Artue Policy
Habitus Associates Co., Ltd. (hereinafter referred to as the “Company”) collects, uses, and provides personal information based on users’ consent in order to provide the Artue service (hereinafter referred to as the “Service”), and makes every effort to protect the personal information provided by users. The Company complies with the relevant laws, regulations, and guidelines of the Republic of Korea regarding the protection of personal information.
The Company discloses this Privacy Policy so that users can easily review it at any time, and if this policy is revised in the future, such changes will be announced through notices.
Article 1 (Collection and Purpose of Personal Information)
The items of personal information collected by the Company and their respective purposes are as follows. The Company processes users’ personal information only for the stated purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.- Personal information collected and used through member registration, sign-up, and service use
| Category | Details | Required | Collection & Use Timing |
|---|---|---|---|
| Sign-up and Login | Name, Email Address | Required | Membership registration request and service linkage |
| Service Use | Name | Required | Editing personal information |
| Automatically generated and collected information during service use | Service usage records, access logs, transaction records, IP information, cookies, records of defective or fraudulent use, mobile device information, records related to illegal or unauthorized access to the service, access attempt records, and information necessary to verify the secure operating environment of the service | Required | Service use |
| Customer Inquiries | Name, Email Address, Phone Number | Required | Handling inquiries and complaints |
- Purpose of Collection and Use of Personal Information
| Category | Description |
|---|---|
| User Information Management | User identification, management of account access and usage permissions, management of user information, delivery of various notices, development of new services, provision of diverse services, handling user inquiries and complaints |
| Service Provision | Identity verification, personalization of user environment, verification of purchase history, overall service management including purchase, sale, and settlement, ensuring service stability, providing secure services, and restricting actions that violate laws or the Terms of Service |
- Methods of Collecting Personal Information
| Category | Description |
|---|---|
| Online | Collection through online service membership registration and use, email consultations, collection with user consent through the Artue service, and collection via automatic collection devices |
Article 2 (Retention and Use Period of Personal Information)
Article 2 (Retention and Use Period of Personal Information)The Company processes personal information within the period of retention and use prescribed by applicable laws and regulations or within the period of retention and use agreed upon by the user at the time of collecting the personal information. The respective retention and use periods for personal information are as follows.
- Personal Information Retention and Use Period
| Category | Reason for Retention | Retention Period |
|---|---|---|
| Member Information | Member management, service use and provision, user identification | Until the date of withdrawal (no re-access for 1 year) |
- Statutory Retention According to Service Provision
- In principle, users’ personal information is destroyed without delay once the purpose of collection and use has been achieved. However, according to internal policies to prevent disputes arising from fraudulent use of services, records of fraudulent use may be retained for one (1) year.
- In accordance with applicable laws and the “Personal Information Validity Period System,” the Company immediately destroys the personal information of long-term inactive members who have not used the service for one (1) year. However, if laws and regulations require information to be retained for a certain period, such personal information will be safely stored for the required period.
| Category | Relevant Law | Retention Period |
|---|---|---|
| Records on contracts or withdrawal of subscription | Act on Consumer Protection in Electronic Commerce, etc. | 5 years |
| Records on consumer complaints or dispute resolution | Act on Consumer Protection in Electronic Commerce, etc. | 3 years |
| Records on display and advertising | Act on Consumer Protection in Electronic Commerce, etc. | 6 months |
| Records on compensation and erroneous payments | Act on Consumer Protection in Electronic Commerce, etc. | 5 years |
| Login records | Protection of Communications Secrets Act | 3 months |
| Records on specific financial transactions and identity verification | Act on Reporting and Using Specified Financial Transaction Information | 5 years |
Article 3 (Provision of Personal Information Processing)
- Provision of Personal Information The Company does not provide users’ personal information to third parties without the consent of the members. If it becomes necessary to provide personal information to a third party, the Company will notify the user of such fact and obtain the user’s consent before providing the personal information to the third party.
- Where there are special provisions in other laws
- Where the data subject or their legal representative is unable to express intent, or prior consent cannot be obtained due to unknown address, etc., and it is clearly deemed necessary to protect the urgent life, body, or property interests of the data subject or a third party
- Where personal information is provided in a form that does not allow identification of a specific individual, as necessary for purposes such as statistical compilation or academic research
However, personal information may be provided to a third party in the following cases:
Article 4 (Rights and Obligations of Users and Legal Representatives and Methods of Exercise)
- Users may exercise their rights against the Company at any time, including requests for access to, deletion of, or suspension of processing of personal information. However, the exercise of such rights may be limited in accordance with applicable laws and regulations, including Article 35 Paragraph 4, Article 36 Paragraph 1, and Article 37 Paragraph 2 of the Personal Information Protection Act.
- The exercise of users’ rights may be made in writing, by email, or by other means pursuant to Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
- The exercise of rights under Paragraph 1 may be carried out through a legal representative of the user or an authorized agent. In such cases, a power of attorney in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
- If personal information is explicitly designated as subject to collection under other laws and regulations, requests for correction or deletion of such personal information may not be granted.
- When a request for access, correction, deletion, or suspension of processing is made pursuant to the user’s rights, the Company verifies whether the requester is the user本人 or a duly authorized representative.
- If a user raises an objection to the refusal of the exercise of rights, the user may file an objection with the Company, and the Company will take action without delay.
Article 5 (Destruction of Personal Information)
- The Company destroys personal information without delay when such information becomes unnecessary due to the expiration of the retention period or the achievement of the purpose of processing.
- Even if the retention period agreed upon by the user has expired or the purpose of processing has been achieved, where personal information must be retained in accordance with applicable laws and regulations, such personal information shall be transferred to a separate database (DB) or stored separately in a different location.
- Methods for destroying personal information are as follows:
- Personal information stored in electronic file format is permanently deleted in a manner that prevents the records from being restored.
- Personal information recorded or stored in paper documents is destroyed by shredding or incineration.
Article 6 (Technical and Administrative Safeguards for Personal Information)
The Company has established the following technical and administrative measures to ensure security while processing users’ personal information, so that such information is not lost, stolen, leaked, altered, or damaged.- Administrative Measures
- Establishment and implementation of an internal management plan
- Minimization and training of personnel handling personal information: The Company designates employees who handle personal information and limits access to only those responsible, thereby minimizing the number of personnel involved and implementing measures to properly manage personal information.
- Technical Measures
- Management of access rights to personal information processing systems: The Company takes necessary measures to control access to personal information by granting, changing, and revoking access rights to database systems that process personal information, and controls unauthorized external access through the use of intrusion prevention systems.
- Encryption of personal information: The password, which is the user’s personal information, is stored and managed in encrypted form so that only the user can know it. Important data is protected by applying additional security measures such as encrypting files and transmitted data or using file-locking functions.