Guidance on the collection and use of personal information
‘Clunix Co., Ltd.’ (hereinafter referred to as the ‘Companyrsquo;) establishes and discloses
this Privacy Policy to protect the personal information of data subjects in accordance with Article 30 of the
"Personal Information Protection Act" and to promptly and smoothly address related complaints.
Article 1 (Purpose of Personal Information Processing)

The Company processes personal information for the following purposes.
The processed personal information will not be used for purposes other than the following,
and if the purpose of use is changed, the Company will take necessary measures,
such as obtaining separate consent in accordance with Article 18 of the "Personal Information Protection Act".

① Website membership registration and management
Processing personal information for purposes such as confirming the intention to join as a member,
verifying and authenticating the member‘s identity for the provision of member-only services,
maintaining and managing membership qualifications, preventing service abuse,
confirming the consent of the legal representative when processing personal information of children under 14 years of age,
sending various notices, handling complaints, etc.

② Provision of goods or services
Processing personal information for purposes such as delivering goods,
providing services, sending contracts and invoices, providing content, providing personalized services,
verifying identity and age, processing payment and settlement of fees, debt collection.

③ Utilization for marketing and advertising
Processing personal information for purposes such as developing new services or products,
providing customized services, providing information and opportunities for participation
in events and promotional activities, confirming the effectiveness of services,
analyzing the frequency of access, and generating statistics on member‘s service usage.

Article 2 (Items of Personal Information Being Processed)

The Company processes the following personal information:

Article 3 (Retention and Use Period of Personal Information)
Sortation Reasons for retention Period of use
(Holding period)
Introduction Inquiry Receiving deployment inquiries and providing services 1 year after inquiry processing
Technical/support inquiries Receive technical/support inquiries and provide services 1 year after inquiry processing
Affiliate Inquiry Receive Affiliate Enquiries 1 year after inquiry processing
Recruitment Inquiry Receiving recruitment inquiries and providing services 1 year after inquiry processing

※ In this regard, if there are special provisions under the law, they will be kept in accordance with the provisions under the law.

Classification of personal information Statute of limitations Retention period
Records on contract or subscription withdrawal, etc. Act on Consumer Protection in Electronic Commerce, Etc. 5 years
Records on payment and supply of goods, etc. 5 years
Records on payment and supply of goods, etc. 3 years
Records on indications and advertisements 6 months
Books and evidential documents for all transactions stipulated by the tax law Basic National Tax Act, Corporate Tax Act 5 years
Records of electronic financial transactions Electronic Financial Transaction Act 5 years
Records on identity verification Act on Promotion of Information and Communications Network Utilization and Information Protection 6 months
6 months Protection of Communications Secrets Act 3 months
Article 4 (Provision of Personal Information to Third Parties)

1. Use cloud service

Recipient Provided items Purpose of use Retention and use period
(Cloud provider)
Email, mobile phone number, login ID, date of birth, name,
Credit card information, bank account information, service use records, access logs, cookies,
Access IP information, payment record, subscription route, personal information provided by the customer with consent
  Customer‘s service use period

2. Send event prizes

Recipient Provided items Purpose of use Retention and use period
(Cloud provider)
Mobile phone number, personal information provided by the customer with consent Delivery of goods, sending text messages, Consultation work related to other services Until the user achieves the purpose of use
Article 5 (Consignment of personal information processing)

① The company entrusts the following personal information processing tasks for smooth personal information processing.

Recipient Contents of entrusted business Consignment period
AWS Purchasing and payment, delivery of goods or sending invoices,
identity verification (financial transaction, financial service),
fee collection, identity verification according to the use of membership service,
handling civil complaints such as complaint handling,
delivery of notices, development of new services (products),
and Provision of customized services, provision of event and advertisement information and opportunities
to participate, and other service-related consultations
User‘s service use period or
dispute handling period

User‘s service use period or dispute handling period
③ If the contents of the entrusted business or the consignee are changed, we will disclose it through this personal information processing policy without delay.

Article 6 (Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercising)
Article 7 (Destruction of personal information)

① The company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing.

② Even if the personal information retention period agreed to by the information subject has elapsed or the purpose of personal information processing has been achieved, if personal information must be kept in accordance with the relevant laws and regulations in Article 3, Paragraph 3 of these Guidelines, the personal information It is preserved by moving to a separate database (DB) or in a different storage location.
③ Paragraph 2 Personal information will not be used for any purpose other than the purpose for which it is retained, except as required by law.

④ The procedure and method of destroying personal information are as follows.

Article 8 (Measures to Ensure Safety of Personal Information)

The company takes the following measures to ensure the safety of personal information.

① Regular self-audit
In order to secure stability related to personal information handling, we conduct regular self-audits (once a quarter).

② Minimization and training of staff handling personal information
We are implementing measures to manage personal information by designating employees who handle personal information and limiting those who handle personal information to those in charge, minimizing the number of employees who handle personal information.

③ Establishment and implementation of internal management plan
We establish and implement an internal management plan for the safe handling of personal information.

④ Technical measures against hacking
The company installs a security program to prevent leakage and damage of personal information
caused by hacking or computer viruses, and periodically updates and inspects it.
We install a personal information processing system in an area where access from outside is controlled,
technically and physically monitor it, and block unauthorized access to the personal information processing system.

⑤ Encryption of personal information
Of the user‘s personal information, the password is encrypted and stored and managed so that only the user can know it,
and important data encrypts or encrypts files and transmission data.
Separate security features such as file locking are used.

⑥ Storage of access records and prevention of forgery/falsification
Records of access to the personal information processing system are kept and managed for at least six months,
and security functions are used to prevent forgery, alteration, theft, or loss of access records.

⑦ Restriction of access to personal information
Necessary measures are being taken to control access to personal information by granting, changing, or canceling
access to the database system that handles personal information.
We use an intrusion prevention system to control unauthorized access from outside.

⑧ Use locking device for document security
Documents and auxiliary storage media containing personal information are stored in a safe place with a lock.

⑨ Access control for unauthorized persons
We set up a separate physical storage location for storing personal information, and establish and operate access control procedures for it.

Article 9 (Matters Regarding the Installation, Operation and Rejection of Automatic Personal Information Collection Devices)
Article 10 (Person in charge of personal information protection and person in charge)
Personal Information Protection Officer Personal Information Protection Officer
Name Jin-woo Seo Name Sung-wong Jo
Position CEO Affiliated department Business
Phone number +82-2-3486-5896 Phone number +82-2-3486-5896
E-mail E-mail

② The information subject may inquire about all personal information protection related inquiries,
complaint handling, damage relief, etc. that occurred while using the company‘s service (or business)
to the person in charge of personal information protection and the person in charge of personal information protection
and the department in charge. The company will respond to and process inquiries from information subjects without delay.

Article 11 (Personal information access request)

The information subject may request the viewing of personal information in accordance with Article 35 of the Personal Information Protection Act to the following departments. The company will make every effort to promptly process the personal information access request of the information subject.

Personal information viewing request reception/processing department
Name Jin-woo Seo
Affiliated department Business
Phone number +82-2-3486-5896
Article 12 (Remedy for Infringement of Rights and Interests)

The information subject can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee and the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency in order to receive relief from personal information infringement.

Article 13 (Change of Privacy Policy)

If there is any addition, deletion or modification of the contents of the current personal information processing policy, it will be notified at least 7 days before the revision.
However, if there is a significant change in user rights, such as collection and use of personal information and provision to a third party, it will be notified at least 30 days in advance.


○ This Privacy Policy is effective from April 26, 2021.