Privacy Policy

AIPARK Co., Ltd. ('https://www.aivatar.ai/' hereinafter 'AiVATAR') establishes and discloses the following Privacy Policy to protect the personal information of data subjects and to handle related grievances promptly and smoothly in accordance with Article 30 of the "Personal Information Protection Act."

○ This Privacy Policy is effective from August 31, 2023.

Article 1 (Purpose of Processing Personal Information)

AiVATAR processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those below, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the "Personal Information Protection Act."

  1. Website Membership Registration and Management: Processing personal information for confirming membership registration intent, identification and authentication for member services, maintaining and managing membership, preventing service misuse, various notifications, and handling grievances.
  2. Customer Complaint Handling: Processing personal information to verify the identity of complainants, confirm complaint details, contact and notify for fact-finding, and inform of processing results.
  3. Provision of Goods or Services: Processing personal information for service provision, sending contracts/invoices, providing content, offering personalized services, identity verification, and fee payment/settlement.
  4. Marketing and Advertising: Processing personal information for developing new services (products), providing customized services, providing event and advertising information and participation opportunities, providing services and displaying advertisements based on demographic characteristics, confirming service validity, analyzing access frequency, or collecting statistics on members' service usage.

Article 2 (Processing and Retention Period of Personal Information)

  1. AiVATAR processes and retains personal information within the personal information retention/use period stipulated by law, the retention/use period consented to by the data subject when collecting personal information, or until the purpose of processing the personal information is achieved.
  2. Examples of cases and periods for which AiVATAR retains personal information in accordance with relevant laws are as follows:
    • Service Visit RecordsRetention Period: 3 months "Communication Privacy Protection Act"
    • Records on Display/Advertising in Electronic CommerceRetention Period: 6 months "Act on Consumer Protection in Electronic Commerce"
    • Records on Consumer Complaints or Dispute Resolution in Electronic CommerceRetention Period: 3 years "Act on Consumer Protection in Electronic Commerce"
    • Records on Contracts, Withdrawal of Subscription, Payment of Prices, and Supply of Goods in Electronic CommerceRetention Period: 5 years "Act on Consumer Protection in Electronic Commerce"
    • Books and Issued Tax Invoices or ReceiptsRetention Period: 5 years "Framework Act on National Taxes", "Value-Added Tax Act"

Article 3 (Items of Personal Information Processed)

① AiVATAR processes the following personal information items:

  1. Website Membership Registration and Management
    • Name, Date of Birth, Password, Email, Company Name, Department, Position/Title, Company Phone Number
  2. Customer Complaint Handling
    • Name, Login ID, Email, Payment Records, IP Address Information, Cookies, Access Logs, Service Usage Records, Bank Account Information and Credit Card Information, and other information required for complaint handling and provided by the data subject
  3. Provision of Goods or Services
    • Name, Login ID, Email, Payment Records, IP Address Information, Cookies, Access Logs, Service Usage Records, Bank Account Information, Credit Card Information

Article 4 (Matters Concerning Outsourcing of Personal Information Processing)

① AiVATAR outsources personal information processing as follows for smooth personal information business processing (including cross-border transfers):

  1. Email Sending and Address Book Management
    • Processor: Stibee
    • Content of Outsourced Work: Email Sending and Address Book Management
  2. DB Construction of Customer Information Who Sign Up for Service or Leave Inquiries
    • Processor: HubSpot Inc.
    • Personal Information Items Transferred: Name, Email, Company, Department, Position, Phone Number
    • Country to Which Personal Information is Transferred: USA (25 First Street, 2nd Floor Cambridge, MA 02141 USA)
    • Time and Method of Transfer: Transferred online immediately upon collection and updated when personal information changes
    • Information Manager Contact: privacy@hubspot.com
    • Retention/Use Period: Minimum period necessary to achieve the above purposes
    • Method, Procedure, and Effect of Refusing Personal Information Transfer: If you do not wish to transfer personal information, you can contact admin@aipark.ai to refuse the transfer, though there may be limitations in receiving additional service-related information afterward.

② When concluding outsourcing contracts, AiVATAR specifies in documents such as contracts matters concerning responsibility for prohibition of personal information processing other than for the purpose of performing the outsourced work, technical and administrative protective measures, restrictions on re-outsourcing, management and supervision of the processor, and compensation for damages in accordance with Article 26 of the "Personal Information Protection Act," and supervises whether the processor safely processes personal information.

③ If the content of the outsourced work or the processor changes, we will disclose it without delay through this Privacy Policy.

Article 5 (Procedures and Methods for Destruction of Personal Information)

① AiVATAR will destroy the relevant personal information without delay when personal information becomes unnecessary, such as the expiration of the personal information retention period or achievement of the processing purpose.

② The procedures and methods for destroying personal information are as follows:

  1. Destruction Procedure: AiVATAR selects personal information for which destruction reasons have occurred and destroys the personal information with the approval of AiVATAR's Privacy Officer.
  2. Destruction Method: Personal information printed on paper is destroyed by shredding or incineration. Information in electronic file format is destroyed using technical methods that prevent reproduction of the records.

Article 6 (Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them)

① Data subjects may exercise their rights to request access, correction, deletion, and restriction of processing of personal information, withdraw consent for collection, use, and provision of personal information, request transfer of personal information, and other rights of data subjects regarding automated decisions, etc., to AiVATAR at any time within the scope prescribed by the Personal Information Protection Act.

② The exercise of rights under paragraph 1 may be made to AiVATAR in writing, by email, or by fax in accordance with Article 41(1) of the Enforcement Decree of the "Personal Information Protection Act," and AiVATAR will take action without delay.

③ The exercise of rights under paragraph 1 may be made through a legal representative of the data subject or an agent who has been delegated. In this case, you must submit a power of attorney according to Form No. 11 of the "Notice on Personal Information Processing Methods."

④ Requests for access to personal information and restriction of processing may be limited by the rights of the data subject pursuant to Article 35(4) and Article 37(2) of the "Personal Information Protection Act."

⑤ Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.

⑥ AiVATAR verifies whether the person who made the request for access, correction/deletion, or restriction of processing in accordance with the rights of the data subject is the data subject or a legitimate agent.

Article 7 (Matters Concerning Security Measures for Personal Information)

AiVATAR takes the following measures to ensure the security of personal information:

  1. Establishment and Implementation of Internal Management Plan: Establishing and implementing an internal management plan for the safe processing of personal information.
  2. Minimization and Training of Personal Information Handling Staff: Designating employees who handle personal information and limiting them to minimize personnel managing personal information.
  3. Regular Self-Audits: Conducting quarterly self-audits to ensure security of personal information handling.
  4. Access Restriction to Personal Information: Implementing necessary measures to control access through granting, modifying, and revoking access rights to database systems processing personal information, and controlling unauthorized access from outside using intrusion prevention systems.
  5. Storage of Access Logs and Prevention of Forgery/Alteration: Storing access logs to personal information processing systems for at least 1 year (2 years for systems processing information of over 50,000 data subjects, unique identification information, or sensitive information), and using security features to prevent forgery, theft, or loss of access logs.
  6. Encryption of Personal Information: Encrypting users' passwords so only the user knows them, and using additional security features such as file encryption or file locking for important data.
  7. Technical Measures Against Hacking: Installing security programs with regular updates and monitoring to prevent personal information leakage and damage due to hacking or computer viruses, and installing systems in access-controlled areas with technical/physical monitoring and blocking.
  8. Access Control for Unauthorized Persons: Maintaining separate physical storage locations for personal information with access control procedures.
  9. Locking Devices for Document Security: Storing documents and auxiliary storage media containing personal information in secure locations with locking devices.

Article 8 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

① AiVATAR uses 'cookies' that store and periodically retrieve usage information to provide individualized customized services to users.

② Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser and may be stored on the user's PC hard disk.a. Purpose of using cookies: Used to provide optimized information to users by identifying visit and usage patterns for each service and website visited, popular search terms, security connection status, etc.b. Installation/operation and refusal of cookies: Cookie storage can be refused through the options settings in the Tools>Internet Options>Privacy menu at the top of the web browser.c. If you refuse to store cookies, you may experience difficulties using customized services.

Article 9 (Collection, Use, Provision, and Refusal of Behavioral Information)

① AiVATAR collects and uses behavioral information to provide optimized personalized services, benefits, and online targeted advertising to data subjects during service use.

② AiVATAR collects behavioral information as follows:

  • Items of behavioral information collected: User's website visit history, search history
  • Collection method: Automatically collected when users visit websites, register for membership, or submit inquiries
  • Collection purpose: Personalized product recommendations based on user interests and preferences
  • Retention/use period and subsequent processing: Personalized product recommendations based on user interests and preferences

③ AiVATAR allows online targeted advertising providers to collect and process behavioral information as follows:

  • Advertising provider collecting and processing behavioral information: Google
  • Collection method: Automatic collection and transmission when users visit our website or run our app
  • Behavioral information items collected/processed: User's web/app visit history, search history, purchase history

④ AiVATAR collects only the minimum behavioral information necessary for online targeted advertising and does not collect sensitive behavioral information that could clearly infringe upon individual rights, interests, or privacy, such as ideology, beliefs, family and relative relationships, academic background, medical history, or other social activity history.

⑤ AiVATAR does not collect behavioral information for targeted advertising purposes from online services primarily used by children under 14 years of age or from children known to be under 14, nor does it provide targeted advertising to children known to be under 14.

⑥ AiVATAR collects and uses advertising IDs for online targeted advertising in mobile apps. Data subjects can block or allow customized advertising for apps by changing their mobile device settings.

  • Blocking/allowing advertising IDs on smartphones:(1) (Android) ① Settings → ② Privacy → ③ Ads → ③ Reset Advertising ID or Delete Advertising ID(2) (iPhone) ① Settings → ② Privacy → ③ Tracking → ④ Turn off "Allow Apps to Request to Track"※ Menu and methods may vary slightly depending on mobile OS version.

⑦ Data subjects can block or allow online targeted advertising collectively by changing their web browser cookie settings. However, changing cookie settings may affect the use of some services such as automatic website login.

  • Blocking/allowing targeted advertising through web browsers:(1) Internet Explorer (Windows 10 Internet Explorer 11)
    • Select the Tools button in Internet Explorer, then select Internet Options
    • Select the Privacy tab, select Advanced in settings, then select block or allow cookies(2) Microsoft Edge
    • Click '...' at the top right of Edge, then click Settings
    • Click 'Privacy, Search and Services' on the left side of the settings page, then select the level of 'Tracking Prevention' in the Tracking Prevention section
    • Select whether to 'Always use "Strict" tracking prevention when browsing InPrivate'
    • Select whether to 'Send "Do Not Track" requests' in the Privacy section below(3) Chrome Browser
    • Click the '⋮' indicator (Chrome customization and control) at the top right of Chrome, then display Settings
    • Click 'Show advanced settings' at the bottom of the Settings page and click Content settings in the Privacy section
    • Select the 'Block third-party cookies and site data' checkbox in the Cookies section

⑧ Data subjects can contact the following department for inquiries regarding behavioral information, exercising their right of refusal, and reporting damages:

  • Personal Information Protection Department
    • Department: Strategic Planning Team
    • Manager: Seonho Lee
    • Contact: 02-6925-6028, admin@aipark.ai, 0504-021-9187

Article 10 (Criteria for Additional Use and Provision)

AiVATAR may use or provide personal information additionally without the consent of data subjects in accordance with Article 15(3) and Article 17(4) of the "Personal Information Protection Act" after considering the matters specified in Article 14-2 of the "Enforcement Decree of the Personal Information Protection Act." Accordingly, AiVATAR has considered the following when using or providing additional information without the data subject's consent:

▶ Whether the purpose of the additional use/provision is related to the original collection purpose▶ Whether the additional use/provision is predictable considering the circumstances of collection or processing practices▶ Whether the additional use/provision unfairly infringes upon the interests of the data subject▶ Whether necessary safety measures such as pseudonymization or encryption have been implemented

Article 11 (Matters Concerning the Privacy Officer)

① AiVATAR designates the following Privacy Officer to be responsible for the overall handling of personal information processing and to handle complaints and remedy damages related to personal information processing:

▶ Privacy Officer

  • Name: Chulmin Park
  • Position: CEO
  • Rank: Representative
  • Contact: 0269256028, admin@aipark.ai※ Connected to the Personal Information Protection Department
  • Department: Strategic Planning Team
  • Manager: Seonho Lee
  • Contact: 0269256028, admin@aipark.ai

② Data subjects may inquire about all personal information protection-related matters, complaints, and remedies that arise while using AiVATAR's services (or business) to the Privacy Officer and department. AiVATAR will respond to and handle inquiries from data subjects without delay.

Article 12 (Department Receiving and Processing Requests for Access to Personal Information)

Data subjects may request access to personal information in accordance with Article 35 of the "Personal Information Protection Act" to the department below. AiVATAR will make efforts to promptly process data subjects' requests for access to personal information.

▶ Department receiving and processing personal information access requests

  • Department: Strategic Planning Team
  • Manager: Seonho Lee
  • Contact: 0269256028, admin@aipark.ai

Article 13 (Remedies for Infringement of Data Subject Rights)

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, KISA Privacy Center, etc., to receive remedies for personal information infringement. For other reports or consultations regarding personal information infringement, please contact the following institutions:

  1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
  2. KISA Privacy Center: (without area code) 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
  4. National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

A person who has suffered infringement of rights or interests due to disposition or inaction by the head of a public institution regarding requests under Article 35 (Access to Personal Information), Article 36 (Correction/Deletion of Personal Information), or Article 37 (Restriction of Processing of Personal Information) of the "Personal Information Protection Act" may request administrative appeals in accordance with the Administrative Appeals Act.

※ For more information about administrative appeals, please refer to the Central Administrative Appeals Commission website (www.simpan.go.kr).

Article 14 (Changes to the Privacy Policy)

① This Privacy Policy is effective from August 31, 2023.② Previous Privacy Policies can be viewed below.