Debut’s Plan Privacy Policy

1. What is a privacy policy?Starship Entertainment (hereinafter referred to as “we”, “our”, or “us”) processes and manages personal information in accordance with the stipulations set forth in the Republic of Korea’s Personal Information Protection Act (PIPA) and other related laws with the utmost regard for protecting the freedom and rights of data subjects (hereinafter referred to “you”).
In compliance with Article 30 of the PIPA, Starship Entertainment has established and disclosed the following privacy policy to inform you who use the services provided by Starship Entertainment of the procedures and standards applicable to the processing of personal information, and ensure prompt and efficient handling of any related grievances.
If you are a resident of the European Union (EU) or the European Economic Area (EEA), please refer to the regional provisions specified in this document and read the privacy policy concerning the General Data Protection Regulation (GDPR).
If you are a resident of California, United States, please refer to the regional provisions specified in this document and read the privacy policy concerning the California Privacy Rights Act (CPRA).
2. Purpose of personal information processingWe process personal information for the following purposes. The processed personal information will not be used for purposes other than those specified below. If there is any change in the purpose of use, we will ensure that necessary measures are taken, such as providing prior notice to you or obtaining additional consent.
  • Identification of members, confirmation of intent to subscribe;
  • Processing of inquiries and grievances, and communication of notifications;
  • Preventive measures and penalties for actions that hinder the smooth operation of services, including account theft and unauthorized use;
  • Service usage records, frequency of access, and statistical data related to service use;
  • Establishment of service environments by data protection;
We may use or provide personal information to third parties without your consent within the scope reasonably related to the purposes for which the personal information was initially collected, in accordance with applicable laws. This is based on a thorough consideration of whether disadvantages have been caused to you, whether additional use or provision of personal information is foreseeable, and whether necessary measures such as encryption have been implemented to secure it.
3. Period of personal information processing and retentionAs a general principle, We retain and use personal information for the period for which separate consent has been obtained from you or as notified, and promptly destroys personal information once the purpose of its collection and use has been fulfilled or you withdraw membership. However, even after such events, we may retain such data for a certain period in accordance with applicable laws and service policies.[Personal information processing and retention in accordance with laws]
CategoryPersonal informationLegal basisRetention
Records related to resolution of consumer complaints or disputesemail address, consultation records (consultation date and details), complaint or dispute resolution resultsArticle 6 of ENFORCEMENT DECREE OF THE ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE3 years
Login records related to service useLogin recordsArticle 15-2 of PROTECTION OF COMMUNICATIONS SECRETS ACT3 months
[Personal information processing and retention according to service policy]
  • Upon delete account, email addresses are retained for 24 hours and mobile phone numbers are retained for 30 days from the date of collection to prevent malicious users from re-registering and engaging in fraudulent activities.
  • The history of text messages sent is retained for 90 days to prevent misuse.
4. Category of personal information processingWe collect only the minimum necessary personal information to provide its services.[Personal information processed without obtaining consent from you]We process the following personal information without obtaining your consent.
  • Membership Management
      • Legal basis: Article 15(1)(4) of the PIPA (“Where it is necessary to take measures at the request of you in the course of performing a contract concluded with you or concluding a contract”)
      • Purpose of Collect and Use: Identification of members, confirmation of intent to subscribe, Processing of inquiries and grievances, and communication of notifications
      • Collected and used:Email address and password (when signing up with an email address) (※ Depending on the type of inquiry/report to the office, additional personal information may be required (i.e., mobile phone number).
  • Preventing misuse of service
    • Legal basis: Article 15(1)(4) of the PIPA (“Where it is necessary to take measures at the request of you in the course of performing a contract concluded with you or concluding a contract”)
    • Purpose of Collect and Use: Preventing misuse of service
    • Collected and used: Country code, mobile phone number
[Personal information collection methods]When collecting personal information, we always inform you in advance and obtain consent, if necessary, in the following methods. (The personal information collected and collection methods may vary depending on the country where the service is provided.)
  • When you agree to the collection of personal information and manually enters information during service use;
  • When personal information is obtained through direct inquiry (via email, etc.);
5. Provision of personal information to third partiesWe do not provide your personal information to third parties unless explicit consent is obtained from you or it is required by applicable law.
6. Personal Information Processing Subsequent to Entrustment of WorkWe entrust certain tasks necessary for providing services to third parties as follows while managing and supervising to ensure they do not violate related laws.
Entrusted entityEntrusted affairs
Kakao Entertainment Corp. (re-entrusted to Transcosmos Korea Inc., Kakao Corp.)Membership service operation and management, Customer support, Text message delivery
7. Destruction of personal informationWe promptly destroy personal information when it is no longer needed, such as upon delete account, expiration of retention period, and fulfillment of processing purpose. However, if retention is required by law or service policy, data is retained according to 3. “Period of personal information processing and retention” before being destroyed.The procedure and method for delete account (permanent deletion) are as follows.[Delete Account]
  • Settings > Account Settings > Delete Account
Furthermore, the procedure and method for data destruction are as follows.[Destruction procedure]
  • We promptly destroy personal information once a reason for its destruction arises.
[Destruction method]
  • Personal information recorded and stored in electronic files is destroyed to prevent recovery, and personal information recorded on paper documents is shredded or incinerated.
8. Your rights and dutiesYou may exercise your rights and duties at any time as follows.
  • You have the right to request access, correction, deletion, suspension of processing and withdrawal of consent to your personal information at any time.
  • You are free to withdraw your consent to the collection, use and provision of your personal information at any time through the “Delete Account” function within the service.
  • If it is difficult for you to correct or delete your personal information yourself (including delete account), you may contact our office using the email address provided by us and we will process it without delay.
  • When you request the rectification of your personal information, such personal information will not be used or provided until rectified.
  • You may exercise your rights through an agent (e.g., a legal representative, a person delegated), by submitting a power of attorney(Annex 11), in the form prescribed by Notification of the Protection Commission to us.
  • In the event of a request to access or suspend processing of personal information, if access is prohibited or limited by Acts, if there are special provisions in other laws so require or it is inevitable to observe legal obligations, if access may cause damage to the life or body of a third party, or unjustified infringement of property and other interests of any other person, if it is impracticable to perform a contract such as the provision of services as agreed upon with the said you without processing the personal information in question, and the you has not clearly expressed the desire to terminate the agreement, the request may be limited or denied by notifying the reason.
  • You may request a correction or erasure of such personal information from us, provided that the erasure is not permitted where the said personal information shall be collected by other statutes.
  • When we receive a request to access, delete, correct, suspend processing, or withdraw consent, we will verify that the requester is you or a legitimate representative.
9. Safeguards to ensure the safety of personal informationWe make the following efforts to protect your valuable personal information.[Managerial measures]
  • We promptly adapt to legislative and regulatory changes by competent authorities, and enhance management levels to secure personal information.
  • We formulate policies and guidelines for personal information, and conduct regular training on information security and privacy for our employees.
  • We limit the number of personnel handling personal information to a minimum.
[Technical measures]
  • We control access to the systems used to process personal information (i.e., assigning individual accounts, managing passwords, minimizing permissions, generating access logs, and monitoring).
  • We encrypt personal information during transmission and storage (i.e., one-way encryption).
  • We use antivirus software and operate 24-hour surveillance via intrusion detection and prevention systems to protect personal information from hacking and computer viruses.
  • We conduct continuous research on the latest hacking and security technologies to apply suitable protective measures.
[Physical measures]
  • Data and server rooms are designated as restricted and protected areas, with access control in place.
10. Installation and operation of an automatic personal information collection system and the denial thereofWe use cookies to store and retrieve usage information to provide you with convenience.Cookie Policy
11. Privacy officer and departmentWe designate a Privacy Officer to handle all inquiries, complaints, and damage relief related to personal information protection that arise during service use, and we remain committed to hearing the voice of the customer and delivering prompt and thorough answers.[Privacy officer and department]
12. Remedies for infringements of rightsTo obtain relief for personal information infringement, you may apply for dispute resolution or consultation with the Personal Information Protection Commission's (PIPC) Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency's (KISA) Personal Information Infringement Report Center. For any other reports or inquiries related to personal information infringement, please contact the following organizations:
  • Personal Information Dispute Mediation Committee
    1833-6972 (without area code) (kopico.go.kr)
  • Personal Information Infringement Report Center
    118 (without area code) (privacy.kisa.or.kr)
  • Supreme Prosecutor’s Office
    1301 (without area code) (spo.go.kr)
  • National Police Agency
    182 (without area code) (ecrm.cyber.go.kr)
13. Other matters[External links]
  • The website may provide members with links to other companies’ websites and/or resources. In this case, the Company does not bear responsibility for or guarantee the usefulness of services or resources provided by external sites.
  • If you click a link on the website that takes you to another website, our privacy policy will no longer be applicable to your use of that external website.
14. Updates to the privacy policyThe privacy policy may be updated to incorporate modifications to applicable laws or services. If the privacy policy is updated, the Company will post the updates, and the updated policy will become effective seven (7) days after being posted.
However, if such updates are significantly affecting user rights, such as changes in the collected personal information or purposes of use, you will be notified at least thirty (30) days in advance.
  • Announcement of the privacy policy update on: March 8, 2025
  • Effective implementation of the privacy policy on: March 8, 2025
Regional provisions[GDPR privacy policy]1. ForewordThis addendum complements the privacy policy and upholds the personal data protection rights of EU/EEA residents using our Services in compliance with the General Data Protection Regulation (GDPR).
2. Data protection officerDPO information
  • Name: Seo Seung Yeon
  • Office: 4-5, Samseong-ro 146-gil, Gangnam-gu, Seoul, Republic of Korea
  • Email: support@newkids.co.kr
3. Lawfulness of processing
Purpose of data processing (refer to the privacy policy)Legal basis
Provision of services based on contractual relationships with users
  • GDPR Art. 6(1)(a) - the data subject has given consent to the processing of his or her personal data for one or more specific purposes
  • GDPR Art. 6(1)(b) - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Implementation of terms of use, privacy policies (including related additional provisions), and other agreements with third parties
  • GDPR Art. 6(1)(a) - the data subject has given consent to the processing of his or her personal data for one or more specific purposes
  • GDPR Art. 6(1)(b) - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • GDPR Art. 6(1)(f) -processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
Compliance with legal requirements
  • GDPR Art. 6(1)(a) - the data subject has given consent to the processing of his or her personal data for one or more specific purposes
  • GDPR Art. 6(1)(c) - processing is necessary for compliance with a legal obligation to which the controller is subject
Performing customer services
  • GDPR Art. 6(1)(a) - the data subject has given consent
  • GDPR Art. 6(1)(b) - necessary for the performance of a contract
  • GDPR Art. 6(1)(f) -processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
4. Possible consequences of failing to provide dataSome personal data collected from you requires us to fulfill our duties defined in a contract made with you. Other information may be required for us to provide better Services to you.
If you deny or fail to provide personal data, we may not be able to fulfill our duties or may not be able to continue providing our Services.
5. Your rights under the GDPRIf you wish to exercise your rights over personal data as specified in the privacy policy, please contact support@newkids.co.kr. In compliance with the GDPR, we will verify whether the requester is you or an authorized representative when requesting to exercise their rights.
6. Cross-Border Transfer of personal dataData provided by you to us will be transferred to the Republic of Korea (ROK). According to the European Commission, the ROK ensures an adequate level of personal data protection in line with the GDPR. However, if we transfer your data to a country not certified by the European Commission as having an adequate level of protection, we will inform you of the specific location and take the following protective measures.
  • Standard contractual clauses (SCCs)
    To meet GDPR requirements and protect your personal data, we make an agreement with Standard Contractual Clauses pre-approved by the European Commission.
7. Automated decision-making (incl. profiling)We do not carry out automated decision-making.
8. Updates to this privacy policy’s appendixWe may amend, revise, add, or remove parts of this privacy policy’s addendum in compliance with the privacy policy.Last Modified: March 8, 2025
[CPRA privacy policy]1. ForewordThis addendum complements the privacy policy and upholds the personal information protection rights of California residents using our Services in compliance with the privacy laws of California.
2. Categories of personal information we collect
  • Identifiers (e.g., email address, IP address, phone number, and similar identifiers)
  • Characteristics of protected categories (e.g., demographic information like age and nationality)
  • Internet or other similar network activity information (i.e., internet browsing history, search history, websites, applications)
  • Account login information and essential security or access codes, passwords, or personal information combined with credentials required to gain access to the account
3. Categories of personal information collected
  • Directly from you or your device
  • Automatically collected while using our services
  • Vendors who provide Services on our behalf
4. Business purposes of Collection and Use
  • To perform services, including maintaining accounts or services, providing customer service, verifying customer information, providing analytical services, or providing similar services.
  • To ensure the security and integrity of consumer personal information, within a scope reasonably necessary and proportionate for these purposes.
  • To debug by identifying and correcting errors that impair the intended functionality.
  • To conduct internal research for the development and demonstration of technologies.
  • To verify or maintain the quality or safety of services or devices owned, manufactured, or controlled by us or produced for us, and to improve, upgrade, or enhance such services or devices.
5. Sale and sharing of personal informationWe do not sell or share your personal information.
6. Your rightsThe rights of your personal information are as follows:
  • Right to know (access and data portability)
    Refer to the main text regarding the rights, duties, and methods of exercising your rights.
  • Right to delete (be forgotten)
    Refer to the main text regarding the rights, duties, and methods of exercising your rights.
  • Right to correct
    Refer to the main text regarding the rights, duties, and methods of exercising your rights.
  • Right to opt-out of sale or sharing
    We do not sell or share your personal information. Therefore, there is no need to submit an opt-out request.
  • Right to limit use and disclosure of sensitive personal information
    We do not collect or process your sensitive personal information to infer characteristics about them. Therefore, there is no need to submit a request to limit the use or disclosure of sensitive personal information.
  • Right to non-discrimination
    The CPRA prohibits a business from discriminating against you for exercising their privacy rights under the law. Discrimination may include the following:
    • - Denying goods or services to you;
    • - Charging different prices or rates for goods or services, including by granting discounts or imposing penalties;
    • - Providing you with a different level or quality of goods or services;
    • - Suggesting that you will receive a different price or rate for goods or services, or a different level or quality of goods or services.
  • Shine the Light
    Under California’s “Shine the Light” law (CA Civil Code § 1798.83), California residents have the right to request, once per year, information about our sharing of your personal information with third parties for direct marketing purposes. For further details under the Shine the Light law, please contact support@newkids.co.kr.
7. How to contact UsTo exercise your rights concerning personal information as a California resident, please contact us at the email address below.
8. Updates to this privacy policy’s appendixWe may amend, revise, add, or remove parts of this privacy policy’s addendum in compliance with the privacy policy.Last Modified: March 8, 2025