Types of personal information collected
Cake collects the minimum personal information necessary for the implementation of contracts for service provision, user identification, service improvement, development of new services, membership registration, and consultation.
The user agrees to allow Cake to collect the essential data necessary to perform essential functions of the service and the optional personal information needed to provide more specialized services.
The user is not restricted from using the service even if said user does not agree to the collection of the selected personal information, however the user would not be able to make use of specialized services.
Information from social media platforms
Cake receives nicknames, social media IDs, email addresses and profile images from the social media platform chosen to use social logins to sign up for the service.
Cake can collect the user’s personal information through social media platforms according to the policy and terms and conditions of each platform and the user’s consent agreements.
Cake stores content generated by users, including voice recording through speaking practices and the scores from “Listening Quizzes.” These data can be accessed on the app by users to review and keep track of their learning progress, and the data can be removed upon request.
In the case of mobile services, information such as mobile models, mobile network operator information, hardware ID, Advertising ID, and service use can be collected automatically, but specific individuals cannot be distinguished or identified through this information.
When dealing with service related inquiries or the infringement of the user’s right, Cake may collect user’s email address and phone number.
Purpose of collecting and using personal information
The company uses the information collected for the following purposes:
- To help users make good use of the service
- To identify users and prevent fraudulent use of the service
- To prepare statistical data on the service use
- To survey and analyze necessary service improvements
- To draw and send gifts, such as campaigns and events, via email.
- To confirm the user’s identity when a report is made or a question is asked to the company
- In order to inform of important notices as required
- To communicate advertising information, such as events
- To monitor and analyze user behavior in relation to the usage of the app.
Personal information collection method
The company collects personal information for service provision through the following methods:
- Collecting directly from users during Cake membership registration and usage
- Collecting through the Generated Information Collection Tool
- Collecting via written form, fax, telephone, message board, email
Lawful Basis of Processing
Cake processes personal data on the following lawful bases:
- For the performance of a contract, such as to provide our service and respond to requests from users.
- Legitimate interests, such as to analyze user behavior in relation to the usage of the app.
- Consent, such as to provide you with updates or to notify you of competitions.
Sharing and personal information
In principle, the company does not provide or share the user’s personal information to outside entities without the user’s prior consent. Exceptions shall be made in the following cases:
- In the case of the user agreeing to it beforehand
- In the case of compliance with the compliance of the law
The company entrusts its system operations needed to provide services to NAVER Cloud.
Personal information handling and processing
Information collection and its data processing are carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to Cake, in some cases, the Data may be accessible to persons in charge involved with the operation of the application, such as administration, sales, marketing, legal and system administration personnel.
The data is processed at the Cake's operating offices and in any other places where the parties involved in the processing are located.
Data transfer outside the EU
Cake stores user data in the Republic of Korea, and transfers personal information collected within the EU to other third countries (i.e. any country not part of the EU) only pursuant to legitimate transfer mechanisms. Users can inquire with Cake to learn which legitimate transfer mechanism applies to which specific service.
User rights and execution practices
Users may exercise certain rights regarding their data processed by the Cake.
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their personal information.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
- Object to processing of their data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent. Where personal information is processed for a public interest, in the exercise of an official authority vested in the Cake or for the purposes of the legitimate interests pursued by the Cake, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
- Access their data. Users have the right to learn if data is being processed by the Cake, obtain disclosure regarding certain aspects of the processing and obtain a copy of the data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their data and ask for it to be updated or corrected. Should the user request a correction of an error on the user’s personal information, the incorrect information will not be used until the correction is completed.
- Restrict the processing of their data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, the Cake will not process their data for any purpose other than storing it.
- Have their personal information deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data from the Cake. Users may request account and data erasure below.
- Receive their data and have the right to data portability. Users have the right to receive their data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller. This provision is applicable provided that the data is processed by automated means and that the processing is based on the user's consent. Users may download the information shared through Cake’s services below.
How to exercise these rights
Any requests to exercise user rights can be directed to the Data Protection Officer through the contact details provided in this document.
Personal information retention and period of use
Cake may be allowed to retain personal information for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, Cake may be obliged to retain personal information for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
In principle, the company destroys the user's personal information without delay when the purpose of collecting and using personal information is achieved.
However, if it is necessary to preserve the personal information, the personal information can be kept for a certain period of time as follows:
- Records of contracts or withdrawal of subscriptions, etc.: Storage for 5 years
- Records of payment and supply of goods: Storage for 5 years
- Records of consumer complaints or dispute handling: storage for three years
- Nickname and profile image for CS processing of withdrawal members: 3 months
Cake collects the user’s IP address at the initial launch of the application on a device, for the purpose of determining the display language of the application served to the user, based on the geo-location detected from the IP address.
Information destruction procedure
Information entered by the user for service use, etc. shall be destroyed after the purpose of service has been achieved and stored for a certain period in accordance with the internal policy and related statutes.
The personal information is not used for anything other than the purpose of storage unless it is provided by law.
Personal information printed on paper is shredded with a shredder, and personal information stored in electronic file form is deleted using a technical method that does not allow records to be restored.
Technical Management Protection of Personal Information
Questions, comments and requests regarding this policy should be addressed to the Data Protection Officer as follows.
Address: 5th floor, 22, Seocho-daero 78-gil, Seocho-gu, Seoul, Republic of Korea
Email Address: firstname.lastname@example.org
Kimura Limited, a company based in Ireland, is the EU representative for Cake.
Tho’s Hill House, Main Street, Portarlington, Co. Laois, R32AD62, Ireland
When handling the personal information of its users, Cake seeks the following technical and administrative measures to ensure safety in order to prevent personal information from being lost, stolen, leaked, tampered with or damaged.
- The user's personal information is stored and managed through an encryption communication system (SSL) and the password is stored and managed one way so that it cannot be decoded.
- In order to prevent users’ personal information from being leaked or damaged by hacking or computer viruses, the system is being installed in areas with restricted access from outside entities.
- In case of personal information corruption, we frequently back up data, prevent users' personal information or data from being leaked or damaged by using the latest vaccine program, and secure transmission of personal information on the network through the cryptographic communication system (SSL).
- Using an intrusion prevention system, we control unauthorized access from outside entities and try to equip all possible technical devices to ensure security systematically.
- By minimizing employees handling personal information, we reduce the risk of personal information leakage.
- We provide regular training or campaigns for employees handling personal information on their privacy obligations and security.
Personal information handling and processing
Executed on January 4, 2021.