CALIVERSE Privacy Policy 20/3/24
In an aim to protect the freedom and rights of data subjects, CALIVERSE (hereinafter "the Company") processes and manages personal information in a lawful and secure manner in compliance with Personal Information Protection Act and related laws and regulations. The following Privacy Policy provisions established and disclosed by the Company pursuant to Article 30 of the Personal Information Protection Act informs data subjects of the procedures and basis of processing personal information and promotes an efficient and effective processing of related complaints.
Article 1. Purpose of Processing Personal Information
The Company processes personal information for the below purposes. The personal information under processing will not be used for other purposes, and if the purpose of processing personal information is to be changed, the Company will take necessary measures such as obtaining additional consent pursuant to Article 18 of Personal Information Protection Act.
(1) Membership registration and management
Personal information is processed for the purpose of confirming a member's intention to join, identifying and authenticating the person for the provision of membership services, maintaining and managing membership, preventing unauthorized use of services, confirming the agreement by a legal representative when processing personal information of minor children under the age of 14, providing various notices and notifications, responding to member inquiries, and handling grievances.
(2) Provision of goods or services
Personal information is processed for the purpose of delivery of goods, provision of service, delivery of contracts and invoices, provision of contents, provision of customized service, improvement of service, personal identification, age verification, payment, settlement and return of service charge, and collection of receivables.
Article 2. Items of Personal Information Processed
The Company processes the following personal information items:
(1) for membership registration and management
• Required items: Name, e-mail address, profile photo.
(2) for provision of goods or services
• Required items: Registry, OS information, cookies, SNS account, personal identifiable information, credit card information, payer information, e-wallet address, Phone Number.
• Optional items: Chat Contents (including chat logs in case of reporting)
The company does not store any chat history between members. However, in the event of a report being filed including chat content, the received information may be processed.
The company may process automatically generated usage information (error code, language, CPU/GPU information, client status/log information) to ensure stable services provision.
Article 3. Period of Processing and Retaining Personal Information
① The Company shall process and retain personal information within the period of retention and use of personal information agreed upon when collecting personal information from a data subject or as required by applicable laws and regulations.
② The period of processing and retaining personal information for each purpose is as follows:
(1) for membership registration and management: until withdrawal from the membership; and
(2) for provision of goods or services: until the final provision of goods or services and the completion of payment and settlement of service charge.
③ However, in cases where the following reasons apply, personal information will be processed and retained until the end of the applicable period:
(1) if an investigation or inquiry is being conducted due to a violation of relevant laws and regulations, until the end of such investigation or inquiry; and if the legal relationship resulting from the use of the CALIVERSE website continues to exist, until the end of such legal relationship;
(2) To prevent members from exploiting economic benefits provided by The Company, such as promotion codes and event benefits, through repetitive sign-ups and withdrawals, or using someone else’s identity illegally or expediently during the exploitation, The Company keeps in custody the member’s personal information for 90 days after the withdrawal; and
(3) The Company may retain personal information for the following periods in accordance with relevant laws and regulations including the Act on the Consumer Protection in Electronic Commerce:
Relevant laws and regulations
Item
Period
Act on the Consumer Protection in Electronic Commerce
Records on indication or advertisement
6 months
Records on formation of contract, cancellation of contract offer, payment, or supply of goods, etc.
5 years
Records on consumer complaints or dispute resolution
3 years
Framework Act on National Taxes
Records on transaction history
5 years
Electronic Financial Transactions Act
Records on electronic financial transactions
5 years
Protection of Communications Secrets Act
Records on computer communications, internet logs, tracing of connection location
3 years
Act on Reporting and Using Specified Financial Transaction Information
Data used to verify identity of a customer
5 years
Article 4. Destruction of Personal Information
① The Company will immediately destroy the personal information that is no longer needed, such as when the retention period has expired or the purpose of collecting the personal information is achieved.
② If the retention period as the data subject agreed has expired or the purpose of processing has been achieved but the personal information should be retained in accordance with other laws and regulations, The Company transfers such personal information to a separate database (DB) or a different storage location.
③ The procedures and methods for destroying personal information are as follows:
(1) Destruction procedure
The Company selects the personal information for which the cause for destruction has occurred and destroys the personal information with the approval of the personal information protection manager of The Company.
(2) Destruction method
The Company destroys information in the form of electronic files so that restoration is not possible, and destroys personal information recorded and saved in paper documents by shredding or incinerating them.
Article 5. Consignment of Personal Information Processing
① For smooth service provision, the Company consigns the following processing of personal information:
consignees
consigned work
consigned Information
Retention and Use Period
AWS, Inc.
Operation of storage where personal information is stored
Name, UID, email address, profile photo, phone number (optional)
Until Membership Withdrawal
Consensys Software Inc.
Utilizing MetaMask Service
Wallet Address
Until Membership Withdrawal
NHN Cloud Corp.
Bulk email sending
Send text message
Email Address
Phone Number
Until analysis of email sending results
Onionfive Inc.
Provision of customer counseling software
Sending emails of customer counseling results
Email address
Until completion of customer counseling
(1) If you refuse to receive bulk emails in the process or do not utilize customer inquiry, personal information will not be entrusted to each subcontractor according to the consigned tasks.
(2) When the Company enters into an consignment contract related to processing of personal information, it specifies matters related to the prohibition of personal information processing beyond the purpose of consignment according to Article 26 of the Personal Information Protection Act, technical and administrative protective measures, restrictions on re-consignment, management and supervision of subcontractors, liability for damages, etc., in documents such as contracts, and monitors whether consignees are handling personal information securely.
(3) If the content of the consigned tasks or the consignee changes, the Company will promptly inform the members of the changed content through this Privacy Policy.
② The Company consign the processing of personal information overseas to provide stable global services, and you can refuse the transfer of personal information overseas through the personal information protection manager or the customer center.
Personal Information Items Transferred
Receiving Country and Recipient
Time and Method of Transfer
Purpose of Recipient's Use and Retention/Use Period
Method and Procedure for Refusing Personal Information Transfer and Effects of Refusal
Name, UID, email address, profile photo, phone number (optional)
- Country: United States
- Recipient: AWS (Oregon region, aws-korea-privacy@amazon.com)
- Mandatory information: Transmitted via network at the time of member registration
- Optional information: Transmitted via network during phone verification
- Purpose of use: Storage of member information for service usage
- Retention/use period: Upon membership withdrawal or termination of outsourcing contract
- Method for refusal: Refusal of personal information transfer can be stopped by withdrawing membership.
- Membership withdrawal for refusal: Website login > Account information window > [More options] button > Click on Account Withdrawal
- Effects: Service usage will be unavailable.
Wallet Address
- Country: United States
- Recipient: Consensys Software Inc. (privacy@consensys.net)
- When using the MetaMask service, transactions are conducted through the network.
- Purpose of use: Storage of member information for service usage
- Retention/use period: Upon membership withdrawal or termination of outsourcing contract
- Method for refusal: Refusal of personal information transfer can be stopped by withdrawing membership.
- Membership withdrawal for refusal: Website login > Account information window > [More options] button > Click on Account Withdrawal
- Effects: Service usage will be unavailable.
③ Even if you withdraw membership according to the provisions of paragraphs ① and ② of this Article, the Company may retain personal information for a certain period if it falls under the items listed in paragraph ③ of Article 3 of this policy.
Article 6. Rights and Obligations of Data Subjects & Methods of Exercising Such Rights
① Data subjects may exercise the rights to demand access to, correction and deletion of, and suspension of processing of their personal information at any time against The Company. However, the rights to demand access to, correction and deletion of, and suspension of processing of the personal information of minor children under the age of 14 shall be exercised directly by the legal representative. Data subjects who are minor children at the age of 14 or more may exercise their rights on their own or via their legal representative.
② The exercise of the rights under Article 6. 1 shall be made in writing, by email or fax, or other means to The Company in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and The Company shall take necessary measures without delay.
③ The exercise of the rights under Article 6. 1 may also be made by the data subject’s legal representative or agent who has been delegated. In this case, a power of attorney in accordance with the form of Appendix 11 to the "Guidelines for the Processing of Personal Information" (No. 2020-7) must be submitted.
④ The right to demand access to and suspension of processing of personal information may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.
⑤ The right to demand correction and deletion of personal information cannot be exercised if the personal information is specified to be collected by relevant laws and regulations.
⑥ The Company shall verify whether the person who demands access to, correction and deletion of, and suspension of processing of personal information under a data subject’s rights is the data subject or a his/her authorized representative.
Article 7. Measures for Ensuring the Protection of Personal Information
The Company takes the following measures to ensure the protection of personal information:
(1) administrative measures: establishment and implementation of internal management plans, operation of dedicated organizations, and regular employee training;
(2) Technical measures: management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and update of security programs; and
(3) Physical measures: access control to computer rooms, data storage rooms, etc.
Article 8. Installation, Operation, and Refusal of Devices That Automatically Collect Personal Information
① The Company uses "cookies" that help store and retrieve member’s visit information in order to provide personalized services to its members.
② A cookie is a small amount of information sent from a server (http) that operates a website to a member's browser and may be stored on a member's hard disk in the PC.
(1) Purpose of using cookies: To provide members with optimized information by understanding the services that members visited, the patterns of using and visiting websites, popular search terms, and secure login status, client installation, etc.
(2) Installation, operation, and refusal of cookies: Members can refuse to store cookies through the option settings in the tool> internet options> privacy menu located at the top of their web browser.
(3) If a member refuses to store cookies, there may be difficulties in using the service of The Company.
Article 9. Link to the Websites of Other Companies
The Company may provide members with a link to external websites. The Company does not control such linked external websites and thus does not guarantee nor can be held responsible for the completeness and usefulness of services or information provided by the external websites. Please see the privacy policy offered by the external websites.
Article 10. Personal Information Protection Manager
① The Company has designated the following Personal Information Protection Manager who takes responsibility for the overall management of personal information and handles complaints and remedies related to the processing of personal information:
(1) Personal Information Protection Manager
- Name: Hong Ji-hoon
- Position: Head of Business Development Office
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
(The above numbers lead to the team in charge of personal information protection.
(2) Team in charge of personal information protection
- Team name: Live Support
- Person in charge: Park Joong-kook
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
② Data subjects can contact the Personal Information Protection Manager or relevant team for all inquiries, complaints, and remedies related to personal information protection that may arise while using CALIVERSE services. The Company will respond to and handle the inquiries made by data subjects without delay.
Article 11. Request for Access to Personal Information
Data subjects may request access to their personal information under Article 35 of the Personal Information Protection Act by contacting the following team. The Company will make every effort to process the request promptly.
▸ Team in charge of requests for access to personal information
- Team name: Live Support
- Person in charge: Park Joong-kook
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
- E-mail: privacy@caliverse.io
Article 12. Remedies for Infringement of Data Subject’s Rights and Interests
① Data subjects may seek dispute resolution or advice on personal information infringement from the Korea Internet & Security Agency's Personal Information Infringement Report Center, the Korea Communications Commission's Personal Information Dispute Mediation Committee, or other organizations. If you need to report or consult about other personal information infringements, please contact the following organizations:
(1) Personal Information Dispute Mediation Committee: (without an area code) 1833-6972 (www.kopico.go.kr);
(2) Personal Information Infringement Report Center: (without an area code) 118 (www.privacy.kisa.or.kr);
(3) Supreme Prosecutors' Office: (without an area code) 1301 (www.spo.go.kr); and
(4) National Police Agency: (without an area code) 182 (ecrm.cyber.go.kr).
② The Company acknowledges a data subject’s right to determine his/her own personal information and makes every effort to provide advice and remedies for personal information infringement. If you need to report or consult about personal information infringements, please contact the following team:
▸ For requesting advice and reporting related to personal information protection
- Team name: Live Support
- Person in charge: Park Joong-kook
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
- E-mail: privacy@caliverse.io
③ Any person whose rights or interests are violated by any disposition or inaction of the head of a public agency with regard to a request made under the provisions of Article 35, 36 or 37 of the Personal Information Protection Act may file a petition for an administrative hearing in accordance with the Administrative Appeals Act.
▸ Central Administrative Appeals Commission: (Without an area code) 110 (www.simpan.go.kr)
Article 13. Amendment and Notification of Privacy Policy
This Privacy Policy becomes effective on the date of implementation. The Privacy Policy may be amended in accordance with changes in relevant laws, regulations and guidelines, or internal operation policy. The Company will notify of any addition, deletion, and/or modification in this Privacy Policy through ‘Notice’ at least 7 days prior to the scheduled amendment. However, if an important modification is made to the rights of members, the notification will be posted at least 30 days prior to any such modification.
Addendum
This privacy policy shall be announced on 13 in March 2024 and shall be effective from 20 in March 2024.
Last updated