This Privacy Policy (“Policy”) applies to the Fannuri application (the “Service”) operated by Ubnuri Co., Ltd. (the “Company”, “we”, “us” or “our”), and explains how users’ personal information is collected, used, and protected. This Policy has been prepared in accordance with the Personal Information Protection Act of the Republic of Korea and reflects global data protection standards such as the GDPR and CCPA.The definition of "personal information" used in this Notice is as follows: standards including GDPR and CCPA.
The term “personal information” used in this policy is defined as follows.
| Definition of "Personal Information" |
| The term "personal information", as used in this Notice, shall mean personal information as defined under Article 2 of the Personal Information Protection Act; for the purposes of the General Data Protection Regulation 2016/679 (the "GDPR") and the UK Data Protection Act 2018, "personal information" shall mean information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual; and, for the purposes of the California Consumer Privacy Act (the "CCPA"), "personal information" shall be read to also include information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. |
We process your personal information for the following purposes pursuant to applicable law:
The personal information that we process about you is as follows:
1. Personal information items processed without the member's consent
[Required Items]
| Service | Time of Processing | Legal Basis for Processing | Personal Information Processed | Period for retention and use |
|---|---|---|---|---|
| Fannuri | Paid Service purchase | Article 15, Paragraph 1, Subparagraph 4 of the Korean Personal Information Protection Act (Conclusion of Contract) | Receipt number (for in-app purchases) | For 3 months after leaving the service or period stated in relevant laws. |
| For all service | Event | Article 15, Paragraph 1, Subparagraph 4 of the Korean Personal Information Protection Act (Performing of Contract) | Participation in community events: fannuri Account (email), name, and membership number (for membership holders) | For 1 year from the end of the relevant event, and up to 6 months from the announcement of prize winners for the personal information of non-winning participants. |
| Offline performance events such as fan meetings, public broadcasts, etc.: Video information (recorded during the event) Online performance events such as video call fan meeting: Video information (recorded during the event) | Within 7 days after the end of events such as fan meetings or retention period according to relevant laws. | |||
| Handling customer inquiries | Article 15, Paragraph 1, Subparagraph 4 of the Korean Personal Information Protection Act (Performing of Contract) | fannuri account (email address) and the details of the customer inquiries | Stored for 3 years after the customer inquiry in accordance with relevant laws. |
2. Personal information items processed with the member's consent
[Required Items]
| Service | Time of Processing | Personal Information Processed | Retention & Use Period |
|---|---|---|---|
| Fannuri Account | New account sign-up | General members: Account (email address), password, name, nickname | For 3 months after deleting the account or period stated in relevant laws. |
| Fannuri | Service sign-up | User verification information (for connecting to Fannuri account) | For 3 months after leaving the service or period stated in relevant laws. |
| When using the artist community services | Nickname, profile image | ||
| Processing refund requests from customers using paid services | Fannuri account ID (email address), name (first name and last name), bank name, bank account number, address | For 5 years after the refund, as stated in relevant Korean laws. | |
| When reporting illegally filmed materials | Name, mobile phone number (telephone number), email address | For 3 years from the reported date, as stated in relevant Korean laws | |
| For making a reservation for K-Pop Concert service | Mobile phone number, email address and ticket number | 3 months after the service's purpose is achieved | |
| K-Pop Concert | For providing performance contents | Email address, user verification information (for connecting to Fannuri account), and purchase status of related products. | 90 days after the ends of performances (concerts, showcases, fan events, etc.). |
| For all Service | Event | Prize shipping: fannuri account (email address) and recipient information (Name, mobile phone number, and address) | For 1 year from the end of the relevant event, and up to 6 months from the announcement of prize winners for the personal information of non-winning participants |
|
Offline: fannuri account (email address), name, date of birth, and phone number Online: fannuri account (email address), name, date of birth, phone number, and social media account (KakaoTalk or LINE, etc) |
For 1 year from the end of the event for event winners, and for up to 3 months from the end of the event for non-winning participants | ||
| Handling customer inquiries | General inquiry: fannuri account (email address) and the details of the customer inquiries Purchase inquiry: fannuri account (email address), the details of the customer inquiries, mobile phone number | Stored for 3 years after the customer inquiry in accordance with relevant laws. | |
| For SMS authentication | Country code and mobile phone number | For 1 year after deleting the account, or as stated in the relevant Korean laws | |
| Transmission of advertising information for marketing | Email address, automatically generated information (App push identifier, device information, etc.) | For 3 months after deleting the account or period stated in relevant laws. | |
| Accessing and using the service, providing services for reward | Information automatically generated by cookie, service usage history (date of log-in, IP address, fraudulent usage, etc), device information (unique device identifiers and OS version) and logged-in country | For 3 months after leaving the service or period stated in relevant laws. |
Our service is not offered for children (under 14 years old for South Korean and under 16 years old for international users). If we discover that we have collected the personal information of a child, we will delete the information and cancel the user's account. If you believe that we have collected information of a child, please inform us via contact information in Article 10.
If we collect any personal information from you, we comply with our internal policy to use and retain such personal information for the period during which you use our services.
We immediately destroy your personal information when it becomes unnecessary, such as when the retention period has elapsed or when the purpose of processing personal information has been achieved.
In addition, we separately store and manage your personal information until the retention period specified in the provisions of applicable law has elapsed. If we need to preserve personal information in accordance with our internal policies, we will retain relevant personal information for a specified period.
| Keeping Of Personal Information In Accordance With Relevant Laws | Details About Information Kept In Accordance With Our Internal Policies |
|
|
Once the purposes of collection and use of your personal information are achieved, we destroy your personal information in accordance with our internal policies and other applicable laws. However, personal information collected with your consent or stored in the form of electronic files will be deleted using technical means that make the records unreproducible, and personal information printed on paper such as filings or printed materials will be shredded or incinerated.
Subject to applicable law, you may have the following rights relating to your personal information managed by us. You may exercise your rights at any time, by contacting the data protection officer via the contact information provided in Article 10 (Data Protection Officer).
When handling personal information, we take appropriate measures to keep the information safe and prevent from loss, theft, leakage, falsification, or damage, and we take technical measures as follows:
We fully acknowledge the importance of your personal information, and accordingly, we have a reasonably limited number of employees handling personal information. The personnel in charge of protecting personal information conducts periodical education for the employees, putting the utmost effort to protect personal information. Also, we periodically check the compliance status of commitments stated in the policy and relevant employees, and when we detect any violation, we immediately correct and improve the issue and take necessary measures.
We use cookies to store and discover information about members. Cookies are strings of small amounts of text transmitted by the website server to users’ computer browsers (e.g., Internet Explorer, Safari, Chrome, Firefox). Cookies identify each member’s computer, but do not identify individual members.
We use Google Analytics (Terms of Service)and Firebase(Terms of Service), API provided by Google (Privacy Policy), for providing services and statistics analyses.
(1) Operation of Cookies
① Provide differentiated information depending on each individual’s interests
② Analyze members’ and non-members’ frequency of visits and time spent on each visit to identify members’ tastes and interests for use in targeted marketing
③ Identify the traces of browsing records of contents in which members were interested in to provide personalized services on the next visit
④ Analyze customers’ habits and use the results as criteria for service reorganization, etc.
(2) Cookie options
By adjusting the settings on their web browser, members may accept all cookies, receive notifications whenever cookies are installed, or refuse all cookies.
However, if you refuse cookies, you may not be able to use certain functions of the service that require login. You can set whether to permit cookies (on Internet Explorer) as follows:
① Go to [Tools] and [Internet Options].
② Click [Privacy].
③ Under the tab [Settings], choose the level you want from "Accept All Cookies – Low – Medium – Medium High – High – Block All Cookies."
(2) Cookies expire when you close or log off from the browser.
(4) The Company collects and uses the minimum online behavioral information to provide optimized services such as personalized advertising to users.
The Company collects and uses the minimum online behavioral information to provide optimized services such as personalized advertising to users. Behavioral information refers to online activity information that can infer or analyze an individual's interests, preferences, inclinations, or tendencies, such as website and app visit history, purchase, and search history
① User protection when processing behavioral information
When providing services using behavioral information, such as personalized advertising, the Company collects only the minimum behavioral information and does not collect sensitive behavioral information that may clearly infringe on an individual's rights, interests, or privacy, such as thoughts, beliefs, family and kinship relationships, educational background, medical history, or other social activity history. The Company does not collect behavioral information for personalized advertising purposes from online services primarily used by children under 14 years of age and does not provide
② Notice on collection and processing of behavioral information
The company collects behavioral information for the services it operates as follows and allows online personalized advertising business operators to collect and process behavioral information
[Notice on collection and processing of behavioral information]
| Items of behavioral information collected and processed | The user's web and app service visit history, usage records such as searches and clicks, advertising identifiers |
| Method of collecting and processing behavioral information | Automatically collected and transmitted when users visit the Company's website or run the app |
| Purpose of collecting and processing behavioral information | Providing online personalized advertising based on the interests and preferences of users |
| Advertising business operators that collect (tools) and process behavioral information | Google LLC |
| Duration of keeping and using personal information | Retained for 14 months and then destroyed |
| How to exercise user control rights |
[Web browser]
|
| Methods to remedy user damage |
|
In accordance with Article 15(3) and Article 17(4) of the Personal Information Act of South Korea, we may additionally use or provide your personal information without your consent, in consideration of Article 14-2 of the Enforcement Decree of the Personal Information Protection Act of South Korea.
[Article 9 Decision-Making Standards for Additional Use and Provision of Personal Information]
| Third party recipient | Personal information to be provided | Purpose of provision | Period for retention and use |
| Labels and affiliated artists (excluding foreign labels) entered in Fannuri services | Nickname used in community, FID, content in posts | Operating and managing artist communities and sending out event announcements | For 3 months after Service withdrawal or as stated in relevant laws |
| (event winner's) Email address | Community event winner announcement and winner verification | For 1 year after the event ends | |
| Generated information (internal identification key, device information, etc.), service usage history (date of log-in, IP address, fraudulent usage, etc.), device information (unique device identifiers, OS version), your location | Performing statistical analyses on use of platform services | For 3 months after Service withdrawal or as stated in relevant laws |
Accordingly, we have considered the below items for additional use and provision of information without the user's consent.
In order to protect users’ personal information and handle complaints related to personal information, we have designated our Data Protection Officer as follows. Users may report all complaints related to personal information protection arising in the course of using our services to the Data Protection Officer, and we will provide prompt and sufficient responses to such reports.
| Fannuri Account | privacy@fannuri.com |
We operate a customer services center for smooth communication and resolution of any comments and/or complaints presented by our users in connection with personal information protection. If you are a user in Korea, in the event of a dispute arising between us and you in connection with personal information protection, for which you require help regarding potential infringement upon your information, you can contact the Personal Information Infringement Report Center of the Korea Internet & Security Agency, the Cyber Bureau of the National Police Agency, or other relevant agencies.
[Contact Information]
| Korea Internet & Security Agency | https://privacy.kisa.or.kr | 118 |
| Personal Information Dispute Mediation Committee | https://www.kopico.go.kr | 1833-6972 |
| Cybercrime Investigation Division of Supreme Prosecutors’ Office | https://www.spo.go.kr | 1303 |
| Cyber Bureau of National Police Agency | https://cyber.go.kr | 182 |
This Privacy Policy will take effect from July 14, 2025 (KST).
Privacy Policy version number : Integrated V1.0
Effective date : 2025.07.14
The following are supplementary clauses applicable depending on your location or nationality. In the event of conflict between the following and the main text of this Privacy Notice, the following shall prevail.
For the purposes of this section, the term "personal information" used in the main text of this Notice shall be replaced with the term "personal data" – the term shall have the same meaning as set out in Article 1.
Clause Article 1 of this Notice shall be supplemented with the following text as a new final paragraph:
Article 1 Privacy Notice
For the purposes of the GDPR and the UK Data Protection Act 2018, Ubnuri,.co.Ltd. is the entity (or "controller") that decides how and why your personal data are processed and has primary responsibility for complying with applicable data protection laws.
Clause Article 2 of this Notice shall be replaced with the following:
Article 2 Purposes and Legal Bases for Processing of Personal Data
The purposes of processing of your personal data and the legal bases on which we rely under applicable laws are as follows:
[지역별 조항 : EEA 및 영국]
| Processing activity | Legal basis for processing |
| To provide our Sites, Apps, products and services: Providing our Sites, Apps, products or services; creating an account; providing customer support on the use of services; identifying and preventing wrongful uses; providing functions for joining the Fannuri community and for community activities; performing statistical analyses; providing promotional materials (upon request); and communicating with you in relation to our Sites, Apps or services; and providing and operating event services (confirming participants for events, providing and delivering prizes to winners, handling other complaints) , and manufacturing individually customized products. |
|
| To operate our business: Operating and managing our Sites, Apps and services; providing you with content; displaying advertising and other information to you; authenticating users for the sales/delivery of products and the identification and prevention of duplicate purchases/uses or other wrongful uses; communicating and interacting with you via our Sites, Apps or services; and notifying you of changes to any of our Sites, Apps or services. |
|
| To perform communications and marketing activities: Communicating with you via any means (including via email and app push alerts) to provide news items and other information in which you may be interested, subject to obtaining your prior opt-in consent to the extent required under applicable law; personalizing our Sites, products and services for you; maintaining and updating your contact information where appropriate; obtaining your prior opt-in consent when necessary; where applicable, enabling you to opt-out to withdraw your consent to or unsubscribe from emails sent by us, and recording your choice. |
|
| To manage IT systems: Managing and operating our communications, IT and security systems; and auditing (including security audits) and monitoring such systems. |
|
| To improve our Sites, Apps and services: Identifying issues related to our Sites, Apps or services; planning improvements to our Sites, Apps or services; and developing new Sites, Apps or services. |
|
We process personal data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding Sites, Apps or services that may be of interest to you. We also process personal data for the purposes of displaying content tailored to your use of our Sites, Apps or services. If we provide Sites, Apps or services to you, we may send or display information to you regarding our Sites, Apps or services, upcoming promotions and other information that may be of interest to you, including by using the contact details that you have provided to us, or any other appropriate means, subject always to obtaining your prior opt-in consent, to the extent required under applicable law. You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional electronic communication we send or by unsubscribing online at [Link] Please note that it may take up to 2 weeks to process your unsubscribe request, during which time you may continue to receive communications from us. After you unsubscribe, we will not send you further promotional emails, but in some circumstances we will continue to contact you to the extent necessary for the purposes of any Sites, Apps or services you have requested.
Clause Article 5 of this Notice shall be replaced with the following:
Article 5 Procedures and Methods of Destroying Personal DataThe following shall be added at the bottom of Clause Article 6:
Article 6 Your Legal Rights
In addition to the above rights, you remain entitled to all other statutory rights.
You may also have the following additional rights regarding the processing of your personal information:
Clause Article 8 of this Notice shall be replaced with the following:
Article 8 Cookies and Similar Technologies
When you visit a Site or use an App, we will typically place cookies onto your device or read cookies already on your device, subject always to obtaining your prior consent, where required, in accordance with applicable law.
Clause Article 10 of this Notice shall be replaced with the following:
Article 10 Contact Information
You may contact our DPO [privacy@fannuri.com]if you wish to exercise your rights in connection with this Notice or your personal data.
| Fannuri Account | privacy@fannuri.com |
Clause Article 11 of this Notice shall not apply.
California Consumer Privacy Act (CCPA)
Clause Article 4 of this Notice shall be replaced with the following:
Article 4 Retention of Personal Information
We take every reasonable step to ensure that your personal information is only processed for the minimum period necessary for the purposes set out in this Notice. We will retain your personal information in a form that permits identification only for as long as:
(1) we maintain an ongoing relationship with you; or
(2) your personal information is necessary in connection with the lawful purposes set out in this Notice, for which we have a valid legal basis.
Clause Article 6 of this Notice shall be replaced with the following:
Article 6 California Consumer Privacy Act Disclosures
Under the California Consumer Privacy Act ("CCPA"), we must disclose our practices regarding the collection, use, and disclosure of the personal information of California residents ("Consumers").
Collection of Personal Information
We have collected and will collect the following general categories of personal information about Consumers
Our service is not offered for children (under 14 years old for South Korean and under 16 years old for international users). If we discover that we have collected the personal information of a child, we will delete the information and cancel the user's account. If you believe that we have collected information of a child, please inform us via contact information in Article 10.
Use of Personal Information
We may use the categories of personal information described above for the following business or commercial purposes:
Categories of Sources from Which Personal Information
We collect or obtain personal information of Consumers from the following sources
Disclosure of Personal Information
We do not sell any personal information to third parties. In particular, we do not sell the personal information of minors under 16 years of age. In the preceding 12 months, we have disclosed the following categories of personal information to the following categories of recipients
| Categories of recipients | Categories of personal information |
| Vendors who may need access to Consumers’ personal information to help us provide our services. |
|
| Entities who provide us with email address management and communication contact services, and those who analyze and enhance our marketing campaigns and service. |
|
| Entities we partner with to assist us with our Fannuri community events |
|
Clause Article 8 of this Notice shall be replaced with the following:
Article 8 California’s "Shine the Light" Law
Under California’s "Shine the Light" law, California residents are entitled to ask us for a notice describing what categories of personal customer information we share with third parties or our affiliates in connection with direct marketing performed by such third parties or our affiliates. The aforementioned notice will identify the categories of information we shared with third parties and our affiliates, and will include a list of names and addresses of such data recipients. If you are a California resident and would like a copy of this notice, please submit a written request to the following email address:
| Fannuri Account | privacy@fannuri.com |
Clause Article 10 of this Notice shall be replaced with the following:
Article 10 Consumer Rights under the CCPA
If you are a Consumer, the CCPA grants you the following rights regarding your personal information. If you make a certain request to us in order to exercise, or cause an authorized representative you appointed to exercise on your behalf, your rights to know and delete set forth in the CCPA, we will generally require you to provide us with certain personal information for the purpose of identifying you in the course of handling your request and compare such personal information against the personal information we have collected about you to verify your identity ("verifiable consumer request").
| Fannuri Account | privacy@fannuri.com |
Right to Know About Personal Information We Collected about You.
Consumers have the right to submit a verifiable consumer request that we disclose the following personal information we collected about you over the 12-month period preceding the verifiable consumer request, in a readily useable format:
Right to Request Deletion of Personal Information
Consumers have the right to request that we delete any personal information we have collected from them.
Right to Non-Discrimination.
Consumers have the right to be free from discrimination when they exercise their rights under the CCPA and, should you exercise those rights, we cannot:
1. Deny you goods or services;
2. Charge you a different price or rate for goods or services;
3. Provide you with a different level of quality of goods or services;
4. Suggest that you may receive a different level of quality of goods or services.
Notice on Financial Incentive
We offer consumers who provide personal identifiers, including their name, home address, and email address, and commercial information, including their purchase history and access to Fannuri community events. As participants in these programs, consumers will have the opportunity to win prizes. The value of this personal information to our business will vary depending on the consumer's purchases from Fannuri. Consumers may opt-in to our community events by signing up on our website. Consumers may cancel their participation in these events at any time.
Authorized Agent
Under the CCPA, you may appoint an authorized agent to submit requests to exercise your rights on your behalf. Should you choose to do so, for your and our protection, we will require your authorized agent to provide us with a signed permission demonstrating they are authorized to submit a request on your behalf. We note, should your authorized agent fail to submit proof that they have been authorized to act on your behalf, we will deny their request.
Clause Article 11 of this Notice shall not apply.
Japan
According to the purpose of the Article, the "relevant laws" and "relevant Korean laws" stated in this Notice shall be replaced with the Act on the Protection of Personal Information (Act No. 57 of 2003) and relevant Japanese laws.
The terms used in Clause Article 2 of this Notice shall be replaced with the following:
According to the purpose of the Article, the "relevant laws" and "relevant Korean laws" stated in this Notice shall be replaced with the Act on the Protection of Personal Information (Act No. 57 of 2003) and relevant Japanese laws.
We process your personal information for the following purposes pursuant to applicable law:
Clause Article 9 of this Notice is not applied.
The following shall be added to Clause Article 10.
Clause Article 11 of this Notice is not applied.