Privacy Policy of Guju Technology Co. Ltd.

Guju Technology Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses this privacy policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to handle complaints related to personal information swiftly and effectively.

1. Purpose of Personal Information Processing

The Company processes personal information for the following purposes. The collected personal information will not be used for purposes other than those stated below. If the purpose of use changes, necessary actions such as obtaining separate consent will be taken in accordance with Article 18 of the Personal Information Protection Act.

1) Membership Registration and Management

  • To verify intent to register as a member, provide member-exclusive services, verify identity, maintain and manage membership status, enforce identity verification policies, prevent misuse, verify parental consent for children under 14, issue notices and notifications, and process grievances.

2) Provision of Goods or Services

  • To deliver products, provide services, send contracts and invoices, offer customized content, authenticate identity and age, process payments and collections.

3) Handling Complaints

  • To verify the identity of complainants, check complaint details, conduct fact-finding, communicate notifications, and notify outcomes.

4) <Handling Specific Business-Related Personal Information>

  • <Personal information is processed in accordance with the purpose of the related processing task.>

2. Retention and Use Period of Personal Information

① The Company processes and retains personal information within the period agreed upon by the data subject or as required by law.

② Specific periods of retention and use are as follows:

1) Membership Registration and Management

  • Until the user withdraws from the website.
  • However, in the following cases, data will be retained until the reason is resolved:
    • Ongoing investigations or legal disputes
    • Remaining financial obligations related to website usage
    • <Exceptions>: <Retention Period>

2) Provision of Goods or Services

  • Until the completion of service delivery and payment processing.
  • Additionally:
    • Records under the Act on the Consumer Protection in Electronic Commerce:
      • Advertisement Records: 6 months
      • Contracts, Cancellations, Payments, Product Deliveries: 5 years
      • Consumer Complaints and Disputes: 3 years
    • Records under the Protection of Communications Secrets Act:
      • Call details and location tracking: 1 year
      • Internet log and access history: 3 months
    • Records under the Act on Promotion of Information and Communications Network Utilization:
      • Identity verification data: 6 months after content removal
    • <Legal basis for retention>: <Retention Period>

3) <Specific Business Purpose>: <Retention Period>

3. Rights of Data Subjects

① Data subjects may exercise the following rights at any time:

  1. Request to access personal information
  2. Request corrections for errors
  3. Request deletion
  4. Request suspension of processing

② Rights can be exercised in writing, via email, or fax using Form No. 8 of the Enforcement Rules of the Personal Information Protection Act.

③ If a correction or deletion is requested, the personal information will not be used or provided until the issue is resolved.

④ Rights may be exercised through a legal representative or delegate. In such cases, a power of attorney based on Form No. 11 of the Enforcement Rules must be submitted.

4. Items of Personal Information Processed

The Company processes the following personal information:

1) Membership Registration and Management

  • Required: Name, Date of Birth, Username, Password, Address, Phone Number, Gender, Email Address

2) Provision of Goods or Services

  • Required: Name, Date of Birth, Username, Password, Address, Phone Number, Email Address

3) <Business Task>

  • Required: Name, Date of Birth, Username, Phone Number, Email Address

4) <Business Task with Required Fields Only>

  • Required: Name, Date of Birth, Username, Phone Number, Email Address

5) Information automatically collected through service use

  • IP Address, Cookies, MAC Address, Usage Records, Visit History, Misuse Records, etc.

5. Destruction of Personal Information

① The Company promptly destroys personal information when it becomes unnecessary (e.g., retention period expiration, purpose fulfilled).

② When personal information must be retained due to other laws, it will be stored in a separate database or physical location.

③ Destruction Process and Method:

  • Process: The Company selects the personal information to be destroyed and proceeds after approval by the Chief Privacy Officer.
  • Method:
    • Electronically stored data is deleted using non-recoverable methods.
    • Paper records are shredded or incinerated.

6. Measures to Ensure Security of Personal Information

The Company implements the following security measures:

  1. Managerial Measures: Internal management plan, regular employee training
  2. Technical Measures: Access control, encryption of unique identifiers, security software installation
  3. Physical Measures: Access control for data centers and storage rooms

7. Personal Information Protection Officer

The Company appoints the following person as the Chief Privacy Officer:

Chief Privacy Officer

  • Name: Jaewon Jeong
  • Title: Senior Manager
  • Contact: (82) 031-704-0091 (7423)
    ※ Connects to the Personal Information Protection Department

Privacy Department

  • Department: HRM & Strategy
  • Person in Charge: Dami Kim
  • Contact: (82) 031-704-0091 (7424)

Data subjects can contact the department or officer for inquiries, complaints, or remedies regarding personal information issues.

8. Changes to This Privacy Policy

This Privacy Policy is effective as of January 20, 2016.