Logo of Big Hit Entertainment

Big Hit Entertainment Privacy Policy

Big Hit Entertainment (hereafter referred to as the “Company”) acknowledges the importance of users’ personal information obtained in the course of providing performance services by the Company’s artists (hereafter referred to as the “Service”) and has the following Privacy Policy in place to protect such personal information. This Privacy Policy outlines how users’ personal information is used and for what purposes, and what measures are taken by the Company to protect the information. As this Privacy Policy is subject to change to reflect a revision to relevant laws and regulations as well as the Company’s policies, the Company recommends that users review it regularly.

Article 1. Purpose of Collection and Use

The Company collects and uses the following personal information in the course of obtaining applications for event tickets and during provision of the Service.

1. Directly collected information

1)Purpose of Collection and Use- To obtain applications for event tickets (including public music shows) and provide attendance guidelines

Information Items- Date of birth

Use and Retention Period- Destroyed within 90 days after the date of the event


2)Purpose of Collection and Use- maintenance of performance venue security and guest safety

2) Information Items- Personal video information (video footage)

3) Use and Retention Period- Destroyed within 30 days after the date of the event

2. Information generated through the Service

1)Purpose of Collection and Use- To statistically analyze service usage

Information Items- Usage information (usage time, time of visit, IP address, etc.) and cookies

Use and Retention Period- Usage information: retained for 3 months Cookies: retained until the date of expiry

The Company obtains and collects the following personal information from third parties.

Information Provider : beNX Co. Ltd

1. Information on Weply and Weverse members

1) Purpose of Collection and Use- To identify users for Weverse membership events, manage and analyze Weverse membership services, etc.

2) Information Items- Weverse membership user information (name, gender & mobile phone number provided when purchasing Weverse membership, and e-mail & membership number provided when joining as a member)

3) Use and Retention Period- Retained until the date of expiry of Weverse membership, or termination of Weverse membership arising from the closure of the Weply service, etc.

Information Provider : Interpark Corporation

1. Ticket purchaser information

1) Purpose of Collection and Use- To confirm and identify ticket purchasers and analyze application status

2) Information Items- Name, ID, phone number, date of birth, mobile phone number, e-mail, order-delivery information

3) Use and Retention Period- Destroyed within 90 days after the date of the event

The Company collects the above personal information, excluding certain sensitive personal details that may infringe on the basic human rights of users (e.g. race, ethnicity, ideology, faith, birthplace, political disposition, criminal records, health conditions and intimate behavior) and unique identification information.

The Company uses the ticketing lottery and pre-booking system for members of the fan community to allow for fair and safe ticketing. See the ticket purchasing guidelines for further details when purchasing a ticket. Also, users shall use their own name when booking a ticket, otherwise the purchase may be cancelled. In the case of a violation of the Company’s policies, users are subject to penalties and the Company may retain certain minimum identification information.

The Service is not for children under the age of 14 (16 for non-Koreans). If the Company learns that it has collected personal information from a child without consent from his or her legal representative, the Company will delete such information and cancel the child’s account. If you believe that the Company might have obtained any information from a child without consent from his or her legal representative, please contact the Company at privacy@bighitcorp.com.

Article 2. Restrictions on Use Beyond the Stated Purpose and Provision to Third Parties
The Company does not provide users’ personal information to any third parties, except when required by applicable laws and regulations or authorized to do so based on users’ consent.

Article 3. Users’ Rights to Personal Information

Users can access their personal information registered or request changes to such information at any time.

If required by applicable laws, users may exercise their rights to personal information against the Company. For instance, users may request that the Company suspend the use of and delete their personal information and may withdraw their consent to the collection and use of personal information. Provided, however, the Company may decline such requests in the following inevitable situations:

1. Users’ request may violate the requirements or obligations under applicable laws and regulations.
2. Users’ request may cause bodily harm or property damage to a third party.
3. Users’ request may prevent the Company from fulfilling contractual obligations, including the provision of the Service to users.

Please contact the Company at privacy@bighitcorp.com to exercise your rights under this Article.

Article 4. Use and Retention Period

In principle, the Company retains personal information collected from users until the term of users’ service expires or users request withdrawal of service, in which case the Company will destroy such information to prevent further access or use.

- Applicable law: The Protection of Communications Secrets Act provides that website visit logs shall be maintained for 3 months

Article 5. Destruction of Personal Information and Methods

Once users’ personal information is collected and used for its intended purpose within the use and retention period, the Company will destroy such information without delay. The Company destroys personal information according to the following procedures and methods:

Procedures

1. The Company will destroy personal information provided by users in the course of applying for the Service without delay after fulfilling its intended purpose within the use and retention period under Article 4.

Methods

1. Personal information stored in an electronic file format will be deleted using a technical method that disables the recovery of such information.

2. Personal information printed on paper will be shredded or incinerated.

Article 6. Cookie Policy

A cookie is a very small text file that is stored in the web browser on a user’s computer when the user visits a website. Cookies allow convenient internet use since they store information that can be read by the server when the user visits the same website again. Service providers examine cookies to analyze services visited, visit time and frequency, and information generated in the course of use of services and use the subsequent analysis as criteria for service improvement. Users have control over cookies through browser settings that enable users to accept all cookies, be alerted whenever they are stored or block all cookies. If, however, users block all cookies, they may experience inconvenience when using the service.

Use of Cookies

1. To statistically analyze users’ service usage and use the subsequent analysis as criteria for service improvement

Control over Cookies

Users may adjust their browser settings to accept all cookies, be notified when cookies are stored or block all cookies. If, however, users block all cookies, they may not use certain Service where a login is required.

Users can accept or block cookies using the following steps (within Internet Explorer):

1. Select [Internet Options] from the [Tools] menu.
2. Click the [Privacy] tab.
3. In the [Privacy Setting], select [Accept All Cookies – Low – Medium – Medium High – High – Block All Cookies].

Cookies expire when users close the browser or log out.

Article 7. Technical and Managerial Measures for Personal Information Protection

The Company takes reasonable measures to prevent loss, theft, leaks, falsification of or damage to users’ personal information when processing such information. The following include the Company’s technical measures for personal information protection:

1. All users’ personal information is protected with passwords and encryption. However, passwords or other personal information may be exposed to others while using public networks or through other means, so it is important for users to be mindful of their own privacy. Users shall not expose leak or provide their personal information to others, and maintain the confidentiality of such information in a responsible manner. The Company is not responsible for any problems caused by users’ negligence or the internet’s inherent vulnerabilities.

2. All users’ personal information is protected with passwords and encryption. Key information is protected via additional security measures by encrypting files and data transmitted.

3. The Company uses anti-virus programs, which are updated regularly, to prevent damage caused by computer viruses.

4. The Company uses around-the-clock monitoring systems that detects and blocks external outside intrusions to prevent users’ personal information from being leaked or compromised due to hacking or viruses.

The Company acknowledges the importance of protecting users’ personal information. For this reason, it keeps the number of employees handling personal information to a reasonable minimum, and the Personal Information Protection Manager provides periodic training to such employees to ensure personal information is appropriately protected. Also, the Company conducts periodic audits of the implementation of the Privacy Policy and compliance of relevant employees, and in cases where violations are identified, corrective actions, improvements and other necessary measures are taken by the Company.

Article 8. Suggestions and Complaints

The Company provides a customer service channel through which users can make suggestions and complaints in relation to a privacy issue, communicate the problem to the Company and resolve it.

In Korea, in the case of a dispute between the Company and a user in relation to a privacy issue, the user may direct inquiries to the Korea Internet & Security Agency’s Privacy Infringement Call Center, National Policy Agency’s Cyber Security Bureau or other relevant organizations and receive relevant advice.

1. Privacy Infringement Call Center at the KISA

Websitehttp://privacy.kisa.or.kr

Contact Number 118

2. Personal Information Dispute Mediation Committee

Websitehttp://www.kopico.go.kr

Contact Number1833-6972

3. Cyber Crime Investigation Division at the Supreme Prosecutors’ Office

Websitehttp://www.spo.go.kr

Contact Number1303

4. Cyber Security Bureau at the National Policy Agency

Websitehttp://cyber.go.kr

Contact Number182

Article 9. Personal Information Protection Manager, Etc.

The Company has designated a Personal Information Protection Manager and a responsible department to provide the utmost personal information protection.

Please contact the Company via the following contact points if you need to make an inquiry, offer a suggestion or make a complaint in relation to your personal information. The Company will provide answers as promptly and sincerely as possible.

1. Personal Information Protection Manager

Name (Position)Jin-ho Jung (CPO)

E-mailprivacy@bighitcorp.com

2. Department Responsible for Privacy Protection Issues

Department NameDigital Communications Team

E-mailprivacy@bighitcorp.com

Article 10. Commissioning of Personal Information Processing

The Company commissions personal information processing to the following data processing companies, domestic and foreign, within the scope disclosed in the Privacy Policy to fulfill its contractual duty, provide the Service and improve user convenience when using the Service.

1. Personal Information Transferred to Domestic Companies

Transferee : Big Hit Three Sixty Co., Ltd.

1) Purpose of Transfer- operation of performance event

Transferee : Interpark Corporation

1) Purpose of Transfer- To sell tickets on behalf of the Company and identify ticket purchasers

Transferee : Metanetmcc Corporation (secondary transferee)

1) Purpose of Transfer- Interpark performance ticket CS

Transferee : Dream With Us Co. Ltd.

1) Purpose of Transfer- maintenance of performance venue security and guest safety

Transferee : Amazon Web Services, Inc.

1) Purpose of Transfer- To operate and manage cloud servers

2. Personal Information Transferred to Foreign Companies (Cross-border Transfer of Personal Information)

Transferee : Zendesk  /  Transferee Country : US

1) Timing and Method of Transfer- Transferred over the network when 1:1 customer enquiries are registered and e-mails are sent

2) Transferred Information- Information collected under Article 1

3) Purpose of Transfer & Use and Retention Period- Purpose: To handle customer enquiries Period: Retained until the user leaves the Service or the commissioning contract with the transferee terminates

Transferee : Amplitude  /  Transferee Country : US

1) Timing and Method of Transfer- Transferred over the network when the Service is used

2) Transferred Information- Information generated through the Service under Article 1

3) Purpose of Transfer & Use and Retention Period- Purpose: To improve the Service using big data analysis Period: Retained until the user leaves the Service or the commissioning contract with the transferee terminates

The commissioning contract with data processing companies specifies terms and conditions in relation to the prohibition of information processing outside of the intended purpose, technical and managerial measures for personal information protection, restrictions on re-consignment, management and supervision of the transferee, compensation for damages and other obligations. The Company also supervises if the data processing companies process the transferred personal information in a secure manner.

Any future changes to the commissioning of personal information processing or change in data processing companies will be notified via this Privacy Policy.

Article 11. Responsibility for Notification

This Privacy Policy became effective on October 25, 2019. Any additions, deletions or modifications made in accordance with the Company's and the government’s policy changes will be notified in advance via the website. All material changes will be notified 30 days prior to such changes taking effect.

Privacy Policy Version: V1.1
Initial Effective Date of Privacy Policy: September 10, 2019_V1.0

View previous privacy policy