Personal Information Handling Policy (or Privacy Policy)

Neosapience, Inc. (hereinafter “Company”) has established and announces its personal information handling policy in accordance with relevant statutes, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and the Personal Information Protection Act as follows.

1. Purpose of Handling Personal Information

The Company handles personal information for the following purposes only. It does not use such information for any purpose other than the following.

• Verification of users’ intention to subscribe to services, the provision of services for users and resultant verification and authentication of their identity, maintenance and management of  members’ qualification, prevention of illegal uses of services, payments, settlement, supply and delivery of goods or services, demographic analysis, analyses of visits to service sites and user logs, formation of relationships between users (based on their personal information and interests), new service development and existing service improvement (including the provision of tailor-made services based on users’ acquaintances and interests), use of marketing and ads, handling of users’ complaints (verification of the identity of users filing complaints, verification of complaints, ntacting and notifying users for factual surveys, notification, and notification of survey results)

2. Period of Handling and Retaining Personal Information

1. The Company shall handle and retain personal information for a certain period. The Company obtains consent from users in collecting and using their personal information or under statutes.
2. The detailed periods of handling and retaining personal information are as follows:
   • User subscription and management: Until the termination of a service user agreement or a user agreement, until fulfilling the purpose of preventing confusion in the use of services and illegal use of services (abnormal use of services, such as illicit subscription), including resolution of complaints and disputes, and until the settlement of remaining claims and obligations
   • Records on contracts, withdrawal of offers, payments, and goods purchased on electronic commercial transactions: five (5) years; Records on customers’ complaints or dispute- resolution: three (3) years; Records on indication and advertisements: six (6) months

3. Rights and Obligations of Users and their Legal Representatives and Methods for Exercising Such Rights and Obligations

1. Users and their legal representatives may exercise the following rights regarding the protection of their personal information against the Company at any time:
   • Right to demand access to their personal information
   • Right to demand correction of errors and others
   • Right to delete their personal information
   • Right to suspend their personal information handling
2. Users may check or revise their personal information at [Company’s Website] [Members’ Information] at any time or exercise the above rights by contacting a Privacy Officer in writing, by phone, or by e-mail.

4. Collected Personal Information Items, Collection Methods, and Transferring Information to Third Party Service Providers

1. The Company collects the following personal information items:
   • Mandatory items: e-mail, password, name, phone number, country of residence, service user logs, access logs, cookies, access IP information, payment records, name of user’s legal representative, legal representative’s telephone number, Google account information via Google sign-up/sign-in (personal open information about Google user information such as name, access information to Google services such as app, browser or device, and activity logs), various forms of media (including audio clips, photos, and video clips) submitted voluntarily by users for various purposes such as help requests
   • Optional items: occupation, date of birth
2. The Company shall collect personal information through the following methods:
   • If users agree on the collection of their personal information and enter such information by themselves in the course of obtaining membership and using services, then the Company collects such information..
   • Users’ personal information may be collected during consultation with the Company’s customer center via website, mail, fax or phone.
   • Users’ personal information may be collected in writing during events and seminars which are held offline.
   • The Company may be provided with personal information by its affiliated companies or organizations.
   • Information, such as device information, may be automatically created and collected in the course of using PC websites/mobile websites/applications.
3. The Company uses third party service providers for specific services, and transfers necessary information with the companies listed below.

Company

Intercom

Stripe

Iamport

Kakao Pay

NICE Payments

AWS

Firebase

Hotjar

Purpose

Customer Support, messaging

Payment

Payment

Payment

Payment

Operation

Authentication

Analyzing service usage & collecting feedback

4. The Company provides Facebook and Google with users’ behavioral information (such as web/app browsing history, web/app search history, app usage, advertisement identifier and more) for data analysis and utilization of the resulting data in targeted advertising campaigns.

Recipients of Behavioral Data

Facebook

Google

Purpose of Received Behavioral Data

To provide customized ads that fit the user’s interests

5. Destruction of Personal Information

In principle, if the purpose of handling personal information has been fulfilled, then the Company shall immediately destroy personal information.

The destruction procedure, deadline, and methods are as follows:

• Destruction procedure
  • Once the purpose of collecting personal information has been fulfilled, the information inputted by users shall be transferred to a separate DB (separate documents in case of paper). After being stored for a certain period of time under the Company’s internal guideline and other relevant statutes or immediately, this information will be destroyed. The personal information transferred to the database may not be used for any other purposes, unless permitted or required under law..
• Destruction Deadline
  • When the prescribed period of retaining personal information has passed, the purpose of handling personal information has been fulfilled, or the personal information has become unnecessary due to the revocation of pertinent services and cessation of a business, such information shall be immediately destroyed on the date when the personal information handling is acknowledged to be unnecessary. However, if statutes prescribe that the Company has an obligation to retain personal information for a certain period of time, then the Company shall keep such personal information secure during such a period of time.

6. Matters on Installation, Operation, and Rejection of Cookies

1. The Company uses cookies which store and frequently retrieve users’ information in order to provide individual and tailor-made services.
2. A cookie is a small piece of data, which a server uses for operating a website. The server sends the cookie to a computer browser, and it is stored on the hard disk on users’ computers.
   • Purpose of using cookies: The Company gathers and uses information regarding users’ visits, type(s) and use of each service and website that users use, popular search words, and whether users are using secure access, in order to provide users with optimized information.
   • Installation, operation, and rejection of cookies: Users may reject the storing cookies on their computers by clicking Tools > Internet Options > Personal Information Menu > Option Settings. If users reject the storing of cookies, they may have difficulty in using tailor-made services.

7. Privacy Officer

1. The Company appoints a Privacy Officer who is in charge of personal information handling, handling users’ complaints regarding their personal information, and remedying damage.
   • Privacy Officer
     Name: Taesu Kim
     Position: Representative Director
     Contact point: contact@neosapience.com,
     연락처 : contact@neosapience.com,
     This is connected to the department in charge of protecting personal information.
   • Department in Charge of Protecting Personal Information
     Department name: Operation Team
     Person-in-charge: Juncheol, Cho
     Contact point: privacy@neosapience.com
     
2. Users may contact the Privacy Officer and Personal Information Handling Department to make inquiries about matters regarding the protection of personal information, handling their complaints, and remedying damage, which arise during their use of the Company’s services (or business). The Company shall answer and deal with users’ inquiries without any delay.

8. Measures for Ensuring the Security of Personal Information

The Company takes administrative, technological, and physical measures required for ensuring the security of personal information in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and Personal Information Protection Act..

1. Administrative measures: Internal management planning & execution, regular employee training
2. Technological measures: Controlling access to user information, installation of access prevention system, encryption of identifiable information, use of security programs
3. Physical measures: Limited access to data centers & file cabinets

9. Amendment

This Personal Information Handling Policy shall take effect on its effective date. Any addition, deletion, and amendment in these terms and conditions under the statutes and this Policy shall be announced via notices seven (7) days prior to the effectuation of the amended terms and conditions.

This edition will take effect on May 7th, 2021. The previous editions are available below.

From March 7th, 2019 to April 15th, 2021: [Click]

From April 15th, 2021 to May 6th, 2021: [Click]