Star Bank Daeppang (hereinafter, the “Company,”“we,”“us,” or “our”) values your privacy and is committed to protecting your personal information in accordance with applicable laws, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection of the Republic of Korea.
This Privacy Policy explains how we collect, use, retain, disclose, and protect your personal information, and how you may exercise your rights regarding your personal information.
Article 1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes. We do not use personal information for any purpose other than those set out below unless we obtain additional consent or are otherwise permitted or required by applicable law.
1. Membership Registration and Account Management
We process personal information to:
confirm a user’s intent to register;
verify eligibility for account creation and use of account-based services;
identify and authenticate users;
maintain and manage membership status;
prevent fraudulent, abusive, or unauthorized use of the Service;
provide notices, announcements, and customer support; and
handle complaints, disputes, and related requests.
2. Provision of Goods or Services
We process personal information to:
provide digital content and related services, including lectures, music, and other online content;
process payments, billing, cancellations, and refunds; and
manage purchase history and service transactions.
3. Marketing and Advertising (Optional)
Where permitted by applicable law and, where required, based on your consent, we may process personal information to:
develop new services and features;
provide customized services, promotions, and event information; and
deliver advertising and marketing communications.
Article 2. Categories of Personal Information We Process
The Company collects only the personal information reasonably necessary for membership registration, service operation, and transaction processing.
1. Information You Provide Directly
Mandatory Information for Account Registration
Email address
Password
Nickname or user ID
Date of birth
2. Information Collected Automatically During Service Use
When you use our website or services, we may automatically collect certain technical and usage information, such as:
IP address
cookies and similar tracking technologies
device information
browser and access logs
service usage records
visit records
records of unauthorized or improper use
3. Payment Information
When you purchase paid content or services, payment-related information may be processed through our payment service providers, including:
payment approval results
payment records
purchase history
cancellation or refund records
Please note: Core payment information, such as full credit card numbers, is processed and stored by the relevant payment gateway or payment processor, and not by the Company, except to the extent necessary to receive and retain transaction results.
Article 3. Processing and Retention Period of Personal Information
1. General Rule
The Company retains and uses personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.
2. Retention Period by Category
Membership Registration and Account Management
Personal information relating to membership registration and account management is retained until account deletion or membership withdrawal.
However, we may retain relevant information for a longer period in the following cases:
where an investigation, dispute, or legal proceeding is in progress, until the matter is resolved;
where outstanding obligations, payments, or credits remain, until such matters are settled; or
where retention is required by applicable law.
Provision of Goods or Services
Personal information relating to paid purchases and service transactions is retained until the relevant goods or services have been provided and payment or settlement has been completed, unless a longer period is required by law.
3. Statutory Retention Periods
Where required by applicable law, the Company retains certain information for the following periods:
Records on contracts or withdrawal/cancellation of subscriptions: 5 years
Records on payment and supply of goods or services: 5 years
Records on consumer complaints or dispute resolution: 3 years
Login records under the Protection of Communications Secrets Act: 3 months
Article 4. Provision of Personal Information to Third Parties
The Company processes personal information only within the scope stated in Article 1 of this Privacy Policy.
In principle, the Company does not provide personal information to third parties without the user’s consent, except where such disclosure is permitted or required by applicable law, including where:
the user has given prior consent;
disclosure is required by law or lawful request of a competent authority; or
disclosure is otherwise permitted under applicable personal information protection laws.
Article 5. Entrustment of Processing and Overseas Transfer
To provide stable and efficient services, the Company entrusts certain personal information processing activities to service providers and may store certain data on overseas cloud servers.
1. Domestic Service Providers
The Company entrusts the following tasks to domestic service providers where necessary:
Trustee: Toss Payments Co., Ltd. Entrusted Tasks: payment approval and settlement, cancellation and refund processing, and escrow-related services.
2. Overseas Transfer and Cloud Storage
The Company uses overseas cloud infrastructure for service operation, hosting, backup, and data security.
Service Provider: Vultr (The Constant Company, LLC / related operating entity) Countries/Regions of Storage or Processing: including South Korea, Japan, the United States, and other regions where Vultr data centers may be located Method and Timing of Transfer: encrypted transmission and storage over the network during service use and system operation Categories of Information Transferred: account registration information, service usage records, and transaction history to the extent necessary for hosting, operation, and backup Purpose of Transfer: system operation, hosting, security, maintenance, and backup Retention Period: until account deletion, withdrawal, or the end of the outsourcing relationship, unless longer retention is required by law
If the details of entrusted processing or overseas transfer materially change, the Company will update this Privacy Policy accordingly.
Article 6. Children’s Privacy and Age Restrictions
The Service is not directed to children under the age of 14, and the Company does not knowingly allow children under 14 to create accounts for account-based use of the Service.
We use date of birth as part of the registration process to determine eligibility for account creation. If we learn that a person under 14 has created an account or submitted personal information in connection with account registration, we may refuse registration, suspend or terminate the account, and delete the related personal information unless retention is required by applicable law.
If a parent or legal guardian believes that a child under 14 has provided personal information to the Company, they may contact us at contact@starbank-daeppang.com, and we will review the matter and take appropriate action.
For users who are minors under applicable law but at least 14 years old, additional consent from a parent or legal guardian may be required for certain paid purchases or services, depending on applicable law.
Article 7. Rights of Users and Legal Representatives
Users may, subject to applicable law, exercise the following rights regarding their personal information:
request access to their personal information;
request correction of inaccurate or incomplete personal information;
request deletion of personal information;
request suspension or restriction of processing; and
withdraw consent where processing is based on consent.
Requests may be submitted in writing or by email to the contact information provided in this Privacy Policy, and the Company will respond in accordance with applicable law.
Where permitted by applicable law, a legal representative may exercise certain rights on behalf of a minor user.
Article 8. Destruction of Personal Information
1. Timing of Destruction
The Company destroys personal information without undue delay when the information is no longer necessary for the purposes for which it was collected, including where the retention period has expired or the processing purpose has been fulfilled, unless retention is required by law.
2. Destruction Procedures and Methods
Personal information stored in electronic form is deleted using technical methods designed to prevent recovery or reproduction.
Personal information printed on paper is destroyed by shredding or incineration.
Where retention is required by law or internal policy for a limited period, the information may first be moved to a separate storage system before final deletion.
Article 9. Measures to Ensure the Security of Personal Information
The Company implements reasonable administrative, technical, and physical safeguards to protect personal information, including:
establishment and implementation of internal privacy and security policies;
limitation and management of access rights to personal information;
password encryption and other security measures for stored data;
monitoring and response measures against unauthorized access or misuse; and
installation, maintenance, and updating of security programs and related protective technologies.
Article 10. Cookies and Similar Technologies
1. Use of Cookies
The Company uses cookies and similar technologies to improve website operation, analyze usage patterns, remember preferences, and provide certain customized features.
2. Purpose of Cookie Use
Cookies may be used to:
maintain login and session functionality;
analyze access frequency, visit times, and usage behavior;
understand user preferences and areas of interest; and
support service improvement, marketing, and personalization, where permitted by law.
3. How to Manage Cookies
You may manage your cookie preferences in the following ways:
On our website: by using the “Cookie Settings” or “Privacy Settings” option made available on the website, where applicable
In your browser: by adjusting your browser settings to block or delete cookies
Please note that blocking strictly necessary cookies may affect certain website functions, including login-related services.
Article 11. Chief Privacy Officer and Contact Information
The Company designates the following person as the person responsible for personal information protection:
For any questions, complaints, or requests concerning this Privacy Policy or the processing of your personal information, please contact us using the information above.
Article 12. Remedies for Infringement of Rights
Users may seek assistance or dispute resolution from the following institutions in relation to personal information infringement:
Personal Information Infringement Report Center (KISA): privacy.kisa.or.kr / 118
Personal Information Dispute Mediation Committee:www.kopico.go.kr / 1833-6972
National Police Agency Cyber Investigation Bureau: ecrm.police.go.kr / 182
Article 13. International Users
Your personal information may be transferred to, stored in, and processed in countries other than the country in which it was collected, including South Korea, Japan, and the United States, for the purposes described in this Privacy Policy.
Where required by applicable law, the Company will take appropriate steps to protect personal information transferred internationally.
Article 14. Additional Information for EEA and UK Users
If you are located in the European Economic Area or the United Kingdom, you may have certain rights under applicable data protection laws, including the right to:
access your personal data;
request correction of inaccurate personal data;
request deletion of personal data;
request restriction of processing;
object to certain processing; and
request portability of your personal data, where applicable.
Article 15. Additional Information for California Residents
If you are a California resident, and to the extent the California Consumer Privacy Act, as amended, applies to the Company, you may have the following rights:
the right to know what categories of personal information we collect, use, disclose, and, where applicable, sell or share;
the right to request deletion of personal information, subject to legal exceptions;
the right to request correction of inaccurate personal information;
the right to opt out of the sale or sharing of personal information, where applicable; and
the right not to receive discriminatory treatment for exercising your privacy rights.
Where required by applicable law, the Company will not sell or share the personal information of a user whom it actually knows is under 16 years of age unless the legally required consent has been obtained.
California residents may exercise applicable rights by contacting us at contact@starbank-daeppang.com. Where required, we may take reasonable steps to verify the identity of the requesting person before processing the request.
Article 16. Changes to This Privacy Policy
This Privacy Policy is effective as of January 11, 2026.
If we make any additions, deletions, or material changes to this Privacy Policy, we will notify users through the website’s notice section or by other appropriate means in accordance with applicable law.
