Privacy Policy

“AhnLab Blockchain Company, INC.” (hereinafter “the Company”) regards personal information of users as important and has this Privacy Policy (hereinafter the “Policy”) to take a measurement for protection of personal information in accordance with the Personal Information Protection Act, and to handle users’ complaints related to their personal information.

In case of modification, the Company will make public notice through posting on this website (or individual notice) at least 7 days before the effective date.

1. Personal Information Collected and Method/Purpose of Collection

Purpose of collection

Personal information to be collected, processed by the Company and the purpose of collection are as follows. The personal information will not be used for any other purpose other purposes. If the purposes need to be changed, the Company will acquire a separate consent from users or take other necessary measures.

Purpose

Details

① To sign up for and manage membership

□ Approval on sign-up, identification, management for membership, complaints handling, notification, provision and introduction of benefits, prevention of illegal use and unauthorized use by members or a third party.

② To provide service

□ Identification, personal environment setting, verification of asset history, management of use of service, provision of service and content such as access to and use of third-party service

③ To consult on service and respond to inquiries

□ Securing communication channels to identify users, responding to and resolving complaints and inquires

④ To improve and develop service

□ Product/service development and research, new service research/development/specialization, provision of service based on demographic characteristic, analysis and statistics on access frequency or service use, use of statistical analysis data

⑤ To use for advertising such as marketing

□ Sending information related to service marketing, such as information on events, benefits, and new features, satisfaction survey, recommendation of service, product, and information However, the Company does not transmit advertising information for commercial purposes without the users' prior consent.

Personal information collected

Purpose

Classification

Items

① To sign up for and manage membership

Required

ID, name, email address, age, account password, device password, member identifier, public key, distributed code

② To provide service

Required

- ID, name, email address, member identifier, public key, distributed code, holding asset /transaction details, device information (IP address)

- In case of using the address registration (favorite) service: Registered wallet address and name

③ To consult on service and respond to inquiries

Required

ID, name, email address and other information entered by users

④ To improve and develop service

Required

Service usage record, log data, IP address, country of device or SIM, country, cookie

⑤ To use for advertising such as marketing

Optional

ID, name, email address, log data, IP address, country of device or SIM, service usage record, device information (push ID)

The Company will not collect sensitive information (ideology, belief, admission to or withdrawal from a trade union or political party, political opinions, health, sex life, etc.) that is likely to markedly threaten the privacy of users.

When personal information of users under the age of 14 is unavoidably collected for future use of service, the Company will obtain consent from the legal representative of the child in advance and destroy the information immediately after the related work is completed. The Company will also thoroughly manage personal information while the work is in progress.

Information such as IP address, cookies, service usage records, visiting records of users may be generated in an automated manner and collected during use of service

Method of collection

The Company collects the information of users in a way of the following:

  • Browser, e-mail/homepage, QA board/phone/fax, survey and event etc.

  • Provision by partner companies

  • Tools collecting generated information

The Company has a procedure in which users can select "agree" or "do not agree" for each content of the Company's personal information collection and use agreement.

2. Period of Retention and Use of Personal Information

Period of retention

In principle, the Company retains personal information until users withdraw membership (including loss of membership) and personal information collected for consultation and inquiry is retained for an year from completion of consultation and inquiry process. Provided, however, that if the Company has obtained a separate consent from users, or if investigation or examination is in progress due to a violation of the relevant laws and regulations, the personal information will be stored and used during the agreed or designated period.

Retention under related laws and regulations

The Company will retain personal information, if laws and regulations such as the Act on Consumer Protection in Electronic Commerce impose duties to retain information for a certain period.

  • The Act on the Consumer Protection, in Electronic Commerce, Etc.

    • Records regarding contract or withdrawal of subscription: 5 years

    • Records on payment and supply of goods: 5 years

    • Records on consumer complaint or dispute treatment: 3 years

    • Records on labeling and advertising: 6 months

  • The Act on Use and Protection of Credit Information

    • Records on collection/process, and use of credit information: 3 years

  • The Act on Electronic Financial Transactions

    • Records on electronic financial transaction: 5 years

  • The Act on Protection of Communications Secrets

    • Log records of users such as internet/data detecting the place of user connection: 3 months

    • Other communication confirmation data: 12 months

3. Procedure and Method of Destruction of Personal Information

In principle, the Company destroys personal information of users without delay when the purpose of its collection and use has been achieved. The procedure of method of destruction are as follows (Provided that personal information of users who have no service usage records during designated period under Personal Information Protection Act will be separately stored from other users’ and destroyed 2 years after the separation).

Procedure of destruction

When users request membership withdrawal or lose the membership, information that can identify the users deleted without delay and processed in an unrecoverable or unusable way. Provided, however, if the laws and regulations specified under the Article 2. Period of Retention and Use of Personal Information impose duties to retain information for a certain period, the personal information may be separated by technical means and stored during the designated period.

Unless the relevant laws and regulations require to retain the personal information, the personal information is immediately deleted without delay after the purpose of collection and use of personal information has been achieved. In this case, the personal information will be managed for archiving purposes only.

Method of destruction

Personal information stored in electronic file format is completely deleted using a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by crushing or incineration.

Restriction on destruction

The Company uses the personal information within the scope that prescribed in the Article 1. Personal Information Collected and Method/Purpose of Collection. In principle, the Company does not provide personal information to the outside without the consent of users. However, the personal information is provided to a third party if the user agrees on the provision or it is required by relevant laws and regulations including the Article 17 and 18 of the Personal Information Protection Act.

4. Provision of Personal Information

The Company uses the personal information within the scope that prescribed in the Article 1. Personal Information Collected and Method/Purpose of Collection. In principle, the Company does not provide personal information to the outside without the consent of users. However, the personal information is provided to a third party if the user agrees on the provision or it is required by relevant laws and regulations including the Article 17 and 18 of the Personal Information Protection Act.

The provision of personal information is subject to the consent of users as below.

Receiver

Purpose of Provision

Provided Items

Period of Retention and use

Atomrigs Lab, Inc.

To recover the distributed code To provide service

Distributed Code, member identifier, device password

Withdrawal for membership

5. Entrustment of Personal Information

The Company entrusts work of processing personal information to the outside to provide convenient and better service. The Company also carries out management or supervision on the entrusted party to ensure compliance of relevant laws and regulations.

In case of modification of the entrusted party or work, the Company will make public notice through posting on this website (or individual notice through emailing, telephone calling, SMS, etc.)

The entrusted works in details are below. The entrusted parties may retain and use personal information until the retention period has been expired due to membership withdrawal, expiration of entrustment contract, etc.

Support of the company service

Trustee

Details

Atomrigs Lab, Inc.

Store of distributed code and management of relevant information

Service operation and user support

Amazon Web Services Inc.

Operation of service platform (AWS Cloud Seoul Region)

6. Rights of Users and their Legal Representatives and How to Exercise the Rights

How to view, update and delete through service page

Users are able to view, update, and delete (membership withdrawal) registered personal information at any time. Users can view and update the personal information through “Change Password” in menu.

In addition, if a user no longer intends to use the service of the Company, the user can apply for termination of the service by email address on "About Company" of “About” in menu. The Company will destroy the personal information of the user without delay and inform the user of the completion of the termination after completing the termination of the service according to the user’s request. Provided that, as specified in "2. Period of Retention and Use of Personal Information", the information that needs to be retained under the relevant laws and regulations will be stored for a certain period of time and then completely deleted.

How to view, update and delete by email or phone

Users can send email to address posted on this website to request to view, update and delete personal information at any time. Besides that, users are entitled to request for privacy officer described in Article 9. Complaints relating to Personal Information to view, update, delete personal information and suspend its processing. Legal representative of users and an authorized person can exercise the rights on behalf of the users.

However, if the Company has a justifiable reason to refuse the request for public interest as below, the Company may refuse the request. Within 10 days of refusal, the Company notifies, either verbally or in writing, the reason of refusal and how to object to the owner of personal information.

  • When access is prohibited or restricted by law
  • When it is likely to cause harm to life or body of any other person, or unfairly damages property and other interests of any other person

The Company may verify membership by confirmation of the users’ registered email address and ABC Wallet address, and the person in charge may can identify the users by asking a question or other means.

Protection of personal information of child under 14 years of age

In principle, the Company does not collect personal information from child under 14 years of age. When personal information of child is unavoidably collected for future use of service, the Company may request self-verification of legal representative of the child to acquire to collect information; provided that the Company does not collect personal information of the legal representative of child. The child’s legal representative can exercise the right to view, update and delete the child’s personal information through this website, email, mail, phone. If the child’s legal representative requests the correction of errors in the child’s personal information, the relevant personal information will not be used or provided until the correction is made.

7. Installation and Operation of the Automatic Personal Information Collection Device and its Rejection

Use of cookies

The Company uses cookies where users log in to provide more appropriate and useful services to the users. Cookies are text files that are automatically transferred to the user’s computer when accessing the site of the Company. These cookies are not stored on device and automatically deleted when the users close the browser being used after log-out. Users may choose whether to use cookies or not.

How to reject use of cookies

Users may confirm whether to store cookies each time the cookies are saved by selecting the option of the user’s web browser and refuse to save all cookies. However, users shall understand that, if the users refuse to store the cookies, use of service may be restricted and the users are solely responsible for the restriction.

Example of how to set cookies

  • Chrome: click Settings on the right side of the web browser → click Personal Information and Security → click cookies and data of other sites → click Rejection of Cookies

Google Analytics

The Company is collecting anonymous cookie information (such as demographic data) using Google Analytics, a web analytics service provided by Google, Inc. (hereinafter referred to as "Google") to provide better service to users. It aims to provide efficient services by analyzing and evaluating how users use the Company's services, understanding needs of users, improving and customizing the services and products. The Company does not collect information that identifies individuals through Google Analytics and not combine the information it collects with personal identification information obtained through other channels.

The processing of information collected through Google Analytics is subject to the Google Privacy Policy and the Google Analytics Service Terms and Conditions.

  • Google Analytics Terms of Service
    https://www.google.com/analytics/terms/kr.html

  • Google Analytics Privacy Policy
    https://policies.google.com/privacy?hl=kr

To prevent the data from being used by Google Analytics, users can change the setting as below

  • Guide for turning off Google Analytics:
    https://tools.google.com/dlpage/gaoptout

8. Use of Third-Party Services

The Company may provide users with websites or links to information of other companies, which may enable the users to use services provided by third parties. In this case, the Company disclaims any warranties, whether express or implied, on the service provided by the third parties, and the users shall understand and accept the privacy policy of the third party’s service site.

9. Complaints relating to Personal Information

The Company has designated the following persons as the Chief Privacy Officer to remain responsible for responding to user inquiries regarding personal information and resolving any related complaints. Users can contact the Chief Privacy Officer and exercise the rights to view, update and delete personal information specified in Article 6. Rights of Users and their Legal Representatives and How to Exercise the Rights in accordance with the Personal Information Protection Act.

Information

Chief Privacy Officer

Affiliation

CEO

Name/Position

Suk Kyoon Kang / CEO

Phone

031-722-8000

Email

admin@ahnlab.io

Users can report all personal information protection-related complaints that occur while using the service to the contact information above. The Company will promptly and sufficiently respond to users' reports.

If you need to report or consult on other privacy infringements, please contact the following institutions.

10. Measures for Protection of Personal Information

The Company takes technical, managerial and physical measures for securing safety of personal information as follows:

  • Management of personal information handler
    The Company keeps personal information handlers to a minimum and provides education and training for them.

  • Restriction on access to personal information
    In order to prevent unauthorized external access to personal information, the Company has established the standards for granting, modifying, and canceling access rights to the personal information processing database system, and runs an intrusion prevention system and intrusion detection system.

  • Installation and operation of vaccine program
    The Company installs vaccine software on personal information processing device and uses it to prevent leakage or damage of users' personal information.

  • Encryption of personal information
    The Company stores personal information after encryption or file locking of such information and transmits the personal information by using encrypted communication zone.

  • Access control for unauthorized persons
    The Company has a physically separated storage for personal information processing system and has established/operates access control procedure for it.

Effective Date: August 31, 2022