Payletter Inc. (hereinafter referred toas the “Company”) values the privacy of users and complies with relevant lawsincluding the “Act on Promotion of Information and Communications NetworkUtilization and Information Protection,” the “Personal Information ProtectionAct,” and the “Electronic Financial Transactions Act.”
This Privacy Policy explains how users’ personal information is collected,used, and protected, and what measures are taken for the protection of personaldata.
Any amendments to this Privacy Policy will be notified via the Company’swebsite notice board.
1. Items of Personal Information Collected
2. Purpose of Collection and Use of Personal Information
3. Retention and Use Period of Personal Information
4. Procedures and Methods for Destruction of Personal Information
5. Provision of Personal Information
6. Outsourcing of Personal Information Processing
7. Rights of Users and Their Legal Representatives and How to Exercise Them
8. Measures to Ensure the Security of Personal Information
9. Matters Concerning the Installation, Operation, and Rejection of AutomaticPersonal Information Collection Devices
10. Personal Information Protection Officer and Complaint Handling Department
11. Duty of Notification
1. Items of Personal Information Collected
The Company collects the following personal information for the provision ofintegrated electronic payment services, partnership inquiries, and paymenthistory inquiry services.
① Items Collected
(1) Required Information
- Personal Information
- Partnership Inquiry: Name, email address, company name, department, phonenumber, mobile number
- Service Application: Name, email address, company name, department, phonenumber, mobile number, date of birth
- Payment History Inquiry: Card number, mobile number, phone number,Cultureland ID, BooknLife ID, Happy Money ID, TeenCash ID, EZLE mobile number,T-money card number, cash receipt identification number
- 1:1 Inquiry: Phone number, email address
- Merchant Administrator: Name, phone number, email address
- Representative Information: Name (in Korean and English), date of birth,nationality, gender, contact information, address, mobile number, CI(Connecting Information), bank account information (bank name, account number,account holder’s name), email, country of residence
- Beneficial Owner Information: Name (in Korean and English), date of birth,nationality, gender, contact information, address
- Agent Information: Name (in Korean and English), date of birth, nationality,gender, mobile number, telecom provider, CI, bank account information (bankname, account number, account holder’s name), email, relationship to theprincipal, job title
- Additional Automatically or Manually Generated Information During Service Use
Payment ID, IP address, email address, service access time, service usage logs,fraudulent or abnormal usage records, payment records
- Credit Information for Collection of Unpaid Amounts
In case of overdue payments, the Company may collect personal (credit)information for debt collection purposes.
- Other Information
For payment-related purposes, the Company may additionally collect card issuername, partial card number, bank name, telecom provider name, and gift card ID,depending on the payment method used.
(2) Optional Information
- Information stated in contracts or voluntarily provided by users beyond therequired items
- Address, fax number
② Methods of Collection
- Website (payment, partnership inquiry, payment history inquiry), writtenforms, fax, email
2. Purpose of Collection and Use of Personal Information
The Company uses the collected personal information for the following purposes:
1. Identification and real-name verification necessary for contract formation,maintenance, and termination, merchant management, and contract delivery
2. User identification, authentication, and notification during the serviceprocess
3. Prevention of unauthorized or fraudulent use
4. Confirmation of user consent or withdrawal related to service use
5. Registration of merchant business information by payment method
6. Provision of user payment data and retention information to the issuer ofthe payment method with whom the user has a contract, for service provision(e.g., transaction approval) and related operations (e.g., complaints handling,data management audits)
7. Collection of overdue payment amounts
8. Verification of credit status related to defaults (*)
9. Customer identification under the Act on Reporting and Use of SpecificFinancial Transaction Information
(*): These items are essential for providing telecommunications billingservices and preventing use by unauthorized or fraudulent users.
3. Retention and Use Period of Personal Information
In principle, personal information is destroyed without delay once the purposeof its collection and use has been fulfilled. However, certain data may beretained for a specified period under applicable laws, as outlined below:
① Retention Based on Legal Requirements
- Records related to contracts or withdrawal of offers
- Retention Period: 5 years
- Legal Basis: Enforcement Decree of the Act on Consumer Protection inElectronic Commerce, Article 6
- Records of payment and supply of goods
- Retention Period: 5 years
- Legal Basis: Same as above
- Records of consumer complaints or dispute resolution
- Retention Period: 3 years
- Legal Basis: Same as above
- Records on collection, processing, and use of credit information
- Retention Period: 3 years
- Legal Basis: Credit Information Use and Protection Act, Article 20
- Customer verification records
- Retention Period: 5 years
- Legal Basis: Act on Reporting and Use of Specific Financial TransactionInformation, Article 5-4
- Service access and usage logs
- Retention Period: At least 3 months
- Legal Basis: Protection of Communications Secrets Act, Article 15-2
- Records of electronic financial transactions over KRW 10,000
- Retention Period: 5 years
- Legal Basis: Enforcement Decree of the Electronic Financial Transactions Act,Article 12
- Records of electronic financial transactions under KRW 10,000
- Retention Period: 1 year (may be extended up to 5 years depending on businesstype and applicable law)
- Legal Basis: Same as above
- Cash receipt payment records
- Retention Period: 1 year
- Legal Basis: Enforcement Decree of the Restriction of Special Taxation Act,Article 121-3
4. Procedures and Methods of Personal Information Destruction
① Destruction Procedure
Information entered by users for service applications, consultations, orinquiries will be stored for a designated period in accordance with internalpolicy and applicable law (refer to Retention Period) and then destroyed.
② Destruction Method
- Electronic files: Deleted using technical methods that prevent recovery
- Printed materials: Destroyed via shredding or incineration
5. Provision of Personal Information
① The Company uses personal informationonly within the scope described in “2. Purpose of Collection and Use ofPersonal Information,” and does not provide it to third parties without theuser’s prior consent, except in the following cases:
- When the user has given prior consent
(This refers to the user voluntarily agreeing to provide their personalinformation to a third party for purposes such as service use.)
- Even in such cases, the Company will notify the user in advance of thefollowing:
① The recipient of the information
② The purpose of use by the recipient
③ Items of personal information to beprovided
④ Retention and use period of therecipient
Consent will be obtained in a clear and individual manner. The Company does notcollect additional information or share information beyond the scope ofconsent.
- When required by law or upon a request from an investigative agency inaccordance with legal procedures
② Cases of Third-Party Provision forService Execution
(1) Provision of personal (credit) information (required)
| the recipient of the offer | Purpose of possession and use of the recipient | Personal (credit) information items provided | Retention and period of use of recipient |
| 1) Credit card A. Credit card companies: Kookmin, BC, Lotte, Samsung, NH Nonghyup, Hyundai, Shinhan, Hana, Woori, Citi B. Bank: Shinhan, SC Cheil, Citi, Hana, Nonghyup, Enterprise, People, Savings, Suhyup, Credit Union, Post Office, Saemaul Geumgo, IM Bank, Busan, Gyeongnam, Gwangju, Jeonbuk, Jeju, K-Bank, Kakao Bank C. VAN Co., Ltd.: Kesnet Co., Ltd., Koban Co., Ltd., Korea Credit Card Payment Co., Ltd., Smartro Co., Ltd D. Affiliated PG companies: Nice Payments Co., Ltd., KG Innisis Co., Ltd., Toss Payments Co., Ltd E. Simple payment affiliates: NHN Payco Co., Ltd., Kakao Pay Co., Ltd., Shinsegae I&C Co., Ltd., Samsung Electronics Co., Naver Financial Co., Ltd. and Apple Inc. | - Credit card payment | - Transaction information (card company name, card number (partial) - IP Address | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 2) Payletter Simple Payment (PPAY) go. Credit cards: BC, Kookmin, Hana, Samsung, Shinhan, Hyundai, Lotte, Jeonbuk, KONAI B. Bank: Industry, enterprise, people, Suhyup, Nonghyup (unit) Woori, SC, Citi, IM Bank, Busan, Gwangju, Jeju, North Jeolla Province, South Gyeongsang Province, Hana, Shinhan, K-Bank, Kakao, Nonghyup (central), Saemaul Geumgo, Credit Union, Forest Association, Post Office C. Mobile phones: SK Telecom Co., Ltd., KT Co., Ltd., LG Uplus Co., Ltd., MVNO | - User transactions for payment simplification services | - 7 digits before the social security number (or date of birth, gender, domestic and foreign population), mobile phone number, and mobile phone carrier information - Transaction information | Until the simplified payment is terminated |
| 3) a virtual account A. Bank: Corporate, KB Kookmin, Nonghyup Central, Unit Agricultural Cooperative, Woori, SC Cheil, IM Bank, Busan, Gwangju, Gyeongnam, Post Office, KEB Hana, Shinhan B. Affiliate PG Co., Ltd.: KG Innisis, Hecto Financial Co., Ltd | - Virtual Account Payment | - Transaction information - IP Address | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 4) account transfer A. Banks: Enterprise, KB Kookmin, Suhyup Central, Nonghyup Central, Unit Agricultural Cooperative, Woori, SC Cheil, Korea Citi, IM Bank, Busan, Gwangju, Jeju, Jeonbuk, Gyeongnam, Saemaul Geumgo, Korea Credit Cooperative Central, Post Office, KEB Hana, Shinhan, Forest Cooperative, Industrial, K-Bank, Kakao Bank B. Securities: Yuanta, KB, Mirae Asset Daewoo, Korea Investment, NH Investment, Hi Investment, Hyundai Motor, SK, Daeshin, Hana Financial Investment, Shinhan Financial Investment, DB Financial Investment, Eugene Investment, Meritz Securities, Shinyoung, Samsung, Hanwha Investment C. Affiliate PG: Korea Financial Telecommunications & Clearings Institute, Kukon Co., Ltd., Viva Republica Co., Ltd., Shinsegae I&C, NHN Pay Co., Ltd., Kakao Pay Co., Ltd., and Naver Financial Co., Ltd | - Account transfer payment | - Transaction information - IP Address | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 5) Gift certificates: Korean Culture Promotion, Galaxy Money Tree Co., Ltd., Phase Book & Life Co., Ltd., and Cultural Gift Certificates Co., Ltd | - Gift certificate payment | - Transaction information - IP Address | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 6) Cash receipt: Kesnet Co., Ltd | - Issuance and cancellation of cash receipts | - Mobile phone number | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 7) Prepaid cards: Playtong Co., Ltd., Galaxia Moneytree Co., Ltd., Korea Prepaid Card Co., Ltd., Timonet Co., Ltd., and the joy of Lee Dong | - User identification and transaction win | - Transaction information | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 8) Mobile phone, phone payment: A. Telecom: SK Telecom Co., Ltd., KT Co., Ltd., LG Uplus Co., Ltd., MVNO B. Affiliated PG Co., Ltd. : Danal Co., Ltd., KG Mobilians Co., Ltd., and Galaxy Money Tree Co., Ltd | - Mobile phone user self-identification and payment | - Mobile or landline number - Transaction information | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 9) ARS Credit Card: Dasam Solution Co., Ltd | - Card ARS Payment | - Transaction information | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 10) Identification: NICE Evaluation Information Co., Ltd., Korea Credit Bureau Co., Ltd., and NHN Payco Co., Ltd | - ID verification | - Mobile phone number, identification verification, unique number (key for mobile phone information replacement) | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 11) Overseas payment institution: VISA, MASTER, JCB, Americanexpress, Unionpay, Paypal, NuveiTechnologies, MOL, Degica, ICB, Codapay, Gash, Cherry credits, mycard, unipin,VTC | - Overseas card (including global service) payment | - Transaction information (card number) - IP Address | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 12) Seoul Guarantee Insurance Co., Ltd | - Subscription and maintenance of credit insurance | - Personal identification information (date of birth, gender, mobile phone number, information subject to insurance (small payment amount, product name, month of payment), and information necessary for establishing, signing, maintaining, and managing credit insurance | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 13) Text service: LG Uplus Co., Ltd., Dow Technology Co., Ltd | - Provides text message (SMS, MMS) sending service | - Mobile phone number | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 14) Depositor's inquiry: Hecto Financial Co., Ltd | - Inquiry of depositors for account settlement | - Name, Account Number, IP | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
| 15) ARS certification: ThinkAT | - OTP Number ARS Outgoing | - Mobile phone number | ① More than 10,000 won per case: 5 years per case ② 10,000 won or less: one year (provided, if otherwise prescribed by relevant laws and regulations such as the Electronic Financial Transactions Act, etc.) |
(2) Provision of personal (credit) information (optional)
| a person who receives an offer | Purpose of ownership and use of the recipient | Personal (credit) information items provided | Retention and period of use of recipient |
| Korea Credit Bureau Co., Ltd | Establishment of database for providing KCB credit information service | Username | When the purpose of use is achieved |
| Nice Evaluation Information Co., Ltd | Establishment of database to provide credit information service for Nice Evaluation Information | Username | When the purpose of use is achieved |
(3) Inquiry of personal (credit) information (*)
Personal (credit) information isinquired for the performance of the company's services as follows.
| Institutions subject to personal (credit) information inquiry | Purpose of inquiry | Items of personal (credit) information you are inquiring about | Valid Period of Consent to Inquiry |
| Korea Credit Bureau Co., Ltd | Check creditworthiness information related to default | Default-related creditworthiness information | Until the transaction is rejected, or at the time of withdrawal of consent or the purpose provided is achieved from the date provided |
- (*)The above personal (credit)information inquiry does not affect the customer's credit rating.
6. Entrustment of personal informationprocessing
The company will entrust users'personal information to an external specialized company to implement theservice, or notify users in advance if the details of the consignment work orthe trustee changes. In addition, through business partnership contracts, theservice provider's strict guidelines on personal information protection,confidentiality of personal information, prohibition of third-party provisionand responsibility for accidents, and the obligation to return/dispatchpersonal information immediately after the end of the consignment period willbe clearly defined, and the contents of the contract will be kept in writing orelectronically to protect the rights and interests of users.
The Company may provide personal information to third parties when necessaryfor service execution (e.g., payment method providers, financial institutions).The details of such provision are managed under strict contractual and legalsafeguards.
① Currently, thecompany's personal information processing trustee and its duties are asfollows.
| a consignment company | Information on consignment work and provision |
| SK M&Service Co., Ltd | - Details of consignment: Check transaction details, cancellation and refund, service consultation, operation and management of the customer center recording server - Information provided: 7 digits before the resident number (or date of birth, gender, domestic and foreign population), mobile phone number, mobile phone carrier information, payment limit, e-mail, non-payment, payment information |
| Nara Credit Information Co., Ltd | Details of consignment: Collection of long-term unpaid bonds - Information provided: unpaid customer number, name, date of birth, mobile phone number, address, work name, work address, unpaid amount, reimbursement amount, reduction or exemption amount, extinctive prescription, initial unpaid month, extinctive prescription, payment telecommunications company, payment mobile phone number, virtual account information, personal rehabilitation status, reasons for handling personal rehabilitation, personal bankruptcy exemption registration, reasons for exclusion of bonds |
| BNK Credit Information Co., Ltd | - Details of consignment: Collection of long-term unpaid bonds - Information provided: unpaid customer number, name, date of birth, mobile phone number, address, work name, work address, unpaid amount, reimbursement amount, reduction or exemption amount, extinctive prescription, initial unpaid month, extinctive prescription, payment telecommunications company, payment mobile phone number, virtual account information, personal rehabilitation status, reasons for handling personal rehabilitation, personal bankruptcy exemption registration, reasons for exclusion of bonds |
7. Rights of Users and Legal Representatives andHow to Exercise Them
① Users may at any time request to viewor correct errors in their personal information, and the Company will promptlytake the necessary measures. If a correction is requested, the Company will notuse the relevant personal information until the correction is completed.
② Users may contact the Customer ServiceCenter (1599-7591) by phone or visit in person to request viewing ormodification of their information after confirming their identity.
③ In the case of children under the ageof 14, their legal representatives have the right to access or correct thechild’s personal information and to withdraw consent for the collection and useof the child’s information.
8. Measures to Ensure the Security of Personal Information
The Company takes the following measures to ensure the security of personalinformation.
① Administrative Measures: Establishmentand implementation of internal management plans, regular employee training,etc.
② Technical Measures: Management ofaccess rights to personal information processing systems, installation ofaccess control systems, encryption of unique identification information,installation of security programs
③ Physical Measures: Access control ofcomputer rooms and data storage rooms
9. Matters Concerning the Installation, Operation, and Rejection of AutomaticPersonal Information Collection Devices
The Company does not install or operate cookies or other devices to store andretrieve user information.
10. Personal Information Protection Officer and Complaint Handling Department
The Company designates the following personnel as the Personal InformationProtection Officer and the Personal Information Manager to protect users’personal information and handle related complaints.
① Personal Information ProtectionOfficer
Name: Taehun Lee, Executive Director
Department: Business Division
Phone Number: 1599-7591
Email: POQ_Bizop@payletter.com
② Personal Information Manager
Name: Hwanbok Na, Senior Manager
Department: Information Security Management Team
Phone Number: 02-6191-3773
Email: hbna@payletter.com
③ Complaint Handling Department
Department: Operations Team
Phone Number: 1599-7591
Email: impayhelp@payletter.com
Users may report any personal information protection-related complaints arisingfrom the use of the Company’s services to the Personal Information ProtectionOfficer or the relevant department. The Company will respond promptly andadequately to all user complaints.
If you need to report or consult regarding a personal data breach, you maycontact the following organizations:
① National Police Agency (http://cyberbureau.police.go.kr) / 182 (no area code)
② Supreme Prosecutors’ Office CyberCrime Division (http://www.spo.go.kr) / 1301 (no area code)
③ Personal Information InfringementReport Center (http://privacy.kisa.or.kr) / 118 (no area code)
④ Personal Information Dispute MediationCommittee (http://www.kopico.go.kr) / 1833-6972
11. Duty of Notification
In the event of additions, deletions, or modifications to this Privacy Policy,the changes will be announced through the Company’s website ‘Notices’ at least7 days prior to implementation.
This Privacy Policy is effective from May 1, 2025.
Date of Public Announcement of Privacy Policy Change: April 24, 2025
Effective Date of Privacy Policy: May 1, 2025
Version History
<No. 1, 2008.09.31>
Effective Date: October 6, 2008
<No. 2, 2015.04.01>
Effective Date: April 8, 2015
<No. 3, 2017.10.31>
Effective Date: November 7, 2017
<No. 4, 2018.01.01>
Effective Date: January 8, 2018
<No. 5, 2018.01.29>
Effective Date: February 5, 2018
<No. 6, 2018.05.30>
Effective Date: June 7, 2018
<No. 7, 2019.04.24>
Effective Date: May 1, 2019
<No. 8, 2019.07.25>
Effective Date: August 6, 2019
<No. 9, 2020.02.11>
Effective Date: February 18, 2020
<No. 10, 2020.08.20>
Effective Date: September 7, 2020
<No. 11, 2021.02.23>
Effective Date: February 23, 2021
<No. 12, 2021.12.17>
Effective Date: December 22, 2021
<No. 13, 2022.05.04>
Effective Date: May 11, 2022
<No. 14, 2022.08.17>
Effective Date: September 1, 2022
<No. 15, 2023.02.16>
Effective Date: March 2, 2023
<No. 16, 2023.05.19>
Effective Date: June 22, 2023
<No. 17, 2023.08.31>
Effective Date: September 7, 2023
<No. 18, 2023.11.23>
Effective Date: November 30, 2023
<No. 19, 2024.07.08>
Effective Date: July 15, 2024
<No. 20, 2024.09.13>
Effective Date: September 20, 2024
<No. 21, 2025.02.07>
Effective Date: February 14, 2025
<No. 22, 2025.02.12>
Effective Date: February 19, 2025
<No. 23, 2025.02.21>
Effective Date: February 28, 2025
<No. 24, 2025.04.24>
Effective Date: May 1, 2025