EntreReality Privacy Policy

EntreReality (hereinafter referred to as the “Company”) utilizes users’ personal information to provide some of its services, for the purpose of provision of the best possible services to users. In accordance with Article 30 of the 「Personal Information Protection Act」, in order to protect users’ personal information and handle grievances promptly and smoothly, the Company establishes and announces this Privacy Policy as follows.

Article 1 [Purpose of Processing of Personal Information]

The Company processes personal information for the following purpose and personal information processed by the Company will not be used for the purpose other than the purpose described as below. In the event that the purpose of use is changed, the Company will take necessary measures such as obtaining additional consent, etc. in accordance with Article 18 of the 「Personal Information Protection Act」.

(1) Signing up for membership and login and management

Personal information is processed for the purpose of confirmation of intention to sign up for membership, verification×certification of identity for provision of services, maintaining×management of member qualification, checking duplicate registration, management of faulty users, detection of abnormal users and restriction of their use, performance of agreements, handling disputes, prevention of wrongful use of services, confirmation of consent of legal representatives when processing personal information of children under the age of 14, and sending various information·notifications.

(2) Provision of services

Personal information is processed for the purpose of verification of identity, verification of age, provision of services, provision of content, provision of tailored services including advertisements, and payment·settlement of fees.

(3) Handling grievances

Personal information is processed for the purpose of verification of users’ identification, checking inquiries, contact·notification for investigation of fact, and notification of results.

(4) Partnership and proposal

Personal information is processed for the purpose of review details prepared by a user or businessperson when there is partnership or proposal, and of contact when necessary.

(5) Utilization for marketing and advertisement

Personal information is processed for the purpose of development of new services and provision of tailored services, provision of event or advertising information and provision of opportunities for participation, provision of services and displaying of advertisements according to demographic characteristics, checking validity of services, identification of frequency of access or statistics for use of services by members, etc.

Article 2 [Items of and retention period for personal information to be processed]

1. The Company processes·retains personal information within the period of retention and use of personal information as set forth in the statute or agreed by users at the time of collecting personal information.
2. Items of and retention period for personal information are as follows.

Purpose of collection·use	Items of personal information to be collected·used	Retention period
Signing up membership and management of login	Name, date of birth, mobile number, ID, email address, gender, age, duplicate registration verification information (DI), mobile number of a legal representative (if consent of the legal representative is required)	1. In principle: Until membership withdrawal 2. However, in the event of falling under any of following cases, until the end of such period - Until the end of the period that restoration can be requested, after membership withdrawal (90 days from the date of membership withdrawal) - Records regarding consumers’ complaints or dispute settlement: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.)
Provision of services	Name, mobile number, email address, bank account information (bank name, account holder’s name, account number), service use records, IP address, transaction history	1. In principle: Until completion of provision of services and payment·settlement of fees 2. However, in the event of falling under any of following cases, until the end of such period - Records regarding contracts or cancellation of an order: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.) - Records regarding payment for orders and supply of goods, etc.: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.) - Records regarding consumers’ complaints or dispute settlement: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.) - Records regarding collection, processing, use, etc. of credit information: 3 years (Credit Information Use And Protection Act) - Records regarding indication/advertisement: 6 months (Act on the Consumer Protection in Electronic Commerce, etc.)
Facial Avatar Synthesis	Photograph for Avatar Synthesis provided by user	1. In principle: Until membership withdrawal
Handling grievances	Name, mobile number, ID, email address, consultation history (There may be additional personal information to be collected depending on the type of an inquiry and content), payment information of a legal representative (name, date of birth)	1. In principle: Until membership withdrawal 2. However, in the event of falling under any of following cases, until the end of such period - Records regarding consumers’ complaints or dispute settlement: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.)
Items automatically created and collected in the course of use of services	IP address, cookies, MAC address, service use records, device information (unique device identifier, OS version, APP version, language and country, etc.)	Communication confirmation data in accordance with Article 41 of Enforcement Decree of Protection of Communications Secrets Act: 3 months (Protection of Communications Secrets Act)
Partnership and proposal	Company(organization) name, name, email address, mobile number, consultation history	1. In principle: Until 6months after completion of review of partnership and proposal 2. However, in the event of falling under any of following cases, until the end of such period - Records regarding contracts or cancellation of an order: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)
Utilization for marketing and advertisement	Service use records, payment records, mobile number, email address, identity verification information (name, date of birth, gender, mobile carrier name, mobile number, connecting information (CI), Duplicate registration verification information (DI), local/foreigner information), IP information, advertisement identifier including cookies	Until withdrawal of membership or consent

Article 3 [Provision of personal information to a third party]

1. The Company processes users’ personal information solely to the extent that it is specified in Article 1 (Purpose of Processing of Personal Information) and provides a third party with users’ personal information only if it falls under Article 17 and Article 18 of 「Personal Information Protection Act」 including the case that users consent or special provisions are existed in other laws.
2. The Company will obtain additional consent from users in the event that it provides a third party with users’ personal information.

Article 4 [Outsourcing of processing of personal information]

1. For smooth operation of services, the Company outsources tasks of processing of personal information as follows.

Outsourcee	Outsourced tasks	Period of retention and use of personal information
Channel Corporation	Channel Talk (the service for customer consultations and settlement of disputes)	Until termination of service use or contract
Amazon Web Services	Keeping data	Until termination of service use or contract

2. In outsourcing of processing of personal information, outsourced tasks handled by overseas corporations are as follows.

Outsourcee (Contact information of the privacy policy)	Transfer to	Date and time and methods of transfer	Items of personal information	Purpose of use	Retention and handling period
Amazon Web Services Inc (aws-korea-privacy@amazon.com)	Regions of AWS (USA, OO)	Transmission through networks whenever the services are used	Personal information collected·used in the course of using services	System operation for use of services	Until termination of an outsourcing contract or according to the retention period prescribed in this Privacy Policy
Agora Lab, Inc (privacy@agora.io)	USA	Transfer through networks whenever the services are used	Video information	Processing of video information	Destroy immediately after transmit video files

3. The Company, in accordance with Article 26 of 「Personal Information Protection Act」, specifies matters regarding prevention of personal information processing for other purposes than the outsourced purpose, technical·managerial safeguards, restriction on sub-outsourcing, management·supervision for outsourcees, liabilities including compensation of damage in documents such as a contract, and supervises how the outsourcee processes such personal information safely.
4. In the event that there is any change in outsourced tasks or outsourcees, the Company will announce it through this Privacy Policy without delay.

Article 5 [Destruction of personal information]

1. In case personal information retention period agreed by users expires or personal information is no longer necessary due to accomplishment of the purpose of processing, the Company destroys such personal information without delay.
2. Notwithstanding the foregoing, if personal information is required to continue to be maintained in accordance with other statutes, such personal information will be transferred to a separate database (DB) or kept in a different place.
3. Procedures and methods of destruction of personal information are as follows:
   1. Destruction procedures
      1. Personal information collected at the time of signing up for membership may be kept for 14 days temporarily in order to restore and protect victims when stealing of personal information, etc. caused damages.
      2. The company selects personal information that falls under the reason for destruction and destroys it after obtaining approval from the privacy officer of the Company.
   2. Destruction methods
      1. Personal information stored in electronic forms: to be destroyed by technical means to prevent any record from being recovered
      2. Personal information printed on paper: to be shredded with a shedder or incinerated

Article 6 [Users’ and legal representatives’ rights·obligations and methods to exercise them]

1. Users can exercise their rights, such as requests for access to, correction, erasure, suspension of processing of personal information, etc. against the Company, at any time.
2. Exercise of rights against the Company pursuant to aforementioned Paragraph 1 can be carried out in writing, by telephone or electronic mail, or via the internet, etc. in accordance with Paragraph 1 of Article 41 of Enforcement Decree of the 「Personal Information Protection Act」, and the Company will handle it without delay.
3. Users can exercise their rights under Paragraph 1 through proxies such as their legal representatives or the ones who are delegated, in which case, a power of attorney in accordance with the attached Form 11 of “Notification for Methods of Processing of Personal Information (2020-7)” shall be submitted.
4. In relation to the request to suspend access to and processing of personal information, the users’ right may be restricted in accordance with Paragraph 4 of Article 35 and Paragraph 2 of Article 37.
5. In relation to the request for correction and erasure of personal information, the erasure is not permitted where the said personal information shall be collected by other statutes.
6. If there is a request for access, correction·erasure, suspension of processing of personal information on the basis of user rights, the Company will confirm if the one who made such request for access, etc. is the user himself/herself or legitimate representative.

Article 7 [Matters regarding measures to ensure safety of personal information]

The Company takes measures to ensure safety of personal information as follows:

1. Organizational measures
   Establishment and implementation of internal management plans, regular training of officers and employees, regular inspection of access records, inspection of outsourcees, etc.
2. Technical measures
   Management of access to personal information processing systems, installation of access control systems, encryption according to internal management plans (in transit and when storing), installation of security programs
3. Physical measures
   Restriction on access to database, rooms in which data are kept, etc.

Article 8 [Matters regarding installation and operation of an automatic collection tool for personal information and the denial thereof]

1. The Company installs·operates a tool that automatically collects personal information including ‘cookies, access data files’ etc. in order to provide users with suitable, more useful and personalized and customized services. A cookie is small amount of information that a server which is used for operation of a website and application sends to a user’s device, and it is stored in the user’s device.
2. The Company can use cookies, etc. for the purposes described as follows:
   1. To provide optimized services to users by identifying patterns of site visit and use.
   2. To provide information optimized to users by identifying popular search keywords, etc.
   3. To provide safe access environment by identifying whether it is secure access
3. Users can decide the level of information collected by cookies by clicking [Tools] menu of the web browser and [Internet option]->[Security]->[Customer Level] or deny storage of cookies.
4. If users deny storage of cookies, some services may not be able to be provided.

Article 9 [Responsible person for protection of and access to personal information]

1. The Company designated following privacy officer in order to manage duties of personal information processing and to handle users’ complaints and remedial compensation, etc.

Name	Department	Position	Contact information
Lee, Dongyoon		CEO / Privacy officer	cx@entre-reality.io
Kim, Sihyun		Responsible person for personal information protection	cx@entre-reality.io
-	Department of personal information protection	-	cx@entre-reality.io

2. Users can inquire matters regarding personal information protection, handling complaints, remedial compensation, etc. to the privacy officer and responsible department, and the Company will handle the inquiry shortly; provided, however, that if there is any delay due to inevitable reasons, the Company will inform users of it.
3. Users can inquire about access to personal information in accordance with Article 35 of 「Personal Information Protection Act」 to the department responsible for personal information protection

Article 10 [Remedies for infringement of users’ rights and interests]

1. Users can contact following institutions for remedies for infringement of personal information.

Name of Institution	Website	Call
Personal Information Dispute Mediation Committee	www.kopico.go.kr	1833-6972
Privacy Infringement Report Center	Privacy.kisa.or.kr	118
Supreme Prosecutors’ Office	www.spo.go.kr	1301
National Police Agency	Ecrm.cyber.go.kr	182

2. With regard to a request pursuant to Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information) and Article 37 (Suspension of Processing of Personal Information) of 「Personal Information Protection Act」, a person whose rights or interests have been infringed can file an administrative appeal against a disposition or omission by heads of public institutions as prescribed in the Administrative Appeals Act.

Article 11 [Scope of application of the Privacy Policy]

1. This Privacy Policy applies to every service provided by the Company, but separately prepared privacy policies may apply by service in the event that characteristics of services are different.
2. This Privacy Policy does not apply to the case that a user visits another company’s website that is linked to a service of the Company, or the website the user visited collects personal information.

Article 12 [Change in and notification of the Privacy Policy]

1. In case that any addition, deletion and modification are made in content, this Privacy Policy will be notified in advance to users 7 days prior to amendment. However, if material changes are made in user rights such as changes in personal information items to be collected or purpose of use, etc., the Company may obtain consent from users again.
2. This Privacy Policy comes into effective as of MM DD, 2022 and previous versions can be found as below.