Deeping Source, Inc. (hereinafter referred to as the “Company”) legally processes and protects the personal information of the subjects in accordance with Article 30 of the Personal Information Protection Act (“PIPA”) and manages it safely. In order to ensure that grievances in this regard can be handled promptly and smoothly, we establish and disclose the Privacy Policy as follows.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. The personal information processed in principle will not be used for any purpose other than the following purposes, and if the purpose of use is changed, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

• Signing up and management: Confirmation of the intent to sign up, identification of the User and verification of the identity, maintenance and management of the qualification
• Provision of Service: Providing the Services and fulfilling contracts, sending contracts and invoices, making a contact for notices such as contract fulfillment and changes in the Terms of Use, providing contents, payment and settlement of fees, refunds, handling customer complaints, using the Service and securing smooth communication channels such as service use, consultation, and inquiries, Identifying the frequency of webpage access or statistics on the User’s use of the Service for improvement of the Service
• Provision of de-identification services: the Company is entrusted with the task of de-identifying images and videos from the User and processes such personal information
• Marketing, advertisements (event submission) (optional)

Article 2 (Processing and Retention Period of Personal Information)

The Company shall process and retain personal information within the period of retention and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.

• Singing up and management: Immediate deletion upon withdrawal of membership. However, to prevent unauthorized use, it is stored for 3 months (company email, mobile phone number) and then destroyed.
• Provision of Service: Until the completion of Service provision and payment and settlement of fees
• Provision of de-identification services: Immediate deletion after de-identification processing
• Marketing, advertisement (event submission): immediate destruction upon the termination of the relevant event

Article 3 (Personal Information Items Processed)

The Company processes the following personal information items

1. Personal Information Processing Items

• Signing up o Company email, password, contact information (mobile phone number)
• Provision of Services o When applying for consultation: name, company email, company name, contact information (phone number or mobile phone number)  o When using the de-identification service: images and video data to be de-identified entrusted by the User (including face and license plates)  o Payment records: payment service and payment confirmation, and handling of payment-related complaints  o Cancellation and refund: bank account holder, bank name, account number
• Marketing, advertisements (event submission) (optional)
• company e-mail, contact information (mobile phone number)

1. Collection Methods

The Company collects personal information in the following ways

• Hompage
• Email
• Written forms
• Online consultation
• Event submissions

※ IP address, cookies, MAC address, mobile device information (app version, OS version), service usage history, visit history, bad usage history, etc. may be automatically generated and collected and used in the process of using the Company’s Service.

Article 4 (Destruction of Personal Information)

1. The Company shall destroy the personal information without delay when the personal information becomes unnecessary, such as the lapse of the personal information retention period or the achievement of the purpose of processing.
2. If the personal information must continue to be preserved in accordance with other laws and regulations even when the personal information retention period agreed to by the information subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or preserved in a different storage location.
3. The Company is required to continue to retain personal information in accordance with other laws and regulations as follows:

• Records of contract or subscription withdrawal, payment, and supply of goods: 5 years (the Act on Consumer Protection in Electronic Commerce, etc.)
• Records of payments and supply of goods, etc.: 5 years (the Act on Consumer Protection in Electronic Commerce, etc.)
• Records on consumer complaints or dispute handling: 3 years (the Act on Consumer Protection in Electronic Commerce, etc.)
• Records on collection/processing and use of credit information: 3 years (Act on the Utilization and Protection of Credit Information)
• Records on display/advertising: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)
• Log records of the User’s internet access/tracking data of user's access point: 3 months (Act on Protection of Communications Secrets)
• Other communication verification data: 12 months (Act on the Protection of Communications Secrets)

1. The procedures and methods for destroying personal information are as follows.

• Destruction Procedure: The Company selects the personal information for which the reason for destruction has occurred, and destroys the personal information with the approval of the personal information protection manager of the Company.
• Destruction Method: The Company destroys personal information recorded and stored in the form of electronic files using methods such as Low Level Format so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incinerating them.

Article 5 (Consignment of Personal Information Processing)

1. The Company consigns personal information processing tasks as follows for smooth personal information processing.

• Amazon Web Services, Inc. : Data storage
• Channel Talk: Consultation talk service, consultation app maintenance
• : Payment and settlement service
• NICE Evaluation Information Co., Ltd.: Account verification service

1. When entering into an consignment contract, the Company specifies in documents such as contracts the prohibition of processing personal information other than for the purpose of performing the entrusted services, taking technical and administrative protection measures, restrictions on re-consignment, management supervision of the consignee, and responsibilities such as compensation for damages, and the Company also supervises whether the consignee processes personal information safely.

Article 6 (Overseas Transfer of Personal Information)

The Company transfers the personal information of the information subject to other business operators overseas as follows in order to provide smooth Service. If you do not want to transfer your personal information overseas, you can refuse by not agreeing to the collection, use, or provision of personal information to a third party, or by requesting the company to stop the overseas transfer, but if you refuse, you may not be able to use the Service.

Article 7 (Rights of Users and Legal Representatives and Method of Exercise)

1. The User may exercise the right to view, correct, delete, or suspend the processing of personal information at any time against the Company.

※ Requests for access to personal information about children under the age of 14 must be made directly by a legal representative, and information subjects who are minors over the age of 14 may exercise their rights regarding the personal information by themselves or through a legal representative.

1. The exercise of rights may be made to the Company in writing, by e-mail, or by facsimile transmission (FAX) in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
2. The exercise of rights may also be made through an agent, such as the legal representative of the User or a person who has been delegated such right. In this case, the information subject must submit a power of attorney in the form of Attachment No. 11 to the “Notification on Personal Information Processing Method (No. 2020-7)”.
3. Requests for access to personal information and suspension of processing may restrict the rights of the information subject pursuant to Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.
4. A request for correction and deletion of personal information cannot be made if the personal information is specified as the subject of collection in other laws.
5. The Company shall verify that the person making the request, such as a request for access in accordance with the rights of the User, a request for correction or deletion, or a request for suspension of processing, is the person or a legitimate representative.

Article 8 (Measures to Ensure the Protection of Personal Information)

The Company takes the following measures to ensure the protection of personal information.

1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: Management/limitation of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, etc.
3. Physical measures: Access control of computer rooms, data storage rooms, etc.

Article 9 (Installation, Operation and Rejection of Cookies)

1. The Company uses ‘cookies’ to store and retrieve user information to provide individualized services to users.
2. Cookies are small amounts of information sent to the user’ computer browser by the server (HTTP) used to operate the Website and are also stored on the hard disk of the user’s computer.

• Purpose of using cookies: Cookies are used to provide optimized information to users by identifying the type of visit and use of each service and Website visited by the user, whether the user has a secure connection, etc.
• Installation, operation and refusal of cookies: You can refuse to save cookies through the option settings in the Tools>Internet Options>Privacy menu at the top of the web browser.
• If you refuse to save cookies, you may experience difficulties in using customized services.

Article 10 (Personal Information Protection Manager)

The Company is responsible for the processing of personal information in general, and designates a personal information protection manager as follows to handle complaints and damage relief of information subjects related to the processing of personal information.

1. The person in charge of personal information protection
2. Name: Kim Tae-Hoon
3. Position: Representative
4. Contact information: contact@deepingsource.io

※ It will be connected to the department in charge of personal information protection.The User may contact the personal information protection manager and the department in charge regarding the exercise of rights such as all personal information protection-related inquiries, complaints, damage relief, and requests for access to personal information that occurred while using the Company’s Service. The Company will respond to and handle inquiries from the User without delay.

Article 11 (Remedies for Infringement of Rights and Interests of the User)

The User may apply for relief, consultation, etc. for remedies against personal information infringement to the following organizations. Please contact the following organizations for reporting and counseling on other personal information infringement.

1. Personal Information Infringement Report Center (operated by the Korea Internet and Security Agency)

• Responsibilities: Reporting personal information infringement and applying for counseling
• Website: privacy.kisa.or.kr
• Phone: 118 (without area code)
• Address: Personal Information Infringement Report Center, 3F, 9, Jinheung-gil, Naju-si, Jeollanam-do (301-2, Bit-Garam-dong), 58324, Korea

1. Personal Information Dispute Mediation Committee

• Responsibilities: Personal information dispute mediation application, collective dispute mediation (civil resolution)
• Homepage : kopico.go.kr
• Telephone : (without area code) 1833-6972
• Address: 4F, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul, Korea (03171)

1. Cybercrime Investigation Division of the Supreme Prosecutors’ Office: 02-3480-3573 (spo.go.kr)
2. National Police Agency Cyber Security Bureau : 182 (http://cyberbureau.police.go.kr)

Article 12 (Enforcement and Change of Privacy Policy)

1. This Privacy Policy are effective from July 17, 2023.