VIRCLE Wallet Privacy Policy
The company (hereinafter referred to as "VIRCLE" or "Service") considers the protection of users' personal information important in providing services through webpages and apps (iOS and Android), and informs you of the current status of collection and processing of users' personal information through this personal information processing policy.
Article 1 (items of personal information to be collected and methods of collection)
"VIRCLE" collects personal information necessary for first-time use for membership registration, smooth customer consultation, and provision of various services.
1. Items of personal information collected and utilized through membership registration, service use, etc
Category | Details | Option | Collection point |
Signup | - Kakao service ID, Kakao account(email), Profile Data (Nickname, Profile Image) | Required | Login with Kakao |
Signup | Apple profile data (email) | Required | Login with Apple |
Signup | Kakao account(phone number), Personal Data (name, birth date, sex), CI | Required | Login with Kakao |
Signup | Marketing utilization and advertising information | Optional | Optional |
Signup | Whether to receive Kakao talk message | Optional | Optional |
Service | Account Info (Klaytn Account Address) | Required | Created after password setting |
Service | Kakao friend list | Required | Login with Kakao (not stored) |
Service | email, phone number, kakaotalk ID | Optional | Marketing Terms |
Service | User's in-service visit history and activity log | Optional | customized services and marketing |
Automatically generated and collected | Service usage records, access logs, transaction records, IP information, cookies, bad and fraudulent use records, mobile device information (model name, OS information, screen size, language and country information, etc.) | Required | Use of the service |
Automatically generated and collected | Information necessary to record illegal/unauthorized access to services and related records, record access attempts to services, and check the safe operating environment of services and service applications | Required | Use of the service |
Automatically generated and collected | Token list | Required | Use of the service |
Personal Setting | personal setting info | Required | Use of the service |
Customer Support | email address, support chat ID | Required | Customer support |
2. How to collect personal information
Category | Detail |
Online | - Collection through service membership registration and use, KakaoTalk counseling, e-mail counseling, etc
- Collection from other services with third-party agreements
- Collection via automatic collection device |
Offline | - Through offline engagement |
Article 2 (Purpose of Collection and Use of Personal Information)
Category | Detail |
User Information Management | - User identification, account access and use authority management, user information management, and delivery of various notifications
- Developing new services, providing a variety of services
- User consultation, complaint handling, customer damage compensation
- Deployment processing through non-face-to-face personal authentication, personal information change, remittance password initialization, etc
- Establishing a service-use environment that users can use with confidence in terms of security, privacy, and safety |
Service Delivery | - Identification, personalization, digital asset transmission history
- Matters concerning overall service management, such as digital asset deposit and withdrawal processing
- Settlement and dialogue of transactions when linking exchanges and other wallets
- Share Kakao Talk to your friends, send tokens
- Self-certification, purchase and payment based on the provision of paid services, and delivery of goods and services
- Identification, personalization, digital asset transmission history |
Event Information | - Provides various events and advertising information
- Providing new and customized services, etc |
Article 3 (Period of retention and use of personal information)
The company holds personal information under laws and regulations. Holding personal information agreed upon when collecting personal information from users. Processing personal information within the use period. Each personal information retention and use period is as follows.
1. Period of personal information retention and use
Category | Purpose | Period |
Account data | User management, Service delivery, User identification | by the 30th after the withdrawal of membership |
However, if an investigation or investigation is in progress due to violation of relevant laws and regulations, it shall be retained and used until the investigation is completed.
2. Preservation by law in accordance with service provision
1.
In principle, the user's personal information shall be destroyed without delay when the purpose of collecting and using personal information is achieved. However, illegal use records may be preserved for one year in accordance with the internal policy to prevent disputes caused by illegal use of services.
2.
The company separately stores, manages, or destroys the personal information of long-term unused members who do not use the service for one year in accordance with laws and regulations and the "Personal Information Valid Period" after notifying them of the fact that personal information is destroyed or stored/managed separately 30 days before the expiration of the service's non-use period, as well as the date and time of personal information items by e-mail, written, fax, phone, or equivalent method. Personal information stored separately will be destroyed without delay after four years of storage. Provided, That if laws impose an obligation to keep information for a certain period of time, personal information shall be kept safe for that period.
Category | Related law | Period |
Records on withdrawal of contracts or subscriptions, etc | Act on Consumer Protection in Electronic Commerce, etc | 5years |
Records of consumer complaints or dispute handling | Act on Consumer Protection in Electronic Commerce, etc | 3years |
Marking, advertising records | Act on Consumer Protection in Electronic Commerce, etc | 6months |
Records of compensation and misappropriation | Act on Consumer Protection in Electronic Commerce, etc | 5years |
Login records | Communications Secret Protection Act | 3months |
Records of specific financial transactions and identification | Act on Reporting and Utilization of Specific Financial Transaction Information, etc | 5years |
Records on withdrawal of contracts or subscriptions, etc | Act on Consumer Protection in Electronic Commerce, etc | 5years |
Article 4 (Consignment of processing of personal information)
1. Consignment of personal information processing
The company entrusts personal information to external companies to perform some of the tasks necessary to provide services. And we manage and supervise the entrusted company so that it does not violate related laws. The companies entrusted with personal information processing are as follows.
Company | Consignment detail |
Amazon Web Services, Inc. | Development and operation of systems to provide services |
Kakao | Login Service |
GroundX | Digital Asset Wallet Service |
LinkHub | Kakao Pay identity verification |
Toss Payaments | Electronic payment agency service |
I’mport | Electronic payment agency service |
Channel Corp. | Customer consultation system operation |
NHN Cloud | SMS and kakaotalk sending agent |
TUEL | repair-related work |
Korea Appraisal Institute of Luxury Goods | Business related to luxury appraisal |
Laors | Business related to luxury appraisal |
2. Provision of personal information processing
The company does not provide the user's personal information to a third party without the consent of the member, and if it is necessary to provide it to a third party, it informs the user of the fact and provides the personal information to a third party after obtaining consent.
However, it may be provided to a third party in the following cases.
1. Where there are special provisions in other laws
2. Where the data subject or his/her legal representative is in a state where he/she is unable to express his/her intention or cannot obtain prior consent due to unknown address, etc., and is clearly deemed necessary for the urgent benefit of the life, body, or property of the data subject or a third party
3. Where personal information is provided in a form in which a specific individual cannot be identified, as necessary for the purpose of statistics preparation, academic research, etc
Article 5 (The rights and methods of exercise of users and legal representatives)
1.
Users may exercise their rights to the company at any time, such as access, correction, deletion, and suspension of processing of personal information. However, the exercise of the user's rights, such as access, correction, deletion, and suspension of processing of personal information, may be restricted as prescribed by the relevant Acts and subordinate statutes, such as Article 35 (4) of the Personal Information Protection Act, Article 36 (1) and Article 37 (2) of the Personal Information Protection Act.
2.
Users can exercise their rights in writing, e-mail, fax, etc. in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
3.
The exercise of rights under paragraph (1) may be done through the user's legal representative, the person entrusted, etc. In such cases, a power of attorney under attached Form 11 of the Enforcement Rules of the Personal Information Protection Act shall be submitted.
4.
When requesting correction or deletion of personal information, if the personal information is specified as a subject of collection in other laws and regulations, the deletion cannot be requested.
5.
The company confirms whether the Chinese character is himself or a legitimate agent for requesting per user's right to read, correct, or delete, or read when requesting suspension of processing.
6.
Users can file an objection with the company if they object to the refusal of exercising their rights, and the company will take action without delay.
Article 6 (Technical and Management Protection Measures for Personal Information)
"VIRCLE" takes the following technical and administrative measures to ensure safety so that personal information is not lost, stolen, leaked, tampered with or damaged in the processing of users' personal information.
•
The user's personal information is encrypted and stored and managed, transmitted through encrypted communication (SSL), and the password is stored and managed by one-way encryption so that it cannot be decrypted.
•
In order to prevent users' personal information from being leaked or damaged by hacking or computer viruses, the system is installed in areas with controlled access from the outside.
•
Data is backed up from time to time in preparation for damage to personal information, the latest vaccine program is used to prevent users' personal information or data from being leaked or damaged, and personal information can be safely transmitted on the network through encrypted communication (SSL).
•
We use an intrusion prevention system to control unauthorized access from outside, and we are trying to equip all possible technical devices to ensure systematic security.
•
We reduce the risk of personal information leakage by minimizing the number of employees who process personal information.
•
We have established systematic standards for the creation and change of passwords and access to database systems that store personal information and systems that process personal information and conduct continuous audits.
•
We provide regular training or campaigns on personal information protection obligations and security for executives and employees who process personal information.
Article 7 (Personal Information Protection Manager and Contact)
1.
The company has designated the following department and personal information protection manager to protect user's personal information and handle complaints related to personal information.
•
Name: Chanwoo Park
•
Position: CEO
•
Email: cs@mass-adopWon.com
•
Contact: 01027824704
•
Department responsible for personal information protection management and handling: Operations Management Department
2.
All privacy-related complaints arising from the use of the company's services can be directed to the Privacy Officer and the respective department. The company will respond to and address the user's inquiries.
Article 8 (Remedies for Infringement of Rights)
If you need remedies or consultations regarding personal information infringement, you can contact the following institutions:
Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
•
Website: privacy.kisa.or.kr
•
Phone: 118 (without area code)
Personal Information Dispute Mediation Committee
•
Website: www.kopico.go.kr
•
Phone: 1833-6972 (without area code)
Cyber Crime Investigation Division, Supreme Prosecutors' Office
•
Website: www.spo.go.kr
•
Phone: 02-3480-3573
Cyber Safety Bureau, Korean National Police Agency
•
Website: cyberbureau.police.go.kr
•
Phone: 182 (without area code)
Article 9 (Changes to Privacy Policy)
If there are any additions, deletions, or modifications to the content of this Privacy Policy, we will notify you through the 'Notice' section at least 15 days in advance. However, if there are significant changes to the collection and use of personal information, third-party provision, and other important user rights, we will notify you at least 30 days in advance.
Supplementary Provisions
This agreement will be effective from June 1, 2022.