Privacy Policy

In accordance with the Personal Information Protection Act, PhoAI has the following processing policies to protect users' personal information, rights and interests, and to handle users' grievances related to personal information smoothly. PhoAI will make an announcement through an application notice (or individual notice) if the company revises its privacy policy. ○ This policy will take effect from October 31, 2023 1. Purpose of Processing Personal Information PhoAI processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and prior consent will be sought if the purpose of use is changed. A. Application membership registration and management Personal information is processed for the purpose of confirming membership intention, identifying and certifying themselves according to the provision of membership services, maintaining and managing membership status, preventing fraudulent use of services, confirming the consent of legal representatives when collecting personal information for children under the age of 14, various notices and notices, handling grievances, and preserving records for dispute mediation. B. Providing goods or services Process personal information for the purpose of providing personal services to users. C. Use in marketing and advertising Personal information is processed for the purpose of developing new services (products) and providing customized services, providing events and advertising information and participation opportunities, verifying service validity, identifying access frequency, or statistics on members' service use. 2. Personal Information File Status - Personal Information Item: Personal Photo - Collection Method: Enter via App - Grounds of possession: AI-based image conversion service is provided - Retention period: 1 year - Related Acts and subordinate statutes: Record of collection/processing and use of credit information: 3 years - Record of payment and supply of goods: 5 years, record of contract or withdrawal of subscription: 5 years 3. Processing related to face data This is a part related to the user's face data, and the face data is processed according to the content below. - collection : Photos that have been converted into images are saved for reuse - use : Face data can be used when using the conversion function in the future - sharing : Face data is accessible only to the user himself - retention : It is encrypted and stored in the cloud, and is automatically deleted if there is no history of use within one year of registration. 4. Processing and retention period of personal information ① PhoAI processes and holds personal information within the period of holding and using personal information or the period of use when collecting personal information from the data subject. ② The processing and retention periods of each personal information are as follows. Personal information related to <Application membership registration and management> is collected.Hold for the above purpose of use from the date of consent for use to <3 years>.It will be used. 1) Records on the collection/processing and use of credit information: 3 years 2) Record of consumer complaints or disputes: 3 years 3) Record of payment and supply of goods: 5 years 4) Record of contract or withdrawal of subscription: 5 years 5. The rights and obligations of the data subject and the legal representative and the user of the exercise method may exercise the following rights as a personal data subject. ① The data subject may exercise the right to view, correct, delete, and suspend processing of AIPhoi at any time. ② The exercise of rights under paragraph 1 can be done in writing, e-mail, and fax in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and PhoAI will take action without delay. ③ The exercise of rights under paragraph 1 may be carried out through an agent, such as a legal representative of the data subject or a person entrusted. In this case, you must submit a power of attorney in accordance with attached Form 11 of the Enforcement Regulations of the Personal Information Protection Act. ④ Requests to view and suspend processing of personal information may limit the rights of the data subject under Articles 35 (5) and 37 (2) of the Personal Information Protection Act. ⑤ A request for correction and deletion of personal information cannot be requested to be deleted if the personal information is specified as a collection target in other laws. ⑥ PhoAI confirms whether the person who made the request, such as requesting access, requesting correction and deletion, and requesting suspension of processing, is the person who made the request or a legitimate agent according to the data subject's right. 6. Destruction of Personal Information PhoAI, in principle, if the purpose of processing personal information is achieved, the personal information is destroyed without delay. The procedure, deadline, and method of destruction are as follows. - procedure for destruction The information entered by the user is transferred to a separate DB after the purpose is achieved (in the case of paper, separate documents) and stored for a certain period of time according to internal policies and other relevant laws or regulations, or destroyed immediately. At this time, the personal information transferred to the DB is not used for any other purpose except in the case of law. - the expiration date The user's personal information shall be destroyed within five days from the end of the holding period, and within five days from the date when the personal information is deemed unnecessary, such as achieving the purpose of processing personal information, abolishing the service, and terminating the business. -How to dig Information in the form of electronic files uses a technical method that does not allow records to be played back 7. Matters concerning the installation, operation, and rejection of automatic personal information collection devices PhoAI does not use "cookies" that store information about the data subject's use and call it up from time to time. 8. Creating a Privacy Officer ① PhoAI is responsible for the processing of personal information, and designates a person in charge of personal information protection to handle complaints and remedy damages from data subjects related to the processing of personal information as follows. ▶ a person information protection officer Name: Song Chang-geun Position: Representative Position: Representative Contact: 010-9141-9090, pekopeko11@gmail.com , ※ You will be connected to the privacy department. ▶ Department in charge of personal information protection Manager: Song Chang-geun Contact: 010-9141-9090, pekopeko11@gmail.com , ② The information subject may contact the person in charge of personal information protection and the department in charge of personal information protection, handling complaints, and remedy for damage caused by using PhoAI's service (or business). We will answer and process the information subject's inquiries without delay. 9. Change the privacy policy - This personal information processing policy will be applied from the date of enforcement, and if there is any addition, deletion, or correction of changes in accordance with laws and policies, it will be notified through a notice seven days before the implementation of the changes. 10. Measures to Secure Personal Information In accordance with Article 29 of the Personal Information Protection Act, PhoAI takes the following technical/management and physical measures necessary to secure safety. - Conducting regular self-audit In order to secure stability related to the handling of personal information, we conduct self-audit on a regular basis (once a quarter). - Minimization and training of personnel handling personal information We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to those in charge. - Establishment and implementation of internal management plan For the safe processing of personal information, we establish and implement an internal management plan. - Technical countermeasures against hacking, etc In order to prevent personal information leakage and damage caused by PhoAI hacking or computer viruses, security programs are installed, periodic updates and inspections are performed, systems are installed in areas where access is controlled from the outside, and technical and physical monitoring and blocking are performed. - Encrypting Personal Information Your personal information is encrypted and stored and managed, so only you can know it, and important data uses separate security features such as encrypting file and transfer data or using file lock functions. - Storage of access records and prevention of forgery We keep and manage records that have accessed the personal information processing system for at least 6 months, and use security functions to prevent forgery, theft, and loss of access records. - Restricting access to personal information We take necessary measures to control access to personal information by granting, changing, and cancelling access to database systems that process personal information, and control unauthorized access from outside using an intrusion prevention system. - Using locks for document security Documents containing personal information, auxiliary storage media, etc. are stored in a secure place with a lock. - access control for unauthorized persons There is a separate physical storage place where personal information is stored, and access control procedures are established and operated.