개인정보 처리방침

Privacy Policy

waveDeck Corp. (hereinafter referred to as the 'Company') protects the personal information of users who use the VOLI service and all accompanying services (collectively referred to as the 'Service') in accordance with relevant laws and regulations, and promptly resolves complaints related to it. We establish and disclose the following personal information processing policy in order to process it smoothly.

1. Purpose of processing personal data

The company processes personal information for the following purposes.

1. Membership sign-up and management: confirmation of member sign-up intention, identity verification, age verification, membership maintenance and management, prevention of fraudulent use of service, notification of various notices, confirmation of member registration over the age of 14 We do not accept membership registration for children under the age of 14)
2. Provision of goods or services: delivery of goods, provision of basic/customized services, delivery of contract invoices, identity verification, age verification, bill payment and settlement, debt collection
3. Grievance Handling: User identification, grievance confirmation, contact notification for factual investigation, handling result notification
4. Utilization for marketing and advertising: provision of customized advertisements, provision of event and advertising information, and opportunities for participation
5. Service improvement and development: improvement of existing services and development of new and customized services
6. Use of pseudonymous information: Pseudonymization and utilization of pseudonymous information for statistical writing, scientific research, and preservation of public records

2. Types of Data Collected

The company collects and processes the following personal information items for service users.

1. Basic collection (required items) when registering as a member: email, login ID, name, text content information entered in the prompt and text content information output by the AI engine
2. Sign up as a member over the age of 14 (Registration under the age of 14 is prohibited) Basic collection information for identity verification (required items): name, age group, gender, email
3. Items additionally provided by affiliates for the purpose of membership sign-up approval according to the member sign-up selection method

Affiliates/services selected by the user when registering as a member	Required offerings	Optional offerings
Register with Google ID (affiliate: Google LLC.)	Email, name
Register with NAVER ID (affiliate: Naver Co., Ltd.)	Email, name	gender
Register with Kakaotalk ID (affiliate: Kakao Co., Ltd.)	Email, name	gender

1. Items collected when using paid services
- ◦ Credit card : card company name, card number, email, date of birth, business registration number
- ◦ Account transfer : name of account holder, account number, account holding bank
- ◦ Mobile payment : mobile phone number, carrier information
2. Items to be collected to prevent duplicate account creation (required items): mobile phone number
3. In the process of using the service, the following personal information items are automatically: IP address, cookies, service use records (visit and use records, bad use records, etc.), device information (mobile phone model name, OS name and version information), advertising identifier
4. Grievances: Collect and process necessary items among the above information from users and separate items necessary for grievance handling

3. Retention of Data

① When the purpose of collection and use of personal information is achieved, or when a user withdraws from the service or loses the right to use the service, the company deletes and destroys the collected user's information without delay even without a separate request. However, despite membership withdrawal or loss of user qualification, the following information is retained for the following reasons.

1. If an investigation is in progress due to a violation of related laws, until the end of the investigation
2. In case of remaining credit/debt relationship due to app use, until settlement of the relevant credit/debt relationship
3. If the company terminates the service use contract in accordance with the terms of use, the service

② Notwithstanding the preceding clause, the company retains it until the end of the applicable period in the following cases.

1. Personal information related to service use (log records): 3 months, which is the retention period under the Protection of Communications Secrets Act
2. Records on contracts or subscription withdrawals, and records on payment and supply of goods: 5 years, which is the retention period under the 「Act on Consumer Protection in Electronic Commerce, Etc.」
3. Records on consumer complaints or dispute handling: 3 years, which is the retention period under the 「Act on Consumer Protection in Electronic Commerce, Etc.」
4. Records on display and advertisement: 6 months, which is the retention period under the 「Act on Consumer Protection in Electronic Commerce, Etc.」
5. Books and evidential documents for all transactions stipulated by the tax law: 5 years, which is the retention period under the 「Framework Act on National Taxes」

③ The company separately stores or deletes and manages the personal information of users who have not used the service for 1 year or a period separately set by the user (3 years).

4. Provision of personal information to third parties

The company provides personal information to a third party only with the consent of the user or when there are special provisions of the Personal Information Protection Act or other laws.

5. Consignment of personal information processing

① The company entrusts the following personal information processing tasks for smooth personal information processing.

Entrusted person (trustee)	Contents of entrusted business
Kakao Co., Ltd., Naver Co., Ltd.	Delivery of notices, development of new services (products) and provision of customized services, provision of event and advertising information, and provision of participation opportunities
Amazon Web Services Inc.	Infrastructure management for personal information processing
Korea Port One Co., Ltd.	Payment consignment for the provision of paid services

In accordance with Article 26 of the Personal Information Protection Act, when concluding a consignment contract, the company specifies in documents such as the contract the matters related to responsibilities such as prohibition of handling personal information for purposes other than the purpose of entrusted business, technical and managerial protection measures, restrictions on re-entrustment, and management and supervision of the trustee. and supervises whether the trustee handles personal information safely.
③ The company entrusts the processing of personal information to a third party outside the country as follows.
Google LLC.

• Items of personal information to be transferred
• Transferred Country: United States
• Date and time of transfer and transfer method: Transfer from time to time through the information and communication network at the time of service use
• Name/Contact of Transferee: Google LLC. / googlekrsupport@google.com
• Purpose of use of personal information by the transferee: Analysis of personal information and user data
• Retention and use period of transferee: Destroy immediately after membership withdrawal or loss of user qualification (however, if Article 3 Paragraph 2 or Paragraph 3 applies, it will be followed)

6. Use and provision of personal information within the scope reasonably related to the purpose of collection

The company may use personal information or provide it to a third party without the user's consent, considering each of the criteria below within a reasonable scope and the original purpose of collection.

1. Whether or not there is relevance to the original purpose of collection : Judgment based on consideration of whether the original purpose of collection and the purpose of additional use/provision are related in nature or tendency
2. Whether there is predictability of further use or provision of personal information in light of the circumstances in which personal information was collected or processing practices : the relationship between personal information controllers and users, the level of technology and the speed of development, and general circumstances established over a considerable period of time (practices), etc.
3. Whether or not the user's interest is unfairly infringed : Judgment in consideration of whether the user's interest is substantially infringed in relation to the additional purpose of use and whether the infringement of the interest is unreasonable
4. Whether necessary measures have been taken to ensure safety, such as pseudonymization or encryption : Determining whether safety measures are taken in consideration of the possibility of infringement

7. Rights and obligations of users and legal representatives and how to exercise them

① Users can exercise their rights to the company at any time, such as viewing, correcting, deleting, or requesting suspension of processing of personal information.
② The exercise of rights under Paragraph 1 can be done in writing or via e-mail, and the company will take action without delay.
③ The exercise of rights under Paragraph 1 can be done through an agent, such as a user's legal representative or an entrusted person. In this case, you must submit a power of attorney to confirm the fact of delegation to the mandate.
④ The exercise of rights such as viewing, correcting, deleting, and requesting suspension of processing of personal information of users may be restricted in accordance with the provisions of related laws such as the Personal Information Protection Act.
⑤ Requests for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.
⑥ The company checks whether the person who made the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing according to user rights, is the person or a legitimate agent.

8. Destruction of personal information

① The company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing.
② If personal information must be kept in accordance with the laws and regulations set forth in Article 3, Paragraph 2, even though the retention period agreed to by the user has elapsed or the purpose of processing has been achieved, the personal information is stored in a separate database (DB). It is moved to or stored in a different storage location for preservation.
③ The procedure and method of destroying personal information are as follows.

1. Destruction procedure: The company selects the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the person in charge of personal information protection of the company.
2. Destruction method: The company destroys personal information recorded and stored in the form of electronic files using technical methods so that the records cannot be reproduced, and personal information recorded and stored in paper documents is shredded with a shredder or destroyed by incineration.

9. Measures to ensure the safety of personal information

The company takes the following measures to ensure the safety of personal information.

1. Administrative measures: Establishment and execution of internal management plans, regular employee training, etc.
2. Technical measures: Technical measures against hacking, etc. Encryption of personal information, storage of access records, prevention of forgery, etc.
3. Physical measures: Access control in server rooms, data storage rooms, etc.

10. Matters concerning the installation, operation and rejection of automatic personal information collection devices

The company uses 'cookies' to store and retrieve usage information as follows to provide personalized services to users. Cookies are a small amount of information that the server used to run the website sends to the user's computer browser, and is sometimes stored on the hard disk of the user's PC computer.

1. Purpose of use of cookies: Analysis of user's access frequency or visit time, identification of user's service use pattern and tracking, security management and service improvement and new service development, customized service and advertisement provision through secure access, user size, etc. to use.
2. Installation, Operation and Rejection of Cookies: Service users have the option to install cookies. Therefore, users can refuse to save cookies by changing the option settings in their web browser.
3. If you refuse to save cookies, you may experience difficulties in using some services.

11. Personal Information Protection Officer

① The company is responsible for overall handling of personal information, and has designated the person in charge of personal information protection as follows to handle user complaints and damage relief related to personal information processing.
• Privacy Officer

◦ Name: Jeong Hae-gap
◦ Position: CEO
◦ Contact: +82-70-7954-4511, contact@wavedeck.ai

② Users can make inquiries to the person in charge of personal information protection and the department in charge below regarding all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's service (or business).

• Department Name: waveDeck CX Team
• Contact: +82-70-7954-4511, contact@wavedeck.ai

12. Remedy for Infringement of Rights and Interests

① Users may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Reporting Center, etc. in order to receive relief from personal information infringement.

② The company guarantees the user's right to self-determination of personal information, and strives to provide consultation and relief for damage caused by personal information infringement.
③ Disposition taken by the head of a public institution in response to requests under the provisions of Article 35 (Inspection of Personal Information), Article 36 (Correction/Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act Or, a person whose rights or interests have been infringed upon due to an omission may request an administrative appeal in accordance with the Administrative Appeals Act.

13. Changes in Privacy Policy

The company may revise the privacy policy for the purpose of reflecting changes in laws or services. If the personal information processing policy is changed, the company will post the change at least 7 days before the effective date, and the changed personal information processing policy will take effect on the effective date stated. However, when there is a significant change in user rights, such as a change in the items of personal information collected or the purpose of use, we will notify you at least 30 days in advance.