Rounz Privacy Policy

DeepEye Inc. ("Company") complies with the laws and regulations related to personal information such as the Promotion of Information and Communication Network Utilization and Information Protection Act, Personal Information Protection Act, and is doing its best to protect the rights and interests of users by establishing personal information processing policy. The “Company” will disclose the purpose of the personal information processing policy of the user and how the company uses the personal information in order to protect the personal information. Revisions in the personal information processing policy will be notified through the website announcement (or individual notice). 1. Personal information collected and collection method A. Personal information collected and processed The “Company” collects and analyzes the captured face pictures for virtual wearing of glasses, but does not store them as it immediately deletes the information after analysis. - Required information: None - Optional information: Information required by the “Company” to provide the service B. Collection method The “Company” receives optional information online when users use the service. Users can also request personal information for statistical analysis or offer for the prizes during the surveys or events in the service. However, the “Company” does not collect sensitive personal information (such as race and ethnicity, ideology, creed, place of birth, domicile, political propensity, criminal record, health status, and sex life), and when it is inevitable to collect them, prior consent from the users will be obtained. 2. Purpose of collection and use of personal information A. Development of new services More useful services can be developed based on the personal information provided by users. When developing new services or expanding contents, the “Company” determines the priorities of the services to be developed more efficiently based on the personal information provided by the existing users to the “Company”, and the “Company” can effectively select and provide the contents that are useful to the users. B. Use in marketing and advertising Providing information and customized services according to the development of new services and events, providing services and posting advertisements according to the demographic characteristics, identifying the frequency of access, or the statistics on service uses by members. 3. Duration of retention and use of personal information As a general rule, the “Company” will promptly destroy the personal information of the user when the purpose of collecting and using the personal information is achieved. However, the following information will be retained for the duration specified below for the following reasons. A. Reason for retaining information by the “Company’s” internal policy - Record of illegal use: Prevention of illegal use - Retention period: 1 year from the date of illegal use B. Reason for retaining information by relevant laws - Records on contract or withdrawal of subscription: 5 years (Act on Consumer Protection in the Electronic Commerce Transactions, etc.) - Records of payments and goods supply: 5 years (Act on Consumer Protection in the Electronic Commerce Transactions, etc.) - Records of complaints or disputes of consumers: 3 years (Act on Consumer Protection in the Electronic Commerce Transactions, etc.) - Records of access (log): 3 months (Telecommunications Privacy Protection Act) 4. Procedures and methods of destroying personal information The personal information of the user is promptly destroyed by the following method when the purpose of collecting and using personal information is attained. A. Destroy procedure The information entered by the user for the use of the service is transferred to a separate DB after the purpose is attained (in the case of paper, separate document box), and destroyed after retained for a specified period according to the internal policy and other relevant laws and regulations. Personal information transferred to a separate DB will not be used for any other purposes than what is required by law. B. Destroy method - Personal information printed on paper: Incinerate or shred with a shredder. - Personal information stored in the form of an electronic file: Delete using a technical method that cannot reproduced. 5. Sharing of personal information with a third party The “Company” will share the personal information with third parties within the scope that user agrees to the following notice or express consent when sign up. - Sharing party: ○○○○ Inc. - Purpose: New service development and marketing / advertising - Shared information: New service development and marketing / advertising - ID, name, e-mail address, mobile phone number - Duration of retention and use: Until the membership withdrawal. As a general rule, personal information of the user is not shared externally. However, there are the following exceptions. - Users have agreed in advance - In accordance with the relevant laws and regulations or for the purpose of investigation, if there is a request from the investigating agency in accordance with the procedures and methods prescribed in the laws and regulations. 6. Assignment of Personal Information Processing The “Company” assigns personal information processing for the smooth provision of services. In accordance with the relevant laws and regulations, the “Company” stipulates necessary requirements for the personal information so it can be managed safely when assigned. Current contracted parties for the personal information processing and their duties are as follows. - In the order of - Contracted party (contractor) / Assigned duties / Personal information item / Duration of retention and use - KOREACENTER.COM: Customer information DB system operation (IT outsourcing) / Until withdrawal of membership or termination of assignment contract - Seoul Credit Rating & Information Inc. : Identity authentication / Until withdrawal of membership or termination of assignment contract 7. Rights of users and its legal agent and how to exercise them A. User and its legal agent may, at any time, view or modify the personal information or the personal information of children under the age of 14, and may request to terminate the membership (withdrawal of consent). B. If user contacts the person in charge of privacy, in writing, by phone, or email, the request will be promptly processed. C. If a user requests correction of an error in personal information, it will not be used or shared until the correction is completed. Also, if incorrect personal information has already been shared with a third party, the “Company” will promptly notify the third party so the correction can be made. D. The “Company” processes the personal information that has been terminated or deleted at the request of the user or its legal agent as described in "3. Duration of Retention and Use of Personal Information", and prohibits such personal information from being viewed or accessed for other purposes. 8. Operation of cookies In order to provide personalized and customized services, the “Company” stores 'cookies' that store and retrieve information of users from time to time. A cookie is a very small text file sent to the user’s browser by the server used to run the “Company's” website and stored on the user’s computer hard disk. A. Purpose of using cookies To provide targeted marketing and customized service through analysis of user's frequency of access and time of visit, identification of user's preference and interests, history tracking, frequency of attendance and access to the various events. B. Installation / operation of cookies User has the option to install cookies. As a result, user can allow all cookies by setting options in the web browser, confirm each time a cookie is saved, or decline to save all cookies. C. How to decline cookie settings To decline cookies, by setting options in the web browser, user can confirm each time a cookie is saved, or decline to save all cookies. However, if the user declines to install cookies, there may be difficulties in providing the service. Setup Example (for Internet Explorer): Tools> Internet Options> Privacy at the top of your web browser 9. Technical and administrative measures to protect personal information A. The Company takes the following technical measures to ensure the safety of personal information in order to prevent the loss, theft, leakage, alteration, or damage in handling the user's personal information. - User's personal information is protected through encryption. However, despite the “Company’s” efforts to protect the privacy of users' personal information through encryption, they may be unintentionally lost or stolen or leaked in the process of Internet use in public places. Therefore, users should not disclose personal information to others, lend or share, and should manage their personal information responsibly from unauthorized collection by phishing and other social engineering methods. The Company is not responsible for any loss, theft, phishing, or disclosure of such personal information. - User's personal information is primarily protected by a password, and the file and transmission data is encrypted and important data is protected by separate security function. - The “Company” has staffs on duty 24 hours a day to prevent the damages from computer viruses, using a vaccine that automatically updates the new information at all times. If a virus is detected, it automatically sends a virus intrusion alarm to the staff, and automatically removes it. - The “Company” adopts the security device (SSL or SET) which can securely transmit personal information on the network using the encryption algorithm. - The “Company” operates an intrusion detection and intrusion blocking system from outside for 24 hours a day to prevent the leakage of user's personal information due to an intrusion of company information network, such as hacking. B. The “Company” recognizes the importance of protecting users’ personal information and takes the following administrative measures to limit the number of staffs who can access to users' personal information to a minimum. - Periodic in-house and externally outsourced trainings are conducted for employees who handle personal information, such as obtaining new security technologies and regarding the obligations to protect personal information. - The “Company” is in the process of establishing an internal personal information processing policy which ensures that personal information does not get leaked by human, by requiring the security pledge to all employees, and by monitoring compliance of the employees, and corrects or improves and take appropriate measures if violations occur. The training for the staffs who handle personal information is carried out with a tight security being maintained, and clarifies the responsibility for personal information incidents after joining and leaving the “Company”. - Personal information and general data are not commingled when stored, but are stored on separate servers. - The computer room and the data storage room are set as special protection zone, and the access to the zone is restricted. - The “Company” is not responsible for any mistakes made by users or the incidents primarily arising from the risk of using the Internet. Each individual user is responsible for properly managing its ID and password to protect personal information. 10. Personal Information Protection Officer The “Company” is doing its best to ensure that users can safely access to the quality information. In the event of any incidents that is in violation with the notice to the user in protecting the personal information, the “Company” shall bear all the responsibility. However, in spite of the technological supplementary measures, the “Company” will not be held responsible for any damage caused by unexpected accidents caused by basic network risks such as hacking, and any disputes caused by posts uploaded by the website visitors. Also, as a general rule, Korean laws are applied to the disputes related to personal information protection. The staff responsible for handling the personal information is as follows, and the “Company” will respond promptly and faithfully to the inquiries about personal information. Personal Information Protection Officer Name: Jung Eun Kim Phone: 1522-0416 Email: deepeye@deep-eye.co.kr 11. Customer Service on Personal Information In order to protect customer's personal information and to deal with relevant complaints, the “Company” has designated and operating the Personal Information Protection Department as follows. Personal Information Protection Department: Internet Business Team Jung Eun Kim Phone: 1522-0416 Email: deepeye@deep-eye.co.kr User may report all personal information protection complaints occured in relation to use of the services of the “Company” to the staff in charge of personal information protection or the department in charge. The “Company” will promptly respond to the users' complaints. To report or consult about other privacy complaints, please contact the following organizations. - Personal Information Dispute Mediation Committee (www.1336.or.kr/1336) - Online Privacy Association (www.eprivacy.or.kr/02-580-0533-4) - Internet Crime Investigation Center, Supreme Prosecutors' Office (icic.sppo.go.kr/02-3480-3600) - Cyber Terror Response Center, Korean National Police Agency (www.ctrc.go.kr/02-392-0330) 12. Duty of Notification A. The details of other personal information protection including this personal information processing policy are disclosed on the homepage of the service so that the user can easily review at any time. B. When there are any additions, deletions, or modifications of important contents in accordance with the changes in the relevant laws and regulations or security technology, the reason and details will be notified through the service homepage prior to implementing the revised personal information processing policy. C. The contents of this privacy policy may change from time to time, so please check every time you visit the service homepage. This policy will take effect on April 02, 2018.