Privacy Policy
AYN SQUARE values your personal information.
Effective Date: April 19, 2025
1
Purpose of Privacy Policy
AYN SQUARE (hereinafter referred to as the 'Company') has established the following privacy policy to protect the personal information of users who use our services.
This policy complies with the Personal Information Protection Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and other relevant laws.
The Company does its best to promptly and smoothly handle user complaints related to personal information protection.
2
Principles of Personal Information Processing
The Company may collect personal information from users, and the collected personal information will be processed according to the following principles:
- Consent-based Provision: Personal information is provided to third parties only with the consent of the user.
- Legal Exceptions: In cases where legally required by laws and regulations, the Company may provide users' personal information to third parties without prior consent.
3
Disclosure of Privacy Policy
The Company discloses this policy as follows so that users can check it at any time:
- This policy is disclosed through the company's homepage main screen or through a connection screen with the main screen
- Using font size, color, etc. to make it easy for users to check this policy
4
Changes to Privacy Policy
The privacy policy may change for the following reasons:
- Changes to laws, guidelines, and notices related to personal information
- Changes in government policy
- Changes in company service policies or content
Notification Methods for Changes:
- Notification through the homepage announcements or separate windows
- Notification through written documents, facsimile, email, etc.
Notification Period:
- General changes: At least 7 days before the effective date
- Significant changes to user rights: At least 30 days before
5
Personal Information Collected
The Company collects the following personal information to provide services:
Essential Information: Email address and password
Essential Information: Email address
Essential Information: Email address
6
Methods of Personal Information Collection
The Company collects users' personal information through the following methods:
- Direct input of personal information by users on the company's website
- Input of personal information by users through services other than the company's website, such as applications
- Input of information by users during the service use process, such as customer service consultation or board activities
7
Use of Personal Information
The Company uses personal information for the following purposes:
- When necessary for company operations, such as communicating announcements
- To improve services, such as responding to usage inquiries and handling complaints
- To provide company services
- To restrict usage for members who violate laws and terms, and to prevent and sanction fraudulent use
8
Sharing Personal Information with Third Parties
In principle, the Company does not provide users' personal information to third parties. However, exceptions may be made in the following cases:
Personal information is provided to third parties only with the user's prior consent.
| Recipient |
Purpose |
Information Items |
| Google LLC |
Storage and provision of collected information |
User uploaded files, text, email address, user UID |
When there are changes to third-party sharing relationships or when such relationships are terminated, the Company will notify users and obtain consent through the same procedure.
9
Outsourcing of Personal Information Processing
The Company outsources personal information processing as follows for service provision and effective business processing:
| Contractor |
Purpose |
Duration |
| Google LLC |
Storage and provision of user-provided information |
Until membership termination |
10
Retention and Use Period of Personal Information
The Company retains and uses users' personal information as follows:
- Principle: Retention and use during the period necessary to achieve the purpose of collecting and using personal information
- Exception: Records of service misuse are kept for up to 1 year from the time of membership termination to prevent fraudulent registration and use
Personal Information Retention Periods According to Related Laws
- E-Commerce Act:
- Records of contracts or withdrawal of consent: 5 years
- Records of payment and supply of goods: 5 years
- Records of consumer complaints or dispute handling: 3 years
- Records of display/advertisement: 6 months
- Communications Secret Protection Act: Website log records: 3 months
- Electronic Financial Transactions Act: Electronic financial transaction records: 5 years
- Location Information Act: Personal location information records: 6 months
11
Deletion of Personal Information
Deletion Principles
The Company deletes personal information without delay when the purpose of processing has been achieved or the retention and use period has expired.
Deletion Procedure
- Personal information that has achieved its processing purpose is moved to a separate DB and deleted after a certain period of storage
- Personal information subject to deletion is deleted after approval from the personal information protection officer
Deletion Methods
- Electronic files: Deleted by technical methods that cannot reproduce the records
- Paper documents: Shredded by a shredder or incinerated
12
Transmission of Commercial Information
The following applies when the Company transmits commercial information for profit purposes:
Principle: The Company obtains explicit prior consent from users.
Exceptional exemptions from consent:
- Sending information about similar goods/services within 6 months after the end of a transaction using contact information directly collected through a transaction relationship
- When a telephone solicitation seller under the Door-to-Door Sales Act verbally notifies the source of personal information collection and makes telephone solicitation
Nighttime advertising restrictions: Separate prior consent is required for advertisements between 9 PM and 8 AM.
Guarantee of the right to refuse: If there is an expression of intent to refuse receiving commercial information, the transmission of information will be discontinued.
Labeling obligations: Commercial information must include the following:
- Company name and contact information
- Method for refusing receipt or withdrawing consent to receive
- Measures to avoid or obstruct the refusal of receipt or withdrawal of consent to receive
- Measures to automatically generate phone numbers, email addresses, etc.
- Measures to automatically register contact information for advertising purposes
- Measures to hide the identity or source of the advertisement sender
- Measures to induce a response by deceiving the recipient
Users using the service must comply with the following obligations:
- Accuracy of Information: Personal information must be kept up to date, and the user is responsible for problems arising from inputting inaccurate information.
- Prohibition on Identity Theft: Users who register by stealing others' personal information may lose service qualification and face legal punishment.
- Account Information Security: Users are responsible for maintaining the security of account information such as email addresses and passwords, and may not transfer or lend them to third parties.
14
Measures in Case of Personal Information Breach
The Company takes the following measures when a personal information breach or similar incident occurs:
Notification Items:
- Personal information items that were breached
- Time of the breach
- Measures that users can take
- The Company's response measures
- Contact information for the consultation reception department
Notification Method: Individual notification to users along with reporting to the Korea Communications Commission or Korea Internet & Security Agency.
Emergency Protection Measures: In the event of a personal information breach, the Company will immediately suspend member registration and login functions, and delete all data of the affected members. This is an essential measure to prevent secondary damage and protect users' personal information.
Exceptional Measures: If there are legitimate reasons such as being unable to contact users, the Company may replace individual notifications by posting on the company's homepage for at least 30 days.
15
Protection of Personal Information Transferred Overseas
When transferring users' personal information overseas, the Company complies with the following principles:
Basic Principle: The Company does not enter into international contracts with content that violates the Personal Information Protection Act and other related regulations.
Consent for Overseas Transfer: The Company obtains users' consent when transferring personal information overseas. However, the separate consent procedure for personal information processing outsourcing/storage may be omitted if all of the following information is disclosed or communicated to users via email, etc.:
Disclosure Items:
- Personal information items being transferred
- Country to which personal information is transferred, time of transfer, and method of transfer
- Name of the recipient (if a corporation, the name and contact information of the information management officer)
- Purpose of use by the recipient and the retention/use period
Protective Measures: When transferring personal information overseas, the Company implements protective measures in accordance with the Personal Information Protection Act and other related regulations.
The Company uses 'cookies' to provide customized services to users.
Cookies are small pieces of information sent by the server operating the website to the user's web browser, which can be stored in the user's storage space.
Users have the choice regarding cookie installation and can set options in their web browser to allow all cookies, verify each time a cookie is stored, or reject all cookie storage.
Note: If you reject cookie storage, you may experience difficulties using some services that require login.
Cookie settings for each web browser are as follows:
- Edge: Settings menu in the upper right corner of the web browser > Cookies and site permissions > Manage and delete cookies and site data
- Chrome: Settings menu in the upper right corner of the web browser > Privacy and security > Cookies and other site data
- Whale: Settings menu in the upper right corner of the web browser > Privacy > Cookies and other site data
17
Remedies for Infringement of Rights
To receive remedies for infringement of personal information, you can request dispute resolution or consultation from the following institutions:
- Personal Information Dispute Mediation Committee: (No area code) 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: (No area code) 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: (No area code) 1301 (www.spo.go.kr)
- National Police Agency: (No area code) 182 (ecrm.cyber.go.kr)
The Company is committed to guaranteeing the right to self-determination of personal information for the information subject and to providing consultation and remedies for personal information infringement.
Request for Administrative Trial: If your rights or interests are infringed due to the disposition or inaction of a public institution regarding a request under the Personal Information Protection Act, you can request an administrative trial according to the Administrative Appeals Act.
Central Administrative Appeals Commission: (No area code) 110 (www.simpan.go.kr)