Agreement on the Collection and Use of Personal Information

Moreh corp. establishes and discloses the following guidelines for handling personal information in order to safeguard the information subject's personal information in accordance with Article 30 of the Personal Information Protection Act and to resolve related grievances promptly and smoothly.

Article 1 (Purpose of processing personal information)

Personal information is processed by the company for the following purposes. Personal information will not be used for any purpose other than those listed below, and if the purpose of use changes, necessary safeguards such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be enforced.

  1. Website membership registration and management

Personal information is processed for the purposes of confirmation, the distribution of various alerts and notifications, and the resolution of grievances for cases such as confirmation of intent to join, identification/authentication for the purpose of providing membership services, membership maintenance and management, identification for the purpose of implementing the limited identification system, prevention of unauthorized use of services, and consent of a legal representative when processing personal information of children under the age of 14.

  1. The transaction of goods or services

Personal information is processed for product delivery, service supply, contract and billing management, content providing, customized service provision, identification and age verification, bill payment and settlement, and debt collection.

  1. Settlement of complaints

Personal information is processed for the purposes of verifying the complainant's identity, confirming the complaint, contacting and notifying parties involved in the fact-finding process, and notifying parties involved in the processing result.

Article 2 (Processing and Retention Period of Personal Information)

① The company processes and retains personal information for the duration of the retention and use term specified by applicable laws and regulations or for the duration of the retention and use period agreed upon when personal information is collected from the information subject.

② The following summarizes the processing and keeping of personal information.

  1. Registration and administration of website memberships: Until the withdrawal from the business/group website

    However, in the following instances, until the relevant reason resolves:

    1) During the course of an inquiry or investigation into a violation of applicable laws and regulations, until the investigation or investigation is concluded

    2) If the bond and debt relationship persists as a result of the website's use, until the bond and debt relationship is resolved

  1. Provision of goods or services: Until the provision of goods or services is completed, as well as the completion of payment and settlement

    However, until the end of the relevant period, in the following cases:

    1) Transaction records, including indications, ads, contract terms, and performance, in compliance with the 「Act on Consumer Protection in Electronic Commerce」 and the records of implementations and transactions

    • Records on display and advertisement: 6 months
    • Records of contract or subscription cancellation, payment, and delivery of goods: 5 years
    • Records on handling consumer complaints or disputes: 3 years

    2) Storage of communication confirmation data in accordance with Article 41 of the 「Communications Secret Protection Act」

    • Date and time of subscriber telecommunications, start/end time, other party's subscriber number, frequency of use, and sending base station's position tracking data: 1 year
    • Computer communication, Internet log record data, access location tracking data: 3 months

Article 3 (Provision of Personal Information to Third Parties)

① The company processes the information subject's personal information solely for the purposes specified in Article 1 (Purpose of processing personal information), and personal information is disclosed to third parties only in accordance with Article 17 of the Personal Information Protection Act, which includes the information subject's consent and special statutory provisions.

② The following are the ways in which the company discloses personal information to third parties.

The recipient's personal information will be used for the following purposes:

Retention and usage duration of the recipient:

Article 4 (Consignment of Personal Information Processing)

① The company delegated the following personal information processing duties to ensure the smooth processing of personal information.

  1. Operation of a telephone counseling facility
  1. Operation of A/S center

② When a company enters into a consignment contract, in accordance with Article 25 of the Personal Information Protection Act, the company establishes responsibilities such as the prohibition of processing personal information for purposes other than performing entrusted work, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and compensation for damages specified in the contract, among others and  oversees the trustee's safe handling of personal information.

③ If the contents of the consignment work or the consignee change, the company will communicate the change immediately via this personal information processing policy.

Article 5 (Rights of Users and Legal Representatives and Method of Exercising them)

① The information subject may exercise the rights set forth in each of the following subparagraphs with respect to the company at any time.

  1. Submit a request for access to personal information
  1. Request for rectification in the event of typographical errors, etc.
  1. Request for deletion
  1. Request to halt processing

② The information subject may exercise one’s rights under Paragraph 1 by contacting the company in writing, by phone, e-mail, or fax, and the company will respond promptly.

③ If the information subject requests that personal information be corrected or deleted, the company will not use or disclose the subject's personal information until the revision or deletion is accomplished.

④ The rights set forth in Paragraph 1 may be exercised through an agent, such as the information subject's legal representative or a delegated individual. In this case, he or she must submit a power of attorney in the form of Attachment No. 11 to the Personal Information Protection Act's Enforcement Regulations.

⑤ The information subject must not violate the information subject's personal information and privacy, or those of others handled by the company, in violation of applicable laws such as the Personal Information Protection Act.

Article 6 (Processed Items of Personal Information)

The following personal information is handled by the company.

  1. Registration and administration of website memberships

    Required entries include the following: name, country, phone number, e-mail address, job-function

    Optional entries: company

  1. The transaction of goods or services

    Required entries include the following

    Optional entries include

  1. While using the Internet service, the following personal information items may be created and collected automatically:

    IP address, cookie, MAC address, service usage history, visit history, and poor use history, among others.

Article 7 (Destruction of personal information)

① The company destroys personal information without delay when it becomes no longer necessary, such as at the end of the retention period for personal information or upon completion of the processing purpose.

② If the information subject's agreed-upon retention time has expired or the personal information must be retained to comply with other requirements, the personal information is relocated to a secondary database (DB) or stored in a different storage location.

③ The following describes the approach and method for destroying personal information.

  1. Destruction Procedure

The company determines which personal information should be destroyed and destroys it with the agreement of the company's personal information protection officer.

  1. Destruction Method

The company eliminates personal information stored in electronic files using techniques such as Low Level Format to ensure that the record cannot be replicated, and destroys personal information saved in paper documents through shredding or cremation.

Article 8 (Measures to Ensure the Safety of Personal Information)

The following safeguards are in place to ensure the security of personal information.

  1. Administrative measures: developing and implementing internal management strategies, conducting regular personnel training, and so on.
  1. Technical measures: management of access rights to personal information processing systems, implementation of an access control system, encryption of unique identifiers, implementation of security programs, and so on.
  1. Physical measures: access to computer rooms, data storage rooms, and so forth.

Article 9 (Matters Regarding the Installation, Operation and Rejection of Automatic Personal Information Collection Devices)

① From time to time, the company utilizes 'cookies' to store and retrieve usage information to provide users with personalized services.

② Cookies are a little piece of information that the website's server (http) transmits to the user's computer browser and also stores on the user's computer's hard disk.

  1. Purpose of use of cookies:Cookies are used to offer users with optimized information by recognizing the types of visits and usage, popular search keywords, secure access, and other information about each service and website accessed by the user.
  1. Cookie installation, operation, and rejection: You can prevent cookies from being stored by configuring the Tools > Internet Options > Personal Information menu at the top of your web browser.
  1. If one refuses to store cookies, he or she may encounter issues accessing customized services.

Article 10 (Officer for the Protection of Personal Information)

① The company is accountable for the overall treatment of personal information and has selected the following person as the person in responsibility of personal information protection to address complaints and damage claims from data subjects about personal information processing.

▶ Person in charge of protecting personal information

Name: Jiwan Suh

Position: Manager

Contact Info:

Phone number : +82 2-2039-0979

E-mail : contact@moreh.io

Fax number : +82 070-8275-1081

※ You will be connected to the department in charge of protecting personal information.

▶ Department in charge of protecting personal information

Department Name: Management Support Team

Person in charge: Jiwan Suh

Contact:

Phone number : +82 2-2039-0979

E-mail : contact@moreh.io

Fax number : +82 070-8275-1081

② The information subject may contact the person in charge of protecting personal information and the department in charge of any personal information protection-related inquiries, complaint management, or damage alleviation that occurred while using the company's service (or business). The company shall promptly reply to and address the information subject's inquiries.

Article 11 (Request for Viewing Personal Information)

The information subject may submit a request for access to personal information to the following departments in line with Article 35 of the Personal Information Protection Act. The company will make every effort to respond promptly to information subject’s request for access to personal information.

▶ Receiving and processing departments for access requests of personal information

Department Name: Management Support Team

Person in charge: Jiwan Suh

Contact:

Phone number : +82 2-2039-0979

E-mail : contact@moreh.io

Fax number : +82 070-8275-1081

Article 12 (Remedy Methods for Infringement of Rights)

The following organizations can assist information subjects in obtaining compensation and consultations for personal information infringement.

▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)

▶ Personal Information Dispute Mediation Committee

▶ Supreme Prosecutors' Office Cyber Crime Investigation Team: 02-3480-3573 (www.spo.go.kr)

▶ National Police Agency Cyber Security Bureau: 182 (http://cyberbureau.police.go.kr)

Article 13 (Enforcement and Revision of Personal Information Handling Policy)

This privacy policy becomes effective from <2022.05.06.>