(AININetworks Co., Ltd. hereinafter referred to as 'AININetworks') establishes and discloses this Privacy Policy to protect the personal information of data subjects and to promptly and smoothly handle any complaints related to personal information in accordance with Article 30 of the Personal Information Protection Act.

○ This Privacy Policy is effective from May 2, 2022.

• Article 1 (Purpose of Personal Information Processing)

  AININetworks processes personal information for the following purposes. Personal information being processed is not used for purposes other than the following, and in case of any changes in the purpose of use, separate consent will be obtained in accordance with Article 18 of the Personal Information Protection Act.

  ① Processing personal information for the purpose of storing and managing entrusted personal information.

• Article 2 (Processing and Retention Period of Personal Information)

  ① AININetworks processes and retains personal information in accordance with the personal information processing policy of the personal information processor that complies with relevant laws.

• Article 3 (Handling of Personal Information of Children under 14 years old)

  ① AININetworks processes and retains personal information in accordance with the personal information processing policy of the personal information processor that complies with relevant laws.

• Article 4 (Items of Processed Personal Information)

  ① AININetworks processes and retains personal information in accordance with the personal information processing policy of the personal information processor that complies with relevant laws.

• Article 5 (Provision of Personal Information to Third Parties)

  ① AININetworks does not provide personal information to third parties.

• Article 6 (Outsourcing of Personal Information Processing)

  ① AININetworks, when entering into an outsourcing agreement, specifies matters related to the prohibition of processing personal information beyond the purpose of outsourcing, technical and administrative protective measures, restrictions on re-outsourcing, management and supervision of the data processor, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and is actively supervising whether the data processor is securely processing personal information.

  ② AININetworks carries out regular visits and inspections at least once a year regarding personal information and system security when entering into an outsourcing agreement.

  ③ If the contents of the outsourcing business or the data processor change, AININetworks will promptly disclose such changes through this Privacy Policy.

• Article 7 (Transfer of Personal Information Overseas)

  ① AININetworks may transfer personal information overseas in accordance with the personal information processing policy of the personal information processor that complies with relevant laws.

• Article 8 (Procedure and Method of Personal Information Destruction)

  ① AININetworks destroys personal information in accordance with the personal information processing policy of the personal information processor that complies with relevant laws.

  • Procedure of Destruction

    AININetworks selects personal information for destruction when the reason for destruction occurs and obtains approval from the data protection officer of AININetworks for the destruction of personal information.

  • Method of Destruction

    Personal information in electronic file form is destroyed using a method that cannot reproduce records, and personal information printed on paper is destroyed by shredding or incineration.

• Article 9 (Measures for the Disposal of Personal Information of Inactive Users)

  ① AININetworks destroys personal information in accordance with the personal information processing policy of the personal information processor that complies with relevant laws.

  • Procedure of Disposal

    AININetworks selects personal information for disposal when the reason for disposal occurs and obtains approval from the data protection officer of AININetworks for the disposal of personal information.

  • Method of Disposal

    Personal information in electronic file form is destroyed using a method that cannot reproduce records, and personal information printed on paper is destroyed by shredding or incineration.

• Article 10 (Rights, Duties, and Exercise Methods of Data Subjects and Legal Representatives)

  ① AININetworks will promptly respond to data subjects' requests for accessing, correcting, deleting, and suspending the processing of their personal information, in accordance with the personal information processing policy of the personal information processor that complies with relevant laws.

• Article 11 (Measures for Ensuring the Security of Personal Information)

  ① AININetworks takes the following measures to ensure the security of personal information:

  • Regular Internal Audits

    AININetworks conducts regular internal audits (quarterly once) to ensure the security of personal information handling.

  • Minimization and Education of Personnel Handling Personal Information

    AININetworks designates specific personnel to handle personal information, limits the scope of personnel, and implements measures to manage personal information securely.

  • Establishment and Implementation of Internal Management Plans

    AININetworks establishes and implements internal management plans to ensure the secure processing of personal information.

  • Technical Measures against Hacking

    AININetworks installs security programs and conducts regular updates and inspections to prevent leakage and damage of personal information caused by hacking or computer viruses. Access to systems is controlled and monitored through access controls in restricted areas.

  • Encryption of Personal Information

    Personal information is stored and managed in encrypted form, and important data is protected through additional security features such as encryption of files and transmission data or the use of file locking functions.

  • Retention and Prevention of Tampering of Access Records

    AININetworks retains and manages access records to the personal information processing system for at least one year. However, in the case of processing personal information for more than 50,000 individuals or handling unique identifiers or sensitive information, the records are retained and managed for more than two years. Access records are protected against tampering, theft, or loss through security features.

  • Access Restrictions to Personal Information

    AININetworks grants, modifies, and revokes access permissions to the database system handling personal information, to control access to personal information.

  • Locking Devices for Document Security

    Documents containing personal information are stored in secure places with locking devices.

  • Access Control for Unauthorized Persons

    Physical storage areas containing personal information are separate, and access control procedures are established and implemented.

• Article 12 (Installation, Operation, and Rejection of Devices for Automatically Collecting Information)

  ① AININetworks does not use 'cookies' to store and retrieve user information for online customized advertisements.

• Article 13 (Matters Related to the Collection, Use, and Provision of Behavioral Information and Refusal of Such Collection and Use)

  Matters related to the collection, use, and provision of behavioral information and refusal of such collection and use

  ① AININetworks does not collect, use, or provide behavioral information for online customized advertisements.

• Article 14 (Criteria for Additional Use and Provision)

  ① AININetworks does not use or provide personal information without the data subject's consent.

• Article 15 (Processing of Pseudonymized Information)

  ① AININetworks may process pseudonymized information in accordance with the personal information processing policy of the personal information processor that complies with relevant laws.

• Article 16 (Personal Information Protection Officer)

  ① AININetworks is responsible for overseeing the processing of personal information and designates a Personal Information Protection Officer to handle complaints and remedy related to the processing of personal information. The following individuals serve as the Personal Information Protection Officer:

  • Department for Handling Requests for Access to Personal Information
    • Name: Kim Bong Seok
    • Position: CTO
    • Title: Director
    • Contact: 010-3014-0720, bskim@aininetworks.com, 02-6969-7709
  • ※ Connected to the Personal Information Protection Department.
  • Personal Information Protection Department
    • Department Name: Security Management Team
    • Contact Person: Oh Se Woong
    • Contact: 010-4587-8296, 9270dnd@aininetworks.com, 02-6969-7709

  ② Information subjects may contact the Personal Information Protection Officer and the designated department for all inquiries, complaints, and requests for remedy related to personal information protection while using AININetworks' services (or business). AININetworks will promptly respond to and handle information subject's inquiries.

• Article 17 (Department for Receiving and Processing Requests for Access to Personal Information) Information subjects may request access to personal information under Article 35 of the Personal Information Protection Act to the department below.

  ① AININetworks will make efforts to promptly process requests for access to personal information from information subjects.

  • Department for Receiving and Processing Requests for Access to Personal Information
    • Department Name: Security Management Team
    • Contact Person: Oh Se Woong
    • Contact: 010-4587-8296, 9270dnd@aininetworks.com, 02-6969-7709
  • ※ Connected to the Personal Information Protection Department.

• Article 18 (Remedies for Violation of Rights of Information Subjects)

  Information subjects may seek remedies for damages caused by personal information infringement by applying for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center operated by the Korea Internet & Security Agency. For other personal information infringements, please contact the following institutions:

  • Personal Information Dispute Mediation Committee: 1833-6972 (without area code), www.kopico.go.kr
  • Personal Information Infringement Report Center: 118 (without area code), privacy.kisa.or.kr
  • Supreme Prosecutors' Office: 1301 (without area code), www.spo.go.kr
  • National Police Agency: 182 (without area code), ecrm.cyber.go.kr

  Under Article 35 (Right to Access Personal Information), Article 36 (Right to Correct or Delete Personal Information), and Article 37 (Right to Suspend Processing of Personal Information) of the Personal Information Protection Act, a person who has suffered damage due to an administrative disposition or negligence of a public agency regarding the right or interest infringed by processing personal information can request administrative adjudication according to the Administrative Adjudication Act.

  ※ For detailed information on administrative adjudication, please refer to the website of the Central Administrative Adjudication Commission (www.simpan.go.kr).

• Article 19 (Changes to the Privacy Policy)

  ① This privacy policy is applicable from May 2, 2022.