Wepware Co., Ltd. (hereinafter referred to as “Wepware” or the "Company") has the following processing practices, such as to protect the User's privacy and rights in accordance with the Privacy Act and smoothly to handle a User's grievances with respect to personal information.
When the Company revises its privacy policy, it will be notified through website notices (or individual notices).

○ This policy will take effect from September 1, 2020.

The table of contents of this privacy policy is as follows.
① Purpose of Processing Personal Information (Required)
② Personal Information Processing and Retention Period (Required)
③ Entrustment of Personal Information Processing (If Applicable)
④ Rights and Duties of the Information Subject and Legal Representative and Exercising Those Rights (Required)
⑤ Create the Items of Personal Information to Be Processed (required)
⑥ Destruction of Personal Information (Required)
⑦ Measures to Ensure the Stability of Personal Information (Required)
⑧ Matters Concerning the Installation, Operation and Rejection 
of Automatic Personal Information Collection Devices (required)
⑨ Personal Information Protection Officer (Required)
⑩ Remedy for Infringement of Rights and Interests (optional)
⑪ Change of Privacy Policy (required)

1. Purpose of Processing Personal Information

① The Company processes Users' personal information for the following purposes. 
1) Website membership registration and management      
2) Provision of goods or services      
3) Use for marketing and advertising      
4) Crime prevention and investigation      
② The processed personal information is not used for purposes other than the following purposes, and prior consent will be sought if the purpose of use is changed.

2. Personal Information Processing and Retention Period

① The Company processes and retains personal information within the period of retention and use of personal information in accordance with laws and regulations or agreed upon when collecting personal information from the information subject. 
② Each personal information processing and retention period is as follows. 
	
1. Website membership registration and management: Until Wepware website withdrawal
However, in the case of any of the following reasons, until the end of the reason
1) If an investigation in violation of related laws is in progress, until the end of the investigation      
2) In the case of the remaining bond/debt relationship due to the use of Wepware service, until the settlement of the relevant bond/debt relationship      
3) In the case of prevention of re-registration of bad members, prevention and response of illegal use, up to 6 months from the date of withdrawal and suspension of use of members      

2. Provision of goods or services: Until the supply of goods and services is completed and payment and settlement of fees are completed
However, in the case of any of the following reasons, until the end of the reason
1) Records on transactions, such as display, advertisement, contract details and performance in accordance with the 「Act on the Consumer Protection, in Electronic Commerce, etc.」
- Records on the displays, advertisement: 6 months
- Records on the contract or withdrawal of subscription, payment, supply of goods, etc.: 5 years
- Records on the consumer complaints or dispute settlement: 3 years
2) Storage of communication confirmation data pursuant to Article 41 of the 「Protection of Communications Secrets Act」
- Login information: 3 months
3) Storage of identification information pursuant to Decree No. 29 in accordance with the 「Act on the Information Communications Network」: 6 months after the information posted on the bulletin board is ended 

3. Entrustment of Personal Information Processing

① The Company entrusts the minimum tasks to specialized companies for providing services such as payment processing etc., in accordance with the relevant laws and regulations, it stipulates necessary matters to ensure that personal information can be safely managed during consignment contracts.   
- One pay: payment processing
② The Company shall set out responsibility in documents such as contracts in accordance with Article 25 of the Personal Information Protection Act when signing a consignment contract regarding prohibition of personal processing, technical and administrative protection measures, restrictions on re-consignment, management and supervision of consignees, compensation for damages, etc. and oversee the handling of personal data by trustees. 
③ If the contents of the consignment business or the consignee change, we will disclose it through this privacy policy without delay.

4. Rights and Duties of the Information Subject and Legal Representative and Exercising Those Rights

As a subject of personal information, Users can exercise the following rights.
① The information subject can exercise the right to the Company at any time such as accessing, correcting, deleting, and requesting suspension of processing of personal information.
② The exercise of rights under paragraph 1 can be made to the Company through written, e-mail, facsimile(FAX), etc. in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
③ The exercise of rights pursuant to Paragraph 1 can be done through the legal representative of the information subject or through an agent such as a person who has been delegated. In this case, User must submit a power of attorney in accordance with the form of Attachment 11 of the Enforcement Regulations of the Personal Information Protection Act.
④ The rights of the information subject may be restricted according to Article 35 (5) and Article 37 (2) of the Personal Information Protection Act for requests to view and suspend personal information.
⑤ Request for correction and deletion of personal information cannot be requested if the personal information is specified as the object of collection in other laws.
⑥ The Company verifies whether the person who made the request, such as a request for access according to the rights of the information subject, request for correction or deletion, or request for suspension of processing, is the person who made the request or a legitimate agent. 

5. Create Items of Personal Information to Process

① The Company is also processing the following personal information items. 
1. Website membership registration and management
- Required: Email, password, login ID, date of birth, full name, legal representative's name, phone number of legal representative
- Optional: Phone number, gender,
2. Provision of goods or services
- Required: Credit card information, payment information and settlement such as bank account information
- Optional: Provision of existing services such as content provision and past purchase history
3. Use for marketing and advertising
-Optional: Development of new services (products) and provision of customized services, provision of event and advertisement information and participation opportunities, provision of services and advertisements according to demographic characteristics
② In the process of using the Internet service, the following personal information items may be automatically generated and collected.
- IP connection address, cookies, MAC address, service use records, visit history, bad use of records, etc.         

6. Destruction of Personal Information

In principle, the Company destroys the personal information without delay when the purpose of processing personal information is achieved. The procedure, deadline, and method of destruction are as follows.
① The Company destroys the personal information without delay when personal information becomes unnecessary, such as the elapse of the personal information retention period or achievement of the processing purpose.  
② If the personal information retention period agreed by the information subject has elapsed or the purpose of processing has been achieved, in the event that personal information must be kept in accordance with other laws and regulations, the personal information may be moved to a separate database(DB) or stored in a different storage location.  
③ The procedure and method of destroying personal information are as follows.
1. Destruction procedure       
The Company selects the personal information for which the reason for destruction has occurred, and destroys the personal information with the approval of the Company's personal information protection manager.
2. Destruction method       
The Company destroys personal information recorded and stored in the form of electronic files so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.
3. Deadline for destruction       
When the personal information of the User has elapsed, within 5 days from the end of the retention period, when the personal information becomes unnecessary, such as achieving the purpose of processing personal information, abolition of the service, or the end of the business, the personal information will be destroyed within 5 days from the date it is recognized as unnecessary to process.

7. Measures to Ensure the Stability of Personal Information takes the following measures to ensure the stability of personal information.

① Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
② Technical measures: Management of access rights such as personal information processing system, installation of access control system, encryption of unique identification information, installation of security programs
③ Physical measures: Control access to the computer room, data storage room, etc.

8. Matters Concerning the Installation, Operation and Rejection of Automatic Personal Information Collection Devices

① The Company uses “cookies” that store and retrieve usage information from time to time to provide individual customized services. 
② Cookies are a small amount of information sent to the User's computer browser by the server(http) used to operate the website, and may be stored on the hard disk in the User's PC computer.
1. Purpose of use of cookies: It is used to provide optimized information to Users by identifying the types of visits and usage, popular search terms, secure access, etc. for each service and website visited by the User.
2. Installation, operation and rejection of cookies: You can refuse to store cookies by setting options in the Tools>Internet Options>Personal Information menu at the top of the web browser.
3. If you refuse to store cookies, you may experience difficulties in using customized services.

9. Personal Information Protection Officer

① The Company has designated a privacy officer as follows to remain responsible for handling of personal information, and for handling complaints and remedy for damages related to personal information processing. 
► Personal Information Protection Officer
Name: Seung-june Song
Position: CEO
Contact: 070-4048-5222
Email: june@wepware.com
② The information subject can inquire to the person in charge of personal information protection and the department in charge of all personal information protection related inquires, complaint handling, damage relief, etc. that occurred while using the Company’s service (or business). The Company will respond and handle inquiries from the information subject without delay. 

10. Remedy for Infringement of Rights and Interests

The information subject may contact the following organizations for damage relief, consultation, etc. for personal information infringement.
 
< The following companies and institutions is a separate agency, if you are not satisfied with Company's own personal information complaint handling and damage relief results, or if you need more detailed help, please contact us >
▶ Privacy Infringement Report Center (operated by Korea Internet & Security Agency)
- Website: privacy.kisa.or.kr
- Phone No.: (Without area code) 118
 
▶ Personal Information Dispute Mediation Committee
- Website : www.kopico.go.kr
- Phone No.: (Without area code) 1833-6972
 
▶ Cyber Crime Investigation Unit, Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)
 
▶ Cyber Security Bureau, National Police Agency: 182 (http://cyberbureau.police.go.kr)

11. Change of privacy policy

① This Privacy Policy is applied from the effective date.
② Users will be notified of any addition, deletion and/or modification in this Privacy Policy through the service screen and/or bulletin board of Wepware at least 7 days prior to the scheduled amendment.