Privacy Policy Helix Solutions Co., Ltd. (hereafter, the “Company”) processes and safely manages personal information in accordance with the provisions of the “Personal Information Protection Act” and related laws to protect the freedom and rights of information subjects. Therefore, in accordance with Section 30 of the “Personal Information Protection Act”, we will guide information subjects on procedures and standards relating to the processing of personal information, and establish and disclose the following privacy policy in order to be able to handle grievances related to this quickly and smoothly.

[Table of Contents]

Article 1. Purpose of processing personal data
Article 2. Purpose of collection and use of personal information, collection items, retention and use period
Article 3 Provision of personal information to third parties
Article 4 Outsourcing of personal information processing
Article 5. Transfer of personal information overseas
Article 6 Destruction of personal information
Article 7. Rights, duties and exercise methods of data subjects and legal representatives
Article 8 Matters relating to the installation, operation, and rejection of automatic personal information collection devices
Article 9 Matters relating to collection, use, and rejection of behavioral information
Article 10 Measures to ensure the safety of personal information
Article 11 Personal Information Protection Officer and Responsible Department
Article 12 Remedies for Infringement of Rights
Article 13 Notice of changes to the Privacy Policy

Article 1. Purpose of processing personal data

The company collects and processes minimal personal information for the following purposes. The personal information being processed will not be used for purposes other than the following purposes, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent in accordance with Section 18 of the “Personal Information Protection Act.”

1. Platform membership registration and service use management We process personal information for the purpose of confirming membership registration intentions, identifying and authenticating identity in accordance with the provision of membership services, maintaining and managing membership qualifications, verifying the consent of a legal representative when collecting personal information from children under the age of 14, verifying the consent of a legal representative when applying for professional conversion under the age of 19, various notices and notifications related to service use, handling grievances, and maintaining records for dispute resolution.

2. Complaint processing Personal information is processed for the purpose of verifying the identity of the complainant, confirming the complaint, contacting and notifying for factual investigation, and notification of processing results.

3. We process personal information for the purpose of delivering goods or services, providing services, sending invoices, providing content, providing customized services, verifying identity, age verification, payment and settlement of fees, and debt collection.

4. Use in marketing and advertising We process personal information for the purpose of developing new services (products) and providing customized information services, providing event and advertising information and participation opportunities, providing services and advertising based on demographic characteristics, checking the effectiveness of services, identifying the frequency of access, or statistics and surveys on members' use of services.

Article 2. Purpose of collection and use of personal information, collection items, retention and use period

1. The company collects and uses only the minimum information necessary to provide services, and does not collect information (such as ideas and beliefs, political tendencies, criminal records, or other social activity experiences) that may clearly infringe on the rights, interests, or privacy of the data subject.

2. The company processes personal information as follows:

3. If a member uploads personal information not requested by the company to the platform, the company does not use the information and is not responsible for managing it.

4. The following information can be automatically generated and collected during the use of the company's services: Service usage records, date and time of access, IP address, bad usage records, device information (OS version, UDID), cookies, and advertising IDs

5. When collecting personal information, the company divides the minimum personal information required to provide services as 'required items' and other personal information into 'optional items' and establishes a procedure for individually agreeing to this. The company does not refuse to provide the service because the user does not provide personal information other than the minimum required personal information.

Article 3 Provision of personal information to third parties

1. The company processes the personal information of the data subject only within the scope specified in the purpose of processing personal information, and provides personal information to a third party only with the consent of the data subject or when there is a special provision in the law, such as falling under sections 17 and 18 of the “Personal Information Protection Act”, and does not provide it to any other third party.

2. The criteria for determining additional use or provision without the consent of the data subject in accordance with relevant laws and regulations are as follows: 1) Relevance to the original purpose of collection 2) Predictability of additional use or provision of personal information in light of the circumstances or processing practices in which personal information was collected 3) Unjustifiability of infringement of the data subject's interests 4) Whether measures are taken to ensure safety, such as pseudonymisation or encryption

3. If personal information is pseudonymized, relevant information is posted on the company website or individual service website to guide the data subject so that it can be confirmed.

Article 4 Outsourcing of personal information processing

1. In order to facilitate the processing of personal information, the company entrusts the processing of personal information as follows.

2. When signing a contract of entrustment, the company specifies matters relating to liability such as prohibition of processing of personal information other than the purpose of performing outsourced work, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and compensation for damages in accordance with Article 26 of the “Personal Information Protection Act”, and supervises whether the trustee processes personal information safely.

3. In accordance with Article 26 (6) of the “Personal Information Protection Act”, if the trustee re-entrusts the processing of personal information to our company, we have obtained the consent of the company.

Article 5 Destruction of personal information

As a general rule, members' personal information is destroyed without delay when the purpose of collecting and using personal information is achieved.

If personal information must continue to be preserved in accordance with internal policies or other laws and regulations even after the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information is moved to a separate database (DB) or stored in a different storage location.

The company's procedures and methods for destroying personal information are as follows.

1. Personal Information Destruction Procedure and Method
1) Destruction procedure Information entered by members to use services etc. is transferred to a separate DB after the purpose is achieved (in the case of paper, a separate document box) and stored for a certain period of time for information protection reasons based on internal policies and other relevant laws and regulations, and then destroyed. Personal information transferred to a separate DB will not be used for other purposes unless required by law, and if personal information is entrusted to a third party, the trustee is also instructed to destroy it.
2) Destruction deadline A member's personal information is destroyed within 5 days from the end date of the retention period if the personal information retention period has elapsed, and within 5 days from the date the processing of personal information is deemed unnecessary when the personal information becomes unnecessary, such as achieving the purpose of processing the personal information, abolition of the relevant service, or termination of the business.
3) Destruction method Personal information recorded and stored in the form of electronic files of members is destroyed using technical methods that cannot reproduce records, and personal information recorded and stored in paper documents is destroyed by crushing or incinerating with a shredder.

2. If held in accordance with internal policies

※ Unauthorized use? Unauthorized use means that a member who is in the process of taking action due to prohibited acts in accordance with the service operation policy arbitrarily terminates the contract of use and re-subscribes, or repeatedly unsubscribes for fraudulent purposes.

3. When preserved in accordance with relevant laws

Article 6. Rights, duties and exercise methods of data subjects and legal representatives

2. The data subject must be careful not to leak personal information such as ID and password, and cannot transfer or rent dog identification information and account information to third parties.

2. The data subject must be careful not to leak personal information such as ID and password, and cannot transfer or rent dog identification information and account information to third parties.

3. Information subjects must comply with other laws relating to personal information, such as the “Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.” and the “Personal Information Protection Act.”

4. The data subject can exercise the right to view, correct, delete, stop processing, and request withdrawal of personal information (hereinafter referred to as “exercise of rights”) against the company at any time.

5. Rights can be exercised in writing, e-mail, etc. against the company in accordance with Article 41 (1) of the Enforcement Decree of the “Personal Information Protection Act”, and the company will take action without delay. The data subject can view and modify the registered personal information at any time (Account Settings> My Information), and may also request the deletion of information and suspension of processing (Account Settings> My Information> Member Withdrawal). However, in such cases, it may be difficult to use some or all of the services.

6. We operate a customer center for smooth communication regarding users' rights exercise inquiries, and if you make an inquiry through a multi-negative contact number, we will take action without delay.

7. The data subject's rights can also be exercised through an agent such as the data subject's legal representative or an authorized person. In this case, you must submit proof that you are a legal representative or a power of attorney in accordance with the “Notice on How to Handle Personal Information” Attachment No. 11 form.

8. As a general rule, the company does not collect personal information from children under the age of 14 requiring the consent of a legal representative. As an exception, if it is necessary to collect personal information from children under the age of 14, the courts guarantee Lee's legal rights. (Children's right to view, correct, delete, and request suspension of processing of personal information)

Article 7 Matters relating to the installation, operation, and rejection of automatic personal information collection devices

1. The company uses “cookies (cookies)” that store usage information and retrieve it from time to time in order to provide individual customized services to customers.

2. A cookie is a small amount of information sent to the customer's computer browser by the server (http) used to run a website, and is also stored on the customer's PC or mobile.
1) Collected information: Service usage information such as IP address, access log, usage tent, etc.
2) Purpose of use: Identifies the usage type of each service and website visited by the customer, provides optimized information to the customer, and uses it as a measure for service reorganization, etc.
3) Customers can refuse to use cookies. However, if you refuse, it may be difficult to use the customized service.
4) How to refuse cookie settings ① Allow/block cookies in a web browser - Chrome (Chrome): Web browser settings > Privacy and security > Delete browsing history - Edge (Edge): Web browser settings > Cookies and site permissions > Manage and delete cookies and site data ② Allow/block cookies in mobile browsers - Chrome (Chrome): Mobile browser settings > Privacy and security > Delete browsing history - Safari (Safari): Mobile device settings > Safari > Advanced > Block all cookies - Samsung Internet: Mobile browser settings > Internet usage history > Delete all cookies

Article 8 Measures to ensure the safety of personal information

The company limits the company's personal information processors to a minimum in accordance with Article 29 of the Personal Information Protection Act, and recognizes the importance of personal information protection through technical measures as well as management measures such as training for personal information processors.

1. Technical measures
1) Members' personal information is protected by a password, and important data is protected by a separate security function by encrypting files and transmitted data or using a file lock function (Lock).
2) Members' passwords are stored and managed with one-way encryption, and personal information can only be checked and changed by the person who knows the password.
3) The company uses anti-virus programs to take measures to prevent damage caused by computer viruses. The anti-virus program is updated periodically, and in the event of a sudden virus, the vaccine is provided as soon as it is released to prevent personal information from being violated.
4) The company has adopted a security device (SSL, etc.) that can securely transmit personal information on a network using cryptographic algorithms.
5) The company is making every effort to ensure security by using intrusion prevention systems and vulnerability analysis systems for each server in preparation for external intrusions such as hacking.

2. Administrative measures
1) The company limits members' access to personal information to a minimum number of people. The minimum number of persons is as follows: - A person who performs marketing work directly with members- A person who performs personal information protection tasks such as a person responsible for personal information protection and the person in charge of personal information- A person whose handling of personal information is unavoidable due to other tasks
2) We conduct regular in-house training and outsourced training for employees who handle personal information about learning new security techniques and personal information protection obligations.
3) At the time of employment, we have established internal procedures to prevent information leakage by humans in advance through a security agreement and to audit implementation of personal information protection regulations and employee compliance.
4) The handover of work by personal information handlers is carried out thoroughly while security is maintained, and responsibilities for personal information incidents after joining and leaving the company have been clarified.
5) The Company is not responsible for issues related to personal information caused by individual member mistakes or reasons not attributable to the Company. Each member must properly manage and take responsibility for their own ID and password in order to protect their personal information.
6) If personal information is lost, leaked, altered, or damaged due to other internal manager mistakes or technical management accidents, the company will immediately notify the facts and take appropriate measures and compensation.

Article 9 Remedies for Infringement of Rights

1. The company guarantees the data subject's right to self-determination of personal information and strives for consultation and damage relief due to personal information infringement. If a report or consultation is required, please contact the department in charge below.

2. Information subjects can apply for dispute resolution or consultation at the Personal Information Dispute Mediation Committee and the Korea Internet Security Agency's Personal Information Infringement Report Center in order to receive relief due to personal information infringement. In addition, please contact the following organizations for other reports and consultations of personal information infringement.
- Privacy Infringement Report Center: (without country code) 118 (https://privacy.kisa.or.kr/)
- Personal Information Dispute Mediation Committee: (without country code) 1833-6972 (https://kopico.go.kr/)
- Grand Prosecutor's Office: 1301 (without country code) (https://spo.go.kr/)
- National Police Agency: (without country code) 182 (https://ecrm.police.go.kr/)

Article 10 Changes to the Privacy Policy

1. This privacy policy is applied from the effective date, and the company will notify the revised details in advance through notices, etc.
2. However, if the revised content is an important change that may affect the customer's valuable rights or obligations, we will notify you at least 30 days in advance through a notice or the like.
3. The previous privacy policy can be found in the “Documents in this section” on this page.