Privacy Policy

Updated date. 2023.05.10
Veluga Inc. (hereinafter referred to as the "Company") is in compliance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
The Company has the following processing policy to protect users' personal information and rights and interests in accordance with the Personal Information Protection Act and to smoothly handle users' grievances related to personal information.
If we revise the Privacy Policy in the future, we will notify you through the website notice (or individual notice).
Article 1. Purpose of Personal Information Processing The company is making every effort to protect personal information safely and store it in accordance with the policy of not infringing upon rights and interests. Personal information is used for membership registration, smooth customer consultation, provision of paid services, etc. Through the privacy policy, the company aims to transparently provide information related to "personal information protection," such as what information the company collects, how the collected information is used, with whom it is shared ("outsourcing or provision") if necessary, when and how the information that has achieved its purpose of use is destroyed. In the future, if there are revisions to the terms of service and additional collection of personal information related to the privacy policy, the revised content will be easily announced through website notices or individual notifications via email.
Article 2. Items and Methods of Personal Information Collection The company collects personal information through membership registration, and the specific items and methods of collecting personal information are as follows:
1.
Mandatory input items of personal information
a.
During membership registration: Email information
b.
During payment: Card information, name
2.
The following information may be automatically generated and collected during the process of using the service or business processing:
a.
Service usage records, access logs, cookies, access IP information
3.
Additional information that users directly enter may be collected for irregular event participation and the use of additional services.
4.
User-uploaded data with user consent may be utilized for service improvement. In this case, it is assumed that the user holds the copyright to the uploaded data.
a.
The data will not be provided, disclosed, shared with third parties, or used for AI training purposes.
Article 3. Purpose of Personal Information Collection and Use The company explicitly states that it utilizes the personal information of members collected through membership registration for the following purposes:
1.
Mandatory input items of personal information (Membership registration)
a.
SNS email
When registering through SNS, the platform provides the account information (email) registered during membership registration.
Personal information is processed for purposes such as confirming the intention of membership registration, maintaining and managing membership qualifications, identity verification in accordance with limited self-verification requirements, various notifications, and announcements.
The email provided during membership registration is used as the member ID, and important notices, news about new services and feature updates, various events, and promotional information are provided via that email address.
2.
Optional input items of personal information (Separate notice, selective collection via email)
a.
Age, gender, address, contact information, occupation, registration path, usage purpose, usage frequency, etc.
Information is collected through separate procedures such as service surveys conducted through the website, email, etc. The collected information is used as reference materials necessary for service operation.
3.
The following information may be automatically generated and collected during the process of using the service or business processing:
a.
Service usage records, access logs, cookies, access IP information
The usage records of members who use the services provided by the company are stored as data.
The data items mentioned above are processed for purposes such as the development of new services (products), provision of customized services, provision of event and promotional information, confirmation of service validity, determination of access frequency, statistics on member service usage, etc.
When it is necessary to confirm usage records such as account theft or personal information verification, the information is used to identify your data for the purpose of identity verification and prevention of unauthorized use.
Article 4. Consent for Personal Information Collection When registering as a member, the company ensures that you can sufficiently review the privacy policy and creates an environment for you to join after giving your consent. All members who have completed the membership registration are considered to have agreed to all the personal information collection procedures and purposes.
Article 5. Retention and Use Period of Personal Information The company processes and retains personal information within the period of personal information retention and use agreed upon when collecting personal information in accordance with the law. The specific periods for the retention and use of each personal information are as follows:
1.
Records related to contracts or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
2.
Records of payment and supply of goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
3.
Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
4.
Records of display and advertising: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)
5.
Website visit records: 3 months (Telecommunications Business Act)
6.
Even in the absence of legal grounds, personal information may be retained when necessary to prevent significant losses for the company or for the purposes of crime prevention, litigation, etc. However, only the minimum necessary period and items are retained for such purposes.
a.
Identification information for preventing re-registration in the case of membership withdrawal
b.
Identification information for refusal of transactions in the case of expulsion from membership due to the terms of service
7.
According to the personal information validity period, the personal information of a member who has not used the service for 1 year is separately stored or destroyed. The separately stored personal information is destroyed without delay after being retained for 4 years. Regarding this separate storage or destruction, the member is notified by email 30 days before the expiration of the 1-year period, including the fact that personal information is being separately stored or destroyed, the expiration date, and the items of personal information to be destroyed.
Article 6. Procedure and Method of Personal Information Destruction The company promptly destroys personal information when the purpose of personal information processing has been achieved. The procedure and method of destruction are as follows:
1.
Destruction Procedure:
The information provided by users is transferred to a separate database (in the case of paper, a separate document) and stored for a certain period according to internal policies and other relevant laws before being destroyed immediately. Personal information transferred to the database is not used for any other purpose unless required by law.
2.
Destruction Method:
Electronic files are destroyed using technical methods that prevent the reproduction of records.
Personal information printed on paper is destroyed by shredding or incineration.
Article 7. Provision of Personal Information The company generally does not provide users' personal information to external parties. However, exceptions are made in the following cases:
1.
When users have given prior consent.
2.
When required by law or by investigative agencies for the purpose of investigation.
Article 8. Outsourcing of Personal Information
1.
When outsourcing the processing of personal information for smooth personal information management, the company discloses it through the privacy policy.
2.
When entering into an outsourcing agreement, the company specifies in the contract or other documents the matters regarding the prohibition of processing personal information for purposes other than the performance of the outsourced tasks, technical and administrative protective measures, limitations on re-outsourcing, and management and supervision of the entrusted party, as well as liability for damages, in accordance with Article 26 of the Personal Information Protection Act.
3.
In the event of a change in the content of the outsourced tasks or the entrusted party, it will be promptly disclosed through this privacy policy.
Article 9. Rights of Users and Legal Guardians and their Exercise Methods
1.
Users and legal guardians have the right to access or modify their own personal information or the personal information of children under the age of 14 registered in their care, and they may also request the termination of their membership. If a member sends a withdrawal request email to the customer center, the company will confirm the member's identity and process the withdrawal.
2.
The company handles terminated or deleted personal information upon the request of the user or legal guardian in accordance with the provisions of "Article 5. Retention and Use Period of Personal Information" and ensures that it cannot be accessed or used for any other purpose.
3.
If the right in Paragraph 1 is to be exercised through a representative such as a legal guardian, a power of attorney according to the format prescribed in Annex 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
4.
The right to access personal information and request its suspension may be restricted under Article 35, Paragraph 5 and Article 37, Paragraph 2 of the Personal Information Protection Act. Correction and deletion requests may not be accepted if the personal information is specified as a collection target under other laws.
Article 10. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices The services provided by the company use 'cookies' to store and retrieve usage information in order to provide individualized customized services. Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser and may be stored on the user's PC hard disk.
1.
Purpose of using cookies: Cookies are used to track and analyze the visit and usage patterns of users on various services and websites, popular search terms, and secure connections, in order to provide users with optimized information.
2.
Installation, operation, and rejection of cookies: You can refuse to store cookies by setting the options in the Tools > Internet Options > Privacy menu of your web browser.
3.
Refusal to store cookies may cause difficulties in using the service.
Article 11. Measures for Ensuring the Security of Personal Information The company takes the following technical, managerial, and physical measures necessary to secure the safety of personal information in accordance with Article 29 of the Personal Information Protection Act.
1.
Minimization and education of personal information handling employees The company implements measures to minimize the handling of personal information by designating and limiting the employees responsible for handling personal information and providing them with education on personal information management.
2.
Technological measures to prevent hacking The company installs security programs, performs regular updates and inspections, and sets up systems in restricted areas with controlled access from external sources to prevent the leakage and damage of personal information caused by hacking or computer viruses.
3.
Encryption of personal information The personal information of users is stored and managed in an encrypted form, and important data is protected using additional security measures such as encryption of files and transmission data or file locking features that only the individual can access.
4.
Access restrictions to personal information The company controls access to personal information through measures such as granting access rights only to authorized personnel, installing an access control system, and periodically reviewing and updating access permissions.
5.
Secure data transmission When transmitting personal information over networks or through electronic means, the company uses encryption protocols such as SSL (Secure Sockets Layer) to ensure the secure transmission of data.
6.
Measures to prevent unauthorized access The company implements measures to prevent unauthorized access to personal information, such as establishing and enforcing strict access control policies, using firewalls and intrusion detection systems, and monitoring and blocking access attempts.
7.
Regular security audits The company conducts regular internal security audits to assess the effectiveness of security measures and identify and address any vulnerabilities or risks related to the handling of personal information.
Article 12. Notification of Changes to the Privacy Policy This privacy policy is effective from the date of implementation, and in the event of additions, deletions, or modifications to the policy in accordance with laws and regulations, the company will notify the changes through the notice board at least 7 days prior to their implementation.
Article 13. Personal Information Management Officer and Contact Person The company takes overall responsibility for the processing of personal information and has designated a personal information protection officer to handle complaints, remedies, and other matters related to the processing of personal information. The following individuals are appointed as the personal information protection officer and contact person:
1.
Personal Information Management Department: Customer Support Team
2.
Personal Information Management Officer:
Name: Lee Sang-yeon
Users can contact the personal information protection officer and the designated department for any inquiries, complaints, or requests related to the protection of personal information arising from the use of the company's services. For reporting or consulting on other personal information infringements, please contact the following organizations:
Personal Information Infringement Report Center (https://privacy.kisa.or.kr/kor/main.jsp / 118 without an area code)
Cyber Crime Investigation Unit, Supreme Prosecutors' Office (http://www.spo.go.kr / 02-3480-2000)
Cyber Safety Bureau, National Police Agency (http://cyberbureau.police.go.kr / 182 without an area code)
This policy will be effective from June 1, 2023.