Privacy Policy

Wafour Corporation (hereinafter referred to as "the Company") establishes this Privacy Policy (hereinafter referred to as "this Policy") to comply with relevant laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., to protect the personal information of individuals (hereinafter referred to as "Data Subjects") who use the SnowPea-VH service (hereinafter referred to as "the Service"), and to handle complaints related to personal information protection swiftly and smoothly.

Article 1 (Information on Collection and Use of Personal Information) 1. Items of Personal Information Collected

A.    The Company collects the following personal information for member registration or service provision:

Purpose of Collection

Type

Collected Items

Usage Period

Member registration

Email Signup

Required

- Email, Password

Until 6 months after membership withdrawal

Google Signup

Required

- Google Linked ID

Inquiries and complaints

Required

Email address, name

 

Retained for 3 years in accordance with the Act on Consumer Protection in Electronic Commerce

 

Payment card registration and transactions

Required

Credit card information (card number, expiry date, first 2 digits of card password, date of birth/business registration number, email)

Until membership withdrawal or up to 5 years as per relevant laws

 

Refunds

Required

Credit card information, name, phone number

Until membership withdrawal or up to 5 years as per relevant laws

 

Password reset

Required

Email, password

 

 

Until 6 months after membership withdrawal

SnowPea Marketing and user benefits

Required

Email, name      

Until withdrawal of consent

My avatar/voice generation

Optional

Photo, voice

Deleted immediately upon service termination (membership withdrawal)

Sending information related to enterprise plan inquiries

Required

Name, email, phone number, company name

Until withdrawal of consent

B.    During the process of using the service and handling related tasks, the following information may be created or additionally collected: IP address, cookies, access logs, visit times, usage records, and records of inappropriate usage.

C.    For specialized services, the Company may collect additional personal information with the consent of the Data Subject. The Data Subject will be informed and consent obtained beforehand.

2. Methods of Personal Information Collection

The Company collects personal information using the following methods:

A.      When the data subject agrees to the collection of personal information and directly inputs the information during the membership registration process on the website.

B.      When personal information is provided by affiliated services or organizations.

C.      When the data subject provides information via email, fax, phone, or written forms during the service consultation process.

Article 2 (Processing and Retention Period of Personal Information)

1. The Company processes and retains personal information within the period consented to by the Data Subject at the time of collection or as prescribed by law, or until the purpose of processing is achieved.

2. The Company retains member information for a certain period as specified below to comply with legal obligations and to prevent misuse or related disputes:

Type

Legal Basis

Period

Records related to contract or withdrawal of offers

Act on Consumer Protection in Electronic Commerce

5 years

Records related to payment and supply of goods, etc.

 

5 years

Records related to consumer complaints or dispute resolution

 

3 years

Records related to displays and advertisements in e-commerce, etc.

 

6 months

Books and supporting documents for all transactions as prescribed by tax law

 

Framework Act on National Taxes

5 years

Records related to electronic financial transactions

 

Electronic Financial Transactions Act

5 years

Service visit logs

 

 

Protection of Communications Secrets Act

3 months

Records related to communication confirmations

 

12 months

 

Article 3 (Provision to Third Parties and Consent)

The Company does not use or share personal information beyond the specified scope without consent from the Data Subject unless required by law.

Article 4 (Entrustment of Personal Information Processing)

The Company entrusts the handling of certain personal information tasks as follows to provide services and ensures safe management of personal information by stipulating necessary measures in the outsourcing contracts.

Entrusted Party

Entrusted Task

Period

Amazon Web Service

           Data storage

 

 

Until membership withdrawal or termination of the outsourcing contract

 

Paymentwall

Payment for the provision of paid services

5 years

             Toss Payments

 

Payment for the provision of paid services

5 years

NHN KCP

Payment for the provision of paid services

 5 years

Article 5 (Overseas Transfer of Personal Information)

The Company transfers certain personal information overseas as follows for service use:

Purpose

Items

Retention and Usage Period

Recipient Company & Country

Data storage, system management

User ID, password, email, phone number

Until withdrawal of consent or contract termination, whichever is earlier

Amazon Web Services, USA

 Provision of paid services

Transaction amount, card number, card expiry date, first 2 digits of card password, date of birth, business registration number, email

Up to 5 years or until membership withdrawal

 

Paymentwall, USA

Data Subjects have the right to object to overseas transfers and can withdraw their consent at any time via customer support at support@wafour.com. However, withdrawal may limit the use of services involving necessary overseas data transfer.

Article 6 (Destruction Procedures and Methods for Personal Information)

The Company promptly destroys personal information when the retention period expires or the purpose of processing is achieved. The procedures and methods for the destruction of personal information are as follows:

1.      Destruction Procedures: When the retention period consented to by the Data Subject has expired or the purpose of processing has been achieved, and if there is no legal obligation to continue retaining the personal information, the relevant data is transferred to a separate database (DB) or stored in a different location for preservation.

2.      Destruction Methods:

     Personal information printed on paper is shredded or incinerated.

     Personal information stored in electronic file formats is deleted using technical methods that prevent the data from being restored.

Article 7 (Rights of Data Subjects and Legal Representatives)

1.      Data Subjects have the right to request access, correction, deletion, or suspension of personal information processing.

2.      These rights can be exercised via written or electronic methods, including email or fax, as per Article 41(1) of the Enforcement Decree of the Personal Information Protection Act.

3.      Data Subjects may exercise these rights through a legal representative. A proxy authorization must be submitted as per the official format (Form No. 11)..

4.      Requests for access or suspension may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.

5.      Requests for deletion may not be permitted if required by other laws.

6.      The Company verifies the identity of the requestor or their proxy before responding to any request.

 

Article 8 (Target Audience for the Service)

The Company does not target or provide services to minors under the age of 18 and does not intentionally collect personal information from minors under 18. However, since the Company does not collect age information, if it becomes known that personal information from a minor under 18 has been collected intentionally, the Company will take measures to delete such information from its servers.

 

Article 9 (Installation and Rejection of Automatic Information Collection Devices)

1.     Cookies: The Company uses "cookies" to store and retrieve information about Data Subjects to provide personalized and customized services. Cookies are small text files sent by the server used to operate the website to the browser of the Data Subject and stored on the hard disk of the Data Subject's computer.

2.     Purpose of Cookies: Cookies are used to analyze the services and usage patterns of the Company’s services utilized by Data Subjects in order to provide them with optimized, customized information.

3.     Installation/Operation and Rejection of Cookies: Data Subjects have the option to choose whether to allow cookies. Therefore, by configuring the browser settings, Data Subjects can allow all cookies, be prompted each time a cookie is saved, or refuse the storage of all cookies. However, if the storage of cookies is refused, some of the Company’s services that require login may be difficult to use.

Article 10 (Measures to Ensure Security of Personal Information)

The Company takes the following measures:

1.      Minimization and Training of Personnel Handling Personal Information: Only essential personnel are designated and managed to handle personal information, and training is conducted to ensure the safe management of such information.

2.      Encryption of Personal Information: Personal information is securely stored and managed through encryption. Additionally, important data is encrypted during storage and transmission, utilizing additional security features as necessary.

3.      Installation and Regular Inspection/Updating of Security Programs: To prevent the leakage and damage of personal information due to hacking or computer viruses, security programs are installed and periodically updated and inspected.

Article 11 (Details on the Personal Information Protection Officer)

The Company designates the following personnel to protect the personal information of Data Subjects and handle related grievances:

Personal Information Protection Officer

Personal Information Protection Department

Name : Duho Roh

Position : CEO

Phone : 070-4336-1593

E-mail : support@wafour.com

Department : Service Operations Team

Name : Kyoungtae Lim

Phone : 070-4336-1593

E-mail : support@wafour.com

Article 12 (Remedies for Rights Violations)

The data subject may seek resolution or consultation regarding disputes caused by personal information breaches by applying to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, or similar organizations. For further reports or consultations regarding personal information breaches, please contact the following agencies:

l  Personal Information Infringement Report Center (operated by the Korea Internet & Security Agency) (https://privacy.kisa.or.kr/ direct 118)

l  Supreme Prosecutors' Office Cyber Investigation Department (http://www.spo.go.kr/ direct 1301)

l  National Police Agency Cyber Security Bureau (http://cyberbureau.police.go.kr/ direct 182)

l  Personal Information Dispute Mediation Committee (https://www.kopico.go.kr/)

Article 13 (Policy Changes and Notifications)

The company will notify changes to this Privacy Policy at least seven (7) days in advance if there are any additions, deletions, or modifications to its content.
However, in the case of significant changes affecting the rights of data subjects, such as changes in the categories of personal information collected or the purposes of use, the company will notify at least thirty (30) days in advance and may seek renewed consent from the data subjects if necessary.

Supplementary Provisions: This policy is effective from January 6, 2025.