Smitten (hereinafter referred to as "the Company") collects, uses, and provides personal information based on the user's consent and actively guarantees the user's rights (the right to self-determination regarding personal information).
The Company complies with relevant laws, regulations, and guidelines regarding personal information protection that must be observed by personal information handlers in Japan.
This Privacy Policy applies to the Smitten services (hereinafter referred to as 'the Service') and users utilizing the services. It contains information about how personal information provided by users or collected by the company is used and what measures are taken for personal information protection.
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent from the user in advance.
Member identification / Confirmation of intent to join, identity/age verification
Handling inquiries and complaints, delivering notices
Providing personalized services and various services
Prevention and sanction of acts that disrupt the smooth operation of the service (including account theft and fraudulent use)
Statistics on service usage records, access frequency, and service usage
Establishing a service environment for personal information protection, improving services, and developing new services
Confirming participation in events and activities, delivering prizes
Transmitting content and settling fees during the use of paid services, invoicing for payment history
Customized content recommendations based on demographic characteristics, user interests, preferences, and tendencies
Utilization for marketing and advertising purposes
Providing functions for gift giving and activity notification
The Company may use personal information or provide it to third parties without the user's consent within a scope reasonably related to the original collection purpose according to the law, considering whether it unfairly infringes upon the user's interests, the predictability of additional use or provision of personal information, and whether necessary measures such as encryption for ensuring safety have been taken.
In principle, Smitten retains and uses personal information for the period for which separate consent has been obtained from the user. In cases of membership withdrawal or when the purpose of collecting and using personal information has been achieved, personal information will be promptly destroyed. However, even if the user withdraws from membership or the purpose of collecting and using personal information has been fulfilled, certain information may be retained for a specified period in accordance with laws and service policies.
[Processing and Retention Period According to Service Policy]
Upon membership withdrawal, internal identification information will be retained for 7 days to prevent re-registration of bad users and fraudulent use. Records of cash recharge and ticket purchases for billing purposes will be retained for 35 days.
Content Management: Upon membership withdrawal, member information will be retained for 30 days for the purpose of handling complaints.
Smitten collects only the minimum necessary personal information required for providing services.
All users can utilize the services provided by the Company, and by signing up for membership, they can receive more diverse services.
[Types and Items of Personal Information Collected]
The types of personal information collected are as follows:
During the process of membership registration and service use, the following minimum personal information is collected, and “sensitive information” is not collected without the user's consent.
Mandatory Information: Information necessary to perform the essential functions of the service
Optional Information: Additional information collected to provide users with more specialized services (Not providing optional information does not restrict the use of services.)
Sensitive Information: Information that may infringe upon the user's privacy (e.g., race, beliefs, political orientation, criminal records, medical information)
Additionally, information that is automatically generated or collected during the use of the service includes the following:
Device information (model name, device ID, MAC address, OS), IP address, cookies, advertising identifiers, visit date and time, access time, records of fraudulent use, service usage records, etc.
Smitten receives personal information from third parties through partnerships and integrations between services.
The company informs users in advance when collecting personal data and obtains their consent. Personal data is collected through the following methods:
Membership Registration and Service Use: When users agree to the collection of personal data and enter their information directly.
Affiliate Services and Organizations: When receiving personal data from affiliate services or organizations.
Customer Center and 1:1 Inquiries: When personal data is provided through web pages, emails, or phone calls during consultation processes.
Participation in Events and Activities: When providing data through participation in events or activities conducted both online and offline.
When collecting personal data from children under the age of 14, the company obtains the consent of the legal representative and collects only the minimum necessary personal data required for service provision. In this process, the company may request minimal information such as the name and contact details of the legal representative and verifies their consent through the following methods:
Mobile Phone Authentication: Confirming the identity of the legal representative through mobile phone verification.
Written Consent: Providing a document detailing the consent for the legal representative to sign and submit.
Other Methods: Informing the legal representative of the consent details and confirming their intent to agree using similar methods.
The company does not provide users' personal data to third parties except with the user's separate consent or as required by law. When necessary for service connections with third parties, personal data is provided only to the extent required for service use.
The table summarizes the personal data processing entrustees and the work they perform. Each entrustee receives the necessary information to carry out specific tasks.
The company entrusts external vendors with necessary tasks for service provision, as outlined below, and manages and supervises these vendors to ensure compliance with relevant laws and regulations.
The company will promptly destroy personal data when it is no longer necessary, such as upon membership withdrawal, expiration of the retention period, or achievement of the purpose of processing.
However, if retention is required by law or service policy, the data will be retained in accordance with “3. Personal Data Processing and Retention Period” before destruction.
The procedures and methods for destroying personal data are as follows:
[Destruction Procedure]
The company will promptly destroy personal data for which the reason for destruction has occurred.
[Destruction Method]
Personal data recorded and stored in electronic file formats will be destroyed in such a way that the records cannot be reconstructed. Personal data recorded and stored in paper documents will be shredded or incinerated.
Users and legal representatives can request to view and modify personal data related to themselves or children under 14 years of age at any time, and they can withdraw consent for collection, use, or provision, or request cancellation of their membership.
Users can exercise their rights to view, correct, delete, or suspend the processing of personal data at any time.
In the case of children under 14 years of age, the legal representative can exercise the rights to view, correct, delete, or suspend the processing of the child's personal data.
Any consent given for the collection/use/provision of personal data during membership registration can be revoked at any time. Withdrawal of consent for personal data processing (membership cancellation) can be requested directly through the “Withdrawal” feature within the service.
If it is difficult to correct or delete personal data directly for unavoidable reasons, users can contact the customer service center using the provided written, phone, or email contacts, and the company will promptly address the request.
When requesting correction of inaccuracies in personal data, the company will not use or provide that data until the correction is completed.
Rights can be exercised through the user’s legal representative or an authorized agent. In this case, a power of attorney must be submitted in accordance with the format specified in the "Notification on Personal Data Processing Methods (No. 2020-7)" Appendix 11.
When requesting access to and suspension of the processing of personal data, the company may inform the requester of the reasons for any limitations or refusals if required by law or for the protection of others' life, body, property, or other interests.
Requests for correction or deletion of personal data cannot be made if the data is explicitly required by other laws as a target for collection.
The company verifies whether the requester is the individual or a legitimate representative when responding to requests for viewing, correction, deletion, or suspension of personal data processing.
The company makes the following efforts to protect users' valuable personal data:
[Administrative Measures]
Responding swiftly to changes in relevant laws and regulations and enhancing management levels to ensure the safe protection of personal data.
Establishing policies and guidelines for personal data and conducting regular training for company employees on information security and personal data protection.
Limiting the number of personnel involved in personal data processing to a minimum.
Undergoing independent audits annually to verify compliance with domestic and international certification standards for information security and personal data protection management systems, while providing opportunities for improvement.
The company uses cookies to store and retrieve user information for providing tailored services.
[What is a Cookie?]
A cookie is a small text file sent from the server running a website to the user’s browser, which is stored on the user's computer.
[Purpose of Use]
To maintain the user’s usage environment, enabling easy and convenient use of the website.
To provide differentiated information based on individual interests (targeted marketing, exposure to related services based on interests).
To analyze visit records and usage patterns for personalized service provision and information delivery, as well as service improvement.
[How to Refuse Cookie Collection]
Cookies do not store personal information such as names or phone numbers, and users have the option to refuse cookie installation. Users can set their web browser options to allow all cookies, to be prompted each time a cookie is saved, or to refuse all cookie storage. However, refusing cookie installation may hinder web usage and cause difficulties in using certain services that require login.
[Examples of Cookie Collection Option Settings]
For Internet Explorer: Top right corner of the web browser [Settings] menu > [Internet Options] > [Privacy] > [Advanced]
For Chrome: Top right corner of the web browser [...] menu > [Settings] > [Privacy and Security] > [Site Settings] > [Cookies and Site Data]
For MS Edge: Top right corner of the web browser [...] menu > [Settings] > [Privacy, Search, and Services] > [Tracking Prevention]
Users can contact the company regarding any inquiries or complaints about the Privacy Policy through the provided contact details.
The Privacy Policy is governed by the laws of the jurisdiction where the company is located, and any disputes will be resolved in the courts of that jurisdiction.
Users and legal representatives of children under the age of 14 can apply for dispute resolution or consultation regarding personal data infringement to the Personal Data Dispute Mediation Committee or the Korea Internet & Security Agency's Personal Data Infringement Reporting Center. For other reports or inquiries related to personal data infringement, please contact the following organizations:
Personal Data Dispute Mediation Committee (without area code) 1833-6972 (https://www.kopico.go.kr)
Personal Data Infringement Reporting Center (without area code) 118 (https://privacy.kisa.or.kr)
Supreme Prosecutors' Office (without area code) 1301 (https://spo.go.kr)
Korean National Police Agency (without area code) 182 (https://ecrm.cyber.go.kr)
The website may provide links to other companies' websites or materials. In such cases, the company does not bear responsibility for the usefulness of the services or materials provided by external sites, nor does it guarantee them.
Once you move to another site through links included on this website, the company’s ‘Personal Data Processing Policy’ no longer applies.
The company may modify the Personal Data Processing Policy to reflect changes in laws or services. When changes are made to the policy, the company will notify users of the changes, and the revised Personal Data Processing Policy will take effect seven days after being posted.
However, in cases of significant changes affecting users' rights, such as changes in the items of personal data collected or the purpose of use, the company will provide notice at least 30 days in advance.
Date of announcement of changes to the Personal Data Processing Policy: March 06, 2025
Effective date of the Personal Data Processing Policy: March 06, 2025