Privacy Policy

Privacy Policy

Article 1. Purpose

AiderX Inc. (hereinafter referred to as the "Company") establishes this Privacy Policy (hereinafter referred to as "this Policy") to protect the personal information of individuals (hereinafter referred to as "users" or "individuals") who use the services provided by the Company (hereinafter referred to as "Company Services"), to comply with relevant laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the "Information and Communications Network Act"), and to promptly and smoothly handle grievances related to the protection of users' personal information.

Article 2. Principles of Personal Information Processing

In accordance with relevant laws on personal information and this Policy, the Company may collect users' personal information, and the collected personal information may be provided to third parties only with the individual's consent. However, if legally compelled by laws and regulations, the Company may provide users' personal information collected to third parties without prior individual consent.

Article 3. Disclosure of this Policy

1. The Company discloses this Policy on the homepage's first screen or through a screen linked to the first screen so that users can easily check this Policy at any time.
2. When disclosing this Policy pursuant to Paragraph 1, the Company uses font size, color, etc. to make it easy for users to check this Policy.

Article 4. Changes to this Policy

1. This Policy may be amended in accordance with changes in laws, guidelines, notifications, or government or Company service policies or content related to personal information.
2. When amending this Policy pursuant to Paragraph 1, the Company shall notify users through one or more of the following methods:
   • Notification through the notice section on the first screen of the Company's internet homepage or through a separate window
   • Notification to users in writing, by facsimile, by e-mail or similar method
3. The notification in Paragraph 2 shall be made at least 7 days prior to the effective date of the amendment to this Policy. However, if there are significant changes to users' rights, notification shall be made at least 30 days in advance.

Article 5. Information for Membership Registration

The Company collects the following information for users' membership registration in the Company Service.

1. Required information: Email address, password, name, nickname, and profile picture

Article 6. Information for Identity Verification

The Company collects the following information for users' identity verification.

1. Required information: Mobile phone number, email address

Article 7. Payment Information

The Company collects the following information to provide its services to users.

1. Required information: Card number, card password, expiration date, first 6 digits of date of birth

Article 8. Information for Service Use and Fraudulent Use Prevention

The following information may be automatically generated and collected according to users' service use.

1. IP address, cookies, service use records, device information, location information

Article 9. Personal Information Collection Methods

The Company collects users' personal information through the following methods.

1. Users entering their personal information on the Company's homepage
2. Users entering their personal information through services other than the homepage provided by the Company, such as applications
3. Users entering information during the process of using the Company's services, such as customer center consultations and bulletin board activities

Article 10. Use of Personal Information

The Company uses personal information in the following cases.

1. When necessary for Company operations, such as delivering notices
2. For service improvement for users, such as responding to inquiries and handling complaints
3. To provide the Company's services
4. For prevention and sanctions against acts that interfere with the smooth operation of services, including restriction measures for members violating laws and Company terms and fraudulent use
5. For developing new services
6. For demographic analysis and analysis of service visits and usage records
7. To establish relationships between users based on personal information and interests

Article 11. Outsourcing of Personal Information Processing

The Company outsources personal information processing tasks as follows for smooth personal information processing.

1. Consignee: Google Cloud Platform
   • Outsourced tasks: Data storage and management
   • Outsourcing period: Until membership withdrawal or termination of consignment contract

Article 12. Personal Information Retention and Use Period

1. The Company retains and uses personal information for the period necessary to achieve the purpose of collection and use of personal information.
2. Notwithstanding the preceding paragraph, the Company retains service fraudulent use records for up to 1 year from the time of membership withdrawal to prevent fraudulent registration and use according to internal policies.

Article 13. Personal Information Retention and Use Period According to Laws

The Company retains and uses personal information as follows in accordance with relevant laws.

1. Retention information and period according to the Act on Consumer Protection in Electronic Commerce
   • Records on contracts or withdrawal of subscriptions: 5 years
   • Records on payment and supply of goods: 5 years
   • Records on consumer complaints or dispute resolution: 3 years
   • Records on labeling and advertising: 6 months
2. Retention information and period according to the Protection of Communications Secrets Act
   • Website log records: 3 months
3. Retention information and period according to the Electronic Financial Transactions Act
   • Records on electronic financial transactions: 5 years
4. Act on the Protection and Use of Location Information
   • Records on personal location information: 6 months

Article 14. Principles of Personal Information Destruction

In principle, the Company destroys personal information without delay when personal information is no longer needed, such as when the purpose of personal information processing is achieved or the retention and use period has elapsed.

Article 15. Personal Information Destruction Procedures

1. Information entered by users for membership registration is transferred to a separate DB (a separate document box in the case of paper) after the personal information processing purpose is achieved and stored for a certain period according to information protection reasons under internal policies and other relevant laws (see retention and use period) before being destroyed.
2. The Company destroys personal information for which destruction reasons have occurred through the approval process of the personal information protection officer.

Article 16. Personal Information Destruction Methods

The Company deletes personal information stored in electronic file format using technical methods that cannot reproduce the records, and destroys personal information printed on paper by shredding or incineration.

Article 17. Measures for Sending Advertising Information

1. The Company obtains users' explicit prior consent when sending profit-oriented advertising information using electronic transmission media. However, prior consent is not obtained in any of the following cases:
   • When the Company directly collects contact information from recipients through transactional relationships for goods and intends to send profit-oriented advertising information about goods of the same type as those the Company handled and transacted with the recipient within 6 months from the date of transaction termination
   • When a telephone solicitation seller under the Door-to-Door Sales Act makes telephone solicitations to recipients by voice, notifying the source of personal information collection
2. Notwithstanding the preceding paragraph, if recipients express their intention to refuse reception or withdraw prior consent, the Company does not send profit-oriented advertising information and notifies processing results for reception refusal and consent withdrawal.
3. When sending profit-oriented advertising information using electronic transmission media between 9 PM and 8 AM the following day, the Company obtains separate prior consent from recipients notwithstanding Paragraph 1.
4. When sending profit-oriented advertising information using electronic transmission media, the Company specifically discloses the following matters in the advertising information:
   • Company name and contact information
   • Indication of matters concerning reception refusal or withdrawal of reception consent
5. When sending profit-oriented advertising information using electronic transmission media, the Company does not take any of the following measures:
   • Measures to evade or interfere with advertising information recipients' reception refusal or withdrawal of reception consent
   • Measures to automatically generate recipients' contact information such as phone numbers and email addresses by combining numbers, symbols, or characters
   • Measures to automatically register phone numbers or email addresses for the purpose of sending profit-oriented advertising information
   • Various measures to hide the identity of advertising information senders or advertising transmission sources
   • Various measures to deceive recipients and induce responses for the purpose of sending profit-oriented advertising information

Article 18. Users' Obligations

1. Users must keep their personal information up-to-date, and users themselves are responsible for problems arising from inaccurate information entry.
2. Membership registration using others' personal information may result in loss of user qualification or punishment under relevant personal information protection laws.
3. Users are responsible for maintaining security for email addresses, passwords, etc., and cannot transfer or lend them to third parties.

Article 19. Company's Personal Information Management

The Company implements necessary technical and managerial protective measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged when processing users' personal information.

Article 20. Processing of Deleted Information

The Company processes personal information terminated or deleted at the request of users or legal representatives according to what is specified in "Personal Information Retention and Use Period" that the Company collects, and processes it so that it cannot be viewed or used for other purposes.

Article 21. Password Encryption

Users' passwords are stored and managed through one-way encryption, and personal information can only be confirmed and changed by the user who knows the password.

Article 22. Measures Against Hacking

1. The Company does its best to prevent users' personal information from being leaked or damaged by information and communication network intrusions such as hacking and computer viruses.
2. The Company uses the latest vaccine programs to prevent users' personal information or data from being leaked or damaged.
3. The Company does its best for security using intrusion blocking systems in case of emergency.
4. The Company ensures that sensitive personal information (when collected and retained) is safely transmitted over networks through encrypted communications.

Article 23. Minimization of Personal Information Processing and Education

The Company minimizes personal information processing personnel to the minimum and emphasizes compliance with laws and internal policies through management measures such as education for personal information processors.

Article 24. Measures for Personal Information Leakage

When the Company becomes aware of the loss, theft, or leakage (hereinafter referred to as "leakage, etc.") of personal information, it shall notify the relevant users of all the following matters without delay and report to the Korea Communications Commission or the Korea Internet & Security Agency.

1. Personal information items that were subject to leakage, etc.
2. Time when leakage, etc. occurred
3. Measures users can take
4. Response measures of information and communication service providers, etc.
5. Department and contact information where users can receive consultation

Article 25. Exceptions to Measures for Personal Information Leakage

Notwithstanding the preceding Article, if there are legitimate reasons such as not knowing users' contact information, the Company may replace the notification in the preceding Article by posting it on the Company's homepage for at least 30 days.

Article 26. Protection of Personal Information Transferred Overseas

1. The Company does not conclude international contracts with content that violates relevant regulations such as the Personal Information Protection Act regarding users' personal information.
2. The Company obtains users' consent to provide (including when inquired), entrust processing, or store (hereinafter referred to as "transfer") users' personal information overseas. However, if all matters in each subparagraph of Paragraph 3 of this Article are disclosed according to relevant regulations such as the Personal Information Protection Act or notified to users by methods prescribed by Presidential Decree such as email, consent procedures for personal information processing entrustment and storage may be omitted.
3. To obtain consent under the main clause of Paragraph 2, the Company shall notify users in advance of all the following matters:
   • Items of personal information being transferred
   • Countries to which personal information is transferred, transfer date and time, and transfer method
   • Name of the recipient of personal information (in the case of a corporation, its name and contact information of the information management officer)
   • Purpose of use and retention/use period of personal information by the recipient
4. When transferring personal information overseas with consent under the main clause of Paragraph 2, the Company takes protective measures as prescribed in the Presidential Decree of the Personal Information Protection Act and other relevant regulations.

Article 27. Cookie Operation and Utilization

1. The Company operates 'cookies' that store and retrieve users' information from time to time. Cookies are very small text files sent by servers used to operate websites to users' browsers and are stored on users' computer hard disks.
2. The Company uses cookies for the following purposes:
   • Cookie usage purpose: To analyze members' and non-members' access frequency and visit times, identify users' preferences and areas of interest and track traces, target marketing and provide personalized services through understanding event participation levels and visit counts

Article 28. Choice Regarding Cookies

1. Users have the choice regarding cookie installation. Therefore, users can allow all cookies, go through confirmation each time cookies are saved, or refuse to save all cookies by setting options in their web browser.
2. However, if users refuse to save cookies, there may be difficulties in using some of the Company's services that require login.

Article 29. Method for Specifying Cookie Installation Consent

The method for specifying whether to allow cookie installation (in the case of Internet Explorer) is as follows.

1. Select [Internet Options] from the [Tools] menu.
2. Click the [Privacy tab].
3. Set the [Privacy handling level].

Article 30. Designation of Company's Personal Information Protection Officer

The Company designates a Personal Information Protection Officer as follows to protect users' personal information and handle complaints related to personal information:

Addendum

This Policy is effective from November 19, 2024.