Goodnews Energy
Privacy Policy

Updated December 11, 2024

Goodnews Energy Inc. (hereinafter referred to as the "Company") complies with the personal information protection regulations that must be complied with in accordance with the Personal Information Protection-related laws and regulations, and is doing its best to protect the rights and interests of information subjects by establishing a personal information processing policy based on the relevant laws and regulations.

The meaning of terms used in this Personal Information Processing Policy shall be in accordance with the relevant laws and regulations and the Company's Terms of Use, and other matters shall follow general practices.

  1. Items of personal information to be processed

The company collects the minimum amount of personal information necessary for providing services and smooth customer consultation based on the information entered by the information subject.


1. Personal information collected when registering as a member or submitting an inquiry


1.1. Name of the information subject

1.2. Country

1.3. Affiliated company

1.4. Email

1.5. Contact information

1.6. Other information to be included in inquiries (power plant information, etc.)


2. Personal information collected during the use of the service (however, the information collected below may or may not be personal information depending on whether it is linked to personal information, etc.)


2.1. Log information: The company collects information that your browser or device automatically transmits when you use the service. Log information includes your IP address, browser type and settings, request time, and how you interact with the company's service.

2.2. Usage data: The company collects information about your use of the service, such as the types of content you view or use, the functions you use and the actions you perform, your time zone, country, access time, user agent and version, type of computer or mobile device, and your computer connection.

2.3. Device Information: The Company collects information about the device you use to access the Services, such as the device name, operating system, device identifier, and browser. The information collected may vary depending on the type of device you use and its settings.

2.4. Location Information: The Company may determine the approximate location from which your device accesses the Services based on information such as your device’s IP address for security reasons and to improve your product experience, such as by detecting unusual login activity to protect your account or provide more accurate responses. In addition, for some Services, you may choose to provide more precise location information, such as your device’s GPS location.

2.5. Cookies and Similar Technologies: The Company uses cookies and similar technologies to operate and manage the Services and to improve your experience. If you use the Services without creating an account, the Company may store some of the information described in this Privacy Policy along with cookies, for purposes such as maintaining your preferences across browsing sessions.

  1. Method of collecting personal information

The company collects personal information in the following ways:


1. Collected through the information subject's service use application and inquiry submission


2. Collected by receiving information provided by the information subject during customer inquiries and event/survey participation


3. In the case of information subjects logging in using a social simple ID (Google, etc.), the company collects information provided after receiving consent from the information subject


4. Generated information such as device information and service use records are automatically collected during the service use process

  1. Purpose of collection and use of personal information

The company collects the minimum amount of personal information of the information subject necessary for the purpose of providing services, managing members, etc. Personal information may be aggregated or de-identified so that it no longer identifies you, and this information may be used for the purposes described above, such as analyzing how the service is used, improving and adding functions of the service, and conducting research.

Personal information processed by the company is processed within the scope specified for the purpose of collection/use, and if the purpose of use changes, necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act, will be taken to process it.


1. Service Provision


1.1. Personal information is collected and used to provide services such as renewable energy procurement and subscription, RE100 consulting, and to analyze services and maintain service levels.


2. Member Management


2.1. Personal information is used for purposes such as identity verification, member identification, confirmation of intent to join, registration and number of times of joining, securing a smooth communication channel, responding to customer inquiries, introducing new information and delivering notices, preventing fraudulent use by bad members and unauthorized use, record preservation for identity verification and dispute resolution, handling complaints, etc.


3. Provision and improvement of service functions and development of new services


3.1. In addition to providing existing services such as content, personal information is used for communication including service improvement/development and research such as demographic analysis, analysis of service visit and usage records, provision of customized services based on personal information and interests, development of new product functions, etc., and learning of recommendation models, service updates, and sending of event information.

3.2 The company collects and uses personal information to prevent fraud, illegal activities, or misuse of services, and to protect the cutback system and service security.


4. Contract performance regarding service provision and, if necessary, fee settlement for provision of paid services


4.1. It is used for delivering notices such as terms and conditions revisions, purchasing and paying for paid services, and delivering products and services.


5. Provision of marketing and advertising information


5.1. It is used for compliance with laws and regulations, such as providing information on the release of new features, how to use and benefits of use, opportunities to participate in various events and posting and providing advertising information, and external provision of statistical data on advertising response history, fulfillment of obligations stipulated in laws and regulations, and prevention of incorrect use that may cause damage to the information subject in violation of laws and regulations or terms and conditions of use.

5.2. The company does not send advertising information for commercial purposes against the information subject's explicit refusal to receive it. If the information subject has consented to receiving emails such as product information, newsletters, etc., the company will take measures to ensure that the information subject can easily recognize the following in the subject and body of the email.

a. (Advertisement) is displayed at the beginning of the email subject.

b. The body of the email must clearly state the sender's name, email address, and phone number where the information subject can express their intent to refuse receipt, and must clearly state the method by which the information subject can easily express their intent to refuse receipt. Even when sending advertising information for commercial purposes through media other than email, necessary measures must be taken, such as indicating the word "advertisement" at the beginning of the transmission, in accordance with relevant laws.

  1. Personal information retention and use period

1. The company processes and retains personal information within the retention and use period of personal information stipulated by law or the retention and use period of personal information agreed upon by the information subject at the time of collection of personal information. In principle, the personal information of the information subject is destroyed without delay after the purpose of collection and use of personal information is achieved. However, if the retention and use period of personal information is specifically stipulated by law, it shall be followed, and for example, the following information shall be retained for the period specified below for the reasons stated below.


1.1. Records on contracts or withdrawal of subscription, etc.

a. Basis for retention: Act on Consumer Protection in E-commerce, etc.

b. Retention period: 5 years

1.2. Records on payment and supply of goods, etc.

a. Basis for retention: Act on Consumer Protection in E-commerce, etc.

b. Retention period: 5 years

1.3. Records on handling of consumer complaints or disputes

a. Basis for retention: Act on Consumer Protection in E-commerce, etc.

b. Retention period: 3 years

1.4. Communication fact verification data (log records of computer communication or the Internet, access tracking data that can confirm the location of information and communication devices)

a. Basis for retention: Communication Secrets Protection Act

b. Retention period: 3 months

1.5. Records on display/advertisement

a. Basis for retention: Act on Consumer Protection in E-commerce, etc.

b. Retention period: 6 months


2. Unauthorized use and records


2.1. Unauthorized registration and unauthorized use records are stored for 6 months from the time of collection to prevent unauthorized registration and use. Personal information in the records of unauthorized use includes emails for authentication when requesting registration and settlement. Unauthorized transaction records (email, name, IP address, web storage, device information) in the settlement service that violate related laws and terms of use such as payment theft are stored for 3 years from the time of collection to prevent unauthorized transactions, protect other honest information subjects, and ensure a safe transaction environment.

  1. Matters concerning measures to ensure the safety of personal information

The company is taking the following measures to ensure the safety of personal information.


1. Administrative measures: Establishment and implementation of internal management plan, regular employee training, etc.


2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs (antivirus)


3. Physical measures: Access control to computer rooms, data storage rooms, etc.

  1. Rights, obligations and exercise methods of data subjects and legal representatives

1. The information subject may view or modify his/her personal information and exercise the following rights related to personal information protection.


1.1. Request to view personal information

1.2. Request to modify personal information

1.3. Request to suspend processing of personal information

1.4. Request to delete personal information (withdrawal of membership)


2. The company does not collect personal information of children under the age of 14. However, in the case of collecting personal information of children under the age of 14, the legal representative’s legal rights to process personal information of children under the age of 14 are guaranteed. A minor who is 14 years of age or older may exercise his/her rights regarding his/her personal information by himself/herself or through his/her legal representative.


3. The exercise of the rights in Paragraph 1 may be made in writing, by phone, email, facsimile (FAX), etc. in accordance with Article 41 of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.

  1. Destruction of personal information

In principle, the personal information of the information subject is destroyed without delay when the purpose of collecting and using the personal information is achieved. The company's personal information destruction procedures and methods are as follows.


1. Destruction Procedure

Information entered by the information subject for service subscription, etc. is destroyed without delay after the retention period has expired or the purpose has been achieved. However, in cases where personal information must be continuously preserved in accordance with other laws, it is transferred to a separate DB or storage location and stored for a certain period of time according to the information preservation reasons in accordance with the relevant laws (see Article 4, Personal Information Retention and Use Period) and then destroyed. The above-mentioned separately stored personal information is not used for any other purpose than the specified purpose.


2. Destruction Method

In the case of records, printed materials, written documents, and other recording media other than electronic files, personal information is destroyed by shredding or incineration. Personal information stored in electronic file format is deleted using a technical method that makes the records unrecoverable.

  1. Matters concerning the entrustment of personal information processing

In order to provide better services and provide convenience to users, the company entrusts the processing of personal information of the information subject as follows, and if the content of the entrusted work or the trustee changes, it will disclose it without delay through this personal information processing policy.


Entrustee, content of the entrusted work, period of entrustment

  • Google (Firebase): Member information information system, until the withdrawal of the operating member or termination of the entrusted work

  • Toss Payments Co., Ltd.: Fee payment (domestic), until the withdrawal of the operating member or termination of the entrusted work

  • Google Cloud: Server operation for service provision, until the withdrawal of the operating member or termination of the entrusted work

  • AWS service: Server operation for provision, until the withdrawal of the operating member or termination of the entrusted work

  1. Matters concerning provision of personal information to third parties

1. The Company provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject or special provisions of the law.


2. When the Company provides a customer's personal information to a third party, it individually notifies the customer of who the recipient of the personal information is, what personal information items are being provided, the purpose of providing the personal information, the period of retention and use of the personal information, the fact that the customer has the right to refuse consent, and if there are any disadvantages due to refusal of consent, the details of such disadvantages, etc., through the website, e-mail, or in writing, or through an application form, and then obtains separate consent for this.

  1. Matters concerning the installation and operation of devices that automatically collect personal information and their refusal

The company uses 'Web Storage' to store usage information and retrieve it periodically to provide customized services to customers. Web Storage supports storing data on the client, not the server.

Web Storage includes local storage, session storage, cache storage, and cookies. Local storage, session storage, cache storage, and cookies each have their own unique characteristics and are used selectively as needed.


1. Data is stored using the browser's session storage and local storage. Session storage is stored temporarily, but local storage is permanent. The information subject can delete the data in the local storage by deleting the browser history.


2. Cache storage stores files that have been requested once from the browser and is used when the same request is made. The information subject can delete the data by deleting the browser history.


3. Cookies are a small amount of information that the server (http) used to operate the website sends to the information subject's computer browser and are also stored on the hard disk of the information subject's PC computer. If a customer wishes to refuse cookie storage, he or she can do so by setting options in the Tools>Internet Options>Privacy menu at the top of the web browser.

  1. Personal Information Protection Officer

The company has appointed a personal information protection officer as follows to collect opinions and handle complaints regarding personal information.


  • Personal information protection officer: Kim Jong-gyu

  • Affiliation and position: CEO

  • Contact (email): support@goodnews.energy

  1. Request for access to personal information

The data subject may make a request to view personal information in accordance with Article 35 of the Personal Information Protection Act to the Personal Information Protection Officer in Article 11 or the department to which the Personal Information Protection Officer belongs. The company will endeavor to ensure that the customer's request to view personal information is processed promptly.

  1. Methods of relief for infringement of rights

In order to receive relief for personal information infringement, the data subject may request consultation or dispute resolution from the Personal Information Infringement Report Center of the Korea Internet & Security Agency, the Personal Information Dispute Mediation Committee, etc.


  • Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)

    • Responsibilities: Reporting personal information infringement facts, requesting consultation

  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

    • Responsibilities: Requesting personal information dispute mediation, collective dispute mediation (civil resolution)

  • Supreme Prosecutors' Office Cyber ​​Investigation Department: (without area code) 1301 cid@spo.go.kr (www.spo.go.kr)

  • National Police Agency Cyber ​​Investigation Bureau: (without area code) 182 (ecrm.cyber.go.kr)


In addition, a person whose rights or interests are infringed upon by a disposition or inaction by the head of a public institution in response to a request from a data subject for access to, correction/deletion of, or suspension of processing of personal information may request an administrative appeal in accordance with the Administrative Appeals Act.


※ For detailed information on administrative appeals, please refer to the Central Administrative Appeals Commission (www.simpan.go.kr) website.

  1. Other

Please be advised that this personal information processing policy does not apply to the collection of personal information by other services such as websites linked within the service.


[Supplementary Provisions]

This personal information processing policy will be applied from December 11, 2024.