Point Wish
!-- all css here -->

General rules

Point Wish Ltd. values customers’ personal information highly and complies with laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other relative laws regarding the Personal Information Protection Act, and take such action to protect customer’s personal information.

“Processing Personal Information” means a guideline that Company needs to comply in order to let the customers to use the services with confidence by protecting customer’s personal information, which the company highly values.

This processing personal information is applied to company’s website (https://www.pointwish.com) service. Separate privacy policies may apply to services provided on other websites.

The company will company will notify you through the website announcement (or individual notice) when revising the personal information processing policy. Users are urged to check back frequently when visiting our site.

Purpose of collecting and using of personal information

Company may process personal information for the following purposes. The processed personal information will not be used for any purpose other than the following purposes and will be subject to prior agreement if the purpose of use is changed.

• Verification of a user’s identity, his/her willingness to obtain membership, his/her willingness to withdrawal membership and managing members.
•  Preventing and sanctioning acts that interfere with the smooth operation of the service including restrictions on use and illegal use of members in violation
    of laws and regulations and Company’s Terms of Use, preventing theft of accounts and fraudulent transactions.
• Provide notices such as amendment of the terms of use, preserve records for dispute settlement, process complaint, protect user and service operation.
• Authentication for payment and withdrawal.
• Providing services, providing content, and providing personalized services.
• Establishing a service utilization environment that users can use with confidence in terms of security, privacy, and safety.
• Data to provide personalized services such as service usage record and access frequency analysis, statistics on service utilization, customized service    according to service analysis and statistics, and advertisement.
• Inform any upcoming events, marketing, advertisement, and etc.
• Providing information upon a requested made by proper and legal investigation on hacking/fraud and other performance of duty by law .

List of collecting personal information and method of collecting

List of collecting personal information and method of collecting The Company collects minimum personal information that customer need to use the services
of the Company. Customer may refuse to consent to collection or use of personal information if one does not wish to do so. However, if you do not agree to
the collection and use of essential items in the collected personal information items, there may be restrictions on the use of some functions.

The personal information that the company collects from the user is as follows.


• E-mail, Password
• Providing exchange/wallet service
• Duplicated registration information(DI), and identification information of the same person(CI)

Information that is automatically generated during the process of using the service or processing the business: service usage history, access logs, cookies, access IP information, payment history.

Confirmation identity

Copy of identification (make blank all other information except date of birth).


Company will not collect sensitive personal information that may infringe human rights (such as race, ethnicity, ideology, creed, place of birth, homeland,
political orientation and criminal record, health status and sex life), and Company will obtain prior consent when the Company have to collect above

In any case, the company will not use the information that the customer input for any other purpose other than the purpose stated above, or leak.

The Company collects personal information through the following methods:

• The company collect personal information which the customer, themselves, input and consent when signing up and using services. (Consent of legal    representative is necessary when collecting personal information of children under 14 years old)
• Personal information of users can be collected through web pages, e-mail, fax, and telephone during the consultation process through the Customer Centre.
• Personal information can be collected in written form at events, seminars, etc. held offline.
• Generation information such as device information can be automatically generated and collected during the process of using PC web or mobile web (access IP    information, cookie, service usage log, access log).

Retention and usage period of the collected personal information

If the Company collects personal information of the user, the retention period is until the cancellation (including withdrawal application, withdrawal of directorship) after sign up. Also, at the time of termination, the Company will destroy the personal information of the user and instruct the third party to destroy the personal information that is provided to the third party.

However, if there is a need to preserve by the laws and regulations such as commercial law, Company may retain transaction details and minimum basic information during the preservation period prescribed by laws and regulations, and notify customers regarding this period in advance, and the company may preserve the customer’s personal information if the period of retention has not elapsed or if the company receive customer’s consent individually.

However, if there is a need to preserve by the laws and regulations such as commercial law, Company may retain transaction details and minimum basic information during the preservation period prescribed by laws and regulations, and notify customers regarding this period in advance, and the company may preserve the customer’s personal information if the period of retention has not elapsed or if the company receive customer’s consent individually.

Records of consumer complaints or disputes

• Retention reason: consumer protection act in electronic commerce
• Retention period: 3 years

Records on the collection, processing and use of credit information

• Retention reason: Act on the Use and Protection of Credit Information
• Retention period: 3 years

Record of payment and goods supply

• Retention reason: Consumer Protection Act in Electronic Commerce
• Retention period: 5 years

Record of Log In

• Retention reason: Protection of communications secrets Act
• Retention period: 3 months

Company internal policy to prevent illegal use

• Record period of illegal use: 5 years
• Procedures and methods of personal information destruction
• In principle, the company destroys customer’s personal information without any delay when the purpose of collecting personal information if achieved. The    procedure and method of destroying personal information of the company are as follows.

Destruction procedure

The information entered by the user for registration is transferred to a separate DB (retained in separate cabinet in case of written form) after the purpose is achieved and is stored for a certain period of time and destroyed after the period according to internal policy and other relevant laws and regulations (refer to retention and usage period).

Destruction period

In the case where the personal information of the user has elapsed, destruction should be taken place within 5 days from the end of the period of holding the personal information. If the personal information such as accomplishing the purpose of processing personal information, abolishing the service, the destruction should be taken place within 5 days from the day when it is deemed unnecessary to process the personal information.

Destruction method

• Personal information printed on paper shall be destroyed by being shredded through shredders or burnt
• Personal information stored in an electronic file is deleted using a technical method that can’t play the record

Transfer of personal information abroad

The company uses overseas could services to provide smooth services and enhance user convenience. In this regard, we inform you about the transfer of personal information abroad as follows.

Accepting the transfer of personal information according to use of overseas server (Microsoft Azure).

Transferring items

E-mail, password, name, cell phone number, account number, date of birth, sex, domestic/foreign, duplicated registration information(DI), and identification information of the same person(CI), access IP, cookies, service usage record, access logs, credit rating information, address, career, copy of identification (masking unique identification information), video information.

Transfer country - date - method

• County: Microsoft Azure service provided area
• Date: Registration and revision of each customer
• Method: Transfer data through highly secured private network server that are in Global cloud area

Transfer recipient

• Name of company: Microsoft Corporation
• Address: 15010 NE 36th St Redmond, WA 98052
• Phone number: (800) 642-7676

Transfer Purpose

• Provide Global Cloud service in order to operate this Web site.

Retention ∙ usage period

• Until personal information is retained and purpose is fulfilled.

Consignment of personal information procedure

The company entrusts the following personal information processing tasks for the smooth handling of personal information business, and both regulates and supervises the entrusted company to process personal information safely in accordance with the Information and Communications Network Act.

Customers have the right to refuse consent to the consignment (provision) of personal information. However, customer may be restricted from using the services when refused to consent.

Customer’s rights and how to exercise the rights

1. The subject of the information can exercise the right of personal information protection at any time with respect to the company
• Personal information request
• Request revision when error is found
• Request destruction
• Request stop the procedure

2. The exercise of rights under 1) may be done in writing, by telephone, e-mail, or fax (FAX) to the person in charge of personal information protection and the department in charge. And the Company take action without any delay.

3. If the subject requests correction or deletion of personal information, the company will not use or provide the personal information until the correction or deletion is completed.

4. Users can view or modify their registered personal information at any time and may request withdrawal of consent and termination of membership.

5. The company does not accept membership of children under the age of 14 who need the consent of legal representative.

Issues regarding Cookie operation

Cookie means “contact information file” and is used by the company to provide members with faster and more convenient use of the website, and to provide specialized customized services. The Company identifies your computer with regard to cookie management but does not identify you individually.

Customers have the option of installing cookies. By setting options in the web browser, members can accept all cookies, check each time a cookie is saved, or refuse to save all cookies. However, if you refuse to install cookies, you will not be able to use the web conveniently, and you may have difficulty using some services that require login.

Measures to ensure the safety of personal information

The Company, pursuant to Article 29 of the Personal Information Protection Act, has the following technical, administrative and physical measures to ensure safety.

Technical measures against hacking

The Company installs security programs to prevent leakage and damage of personal information caused by hacking and computer viruses, and the Company periodically updates and checks, installs the system in an area where the place is separated from outside and technically and physically monitors and blocks them.

Minimize the staff and educate them

The Company limits the personal information processing staff to the person in charge and implements measures to manage personal information. In addition, we constantly emphasize compliance with the company's personal information processing policy through on-the-job training to the person in charge.

Encryption of personal information

The personal information of the user is encrypted, stored and managed so that only the user can know it, and the important data is using the separate security function such as encrypting the file and transmission data or using the file lock function.

Restricted access to personal information

The company takes necessary measures to control access to personal information through granting, modifying, and deleting access rights to the database system that processes personal information. We also control unauthorized access from outside by using an intrusion prevention system.

Using locks for document security

We keep documents with personal information and auxiliary storage media in safe place with lock.

Access control to unauthorized persons.

The company has set up a separate physical storage place for storing personal information and both set up and operates access control procedures on this place.

Duty of Notification

In the case of addition, deletion or modification of this Privacy Policy, we will announce amendment and contents through announcement at least 7 days prior to the enforcement date.

Effective date: June 10th 2020