Privacy Policy
[CarriVerse Corp.] (hereinafter referred to as “Company”) endeavors to protect the personal information of the users (“Users”) who use the service of the Company (“Service”).
The Company displays this Privacy Policy within the Service where the Users can easily review the terms and conditions. The Company would like to notify how the personal information of the information subject is being processed and for what purposes.
The Company reserves the right to amend this privacy policy at its sole discretion, whenever it sees fit. When the Company amends this privacy policy, it shall notify the changes through the notice section in the application, and if required by relevant statutes, ask for the user’s permission.
The Privacy Policy contains the following important details :
■ The Company notifies Users the details of collected personal information, usage, provision, the entrusted information, the destroying method through the privacy policy
■ The User has legal rights including the right to personal data self-determination to their own personal information. This Privacy Policy guides the way to exercise the Users’ right on personal information; and
■ This Privacy Policy prevents infringement of personal information and guides how to recover from the infringement accident.
1. Purpose of Collection and Use of Personal Information
1.1. The Company processes personal information for the following purpose:
1.1.1. User registration and management of User information
Confirmation of the User’s will to register through Social Network Service accounts, identity verification∙authentication, maintaining and managing User status, preventing foul use of the Service, confirmation of consent of a legal representative in case of collecting personal information of children under 14 years of age, delivering notification and announcements, preserving records for conflict mediation
1.1.2. Resolving inquiries or complaints
Identifying the complaining entity, confirmation of the complaint (inquiries), contacting and notifying for investigation, answering the inquiry/complaint
1.1.3. Developing new services and use for advertisement purpose
Provision of customized services, recommending customized contents based on demographic features, developing new services and products, marketing purposes such as event promotion or advertisement, collecting data on frequency of visit and service use; development of service environment to protect privacy and service improvement.
1.1.4. Provision of materials in accordance with relevant laws and regulations
In accordance with the provisions of laws and regulations, or when there is a request from the investigation agency in accordance with the procedures and methods stipulated in the laws for the purpose of investigation
1.2. Personal information is not used for purposes other than those mentioned in the foregoing paragraph. If the purpose is changed, necessary measure shall be taken to obtain separate consent.
2. Items of Personal Information Collected and Terms of Collection and Use
2.1.The company collects the following personal information, at a minimum level required to provide the Service:
2.1.1. Required Information
| Section | Items of Personal Information |
|---|---|
| Registration and Use of Service | SNS account address (Email address) |
| One-on-one Inquiry, Use of Customer Service | Device manufacturer, model, OS version, and any other personal information submitted by the user to process inquiries |
2.1.2. The items collected automatically during the use of the Service
| Items of Personal Information | Note |
|---|---|
| Service usage records, connection log, connection IP information, log data, device manufacturer, model, OS version |
2.1.3. The Identifier for Advertisers(IDFA), Information of the device(version of the OS, App version, language and nationality), and related information may be collected automatically when the User uses the Service and not be correspond to personal information depending on the cases.
3. Methods of collection and usage of the personal information
3.1. The Company collects personal information in the following ways.
3.1.1. When User agrees to the collection of personal information and enters relevant information: when signing up for a service, while changing user information, while the user uses the Services and when user requests identity verification
3.1.2. During customer service procedure: email, fax, phone, etc.
3.1.3. When the user participates in online and/or offline events: Website, application, written form, email address, phone, fax, applying for gifts and etc.
3.1.4. When personal information is provided through affiliated services or groups
3.1.5. Through operation of automatic personal information collection devices
3.2. The Company may retain personal information collected by above methods on the grounds of processing the tasks that are requested by Users.
4. Duration of Retention of the Personal Information
4.1. The company destroys the information without delay after the purpose of collection and use of personal information is achieved.
4.2. Notwithstanding for the foregoing Paragraph, the Company may retain personal information until User requests for termination of the Terms of Service or withdraws consent to this Privacy Policy. However, in the event that the User’s unlawful or misappropriate usage record or the usage are found in accordance with the Terms of Service, the Company may retain the personal information 5 years upon the time of collection despite of the withdrawal of consent to this Privacy Policy by the User. Personal information for the purpose of maintaining the customer center shall be retained for 3 years or the period dictated by relevant statutes after the user revokes membership.
4.3. If retention of the personal information is needed in accordance with the related laws and regulation after the purpose of collection and usage have been achieved, the Company shall retain personal information of the User for certain period of time including following cases.
4.3.1. Records related to marks and advertisements: Six months (The Act on the Consumer Protection in Electronic Commerce)
4.3.2. Records related to cancellation of contracts or subscriptions, etc.: Five years (The Act on the Consumer Protection in Electronic Commerce)
4.3.3. Records related to payment for and supply of goods, etc.: Five years (The Act on the Consumer Protection in Electronic Commerce)
4.3.4. Records related to electronic account for sales or cancellation of sales, refund etc.: Five years (Framework Act on National Taxes)
4.3.5. Records related to resolution of consumer complaints or disputes: Three years (The Act on the Consumer Protection in Electronic Commerce)
4.3.6. Records related to usage of the Service: Three months (Protection of Communications Secrets Act)
4.3.7. If investigations regarding the violation of relevant statutes are ongoing : until said investigation is finished
4.3.8. If obligations and rights arising from service usage remain : until said obligations and rights are settled
5.Provision of Personal Information to a Third Party
5.1. The Company does not provide or disclose personal information to any third party without User’s consent and processes the information only within the scope expressed in this Privacy Policy.
5.2. Notwithstanding the above clause, the Company may provide or disclose the personal information to third parties in the following circumstances.
5.2.1. The Company may provide the user’s private information to affiliates or share them with affiliates. When sharing or providing personal information, the Company shall do so only after providing prior notice to the user according to relevant statutes and receiving the user’s consent.
5.2.2. When it is severely difficult to receive consent regarding personal information necessary for providing services, due to economic and technical reasons.
5.2.3. When it is required to calculate the price for the provision of services
5.2.4. When it is provided in a form that an individual is not identifiable for the purpose of drawing up statistics, academic research or market research.
5.2.5. When business transfer or merger etc. occurs (However, when transfer of User’s personal information is needed in this case, the Company notifies Users about the fact of transfer and the Users can withdraw their agreement on the transfer of personal information).
5.2.6. When the information subject or the legal representative is unable to express agreement, and when such agreement is necessary in order to protect third parties or the information subject from threat of life, body, and property.
5.2.7. Other cases regulated by the law and regulations, and when the court or the investigative agencies, etc. request provision of personal information according to procedures regulated by the law.
5.3. The Company may provide personal information to other third parties in order to provide various services, and will notify Users about ‘the recipient of personal information, the purpose of provision, the items of personal information being provided, and retention/usage period of the personal information by the recipient’, upon obtaining the Users’ express and individual agreement.
6. Entrustment of Handling Personal Information
6.1. In order to provide the Services seamlessly, the Company entrusts personal information processing tasks as the following entity. Detailed information of the domestic entrusted party is as follows.
6.1.1. Entity receiving personal information : Google
6.1.2. Purpose of entity receiving personal information : Analysis and statistical data on life cycle of downloaded apps and event occurrences (Google Analytics)
6.1.3. Duration of usage and storage : Since application installation to differing periods as determined by Google
6.1.4. Privacy policy of each product: According to Google Privacy Policy(https://policies.google.com/privacy?hl=ko)
7. Rights of Users and Legal Representatives and Method of Exercising them
7.1. The Users and their legal representatives may at any exercise their own rights or on behalf of principal the principal. However, the user’s rights can be restricted according to the laws and regulation and the personal information regulated as items to be collected may be restricted from request for deletion, suspension of process.
7.1.1. Request to view personal information
7.1.2. Request to correct personal information if there is an error
7.1.3. Request to delete or suspension of process (withdrawing the agreement on collection and usage of personal information, terminating the Service Agreement)
7.2. The ways to exercise of rights indicated in the foregoing paragraph are sending an email to the Company’s Personal Information Manager as outlined in Article 9.
7.3. The legal representatives of the User or agents that have been delegated may exercise the rights indicated in this Article. In this case, power of attorney must be submitted.
7.4.The Company confirms whether the requesting person is the User him or herself or a legitimate agent.
8. Destruction of Personal Information
8.1. In principle, the Company destroys personal information without delay after the purpose of collection and use of personal information is achieved. However, the information that has obtained User’s separate agreement or is required to be retained for a certain period of time shall be stored separately from other personal information.
8.2. The destruction procedure and method are as follow:
8.2.1. Destruction Procedure
Once the purpose is achieved, the information entered by the User is either deleted immediately or retained for a certain period of time if required by the internal policy and other relevant laws and regulations. The retained personal information will not be used for any other purpose other than those required by law.
8.2.2. Destruction Term
If the retention term has passed and when the purpose is achieved or the Service is closed etc. and such information becomes unnecessary, the personal information of a User is destroyed without delay from the end date of the retention term.
8.2.3. Destruction Method
Information in the form of electronic files shall be deleted using a technical method to prevent any reproduction. Personal information printed on paper is shredded or destroyed through incineration. The 'Company' destroys personal information recorded and stored in the form of electronic files using methods such as Low Level Format so that the records cannot be reproduced, and personal information recorded and stored in paper documents is shredded or incinerated with a shredder.
8.2.4. Separate Storage of Personal Information
If the service is not used for a period of one year, in accordance with Article 39(1) and (2) of the Personal Information Protection Act, the Company will notify the user of the account dormant state by e-mail no later than 30 days prior to the expiration of the period and then swap it to dormancy one year after the expiration of the period. The swaped personal information is information collected at the time of conclusion of the contract of use, such as SNS account address, service wallet address, and one-way hashed mnemonic key. Personal information in the dormant state is stored separately in a separate storage space and is managed by restricting access and applying security.
8.2.5. Destruction of Personal Information
The "company" promptly destroy personal information when personal information becomes unnecessary, such as the lapse of the period of possession of personal information, achievement of the purpose of use, and termination of service. If there is an asset transaction history, it will be destroyed within 5 years after the termination, and if there is no asset transaction history, it will be destroyed immediately.
9. Person in charge of personal information management
9.1. In order to manage and take responsibilities of processing and protecting the Users’ personal information and handle complaints related to personal information, the Company has designated the personal information manager as follows.
Personal Information Manager Name Blockchain Platform Office Email dpo@imantisco.com Customer Inquiry and Personal Information Viewing Request Manager Name Marketing Communication Team Email cscenter@imantisco.com
9.2. User can report any complaints related to personal information protection that occur while using the Company's Services to the person in charge of personal information management or the department in charge. The Company will promptly and sufficiently respond to Users' reports.
9.3. Users shall be responsible for the management of one’s account and password. The Company in no event asks about the password to the User in any form. Please be cautious to protect the password from disclosure, especially when logged in at public place.
9.4. The Company is not liable for the loss of data caused by unpredictable accident when the Company took all predictable and reasonable measure to prevent risks in the network security, including high-tech hacking.
10. Matters concerning the installation and operation of automatic personal information collection devices and their rejection
The Company is not liable for the loss of data caused by unpredictable accident when the Company took all predictable and reasonable measure to prevent risks in the network security, including high-tech hacking.
11. Measures for Safeguard of Personal Information
The Company is taking the following managerial, technical, physical measures for securing personal information.
11.1. Personal Information Encryption
The mnemonic key, an important user information, is stored/managed after being encrypted, and personal information is safely transmitted over the network through encrypted communication. The password required to sign a transaction is one-way encrypted, which cannot be decoded, and is stored in the user's personal device.
11.2. Safeguards against Hacking .
The Company installs systems in access-controlled areas to prevent the leaks or damage of user's personal information by hacking or malicious code. The Company utilizes the latest antivirus programs to prevent leaks or damage to users' personal information or data. In addition, an intrusion prevention system is used to control unauthorized access from the outside, and the Company strives to secure all possible technical devices to secure other systemic security.
Physical safeguard
The Company minimizes the number of employees handling personal information and reduce the risk of personal information leaks. In addition, we have established systematic standards for the creation and change of passwords and access rights for the database system that stores personal information and the system that processes personal information and conducts continuous audits. In addition, regular trainings are conducted on personal information protection obligations and security for all employees who handle personal information.
12. Liability on Connected Sites
The Company may provide links to other websites to Users. In this case, since the Company does not have the control over the other website, the Company is not liable for and does not guarantee the usefulness, whether it is correct or legal. Please check the privacy policy for the connected site because the Company has no relation with the connected site.
13. Amendment to the Privacy Policy
13.1. This Privacy Policy is applied from [*] [*], 2022 13.2. The Company may amend this Privacy Policy to reflect any legal or service changes. 13.3. The Company shall notify such amendment, and the amended Privacy Policy shall take effect seven (7) days after the foregoing notification. Notification Date : [*] [*], 2022 Enforcement Date : [*] [*], 2022