Infocreative Co.,Ltd. ("the Company") collects personal information in compliance with Article 30 of the Personal Information Protection Act. This Privacy Policy is established to safeguard the personal information of users ("Subject of Information") of the Company's Tray Storage App service and to ensure that any related complaints are addressed promptly and efficiently.

 

Article 1 (Purposes of Personal Information Collection and Use)

             The Company collects only the necessary personal information required to provide its services. Personal information is collected for specific purposes with the Subject of Information's consent. The collected personal information will be used exclusively for the purposes listed below. Should there be a need to use the information for other purposes, the Company will take appropriate measures, including obtaining additional consent from the Subject of Information, as mandated by Article 18 of the Personal Information Protection Act.

Purpose

Details

User Sign-up, Registration, and Management

To verify and authenticate service provision, prevent duplicate and fraudulent registrations, maintain and limit user qualifications, and for various notifications and announcements

Provision of Services and Usage

For document registration and management

Complaint Handling

To address complaints, verify identity, notify of processing results, and make contact if necessary

Marketing and Promotion

To provide information about events, promotions, and offer participation opportunities

 

             Notwithstanding paragraph (1), the Company may collect and use personal information without the consent of the Subject of Information within the scope of the stated purposes when:

1.       There is a specific provision in the law;

2.       The personal information is unavoidably generated during the use of the service by the Subject of Information.

 

Article 2 (Personal Information Collection and Usage)

Below are the types of personal information the Company collects and the purposes for which they are collected:

Purpose

of Collection

Method

of Collection

Specific Information Collected

User Registration and Management

Via the App

User ID, password, mobile phone number (for users under the age of 14, a legal guardian's mobile phone number is required)

Via Facebook

User ID, phone number, password

Via Google

Name, email address

Via Apple

User ID, password

Service Provision

(Optional) Name, date of birth, gender, email address

Handling Complaints and Dissatisfaction

Name, email address, contact information, 1:1 inquiry details, complaint and dissatisfaction details

 

     The information collected for marketing and promotional purposes may vary. The Subject of Information will be asked for separate consent at the time of collection.

 

Article 3 (Retention and Use Period of Personal Information)

             The Company processes and retains personal information for the period agreed upon at the time of collection or as mandated by law.

             The specific retention and usage periods for personal information processed by the Company are detailed below:

Category

Information

Retention Period

Exception

Sign up and Management

Information collected at the time of sign-up

Until the user's withdrawal or account deletion

Information is retained for 2 years after withdrawal or deletion to verify re-registration or prevent fraudulent registration.

Complaint Handling

Information collected during the handling of user complaints

Until the resolution of complaints and disputes

Records of the processing and results are retained for a minimum of 3 years in accordance with the E-Commerce Law.

Information and Communication Records

App visit and usage records, search records

Until the user's withdrawal or account deletion

Records are kept for a minimum of 3 months as per the Enforcement Decree of the Protection of Communications Secrets Act, and the final access records are retained for 1 year according to the Personal Information Protection Act.

 

Article 4 (Disclosure of Personal Information to Third Parties)

             The Company generally does not disclose the personal information of the Subject of Information to third parties. In instances where personal information is provided to third parties, the Company will notify the Subject of Information of the recipient's identity, the purpose for which the recipient will use the personal information, the specific items of personal information being shared, the period for which the personal information will be retained and used by the recipient, the Subject of Information's right to deny consent, and the potential disadvantages of refusing consent.

             Despite the above stipulation, the Company may disclose personal information to third parties without the consent of the Subject of Information under the following circumstances:

1.       When a specific legal provision exists;

2.       When requests are made by government and public institutions, investigative agencies, courts, etc., on a legal basis;

3.       When providing pseudonymized information for statistical analysis, scientific research, or preservation of public records;

4.       In cases of emergencies, such as natural disasters, infectious diseases, imminent threats to life or physical safety, or urgent risks of property loss.

 

Article 5 (Rights of the Subject of Information and How to Exercise Them)[my1] 

             The Subject of Information is entitled to the following rights concerning their personal information processed by the Company:

1.           Inspection of Personal Information: The Subject of Information may request to view their personal information held by the Company as per Article 35 of the Personal Information Protection Act. The Company is committed to efficiently handling these access requests. However, access may be limited or denied under certain circumstances such as legal restrictions, potential harm to an individual's life or physical safety, or the possibility of infringing on the rights and interests of others.

 

2.   Rectification or Erasure of Personal Information: In accordance with Article 36 of the Personal Information Protection Act, the Subject of Information has the right to ask for corrections or deletion of their personal information that the Company holds. This request may not be granted if the law mandates the collection of the specific personal information.

3.   Suspension of Processing of Personal Information - Under Article 37 of the Personal Information Protection Act, the Subject of Information may request the Company to halt processing their personal information or to withdraw their consent to process their personal information. However, the Company may deny this request in cases where there are specific legal mandates, compliance with legal obligations is necessary, there is a potential risk to an individual's life or physical safety, there's a risk of infringing on the rights and interests of others, or if the Subject of Information has not explicitly indicated their desire to terminate their service agreement.

 

             The Subject of Information can exercise the rights outlined in Paragraph (1) by reaching out to the Personal Information Protection Officer at +82 2-333-7334 or by emailing support@traystorage.net. The Company commits to responding promptly to such requests.

             In the event the Subject of Information requests the correction or deletion of inaccuracies in their personal information, the Company will refrain from using or disclosing the concerned information until the correction or deletion process is completed. Should incorrect personal information have been disclosed to a third party, the Company will immediately inform them to ensure the necessary corrections or deletions are made.

             A legal representative of the Subject of Information or an individual duly authorized by the Subject of Information may act on their behalf to exercise the rights mentioned in Paragraph (1). This can be done by submitting a document that verifies their authority to the Company.

 

Article 6 (Destruction of Personal Information)

        The Company will promptly destroy personal information when it is no longer necessary, such as upon fulfilling the purpose, expiration of the retention and use period, or conclusion of the business operations.

        Notwithstanding the immediate destruction policy outlined in paragraph 1, if legal obligations necessitate the continued retention of personal information, the Company will segregate and manage the information apart from other personal data.

 

        For cases where the Company is mandated by legislation, such as the E-Commerce Law and the Protection of Communications Secrets Act, to retain personal information for a predetermined period, it commits to securely storing this information throughout that period.

         Upon the expiration of the retention period, the Company will initiate the process for the destruction of personal information.

1.       Destruction Procedure: The Company identifies personal information that is no longer necessary and, under the supervision of the Personal Information Protection Officer, proceeds with its destruction.

2.       Destruction Method: Personal information recorded or stored in electronic file format is permanently deleted in an irrecoverable manner, and personal information recorded on paper documents or other recording media is shredded, incinerated, or masked/punched to ensure destruction.

 

Article 7 (Ensuring the Security of Personal Information)

The Company adopts the following measures to prevent the loss, theft, leakage, alteration, damage, or compromise of the Subject of Information's personal data:

1.          Developing and executing an internal management plan dedicated to the protection of personal information, including regular training for employees.

2.          Implementing access controls and restricting permissions to the personal information processing systems, encrypting sensitive identifiers, and installing security software.

3.          Securing physical storage facilities or deploying locking mechanisms and access controls to safeguard stored personal information.

 

Article 8 (Installation, Operation, and Refusal of Automatic Data Collection Devices)

             The Company employs 'cookies' to gather and intermittently recall usage data, offering tailored services to the Subject of Information. Cookies are small data files transmitted from the website's server to the Subject of Information's web browser and may be saved on the Subject's PC hard drive.

             The purposes and installation details

1.       Purpose: Cookies help understand the Subject of Information's browsing history and usage patterns, enabling the provision of personalized content.

2.       Management Options: The Subject of Information has the option to configure their browser settings to either accept or reject cookies. For instance:

ž   Internet Explorer: Go to the top of the web page, click on "Tools," select "Internet Options," go to the "Privacy" tab, and adjust cookie settings.

ž   Google Chrome: Go to "Settings," select "Advanced settings," and manage privacy settings.

3.       Declining cookies might limit the availability or functionality of personalized services.

 

Article 9 (Designation of Privacy Officers)

The Company is committed to the responsible management of personal information processing. To this end, it has appointed Privacy Officers to oversee the processing of personal information, address complaints and provide remedies related to personal information, and support the Subject of Information in exercising their rights. The designated officers are as follows:

ž   Name: Do Cheon Jeong

ž   Position: CEO & Director

ž   Contact Number: +82 2-333-7334

ž   Email: support@traystorage.net

 

Article 10 (Remedies for Violation of Subject of Information's Rights)

             Subjects of Information seeking remedies for personal information violations can consult the following external organizations. These bodies operate independently of the Company and offer additional support for those unsatisfied with the Company's handling of personal information concerns.

Agency

Address[RB2] 

Contact

Website

Personal Information Infringement Report Center


(Operated by Korea Internet & Security Agency)

9, Jinheung-gil, Naju-si, Jeollanam-do, Republic of Korea

118

(no country code required)

privacy.kisa.or.kr

Personal Information Dispute Mediation Committee

Government Complex Seoul 12th floor, 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea

1833-6972

(no country code required)

www.kopico.go.kr

Cyber Investigation Division of Supreme Prosecutors' Office

 

1301

(no country code required)

www.spo.go.kr

Korean National Police Agency Electronic Cybercrime Report&Management system

 

182

(no country code required)

ecrm.cyber.go.kr

 

             The Company is dedicated to providing assistance with consultations and remedies related to personal information rights violations. For consultation, please reach out to:

ž   Contact Person: Do Cheon Jeong

ž   Contact Number: +82 2-333-7334

ž   Email: support@traystorage.net

 

Article 11 (Amendment and Implementation of Privacy Policy)

         The Company will notify the Subjects of Information of any changes to this privacy policy by comparing the content before and after the amendments at least seven days in advance of the changes taking effect.

         This privacy policy will come into effect on February 1, 2024.