Meaning of the Privacy Policy Xsailr, Inc. (hereinafter referred to as ‘the Company’) complies with all regulations related to personal information protection, including the Personal Information Protection Act, the Protection of Communications Secrets Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as ‘the Information and Communications Network Act’), as well as notifications, orders, and guidelines issued by government institutions. This Privacy Policy transparently provides information regarding the collection, usage, sharing (via ‘entrustment or provision’), and destruction of personal information, including when and how personal information is destroyed after the purpose of its use has been fulfilled.
Consent to the Collection and Use of Personal Information The Company provides its Privacy Policy, which includes information related to the collection and use of personal information, upon membership registration. By selecting the 'Agree' button during the membership registration process, users are deemed to have consented to the collection and use of their personal information to the minimum extent necessary for the fulfillment and execution of the service use contract and for identifying users.
Article 1: Collection Items and Methods of Collecting Personal Information
The Company collects and processes personal information as follows for membership registration, customer consultation, payment for paid services, provision of various services, and contract fulfillment.
Items of Personal Information Collected
Upon Membership Registration:
For registration via social login, the Company collects the social media ID (or email address ID), name (or nickname), profile image, and social login creation number.
For registration via email, the Company collects the email address, password, and name (or nickname).
Automatically Generated Information:
During service usage, the following information may be generated and collected:
App push permissions
Device model, OS information, device token, Google Advertising ID (ADID), Apple Advertising ID (IDFA)
IP address, cookies, visit history, misuse records, and service usage records
When using paid services, the Company may collect credit card information, direct deposit details, telecom information, gift certificate numbers, and other payment-related details if necessary for payment processing.
Additional information may be collected with separate notice and consent when users participate in events, promotions, prize deliveries, or service inquiries.
Methods of Collecting Personal Information The Company informs users in advance about the purpose of collection, items collected, retention, and usage periods and obtains consent before collecting personal information. Personal information may be collected through the following methods:
When the user consents to the collection and usage of personal information and directly inputs information during the service registration process
When received from affiliated or partner companies as part of a joint service
Automatically generated information during the use of mobile applications or websites
Voluntary provision and consent during service usage
Article 2: Purpose of Collecting Personal Information
The Company utilizes collected personal information for the following purposes:
Execution of service contracts, including payment settlement for paid services and the provision of content
Identification of users for membership services, prevention of fraudulent use, verification of duplicate accounts, dispute resolution, handling complaints, and notification of important information
Development of new services, provision of customized services, verification of service effectiveness, frequency of access, statistical analysis, and provision of event and advertising information
Article 3: Retention and Use Period of Personal Information
The Company destroys personal information without delay when the purpose of collection and usage is achieved or when the user requests account termination or withdraws consent. However, the Company may retain information under the following circumstances:
Membership management: From the time of registration until membership termination (or until specific issues are resolved)
During investigations related to legal violations: Until the investigation is complete
For refund or settlement purposes: Until any outstanding payments are settled
For the provision of services: Until the supply of services and payment settlement are complete
Records related to electronic financial transactions: 5 years
Records related to contracts, payment, and supply of goods: 5 years
Records related to consumer complaints or dispute resolution: 3 years
Records related to advertising and marketing: 6 months
Website visit records: 3 months
For marketing purposes: Until withdrawal of consent or termination of membership
Even if the app is deleted, personal information may remain unless a request for account termination is made. To ensure complete deletion, users must request account termination.
Article 4: Handling and Entrusting of Collected Personal Information
To enhance service quality, the Company may entrust the processing of personal information to external parties, and once the entrustment ends, personal information is destroyed without delay.
Article 5: Automatic Collection of Personal Information
The Company may use cookies (or similar technologies) to provide customized services by analyzing user preferences.
Cookies may be used to analyze access frequency, time of visits, participation in events, and preferences to offer personalized services and targeted marketing.
Users can adjust cookie settings via their web browser. However, rejecting cookies may result in difficulties accessing some services.
The Company may use automated systems to analyze user data and provide customized content, advertisements, or features. This data may also be used to detect malicious behavior such as spam or malware.
Article 6: Destruction of Personal Information
The Company destroys personal information once its intended use is fulfilled. Personal information may be destroyed via the following methods:
Electronic files: Deletion and formatting of storage devices such as disks
Dormant accounts: Personal information is separated and managed after 1 year of inactivity, and destroyed after 3 years. A prior notice will be provided 1 month before such action.
Article 7: Security Measures for Personal Information
The Company implements managerial and technical measures to prevent loss, theft, leakage, falsification, or damage of personal information.
Managerial Measures:
Establishing internal management plans
Limiting personnel handling personal information and providing education
Technical Measures:
Managing access rights to the personal information processing system
Installing access control systems
Applying encryption or equivalent measures
Installing and updating security programs
Retaining access records to prevent falsification
Article 8: User Rights and How to Exercise Them
Users can exercise the following rights related to their personal information:
Request access to personal information
Request correction of errors
Request deletion
Request suspension of processing
Requests can be made via email ([email protected])or written communication. The Company will respond promptly.
If the user requests correction or deletion, the Company will refrain from using or providing the affected personal information until the request is resolved.
Article 9: Designation of Personal Information Protection Officer
The Company has designated a Personal Information Protection Officer to protect user privacy and handle related complaints:
Name: Choi, HoonKyu
Position: Chief Production Officer
Contact:[email protected] Users can contact the officer for any privacy-related concerns.
Article 10: Changes to the Privacy Policy
If changes are made to the privacy policy due to updates in regulations or security technology, the Company will notify users via the app or website at least 7 days before the changes take effect. The updated policy will become effective 7 days after the notification.
Addendum: This Privacy Policy is effective from November 1, 2024.