Privacy Policy

Privacy Policy

CgWeb Inc (hereinafter "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly handle related grievances.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information being processed shall not be used for purposes other than those stated below, and if the purpose of use changes, necessary measures shall be taken, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

1. Member Registration and Management: Verification of membership intent, identification and authentication, simplified registration and authentication through social login (Google, etc.), maintaining and managing membership, prevention of fraudulent use of the Service, registration channel analysis and referral program operation, various notifications, and verifying legal guardian consent when processing personal information of children under 14.
2. Service Provision: Providing chat services, content delivery, personalized services, and identity verification.
3. Grievance Handling: Verifying the identity of the complainant, confirming the details of the complaint, contacting for investigation, and notifying the results of processing.
4. Marketing and Advertising: Development of new services and personalized services, providing event and promotional information (limited to those who have consented to marketing communications via email, SMS, etc.), providing services and advertisements based on demographic characteristics, verifying service effectiveness, analyzing access frequency, and compiling statistics on Members' service usage.

Article 2 (Processing and Retention Period of Personal Information)

1. The Company processes and retains personal information within the retention and usage period prescribed by law or the retention and usage period agreed upon when collecting personal information from the data subject.
2. The specific processing and retention periods for each category of personal information are as follows:
   • Member Registration and Management: Until membership withdrawal. However, in the following cases, until the end of the relevant period:
     • If an investigation is in progress due to a violation of applicable laws: Until the conclusion of the investigation
     • If debts and credits remain from service usage: Until the settlement of such debts and credits
   • Retention under the Act on Consumer Protection in Electronic Commerce:
     • Records on contracts or withdrawal of subscription: 5 years
     • Records on payment and supply of goods: 5 years
     • Records on consumer complaints or dispute resolution: 3 years
     • Records on advertising and display: 6 months
   • Retention under the Protection of Communications Secrets Act:
     • Website log records: 3 months

Article 3 (Categories of Personal Information Processed)

The Company processes the following categories of personal information:

1. Required items at registration: Email address, password
2. Optional items at registration: Registration channel, referrer email
3. Optional items after registration: Name (or nickname), phone number, marketing consent (email, SMS)
4. When using social login (Google, etc.): Social account identifiers (provider, uid), email address, name
5. Automatically collected during service use: IP address, cookies, service usage records, access logs, visit date and time, device information (OS, browser type, screen resolution, etc.)
6. For paid service use: Payment information (card number, payment records, etc. — indirectly collected through payment processors)

Article 4 (Provision of Personal Information to Third Parties)

1. The Company processes personal information only within the scope specified in Article 1 and provides personal information to third parties only in cases that fall under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or special provisions of law.
2. The Company does not currently provide personal information to third parties. If provision to third parties becomes necessary in the future, the Company will notify data subjects in advance and obtain their consent.

Article 5 (Outsourcing of Personal Information Processing)

1. The Company outsources personal information processing as follows for smooth service provision:

   Outsourced Company	Outsourced Tasks	Retention Period
   [Cloud Service Provider]	Server hosting and data storage	Until termination of outsourcing contract
   [Payment Processor]	Payment processing and refunds	Until termination of outsourcing contract
   [Email Service Provider]	Email delivery	Until termination of outsourcing contract

2. When entering into outsourcing contracts, the Company specifies in the contract matters such as prohibition of processing personal information beyond the scope of outsourced tasks, technical and administrative protective measures, restrictions on re-outsourcing, supervision of outsourced companies, and liability for damages in accordance with Article 26 of the Personal Information Protection Act.

Article 6 (Procedures and Methods for Destruction of Personal Information)

1. The Company shall destroy personal information without delay when it becomes unnecessary, such as when the retention period has expired or the processing purpose has been achieved.
2. If personal information must continue to be retained under other laws despite the expiration of the agreed retention period or achievement of the processing purpose, such personal information shall be transferred to a separate database or stored in a different location for retention.
3. The procedures and methods for destroying personal information are as follows:
   • Destruction Procedure: Unnecessary personal information and files are destroyed with the approval of the Personal Information Protection Officer.
   • Destruction Method: Information in electronic file format is securely deleted so that it cannot be recovered or reproduced. Personal information printed on paper is destroyed by shredding or incineration.

Article 7 (Rights, Obligations, and Exercise Methods of Data Subjects and Legal Guardians)

1. Data subjects may exercise the following rights with respect to the Company at any time:
   • Request to access personal information
   • Request for correction in case of errors
   • Request for deletion
   • Request to suspend processing
2. Exercise of rights under paragraph 1 may be made in writing, by email, or other means in accordance with Article 41, paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company shall take action without delay.
3. If a data subject requests correction or deletion of personal information due to errors, the Company shall not use or provide such personal information until the correction or deletion is completed.
4. In the case of children under 14 years of age, a legal guardian may request access, correction, deletion, or suspension of processing of the child's personal information.

Article 8 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security of personal information:

1. Administrative Measures: Establishment and implementation of internal management plans, minimization and training of personnel handling personal information.
2. Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, and installation of security programs.
3. Physical Measures: Access control for computer rooms and data storage facilities.

Article 9 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

1. The Company uses "cookies" that store and retrieve usage information to provide individualized and personalized services to Users.
2. Cookies are small pieces of information sent by the server operating the website to the User's computer browser and may be stored on the User's storage device.
3. Purpose of Cookies: Analysis of Users' access frequency and visit times, identification of Users' interests and tracking, determination of event participation rates and visit counts for targeted marketing and personalized service delivery.
4. Installation, Operation, and Rejection of Cookies: Users have the option regarding cookie installation. By configuring web browser settings, Users can allow all cookies, receive confirmation each time a cookie is stored, or refuse the storage of all cookies. However, refusing to store cookies may cause difficulties in using personalized services.

Article 10 (Personal Information Protection Officer)

1. The Company has designated the following Personal Information Protection Officer to oversee all matters related to personal information processing and to handle complaints and remedies related to personal information processing by data subjects:

   Personal Information Protection Officer
   Name	ikhee, shin
   Position	Chief Privacy Officer (CPO)
   Contact	010-8284-0866, [email protected]

2. Data subjects may contact the Personal Information Protection Officer regarding any inquiries, complaints, or remedies related to personal information protection that arise while using the Service. The Company shall respond to and process inquiries from data subjects without delay.

Article 11 (Request for Access to Personal Information)

Data subjects may submit requests for access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following department:

Department for Personal Information Access Requests
Department	Customer Support
Contact Person	ikhee, shin
Contact	0505-740-0505, [email protected]

Article 12 (Remedies for Infringement of Rights and Interests)

Data subjects may apply for dispute resolution or consultation regarding personal information infringement remedies to the following organizations:

• Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
• Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
• Cyber Bureau, Korean National Police Agency: 182 (ecrm.cyber.go.kr)

Article 13 (Changes to Privacy Policy)

1. This Privacy Policy shall take effect from its effective date. Any additions, deletions, or corrections due to changes in laws or policies shall be announced through a public notice at least 7 days before the effective date of the changes.
2. Changes unfavorable to Users shall be announced at least 30 days before taking effect.

Effective Date: 2026.1.1