UNIICT Inc. (hereinafter referred to as “the Company”) adheres to the personal information protection regulations prescribed in laws relevant to information and communications service providers, such as the “Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.,” “Protection of Communications Secrets Act,” “Telecommunications Business Act,” “Personal Information Protection Act,” etc. The Company has established a personal information processing policy based on these laws and is dedicated to protecting the rights and interests of users.
Article 1 (Personal Information Collected and Method of Collection)
①The Company collects the following personal information from users for membership registration and management, providing various services, handling grievances smoothly, and providing personalized services:
Email address, Password
② In addition to the personal information items specified in paragraph 1, information such as IP Address, cookies, visit time, service usage records, bad usage records, device information, and location information may be collected during the service usage or app execution process. Email addresses or phone numbers may also be collected during the process of receiving and handling customer inquiries.
③ In the process of using the services provided by the Company, the user's identification and verification of identity, age verification may require the collection of name, date of birth, gender, domestic/foreign information, mobile phone number or I-PIN number, encrypted personal identification information (CI), duplicate membership check information (DI). In the case of minors, information about legal guardians may be automatically generated and collected.
④ The Company does not collect sensitive personal information (such as race, ideology, creed, political inclination, criminal record, medical information, etc.) that may infringe on the basic human rights of users. Even if a user does not enter optional information, there is no restriction on using the basic services provided by the Company.
⑤ The Company will not use the collected personal information for purposes other than those for collection and, if the purpose of collection and use changes, will obtain separate prior consent from the user.
⑥The Company may collect personal information of users in the following ways:
- Website, mobile devices, written forms, fax, phone, consultation boards, email, event participation, delivery requests.
- Collection through tools that generate information.
Article 2 (Purpose of Using Collected Personal Information)
The Company uses information collected from users for the following purposes:
- To facilitate membership registration, smooth customer consultation, provision of services promised to users, authentication of identity for service provision, purchase and payment of fees, provision of service usage history by the Company, registration of payment methods, etc.
- To confirm the intention of membership registration, verify age, proceed with the consent of legal representatives, identify users and legal representatives, confirm the intention of membership withdrawal, handle inquiries or complaints, etc., for member management.
- To take measures against users who violate laws and policies set by the Company (including Terms of Service), prevent and sanction unauthorized acts including fraudulent use, prevent account theft and fraudulent transactions, deliver notifications, preserve records for dispute resolution, etc., to protect users and ensure stable operation of the service.
- To provide services based on demographic characteristics, analyze access frequency, improve features, use statistics on service usage, and provide new services reflecting users' tendencies, interests, and usage history analysis based on service and purchase (payment) analysis.
- To use for the purpose of events and promotions, such as providing event information and advertising (when consent is given for marketing and advertising information provision).
Article 3 (Retention and Use Period of Personal Information)
The Company principally retains users' personal information until the user withdraws from membership. However, the Company will retain the information for the following specified periods even after membership withdrawal for purposes such as preventing transaction-related disputes:
- Reasons for Retention of Personal Information According to the Company's Internal Policy:
- Record of Improper Use (Improper use includes transactions that violate the policies set by the Company, including terms and conditions, or transactions that infringe on the rights or interests of the Company, members, or third parties, and transactions analogous to these).
Reason for Retention: Management and action against improper use.
Retention Period: 1 year.
- In cases where investigations or inquiries due to violations of related laws are ongoing against the user: Until the completion of the investigation or inquiry.
- If a debt or credit relationship remains between the Company and the user: Until the settlement of the debt or credit relationship.
- The Company will retain users' information for certain periods as stipulated by related laws when necessary. The Company will use this retained information only for the purpose of retention, and the retention periods are as follows:
- Records of consumer complaints or dispute resolution
Reason for Retention: Act on Consumer Protection in Electronic Commerce, etc
Retention Period: 3 years
- Records related to contracts or withdrawal of offers
Reason for Retention: Act on Consumer Protection in Electronic Commerce, etc
Retention Period: 5 years
- Records of payment and supply of goods
Reason for Retention: Act on Consumer Protection in Electronic Commerce, etc
Retention Period: 5 years
- Records of service use and access log
Reason for Retention: Protection of Communications Secrets Act
Retention Period: 3 months
Article 4 (User's Rights and Obligations)
①Users have the following rights:
- Users can request access to, correction, deletion, or suspension of processing of their personal information at any time from the Company and can withdraw their consent to the use of personal information through the membership withdrawal process. The Company will verify whether the person making the request is the user or a legitimate representative.
- The exercise of rights mentioned above “1.” can be made in writing, via email, fax, etc., to the Company, and the Company will respond promptly. However, changes to the name, resident registration number, or foreign registration number cannot be made, except in cases of legal name changes or administrative issues requiring changes to resident (business) registration numbers.
- The Company may refuse requests for suspension of personal information processing in cases such as the following:
- When there are special provisions in the law or for compliance with legal obligations.
- When there is a risk of harming another person's life or body or unfairly infringing upon the property and other interests of others.
- When it is difficult to perform the contract with the information subject, such as not being able to provide the agreed service, and the information subject has not clearly expressed their intention to terminate the contract.
- The rights exercise in “1.” can be performed through a legal representative or authorized agent of the user. In this case, a power of attorney according to the form No. 11 of the Enforcement Rule of the Personal Information Protection Act must be submitted.
- Requests for access to and suspension of processing of personal information may be restricted as per related laws.
- Requests for correction and deletion of personal information may not be made if the personal information is specified as a collection target in other laws. If a request for correction of personal information errors is made, the Company will not use or provide the personal information until correction is completed, except when requested to provide the personal information as per other laws. If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction process to ensure that the correction is made.
- The Company restricts membership registration for children under the age of 14 to protect their personal information.
② Users can exercise the following rights regarding their personal information:
- Request access to and correction of their personal information, withdraw consent, refuse consent, and have the right to withdraw membership.
- Scope of access and correction of personal information:
- Personal information held by the Company.
- Personal information used by the Company or provided to third parties.
- The status of consent for collection, use, and provision of personal information.
- Methods to exercise the right to access, correct personal information, withdraw consent, and refuse consent to the transmission of advertising information:
- Users can contact the Company's customer service center on the platform to exercise their right of refusal.
[Customer Service Center]
Email: email@example.com / Phone: 031-829-1011
* Operating hours are as follows, and is closed on weekends/public holidays:
Weekdays 10:00 – 17:00 (Lunch 12:00 – 13:00)
- Membership Withdrawal:
- Users can withdraw their membership following the procedure set by the Company on the platform.
③ Users have the responsibility to protect their personal information:
- Users must keep their personal information up to date, and any issues arising from inaccurate information provided are the user's responsibility.
- The Company is not liable for the disclosure of personal information due to the user's carelessness or internet problems beyond the Company's control, despite reasonable care, such as transfer, lending, loss of email, password, access media, or leaving the device unattended while logged in.
- Users must be careful not to disclose their personal information, such as email and password, to third parties and not transfer or lend them to others. The Company is not liable for losses due to user's negligence.
- Members who use the service by stealing another person's personal information may lose their membership and be penalized according to relevant laws.
- Users must comply with this policy and relevant laws regarding personal information.
Article 5 (Provision of Personal Information to Third Parties)
①The Company does not provide or disclose users' personal information to third parties or externally beyond the scope of collection and usage purposes, in principle. However, if there is a need to share personal information with partners for better service provision, the Company will notify users of the recipient, purpose, items of information provided, and the period of use and retention, and obtain consent. Also, personal information may be provided in accordance with the stipulations of laws or upon the request of investigation agencies for investigation purposes as defined by law.
②The Company will not use users' personal information for purposes other than the services provided by the Company or provide it to third parties without the user's consent. If there is a need to provide it to third parties, the Company will notify users and obtain separate consent, except in the following cases:
- If required by law or requested by investigation agencies for investigation purposes as per the procedure and method defined by law.
- In cases of statistical work, academic research, market research, or when provided in a form that cannot identify specific individuals, including sending information and notification emails.
- If the user has given prior consent.
Article 6 (Consignment of Personal Information Processing)
①For the purpose of providing smooth services and enhancing service quality, the Company may outsource part of its related tasks to external companies. When consigning personal information processing tasks to external companies, the Company takes measures to protect users' personal information by stipulating compliance with personal information protection-related laws, confidentiality of personal information, prohibition of provision to third parties, responsibility in case of accidents, consignment period, and obligation to destroy personal information after processing, through contracts and other means, and supervises the compliance of these measures.
②The Company consigns personal information processing as follows for service improvement and effective task management:
Contents of Consignment Tasks
Personal Information Retention and Usage Period
Amazon Web Services Korea LLC
Data storage and infrastructure management or cloud service usage
Until the user withdraws from membership or the consignment contract ends
③If there is a change in the contents of personal information processing consignment or the consignee, the Company will immediately disclose this through the personal information processing policy, substituting this disclosure as consent for the consignment.
Article 7 (Procedure and Method for Destruction of Personal Information)
①The Company will destroy personal information without delay once the purpose of its collection and use has been achieved. However, under the 'Personal Information Validity Period System,' the Company destroys or separately stores and manages the personal information of users who have not used the service for one year.
②The procedure and method for the destruction of personal information are as follows:
- Destruction Procedure: Information entered by users, such as for membership registration, is transferred to a separate DB after its purpose is achieved (paper records are transferred to a separate document box) and is stored for a certain period according to internal policies and other related laws (refer to retention and usage period) before being destroyed. This personal information is not used for any purpose other than retention unless required by law.
- Destruction Method: Personal information recorded and stored on paper is destroyed by shredding or incineration. Personal information stored in electronic file format is deleted using technical methods that make records unrecoverable.
Article 8 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
①The Company uses 'cookies' and similar technologies to store and frequently retrieve users' information for smooth service provision. Cookies are very small text files sent to the user's browser by the server used to operate the website and may be stored on the user's computer hard disk.(definition of cookie).
③Users have the choice regarding the installation of cookies. Therefore, users can set their web browser to allow all cookies, to check each time a cookie is saved, or to refuse all cookies. However, if the user refuses the installation of cookies, there may be difficulties in using some services that require login.
④To refuse cookie settings, users can choose the option in their web browser to allow all cookies, to check each time a cookie is saved, or to refuse all cookies.
Article 9 (Company's Efforts to Protect Personal Information)
①The Company implements technical and administrative measures to ensure the safety of users' personal information and prevent it from being lost, stolen, leaked, altered, or damaged. These measures include:
- Regular Self-Audits: Conducting regular self-audits to secure the safety of personal information handling.
- Minimizing and Training Personnel Handling Personal Information: Designating and limiting the number of employees handling personal information and implementing measures to manage it.
- Establishing and Implementing an Internal Management Plan: Developing and implementing an internal management plan for the safe processing of personal information.
- Technical Measures against Hacking: Installing security programs to prevent personal information leakage and damage due to hacking or computer viruses.
- Encryption of Personal Information: Encrypting user's personal information and passwords for storage and management, and using separate security functions such as encrypting files and transmission data or using file lock functions for critical data.
- Storage and Prevention of Tampering with Access Records: Storing access records to the personal information processing system for at least  months and using security functions to prevent tampering, theft, or loss.
- Restricting Access to Personal Information: Implementing necessary measures for access control by granting, changing, and revoking access rights to the database system processing personal information, and controlling unauthorized access from outside.
- Using Locking Devices for Document Security: Storing documents and auxiliary storage media containing personal information in a secure location with locking devices.
②Despite the measures in paragraph 1, the Company is not responsible for any problems caused by the user’s own intentional or negligent actions or issues on the Internet leading to the exposure or leakage of personal information, such as email and passwords.
Article 10 (Personal Information Protection Officer and Contact Information)
The Company has designated a Personal Information Protection Officer to gather opinions and handle complaints regarding personal information as follows. Users can report any inquiries, complaints, and requests for relief related to personal information protection while using the Company's services to the Personal Information Protection Officer or the responsible department. The Company will respond and address these queries and reports promptly.
<Personal Information Protection Officer>
For further assistance or consultation regarding personal information infringement, users are advised to contact the following organizations:
- Personal Information Infringement Report Center (www.1336.or.kr / Dial 118 without area code)
- ePRIVACY Mark Certification Committee (www.eprivacy.or.kr / 02-580-0533~4)
- Supreme Prosecutors' Office Cybercrime Investigation Center (www.spo.go.kr/minwon / Dial 1301 without area code)
- Cyber Terror Response Center, Korean National Police Agency (www.ctrc.go.kr / 02-392-0330)
- Personal Information Dispute Mediation Committee (cyberbureau.police.go.kr / 1833-6972)
Article 11 (Duty of Notification)
The Company will notify users through announcements on the platform at least 7 days prior to any addition, deletion, or modification of the current personal information processing policy. However, in cases of significant changes affecting the rights of members, such as changes in the collection and use of personal information or provision to third parties, the Company will provide notice at least 30 days in advance.
Article 12 (Miscellaneous)
②Matters or definitions not specified in this policy will be interpreted and applied in accordance with the policies such as the Terms of Service of the service.
This policy is effective and applicable from December 1, 2022.