SMK (hereinafter referred to as "the Company") considers the privacy of its users with high importance. The Company adheres to privacy laws and guidelines in handling users' personal information. This privacy policy applies to the TikiTalk service (hereinafter referred to as 'the Service') provided by the Company, informing users what information is collected, how it is used, and how it is protected.

1. Types and Methods of Personal Information Collected

The Company collects the following personal information for membership registration, efficient consultation, and various services:

a. Information collected during service use includes gender, age, nationality, language, nickname, device information and unique ID, email (optional).

b. For paid service use, the Company does not collect additional personal information. Payment information is collected according to the terms of the payment platform (Google, Apple).

c. Information automatically generated during service use or business processing includes service usage records, access logs, cookies, IP address, bad usage records, unique device number (ID or MAC Address), OS and device information, purchase history.

d. Personal information is collected through membership registration and service usage, application, and customer service inquiries.

e. Users can refuse to provide personal information, but refusal may restrict access to some or all services.

f. The Company accesses the following information on the user’s mobile device for mobile app services. Basic service usage is not restricted if users deny optional access permissions.

i. Mandatory Access: Device unique number (ID or MAC Address), Storage for content saving.

ii. Optional Access: Location (GPS and network-based), Push notifications.

2. Purpose of Collection and Use of Personal Information

a. Smooth provision and operation of services.

b. Membership management: Identity verification, restriction measures for terms of use violations, dispute resolution, complaint handling, communication of notices, confirmation of membership withdrawal intent.

3. Provision and Sharing of Personal Information with Third Parties

The Company uses personal information within the scope mentioned in "Purpose of Collection and Use" and does not provide it to external parties without prior consent, except in the following cases:

a. When members have consented or provided the information themselves.

b. In compliance with legal provisions or upon request from investigative authorities following legal procedures.

4. Retention and Usage Period of Personal Information

The Company retains personal information as long as the member uses the Company's services. After the purpose is achieved, the information is destroyed. Personal information is completely deleted after a certain period if a member withdraws or is removed due to false information. Submitted ID copies for identity verification in case of disputes are immediately destroyed after verification.

5. Personal Information Destruction Procedure and Method

a. Information is transferred to a separate DB (or document case for paper records) after its purpose is achieved and is destroyed after being stored for a period per internal policies and related laws.

b. Paper records are shredded or incinerated. Electronic files are deleted using technical methods that prevent record recovery and reproduction.

6. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

The Company does not operate devices that collect automatically generated personal information when using internet services.

7. Rights of Users and Legal Representatives and How to Exercise Them

a. Members can check or modify their personal information at any time and request membership withdrawal.

b. Personal information can be edited in the service's privacy management menu, and membership can be withdrawn by deleting the application.

c. If a member requests correction or deletion of personal information, the Company takes immediate action after verifying identity.

d. The scope of personal information provided to members is limited to the information provided at the time of registration. If correction is requested, the personal information will not be used or provided until correction is complete. If incorrect information has been provided to a third party, the correction will be communicated immediately for rectification.

e. Personal information deleted or withdrawn at the member's request is processed as stated in "Retention and Usage Period of Personal Information" and cannot be viewed or used for other purposes.

8. GDPR Additional Provisions

For users located in the European Union (EU) or European Economic Area (EEA), the Company processes personal data in compliance with the General Data Protection Regulation (GDPR). The following provisions apply in addition to the above:

a. Legal Basis for Processing (GDPR Article 6)

b. Users’ Rights under GDPR EU/EEA users have the following rights:

c. Exercising Rights
 These rights can be exercised by contacting the Company using the in-app inquiry feature or the contact information below: 

Contact Information:

d. Data Retention under GDPR

e. International Data Transfers
 When transferring personal data outside the EU/EEA (e.g., to cloud service providers), the Company ensures adequate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions, in accordance with GDPR.

f. Data Breach Notification
 In the event of a data breach affecting EU/EEA users, the Company will notify the competent supervisory authority within 72 hours and inform affected users without undue delay as required by GDPR.

g. Supervisory Authority and Right to Lodge a Complaint
 EU/EEA users who believe their rights have been infringed may lodge a complaint with their local Data Protection Authority (DPA).

(Revised on February 17, 2024)