Privacy Policy
LucidX Co., Ltd. (hereinafter referred to as the “Company”) has established the following processing policy in accordance with the Personal Information Protection Act to protect users’ personal information and rights and to smoothly handle users’ complaints related to personal information.
When consenting to this Personal Information Collection and Use Agreement, users have the right not to consent to the collection and use of ‘personal information other than the minimum necessary information.’
When the Company revises the Personal Information Processing Policy, it will notify users through a website notice (or individual notice).
Article 1 Purpose of processing personal information
- Homepage Membership Registration and Management
Personal information is processed for the purposes of confirming membership registration, identifying and authenticating the user for the provision of membership services, maintaining and managing membership qualifications, verifying the user’s identity in accordance with the implementation of the limited real-name verification system, preventing unauthorized use of services, verifying consent of the legal representative when collecting personal information of children under the age of 14, and preserving records for various notifications, complaints handling, and dispute resolution. - Use in marketing and advertising
We process personal information for the purposes of developing new services (products) and providing customized services, providing event and advertising information and opportunities to participate, providing services and posting advertisements based on demographic characteristics, verifying the validity of services, determining access frequency, or compiling statistics on members' use of services.
Article 2 Processing and retention period of personal information
- The company processes and retains personal information within the retention and use period of personal information stipulated by law or within the retention and use period of personal information agreed upon by the data subject at the time of collection of personal information.
- The processing and retention periods for each person’s personal information are as follows.
The personal information below will be retained and used for the above purposes from the date of consent to collection and use.
Basis for possession : Act on Consumer Protection in Electronic Commerce, etc., Act on the Use and Protection of Credit Information
Basis for possession : Act on Consumer Protection in Electronic Commerce, etc., Act on the Use and Protection of Credit Information
- Records on collection/processing and use of credit information : 3 years
- Records on consumer complaints or dispute resolution : 3 years
- Records on payment and supply of goods, etc. : 5 years
- Records on contracts or cancellation of subscription : 5 years
- Records on display/advertisement : 6 months
Article 3 Rights and obligations of data subjects and legal representatives and methods of exercising them
Users, as subjects of personal information, may exercise the following rights:
- The information subject may exercise the right to request access to, correction of, deletion of, or suspension of processing of personal information at any time against the company.
- The exercise of rights under Paragraph 1 may be made to the company through written documents, e-mail, facsimile transmission (FAX), etc. in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
- The exercise of rights under Paragraph 1 may be made through an agent, such as the information subject's legal representative or authorized person. In this case, a power of attorney in the format of Appendix 11 of the Enforcement Decree of the Personal Information Protection Act must be submitted.
- The request for access to and suspension of processing of personal information may be subject to restrictions on the information subject's rights under Article 35 Paragraph 5 and Article 37 Paragraph 2 of the Personal Information Protection Act.
- The request for correction or deletion of personal information cannot be made if the personal information is specified as a collection target in other laws and regulations.
- When requesting access, correction/deletion, or suspension of processing in accordance with the information subject's rights, the company verifies whether the person making the request is the information subject or a legitimate agent.
Article 4 Items of personal information processed
The company processes the following personal information items.
- Required items: email, password, login ID, name, service usage history, access log, cookie, access IP information, payment history
- Required items: email, password, login ID, name, service usage history, access log, cookie, access IP information, payment history
Article 5 Destruction of personal information
In principle, when the purpose of personal information processing is achieved, the personal information is destroyed without delay. The procedures, deadlines, and methods for destruction are as follows.
- Destruction Procedure : The information entered by the user is transferred to a separate database (separate documents in the case of paper) after the purpose is achieved and stored for a certain period of time or destroyed immediately in accordance with internal policies and other relevant laws.
In this case, personal information transferred to the database will not be used for any other purpose except in cases required by law. - Destruction Period : If the retention period of the user's personal information has expired, the personal information will be destroyed within 5 days from the end of the retention period. If the personal information becomes unnecessary due to the achievement of the purpose of processing the personal information, the discontinuation of the relevant service, or the termination of the business, the personal information will be destroyed within 5 days from the date on which the processing of the personal information is deemed unnecessary.
- Destruction Method : Information in the form of electronic files uses a technical method that cannot reproduce the record.
Article 6 Matters concerning the installation, operation and refusal of automatic personal information collection devices
The company does not collect, use, or provide behavioral information for online customized advertising, etc.
Article 7 Matters concerning the person responsible for personal information protection
The company is responsible for overall management of personal information processing and has designated a personal information protection officer as follows to handle complaints and provide remedies for damages from data subjects related to personal information processing.
-
▶ Chief Privacy Officer
Name : Jung Young Suk
Title : CEO
Contact : +82-2-6013-3002 -
▶ Privacy Policy Department
Name : Han Myung Ho
Title : Director
Contact : +82-2-6013-3002
※ You will be connected to the personal information protection department.
The information subject may inquire about all personal information protection-related matters, such as inquiries, complaints, and damage relief that arise while using the company's services, to the personal information protection officer and the department in charge. The company will respond to and process the information subject's inquiries without delay.
Article 8 Changes to personal information processing policy
This privacy policy is effective from the date of enforcement, and in case of additions, deletions, or corrections to the contents due to changes in laws and policies, notice will be given through a notice 7 days prior to enforcement of the changes.
Article 9 Measures to ensure the safety of personal information
In accordance with Article 29 of the Personal Information Protection Act, the company is taking the following technical/administrative and physical measures necessary to ensure security.
- Regular self-audits: We conduct regular (quarterly) self-audits to ensure the stability of personal information handling.
- Minimization and training of personal information handling staff: We designate staff handling personal information and implement measures to manage personal information by limiting it to those in charge.
- Establishment and implementation of an internal management plan: We establish and implement an internal management plan to safely handle personal information.
- Technical measures against hacking, etc.: The company installs security programs and conducts periodic updates and inspections to prevent leakage of personal information and damage due to hacking or computer viruses and installs systems in areas with controlled access from the outside and monitors and blocks them technically and physically.
- Encryption of personal information: Users’ personal information is stored and managed in encrypted form, and only the user can know the password. Important data uses separate security features such as encrypting files and transmission data or using a file lock function.
- Storage of access records and prevention of falsification: Records of access to the personal information processing system are stored for at least 6 months. We store and manage personal information, and use security features to prevent falsification, theft, and loss of access records.
- Restricting access to personal information: We take necessary measures to control access to personal information by granting, changing, and deleting access rights to the database system that processes personal information, and we control unauthorized access from the outside by using an intrusion prevention system.
- Using locking devices for document security: We store documents, auxiliary storage media, etc. containing personal information in a safe place with a locking device.
- Access control for unauthorized persons: We have a separate physical storage location where personal information is stored, and we have established and are operating access control procedures for this.
Policy effective date
This policy is effective as of November 30, 2024.