Article 1 Purpose of processing personal information

The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the purposes specified below, and if the purpose of use is changed, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act. will be implemented 

Management of customer inquiries

Personal information is processed for the purpose of consultation and provision of services, sending contracts and bills, provision of content and customized services, payment, settlement, and debt collection.

Providing Demo experience in Playground

Personal information inputs from user(s) is processed to provide appropriate contents provided by Demo in Playground.

Use in Marketing and Advertising

Personal information collected from user(s) with prior consent to receiving newsletters and marketing information is processed for the purpose of developing new services (products) and providing customized services, providing information for event and advertisement and providing opportunities for participation, providing services and developing advertisements according to demographic characteristics, verifying the validity of services, understanding the frequency of access, or statistics on members' use of the services.

Article 3 Matters Concerning the Provision of Personal Information to Third Parties

The company shall process the personal information of the information subject only within the scope specified in Article 1 Purpose of processing personal information, and shall provide personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such that the consent of the information subject is obtained and special provisions of the law dictates it.

In case of amendment in contents of the consignment business or the trustee, it will be disclosed through this Privacy Policy without delay.

② The following personal information items may be automatically generated and collected in the course of using the Internet service,

• IP ADDRESS, COOKIES, MAC ADDRESS, SERVICE USE HISTORY, VISIT HISTORY 

③ Others

• The Company does not provide the Services to children under the age of 14 and does not collect personal information in this regard.

• If the purpose and items of the member information processed by the Company change, consent of user will be requested in advance in accordance with relevant laws and regulations

• The Company collects personal information in the following manner and obtains prior consent before collection.

1. By in which users enter their personal information directly online

2. By in which personal information is collected offline such as fairs, conferences, and events.

3. By in which personal information is collected through automatic generation and collection such as cookies, access logs, etc. in the process of using the service

Article 8 Matters Concerning Procedures and Methods for Destroying Personal Information

① The Company, when personal information becomes unnecessary, such as when the retention period of personal information has elapsed or the purpose of processing has been achieved, destroys the personal information without delay.

② If the personal information retention period agreed by the information subject has passed, or if the processing purpose has been achieved but the personal information must be kept in accordance with the following other laws and regulations, the personal information must be stored, the company preserves the personal information by moving it to a separate database (DB) or by changing the storage location.

1) Records of transactions such as display, advertising, contract contents and performance in accordance with the "Act on Consumer Protection in Electronic Commerce, etc."

• Records on display & advertising: 6 months

• Records of supply of contracts or subscription withdrawals, payment, goods, etc.: 5 years

• Records on consumer complaints or disputes: 3 years

2) Storage of communication fact verification data in accordance with the "Protection of Communications Secrets Act"

• Date and time of subscriber telecommunication, start and end time, subscriber number of the other party, number of uses, location tracking data of the originating base station: 1 year

• Computer communication, Internet log recording data, access point tracking data: 3 months

③ The procedure and method of destroying personal information are as follows.

1. Destruction Procedure

The company selects the personal information for which the reason for destruction has occurred, and destroys the personal information with the approval of the person in charge of personal information protection of the company.

2. Method of destruction

The company destroys personal information recorded and stored in electronic file format so that the record cannot be reproduced, and personal information recorded and stored in paper documents is crushed or incinerated.

Article 10 Matters Concerning Installation, Operation and Refusal of Automatic Collection of Personal Information. 

① The company uses 'cookies' that store and retrieve usage information from time to time in order to provide customized services to website users

② Cookies are small amount of information sent by the server (http) used to operate a website to user’s computer browser, and may be stored on the hard disk of user’s PC.

A. Purpose of use of cookies: It is used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by users, popular search terms, security of access, etc.

B. Installation, Operation and Refusal of Cookies: In Internet Explorer, the user can refuse to save cookies through the option settings in the Tools >Internet Options> Privacy menu at the top of the web browser, > in Chrome through the settings menu on the right side of the web browser > the display of advanced settings at the bottom of the screen, the content setting button for personal information, >. 

C.  If the user refuses to store cookies, the user may experience difficulties in using customized services.

③ The company obtains information of user through service sessions. A session is a system file sent from the service server to the user's computer when the user visits the service site, and is a file that stays on the user's computer for a while to maintain the user's connection. These sessions are only used to maintain the current connection and are deleted when the user closes the browser.

④ In the case of mobile device, the Company may collect the user's ADID and IDFA. ADID (Android OS) and IDFA (iOS) are the ad identification values of mobile app users. ADID and IDFA are collected and used to provide customized services and benefits optimized for users, such as online personalized advertising.

1. ADID/IDFA COLLECTION METHOD: Automatically collected when users visit/run the app

2. ADID/IDFA retention/use period:  1 year from the date of collection

3. Method of exercise of user control

   A.  Android: > Settings, Google (Google setting) > Ad > Ad Customization deselect

   B. iOS: Setting > Privacy > Ad> Restrict ad tracking

Article 11 Matters Concerning the Person in Charge of Personal Information Protection

① The company is generally responsible for the business related to personal information processing, and has designated the person in charge of personal information protection as follows for grievances processing and damage relief of the information subject related to personal information processing.

▶ Personal Information Protection Officer

Name: SeongHwan Cho
Position: CISO
Contact: 070-8098-3023, infosec@upstage.ai

▶ Department in charge of personal information protection

Department name: Infra&Security
Person in charge: SeongHwan Cho
Contact: 070-8098-3023, infosec@upstage.ai
 

② The information subject can inquire about all personal information protection inquiries, complaint handling, damage relief, etc. that occur while using the company's services (or business) to the personal information protection officer and the department in charge. The company will respond and handle the inquiries of the information subject without delay.

Article 12 Criteria for Judgment on the Considerations of Each Paragraph of Article 14-2 Paragraph 1 Relating to Additional Use and Provision

The Company, in accordance with Article 15(3) and Article 17(4) of the 「Personal Information Protection Act」, may additionally use and provide personal information without the consent of the information subject in consideration of the matters in accordance with Article 14-2 of the Enforcement Decree of the Personal Information Protection Act.

Accordingly, the company considers the following in order for the company to use and provide additional information without the consent of the information subject.

▶ Whether or not the purpose for which the additional use and provision of personal information is relevant to the purpose for which it was originally collected

▶ Whether or not there is a predictability for further use and provision in light of the circumstances under which the personal information was collected or the processing practices

▶ Whether or not the further use and provision of personal information unreasonably infringes on the interests of the data subject

▶ Whether or not the company has taken the necessary measures to ensure safety, such as pseudonymization or encryption.

Article 13 Department that Receives and Processes Requests for Access to Personal Information

The 'Department in Charge of Personal Information Protection' listed in 'Matters Concerning the Person in Charge of Personal Information Protection' in Article 10 is in charge of request of access to personal information.

Article 14 Remedies for Infringement of Rights and Interests

The information subject may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency's Personal Information Infringement Report Center in order to obtain relief from personal information infringement. In addition, for other personal information infringement reports and consultations, please contact the following organizations.

1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)

2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)

3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)

4. Police Department: (without area code) 182 (cyberbureau.police.go.kr) 

Regarding the request made by the provisions of Article 35 (Viewing of Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act, a person who has been infringed on his / her rights or interests due to a disposition or omission performed by the head of a public institution may request an administrative judgement as provided for by the Administrative Appeals Act. For details on administrative judgments, please refer to the homepage of the Central Administrative Appeals Committee (www.simpan.go.kr).

Article 15 Matters Concerning Changes to the Privacy Policy

This Privacy Policy is effective as of January 10, 2024.
The previous privacy policy can be found below.

• 2023. 05. 10. ~ 2024. 01. 09. ( click )

• Effective for 2023. 02. 03. ~ 2023. 05. 09. ( click )

• Effective for 2022. 11. 03. ~ 2023. 02. 03. ( click )

• Effective for 2022. 04. 19. ~ 2022. 11. 03. ( click )

• Effective for 2022. 01. 01. ~ 2022. 04. 18. (click)

Disclaimer: Governing Law

Please note that this Privacy Policy has been formulated in accordance with the laws and regulations of the Republic of Korea. While it is applicable to our global operations, the policy is primarily governed by South Korean legal standards and practices. Users outside of South Korea should be aware that the policy might reference legal concepts and frameworks specific to South Korea, which may differ from local laws.