Privacy Policy

Enkor With Us Co., Ltd. (hereinafter referred to as the "Company") complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the “Information and Communications Network Act”), and other relevant laws to protect the information (hereinafter referred to as “personal information”) of individuals (hereinafter referred to as "users" or "individuals") using the services provided by the Company (hereinafter referred to as "Company services"). To handle any complaints related to the protection of personal information promptly and smoothly, the Company establishes this privacy policy (hereinafter referred to as the "Policy") as follows.

Principles of Personal Information Processing

In accordance with relevant laws and this Policy, the Company may collect users' personal information. Collected personal information can only be provided to third parties with the individual’s consent. However, in cases where the Company is legally obligated to provide personal information according to legal regulations, the Company may provide the collected information to third parties without prior consent.

Disclosure of the Policy

1. The Company publishes this Policy so that users can easily check it at any time through the first page of the Company's website or a link from the first page.
2. The Company ensures that this Policy is easily accessible to users by using appropriate font sizes, colors, etc.

Changes to the Policy

1. This Policy may be revised due to changes in relevant laws, guidelines, notices, or government or company service policies.
2. If the Company revises the Policy as outlined in the above clause, it will notify users through one or more of the following methods:
   1. Notification on the first page of the Company’s website or through a pop-up window
   2. Written notice, facsimile, email, or other similar methods to users
3. The Company will notify users at least seven days before the implementation of the revised Policy. However, if there is a significant change in users’ rights, the notice will be provided at least 30 days in advance.

Information for Member Registration

The Company collects the following information for users to register for the Company’s services:

1. Required information: Email address, name, nickname, and mobile phone number
2. Optional information: Profile picture, country, gender, and date of birth

Information for Service Use and Prevention of Fraudulent Use

The Company collects the following information for statistical analysis of service usage and verification and analysis of fraudulent use (fraudulent use refers to actions such as creating multiple accounts to receive unfair rewards, using automated methods to abnormally use services, stealing other users' personal information to access services, and other actions prohibited by the terms of service, such as identity theft):

1. Required information: Service usage records, cookies, access location information, and device information

Method of Personal Information Collection

The Company collects personal information through the following methods:

1. When users enter their personal information on the Company’s website
2. When users enter personal information through services other than the website, such as applications provided by the Company
3. When users input personal information while using the Company’s services, such as during customer service consultations or activities

Use of Personal Information

The Company uses personal information in the following cases:

1. When necessary for delivering notices related to company operations
2. To respond to user inquiries and improve services based on user feedback
3. To provide Company services
4. To take measures to limit use or prevent actions that interfere with the smooth operation of services, such as violating laws and company terms of service or engaging in fraudulent use
5. For the development of new services
6. For demographic analysis, analysis of service visit and usage records
7. To facilitate relationships between users based on personal information and interests

Outsourcing of Personal Information Processing

To provide smooth services and efficiently handle operations, the Company outsources the processing of personal information as follows:

1. Amazon Web Services Inc. (Asia Pacific (Seoul)) is entrusted with data storage and system operations until account deletion or termination of the contract, or termination of the service (only if the user utilizes the service).
2. Google L.L.C. is entrusted with service usage behavior analysis, log analysis, and tracking the performance of online advertisements until account deletion or termination of the contract, or termination of the service (only if the user utilizes the service).
3. Amplitude Inc. is entrusted with service usage behavior analysis, log analysis, and tracking the performance of online advertisements until account deletion or termination of the contract, or termination of the service (only if the user utilizes the service).

Retention and Use Period of Personal Information

1. The Company retains and uses users’ personal information for the duration required to achieve the purpose of collection and use.
2. Notwithstanding the above clause, the Company retains records of fraudulent use for up to one year after the user’s account deletion to prevent fraudulent account registration and use.

Retention and Use Period Based on Legal Requirements

The Company retains and uses personal information based on legal requirements as follows:

1. Information and retention period in accordance with the Act on Consumer Protection in Electronic Commerce:
   1. Records related to contracts or withdrawal of offers: 5 years
   2. Records related to payment and supply of goods: 5 years
   3. Records related to consumer complaints or dispute resolution: 3 years
   4. Records related to displays/advertisements: 6 months
2. Information and retention period in accordance with the Protection of Communications Secrets Act:
   1. Web log records: 3 months
3. Information and retention period in accordance with the Electronic Financial Transactions Act:
   1. Records related to electronic financial transactions: 5 years
4. Information and retention period in accordance with the Act on the Protection and Use of Location Information:
   1. Records related to personal location information: 6 months

Principles of Personal Information Destruction

In principle, the Company destroys users' personal information without delay when the purpose of processing is achieved, or when the retention/use period has expired.

Procedure for Personal Information Destruction

1. Information entered by users for member registration is transferred to a separate database (or, in the case of paper, a separate document box) after the purpose of processing is achieved and is retained for a certain period in accordance with internal policies and relevant laws (refer to retention and use period) before being destroyed.
2. The Company destroys personal information with the approval of the personal information protection officer when destruction is required.

Methods of Personal Information Destruction

Personal information stored electronically is deleted using technical methods that prevent its recovery, and paper-printed personal information is destroyed using shredders or burned.

Rights and Obligations of Data Subjects and Methods of Exercise

1. Data subjects can exercise their rights, such as requesting access, correction, deletion, or suspension of personal information processing at any time. Data subjects can request account withdrawal (withdrawal of consent), but this may restrict the use of some or all services.
2. Data subjects can access and correct personal information through "Profile Edit" and can withdraw by following the identity verification process under "Settings > Account Management > Withdrawal." Alternatively, requests can be made in writing, via email, or through the customer center in accordance with Article 41, Clause 1 of the Enforcement Decree of the Personal Information Protection Act. The Company will handle requests without delay.
3. Data subjects can exercise their rights through legal representatives or authorized persons. In this case, a power of attorney must be submitted in accordance with Form 11 of the Personal Information Processing Guidelines (No. 2020-7).
4. Requests for access to or suspension of personal information may be restricted according to Articles 35, Clause 4, and Article 37, Clause 2 of the Personal Information Protection Act.
5. Requests for correction or deletion of personal information may not be accepted if other laws stipulate the collection of the personal information in question.
6. The Company verifies whether the individual requesting access, correction, deletion, or suspension is the individual or a legitimate representative.

Measures Regarding Transmission of Advertising Information

1. The Company obtains prior explicit consent from users when transmitting advertising information for commercial purposes through electronic transmission media. However, the following cases are excluded from prior consent:
   1. If the Company directly collects contact information through a transaction with the recipient and transmits advertising information related to goods or services of the same kind within six months of the transaction
2. The Company will not transmit advertising information if the recipient expresses refusal or withdraws consent to receive advertising information.
3. The Company will obtain separate consent if transmitting advertising information for commercial purposes between 9 PM and 8 AM the next day.
4. The Company will clearly indicate the following information in the transmitted advertising:
   1. The Company’s name and contact information
   2. Instructions for refusing or withdrawing consent to receive advertising information
5. The Company will not engage in the following actions when transmitting advertising information for commercial purposes:
   1. Avoid or interfere with the recipient’s refusal or withdrawal of consent
   2. Automatically generate phone numbers or email addresses by combining numbers, symbols, or letters
   3. Automatically register phone numbers or email addresses for the purpose of transmitting advertising information
   4. Hide the identity or source of advertising information
   5. Deceptively induce a reply to transmit advertising information

Protection of Children’s Personal Information

The Company’s services are available to users aged 18 and older.

Obligations of Users

1. Users must maintain their personal information accurately, and they are responsible for any issues caused by inaccurate information they provide.
2. Users who register with stolen personal information may lose their membership or face penalties under personal information protection laws.
3. Users are responsible for safeguarding their email addresses, passwords, and other information and must not transfer or lend this information to third parties.

Installation, Operation, and Refusal of Automatic Collection of Personal Information

1. The Company uses automatic personal information collection devices (hereinafter referred to as “cookies”) to provide customized services. Cookies are small pieces of information sent by a web server (including PC and mobile browsers) to a user’s web browser and are stored on the user’s storage space.
2. Users have the option to allow, verify, or refuse the installation of cookies by setting their browser options.
3. However, refusing to store cookies may hinder the use of some of the Company’s services that require login.

Designation of the Personal Information Protection Officer

1. The Company has designated the following department and personal information protection officer to protect users’ personal information and handle complaints related to personal information.
   • Personal Information Protection Officer
     • Name: Junghoon Oh
     • Position: CEO
     • Phone number: 070-8803-1160
     • Email: fip.support@enkor.kr

Remedies for Rights Infringement

1. If users experience infringement of their personal information, they may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, or other relevant organizations. For more information, users can contact the following organizations:
   1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
   2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
   3. Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)
   4. National Police Agency: 182 (ecrm.cyber.go.kr)
2. The Company endeavors to protect users’ right to self-determination over personal information and to handle complaints or provide remedies in case of personal information infringement. Users can contact the designated department for any inquiries.
3. If a public institution violates users’ rights, such as through refusal to allow access to personal information, users may file an administrative appeal in accordance with the Administrative Appeals Act.
   1. Central Administrative Appeals Commission: 110 (www.simpan.go.kr)

Appendix

Article 1: This Policy is effective from July 10, 2024.

Article 2: The previous version of the Privacy Policy can be checked through the notice section.