Skip to main content

Privacy Policy

Last updated : 2023.12.19

Article 1 (Purpose)

Dodlab Inc. (hereinafter referred to as the "Company") establishes this privacy policy (hereinafter referred to as the "Policy") to protect the personal information (hereinafter referred to as "Personal Information") of individuals (hereinafter referred to as "Users" or "Individuals") who use the Company's services (hereinafter referred to as the "Company Services") and to handle user grievances related to personal information swiftly and effectively in compliance with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the "Information and Communications Network Act"), and other relevant laws.

Article 2 (Principles of Personal Information Processing)

The Company may collect Users' personal information in accordance with the relevant laws and this Policy. Collected personal information may be provided to third parties only with the consent of the User. However, in cases where provision is mandated by law, the Company may provide the personal information to third parties without prior consent.

Article 3 (Disclosure of the Policy)

  1. The Company discloses this Policy on the homepage or a linked page so that Users can easily access it.
  2. The Policy is displayed using fonts, colors, and formats to ensure easy recognition.

Article 4 (Changes to the Policy)

  1. This Policy may be revised due to changes in laws, guidelines, notices, or government and Company service policies.
  2. When the Policy is revised, the Company will notify Users through at least one of the following methods:
    • a. Notification on the main page or a pop-up on the homepage.
    • b. Notification through written notice, fax, email, or similar methods.
  3. Notifications under clause 2 will be made at least seven days prior to the effective date. However, significant changes affecting Users' rights will be notified at least 30 days in advance.

Article 5 (Information for Membership Registration)

For User registration for the Company's services, the Company collects the following information:

  1. Required: Email address, password, and name.
  2. Optional: Mobile phone number.

Article 6 (Information for Providing Services)

To provide services, the Company collects the following information:

  1. Required: ID and email address.

Article 7 (Methods of Collecting Personal Information)

The Company collects personal information through the following methods:

  1. When Users enter their personal information on the homepage.
  2. When Users enter their personal information through other services such as applications provided by the Company.

Article 8 (Use of Personal Information)

The Company uses personal information for the following purposes:

  1. Delivering notices necessary for Company operations.
  2. Responding to User inquiries and complaints to improve service.
  3. Providing the Company's services.
  4. Restricting use for violations of laws or terms and conditions, including improper use, to ensure smooth service operation.

Article 9 (Retention and Use Period of Personal Information)

  1. The Company retains and uses personal information for the period required to achieve the purpose of collection.
  2. However, in accordance with internal policies, records of improper use are retained for up to one year after membership withdrawal to prevent improper use.

Article 10 (Retention and Use Period by Law)

The Company retains and uses personal information as per legal requirements:

  1. Under the Act on Consumer Protection in Electronic Commerce:
    • a. Records on contracts or cancellations: 5 years.
    • b. Records on payment and supply of goods: 5 years.
    • c. Records on consumer complaints or disputes: 3 years.
    • d. Records on display or advertisement: 6 months.
  2. Under the Protection of Communications Secrets Act:
    • a. Website log records: 3 months.
  3. Under the Electronic Financial Transactions Act:
    • a. Records of electronic financial transactions: 5 years.
  4. Under the Act on the Protection and Use of Location Information:
    • a. Records of personal location information: 6 months.

Article 11 (Principles for Destruction of Personal Information)

The Company promptly destroys personal information that is no longer needed, such as when the purpose of collection is achieved or the retention period expires.

Article 12 (Destruction Procedure for Personal Information)

  1. Information entered by Users for registration is moved to a separate database (for paper, a separate file cabinet) after the purpose is achieved and destroyed according to the Company’s retention and use policy.
  2. Personal information marked for destruction is deleted after approval from the Company’s data protection officer.

Article 13 (Methods for Destroying Personal Information)

  1. Personal information stored in electronic file formats is deleted using technical methods that make the information irrecoverable.
  2. Personal information printed on paper is shredded or incinerated.

Article 14 (Measures for Sending Advertising Information)

  1. The Company obtains explicit prior consent from Users when sending advertising information for commercial purposes through electronic transmission media. However, in the following cases, prior consent is not required:

    • a. When the Company collects contact information directly from the recipient in the course of transactions and sends advertising information regarding goods or services of the same kind within six months from the end of the transaction.
    • b. When telemarketing under the Act on Door-to-Door Sales involves direct verbal notification to the recipient of the source of the information.

  2. Despite clause 1, the Company does not send advertising information if the recipient has expressed refusal or withdrawn consent and informs the recipient of the result of the processing.

  3. The Company obtains additional consent when sending advertising information for commercial purposes between 9 PM and 8 AM the following day.

  4. Advertising information sent via electronic transmission media will include the following details:

    • a. The name and contact information of the Company.
    • b. How to refuse or withdraw consent for receiving advertising information.

  5. The Company refrains from the following actions when sending advertising information:

    • a. Avoiding or interfering with the recipient’s refusal or withdrawal of consent.
    • b. Generating contact information (e.g., phone numbers or email addresses) using automated combinations of numbers or symbols.
    • c. Automatically registering contact information for the purpose of sending advertising information.
    • d. Concealing the sender’s identity or the source of the advertising information.
    • e. Misleading recipients to reply by deception.

Article 15 (Access to and Withdrawal of Personal Information Consent)

  1. Users or their legal representatives may view or correct their registered personal information at any time and may request withdrawal of consent for data collection.
  2. To withdraw consent, Users or their legal representatives may contact the Company’s data protection officer or designated staff via written notice, telephone, or email. The Company will process the request without delay.

Article 16 (Correction of Personal Information)

  1. Users may request corrections to errors in their personal information through the methods described in the previous article.
  2. The Company will not use or provide the relevant personal information until corrections are complete. If incorrect information has already been provided to a third party, the Company will notify the third party and ensure corrections are made.

Article 17 (User Obligations)

  1. Users must keep their personal information up to date. Users are responsible for issues arising from inaccurate information provided.
  2. Registering with another person's personal information may result in loss of membership or legal consequences under data protection laws.
  3. Users are responsible for maintaining the security of their email addresses and passwords and must not transfer or lend this information to third parties.

Article 18 (Management of Personal Information)

  1. The Company employs technical and managerial measures to ensure personal information is not lost, stolen, leaked, altered, or damaged during processing.

Article 19 (Processing of Deleted Information)

  1. Personal information requested for deletion by Users or their legal representatives is handled according to the "Retention and Use Period of Personal Information" described above and is no longer available for use or viewing for other purposes.

Article 20 (Encryption of Passwords)

  1. User passwords are stored and managed in an encrypted format, ensuring that only the user can access and modify their personal information.

Article 21 (Measures Against Hacking)

  1. The Company takes measures to prevent the leakage or damage of personal information due to hacking or computer viruses.
  2. The Company uses up-to-date antivirus programs to prevent data leaks or corruption.
  3. The Company employs intrusion prevention systems to safeguard data.
  4. Sensitive personal information is securely transmitted using encryption during network communication.

Article 22 (Minimization and Training of Personal Information Handlers)

  1. The Company limits the number of personnel responsible for handling personal information and provides training to ensure compliance with relevant laws and internal policies.

Article 23 (Actions in Case of Information Leakage)

  1. If personal information is lost, stolen, or leaked, the Company will promptly notify the affected Users with the following details:
    • a. Items of personal information leaked.
    • b. Date and time of the leakage.
    • c. Actions Users can take to protect themselves.
    • d. Company’s countermeasures.
    • e. Contact details for further inquiries.

Article 24 (Exceptions for Notification)

  1. If the Company is unable to notify Users due to unknown contact information or other legitimate reasons, it may substitute notification by posting on the Company’s website for at least 30 days.

Article 25 (Use of Cookies)

  1. The Company uses cookies to provide tailored services by storing and retrieving user information. Cookies are small pieces of data sent by the Company’s server and stored on the User’s device.
  2. Users can choose to allow, confirm, or block cookies through their browser settings. Blocking cookies may result in difficulties in accessing some services requiring login.

Article 26 (Managing Cookie Settings)

  1. Browser settings for managing cookies:
    • Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data.
    • Chrome: Settings > Privacy and Security > Cookies and other site data.
    • Whale: Settings > Privacy Protection > Cookies and other site data.

Article 27 (Designation of Personal Information Protection Officer)

  1. The Company designates the following officer to protect personal information and address related grievances:
    • Name: Heo Eun-ho
    • Title: Data Protection Officer
    • Phone: 070-4335-4111
    • Email: dev@dodlab.kr

Article 28 (Remedies for Infringement)

  1. Users can report or seek resolution for personal information infringements through the following agencies:

    • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
    • Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)
    • Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
    • Police Cyber Investigation Unit: 182 (ecrm.cyber.go.kr)

  2. The Company ensures the right of data subjects to self-determination over their personal information and strives to provide counseling and remedies for grievances caused by personal information infringement. For inquiries or complaints, please contact the department mentioned in Clause 1.

  3. If a public institution’s decision or inaction regarding a request under Articles 35 (Access to Personal Information), 36 (Correction and Deletion of Personal Information), or 37 (Suspension of Personal Information Processing) of the Personal Information Protection Act infringes upon the rights or interests of the individual, the individual may file an administrative appeal in accordance with the Administrative Appeals Act.