Tidy-B, inc. (hereinafter referred to as the “Company”) complies with applicable laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and collects personal information of information subjects (hereinafter referred to as “Users”) in accordance with the Personal Information Protection Act. To protect your personal information and handle related complaints promptly and efficiently, we establish and disclose the following personal information processing policy.

If the personal information processing policy is revised in the future, it will be announced through website notices (or individual notifications).

Article 1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below. If the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Website membership registration and management

   • Personal information is processed for the purposes of confirming the intention to become a member, identifying and authenticating the individual in connection with the provision of membership services, and maintaining and managing membership qualifications

2. Providing Goods or Services 

   • We process personal information for the purposes of providing services, sending contracts and invoices, providing content, providing customized services, and billing and settlement.

3. Use in Marketing and Advertising 

   • Personal information is processed for the purposes of developing new services (products), offering customized services, providing information about events and advertisements, and offering participation opportunities.

Article 2.  Processing and Retention Period of Personal Information 

1. The company processes and retains personal information within the personal information retention and use period in accordance with the law or within the personal information retention and use period agreed upon when collecting personal information from the user.

2. In order to prevent the recurrence of fraudulent use by delinquent members, the Company may retain the member's personal information for one year from the date of membership withdrawal. 

3. Except in cases where there are special provisions in the relevant laws, such personal information will not be used or provided, and will be retained for a certain period of time in accordance with the relevant laws and destroyed at the end of that period.

4. However, in the case of the following reasons, personal information will be retained until the end of the relevant period:

   • Records on contracts or subscription withdrawals, etc.: 5 years

   • Records of payment and supply of goods, etc.: 5 years

   • Records of consumer complaints or dispute resolution: 3 years

   • Records of display/advertisement: 6 months

   • Records on collection/processing and use of credit information: 3 years

5. Even if there is no legal basis in relevant laws, personal information may be retained when necessary to prevent serious losses to the Company or in cases related to crimes or lawsuits. However, only the minimum period and specific items of personal information required to achieve the purpose will be retained.

   • Identification information to prevent re-registration if membership is withdrawn

   • Identification information for transaction refusal in case a member is inevitably expelled according to the Terms of Use

6. The Company separately stores or destroys the personal information of users who have not used the service for one year, in accordance with the personal information expiration policy. The separately stored personal information is destroyed without delay after being stored for four years. Users will be notified by email 30 days prior to the expiration of the one-year period, informing them that their personal information will be separately stored or destroyed. This notification will include the expiration date, the items of personal information to be destroyed, and other relevant details.

7. If you do not wish to have your personal information destroyed, please contact the Company before the expiration of the period.
   

Article 3. Items of Personal Information Processed 

1. The Company processes the following personal information items

   • When you first sign up as a member

     • Required Items: Email, Password, Name 

     • Optional Items: Google Linked ID 

2. The company collects personal information in the following ways

   • Provided by User: Website 

Article 4. Matters Regarding Provision of Personal Information to Third Parties 

The Company processes personal information only within the scope specified in Article 1 (Purpose of Personal Information Processing) and does not use the customer’s personal information beyond this scope. In principle, the Company does not disclose the customer’s personal information to outside parties without the customer’s prior consent.

Article 5. Matters Regarding Entrustment of Personal Information Processing 

1. To smoothly process personal information, the company entrusts personal information processing as follows.

2. When concluding a consignment contract, in accordance with Article 26 of the Personal Information Protection Act, the company prohibits processing of personal information other than for the purpose of performing consignment work, technical and managerial protection measures, restrictions on re-entrustment, management and supervision of the consignee, and matters related to responsibilities such as compensation for damages. We specify this in documents such as contracts, and supervise whether the trustee handles personal information safely.

3.  If the details of the entrusted work or the entrusted party change, we will disclose this information through the personal information processing policy without delay.

Article 6. Destruction Procedures and Methods of Personal Information 

1. When personal information becomes unnecessary, such as when the retention period has expired or the purpose of processing has been achieved, the Company destroys the relevant personal information without delay.

2. In cases where personal information must continue to be preserved pursuant to other laws and regulations, despite the expiration of the agreed-upon retention period or the achievement of the purpose of processing, the personal information may be transferred to a separate database (DB) or stored in a different location for preservation.

3. The procedures and methods for destroying personal information are as follows.

   • Destruction Procedure: The company selects the personal information for which there is a reason for destruction and destroys the personal information with the approval of the company's personal information protection manager.

   • The Company destroys personal information recorded and stored in the form of electronic files using the following methods to ensure that the records cannot be reproduced:                                                   · Stored personal information is destroyed by shredding or incineration. This ensures that paper records are rendered unreadable and irrecoverable, thereby providing a secure method of disposal.
     
     
     

Article 7. Matters Concerning the Rights and Obligations of the Information Subject (User) and Legal Representative and Methods of Exercising Them

1. Users can exercise their rights, such as requesting the company to view, correct, delete, or suspend processing of personal information, at any time.

2. The exercise of rights under Paragraph 1 may be done in writing or via email to the Company in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay. 

3. The exercise of rights under Paragraph 1 may be done through an agent, such as the user's legal representative or a person authorized to do so. In this case, you must submit a power of attorney in the form of Annex No. 11 of the “Notice on Personal Information Processing Methods (No. 2020-7).” 

4.  The user's rights to request viewing and suspension of processing of personal information may be limited in accordance with Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act. 

5. The company verifies whether the person making the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing according to user rights, is the person or a legitimate agent.

Article 8. Measures to Ensure the Safety of Personal Information 

The company is taking the following measures to ensure the safety of personal information.

1. Minimization and training of employees handling personal information

   • We are implementing measures to manage personal information by designating employees who handle personal information and limiting it to the person in charge. 

2. Technical Measures Against Hacking, etc. 

   • In order to prevent leakage and damage of personal information due to hacking or computer viruses, the company installs security programs, periodically updates and inspects them, and installs systems in areas where access from the outside is controlled, and monitors and blocks them technically and physically.

3. Encryption of Personal Information

   • The user's personal information is encrypted and stored and managed, so only the user can know it. For important data, separate security functions such as encrypting files and transmission data or using the file lock function are used.

4. Restrictions on Access to Personal Information

   • Necessary measures are taken to control access to personal information by granting, changing, and deleting access rights to the database system that processes personal information, and unauthorized access from outside is controlled using an intrusion prevention system.

Article 9. Matters Concerning the Installation, Operation, and Refusal of Devices that Automatically Collect Personal Information 

1. The company uses ‘cookies’ to store usage information and retrieve it from time to time in order to provide individualized services to users.

2. Cookies are a small amount of information that the server used to run the website sends to the user's computer browser and are sometimes stored on the hard disk of the user's PC computer.

   • Purpose of Use of Cookies: It is used to provide optimized information to users by identifying visitation and usage patterns, popular search terms, secure access, etc. for each service and website visited by the user. 

   • Installation, Operation and Refusal of Cookies:  You can refuse to store cookies through option settings in the Tools>Internet Options>Privacy menu at the top of your web browser. 

   • If you refuse to store cookies, you may have difficulty using customized services.

Article 10. Matters Pertaining to the Person in Charge of 

Personal Information Protection 

The company is responsible for overall management of personal information processing, and has designated a personal information protection manager as follows to handle user complaints and provide relief for damages related to personal information processing.

[Personal Information Protection Officer ]

• Name : Doek In Kim 

• Position and Rank : CTO

• Contact : 02-416-3669

• Email : info@tidy-b.com

[Personal Information Protection Department ]

• Contact : 02-416-3669

• Email : info@tidy-b.com

Users can inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that arise while using the company's services to the personal information protection manager and responsible department. We will respond and process your inquiries without delay.

Article 11. Relief Measures for Infringement of Rights and Interests of Information Subjects (users)

In order to receive relief from personal information infringement, users may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency's Personal Information Infringement Reporting Center. For other personal information infringement reports and consultations, please contact the organizations below.

1. Personal Information Dispute Mediation Committee  : (Without area code) 1833-6972 (www.kopico.go.kr)

2. Personal Information Infringement Reporting Center : (Without area code) 118 (privacy.kisa.or.kr)

3. Supreme Prosecutors' Office  : (Without area code) 1301 (www.spo.go.kr)

4. National Police Agency : (Without area code) 182 (ecrm.cyber.go.kr)

The head of a public institution may respond to requests pursuant to the provisions of Article 35 (view of personal information), Article 36 (correction/deletion of personal information), and Article 37 (suspension of processing of personal information, etc.) of the Personal Information Protection Act. A person whose rights or interests have been infringed due to a disposition or omission may request an administrative trial in accordance with the provisions of the Administrative Appeals Act.

1. Central Administrative Appeals Committee  :  (Without area code) 110 (www.simpan.go.kr)

Article 12. Changes to Personal Information Processing Policy 

1. The Company may update this Policy from time to time to reflect current practices and comply with applicable laws, and will revise the “Last Updated” date at the top of this Policy when we post changes to this Policy.

2. If there are significant changes to these Terms and Conditions, such as the way the Company collects, uses, stores or shares the user's personal information, the Company will notify the user by posting a notice on the Company's website or through the user's email address connected to the service.