펫스타픽

Privacy (Location) Policy

Bremen Co., Ltd. (hereinafter referred to as "the Company") operates "Petstapic" and, in accordance with the "Personal Information Protection Act" and the "Act on the Protection and Use of Location Information" (hereinafter referred to as "Location Information Act"), has established and is operating the following Privacy Policy to protect users' personal information and personal location information and to promptly address related grievances and difficulties. The Company strives to comply with and implement the responsibilities and obligations stipulated by relevant laws. If the Privacy Policy is changed, the details and effective date of the changes, as well as the content before and after the changes, will be continuously disclosed through website announcements.

Article 1 (Notice on the Collection, Use, and Retention Period of Personal Information)

The Company collects the minimum necessary personal information to provide services, with varying purposes, items, and retention periods based on the service provided as outlined below.

Membership Registration and Customer Management

Purpose of Collection: Membership registration and customer management, registration for internal services
Required Collection Items: Name, Email, Phone Number, Gender, Date of Birth, Charm Points, Photos
Retention and Use Period: Deleted one month after membership withdrawal

Service Use

Purpose of Collection: In-app usage, profile review, dating matching service
Required Collection Items: Name, Email, Phone Number, Gender, Date of Birth, Charm Points, Photos, Messages written by the user, Posts written by the user, Geographical information based on the user's network connection
Optional Collection Items: Introduction, Height, Religion, Drinking habits, Career, University, Annual income, Residence, Pets, Additional information, Instagram account, Location information
Retention and Use Period: Deleted one month after membership withdrawal

Consent to Receive Promotional Information (Optional)

Purpose of Collection: To provide information about events and promotions
Required Collection Items: Name, Email, Phone Number
Retention and Use Period: Until consent is withdrawn

Other

The Company does not provide services to children and adolescents under the age of 18 and does not collect related personal information.
If the purpose and items of member information processed by the Company change, prior consent will be requested in accordance with relevant laws.
The Company generally prohibits the processing of resident registration numbers and will only process them if specifically required by laws, presidential decrees, parliamentary rules, Supreme Court rules, Constitutional Court rules, Central Election Commission rules, or Board of Audit and Inspection rules during the performance of duties.
The Company collects personal information in the following ways and obtains prior consent before collection:

① By having users directly input personal information during the use of the service.

② By collecting personal information in writing at offline events such as exhibitions, seminars, and conferences.

③ By automatically generating and collecting personal information through methods such as cookies and access logs during the use of the service.

Article 2 (Regarding the Installation and Operation Refusal of Personal Information Automatic Collection Devices)

The Company automatically generates/collects the following information during the service use process and may use it for the following purposes:

How to Refuse Information on Automatic Collection of Personal Information

Collected Items: Visit history, access IP information, service usage records, advertising identifiers, cookies (Cookies are small amounts of information sent from the server (http) of a website to the user's computer browser and may be stored on the user's PC hard disk. Also includes mobile device type, name of the model, OS version)
Collection Method Using Analytical Tools:
- Google Analytics: We use Google’s web log analysis tool, Google Analytics, which collects key behaviors (behavioral information) of users through cookies. While this collected information cannot be used to identify individual users, you can refuse the collection through the methods described below.
- Pixel: We use Facebook’s web log analysis tool, which also collects key behaviors (behavioral information) of users through cookies. Similarly, while this information cannot be used to identify individual users, you can refuse the collection through the methods described below.
[Mobile]
- For iPhone: Safari App > Clear History and Website Data > Confirm
- For Chrome: Chrome App > Tap “More” in the top-right corner > Clear Browsing Data > Choose Time Range > Check the boxes next to 'Cookies, site data' and 'Cached images and files' > Clear Data
- For Naver: Naver App > Settings > Clear Cache + Internet History > Clear Cookies

Purpose of Using Automatically Collected Personal Information

Compliance with Relevant Laws: The Company is obligated to retain users' access records (logins) to ensure compliance with relevant regulations.
Session-Based Member Authentication: For member authentication, only encrypted Session IDs are stored on the server, preventing the exposure of personal information. Additionally, Session information automatically disappears after a certain period. If users wish to delete Session information, they can do so by logging out or closing the browser, which will delete it immediately.
Improving Service Quality and Developing New Products: User activity history, purchase and search records, and other interests and preferences are analyzed to improve the quality of existing products and to develop new products, thereby providing better services.
Providing Personalized Recommendation Services: By analyzing user activity history, purchase and search records, etc., the system recommends products that users are likely to prefer.
Advertising and Marketing to Potential Customers: Products are exposed to potential customers who are expected to have similar interests to existing customers, as well as recent visitors to the service’s website or app.

Article 3: Retention, Use Period, and Disposal of Personal Information

The Company processes the personal information collected within the period of retention and use of personal information agreed upon by the user at the time of collection or within the period of retention and use of personal information in accordance with relevant laws. Once the purpose is achieved and the retention period has elapsed, the personal information will be destroyed without delay in a manner that prevents recovery or reproduction.

User Information

① If a user withdraws from the service, the information will be destroyed immediately upon withdrawal, and the account cannot be recovered. The Company retains the personal information in an unidentifiable state to prevent misuse.

② However, if there is a need to preserve personal information as required by relevant laws, the Company will comply with the regulations of those laws.

Automatically Collected Information

Automatically collected information will be retained and used for up to 12 months from the date of collection and will be deleted immediately after the retention period has elapsed.

Obligatory Retention Period According to Relevant Laws

Retention Purpose	Period	Retention Basis
Information related to transaction details and supporting documents	5 years	Framework Act on National Taxes, Corporate Tax Act
Records of contracts or withdrawal of subscriptions	5 years	Act on the Consumer Protection in Electronic Commerce
Records of payment and supply of goods, etc.	5 years	Act on the Consumer Protection in Electronic Commerce
Records of consumer complaints or dispute resolutions	3 years	Act on the Consumer Protection in Electronic Commerce
Retention of access records	3 months	Protection of Communications Secrets Act

Article 4 (Entrustment of Personal Information Processing)

The Company entrusts some personal information processing tasks to ensure smooth handling of personal information. When concluding an entrustment contract, we supervise the trustee to ensure they handle personal information securely, in accordance with relevant laws and regulations. If the contents of the entrusted tasks or the trustees are added or changed, we will promptly inform users in advance according to relevant laws or disclose it through this personal information processing policy.

Entrusted Personal Information Processing Tasks and Trustee Information

For better service provision, user convenience, and marketing activities, the Company may entrust the processing of users' personal information to third parties as follows:

Consigned Companies	Entrusted Tasks
Play Inc.	Service Improvement
Amazon Web Services Inc.	Data storage and system operation
Google Cloud Platform	Data storage and system operation
Google Analytics	Service usage behavior analysis
Google Firebase	Service usage behavior analysis
Facebook	Advertising analysis
Apple Search Ads	Advertising analysis
Google Ads	Advertising analysis

Article 5 (Provision of Personal Information to Third Parties)

The Company processes the personal information of data subjects only within the scope specified in ‘Article 1: Notice on the Collection, Use, and Retention Period of Personal Information’ and provides personal information to third parties only with the separate prior consent of the user or in cases where there is a special requirement under relevant laws and regulations.

The Petstapic service provides information to other members within the scope set by the data subject's public settings.

Provision to Third Parties Without Prior Consent Based on Relevant Laws

① When necessary for compiling statistics, academic research, or market surveys, and the information is provided in a form that does not identify specific individuals.

② When requested by a state agency pursuant to relevant laws and regulations.

③ When requested for investigative purposes related to a crime or by the Information and Communication Ethics Committee.

④ If there is a request in accordance with the procedures prescribed by other relevant laws and regulations.

Article 6 (Transfer of Personal Information Overseas)

The Company does not provide personal information to foreign businesses. However, to execute contracts related to the provision of information and communication services and to enhance user convenience, we entrust certain personal information processing tasks overseas as follows.

Notice on the Transfer of Personal Information Overseas

Transferred Company (Contact Information)	Transfer Country	Transferred Personal Information Items	Purpose of the Receiving Party, Retention and Usage Period, Transfer Date and Method
Amazon Web Services Inc. (aws-korea-privacy@amazon.com)	United States of America (USA)	All information collected during the service provision process	Purpose: Analysis of Services and Usage Patterns Period: Until the purpose of use is achieved Date/Method: Transferred continuously through the information and communication network during the member registration and service provision process
Google Cloud Platform (googlekrsupport@google.com)	United States of America (USA)	All information collected during the service provision process	Purpose: Information storage and system operation Period: Until the purpose of use is achieved Date/Method: Transferred continuously through the information and communication network during the member registration and service provision process
Google Analytics (googlekrsupport@google.com)	United States of America (USA)	Device information, gender, age, IP information, location information, purchase history	Purpose: Analysis of Services and Usage Patterns Period: Until the purpose of use is achieved Date/Method: Transferred continuously through the information and communication network during the member registration and service provision process
Google Firebase (googlekrsupport@google.com)	United States of America (USA)	Device information, gender, age, IP information, location information, purchase history	Purpose: Analysis of Services and Usage Patterns Period: Until the purpose of use is achieved Date/Method: Transferred continuously through the information and communication network during the member registration and service provision process
Facebook (+82-2-737-0455)	United States of America (USA)	Device information, device language, advertising identifier information, IP information, location information, access logs, purchase history (including gender selection), app activity history (including gender selection), carrier information	Purpose: Advertising analysis Period: Until the purpose of use is achieved Date/Method: Transferred continuously through the information and communication network during the member registration and service provision process
Apple Search Ads (https://www.apple.com/kr/privacy/contact/)	United States of America (USA)	Device information, device language, advertising identifier information, IP information, location information, access logs, purchase history, app activity history, carrier information	Purpose: Advertising analysis Period: Until the purpose of use is achieved Date/Method: Transferred continuously through the information and communication network during the member registration and service provision process
Google Ads (kr-lcs-game@google.com)	United States of America (USA)	Device information, device language, advertising identifier information, IP information, location information, access logs, purchase history, app activity history (including gender selection), carrier information	Purpose: Advertising analysis Period: Until the purpose of use is achieved Date/Method: Transferred continuously through the information and communication network during the member registration and service provision process

Article 7 (Measures for Ensuring the Security of Personal Information)

The Company is committed to managing users' personal information securely, taking all necessary steps to prevent the loss, theft, leakage, alteration, or damage of personal data. This includes implementing the required technical, administrative, and physical measures.

Minimization and Training of Personnel Handling Personal Information

We minimize the number of employees who handle personal information and conduct regular privacy protection training to ensure that personal data management measures are effectively implemented.

Establishment and Implementation of Internal Management Plans

To ensure the secure handling of personal information, we have established and are implementing internal management plans.

Storage of Access Logs and Prevention of Tampering

To facilitate responses in the event of a personal information breach, we keep and manage access logs (such as web logs and summary information) for at least one year. We use security features to prevent tampering, theft, or loss of these access logs.

Encryption of Personal Information

Users' personal information is stored and managed in an encrypted format.

Technical Measures Against Hacking

To prevent leakage and damage to personal information caused by hacking or computer viruses, we install and regularly update security programs. We also install systems in areas with restricted external access and apply both technical and physical monitoring and blocking measures.

Access Control for Personal Information

We implement measures to control access to personal information by managing the authorization, modification, and deletion of access rights to the personal information processing systems.

Article 8 (Rights of Users and Legal Representatives and How to Exercise Them)

The Company is committed to securely managing users' personal information to prevent loss, theft, leakage, alteration, or damage, and is taking all necessary technical, administrative, and physical measures. Individuals under the age of 18 are not eligible to join as members, so the Company does not collect personal (location) information from individuals under 18. Therefore, the Company is not responsible for any complaints related to location-based services involving users under 18.

User Rights and How to Exercise Them

① View/Updates: Go to Profile > Edit

② Account Deletion: Go to Profile > Account Settings

③ Other Requests: You may request suspension or deletion of your personal information through the Company’s customer service center.

④ Suspension of Use: If you request correction or deletion of personal information due to errors, the Company will not use or provide the relevant personal information until the correction or deletion is completed.

⑤ Limitations on Deletion Requests: If the personal information is specified as a collection target in other laws, you cannot request the deletion of that personal information.

⑥ Verification of Identity: The Company will verify the identity of the requester when making requests related to viewing, correction, deletion, or suspension of processing.

Article 9 (Purpose of Processing Personal Location Information and Retention Period)

According to Article 8 of the Petstapic Service Location-Based Service Terms of Use, personal location information may be retained for the minimum period necessary to achieve the intended use, as required for providing location-based services.

① If the Company intends to use personal location information to provide services, it must specify this in the terms of use and obtain consent from the subject of the personal location information.

② For billing and complaint handling with other businesses or users, the Company automatically records and retains location information usage, provision, and verification materials. These records are kept for 6 months.

③ When providing personal location information to a third party designated by the member, the Company will immediately notify the member of the recipient, the date and time of provision, and purpose of provision, using the communication terminal device where the personal location information was collected. However, in the following cases, the notification will be sent to a pre-designated communication device or email address:

1. If the communication terminal device that collected the personal location information does not have the capability to receive text, voice, or video messages.

2. If the member has previously requested that notifications be made through online postings or similar methods.

Article 10 (Rights of Personal Location Information Subjects)

① Members may, at any time, withdraw all or part of their consent to the provision of location-based services using personal location information and the provision of personal location information to third parties. In such cases, the Company will destroy the collected personal location information and any data verifying the use and provision of location information.

② Members may, at any time, request the temporary suspension of the collection, use, or provision of their personal location information, and the Company cannot refuse this request and has the necessary technical means to comply.

③ Members may request to view or be notified of the following materials and, if there are errors, request corrections. The Company cannot refuse such requests without legitimate reasons:

Data verifying the collection, use, and provision of their personal location information
Reasons and details for the provision of their personal location information to third parties as per the Act on the Protection and Use of Location Information or other legal provisions

④ Members can exercise their rights under paragraphs 1 through 3 through the Company’s prescribed procedures.

Article 11 (Personal Information (Location) Protection Officer and Remedies for Infringement of User Rights)

The Company is responsible for the overall handling of personal information (location) processing tasks and designates a Personal Information (Location) Protection Officer as follows to handle user complaints and provide remedies for damages related to personal information processing.

Personal Information (Location) Protection Officer
Name: Sung-Moo Kim
Position: CEO
Contact: +82-70-7727-4282

Role of the Personal Information (Location) Protection Officer

Users can direct all inquiries, complaints, and requests for remedies related to personal information protection arising from their use of the service to the Personal Information Protection Officer. The Company will respond to and address user inquiries without delay.

Organizations for Assistance with Rights Violations

If you need detailed assistance regarding the violation of your rights, please contact the following organizations:

① Personal Information Infringement Report Center (Operated by Korean Internet & Security Agency)
Scope of Work: Report personal information breaches, request consultations
Website: privacy.kisa.or.kr
Tel: 118 (no area code needed)
Address: (58324) 3rd Floor, 9 Jinheung-gil (Bitgaram-dong 301-2), Naju-si, Jeollanam-do

② Personal Information Dispute Mediation Committee
Scope of Work: Request for personal information dispute mediation, collective dispute mediation (civil resolution)
Website: www.kopico.go.kr
Tel: 1833-6972 (no area code needed)
Address: (03171) 4th Floor, 209 Seoul Government Complex, Sejong-daero, Jongro-gu, Seoul

③ Supreme Prosecutors’ Office Cyber Crime Investigation Team: +82-2-3480-3573 (www.spo.go.kr)

④ Cyber Safety Bureau: 182 (cyberbureau.police.go.kr)

Article 12: Changes to the Privacy Policy

The Privacy Policy will be effective from the date of implementation. Any additions, deletions, or corrections due to changes in relevant laws and policies will be promptly notified through the website.

This revision will be effective from March 24, 2021.