Privacy Policy
VIRNECT Inc. (hereinafter "Company") complies with personal information protection regulations under applicable laws that information and communications service providers must observe, including the Act on Promotion of Information and Communications Network Utilization and Information Protection and the Personal Information Protection Act, with respect to the products and website (https://virnect.com) operated by the Company, and establishes a Privacy Policy in accordance with applicable law to do its utmost to protect the information of users (including both "members" and "non-members").
VIRNECT's personal information protection policy is as follows.
- Items and methods of personal information collection
- Purposes of personal information collection and use
- Provision of personal information to third parties
- Entrustment of personal information processing to third parties
- Retention and use period of personal information
- Procedures and methods for destruction of personal information
- Separate management of personal information for dormant accounts
- Rights of users and legal guardians and how to exercise them
- Obligations of users
- Installation and operation of automatic personal information collection devices and options to refuse
- Technical and administrative measures for personal information protection
- Contact information of the personal information protection officer and person in charge
1. Items and Methods of Personal Information Collection
The Company collects the minimum personal information necessary for product provision and smooth customer support as described below.
a. Items of personal information collected
• Required information: full name, company name, department, position, email, phone number, inquiry content
• Automatically collected information: app activity data via Firebase Analytics, app error reporting data via Firebase Crashlytics
b. Collection methods
• The Company collects personal information in the following ways.
- Collection through the website, email, telephone, or fax
- Collection during the execution or use of the products
2. Purposes of Personal Information Collection and Use
a. Performance of contracts regarding product provision
• Provision, maintenance, and management/protection of products and content, purchase and fee payment
b. User management
• Product provision, personal identification, prevention of fraudulent use by bad actors and unauthorized access, record-keeping for dispute resolution, technical support and other customer service, delivery of notices, confirmation of membership withdrawal intent
c. Use of data for product improvement
• Improvement of product functionality and user experience for product improvements and new product development, error report analysis, development and specialization of new products, identification of access frequency and statistical analysis of user product usage
d. Marketing and advertising use (optional)
• Provision of products and placement of advertisements according to demographic characteristics, verification of product validity, provision of event and promotional information and participation opportunities
3. Provision of Personal Information to Third Parties
a. The Company uses users' personal information within the scope notified in "Section 2 Purposes of Personal Information Collection and Use" and does not, in principle, use it beyond that scope or provide users' personal information to third parties without the user's prior consent. However, the following cases are exceptions.
• Third-party recipient: Google Inc.
- To improve service quality, the Company uses Firebase Analytics and Firebase Crashlytics, mobile application analytics services provided by Google Inc., and transmits log information, cookies, error reports, and similar data to Google Inc. servers.
• Where the user has consented to third-party provision in advance
• Where investigative agencies or supervisory authorities request information in accordance with procedures and methods prescribed by law for investigative or inquiry purposes
• Where otherwise required by the basis provisions of individual laws
• Where necessary for statistical compilation, academic research, or market research and provided in a form that does not identify specific individuals
b. In other cases where it is necessary to provide personal information to third parties, the Company may provide personal information to third parties after obtaining the user's consent through an appropriate procedure.
4. Entrustment of Personal Information Processing to Third Parties
The Company entrusts all payment processing operations for the Company's products — including credit card, bank transfer, mobile payment, and ARS payment methods — to payment gateway (PG) companies that process payments for the Company's products over the internet, and members' personal information may be provided in the course of processing such entrusted work.
5. Retention and Use Period of Personal Information
The Company destroys personal information without delay when the purpose of its collection and use has been achieved or upon the user's request. However, the following information is retained for the periods specified below for the stated reasons.
a. Reasons for retaining information under applicable laws
Where retention is necessary pursuant to provisions of laws such as the Act on Consumer Protection in Electronic Commerce and the Commercial Act, the Company retains member information for the period specified by the relevant law and uses such retained information solely for the purpose of its retention. Retention periods are as follows.
• Records regarding contracts or withdrawal of offers
- Reason for retention: Act on Consumer Protection in Electronic Commerce
- Retention period: 5 years
• Records regarding payment and supply of goods, etc.
- Reason for retention: Act on Consumer Protection in Electronic Commerce
- Retention period: 5 years
• Records regarding consumer complaints or dispute resolution
- Reason for retention: Act on Consumer Protection in Electronic Commerce
- Retention period: 3 years
• Records of website visits
- Reason for retention: Protection of Communications Secrets Act
- Retention period: 3 months
• Information collected through Firebase Analytics and Firebase Crashlytics
- Retention period: Upon membership withdrawal or termination of third-party information provision
6. Procedures and Methods for Destruction of Personal Information
The Company's procedures and methods for destruction of personal information are as follows.
a. In principle, users' personal information is destroyed without delay once the purpose of its collection and use has been achieved.
b. If personal information must continue to be retained pursuant to other laws despite the expiration of the retention period consented to by the user or the achievement of the processing purpose, the relevant personal information is transferred to a separate database (DB) or stored in a different storage location before being destroyed.
c. Destruction methods
• Personal information printed on paper is destroyed by shredding or incineration.
• Personal information stored in electronic file format is destroyed using methods that render the records irrecoverable.
7. Separate Management of Personal Information for Dormant Accounts
The Company separately manages the following information for members who have not used or logged in to the Company's products for a period of one year from the time of last login.
<Information subject to separate management>
a. Personal information collected and managed at the membership registration and member information update stage
b. Information generated in the course of product use, such as member access logs, product usage history, and payment records
8. Rights of Users and Legal Guardians and How to Exercise Them
a. Product users may contact the Company's personal information manager or personal information protection officer in writing, by telephone, or by email to request access, correction, or withdrawal.
b. If a user requests correction of an error in personal information, that personal information will not be used or provided until the correction is completed. If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction result without delay so that the correction is made.
c. Personal information that has been cancelled or deleted at the user's request is handled in accordance with "5. Retention and Use Period of Personal Information" and is processed so that it cannot be accessed or used for any other purpose.
9. Obligations of Users
Users have an obligation to protect their own personal information, and the Company bears no responsibility for problems arising from the disclosure of personal information due to the user's own carelessness or internet-related issues.
a. Users must keep their personal information up to date, and the user is responsible for any problems arising from the entry of inaccurate information.
b. Using another person's resident registration number or other personal information to register as a member or engage in transactions may result in loss of user status and punishment under the Resident Registration Act.
c. Users are responsible for maintaining the security of their ID, password, and similar credentials, and may not assign or lend these to third parties. Users have an obligation to cooperate in periodically changing passwords for security in accordance with the Company's information security policy.
d. After using the Company's products, users must log out of their account and close the web browser program.
e. Users must comply with the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Resident Registration Act, and other laws relating to personal information.
10. Installation and Operation of Automatic Personal Information Collection Devices and Options to Refuse
a. What are cookies?
• Cookies are very small text files sent by the server operating the website to the user's browser and stored on the user's computer hard drive. When the user subsequently visits the website, the website server reads the cookie content stored on the user's hard drive to maintain the user's settings and provide personalized products.
• Cookies do not automatically or actively collect personally identifiable information, and users may refuse to store or delete cookies at any time.
b. Purpose of cookie use
• To analyze the access frequency and visit times of members and non-members, identify user preferences and areas of interest, track behavior, and determine visit counts in order to provide targeted marketing and personalized products.
c. Installation/operation of cookies and options to refuse
• Users have a choice regarding cookie installation. Users may allow all cookies, require confirmation each time a cookie is stored, or refuse to store all cookies by adjusting their web browser settings.
• However, refusing to store cookies may cause difficulties in using the products.
11. Technical and Administrative Measures for Personal Information Protection
In processing users' personal information, the Company takes the following technical and administrative measures to ensure stability so that personal information is not lost, stolen, leaked, altered, or damaged.
a. Countermeasures against hacking and similar threats
• The Company does its utmost to prevent members' personal information from being leaked or damaged by hacking or computer viruses. Data is backed up regularly to prepare for damage to personal information, and the latest antivirus programs are used to prevent users' personal information or data from being leaked or damaged; encrypted communications are used to ensure that personal information can be transmitted securely over networks. In addition, intrusion prevention systems are used to control unauthorized access from outside, and every possible technical measure is employed to ensure system-level security.
b. Minimization of processing staff and training
• The Company limits personal information processing staff to those with designated responsibilities and consistently emphasizes compliance with the Privacy Policy through regular training. Handover of personal information processing duties is carried out thoroughly with security maintained, and responsibility for personal information incidents before and after employment is clearly established.
c. Operation of a dedicated personal information protection body
• Through security pledges signed by all employees at the time of hire, the Company prevents information leakage by individuals in advance, and through an in-house dedicated personal information protection body, verifies compliance with the Privacy Policy and whether those in charge are adhering to it, and strives to immediately correct and remedy any problems found. However, the Company bears no responsibility for problems arising from the disclosure of personal information such as IDs or passwords due to the user's own carelessness or internet-related issues.
12. Contact Information of the Personal Information Protection Officer and Person in Charge
To protect your personal information and handle complaints related to personal information, the Company has established a personal information department and a personal information protection officer. Please contact the personal information department or personal information protection officer below regarding any inquiries related to your personal information.
a. Personal Information Protection Officer
- Name: 하태진
- Phone: 070-7733-2744
- E-mail: ha@virnect.com
b. For other reports or consultations regarding personal information infringement, please contact the following agencies.
• Personal Information Infringement Report Center (https://privacy.kisa.or.kr / 118 without area code)
• Supreme Prosecutors' Office Cyber Crime Investigation Unit (http://www.spo.go.kr / 1301 without area code)
• National Police Agency Cyber Safety Bureau (http://cyberbureau.police.go.kr / 182 without area code)