality)
- Transmission of content, billing, and charging details when using paid services;
- Internet or other similar network activity information (i.e., internet browsing history, search history, websites, applications)
- Account login information and essential security or access codes, passwords, or personal information combined with credentials required to gain access to the account
3. Categories of personal information collected
- Directly from you or your device
- Automatically collected while using our services
- Our affiliates and subsidiaries
- Business partners
- Vendors who provide Services on our behalf
- Social media networks
4. Business purposes of Collection and Use
- To perform services, including maintaining accounts or services, providing customer service, verifying customer information, providing analytical services, or providing similar services.
- To ensure security and integrity within a reasonably necessary scope for the purposes of personal information processing.
- To debug by identifying and correcting errors that impair the intended functionality.
- To conduct internal research for the development and demonstration of technologies.
- To verify or maintain the quality or safety of services or devices owned, manufactured, or controlled by us or produced for us, and to improve, upgrade, or enhance such services or devices.
5. Sale and sharing of personal information We do not sell or share your personal information.
6. Disclosure of personal information for business purposes We may disclose the following personal information about you to third parties for business purposes.
- Online activity (e.g., service use): affiliates, business partners
7. Your rights The rights of your personal information are as follows:
- Right to know (access and data portability)
Refer to the main text regarding the rights, duties, and methods of exercising your rights. - Right to delete (be forgotten)
Refer to the main text regarding the rights, duties, and methods of exercising your rights. - Right to correct
Refer to the main text regarding the rights, duties, and methods of exercising your rights. - Right to opt-out of sale or sharing
We do not sell or share your personal information. Therefore, there is no need to submit an opt-out request. - Right to limit use and disclosure of sensitive personal information
We do not collect or process your sensitive personal information to infer characteristics about them. Therefore, there is no need to submit a request to limit the use or disclosure of sensitive personal information. - Right to non-discrimination
The CPRA prohibits a business from discriminating against you for exercising their privacy rights under the law. Discrimination may include the following:- - Denying goods or services to you;
- - Charging different prices or rates for goods or services, including by granting discounts or imposing penalties;
- - Providing you with a different level or quality of goods or services;
- - Suggesting that you will receive a different price or rate for goods or services, or a different level or quality of goods or services.
- Shine the Light
Under California’s “Shine the Light” law (CA Civil Code § 1798.83), California residents have the right to request, once per year, information about our sharing of your personal information with third parties for direct marketing purposes. For further details under the Shine the Light law, please contact (메일쓰기)support@berriz.in.
8. How to contact Us To exercise your rights concerning personal information as a California resident, please contact us at the email address below.
- Email address : (메일쓰기)support@berriz.in
9. Updates to this privacy policy’s appendix We may amend, revise, add, or remove parts of this privacy policy’s addendum in compliance with the privacy policy.