Privacy policy
BUSINESS PARTNER PRIVACY POLICY
AISUM Inc. (hereinafter referred to as "the Company") complies with the regulations on personal information protection required by laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, Personal Information Protection Act, Act on the Protection of Telecommunications Secrets, and Telecommunications Business Act. The company is committed to protecting user rights by establishing a personal information handling policy in accordance with related laws. This privacy policy applies to the services provided by the company and contains the following:
1. Collecting Personal Information
a. Types of Collecting Personal Information
First, for the purposes of membership (or service) registration, faster customer consultation, and the provision of various services, the company collects the following minimum necessary personal information as mandatory items.
| Service | Types |
| aedi.AI | For Business Advertisers: ID, password, email address, telephone number, mobile phone number, contact person's name, business information (representative's name, company name, address) - Optional: Refund account information (bank name, account number, account holder's name) For Individual Advertisers: Name, ID, password, CI (encrypted personal identification information), DI (duplicate registration check information), date of birth, gender, email address, address, telephone number, mobile phone number - Optional: Refund account information (bank name, account number, account holder's name) For Agencies: Name, affiliated agency, ID, password, email, position, telephone number, mobile phone number, IP, copies of identity card, health insurance card, |
| employment certificate, date of birth | |
| Checkouts | Representative's name, ID, password, shopping mall name, shopping mall address, customer service telephone number, customer service fax number, representative email address, settlement account information (bank name, account number, account holder's name), contact information (name, telephone number, mobile phone number, email address), shipping/return information (name, contact, address) |
Second, in the process of using the service or during the execution of service provision tasks, the following information may be automatically generated or additionally collected:
- IP Address, cookies, access log, visit date and time, service usage records, misuse records
Third, in the course of using the company's platform or online services, the following information may be additionally collected for users of specific services:
- Upon consent to additional collection of personal information
Fourth, for service usage that requires identity verification to comply with relevant laws, the following information may be collected:
- Name, date of birth, gender, duplicate registration check information (DI), encrypted personal identification information (CI), mobile phone number (optional), I-PIN number (when using I-PIN), domestic/foreigner information.
Fifth, in the process of using paid services, the following payment information may be collected:
- For credit card payments: card company name, card number, etc.
- For account transfers: bank name, account number, etc.
b. Method of Collecting Personal Information
The company collects personal information through the following methods:
- Website, written forms, fax, telephone, consultation boards, email, event entries, delivery requests
- Provided by partner companies
- Collected through information collection tools.
(2) Method of collection
The Company collects the information of users in a way of the followings:
- Webpage, written form, fax, telephone calling, e-mailing, tools for collection of created information
- Provided by partner companies
2. Purposes of Collecting Personal Information
a. Fulfillment of contracts related to service provision and fee settlement for service provision
Providing content, offering customized services, shipping goods or sending invoices, identity verification, purchase and payment of fees, collection of fees.
b. Member management
Providing membership services, personal identification, measures against members violating the terms of use, preventing and sanctioning acts that disturb the smooth operation of services and misuse, confirming the intention to join, limiting the number and frequency of registrations, confirming the consent of the legal representative when collecting personal information from children under 14, verifying the identity of the legal representative later, preserving records for dispute resolution, handling complaints and inquiries, communicating notices, confirming the intention to withdraw from membership.
c. Development of new services and utilization in marketing and advertising
Developing new services and offering personalized services, providing services and advertisements based on statistical characteristics, verifying the effectiveness of services, offering information and opportunities for participation in events, providing advertising information, understanding the frequency of access, statistical analysis of members' service usage.
3. Provision of Personal Information
a. The company uses the personal information of users within the range notified in "2. Purposes of Collecting and Using Personal Information" and does not use it beyond this range or disclose it to the outside without the prior consent of the user. However, exceptions are made in the following cases:
- When users have previously consented to disclosure,
- When required by law or requested by investigative agencies according to the procedures and methods defined by law for investigative purposes.
4. Retention of Personal Information
The personal information of users is destroyed without delay once the purpose of its collection and use has been achieved. However, the following information is retained for the period specified below for the following reasons:
a. Reasons for Information Retention Based on Company Policies
| Information | Reasons | Period |
|
Misuse records (ID, name, ID) |
Prevention of fraudulent registration and use ※ 'Misuse records' refer to records of restrictions such as use restrictions imposed by the company due to fraudulent use of image information on aedi.AI. |
6 months |
|
Misuse/Infringement of Rights on aedi.AI (representative's name, ID, media name, media address, shopping mall name, shopping mall address) |
Prevention of fraudulent registration and use ※ 'Marketing center misuse records' refer to seller information that violated relevant laws and terms of use during the use process or infringed the rights or interests of members or others. |
3 years |
| Withdrawal Records | Handling complaints, etc. | 30 days |
b. Information Retention Required by Related Laws
The company retains member information for a certain period as defined by the laws of the Commercial Act, the Act on the Consumer Protection in Electronic Commerce, etc., when it is necessary to preserve information according to the provisions of related laws. In this case, the company uses the retained information only for the purpose of preservation, and the retention period is as follows:
| Information | Reasons | Period |
|
Records related to contracts or subscription withdrawals |
Act on the Consumer Protection in Electronic Commerce, etc. |
5 years |
|
Records on payment and supply of goods, etc. |
Act on the Consumer Protection in Electronic Commerce, etc. |
5 years |
| Records on labeling/advertising |
Act on the Consumer Protection in Electronic Commerce, etc. |
6 months |
| Documentary evidence related to all transactions defined by tax law | Basic Tax Act, Corporate Tax Act | 5 years |
| Records on electronic financial transactions | Electronic Financial Transactions Act | 5 years |
| Records of website visits | Protection of Communications Secrets Act | 3 months |
5. Deleting Personal Information
The personal information of users can be deleted without delay once the purpose for collecting and using the information is achieved.
The company's procedure and method for deleting personal information are as follows:
a. Deleting Procedure
Information entered by users for membership registration, etc., is transferred to a separate DB (in the case of paper, to a separate document box) after the purpose has been achieved and is stored for a certain period according to internal policies and other relevant legal reasons (refer to the retention and usage period) and then deleted. This personal information is not used for any purpose other than retention unless required by law.
b. Deleting Method
Personal information printed on paper is deleted by shredding or incineration. Personal information stored in electronic file format is deleted using technical methods that make the records unrecoverable.
6. Rights of Users and Use of Legal Representatives
Users and legal representatives can inquire or modify the personal information of themselves or a child under the age of 14 registered at any time, and may refuse to consent to the processing of personal information or request withdrawal of membership (cancellation) if they do not agree with the processing of personal information by the company. However, in such cases, it may be difficult to use part or all of the services.
To inquire, modify, or cancel the membership regarding the personal information of a user or a child under 14, one can contact the personal information management officer or the person in charge of personal information management by written document, phone, or email, and action will be taken without delay.
If a user requests correction of an error in their personal information, the company will not use or provide that personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the company will notify the third party of the correction process without delay to ensure that the correction is made.
The company treats personal information that has been terminated or deleted at the request of the user or legal representative according to the specifications in "5. Retention and Use Period of Personal Information" and ensures it cannot be viewed or used for any other purposes.
7. Refusal to Collection of Personal Information
a. Cookies
The company uses cookies to store and frequently retrieve user information to provide personalized and customized services.
Cookies are very small text files sent to the user's browser by the server used to operate the website and are stored on the user's computer's hard disk. These cookies are used to maintain user settings and provide customized services by reading the contents of cookies stored on the user's hard disk when the user visits the website.
Cookies do not collect information that identifies individuals automatically/actively, and users can refuse or delete cookies at any time.
b. Purpose of Using Cookies
Users have the option to install cookies. Therefore, users can allow all cookies, check each time a cookie is saved, or refuse to save all cookies by setting options in the web browser.
However, if you refuse to store cookies, some services requiring login may be difficult to use.
The method of specifying whether to allow the installation of cookies (for Internet Explorer) is as follows:
- Select [Internet Options] from the [Tools] menu.
- Click the [Privacy tab].
- Set the [Privacy handling level].
8. Protection of Personal Information
The company takes the following technical/administrative measures to ensure the safety of personal information to prevent it from being lost, stolen, leaked, altered, or damaged in handling users' personal information.
a. Encryption of Passwords
Passwords for member IDs (ID) are stored and managed encrypted, so only the person knows them, and confirmation and change of personal information are possible only by the person who knows the password.
b. Measures Against Hacking
The company does its best to prevent leakage or damage of members' personal information due to hacking or computer viruses.
Data is regularly backed up in preparation for damage to personal information, uses the latest antivirus programs to prevent leakage or damage of information and personal information, and securely transmits personal information on the network through encrypted communication. The company also uses intrusion prevention systems to control unauthorized access from the outside and strives to equip all possible technical devices to secure system security.
c. Minimization and Training of Handling Staff
The company restricts the handling of personal information to designated handlers, assigns a separate password to them, regularly renews it, and emphasizes compliance with the personal information handling policy through periodic training for handlers.
d. Operation of a Dedicated Organization for Personal Information Protection
The company checks the implementation of the personal information handling policy and compliance of handlers through an in-house personal information protection dedicated organization, etc., and strives to correct and rectify problems immediately upon discovery.
However, the company is not responsible for damages not caused by the company's fault, despite fulfilling its obligation to protect personal information, due to the user's own carelessness or accidents in areas not managed by the company.
9. Contact Information
You can report all personal information protection-related complaints arising from using the company's services to the personal information management officer or the department. The company will provide a prompt and sufficient answer to users' reports.
Personal Information Management Officer
Name: Jo Seung-yeon
Company: AISUM Inc.
Position: Senior Researcher
Phone: 070-4837-1074
Email: web@aisum.com
For reports or consultations on personal information infringement, please contact the following institutions:
Personal Information Infringement Report Center (http://privacy.kisa.or.kr / dial 118)
Supreme Prosecutors' Office Cyber Investigation Department (http://www.spo.go.kr / dial 1301)
Cyber Safety Bureau of the National Police Agency (http://www.ctrc.go.kr / dial 182)
10. Obligation to Notification
In case of addition, deletion, or modification of the current personal information handling policy, it will be notified through the 'Notices' on the website at least seven days before the revision.
However, if there are significant changes to user rights, such as collection and use of personal information and provision to third parties, notification will be made at least 15 days in advance.
Announcement Date: December 12, 2023
Implementation Date: December 12, 2023
BUSINESS PARTNER PRIVACY POLICY
AISUM Inc. (hereinafter referred to as "the Company") complies with the regulations on personal information protection required by laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, Personal Information Protection Act, Act on the Protection of Telecommunications Secrets, and Telecommunications Business Act. The company is committed to protecting user rights by establishing a personal information handling policy in accordance with related laws. This privacy policy applies to the services provided by the company and contains the following:
1. Collecting Personal Information
a. Types of Collecting Personal Information
First, for the purposes of membership (or service) registration, faster customer consultation, and the provision of various services, the company collects the following minimum necessary personal information as mandatory items.
| Service | Types |
| aedi.AI | For Business Advertisers: ID, password, email address, telephone number, mobile phone number, contact person's name, business information (representative's name, company name, address) - Optional: Refund account information (bank name, account number, account holder's name) For Individual Advertisers: Name, ID, password, CI (encrypted personal identification information), DI (duplicate registration check information), date of birth, gender, email address, address, telephone number, mobile phone number - Optional: Refund account information (bank name, account number, account holder's name) For Agencies: Name, affiliated agency, ID, password, email, position, telephone number, mobile phone number, IP, copies of identity card, health insurance card, |
| employment certificate, date of birth | |
| Checkouts | Representative's name, ID, password, shopping mall name, shopping mall address, customer service telephone number, customer service fax number, representative email address, settlement account information (bank name, account number, account holder's name), contact information (name, telephone number, mobile phone number, email address), shipping/return information (name, contact, address) |
Second, in the process of using the service or during the execution of service provision tasks, the following information may be automatically generated or additionally collected:
- IP Address, cookies, access log, visit date and time, service usage records, misuse records
Third, in the course of using the company's platform or online services, the following information may be additionally collected for users of specific services:
- Upon consent to additional collection of personal information
Fourth, for service usage that requires identity verification to comply with relevant laws, the following information may be collected:
- Name, date of birth, gender, duplicate registration check information (DI), encrypted personal identification information (CI), mobile phone number (optional), I-PIN number (when using I-PIN), domestic/foreigner information.
Fifth, in the process of using paid services, the following payment information may be collected:
- For credit card payments: card company name, card number, etc.
- For account transfers: bank name, account number, etc.
b. Method of Collecting Personal Information
The company collects personal information through the following methods:
- Website, written forms, fax, telephone, consultation boards, email, event entries, delivery requests
- Provided by partner companies
- Collected through information collection tools.
(2) Method of collection
The Company collects the information of users in a way of the followings:
- Webpage, written form, fax, telephone calling, e-mailing, tools for collection of created information
- Provided by partner companies
2. Purposes of Collecting Personal Information
a. Fulfillment of contracts related to service provision and fee settlement for service provision
Providing content, offering customized services, shipping goods or sending invoices, identity verification, purchase and payment of fees, collection of fees.
b. Member management
Providing membership services, personal identification, measures against members violating the terms of use, preventing and sanctioning acts that disturb the smooth operation of services and misuse, confirming the intention to join, limiting the number and frequency of registrations, confirming the consent of the legal representative when collecting personal information from children under 14, verifying the identity of the legal representative later, preserving records for dispute resolution, handling complaints and inquiries, communicating notices, confirming the intention to withdraw from membership.
c. Development of new services and utilization in marketing and advertising
Developing new services and offering personalized services, providing services and advertisements based on statistical characteristics, verifying the effectiveness of services, offering information and opportunities for participation in events, providing advertising information, understanding the frequency of access, statistical analysis of members' service usage.
3. Provision of Personal Information
a. The company uses the personal information of users within the range notified in "2. Purposes of Collecting and Using Personal Information" and does not use it beyond this range or disclose it to the outside without the prior consent of the user. However, exceptions are made in the following cases:
- When users have previously consented to disclosure,
- When required by law or requested by investigative agencies according to the procedures and methods defined by law for investigative purposes.
4. Retention of Personal Information
The personal information of users is destroyed without delay once the purpose of its collection and use has been achieved. However, the following information is retained for the period specified below for the following reasons:
a. Reasons for Information Retention Based on Company Policies
| Information | Reasons | Period |
|
Misuse records (ID, name, ID) |
Prevention of fraudulent registration and use ※ 'Misuse records' refer to records of restrictions such as use restrictions imposed by the company due to fraudulent use of image information on aedi.AI. |
6 months |
|
Misuse/Infringement of Rights on aedi.AI (representative's name, ID, media name, media address, shopping mall name, shopping mall address) |
Prevention of fraudulent registration and use ※ 'Marketing center misuse records' refer to seller information that violated relevant laws and terms of use during the use process or infringed the rights or interests of members or others. |
3 years |
| Withdrawal Records | Handling complaints, etc. | 30 days |
b. Information Retention Required by Related Laws
The company retains member information for a certain period as defined by the laws of the Commercial Act, the Act on the Consumer Protection in Electronic Commerce, etc., when it is necessary to preserve information according to the provisions of related laws. In this case, the company uses the retained information only for the purpose of preservation, and the retention period is as follows:
| Information | Reasons | Period |
|
Records related to contracts or subscription withdrawals |
Act on the Consumer Protection in Electronic Commerce, etc. |
5 years |
|
Records on payment and supply of goods, etc. |
Act on the Consumer Protection in Electronic Commerce, etc. |
5 years |
| Records on labeling/advertising |
Act on the Consumer Protection in Electronic Commerce, etc. |
6 months |
| Documentary evidence related to all transactions defined by tax law | Basic Tax Act, Corporate Tax Act | 5 years |
| Records on electronic financial transactions | Electronic Financial Transactions Act | 5 years |
| Records of website visits | Protection of Communications Secrets Act | 3 months |
5. Deleting Personal Information
The personal information of users can be deleted without delay once the purpose for collecting and using the information is achieved.
The company's procedure and method for deleting personal information are as follows:
a. Deleting Procedure
Information entered by users for membership registration, etc., is transferred to a separate DB (in the case of paper, to a separate document box) after the purpose has been achieved and is stored for a certain period according to internal policies and other relevant legal reasons (refer to the retention and usage period) and then deleted. This personal information is not used for any purpose other than retention unless required by law.
b. Deleting Method
Personal information printed on paper is deleted by shredding or incineration. Personal information stored in electronic file format is deleted using technical methods that make the records unrecoverable.
6. Rights of Users and Use of Legal Representatives
Users and legal representatives can inquire or modify the personal information of themselves or a child under the age of 14 registered at any time, and may refuse to consent to the processing of personal information or request withdrawal of membership (cancellation) if they do not agree with the processing of personal information by the company. However, in such cases, it may be difficult to use part or all of the services.
To inquire, modify, or cancel the membership regarding the personal information of a user or a child under 14, one can contact the personal information management officer or the person in charge of personal information management by written document, phone, or email, and action will be taken without delay.
If a user requests correction of an error in their personal information, the company will not use or provide that personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the company will notify the third party of the correction process without delay to ensure that the correction is made.
The company treats personal information that has been terminated or deleted at the request of the user or legal representative according to the specifications in "5. Retention and Use Period of Personal Information" and ensures it cannot be viewed or used for any other purposes.
7. Refusal to Collection of Personal Information
a. Cookies
The company uses cookies to store and frequently retrieve user information to provide personalized and customized services.
Cookies are very small text files sent to the user's browser by the server used to operate the website and are stored on the user's computer's hard disk. These cookies are used to maintain user settings and provide customized services by reading the contents of cookies stored on the user's hard disk when the user visits the website.
Cookies do not collect information that identifies individuals automatically/actively, and users can refuse or delete cookies at any time.
b. Purpose of Using Cookies
Users have the option to install cookies. Therefore, users can allow all cookies, check each time a cookie is saved, or refuse to save all cookies by setting options in the web browser.
However, if you refuse to store cookies, some services requiring login may be difficult to use.
The method of specifying whether to allow the installation of cookies (for Internet Explorer) is as follows:
- Select [Internet Options] from the [Tools] menu.
- Click the [Privacy tab].
- Set the [Privacy handling level].
8. Protection of Personal Information
The company takes the following technical/administrative measures to ensure the safety of personal information to prevent it from being lost, stolen, leaked, altered, or damaged in handling users' personal information.
a. Encryption of Passwords
Passwords for member IDs (ID) are stored and managed encrypted, so only the person knows them, and confirmation and change of personal information are possible only by the person who knows the password.
b. Measures Against Hacking
The company does its best to prevent leakage or damage of members' personal information due to hacking or computer viruses.
Data is regularly backed up in preparation for damage to personal information, uses the latest antivirus programs to prevent leakage or damage of information and personal information, and securely transmits personal information on the network through encrypted communication. The company also uses intrusion prevention systems to control unauthorized access from the outside and strives to equip all possible technical devices to secure system security.
c. Minimization and Training of Handling Staff
The company restricts the handling of personal information to designated handlers, assigns a separate password to them, regularly renews it, and emphasizes compliance with the personal information handling policy through periodic training for handlers.
d. Operation of a Dedicated Organization for Personal Information Protection
The company checks the implementation of the personal information handling policy and compliance of handlers through an in-house personal information protection dedicated organization, etc., and strives to correct and rectify problems immediately upon discovery.
However, the company is not responsible for damages not caused by the company's fault, despite fulfilling its obligation to protect personal information, due to the user's own carelessness or accidents in areas not managed by the company.
9. Contact Information
You can report all personal information protection-related complaints arising from using the company's services to the personal information management officer or the department. The company will provide a prompt and sufficient answer to users' reports.
Personal Information Management Officer
Name: Jo Seung-yeon
Company: AISUM Inc.
Position: Senior Researcher
Phone: 070-4837-1074
Email: web@aisum.com
For reports or consultations on personal information infringement, please contact the following institutions:
Personal Information Infringement Report Center (http://privacy.kisa.or.kr / dial 118)
Supreme Prosecutors' Office Cyber Investigation Department (http://www.spo.go.kr / dial 1301)
Cyber Safety Bureau of the National Police Agency (http://www.ctrc.go.kr / dial 182)
10. Obligation to Notification
In case of addition, deletion, or modification of the current personal information handling policy, it will be notified through the 'Notices' on the website at least seven days before the revision.
However, if there are significant changes to user rights, such as collection and use of personal information and provision to third parties, notification will be made at least 15 days in advance.
Announcement Date: December 12, 2023
Implementation Date: December 12, 2023
BUSINESS PARTNER PRIVACY POLICY
AISUM Inc. (hereinafter referred to as "the Company") complies with the regulations on personal information protection required by laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, Personal Information Protection Act, Act on the Protection of Telecommunications Secrets, and Telecommunications Business Act. The company is committed to protecting user rights by establishing a personal information handling policy in accordance with related laws. This privacy policy applies to the services provided by the company and contains the following:
1. Collecting Personal Information
a. Types of Collecting Personal Information
First, for the purposes of membership (or service) registration, faster customer consultation, and the provision of various services, the company collects the following minimum necessary personal information as mandatory items.
| Service | Types |
| aedi.AI | For Business Advertisers: ID, password, email address, telephone number, mobile phone number, contact person's name, business information (representative's name, company name, address) - Optional: Refund account information (bank name, account number, account holder's name) For Individual Advertisers: Name, ID, password, CI (encrypted personal identification information), DI (duplicate registration check information), date of birth, gender, email address, address, telephone number, mobile phone number - Optional: Refund account information (bank name, account number, account holder's name) For Agencies: Name, affiliated agency, ID, password, email, position, telephone number, mobile phone number, IP, copies of identity card, health insurance card, |
| employment certificate, date of birth | |
| Checkouts | Representative's name, ID, password, shopping mall name, shopping mall address, customer service telephone number, customer service fax number, representative email address, settlement account information (bank name, account number, account holder's name), contact information (name, telephone number, mobile phone number, email address), shipping/return information (name, contact, address) |
Second, in the process of using the service or during the execution of service provision tasks, the following information may be automatically generated or additionally collected:
- IP Address, cookies, access log, visit date and time, service usage records, misuse records
Third, in the course of using the company's platform or online services, the following information may be additionally collected for users of specific services:
- Upon consent to additional collection of personal information
Fourth, for service usage that requires identity verification to comply with relevant laws, the following information may be collected:
- Name, date of birth, gender, duplicate registration check information (DI), encrypted personal identification information (CI), mobile phone number (optional), I-PIN number (when using I-PIN), domestic/foreigner information.
Fifth, in the process of using paid services, the following payment information may be collected:
- For credit card payments: card company name, card number, etc.
- For account transfers: bank name, account number, etc.
b. Method of Collecting Personal Information
The company collects personal information through the following methods:
- Website, written forms, fax, telephone, consultation boards, email, event entries, delivery requests
- Provided by partner companies
- Collected through information collection tools.
(2) Method of collection
The Company collects the information of users in a way of the followings:
- Webpage, written form, fax, telephone calling, e-mailing, tools for collection of created information
- Provided by partner companies
2. Purposes of Collecting Personal Information
a. Fulfillment of contracts related to service provision and fee settlement for service provision
Providing content, offering customized services, shipping goods or sending invoices, identity verification, purchase and payment of fees, collection of fees.
b. Member management
Providing membership services, personal identification, measures against members violating the terms of use, preventing and sanctioning acts that disturb the smooth operation of services and misuse, confirming the intention to join, limiting the number and frequency of registrations, confirming the consent of the legal representative when collecting personal information from children under 14, verifying the identity of the legal representative later, preserving records for dispute resolution, handling complaints and inquiries, communicating notices, confirming the intention to withdraw from membership.
c. Development of new services and utilization in marketing and advertising
Developing new services and offering personalized services, providing services and advertisements based on statistical characteristics, verifying the effectiveness of services, offering information and opportunities for participation in events, providing advertising information, understanding the frequency of access, statistical analysis of members' service usage.
3. Provision of Personal Information
a. The company uses the personal information of users within the range notified in "2. Purposes of Collecting and Using Personal Information" and does not use it beyond this range or disclose it to the outside without the prior consent of the user. However, exceptions are made in the following cases:
- When users have previously consented to disclosure,
- When required by law or requested by investigative agencies according to the procedures and methods defined by law for investigative purposes.
4. Retention of Personal Information
The personal information of users is destroyed without delay once the purpose of its collection and use has been achieved. However, the following information is retained for the period specified below for the following reasons:
a. Reasons for Information Retention Based on Company Policies
| Information | Reasons | Period |
|
Misuse records (ID, name, ID) |
Prevention of fraudulent registration and use ※ 'Misuse records' refer to records of restrictions such as use restrictions imposed by the company due to fraudulent use of image information on aedi.AI. |
6 months |
|
Misuse/Infringement of Rights on aedi.AI (representative's name, ID, media name, media address, shopping mall name, shopping mall address) |
Prevention of fraudulent registration and use ※ 'Marketing center misuse records' refer to seller information that violated relevant laws and terms of use during the use process or infringed the rights or interests of members or others. |
3 years |
| Withdrawal Records | Handling complaints, etc. | 30 days |
b. Information Retention Required by Related Laws
The company retains member information for a certain period as defined by the laws of the Commercial Act, the Act on the Consumer Protection in Electronic Commerce, etc., when it is necessary to preserve information according to the provisions of related laws. In this case, the company uses the retained information only for the purpose of preservation, and the retention period is as follows:
| Information | Reasons | Period |
|
Records related to contracts or subscription withdrawals |
Act on the Consumer Protection in Electronic Commerce, etc. |
5 years |
|
Records on payment and supply of goods, etc. |
Act on the Consumer Protection in Electronic Commerce, etc. |
5 years |
| Records on labeling/advertising |
Act on the Consumer Protection in Electronic Commerce, etc. |
6 months |
| Documentary evidence related to all transactions defined by tax law | Basic Tax Act, Corporate Tax Act | 5 years |
| Records on electronic financial transactions | Electronic Financial Transactions Act | 5 years |
| Records of website visits | Protection of Communications Secrets Act | 3 months |
5. Deleting Personal Information
The personal information of users can be deleted without delay once the purpose for collecting and using the information is achieved.
The company's procedure and method for deleting personal information are as follows:
a. Deleting Procedure
Information entered by users for membership registration, etc., is transferred to a separate DB (in the case of paper, to a separate document box) after the purpose has been achieved and is stored for a certain period according to internal policies and other relevant legal reasons (refer to the retention and usage period) and then deleted. This personal information is not used for any purpose other than retention unless required by law.
b. Deleting Method
Personal information printed on paper is deleted by shredding or incineration. Personal information stored in electronic file format is deleted using technical methods that make the records unrecoverable.
6. Rights of Users and Use of Legal Representatives
Users and legal representatives can inquire or modify the personal information of themselves or a child under the age of 14 registered at any time, and may refuse to consent to the processing of personal information or request withdrawal of membership (cancellation) if they do not agree with the processing of personal information by the company. However, in such cases, it may be difficult to use part or all of the services.
To inquire, modify, or cancel the membership regarding the personal information of a user or a child under 14, one can contact the personal information management officer or the person in charge of personal information management by written document, phone, or email, and action will be taken without delay.
If a user requests correction of an error in their personal information, the company will not use or provide that personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the company will notify the third party of the correction process without delay to ensure that the correction is made.
The company treats personal information that has been terminated or deleted at the request of the user or legal representative according to the specifications in "5. Retention and Use Period of Personal Information" and ensures it cannot be viewed or used for any other purposes.
7. Refusal to Collection of Personal Information
a. Cookies
The company uses cookies to store and frequently retrieve user information to provide personalized and customized services.
Cookies are very small text files sent to the user's browser by the server used to operate the website and are stored on the user's computer's hard disk. These cookies are used to maintain user settings and provide customized services by reading the contents of cookies stored on the user's hard disk when the user visits the website.
Cookies do not collect information that identifies individuals automatically/actively, and users can refuse or delete cookies at any time.
b. Purpose of Using Cookies
Users have the option to install cookies. Therefore, users can allow all cookies, check each time a cookie is saved, or refuse to save all cookies by setting options in the web browser.
However, if you refuse to store cookies, some services requiring login may be difficult to use.
The method of specifying whether to allow the installation of cookies (for Internet Explorer) is as follows:
- Select [Internet Options] from the [Tools] menu.
- Click the [Privacy tab].
- Set the [Privacy handling level].
8. Protection of Personal Information
The company takes the following technical/administrative measures to ensure the safety of personal information to prevent it from being lost, stolen, leaked, altered, or damaged in handling users' personal information.
a. Encryption of Passwords
Passwords for member IDs (ID) are stored and managed encrypted, so only the person knows them, and confirmation and change of personal information are possible only by the person who knows the password.
b. Measures Against Hacking
The company does its best to prevent leakage or damage of members' personal information due to hacking or computer viruses.
Data is regularly backed up in preparation for damage to personal information, uses the latest antivirus programs to prevent leakage or damage of information and personal information, and securely transmits personal information on the network through encrypted communication. The company also uses intrusion prevention systems to control unauthorized access from the outside and strives to equip all possible technical devices to secure system security.
c. Minimization and Training of Handling Staff
The company restricts the handling of personal information to designated handlers, assigns a separate password to them, regularly renews it, and emphasizes compliance with the personal information handling policy through periodic training for handlers.
d. Operation of a Dedicated Organization for Personal Information Protection
The company checks the implementation of the personal information handling policy and compliance of handlers through an in-house personal information protection dedicated organization, etc., and strives to correct and rectify problems immediately upon discovery.
However, the company is not responsible for damages not caused by the company's fault, despite fulfilling its obligation to protect personal information, due to the user's own carelessness or accidents in areas not managed by the company.
9. Contact Information
You can report all personal information protection-related complaints arising from using the company's services to the personal information management officer or the department. The company will provide a prompt and sufficient answer to users' reports.
Personal Information Management Officer
Name: Jo Seung-yeon
Company: AISUM Inc.
Position: Senior Researcher
Phone: 070-4837-1074
Email: web@aisum.com
For reports or consultations on personal information infringement, please contact the following institutions:
Personal Information Infringement Report Center (http://privacy.kisa.or.kr / dial 118)
Supreme Prosecutors' Office Cyber Investigation Department (http://www.spo.go.kr / dial 1301)
Cyber Safety Bureau of the National Police Agency (http://www.ctrc.go.kr / dial 182)
10. Obligation to Notification
In case of addition, deletion, or modification of the current personal information handling policy, it will be notified through the 'Notices' on the website at least seven days before the revision.
However, if there are significant changes to user rights, such as collection and use of personal information and provision to third parties, notification will be made at least 15 days in advance.
Announcement Date: December 12, 2023
Implementation Date: December 12, 2023