YG Entertainment Personal Information Handling Policy

YG Entertainment (hereinafter referred to as "YG") adheres to personal information protection laws and regulations to safeguard the rights and interests of users and has established the following personal information handling policy to smoothly address user grievances related to personal information. YG will announce any revisions to this policy through its website (www.ygfamliy.com).
The contents of this personal information handling policy are as follows:

  • Purpose of Personal Information Processing
  • Categories of Personal Information Processed
  • Personal Information Processing and Retention Period
  • Provision of Personal Information to Third Parties
  • Outsourcing of Personal Information Processing
  • Rights, Duties, and Exercise Methods of the Information Subject and Legal Representative
  • Withdrawal of Consent for Collection, Use, and Provision of Personal Information
  • Destruction of Personal Information
  • Measures to Ensure the Security of Personal Information
  • GDPR, etc.
  • Personal Information Protection Officer
  • Remedies for Infringement of Personal Information Rights
  • Changes to the Personal Information Handling Policy

Article 1. Purpose of Personal Information Processing

YG processes personal information for the following purposes, based on user consent. Personal information processed will not be used for any purpose other than the following, and in case the purpose of use changes, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be taken.

YG FAMILY CUSTOMER CENTE

a. 1:1 Inquiries

Personal information is collected for responding to inquiries regarding YG FAMILY website errors, album and new business-related inquiries, copyright infringement reports, audition-related inquiries, recruitment inquiries, and other artist-related inquiries.

b. Customer Support

Personal information is collected for responding to inquiries and providing feedback.
YG AUDITION

a. Joining Website Membership and Management

Personal information is collected to confirm membership registration, identify and authenticate individuals for member services, maintain and manage membership qualifications, prevent unauthorized use of services, verify the consent of legal representatives for processing personal information of children under 14 years old, send out various notifications and announcements, handle grievance handling, and preserving preserve records for dispute resolution.

b. Audition Procedure Implementation

Personal information is collected for the purpose of implementing audition-related procedures such as application submission and notifying notification of audition results.

Article 2. Categories of Processed Personal Information

YG processes the following categories of personal information:

YGFAMILY CUSTOMER CENTER
  • Required categories: Name, Email
YG AUDITION
  • Required categories: Name, Email, Gender, Nationality, Date of Birth, Mobile Phone Number, Photo, Height, Weight, Current Address
  • For members under 14 years of age: Required items: Legal representative's name, mobile phone, email, relationship to the member
  • Optional categories: Blood type, language proficiency and level, career history, hobbies, special skills

Article 3. Processing and Retention Period of Personal Information

  • YG processes and retains personal information within the retention and usage period specified by relevant laws or as agreed upon when collecting personal information from the information subject.
  • The processing and retention period of personal information is as follows:
    YGFAMILY CUSTOMER CENTER
    • Until the purpose is achieved or the service is terminated
    YG AUDITION
    • Membership registration information: For 10 days from the membership withdrawal date, to minimize the damage caused by indiscriminate membership withdrawal and re-registration, and to handle complaints due to a change of mind after membership withdrawal
    • Audition application information: Until the audition result is determined, for the purpose of evaluating the applicant's application content
  • The personal information of dormant members is handled as follows.
YG AUDITION
  • If there is no login history on the website for more than one year, the member account and personal information will be destroyed.
  • YG will notify the customer of the scheduled destruction date of the member account and personal information 30 days prior to the destruction of the member account with no login history for more than one year, through email, written notice, facsimile (FAX), phone, or similar methods.

Article 4. Provision of Personal Information to Third Parties

  • YG does not provide personal information to third parties.
  • YG will only provide personal information to third parties in cases where the information subject's consent is obtained, special provisions of the law apply, or when it complies with Articles 17 and 18 of the Personal Information Protection Act. In such cases, the provision details will be disclosed without delay through this personal information processing policy.

Article 5. Consignment of Personal Information Processing

  • YG stipulates and manages/supervises necessary matters to ensure the safe processing of personal information in accordance with relevant laws when consigning personal information processing tasks. For example, when entering a consignment contract, YG specifies matters related to the prohibition of processing personal information for purposes other than consignment, technical/managerial protection measures, restrictions on re-consignment, management/supervision of the consignee, and liability for damages in documents such as contracts, and supervises the consignee to ensure the safe processing of personal information.
  • If the content of the consignment or the consignee changes, YG will promptly disclose it through this personal information processing policy.
Consignee Consignment Content Collected Information Retention and Usage Period
Weverse Company Provide Weverse Membership Service (Fan club service)
  • When purchasing membership (intangible product) - Name, phone number, gender (optional)
  • When purchasing membership kit (tangible product) : Delivery address, recipient's name, recipient's phone number
 Delivery address, recipient's name, recipient's phone number

Article 6. Rights, Obligations, and Exercise Method of the Information Subject and Legal Representative

Users can exercise the following rights as personal information subjects:

  • Users can exercise the following rights as personal information subjects against YG at any time:
    • Request for access to personal information
    • Request for correction if there is an error
    • Request for deletion
    • Request for suspension of processing
  • The exercise of rights according to Paragraph 1 can be conducted by submitting a document in accordance with Annex 8 of the Enforcement Rules of the Personal Information Protection Act in writing, via email, or facsimile (FAX), and YG will take immediate action.
  • If the information subject requests correction or deletion of personal information due to errors, etc., YG will not use or provide the relevant personal information until the correction or deletion is completed.
  • The exercise of rights according to Paragraph 1 can be conducted through a legal representative or an agent who has received authorization. In this case, a power of attorney must be submitted in accordance with Annex 11 of the Enforcement Rules of the Personal Information Protection Act.
  • Requests for access to personal information and suspension of processing may be limited in accordance with Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act.
  • Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target under other laws.
  • When requesting access, correction, deletion, or suspension of processing according to the information subject's rights, it is necessary to verify whether the requester is the information subject or a legitimate representative.

    * [Annex 8 of the Enforcement Rules of the Personal Information Protection Act] Personal Information (Access, Correction, Deletion, Suspension of Processing) Request Form

    * [Annex 10 of the Enforcement Rules of the Personal Information Protection Act] Personal Information (Correction, Deletion, Suspension of Processing) Request Form

    * [Annex 11 of the Enforcement Rules of the Personal Information Protection Act] Power of Attorney

Article 7. Withdrawal of Consent to Collection, Use, and Provision of Personal Information

  • Data subjects may withdraw their consent to the collection, use, and provision of personal information at any time. You may contact the Personal Information Protection Officer and responsible party designated in Article 11 via written notice, phone call, email, etc., to withdraw your consent. YG shall take the necessary measures, such as deleting personal information, without delay.
  • If a user withdraws their consent and requests that their personal information be destroyed or takes other relevant measures, YG shall notify the user of such actions upon their request.

Article 8. Destruction of Personal Information

YG shall, in principle, destroy the personal information without delay once the purpose of processing has been achieved. The procedures, deadlines, and methods for destruction are as follows:
[Destruction Procedure]
The information entered by the user is transferred to a separate database (in the case of paper, separate documents) after the purpose is achieved and is destroyed immediately or stored for a certain period according to internal policies and other relevant laws. At this time, the transferred personal information shall not be used for any other purpose unless required by law.
[Destruction Deadline]
A user's personal information shall be destroyed within five days from the end of the retention period if the retention period has expired, or within five days from the date when it is deemed unnecessary to process the personal information due to the achievement of the processing purpose, termination of the service, or cessation of the business.
[Destruction Method]
Electronic information is destroyed using technical methods that make it impossible to reproduce the records. Printed personal information is destroyed by shredding or incineration.

Article 9. Measures to Ensure the Security of Personal Information

In accordance with Article 29 of the Personal Information Protection Act, YG takes the following technical, administrative, and physical measures to ensure the security of personal information:

  • Regular self-audits
    To ensure the security of personal information handling, regular self-audits are conducted.
  • Minimization and education of personal information handling staff
    A designated staff member handles personal information, and access is limited to that individual to minimize personal information management.
  • Establishment and implementation of an internal management plan
    An internal management plan is established and implemented to ensure the safe processing of personal information.
  • Technical measures against hacking
    Security programs are installed to prevent personal information leakage and damage caused by hacking or computer viruses. Regular updates and inspections are conducted, and systems are installed in areas with controlled access from the outside, with technical and physical surveillance and blocking in place.
  • Encryption of personal information
    Users' personal information and passwords are encrypted for storage and management, ensuring that only the individual can access them. Important data is encrypted or secured with file-locking features or other separate security functions.
  • Retention and tampering prevention of access records
    Access records to personal information processing systems are retained and managed for at least two years, and security features are used to prevent tampering, theft, and loss of access records.
  • Restricted access to personal information
    Necessary measures are taken to control access to personal information by granting, changing, or revoking access rights to the personal information processing database system. Intrusion prevention systems are used to control unauthorized access from the outside.
  • Use of locking devices for document security
    Documents and auxiliary storage media containing personal information are stored in a secure location with locking devices.
  • Access control for unauthorized persons
    A separate physical storage location for personal information is established, and access control procedures are established and implemented.

Article 10. GDPR, etc.

YG values the protection of users' personal information. In accordance with applicable laws such as GDPR, users may request the administrator to transfer their personal information and may request to refuse the processing of their information. Users also have the right to file a complaint with the personal information protection authorities. For related inquiries, please contact the administrator via email, and appropriate action will be taken. Personal information will not be used or provided until the correction is completed if you request a correction for errors in personal information.

Article 11. Personal Information Protection Officer and Responsible Department​

  • YG is responsible for overseeing the overall handling of personal information processing tasks and has established a Personal Information Protection Officer and a responsible department as follows to address complaints, damage remedies, and other matters related to personal information processing:
    Personal Information Protection Officer

    Name : Kim Tae-gyun
    Position : Leader
    Contact : +82-2-3142-1104
    Fax : +82-2-3142-0288

    ※ You will be connected to the Personal Information Protection Department.
  • Data subjects may request access to their personal information in accordance with Article 35 of the Personal Information Protection Act, as well as inquire about all personal information protection-related matters, complaints, and remedies arising from using YG's services at the department below. YG will respond to and process inquiries promptly.
    Personal Information Protection Department

    Department : IT Infrastructure Team
    Responsible : Personal Information Protection Officer
    Contact : 02-3142-1104
    Email : privacy@ygmail.net

Article 12. Remedies for Infringement of Data Subject's Rights

Data subjects may inquire about remedies and consultations for personal information infringements at the following organizations:
The organizations below are separate from YG Entertainment; if you are not satisfied with YG's internal personal information complaint handling and damage remedies, or if you need more detailed assistance, please contact the organizations below.

Personal Information Infringement Report Center

Jurisdiction : Reporting and consultation of personal information infringement incidents
Website : privacy.kisa.or.kr
Contact : (With no regional code) 118
Address : (58342) 9 Jinheung-gil, Naju-si, Jeollanam-do (Bitgaram-dong), Korea Internet & Security Agency, Personal Information Infringement Report Center

Personal Information Dispute Mediation Committee

Jurisdiction : Personal information dispute mediation application, group dispute mediation
Website : https://www.kopico.go.kr/
Contact : (With no regional code) 1833-6972
Address : (03171) 12th floor, Government Seoul Office Building, 209 Sejong-daero, Jongno-gu, Seoul, Personal Information Dispute Mediation Committee

Personal Information Infringment Report Center (privacy.kisa.or.kr / 118 without area code)

Supreme Prosecutors' Office Cyber Investigation Department (www.spo.go.kr / 1301 without area code)

Korean National Police Agency Cyber Investigation Bureau (police.go.kr / 182 without area code)

Article 13. Changes to the Personal Information Processing Policy

This personal information processing policy shall be applied from the date of enforcement, and any additions, deletions, or corrections of its contents according to laws, services, and policies will be announced through notices at least 7 days prior to the implementation of the changes.

Addendum
This personal information processing policy shall be enforced from April 27, 2023.

[Previous Personal Information Processing Policy]

Guidelines applied until March 31, 2023