COIN25 Personal Information Handling Policy


M&U Co., Ltd. (The company hereinafter) actively protects the personal information of its customers who use COIN25 services in compliance with the Act on Promotion of ICT Network and Protection of Information and the Personal Information Protection Act.

Through its Personal Information Handling Policy, the company informs the customers as to how and for what it uses the personal information provided by the users and what efforts it makes to protect their personal information. The company shall publish any amendment to its Personal Information Handling Policy through the announcement item on its website (or individual notification).


Article 1 Items of personal information collected


The company collected the below-listed personal information after obtaining consent from the users for their membership subscription, counseling, and application for services:


1. Items of personal information collected at time of membership subscription and crypto-currencies trading:



Time collected

Items collected

Membership subscription

COIN25 Membership subscription

Name, contact address, e-mail address, nickname (alias), phone number

Trading of crypto-currencies

Sales and purchase

Bank name, account number, account-holder name, coin wallet address


2. Means for collecting personal information

- Website, smart-phone application, smart-phone web pages, fax, phone, counseling bulletin board, e-mail, and participation in events

- Collection using tools generating collecting data



Article 2 Purposes of collection or use of personal information


The company handles or processes personal information for the following purposes: Personal information handled by the company shall not be used for the below-listed purposes. The company shall take necessary actions, including obtaining new agreement pursuant to Article 18 of the Personal Information Protection Act:


1.   Administration of user information

- User identification, management of user information, and delivery of various notices

- User counseling, grievance handling, and compensation of customer damage

- Initialization of mobile phones etc.


2. Provision of services

- Verification of users and crypto-currency trading relations

- Overall administration of services, including founding, maintenance, termination, etc. of crypto-currency trading relations

- Provision of services, contents, customized services, authentication of users, occupancy, age, and fee payment or reconcilement 


3. For marketing and provision of information on events

- Survey of login frequencies, and statistics concerning service use by members

- Provision of information on various events and promotional information


4. Provision of information for performance of legal duties

Provision of information or data when requested for just and legitimate investigation of hacking/fraud related incidents and for performance of other statutory duties


Article 3 Period of retention and use of personal information


The company retains or uses the minimum personal information required during the period from the time a members subscription is approved and while the service is provided. The personal information files are all destroyed without delay when the purposes of their collection and use have been accomplished. Despite the companys personal information handling policy, the below-listed items of personal information that need to be kept pursuant a relevant statute will be retained for a period provided under the statute:


1. Personal information related to use of service (records concerning visit to websites)

Grounds for archival: Act on Protection of Communications Secrets

Period of archival: 3 months


2. Records concerning marking/advertisement

Grounds for archival: Act on Protection of Consumers in e-Commerce

Period of archival: 6 months


3. Records concerning contracts or cancellation/withdrawal of subscription

Grounds for archival: Act on Protection of Consumers in e-Commerce

Period of archival: 5 years


4. Records concerning payment or supply of goods, etc.

Grounds for archival: Act on Protection of Consumers in e-Commerce

Period of archival: 5 years


5. Records concerning consumer complaints or dispute settlement

Grounds for archival: Act on Protection of Consumers in e-Commerce

Period of archival: 3 years


6. Records concerning e-finance transactions

Grounds for archival: e-Finance Transaction Act

Period of archival: 5 years


Article 4 Procedure or methods for destroying personal information


As a rule, the company shall destroy personal information without delay when the purpose of their collection or use is achieved. The destroying procedure or methods shall be as follows:


1. Destroying procedure

The information a member enters for subscribing to the membership shall be transferred to a separate database when the purpose is accomplished (into a separate cabinet in case of paper documents) and shall be destroyed after storage for a given period based on the cause for protection of information (See the retention or use period) under the internal policy and statutes.


Personal information that is transferred to a separate database shall not be used for purposes other than storage unless otherwise provided under a statute.


2. Destroying method

Personal information files saved in electronic file formats are deleted using technical methods that disable their recovery. Personal information files printed on paper are destroyed by shredding or incinerating them.



Article 5 Entrustment of personal information processing

For smooth improved services, the company may administer personal information by entrusting or outsourcing to other companies to a limited extent. The company outsources personal information processing to the following company to perform its service contract with the members: It stipulates matters required for ensuring secure maintenance of the personal information pursuant to the relevant statutes when it signs an outsourcing agreement.


Purpose of outsourcing

Period retained

Amazon Web Services, Inc. (Service name: Amazon Simple Notification Service)

SMS transmission service

Until the member withdraws, the outsourcing agreement is terminated, or the point of time provided under statutes



Article 6 Provision of personal information


The company shall not disclose any users personal information to outside parties as a rule. However, this shall not apply to the below-listed exceptional cases:

- When consented to by the user in advance; or

- When provided under a statute, or requested by a law-enforcement agency for criminal investigation based on procedures or methods provided under statutes



Article 7 Measures for protection of security of personal information


The company takes technical, administrative and physical measures required for securing safety.


1. Technical countermeasures against hacking

To block leaks of or damage to personal information by hacking or computer viruses, the company has installed security programs and periodically updates or inspects them. It has installed the systems in areas whose access from outside is controlled. It monitors and blocks the systems technically and physically.


2. Encryption of personal information

The users personal information and password are known to the user only as they are stored and maintained in encrypted form. The company employs additional security functions for key data, including encrypted storage or transmission of files and data, and file locking functions.


3. Restriction of access to personal information

The company takes necessary measures to control access to personal information by assigning, modifying or deleting authority to access the database system that processes personal information. It also controls any unauthorized access from outside using an intrusion blocking system.


4. Control of access by unauthorized personnel

The company has a physically separated space for storing personal information. It operates an access control procedure it has developed for this purpose.


Article 8 Rights of users and their legal agents, and methods for exercising the rights


Any users or their legal agents may inquire or revise their own personal information or personal information belonging to their minors below 14 years of age, and may also request service contract termination.

The user or legal agent may view and/or correct personal information belonging to their minors below 14 years of age or terminate the service contract by clicking Revise Personal Information (or Update of Member Information) to inquire or revise the personal information, or by clicking Membership withdrawal for terminating the membership (withdrawal of consent) after undergoing the user authentication procedure. Or, the user or legal agent may make a request to the companys personal information administrator in writing, by phone or e-mail. The company will take actions without delay.

When a member requests correction of errors in his/her personal information, the company does not use or provide the relevant personal information [to any third parties] until the correction is completed. Further, the company will have such errors corrected without delay by informing the third party of the correction results when incorrect personal information has already been provided to a third party.


Article 9 Information concerning the installation, operation or refusal of the device for collecting personal information automatically [cookies]


The company uses cookies that save or search your information as required. A cookie is a very short text file the companys server uses to operate its COIN25 website. It is sent to the users browser to be saved on the users computer hard drive. The company uses cookies for the below-listed purposes:


1. Purpose of use of cookies

- To provide target marketing or individually customized services by analyzing the access frequency or visit time of the members and non-member users, survey of preferences and interest areas of the users, trace tracking, survey of their participation in various events, and frequency of access to the service sites


Members are given the option as to the installation of the cookies. Therefore, a member may allow all cookies by setting the option on their web browser, or they may require their confirmation whenever cookies are saved on their computer, or they may reject the saving of all cookies.


2. Method to set up rejecting cookies

Example: The members may allow all cookies by selecting the option on their web browser, or they may require their confirmation whenever cookies are saved on their computer, or they may refuse the saving of all cookies.


Examples of setup methods: (in case Internet Explorer is used)

Tools > Internet Options > Personal Information on the top of the web browser


However, if a member refuses cookie installation, they may experience difficulties in using the service.



Article 10 Customer service concerning personal information

The company has designated its manager and department responsible for protection of personal information in order to protect the users personal information and handle complaints related to personal information, as follows:


1. Personal information administrator

Name: Sun-hak Cha

Phone: 1588-1847



2. Remedies for infringement of rights or benefits

Please contact the below-listed agencies for reporting or counseling on other infringement of personal information:


Personal Information Dispute Mediation Committee ( 02-2100-2499

Supreme Prosecution Office Cyber Crime Investigation Group ( 1301

National Police Cyber Safety Bureau ( 182

Personal information infringement report center ( 118


Article 11 (Duty to notify)

The current personal information handling policy was enacted on 15 June 2018. The company will report any addition, deletion or correction made based on the government policies or development of security technologies by uploading on its website within seven days of its enforcement.




These terms and conditions will go into force on 1 November 2018.