FASSKER Privacy Policy

1. What is the Privacy Policy?

F&S Holdings Co., Ltd. (hereinafter referred to as “Company”) ‘collects, uses and provides personal information based on members’ consent’ and ‘actively guarantees members’ rights (right to self-determination of personal information).’

The company complies with the relevant laws and personal information protection regulations and guidelines of the Republic of Korea that information and communication service providers must comply with. “Personal Information Processing Policy” refers to the guidelines that the company must follow to protect users’ valuable personal information so that users can use the service with peace of mind.

This privacy policy applies to FASSKER account-based services (hereinafter referred to as “Services”) provided by the Company.


2. Collection of personal information

The company collects members' personal information as follows through the application for convenient membership registration and smooth service use. However, the types and methods of social login supported for membership registration may vary by country.

1) Membership management

purposeAccount classificationessential
Membership managementFASSKER ACCOUNTEmail address , password, FASSKER profile name, profile photo
 NaverEmail address , Naver ID code
 FacebookEmail address , Facebook ID code, name
 Apple IDEmail address , Apple ID code, name

2) Responding to customer inquiries

  • Email address, phone number, name

3) Paid services related to Avatar&Dressroom

  • Payment information requested by the company, such as credit card number, expiration date, security code (three digits on the back of the credit card) or account number, account holder, and bank name .

4) The following functions of the member's mobile phone device can be accessed during the process of using the service or running the app.

  • You can access the mobile phone number and the contact function of the member's mobile phone terminal to search for acquaintances, notify them, invite them, etc.
  • member content, you can access the camera and photo album functions of the member's mobile phone device.
  • In order to provide members with services in accordance with the location-based service terms and conditions, the location service function of the member's mobile phone device may be accessed.


5) It may be automatically generated and collected during the process of using company services or running apps.

  • IP address, MAC address, cookie, session, date and time of visit, service use record, bad use record, device information (device model, mobile carrier information, hardware ID, basic statistics on service use), application installation and use history, location information


3. Method of collecting personal information

When collecting personal information, we must notify users in advance and ask for their consent, and personal information is collected through the methods below.

  • When a member agrees to the collection of personal information and enters the information directly during the process of signing up and using the service
  • When participating in marketing purposes, promotions and information provision, events, etc.
  • Customer inquiry reception process through the customer center’s web page, fax, phone, etc.

In the process of using the company's services, the information in items 3) and 4) of 2. Personal information collection may be automatically generated and collected.


4. Purpose of collection and use of personal information

It is used for member management, service provision and improvement, and new service development.

  • Provision of services such as content provision, provision of specific customized services, identity verification, search/notification/invitation of acquaintances, etc.
  • Provision of membership services, identification of members, restrictions on use of members who violate FASSKER terms and conditions, sanctions on actions that interfere with the smooth operation of the service and misuse of the service, confirmation of intent to join, restrictions on membership and number of subscriptions, and preservation of records for dispute resolution. , for member management purposes such as processing complaints, delivering notices, confirming intention to withdraw membership, etc.
  • Provision of services and posting of advertisements according to statistical characteristics
  • For purposes such as service analysis and service use environment improvement, such as verifying the effectiveness of the service, determining access frequency, and statistical analysis of members’ service use.
  • The purpose is to provide event information and participation opportunities, provide advertising information, and provide participation opportunities only if separate consent to the collection of personal information is obtained from members.


5. Sharing and provision of personal information

The company uses members' personal information only within the scope notified in 4. Purpose of collection and use of personal information , and does not use the member's personal information beyond this scope or disclose the member's personal information to outside parties without the member's prior consent.

However, personal information may be provided to a third party only in cases where the company is obligated to provide information pursuant to the law, such as when an investigative agency requests provision of information for investigation purposes in accordance with the procedures and methods prescribed by law.



6. Entrustment of processing of personal information

The company entrusts some of the tasks necessary to provide services to external companies at home and abroad. The information that the company consigns to processing is limited to the minimum scope necessary to provide the service, and the consignment period is until the member withdraws from the service or the end of the consignment contract .

TrusteeItems of personal information entrustedCountry/entrustment date/method to which personal information is entrustedPurpose of use of information by trustee
Amazon.comItems collected in Paragraph 2


2019. 1. 1.

Use of servers and databases required for service operation, and cross-border data backup (storage) to safely protect user data from disasters/disasters, etc.

Cloud server operation and management
Google Inc.Payment information


Encrypted information transmitted at the time of service use

In-app payment processing
Apple Inc.Payment information


Encrypted information transmitted at the time of service use

In-app payment processing

The company is taking all necessary measures to ensure that personal information entrusted is safely managed in accordance with relevant laws, and through consignment business contracts, etc., compliance with laws and regulations related to personal information protection, confidentiality of personal information, and third parties of personal information. Prohibition on provision, liability in the event of an accident, entrustment period , and obligation to return or destroy personal information after completion of processing are stipulated and managed to ensure compliance with these provisions.


7. Retention and use period of personal information

1) In principle, the company retains members’ personal information until membership withdrawal. However, in order to prepare for unwanted withdrawal of membership due to personal information theft, etc., personal information is preserved for 90 days after requesting membership withdrawal.

2) In accordance with the company's internal policy to prevent disputes due to illegal use of the service, records of illegal use of the service, i.e. personal information of members who have committed acts that violate the terms of use and operating principles, are preserved for one year.

3) If the company is required by law to keep personal information for a certain period of time, the company will keep the personal information for that period.

3-1) Act on Consumer Protection in Electronic Commerce, etc.

  • Records on contracts or cancellation of subscription, etc.: kept for 5 years
  • Records regarding member complaints or dispute resolution: Retained for 3 years (however, if civil, criminal, or administrative procedures are in progress, until the procedures are completed)
  • Records related to labeling and advertising: kept for 6 months

3-2) Electronic Financial Transactions Act

  • Records related to electronic finance: kept for 5 years

3-3) Communications Secret Protection Act

  • Member's service access date and time, access time, frequency of use, and location tracking data of the base station that detected the access information: stored for 1 year
  • Login records, tracking data of access points that can confirm the location of the mobile phone used by members to access the service: Retained for 3 months


8. Disadvantages when refusing to collect or use personal information

Members have the right to refuse consent to the collection and use of personal information. However, if a member refuses to consent to the collection and use of personal information, the following disadvantages will inevitably occur.

1) If a member refuses to collect and use personal information that the company essentially wishes to collect and use when applying for membership, the member will not be able to register as a member.

2) If the company refuses to collect, use or access personal information or mobile phone functions collected, used or accessed during the member's use of the service, the provision of certain services to the member may be restricted.


9. Personal information destruction procedures and methods

In principle, members' personal information is destroyed without delay once the personal information collection and use period has elapsed.

However, personal information that must be stored and then destroyed for the period specified in Paragraphs 7.2) to 7.3) according to internal policies and other related laws will be transferred to a separate DB (separate filing cabinet in the case of paper) and stored in accordance with this policy and related laws. It is stored for the period specified by law and then destroyed.

Personal information printed on paper is destroyed by shredding or incineration, and personal information stored in the form of electronic files is deleted using technical methods that render the records unrecoverable.


10. Membership rights and how to exercise them

As a subject of personal information, members can exercise the following rights.

1) Members may exercise the following rights related to personal information protection against the company at any time. However, in such cases, it may be difficult to use some or all of the services.

  • Withdraw consent
  • Request to view personal information
  • Request for correction if there is an error, etc.
  • Request for deletion
  • Request to stop processing

2) Members can exercise their rights pursuant to the preceding paragraph through e-mail, phone, or writing, and the company will take action without delay and notify the results of the processing through one of the following methods: e-mail, text message, or written communication.

3) If a member requests correction of an error in personal information, the company will not use or provide the personal information to a third party from the time the request is received until the correction is completed. Additionally, if incorrect personal information has been provided to a third party, the third party will be notified of the results of the correction without delay.

4) If a member requests deletion of personal information, personal information will be destroyed in accordance with the 9. Personal information destruction procedures and methods.

5) A member may request to view, modify, or delete personal information directly or through a person authorized by the member (agent). If you make a request through an agent, you must submit a power of attorney in the form of the Personal Information Protection Act Enforcement Rules [Appendix No. 11] to the company.


11. Matters regarding installation/operation and rejection of cookies/sessions

1) What are cookies and sessions?

personalized and customized services, the company uses 'cookies' and 'sessions' to store and frequently retrieve member information.

  • Cookies are very small text files that the server used to operate the service sends to the member's browser and are stored on the member's computer or mobile device (e.g. smartphone, tablet PC).
  • A session means that the server used to operate the service stores the member's information on the server during the member's access time.

2) Purpose of the company’s cookie/session use

It is used to provide optimized and customized information, including advertisements, to members by identifying the types of visits and use of FASSKER services, popular search terms, and membership size.

3) Installation/operation and rejection of cookies/sessions

  • Cookies: Members have the option to install cookies. Therefore, members can allow all cookies by setting options in their web browser , confirm each time a cookie is saved, or refuse to save all cookies. However, if you refuse to save cookies, you may have difficulty using some FASSKER services that require login . To determine whether to allow cookie installation, set the options in your web browser to allow all cookies or check each time a cookie is saved. You can also refuse to save all cookies. Here's how to specify whether to allow cookies to be installed:
    • Microsoft Edge web browser > Top right menu [Settings] > [Cookies and site permissions] settings
    • Chrome web browser > Top right menu [Settings] > [Privacy and security] > [Cookies and other site data] settings
    • Safari web browser > Top menu [Preferences] > [Privacy] > [Cookies and website data] settings
  • Session: Members do not have the option to set up a session, and a session is automatically created on the server when using services that require login.


12. Denial of automatic access

If a member does not want the company to access the contact function, camera and photo album function, or location service function of a smartphone or tablet PC, the company provides technical means to block access (i.e., the member can block access on the mobile phone). You can block or disable access to each of the above functions of the “FASSKER” app).


13. Measures to ensure the safety of personal information

When processing members' personal information, the company is taking the following technical, managerial, and physical measures to ensure the safety of personal information and prevent it from being lost, stolen, leaked, altered, or damaged.

1) Minimization and training of employees handling personal information

We are implementing measures to manage personal information by designating employees who handle personal information and limiting it to the person in charge.

2) Encryption of personal information

The member's personal information and password are stored and managed in an encrypted manner, so only the member can know it. Sensitive data uses separate security features, such as encrypting files and transmitted data or using the file lock function.

3) Technical measures against hacking, etc.

The company seeks to prevent personal information from being leaked or damaged due to hacking or computer viruses. We install security programs, regularly update and inspect them, install systems in areas where access is controlled from the outside, and monitor and block them technically and physically.

4) Restrictions on access to personal information

By granting, changing or deleting access to database systems that process personal information. We take necessary measures to control access to personal information and use an intrusion prevention system to control unauthorized access from outside.

5) Storage of access records and prevention of forgery and falsification

We store and manage access records to the personal information processing system for at least six months, and use security features to prevent access records from being falsified , stolen, or lost.

6) Use of locking device for document security

Documents and auxiliary storage media containing personal information are stored in a safe place with a lock.

7) Conduct regular self-audit

To ensure the stability of personal information handling, we conduct self-audits on a regular basis (quarterly).


14. Personal information protection officer

In order to protect members' personal information and handle complaints related to personal information, the company designates the relevant departments and personal information protection officers as follows. Members may report all personal information protection-related complaints that arise while using the company's services to the personal information protection officer or personal information protection department. The company will do its best to listen to your voice and provide a quick and sufficient response.

Personal information protection officerPersonal information protection department
Name: Lee Sang-won 
Email: eric@fassker.com
Department Name: Personal Information Protection Team 
Email: privacy@fassker.com


15. Reporting and consultation on personal information infringement

can contact the organizations below for help with damage relief and consultation regarding personal information infringement .

The organizations below are separate from the company and belong to government agencies. Please contact us if you are dissatisfied with the company's own personal information complaint handling or damage relief results or if you need further assistance.

Contact uscontact
home page 
Personal Information Infringement Reporting Center(without area code) 118
Personal Information Dispute Mediation Committee1833-6972
Supreme Prosecutors' Office Cyber Crime Investigation Team02-3480-3573
National Police Agency Cyber Security Bureau(without area code) 182
Information Protection Mark Certification Committee02-580-0533~4


16. Principle and scope of application

This personal information processing policy has been written based on Korea's personal information protection laws. If there is a difference between the interpretation of the Korean personal information processing policy and the personal information processing policy written in another language, the Korean version will take precedence.

Additionally, we would like to inform you that this Privacy Policy does not apply to the collection of personal information on the websites of (additional) other companies and other services linked to FASSKER.


17. Duty to notify

The personal information processing policy may be modified for the purpose of reflecting changes in laws or services. If the personal information processing policy changes, the company will post the changes and notify you of the change by posting the changed personal information processing policy on the service homepage or through the service's 'Notice'. It will also take effect 7 days from the date of posting.

However, if there is a significant change in user rights, such as a change in the items of personal information collected or the purpose of use, we will notify you at least 30 days in advance.