WORDVICE Privacy Policy

WORDVICE Corporation (“the COMPANY”) strictly complies with all domestic laws and regulations, including the Personal Information Protection Act, in all stages from service planning to termination.
The contents of this Privacy Policy are provided as follows.
This Policy contains compulsory matters of the privacy policy required by relevant laws and regulations and other details regarded as important by the COMPANY in protecting personal information.

1. What this Privacy Policy Means for Wordvice AI Users
2. Personal Information Collected (Required)
3. Use of Collected Personal Information (Required)
4. Provision & Entrustment of Personal Information (Required)
5. Destruction of Personal Information (Required)
6. Rights of Users & Legal Representatives and Exercising Those Rights (Required)
7. Actions Taken to Protect Personal Information
8. Chief Privacy Officer & Responsible Personnel (Required)
9. Application of this Privacy Policy
10. Obligation to Notify Prior to Amendment

1. What this Privacy Policy Means for Wordvice AI Users

The COMPANY has made this Privacy Policy based on the Personal information protection Act. This Privacy Policy has the following important implications.

• The Privacy Policy provides transparent information in relation to the “life cycle of personal information,” such as the information collected by the COMPANY, how the collected information is used, with whom the information is shared when necessary, and when and how the information is destroyed once it fully serves its purpose.
• This Privacy Policy informs users (the information subjects) of their rights regarding their personal information as well as the methods and procedures available to exercise such rights. Guidelines are also provided for the rights that legal representatives (including parents, guardians, etc.) may exercise to protect the personal information of minors under the age of 14.
• In the case that infringement on privacy occurs, this Privacy Policy guides you about whom to contact and what kind of help you should expect in order to prevent further damage and rectify any damage you may have already sustained.
• Above all, this Privacy Policy defines the rights and duties of the COMPANY and users in relation to personal information and provides a means to guarantee the Right to Informational Self-determination among users.

2. Personal Information Collected

When a user subscribes to use personalized or membership services, the COMPANY collects the minimum amount of personal information needed for him/her to use such services.

• The personal information that the COMPANY collects from users at the time they sign up for membership is as follows.
  • When a user signs up for membership, his/her ID, password, name, date of birth, email address, mobile phone number, name of school(organization), name of faculty and position in organization are collected as required fields. If the date of birth entered by the user shows that he/she is a minor under 14 years of age, the information (name, date of birth, gender, and duplication information (DI), mobile phone number) on his/her legal representative is additionally collected.
  • If a user signs up for membership with a enterprise subscriber group ID, the group ID, group representative’s name, password, group name, email address and mobile phone number are collected as required fields. The name, email address, password of authorized user are also collected as an optional field.
• Personal information collected from users during their service use is as follows. Additional personal information such as name, email address, phone number, address may be collected only from users who access individual services within the COMPANY, participate in an event, or register for a giveaway event. In addition, when collecting additional personal information, the users are provided with further guidance regarding the ‘collected items of personal information, purposes of collecting and using personal information, and the retention period of personal information’ at the time of collecting such personal information and are asked to provide their consent.
• The IP address, cookies, service usage records, device information, and location information may be generated and collected during service use. In addition, images or voice data may also be collected from search services using images and voice data. The collected information may correspond to personal information or not, depending on whether it is linked to personal information.

  Additional description about collecting generated information

  What is IP (Internet Protocol)?

  The IP address is the online address information that Internet network operators assign to devices such as the users’ personal computers used to access the Internet. There are many different views about whether an IP address corresponds to personal information.

  What are service usage records?

  They mean the date and time of access to the COMPANY, the list of services used, all normal or abnormal logs created during service use, the email address recorded in the process of receiving and sending email, and the mobile phone numbers entered to invite friends or send gifts.

  What are cookies?

  A cookie is a very small text file stored on user’s computer through his or her web browser when he or she accesses the website. If the user visits the website again afterwards, the website server reads the content of cookies stored on the user's computer to maintain the service environment established by the user, enabling convenient use of the Internet service. In addition, the website may analyze service information visited by a user, his/her service access duration and frequency, and information created or provided (entered) during his/her service use to provide services (including advertisements) that are specific to user's tastes and interests. The user has a choice regarding use of cookies, and thus, by setting options in his/her web browser, he/she may allow all cookies, go through a verification every time a cookie is saved, or refuse to save any cookies at all. However, if the user refuses to save cookies, he/she may experience some difficulty in using parts of the COMPANY services that require login.

• The COMPANY collects personal information under the following methods.
  • If the user agrees to the collection of personal information and enters his/her personal information while signing up for membership during service use, such personal information will be collected.
  • Personal information of the user may be collected through websites, email, fax, phone, etc. during the consultation or registration process.
  • Personal information may be collected in writing from offline events, seminars, and other in-person meetings.
  • Personal information may be provided from outside companies or organizations partnered with the COMPANY, and in such cases, the partner is required to obtain consent from users to provide personal information under the Personal Information Protection Act before such information is provided to the COMPANY.
  • Generated information such as device information may be automatically generated and collected during the use of PC web or mobile web/app.

3. Use of Collected Personal Information

• Personal information is used only to manage members of the COMPANY and all other related services (including mobile web/app) and to develop, provide, and improve services, and generally establish a safe Internet environment for users.
  • Personal information is used for member management, such as confirming members’ intention to subscribe, confirming the age, proceeding with obtaining consent from legal representatives, verifying the identity of users and their legal representatives, identifying users, and confirming their intention to unsubscribe.
  • In addition to the purpose of providing existing services (including advertisements) such as content, personal information is used to promote new service elements and improve existing services such as demographic analysis, analysis of visits to services and usage records, building user-to-user relationships based on personal information and interests, and providing tailor-made services based on acquaintances and interests.
  • Personal information is used to protect users and operate services by means such as preventing and imposing sanctions against acts that interfere with the smooth operation of services, including measures restricting use by members who breach the statutes and COMPANY’s Terms of Service, preventing account theft and fraudulent transactions, sending out notices regarding a revision to the terms and conditions, preserving records for dispute mediation, and handling civil complaints.
  • Personal information is used for personal authentication, purchases and payments for charges, and deliveries of products and services for the provision of paid services.
  • Personal information is used for marketing and promotion purposes such as providing event information, opportunities for participation, and advertising information.
  • Personal information is used to analyze service usage records and access frequency analysis, statistics on service use, and service analysis, and to provide tailor-made services and advertising according to user behavior.
  • Personal information is used to establish a service environment in terms of security, privacy, and safety in which users feel safe and secure when using the service.

4. Provision & Entrustment of Personal Information

• In principle, the COMPANY does not provide personal information to third parties without the express consent of the user. The COMPANY does not provide personal information to any external parties without prior consent from users. However, personal information is provided in limited circumstances if a user personally agrees to provide his/her personal information in order to use the service of an outside partner, if the COMPANY becomes obliged to submit personal information under the relevant laws and regulations, or if an urgent risk to life or safety of users is identified.
• The COMPANY entrusts part of its work to the outside to provide convenient and better services. The COMPANY entrusts part of its work necessary to provide services to outside companies, stipulates the matters necessary for the entrusted party to safely process personal information, and carries out management or supervision to ensure such safe processing in accordance with the Personal Information Protection Act. If a user does not use the service related to the work entrusted to the entrusted party, his/her personal information will not be provided to the said entrusted party.

  Entrusted Company	Entrusted Operations	Retention and Usage Period of Personal Information
  InfoBank	Operation of mobile text transmission service	Until the member withdraws membership or the entrustment agreement term has expired
  KG Inicis Corp., Naver Financial Corp.	Payment processing (mobile phone, payments without account books, account transfer, credit card, gift certificates and other payment methods, refund account verification) & prevention of payment misappropriation
  Sendgrid	E-mail transmission system operation
  MUHAYU Corp.	Plagiarism check of documents

• Further description on the provision and entrustment of personal information
  • (1) Differences between provision and entrustment of personal information The provision of personal information to third parties means the personal information is provided for the business purpose and benefit of the recipient. After the personal information is provided, it is processed under the responsibility of the recipient. For this reason, in order to provide personal information to third parties, the users are notified in advance of the ‘parties to be provided with personal information, the purpose of using personal information by the parties to be provided with personal information, items of personal information provided, and the period during which personal information is retained and used by the parties to be provided with personal information’ and are asked to provide their consent. The entrusted processing of personal information means entrusting personal information to third parties to process the work of the provider. Even after personal information is provided, the party who has provided personal information (the entrusting party) remains responsible for the management/supervision of the entrusted party.
  • (2) Entrusted work that requires user's consent and entrusted work that may be disclosed/notified in satisfaction of user's consent Users may be notified about entrusted processing of personal information necessary for performing contracts on service provision and promoting user convenience through email or other means, or by disclosure in the Privacy Policy in satisfaction of obtaining consent. In addition, in relation to the entrusted processing of personal information, the Entrusted Parties and Work must be notified to users and their consent must be obtained. The COMPANY discloses entrusted processing of personal information necessary for infrastructure operations, service development and testing, service operations, customer consultation, payment processing, and identify verification, in satisfaction of obtaining consent. However, if personal information is entrusted to any outside parties for service promotion, etc., the prior consent of users will be obtained.

5. Destruction of Personal Information

• The COMPANY strictly destroys personal information immediately after the user withdraws membership. However, if the Company has obtained separate consent from users regarding the retention period of personal information or if the laws and regulations impose duties to retain information for a certain period, personal information may be stored safely during such designated period.
• The COMPANY will obtain consent from users for the retention period of personal information at the time of their member or service subscription for the following purposes. To prevent any fraudulent subscription and use, to classify value and member action history of members who have received more than warning.
  • Mobile phone number or duplicate information (DI) of fraudulent users for subscription verification (legal representative’s DI for users aged 14 or under) : Stored for 5 years from the date of withdrawal
  • Mobile phone number of users withdrawn from membership (one-way encryption that cannot be decrypted (via hashing)) : Stored for 5 years from the date of withdrawal
  • Mobile phone number : Up to 1 year from the time of request for registration/modification/deletion
  • ID, Email address, Nick-name : Stored for 6 months after withdrawal from service
• Relevant statutes, including the Act on the Consumer Protection, in Electronic Commerce, Etc., the Framework Act on Electronic Documents and Transactions, and the Protection of Communications Secrets Act, require the COMPANY to store the information for a certain period of time under the following circumstances. The COMPANY stores personal information during the set period under the provisions of the statutes and in no case will it ever store this information for any other purposes.
  - Act on the Consumer Protection, in Electronic Commerce, Etc.
  • Records on the contract or subscription withdrawal, etc. : Stored for 5 years
  • Records on the payment and supply of goods, etc. : Stored for 5 years
  • Records on the consumer complaints or dispute settlement : Stored for 3 years
  
  - Framework Act on Electronic Documents and Transactions
  • Records on the distribution of electronic documents through authorized electronic addresses : Stored for 10 years
  
  - Protection of Communications Secrets Act
  • Login information : 3 months
  
  
• Personal information that fully serve its purpose of collection and use, by means such as membership cancellation, service termination, and/or expiration of the retention period of personal information approved by the user, is destroyed to an irreversible state.
  • Information required to be retained under the statutes is also destroyed to an irreversible state without delay after the expiration of the relevant period.
  • Personal information stored in electronic form is securely deleted by technical means to prevent its recovery or restoration, while written information is shredded or incinerated.

6. Rights of Users & Legal Representatives and Exercising Those Rights

• Users can access their ‘User Profile’ page to view or update their personal information and request access to their personal information at any time.
• Users are entitled to request a suspension of processing their personal information at any time, and the COMPANY may refuse the request for suspension of processing if special provisions in the statute provide otherwise.
• Users can email customer service at info@wordvice.ai to request removal of account to revoke their consent to the collection and use of their personal information at any time.
• If the user is under the age of 14, the child’s legal representative has the right to view and update the child’s personal information, and to revoke his/her consent to the collection and use of the child’s personal information.
• If a user requests the correction of errors in his/her personal information, the relevant personal information will not be used or provided until the correction is made. In addition, in the event where the incorrect personal information has already been provided to a third party, the COMPANY will notify the third party of the corrected information without delay to ensure that the necessary correction is made.
• Users and their legal representatives access their ‘User Profile to personally handle their rights or go to ‘Inquire’ to send a request. The details provided to third parties according to the user's service use activities and consent details are available where they may withdraw their consent.

7. Actions Taken to Protect Personal Information

• The COMPANY makes every effort to securely manage users' personal information and protects personal information beyond the degree required by the Personal Information Protection Act.
• The COMPANY has established and implemented an internal privacy management plan. The COMPANY has established an internal personal information management plan, containing matters in relation to the composition and operation of the privacy organization, such as the designation of privacy personnel, and annually assesses whether the internal management plan is being implemented effectively.
• Actions are undertaken to control access to and restrict the right to access personal information. In order to prevent illegal access to personal information, the COMPANY has established the standards for granting, modifying, and canceling access rights to the personal information processing system, and runs an intrusion prevention system and intrusion detection system.
• Personal information is being encrypted for safe storage and transmission. In addition to the passwords, unique identifiable information, account numbers, and credit card numbers are encrypted for storage as required by law. The COMPANY also safely sends and receives personal information over the network via encrypted communication.
• Actions are taken to store personal information access records and prevent any forgery and tampering. The personal information handler stores and manages access records for the personal information processing system, periodically inspects access records to prevent any misuse, abuse, loss, forgery, and tampering of personal information, and safely stores the relevant access records so that they are not forged, stolen, or lost.
• The COMPANY installs and renews security programs for personal information. The COMPANY frequently backs up data to offset risk of any damage to personal information, and uses the latest antivirus software to prevent leakage or damage of users' personal information.
• The COMPANY enforces physical actions to keep personal information safe. In order to prevent leakage or damage of members' personal information caused by hacking or computer viruses, the COMPANY installs systems which restricts access from the outside.

8. Chief Privacy Officer & Responsible Personnel

The COMPANY has designated the following persons as the Chief Privacy Officer and Personal Information Manager to remain responsible for responding to user inquiries regarding personal information and resolving any related complaints.

If you need to report or consult on other privacy infringements, please contact the following institutions.

• Privacy Infringement Report Center (privacy.kisa.or.kr / Phone no. 118)
• Cyber Crime Investigation Unit, Supreme Prosecutor’s Office (www.spo.go.kr / Phone no. 1301)
• Cyber Bureau of Investigation, National Police Agency (police.go.kr / Phone no. 182)

9. Application of this Privacy Policy

• This Privacy Policy is applied to the ‘COMPANY’ website (www. wordvice.ai), COMPANY service brands, and other related services (including mobile web/app), whereas a separate privacy policy may be applicable to services provided under a different brand name.
• This Privacy Policy will not be applied to personal information collected from websites that are run by other companies through links to COMPANY after such formation is provided under the consent of users.

10. Obligation to Notify Prior to Amendment

Users will be notified of any addition, deletion, and/or modification in this Privacy Policy through ‘Notice’ at least 7 days prior to the scheduled amendment.
However, if an important modification is made to the rights of users, such as the modification to the collected items of personal information and the purposes of their use, the notification will be sent at least 30 days prior to any such modification, and if necessary, the COMPANY may request users’ consent again.

• Notification date : June 20 , 2021
• Effective date : June 20 , 2021