Privacy Policy

AVAS Company (hereinafter referred to as "Company") values the personal information of users and complies with the "Personal Information Protection Act". This Privacy Policy applies to all services provided by the Company, and the Company has prepared this policy to transparently inform users about how personal information is processed.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use changes, prior consent will be obtained.

• Service provision and operation: The Company processes personal information to provide services requested by users.
• Customer management: Personal information is processed for identity verification, personal identification, complaint handling, etc. related to the use of membership services.
• Marketing and advertising: Personal information may be used for the development of new services and provision of customized services.

Article 2 (Processing and Retention Period of Personal Information)

The Company processes and retains personal information within the period of retention and use of personal information in accordance with the law or within the period of retention and use of personal information agreed upon when collecting personal information from the data subject.

Article 3 (Provision of Personal Information to Third Parties)

In principle, the Company does not provide users' personal information to outside parties. However, the following cases are exceptions:

• When the user has given prior consent
• When there is a request from an investigative agency in accordance with the procedures and methods stipulated by law pursuant to the provisions of the law or for investigative purposes

Article 4 (Rights of Data Subjects)

Users may exercise their rights to view, correct, delete, and request suspension of processing of personal information at any time. The exercise of rights can be done through written documents, email, etc. in accordance with Article 35 of the Personal Information Protection Act, and the Company will take action without delay.

Article 5 (Items of Personal Information Processed)

The Company processes the following personal information items when login functionality is available:

• Required items: Name, contact information, email address
• Optional items: Service usage records, access logs, cookies, etc.

Article 6 (Destruction of Personal Information)

The Company destroys personal information without delay when personal information becomes unnecessary, such as when the retention period of personal information has elapsed or the purpose of processing has been achieved. The procedures and methods of destruction are as follows:

• Destruction procedure: Select personal information for which a reason for destruction has occurred, and destroy the personal information after receiving approval from the person responsible for personal information protection.
• Destruction method: Information in the form of electronic files is deleted using technical methods that make it impossible to reproduce the records.

Article 7 (Measures to Ensure the Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

• Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
• Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, etc.
• Physical measures: Access control to computer rooms, data storage rooms, etc.

Article 8 (Person Responsible for Personal Information Protection)

The Company designates a person responsible for personal information protection as follows to oversee the overall work related to personal information processing and to handle complaints and remedy damages related to personal information processing of data subjects.

▶ Person Responsible for Personal Information Protection

• Name: Jong Hyun Lee
• Position: CEO
• Contact: 031-8025-9071

Article 9 (Changes to Privacy Policy)

This Privacy Policy applies from the effective date, and if there are any additions, deletions, or corrections to changes in accordance with laws and policies, it will be announced through notices from 7 days before the implementation of the changes.

Effective Date: August 29, 2024