Privacy Policy

Article 1 (Purposes of Processing Personal Information)

Mindlogic, Inc. (hereinafter the "Provider") and [Customer Name] (hereinafter the "Customer") collect, record, store, and use (hereinafter "Process") the personal information of Individual Users for the following purposes. The Provider and the Customer shall not Process the personal information of Individual Users for purposes other than the following. If the purpose of use is changed, they will take measures required by law, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Confirmation of intent to apply for membership, identification of Individual Users, and confirmation of intent to withdraw
2. Protection of users and operation of the Service, including preventing and sanctioning acts that disrupt the smooth operation of the Service such as violations of the terms, preventing account theft, delivering notices such as amendments to the terms, preserving records for dispute mediation, and handling complaints
3. Analysis of Service usage records and access frequency, statistics regarding Service use, and provision of customized services based on Service analysis and statistics
4. In addition to providing existing services such as content, identifying new service elements and improving existing services through demographic analysis, analysis of Service visits and usage records, and provision of personalized services based on personal information and interests
5. Establishing a service environment that users can trust in terms of security, privacy, and safety
6. Handling of other service-related tasks in accordance with individual terms

Article 2 (Items of Personal Information Processed)

The personal information that the Provider and the Customer may collect from Individual Users in the course of application for use and provision of the Service is as follows.

1. User registration and management: name, email address, organization
2. Automatically collected items: IP information, MAC information, usage records, access logs, cookies

Article 3 (Processing and Retention Period of Personal Information)

The Provider and the Customer retain the collected personal information of Individual Users within the retention and use period agreed to by the Individual User or required by law, and Process it according to its purposes. The retention period may vary in cases permitted or required by law, including the cases below, and expires immediately when an Individual User withdraws consent to the collection and use of personal information.

1. Records concerning contracts or subscription withdrawal. Pursuant to Article 6 of the Act on Consumer Protection in Electronic Commerce and Article 6 of its Enforcement Decree, such records are preserved for 5 years even if the Individual User withdraws consent to the use of personal information.
2. Records concerning payment and supply of goods. Pursuant to Article 6 of the Act on Consumer Protection in Electronic Commerce and Article 6 of its Enforcement Decree, such records are preserved for 5 years even if the Individual User withdraws consent to the use of personal information.
3. Records concerning consumer complaints or dispute handling. Pursuant to Article 6 of the Act on Consumer Protection in Electronic Commerce and Article 6 of its Enforcement Decree, such records are preserved for 3 years even if the Individual User withdraws consent to the use of personal information.
4. Records concerning communication confirmation such as access. Pursuant to Article 15-2 of the Protection of Communications Secrets Act and Article 41 of its Enforcement Decree, such records are preserved for 3 months from the time of creation.

Article 4 (Use of Personal Information and Provision to Third Parties)

The Provider and the Customer use Individual Users' personal information within the scope of the purposes notified to the Individual Users when collected, and do not use it beyond that scope or disclose/provide it to third parties without the Individual User's prior consent. The following cases are exceptions:

1. When the Individual User has consented in advance to provision to a third party
2. When required by law, or when an investigative agency requests such information in accordance with the procedures and methods prescribed by law
3. When indispensable for the performance of the service contract such as provision of the Service, and when obtaining ordinary consent is significantly difficult for economic or technical reasons
4. When the personal information is processed in a state where the data subject cannot be specified or identified

Article 5 (Entrusting Processing of Personal Information)

The Provider and the Customer entrust the processing of personal information as follows for effective performance of the Service. The entrusted entity Processes personal information only within the minimum scope necessary to perform the entrusted work. The contents of the entrusted work and the entrusted parties are as follows.

1. Contents of entrusted work: [Not applicable]
2. Entrusted party: [Not applicable]
3. Contact: [Not applicable]

Article 6 (Procedure and Method for Destruction of Personal Information)

In principle, after the purpose of collection and use of personal information has been achieved and the retention period has expired, the Provider and the Customer destroy the relevant information without delay in accordance with the following procedure and method.

1. Destruction procedure: All personal information provided by an Individual User is automatically selected for destruction once the retention period expires, and is destroyed in accordance with internal policies and relevant laws.
2. Destruction method: Personal information held in electronic file form is permanently deleted using a technical method that prevents reproduction of the records. Personal information held in printed form, such as on paper, is permanently destroyed by shredding or incineration.

Article 7 (Security Measures for Personal Information)

The Provider and the Customer have taken the following security measures to protect Individual Users' personal information.

1. Establishment and implementation of internal regulations and guidelines
   Internal regulations and guidelines, including information security regulations, have been established and implemented to emphasize the security of all Individual Users' personal information.
2. Management of access rights
   Access rights to Individual Users' personal information are granted differentially according to each employee's role and position, and all access to Individual Users' personal information is monitored.
3. Password management
   Passwords are managed by storing them using one-way encryption.
4. Access control for unauthorized persons
   Access controls are in place to prevent unauthorized persons from accessing the user's personal information database.
5. Encryption of personal information
   Each Individual User's personal information is stored in an encrypted form.
6. Retention of access logs and prevention of forgery and falsification
   Login records (date, subject, IP, etc.) of employees who have accessed the computer system are retained and backed up to a separate device to prevent forgery and falsification.

Article 8 (Personal Information Protection Officer)

Individual Users may submit inquiries or grievances regarding the protection of their personal information to the Personal Information Protection Officer below.

[Provider]

• Name: Park, Mihyun
• Position: Senior Manager
• Contact: +82-70-5102-6560

[Customer]

• Name: [Customer-designated Personal Information Protection Officer]
• Position: [Position]
• Contact: [Contact]