ROUNZ - AR try on eyewear shop

ROUNZ Privacy Policy
ROUNZ Co., Ltd. (hereinafter referred to as the "Company") complies with the provisions of laws and regulations related to personal information, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Personal Information Protection Act, and is committed to protecting the rights and interests of users by establishing a privacy policy. Through the Privacy Policy, the Company informs users of the purpose and manner in which their personal information is used and what measures the Company takes to protect their personal information.

1. Items of personal information the Company collects and how it is collected.
a. Items of personal information to be collected.
The Company collects the following personal information for membership registration, non-member purchases, consultation, and prevention of unauthorized use of services.


  
개인정보 수집 및 이용동의 (필수)
  
      
      
      
      
  
  

    

        
Classifications
        
Items to be collected
        
Purpose of collection and use
        
Retention period
    
  
  

    

    	
Member Registration
      
(Required) email, password, and whether the Member is 14 years old or older

(Optional) Name
			
Verification of identity for use of membership services, personal identification, prevention of fraud and unauthorized use by rogue members, confirmation of intention to join, confirmation of age, confirmation of consent of legal representative when collecting personal information of children under the age of 14, handling of complaints, and delivery of notices.
			
Personal information shall be immediately destroyed when a user withdraws from membership.

However, it shall be kept for 30 days to prevent unauthorized use and then destroyed.
    
  

b. Information collection method.
When users register as a member to use the membership service, the Company receives essential information online to provide the service. In addition, the Company may selectively request users to enter personal information for statistical analysis or to provide prizes when conducting surveys or events within the service. However, the Company shall not collect sensitive personal information (such as race and ethnicity, ideas and beliefs, origin and place of residence, political affiliation, criminal records, health status, and sexual life) that may violate the basic human rights of users, and shall obtain the prior consent of users if it is unavoidable.

2. Purpose of collecting and using personal information
a. Development of new services
The Company may develop more useful services based on the personal information provided by users. When developing new services or expanding contents, the Company may more efficiently prioritize services to be developed based on personal information provided by existing users, and the Company may reasonably select and provide contents that users need.

b. Member management
Confirmation of user identity, personal identification, prevention of unauthorized use by rogue members and prevention of unauthorized use, confirmation of intention to join, confirmation of age, confirmation of consent of legal representative when collecting personal information of children under the age of 14, handling of complaints, and delivery of notices.

c. Utilization for marketing and advertising
To deliver information and provide customized services based on the development of new services and events, to provide services and advertisements based on demographic characteristics, to understand the frequency of access, or to provide statistics on Members' use of services.

3. Retention and use period of personal information
In principle, the Company shall destroy the user's personal information without delay when the purpose of collecting and using personal information is achieved. However, the following information shall be retained for the specified period for the following reasons:

a. Reasons for retention of the personal information according to the Company's internal policy;
- Records of unauthorized use: Prevention of unauthorized use
- Retention period: 1 year from the date of unauthorized use

b. Reasons for retention of the personal information under relevant laws:
- Records on withdrawal of agreement or subscription: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records of handling consumer complaints or disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records of visits (logs): 3 months (Protection of Communications Secrets Act)

4. Procedures and methods for destroying personal information
The user's personal information shall be destroyed in the following ways without delay once the purpose of collecting and using the personal information is achieved.

a. Destruction procedure
The personal information entered by the user to use the service shall be transferred to a separate DB (separate filing cabinet in the case of paper) after the purpose is achieved and stored for a certain period of time (see Retention and Use Period) in accordance with the internal policy and other relevant laws and regulations, and then destroyed. Personal information transferred to a separate DB shall not be used for any purpose other than that for which it is retained unless otherwise required by law.

b. Destruction method
- Personal information printed on paper: shredding or incineration
- Personal information stored in the form of electronic files: Deletion using a technical method that does not allow the records to be reproduced.

5. Providing personal information to third parties
a. The Company may provide users' personal information to third parties within the scope of consent obtained by notifying or specifying as follows at the time of registration.
-Recipient: ESTsoft Corp.
-Purpose of provision: to improve the quality of AI such as virtual try on and glasses search, and to process order information.
-Items to be provided: Photos, customer names, and emails submitted when using the virtual try on, glasses search, etc.
-Period of retention and use of personal information by the recipient: Until withdrawal from membership or termination of service.

b. User consent shall be obtained when taking or uploading virtual try on photos after logging in. If the user does not agree and refuses, virtual try on, product recommendations, and convenience features may be limited.

c. In principle, the user's personal information shall not be provided to external parties other than the above. However, the following cases shall be exceptions:
- In case there is a request in accordance with the provisions of laws and regulations or a request from an investigative agency pursuant to the procedures and methods set forth in laws and regulations for the purpose of investigation.

6. Consignment of personal information processing
The Company entrusts the processing of personal information for the smooth provision of services and stipulates the necessary matters to ensure that personal information shall be safely managed when entering into consignment contracts in accordance with relevant laws and regulations.

Currently, the Company's personal information processing trustees and the contents of their work are as follows:
- In the order of the Consignee (Trustee) / Details of Consignment / Personal Information Items / Retention and Use Period.

- Doosoun-cni: Orders, delivery information, optometrist customers/customers, orders, products, inventory information / Until membership withdrawal or termination of consignment contract.
- EMS: Providing services such as product delivery, delivery location, and arrival information / Until withdrawal of membership or termination of consignment contract.
- Toss Payments Co., Ltd.: Simple payment, card payment / Until withdrawal of membership or termination of consignment contract.

7. Rights of users and legal representatives and how to exercise them
a. Users and their legal representatives may view or modify their personal information or that of their children under the age of 14 at any time, and may request to cancel their membership (withdrawal of consent).

b. To view or modify personal information of users or children under the age of 14, users or their legal representatives can use "Edit account information" on MyPage after logging in, and to cancel membership (withdrawal of consent), they can click "Membership Withdrawal" to withdraw from membership directly after going through the identification procedure. Alternatively, if the user or legal representative contacts the Company's personal information protection officer in writing, by phone, or by email, the Company shall take action without delay.

c. If a user requests correction of errors in personal information, the Company shall not use or provide the personal information until the correction is completed. In addition, if the Company has already provided incorrect personal information to a third party, the Company shall promptly notify the third party of the results of the correction process so that the correction can be made.

d. The Company shall handle personal information that has been terminated or deleted at the request of the user or legal representative as specified in the "3. Retention and Use Period of Personal Information" and shall not allow the personal information to be viewed or used for any other purpose.

8. Matters concerning the operation of cookies
In order to provide personalized and customized services, the Company uses "cookies" to store and retrieve user information from time to time. A cookie is a very small text file sent to the user's browser by the server used to operate the Company's website and stored on the user's computer hard disk.

a. Purpose of Using Cookies and Others
To provide targeted marketing and customized services by analyzing the user's access frequency and visiting time, identifying the user's tastes and interests, tracking traces, and identifying the degree of participation in various events and the number of visits.

b. Installation/Operation of Cookies
Users have the option to install cookies. Therefore, users can allow all cookies, check each time a cookie is saved, or refuse to save all cookies by setting options in their web browser.

c. How to Refuse Cookie Settings
To refuse the setting of cookies, users can accept all cookies, confirm each time a cookie is saved, or refuse to save all cookies by selecting the option of the web browser used by the user. However, if the user refuses to install cookies, there may be difficulties in providing the service.

Example of setting method (for Internet Explorer): Tools > Internet Options > Privacy at the top of the web browser


9. About using the TrueDepth API
The Company uses the TrueDepth API to measure the user's facial information for virtual try on. The measurement information is not collected or stored separately and is not shared with third parties.
Users can refuse the use of the TrueDepth API by turning off the camera permission in the application's permission settings. However, if users refuse the permission, there may be difficulties in providing the service.

10. Technical and administrative measures to protect personal information
a. The Company takes the following technical measures to ensure the safety of users' personal information so that it is not lost, stolen, leaked, altered, or damaged when processing personal information.
- Users' personal information is encrypted and protected. However, even though the Company encrypts and protects users' personal information, there is a possibility that it may be unintentionally lost, stolen or leaked to others in the process of using the Internet in public places, etc. Therefore, users must not disclose their personal information to others, such as by leaking, lending, or providing it, and must responsibly manage their personal information against unauthorized collection of personal information by social engineering methods such as phishing. The Company shall not be liable for any loss, theft, leakage, phishing, or disclosure of personal information in such cases.
- Users' personal information is basically protected by password, and important data is protected through separate security functions by encrypting files and transmission data.
- The Company takes protective measures to prevent damage caused by computer viruses by using a vaccine that automatically updates new information at all times, and has personnel on duty 24 hours a day. In the event of a virus infiltration, the system automatically sends a virus infiltration alarm to employees and automatically treats it.
- The Company adopts a security device (SSL or SET) that can safely transmit personal information on the network using cryptographic algorithms.
- The Company operates an intrusion detection and intrusion blocking system from the outside 24 hours a day to prevent users' personal information from being leaked due to intrusion into the Company's information and communication network such as hacking.

b. The Company recognizes the importance of users' personal information and takes the following administrative measures to protect users' personal information, including limiting the number of personal information processing employees to a minimum.
- The Company conducts regular in-house and outsourced training for employees who process personal information on acquiring new security skills and their obligations to protect personal information.
- The Company prevents information leakage by humans in advance by requiring all new employees to submit a security pledge, and has internal procedures in place to monitor the implementation of the Privacy Policy and employees' compliance with it, and to correct or improve violations if they are identified and take other necessary measures. The handover of duties of personal information-related processors is carried out thoroughly while maintaining security, and responsibilities for personal information incidents after joining or leaving the Company are clarified.
- The Company does not mix personal information and general data, but keeps them separated through separate servers.
- The Company has set up specially protected areas such as computer rooms and data storage rooms to control access.
- The Company is not responsible for any mistakes made by individual users or for things that happen due to basic Internet risks. Each user must properly manage and be responsible for their own email and password to protect their personal information.

11. Privacy officer
The Company is committed to ensuring that users have safe access to good information. The Company assumes all responsibility in the event of an accident contrary to the matters notified to users in protecting personal information. However, the Company shall not be liable for any damage to information caused by unexpected accidents caused by basic network risks such as hacking, despite technical complementary measures, and for any disputes caused by posts made by visitors. The persons in charge of handling users' personal information are as follows, and the Company responds promptly and sincerely to inquiries regarding personal information.

Name of Privacy Officer : Kim se min
Position: CEO
Tel: 1522-0416

Name of Person in Charge of Personal Information Protection : Kim dae gu
Position: Head of Personal Information Protection Office
Tel: 1522-0416
Email : cs@rounz.com

12. Privacy complaint service
In order to protect customers' personal information and handle complaints related to personal information, the Company has designated and operates the following department in charge of complaints related to personal information protection.

Personal Information Protection Complaint Department : Choi yoo na in CS Team
Tel : 1522-0416
Email : cs@rounz.com

Users may report all complaints related to personal information protection arising from the use of the Company's services to the person in charge of personal information protection or the department in charge. The Company shall promptly provide sufficient answers to users' reports. If the user needs to report or consult about other personal information infringement, he/she can contact the following organizations:
- Personal Information Protection Commission : www.kopico.go.kr/+82 1833-6972
- kisa : privacy.kisa.or.kr/+82 118
- Supreme Prosecutors' Office : www.spo.go.kr/+82 1301
- National Police Agency : ecrm.cyber.go.kr/+82 182

13. Notice obligations
a. The Company discloses this Privacy Policy and other details of personal information protection on the first page of the service homepage so that users can easily view it at all times.

b. In the event of additional deletion or modification of important contents due to changes in legal policies or security technologies, the Company shall notify the reason and contents of the change through the service homepage before implementing the changed privacy policy.

c. The contents of this Privacy Policy may change from time to time, so users should check it every time they visit the service homepage.

d. Any additions, deletions, or modifications to the current Privacy Policy shall be notified on the ROUNZ website at least 7 days prior to the effective date.

Date of announcement: October 26, 2023
Date of enforcement: October 26, 2023