Ailrot establishes and discloses the privacy policy as follows in order to protect the personal information of the information subject and to handle related complaints promptly and smoothly, in accordance with Article 30 of the Personal Information Protection Act of the Republic of Korea.
The personal information being processed will not be used for purposes other than those listed below, and in the event of a change in the purpose of use, necessary measures such as obtaining separate consent will be taken in accordance with Article 18 of the Personal Information Protection Act. Personal information is processed for the following purposes: verifying membership intentions, identifying and authenticating individuals for membership services, maintaining and managing membership qualifications, preventing fraudulent use of services, verifying the consent of legal representatives when processing personal information of children under 14 years of age, notifying various notices, and handling complaints. Personal information is processed for providing goods or services, delivering items, providing services, sending contracts and invoices, providing content, offering customized services, identity verification, age verification, payment and settlement of fees, and debt collection. Personal information is processed for the purposes of verifying the identity of complainants, confirming complaints, contacting for fact-finding investigations, and notifying the results of processing.
① The company processes and retains personal information within the retention and utilization period defined by laws or the period agreed upon when collecting personal information from the data subject. ② The specific processing and retention periods for each type of personal information are as follows: Membership registration and management on the website: until the user withdraws from the business/organization’s website, except in the cases where the following reasons apply: Until the end of the relevant reason if an investigation due to a violation of relevant laws is ongoing, until the end of the investigation. Until the settlement of any existing claims or obligations related to the use of the website. Provision of goods or services: until the completion of the supply of goods/services and payment/settlement is finalized, except in cases related to: until the end of the specified period as per the "Act on the Protection of Consumers in Electronic Commerce" for advertisements, contractual contents, and transaction records. Records related to advertisements: 6 months. Records of contracts or cancellation of subscription, payment, supply of goods, etc.: 5 years. Records of consumer complaints or dispute resolution: 3 years. Retention of communication facts verification data under the "Protection of Communications Secrets Act": subscriber call logs, initiation/termination time, counterpart subscriber number, frequency of use, base station location tracking data: 1 year. Computer communication, internet log records, access tracking data: 3 months.
① The company processes personal information only within the scope specified in Article 1 (Purpose of Personal Information Processing) and provides personal information to third parties only in cases that fall under the consent of the information subject, special provisions of law, etc., as stipulated in Article 17 and Article 18 of the Personal Information Protection Act. ② The company provides personal information to third parties as follows. StepPay (business partner) Recipient of personal information: StepPay Co., Ltd. Purpose of use of recipient's personal information: Membership management and payment Provided personal information items: Name, address, phone number, email address, card payment account information Retention period of the recipient's use: Until the site withdrawal.
① The data subject may exercise the rights to access, correct, delete, or suspend the processing of personal information regarding the company at any time. ② The exercise of rights under paragraph 1 can be made to the company via written request, email, fax, etc. according to Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay. ③ The exercise of rights under paragraph 1 can be made through a legal representative of the data subject or a person who has received delegation. In this case, a power of attorney according to Form 11 of the Notice on Methods of Processing Personal Information (No. 2020-7) must be submitted. ④ Requests for access to and suspension of personal information processing may be limited under Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act. ⑤ Requests for correction and deletion of personal information cannot be made if that personal information is explicitly specified as a target of collection in other laws. ⑥ The company will verify whether the person making access requests, correction/deletion requests, or suspension requests is the data subject or a legitimate representative. Article 5 (Items of Personal Information Processed) The company processes the following personal information items. Required items for website membership and management: name, ID, password, address, phone number, email address. Optional items: consent to marketing. Required items for the provision of goods or services: name, ID, password, address, phone number, email address, credit card number, bank account information. The following personal information items may be automatically generated and collected during the use of internet services: IP address, cookies, MAC address, service usage records, visit history.
① The company will promptly destroy personal information when it is no longer necessary, such as after the retention period has expired or the purpose of processing has been achieved. ② If the retention period of personal information consented to by the data subject has expired or the purpose of processing has been achieved, but it must be retained according to other laws, the personal information will be transferred to a separate database (DB) or preserved in a different location. ③ The procedures and methods for the destruction of personal information are as follows. Destruction procedure: The company selects the personal information to be destroyed when a reason for destruction arises and obtains approval from the company's personal information protection officer to destroy it. Destruction method: The company will destroy personal information stored in electronic file form so that the records cannot be recovered, and will shred or incinerate personal information recorded in paper documents. Article 7 (Measures to Ensure the Safety of Personal Information): The company is taking the following measures to ensure the safety of personal information. Administrative measures: Establishing and executing internal management plans, conducting regular employee training, etc. Technical measures: Managing access rights to personal information processing systems, installing access control systems, encrypting unique identification information, installing security programs. Physical measures: Controlling access to computer rooms and document storage rooms.
① The company uses 'cookies' to store and retrieve user information in order to provide personalized services. ② A cookie is a small amount of information sent by the server (http) that operates the website to the user's computer browser and may be stored on the user's PC hard drive. Purpose of using cookies: They are used to understand the visiting and usage patterns of users on each service and website they visit, popular search terms, security access status, etc., to provide optimized information for the user. Installing, operating, and rejecting cookies: You can refuse to save cookies through the options setting in the privacy menu under Tools > Internet Options at the top of the web browser. If you refuse to save cookies, difficulties may arise in using personalized services.
① The company takes overall responsibility for the processing of personal information and has designated the following personal information protection officer to handle complaints and remedies regarding personal information processing: ● Personal Information Protection Department Department Name: Management Person in Charge: Kim Dae-yeon Contact: 010-3458-4006 / director@ayilot.studio ● Personal Information Protection Department Department Name: Management Person in Charge: Kim Dae-yeon Contact: 010-3458-4006 / director@ayilot.studio ② Information subjects can contact the personal information protection officer and the relevant department regarding any inquiries, complaints, or remedies related to personal information protection that arise while using the company's services (or businesses). The company will respond to and address inquiries from information subjects without delay.
The data subject can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc., to receive remedy for personal information infringement. For other reports or consultations regarding personal information infringement, please contact the institutions listed below.