Privacy Policy
PRODAO (hereinafter the “Company”) respects the freedom and rights of data subjects, and complies with the provisions of Privacy Act, the EU's GDPR (General Data Protection Regulation), and other relevant laws and regulations in order to process "personal information" and "anonymous information" lawfully and manage "anonymous processed information" and "pseudonymization" securely.
Article 1. Use of Personal Information
The Company processes personal information for the following purposes. Personal information that is processed will not be used for any other purpose.
The Company processes personal information for the purpose of member registration and management, verifying the member's intention to register, identifying and authenticating the member, maintaining and managing the member's membership, and preventing the misuse of services.
Article 2. Use and Retention Period of Personal Information
The Company processes and retains personal information within the retention period for personal information set by laws or regulations or the retention period for personal information agreed upon with the data subject when collecting personal information.
The following is the retention period for each type of personal information.
Member registration and management: Until the member's withdrawal, but if the following reasons apply, until the end of the reason.
In the case of ongoing investigations or inquiries under related laws and regulations, the personal information will be retained until the end of the investigation or inquiry
In the case of any remaining creditor-debtor relationship due to using the website, the personal information will be retained until the settlement of the creditor-debtor relationship
Article 3. Collection of Personal Information
The company processes the following personal information:.
Registration and management
Required: CI number, Smart device phonebook entries UIN(unique identification number)
Optional: date of birth, name, country, phone, mobile, email, address, company, position
Other: Career, project, education, research paper, intellectual property, award, certification, book and artwork, and media data
Article 4. Entrustment of Processing
The company entrusts the following personal information processing tasks to external companies for the smooth processing of personal information.
Cloud server operation and management
Agency : Amazon Web Services Inc.,
Outsourcing of cloud server operation
Period: Until member withdrawal
Article 5. Destruction of Personal Information
The company shall promptly destroy the personal information when it is no longer needed, such as when the retention period expires or the purpose of processing is achieved.
In the case of personal information that must be retained even after the retention period agreed to by the data subject has expired or the purpose of processing has been achieved, the company shall move the personal information to a separate database (DB) or store it in a different location.
The process and method for the disposal of personal information are as follows:
Disposal Process: The company selects personal information that has become subject to disposal, and then disposes of it with the approval of the company's personal information protection officer.
Disposal Method: Electronic files are disposed of using a technical method that makes it impossible to reproduce the records. Personal information paper is shredded and burned.
Article 6. Destruction of Personal Information of Inactive user
The company will move users who have not used the service for one year to a dormant account and store their personal information separately. The personal information stored separately will be disposed of promptly after one year of storage.
The company will notify inactive members through email, text, or other methods that their personal information will be stored separately 30 days before their account is converted to a dormant account. The notification will include the dormant date and personal information to be stored separately.
To prevent your account from being dormant, log in before the conversion. Even if your account is dormant, you can log in and restore it to normal service with your consent.
Article 7. Rights and Obligations of Information Subjects
Individuals may request the company to access, correct, delete, or suspend the processing of their personal information.
※ The request for access to personal information of children under the age of 14 must be made directly by the legal representative. However, minors over the age of 14 may exercise their rights directly or through their legal representatives.
The company will promptly respond to rights requests received by email or other means.
Article 8. Actions Taken to Protect Personal Information
The company takes following measures to protect the security and personal information:.
Administrative measures : Internal management plan, access control, encryption and access log storage
Technical measures : Data encryption, Security software installation, access control and network security
Physical access control to computer rooms, data storage rooms, and others.
Article 9. Matters Concerning Automatic Personal Information Collection Device (InstallationㆍOperation and Refusal)
The company uses user information to process and use it for various purposes, including research and services on identity authentication technologies such as Verifiable Credentials, Verifiable Presentation, and Zero-Knowledge Proof based on Decentralized Identifier, Blockchain, in order to provide customized services to users.
Personal information is automatically collected and processed based on the registration of MyData that individuals handle. In accordance with international regulations, the company operates services using data processing and processing technologies such as "personal information," "anonymous information," "pseudonymization," and technical devices of public keys (Public Key) and private keys (Private Key) based on PKI.
Verifiable Credentials based on Decentralized Identifiers are a small amount of information that is sent by the server that operates PRODAO to the user's mobile browser and stored on the user's mobile smartphone or PC hard drive.
Purpose of use : PRODAO user`s MyData records (such as usage patterns of personal content basic information and detailed information on each app service and website, popular search terms, and secure connection) are used to provide users with optimized information.
In the case of refusing to store Verifiable Credentials, there may be restrictions on the use of personalized services.
Article 10. Privacy Protection Officer and Responsible Department
PRODAO has designated the Privacy Protection Officer and a department responsible for responding to user inquiries regarding personal information and resolving related complaints.
▶ Privacy Protection Officer and Responsible Department
Privacy Protection Officer/DPO/Location Information Manager: Taeyoung Park
Department: Privacy Protection Part
Contact
The company provides a way for individuals to contact the Data Protection Officer or the relevant department for any questions, complaints, or requests for remedies related to personal information protection. The company will promptly respond to and process any inquiries from individuals.
Article 11. Amendment to the Privacy Policy
Enforcement Date: Nov 13, 2023