Privacy Policy

The Company collects and uses personal information only to the minimum extent necessary to provide its services, in accordance with PIPA.

(1) Where consent is required to process the personal information of a child under 14, the Company obtains consent from the child’s legal guardian. (2) When obtaining the legal guardian’s consent, the Company may request only the minimum information from the child (such as the guardian’s name and contact information), displays whether the guardian has given consent on the website where the consent content is posted, and confirms the consent by sending a text message to the guardian’s mobile phone.

(1) When personal information is no longer needed — for example, when the retention period has expired or the purpose of processing has been achieved — the Company destroys it without delay. (2) If personal information must be retained under other laws even after the retention period agreed to by the data subject has expired or the purpose of processing has been achieved, the Company stores such information in a separate database or in a different location. ※ Items and legal basis for personal information retained under other laws can be found in Section 1 (Purposes of processing, items collected, and retention periods). (3) The procedures and methods for destroying personal information are as follows: ① Destruction procedure The Company identifies personal information eligible for destruction and destroys it with the approval of the Privacy Officer. ② Destruction method Personal information stored in electronic file form is destroyed in a way that prevents the records from being recovered. Personal information recorded on paper is shredded or incinerated.

(1) To ensure smooth processing, the Company outsources certain personal information processing tasks as follows.

(2) When entering into outsourcing contracts, the Company specifies in writing — pursuant to Article 26 of PIPA — that the processor must not process personal information beyond the scope of the outsourced task, and must comply with requirements regarding technical and administrative safeguards, restrictions on re-outsourcing, supervision of the processor, and liability for damages. The Company supervises whether the processor handles personal information securely. (3) In accordance with Article 26, Paragraph 6 of PIPA, any re-outsourcing of personal information processing by the processor is subject to the Company’s consent. (4) If the content of the outsourced work or the processor changes, the Company will disclose the change through this Privacy Policy without delay.

The Company outsources some tasks to overseas entities as follows.

(1) For users who have not used the service for one year, the Company converts the account to a dormant account and stores the personal information separately. The separately stored personal information is retained for one year and then destroyed without delay. (2) At least 30 days before conversion to a dormant account, the Company notifies the affected member — by email, text message, or other suitable means — of the fact that their personal information will be stored separately, the scheduled dormancy date, and the items to be stored separately. (3) If you do not want your account to be converted to a dormant account, log in to the service before the conversion. Even after an account has been converted to a dormant account, logging in restores the account with your consent so you can continue using the service normally.

The Company takes the following measures to ensure the security of personal information. (1) Administrative measures: establishing and implementing internal management plans, operating a dedicated team, and providing regular employee training. (2) Technical measures: managing access permissions to the personal information processing system, installing access control systems, encrypting personal information, and installing and regularly updating security software. (3) Physical measures: access control to server rooms and document storage areas.

(1) During the course of providing services, the Company uses cookies to collect and use behavioral information in personally identifiable form, in order to deliver optimized personalized services, benefits, and online targeted advertising to data subjects. (2) The Company collects only the minimum behavioral information needed for personalized services, benefits, and online targeted advertising. It does not collect sensitive behavioral information that could infringe on individual rights, interests, or privacy — such as information about thoughts, beliefs, education, or medical history. (3) The Company does not collect behavioral information from children for personalized advertising purposes and does not deliver personalized advertising to children. (4) Data subjects can block or allow personalized advertising in bulk by changing their web browser’s cookie settings. Note that changing cookie settings may restrict access to some services, such as automatic website login.

▶ Blocking / allowing personalized advertising through a web browser a. Chrome – Click the “⋮” icon in the top-right of Chrome, then click “Settings.” – In the left pane of the settings page, click “Privacy and security,” then click “Clear browsing data” to choose what browsing history to delete. – Similarly, click “Privacy and security,” then click “Third-party cookies” to choose whether to block them. b. Edge – Click the “…” icon in the top-right of Edge, then click “Settings.” – In the left pane, click “Privacy, search, and services,” and under the “Tracking prevention” section, choose whether tracking prevention is on and what level to use. – Choose whether to “Always use ‘Strict’ tracking prevention when browsing InPrivate.”

(5) The Company collects and uses an advertising identifier on mobile devices for personalized advertising in the app. Data subjects can block or allow personalized advertising in the app by changing their mobile device settings.

▶ Blocking / allowing the mobile advertising identifier a. (Android) ① Settings → ② Security & privacy → ③ Privacy → ④ Other privacy settings → ⑤ Ads → ⑥ Reset advertising ID or delete advertising ID. b. (iPhone) ① Settings → ② Privacy & Security → ③ Tracking → ④ Turn off “Allow Apps to Request to Track.” ※ Menus and methods may differ slightly depending on the mobile OS version.

(6) For questions about behavioral information, to exercise your right to refuse, or to file a complaint, please contact the department listed in Section 10 (Privacy Officer and department in charge of handling complaints).

(1) Data subjects may exercise their rights against the Company at any time, including the right to access, correct, delete, suspend processing of, or withdraw consent for their personal information, as well as the right to refuse or request an explanation of automated decisions (collectively, “Exercise of Rights”). ※ For personal information of children under 14, requests for access and similar actions must be made by the legal guardian directly. Data subjects who are minors aged 14 or older may exercise their rights either personally or through a legal guardian. (2) You may exercise these rights in writing, by email, or by fax, in accordance with Article 41(1) of the Enforcement Decree of PIPA. The Company will act on such requests without delay. – You may view, edit, or delete your personal information at any time directly from the in-app settings, or request access via the “Contact us” menu. – You may withdraw your consent to the collection and use of personal information at any time through “Delete account.” – You may refuse or request an explanation of automated decisions at any time through the in-app settings. (3) You may also exercise your rights through a legal representative or an authorized agent. In that case, you must submit a power of attorney in the form set out in Schedule 11 of the Notice on the Methods of Processing Personal Information (Notice No. 2023-12). (4) A data subject’s right to access or suspend processing of personal information may be restricted under Article 35(4) and Article 37(2) of PIPA. (5) Where another law specifies that the personal information must be collected, the data subject may not request deletion of such personal information. (6) If the data subject has consented to automated decisions, has been notified in advance through a contract, or where automated decisions are clearly authorized by law, the right to refuse automated decisions does not apply — only the right to request an explanation or review is available. – Requests to refuse or request explanations of automated decisions may be denied where there is a legitimate reason — for example, where granting the request would unjustly harm the life, body, property, or other interests of another person. (7) The Company verifies whether the person exercising rights is the data subject or a legitimate representative. (8) Data subjects can exercise their rights by contacting the department listed in Section 10 (Privacy Officer and department in charge of handling complaints). The Company will make every effort to process the exercise of rights promptly.

(1) The Company designates a Privacy Officer to oversee personal information processing and to handle complaints and damage relief related to personal information processing, as follows.

(2) Data subjects may contact the Privacy Officer and the department in charge for any inquiries, complaints, or requests for damage relief regarding personal information protection that arise from using the Company’s services. The Company will respond to and handle such inquiries without delay.

(1) Data subjects may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency’s Privacy Infringement Report Center, and similar bodies to obtain remedies for personal information infringement. For other reports or counseling related to personal information infringement, please contact the following organizations. ① Personal Information Dispute Mediation Committee: 1833-6972 (no area code) — www.kopico.go.kr ② Privacy Infringement Report Center: 118 (no area code) — privacy.kisa.or.kr ③ Supreme Prosecutors’ Office: 1301 (no area code) — www.spo.go.kr ④ Korean National Police Agency: 182 (no area code) — ecrm.cyber.go.kr (2) The Company strives to guarantee data subjects’ right to informational self-determination and to provide consultation and relief for personal information infringement. If you need to file a report or seek consultation, please contact the department listed in Section 10 (Privacy Officer and department in charge of handling complaints).

(1) This Privacy Policy is effective as of April 1, 2025.