Article 1 (Purpose)

SeoulClick (hereinafter referred to as the ‘Company’) establishes this Privacy Policy (hereinafter referred to as ‘this Policy’) to protect the personal information (hereinafter referred to as ‘Personal Information’) of individuals (hereinafter referred to as ‘Users’ or ‘Individuals’) using the services provided by the Company (hereinafter referred to as ‘Company Services’). This Policy ensures compliance with relevant laws, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the ‘Information and Communications Network Act’), and aims to swiftly and smoothly handle any grievances related to the protection of personal information of service users.

Article 2 (Principles of Personal Information Processing)

In accordance with relevant personal information laws and this Policy, the Company may collect personal information from users. The collected personal information may be provided to third parties only with the consent of the individual. However, if required by law or other regulations, the Company may provide the collected personal information of users to third parties without prior consent from the individual.

Article 3 (Disclosure of This Policy)

1. The Company shall disclose this Policy through the main screen of the Company’s website or a linked screen from the main screen, ensuring that users can easily access it at any time.
2. When disclosing this Policy in accordance with Paragraph 1, the Company shall use appropriate font sizes, colors, and other visual elements to ensure that users can easily read and understand this Policy.

Article 4 (Amendments to This Policy)

1. This Policy may be revised in accordance with changes in personal information-related laws, guidelines, notifications, or changes in government or Company service policies and content.
2. If this Policy is revised as per Paragraph 1, the Company shall notify users using one or more of the following methods: a) Posting a notice on the main screen or a separate window of the Company’s website b) Notifying users via written notice, fax, email, or similar methods.
3. The Company shall provide notice of the revision at least 7 days before the effective date of the amended Policy. However, if there are significant changes to user rights, the Company shall notify at least 30 days in advance.

Article 5 (Information for Membership Registration)

The Company collects the following information from users for membership registration for the Company Services:

1. Mandatory information: Email address, password, and name.

Article 6 (Information for Payment Services)

The Company collects the following information from users to provide payment services:

Mandatory information:

1. Card number, card password, expiration date, and the first six digits of the date of birth (yy/mm/dd).

Article 7 (Methods of Collecting Personal Information)

The Company collects personal information from users through the following methods:

1. Users entering their personal information on the Company’s website.
2. Users entering their personal information through services provided by the Company outside of the website, such as applications.

Article 8 (Use of Personal Information)

The Company uses personal information in the following cases:

1. When necessary for the operation of the Company, such as delivering notices.
2. To respond to user inquiries and handle complaints, thereby improving user services.
3. To provide the Company’s services.
4. To take restrictive measures against members who violate laws and Company terms, and to prevent and sanction activities that hinder the smooth operation of services, including fraudulent activities.

Article 9 (Entrustment of Personal Information Processing)

The Company entrusts the processing of personal information to ensure the smooth provision of services and effective business operations as follows:

1. Entrustment to PayPal for processing card payments, including handling personal information during member withdrawal or the termination of the entrustment contract.

Article 10 (Retention and Use Period of Personal Information)

1. The Company retains and uses users’ personal information for the period necessary to achieve the purpose of collecting and using the personal information.
2. Notwithstanding the preceding paragraph, the Company retains records of fraudulent service use according to internal policies for up to one year from the time of member withdrawal to prevent fraudulent registration and use.

Article 11 (Retention and Use Period of Personal Information According to Laws)

The Company retains and uses personal information in accordance with relevant laws as follows:

1. Retention information and period according to the Act on the Consumer Protection in Electronic Commerce, etc. a) Records regarding contracts or withdrawal of subscription: 5 years b) Records regarding payment and supply of goods, etc.: 5 years c) Records regarding consumer complaints or dispute resolution: 3 years d) Records regarding display and advertising: 6 months
2. Retention information and period according to the Protection of Communications Secrets Act a) Website log records: 3 months
3. Retention information and period according to the Electronic Financial Transactions Act a) Records regarding electronic financial transactions: 5 years
4. Retention information and period according to the Act on the Protection and Use of Location Information a) Records regarding personal location information: 6 months

Article 12 (Principle of Personal Information Destruction)

The Company shall promptly destroy users’ personal information when the purpose of processing the personal information has been achieved, the retention and use period has elapsed, or the personal information is no longer needed.

Article 13 (Personal Information Destruction Procedure)

1. After the purpose for which users provided their personal information (such as for membership registration) has been fulfilled, the information will be moved to a separate database (or a designated secure file storage for paper records). Following our internal policies and relevant legal requirements for data protection (as specified in our retention and use period guidelines), this information will be stored for a designated period before being permanently deleted.
2. The Company will destroy personal information that needs to be disposed of only after receiving approval from the personal information protection officer, ensuring that all necessary procedures are followed.

Article 14 (Methods of Destroying Personal Information)

The Company uses the following methods to destroy personal information:

1. Electronic Files: Personal information stored in electronic file formats will be deleted using technical methods that make the records irretrievable.
2. Paper Documents: Personal information printed on paper will be destroyed by shredding or burning to ensure complete destruction.

Article 15 (Measures for Sending Advertising Information)

1. The Company will obtain the user’s explicit prior consent before sending commercial advertising information through electronic transmission media. However, the following exceptions apply where prior consent is not required:

• If the Company has collected contact information directly from the recipient through a transaction relationship involving goods and services and sends commercial advertising information related to similar goods and services within six months from the end of the transaction.
• If a telephone solicitation seller, under the Act on Door-to-Door Sales, verbally informs the recipient of the source of the personal information and conducts the solicitation.

2. Regardless of the above exceptions, if a recipient indicates their refusal to receive or withdraws their prior consent to receive commercial advertising information, the Company will immediately stop sending such information and will inform the recipient of the outcome of the refusal or withdrawal process.

3. If the Company intends to send commercial advertising information via electronic transmission media between 9 PM and 8 AM the following day, it will obtain separate prior consent from the recipient, even if consent was previously given under other circumstances.

4. When sending commercial advertising information via electronic transmission media, the Company will clearly specify the following details within the advertising information:

• The Company’s name and contact information.
• Instructions on how to refuse receipt or withdraw consent for receiving such information.

5. The Company will not engage in the following actions when sending commercial advertising information via electronic transmission media:

• Taking measures to evade or obstruct the recipient’s refusal or withdrawal of consent to receive advertising information.
• Automatically generating contact information such as phone numbers or email addresses by combining numbers, symbols, or characters.
• Automatically registering phone numbers or email addresses for the purpose of sending commercial advertising information.
• Taking measures to conceal the sender’s identity or the source of the advertising transmission.
• Deceiving the recipient to induce a response for the purpose of sending commercial advertising information.

6. This version maintains a formal yet accessible tone, ensuring that users understand their rights and the Company’s obligations regarding the sending of advertising information.

Article 16 (Protection of Children’s Personal Information)

The Company permits membership registration only for users who are 14 years of age or older to protect the personal information of children under the age of 14.

Article 17 (Access to Personal Information and Withdrawal of Consent for Collection)

1. Users and their legal guardians have the right to view or modify their registered personal information at any time. They may also request the withdrawal of their consent for the collection of personal information.
2. To withdraw consent for the collection of their personal information or to modify their registration information, users or their legal guardians should contact the Company’s personal information protection officer or the designated representative by written notice, phone, or email. The Company will promptly take the necessary actions upon receiving such a request.

Article 18 (Correction of Personal Information and Related Changes)

1. Users may request corrections to any inaccuracies in their personal information by contacting the Company as outlined in the previous article.
2. Upon receiving such a request, the Company will not use or provide the erroneous personal information until the corrections are completed. If the incorrect personal information has already been provided to a third party, the Company will promptly inform the third party of the correction process and ensure that the necessary adjustments are made.

Article 19 (User’s Responsibilities)

1. Users are responsible for keeping their personal information up to date. The Company is not liable for any issues arising from the user’s submission of inaccurate or outdated information.
2. Users who register with stolen personal information will lose their membership status and may face penalties under relevant data protection laws.
3. Users are responsible for maintaining the security of their email addresses, passwords, and other personal identifiers. They must not transfer or lend these credentials to any third party.

Article 20 (Company’s Management of Personal Information)

The Company implements necessary technical and managerial protective measures to ensure the safety of users’ personal information. These measures are designed to prevent loss, theft, leakage, alteration, or damage of personal data during processing.

Article 21 (Handling of Deleted Information)

When personal information is terminated or deleted at the request of the user or their legal guardian, the Company will handle it in accordance with the procedures outlined in the “Retention and Use Period of Personal Information” section. Such information will not be accessed or used for any purposes beyond those specified in that section.

Article 22 (Encryption of Passwords)

User passwords are stored and managed using one-way encryption. This ensures that personal information can only be accessed or modified by the individual who knows the password.

Article 23 (Measures Against Hacking and Other Threats)

1. The Company takes all necessary steps to prevent the leakage or damage of users’ personal information due to hacking, computer viruses, or other intrusions into the information and communications network.
2. The Company uses the latest antivirus programs to protect users’ personal information and data from being leaked or damaged.
3. The Company employs an intrusion prevention system to maximize security and safeguard against potential incidents.
4. If the Company collects and holds sensitive personal information, it ensures the safe transmission of this information over the network by using encrypted communication and other secure methods.

Article 24 (Minimization and Training in Personal Information Processing)

The Company restricts the number of personnel authorized to handle personal information to the minimum necessary. Through administrative measures, including regular training for those handling personal data, the Company emphasizes compliance with legal requirements and internal policies.

Article 25 (Measures for Personal Information Leakage)

If the Company becomes aware of any loss, theft, or leakage (hereinafter referred to as “leakage”) of personal information, it will promptly inform the affected users and report the incident to the Korea Communications Commission or the Korea Internet & Security Agency. The notification to the users will include the following details:

1. The categories of personal information that were subject to the leakage.
2. The time when the leakage occurred.
3. Actions that users can take to mitigate potential harm.
4. The Company’s response measures to address the leakage.
5. Contact details of the department handling inquiries and providing assistance to affected

Article 26 (Exceptions to Measures for Personal Information Leakage)

Despite the requirements in the previous article, if there are legitimate reasons such as the inability to ascertain the user’s contact information, the Company may substitute direct notification by posting a notice on its website for at least 30 days. This will be considered a sufficient measure to inform users about the leakage incident.

Article 27 (Protection of Personal Information Transferred Abroad)

1. The Company will not enter into international agreements that violate the Personal Information Protection Act or other relevant laws concerning the handling of users’ personal information.

2. Before transferring users’ personal information abroad (including providing access, outsourcing processing, or storing information, hereinafter referred to as “transfer”), the Company will obtain the users’ consent. However, if the Company discloses all the details listed in Paragraph 3 of this Article in accordance with the Personal Information Protection Act or other relevant regulations, or informs the users via email or other methods prescribed by Presidential Decree, it may forgo the consent procedure for outsourcing the processing or storing of personal information.

3. To obtain consent for the transfer of personal information abroad as per Paragraph 2, the Company will provide prior notice to the user of the following details:

• The categories of personal information to be transferred.
• The country to which the personal information will be transferred, along with the date and method of transfer.
• The name of the recipient of the personal information (for corporations, the corporate name and the contact details of the information management officer).
• The purpose of use and the retention and use period of the personal information by the recipient.

4. When transferring personal information abroad with the consent of the user as per Paragraph 2, the Company will implement protective measures in accordance with the Personal Information Protection Act, Presidential Decree, and other relevant regulations.

Article 28 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

1. Use of Cookies: The Company uses automatic personal information collection devices such as cookies to provide personalized services to users. Cookies are small pieces of information that a website’s server sends to the user’s web browser (including PC and mobile) and may be stored on the user’s storage space. They are used to store and retrieve user information to enhance the user’s experience with tailored services.

2. User’s Choice Regarding Cookies: Users have the option to accept, verify each time, or refuse the installation of cookies. This can be managed through the settings in the user’s web browser:

• Users can allow all cookies.
• Users can be prompted to accept cookies each time they are stored.
• Users can refuse to store all cookies.

3. Implications of Refusing Cookies: If users refuse to store cookies, they may experience difficulties using certain services of the Company that require login or other functions dependent on cookie storage.

Article 29 (How to Manage Cookie Settings)

Users can manage their cookie preferences through their web browser settings, allowing them to accept or block cookies as desired. Here’s how to configure cookie settings in various popular web browsers:

Microsoft Edge:

• Go to the settings menu at the top right of the browser.
• Navigate to “Cookies and site permissions.”
• Select “Manage and delete cookies and site data” to adjust your cookie settings.

Google Chrome:

• Open the settings menu at the top right of the browser.
• Go to “Privacy and security.”
• Click on “Cookies and other site data” to configure your cookie preferences.

Naver Whale:

• Access the settings menu at the top right of the browser.
• Go to “Privacy protection.”
• Select “Cookies and other site data” to manage cookie settings.

Article 30 (Designation of the Company’s Personal Information Protection Officer)

1. Personal Information Protection Officer: To protect users’ personal information and handle complaints related to personal information, the Company has designated the following department and individual as responsible for personal information protection:

Personal Information Protection Officer:

• Name: Dong Woo Lee
• Position: Executive Director
• Phone Number: +82 10 7030 3055
• Email: davidwau@naver.com

2. The Company operates a dedicated department for personal information protection. This department ensures the implementation of the Privacy Policy and compliance by responsible personnel. If any issues are discovered, the Company strives to resolve them promptly and correctly.

3. Under Article 35 of the Personal Information Protection Act, data subjects can request access to their personal information from the following department. The Company will make every effort to process these access requests quickly and efficiently:

Personal Information Protection Officer:

• Department: Administration Department
• Contact Person: Manager
• Phone Number: +82 10 6315 5860
• Email: kukdole@gmail.com

Article 31 (Remedies for Infringement of Rights)

1. Seeking Assistance for Personal Information Infringement: Data subjects can seek resolution or counseling for personal information infringement by applying to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center at the Korea Internet & Security Agency, or other related organizations. For further inquiries or to report personal information infringement, please contact the following agencies:

• Personal Information Dispute Mediation Committee: Phone: 1833-6972 (toll-free) Website: www.kopico.go.kr
• Personal Information Infringement Report Center: Phone: 118 (toll-free) Website: privacy.kisa.or.kr
• Supreme Prosecutors’ Office: Phone: 1301 (toll-free) Website: www.spo.go.kr
• Cyber Crime Investigation Unit, Korean National Police Agency: Phone: 182 (toll-free) Website: ecrm.cyber.go.kr

2. Company’s Commitment to Protection: The Company is dedicated to protecting the data subject’s right to personal information self-determination and offers support for counseling and remedies in case of personal information infringement. If you need to report or consult regarding any personal information issues, please contact the designated department mentioned in Paragraph 1.

3. Administrative Appeals: Under the Personal Information Protection Act, data subjects who have suffered an infringement of rights or interests due to actions or inactions by public agencies concerning their requests for access (Article 35), correction or deletion (Article 36), or suspension of processing of personal information (Article 37), may file an administrative appeal as prescribed by the Administrative Appeals Act:

• Central Administrative Appeals Commission: Phone: 110 (toll-free) Website: www.simpan.go.kr

Supplementary Provisions

Article 1 (Effective Date)

This Policy will take effect on July 01, 2024.