We here at AI Friend Co., Ltd. (“we”) care about your privacy and will comply to The Credit Information Use and Protection Act and The Personal Information Protection Act.

We will only collect the information you choose to give us and we will always inform you of how your personal information will be used, stored, and protected.

This policy goes into effect on August 16th, 2019. We will announce any amendments through the notice boards on the company’s official website or individual announcements will be sent out.

Smart Learning and Activation Services Article 1. Purpose of Handling Personal Information [Smart Learning and Activation Services]

1) Company Standards Towards Handling of Personal Information

• Subject : Camera permission
• Requirement : Required
• Purpose : To display AR content on the camera screen
• Period of Retention : Not collected (1 time use for special features)

• Subject : Email address
• Requirement : Required
• Purpose : To provide service and content, user verification
• Period of Retention : Deleted upon cancellation

Article 2. Rights and Obligations of Personal Information

1) At the request of the customer, we will access, modify, withdraw consent, or etc. of the customer’s personal information without delay. Along with being able to access, modify, withdraw consent, or etc. any personal information belonging to any child 14 and under at the customer’s request.

2) If the customer requests a correction in an error to their personal information, the customer’s personal information will not be used or shared until the correction has been made complete. Furthermore, if incorrect personal information was provided to a 3rd party, notification of the error and change will be made as soon as the error has been rectified.

3) If the customer requests to cancel or delete any of their personal information provided, we will do so in accordance to the record retention period set forth at the time of collection. However, in the following cases, under The Personal Information Protection Act, Article 27, the customer’s request may have restrictions or can be rejected in which any case, we will notify the customer without delay.

• Where there exists a special provision in a law or when personal information handling is inevitable in order to comply with statutory obligations.
• Where it is feared that a person’s life and body may be harmed, or a person’s property and other interest may be unduly infringed upon.
• Where it is difficult to execute a contract signed with the information subject, including the provision of a specific service(s), without the handling of personal information, due to the customer’s failure to express their intention to cancel the contract.

Article 3. Security Control Measures

1) In order to prevent any loss, falsification, or breach of personal information that we manage, we will implement rigorous security measures as follows:

• The customer’s personal information will be strictly protected by access rights and passwords. Furthermore, other important data files will be protected and encrypted when transmitted.
• To prevent damage from malware, an automated antivirus software will be updated and intrusion detection and intrusion prevention system will operate to prevent any hacking.

2) We will take the following administrative measures to protect the customer’s personal information:

• We will minimize the number of staff that handles the customer’s personal information and regular security training will be held to ensure the protection of personal information.
• All employees and contractors will sign a non-disclosure agreement to prevent the breach of personal, sensitive, and confidential information of the customer. The employee will be obligated to keep the information confidential and will comply with processing policies and correct any violations. Internal procedures will be put in place to take any other necessary measures.
Article 4. Data Breach Notification

1) In case of a personal information breach, we will notify the applicable customers without delay and the following preparation measures will be taken in order to minimize damage:

• Gather the personal information that was breached
• Describe the nature of the breach
• Consequences of the breach to minimize damage
• Countermeasures and remedies
• In case of damage to the customer, the contact information for the department in charge to file a report

However, if urgent measures need to be taken to minimize the breach, we will notify the customers without further delay to take appropriate action.

2) If the size of the breach exceeds that of what the Presidential Decree has set forth, we will post an announcement on our website, customer center, or notices that will be easily seen for all viewers for at least 30 days.

Article 5. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

1) We utilize a “cookie” to frequently store and search for customer’s personal information. Cookies are small text files that a server uses to operate a website and is sent to the user’s browser and are stored on the user’s computer hard drive. We use cookies for the following purposes:

• Cookies and their use

Cookies analyze the frequency and time of a user’s visit.

2) Users will have the option to install cookies. Therefore, the user may set up the web browser to send a notice every time a cookie is stored, needs to be accepted, or if the user wants to block the installation of a cookie.

• Method for blocking cookies

Example: To block cookies, the user must go into options under their web browser and go to “cookie settings.” The user may choose to allow all cookies, block all cookies, block all third-party cookies, allow only first-party cookies, etc. depending on the type of browser the user is using.

This method is for user’s using Internet Explorer:

Tools (top of the web browser) > Internet Options > Personal Information

It may be difficult for the users to receive any services if all cookies are blocked.

Article 6. Personal Information Complaint Department

1) In order to protect our customers and handle complaints related to personal information, we have designated the following complaint officer.

• Division: Personal Information Management
• Name: Hye-ri Ji
• Department: Marketing / Customer Service
• Job Title: Assistant Manager
• Contact: 031-8071-8071

2) All complaints related to the protection of personal information that may arise from the company’s services can be reported to the division or the department in charge and we will take prompt and sufficient action to respond to the customer’s complaints.

3) If the customer needs to report or consult other matters of infringement on personal information, please contact any one of the following organizations.

• Korea National Police Cyber Bureau(http://cyberbureau.police.go.kr/index.do) ☎ No area code 182
• Personal Information Infringement Report Center(http://privacy.kisa.or.kr)☎ No area code 118
• Personal Information Dispute Mediation Committee(http://kopico.go.kr) ☎ 02-1833-6972