Privacy Policy

Article 1 (Purpose)
Roomate Co., Ltd. (hereinafter referred to as the 'Company'), in order to protect the information (hereinafter referred to as 'personal information') of individuals (hereinafter referred to as 'users' or 'individuals') who use the services (hereinafter referred to as 'Company services') provided by the Company, complies with the Personal Information Protection Act, Act on the Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the ‘Information and Communications Network Act’), and to ensure prompt and smooth handling of grievances related to the protection of personal information of service users, the Company establishes the following privacy policy (hereinafter referred to as ‘this policy’).
Article 2 (Principles of Personal Information Processing)
Pursuant to the Personal Information Act and this Policy, the Company may collect personal information of users, and the collected personal information may be provided to third parties only with the consent of the individual. However, if legally compelled by the provisions of laws and regulations, the Company may provide the collected personal information of users to third parties without the consent of the individual in advance.
Article 3 (Disclosure of this Policy)
  1. The Company discloses this Policy on the first screen of the Company's homepage or a screen connected to the first screen so that users can easily check this Policy at any time.
  2. When the Company discloses this Policy pursuant to Paragraph 1, the Company uses font size, color, etc. to make it easier for users to check this Policy.
Article 4 (Changes to this Policy)
  1. This Policy may be amended in accordance with personal information-related laws, guidelines, notices, or changes in the policies or contents of government or company services.
  2. When the Company revises this Policy pursuant to Paragraph 1, the Company shall notify in one or more of the following ways:
A. Announcement on the first screen of the Internet homepage operated by the Company or through a separate window
B. C. By notifying users in writing, by e-mail, or similar methods
  1. The Company shall notify users at least 7 days prior to the effective date of the revision of this Policy. However, if there is a significant change in user rights, we will notify you at least 30 days in advance.
Article 5 (Information for Membership Registration)
The Company collects the following information to register you for the Company's services:
  1. Required information: email address, date of birth, encrypted user confirmation value (CI)
  2. Optional information: nationality, name
Article 6 (Information for Payment Services)
The Company collects the following information to provide the Company's payment services to users:
  1. Required information: Card number, bank name and account number
Article 7 (Information for issuing cash receipts)
The Company collects the following information to issue cash receipts to users:
  1. Required information: name of the person to whom the cash receipt is issued, date of birth of the person to whom the cash receipt is issued, and cell phone number
Article 8 (Information for Providing the Company's Services)
The Company collects the following information to provide the Company's services to users:
  1. Required information: email address, date of birth, encrypted user confirmation value (CI)
  2. Optional information: nationality, name
Article 9 (Information for checking service use and illegal use)
The Company collects the following information for statistics and analysis of the user's use of the service and for checking and analyzing illegal use. (Unauthorized use refers to the act of illegally receiving economic benefits such as discount coupons and event benefits provided by the Company, such as repeatedly rejoining after withdrawing from membership, canceling purchases after purchasing goods, etc., acts prohibited by the Terms of Use, illegal acts such as impersonation, etc.)
  1. Required information to be collected: service usage history, access point information, and device information
Article 10 (Method of Collecting Personal Information)
The Company collects personal information of users in the following ways:
  1. The way users enter their personal information on the Company's homepage
  2. The way users enter their personal information through services other than the homepage provided by the Company, such as applications
Article 11 (Use of Personal Information)
The Company uses personal information in the following cases.
  1. When necessary for the operation of the Company, such as the delivery of notices
  2. To improve services to users, such as replying to inquiries and handling complaints
  3. To provide the Company's services
  4. To restrict the use of members who violate laws and company terms and conditions, To prevent and sanction acts that interfere with the smooth operation of the Service, including fraudulent use of the Service
  5. To develop new services
  6. To market the Service, such as announcing events and offers
  7. To analyze demographics, service visits, and usage records
Article 12 (Retention and Use of Personal Information)
  1. The Company shall retain and use personal information for the period of time necessary to fulfill the purpose of collecting and using personal information.
  2. Notwithstanding the preceding paragraph, the Company shall retain records of unauthorized use of the service for up to one year from the time of withdrawal from the membership in order to prevent unauthorized subscription and use.
Article 13 (Retention and use period of personal information in accordance with laws and regulations)
The Company retains and uses personal information as follows in accordance with relevant laws and regulations:
  1. Retention of information and retention period in accordance with the Act on Consumer Protection in Electronic Commerce
A. Records on contract or withdrawal of subscription: 5 years
B. Records on payment and supply of goods: 5 years
C. Records of consumer complaints or dispute handling: 3 years
E. Records on display and advertisements: 6 months
  1. Retention of information and retention period under the Act on Protection of Communications Secrets
A. Website log data: 3 months
  1. Retention of information and retention period under the Electronic Financial Transactions Act
A. Records of electronic financial transactions: 5 years
  1. Act on the Protection and Use of Location Information
A. Records of personal location information: 6 months
Article 14 (Principles of Destruction of Personal Information)
The Company shall, in principle, destroy personal information without delay if it is no longer needed, such as the achievement of the purpose of processing the user's personal information or the expiration of the retention and use period.
Article 15 (Personal Information Destruction Procedure)
  1. The information entered by the user for membership registration, etc. is transferred to a separate DB (separate filing cabinet for paper) after the purpose of personal information processing is achieved, and is stored for a certain period of time (see Retention and Use Period) in accordance with the internal policy and other relevant laws and regulations, and then destroyed.
  2. The Company destroys the personal information for which the reason for destruction has occurred through the approval process of the person in charge of personal information protection.
Article 16 (Method of Destruction of Personal Information)
The Company deletes personal information stored in electronic file form using a technical method that does not allow the record to be reproduced, and destroys personal information printed on paper by shredding or incineration.
Article 17 (Measures for Transmission of Advertising Information)
  1. The Company shall obtain the express prior consent of the User when transmitting commercial information for commercial purposes using electronic transmission media. However, prior consent shall not be obtained in any of the following cases:
A. If the Company has collected contact information directly from the recipient through a transaction involving goods, etc. and intends to transmit commercial information for commercial purposes for the same goods or services as those processed by the Company and transacted with the recipient within six months from the date the transaction ends
B. "When a seller of telephone solicitation under the Act on Door-to-Door Sales, etc. notifies the recipient of the source of personal information collection and makes telephone solicitations through fostering
  1. Notwithstanding the preceding paragraph, the Company shall not send commercial information for commercial purposes if the recipient indicates an intention to opt-out or withdraws prior consent, and shall notify the recipient of the processing results of the opt-out and withdrawal of consent.
  2. The Company shall obtain separate prior consent from the recipient notwithstanding Paragraph 1 when transmitting commercial information for commercial purposes using electronic transmission media during the hours of 9:00 p.m. to 8:00 a.m. the following day.
  3. When the Company transmits commercial information for commercial purposes using electronic transmission media, the Company shall specifically disclose the following items in the commercial information:
A. Company name and contact information
B. Indication of matters concerning the intention to refuse to receive or withdraw consent to receive
  1. The Company shall not take any of the following measures when transmitting commercial information for commercial purposes using electronic transmission media:
A. Measures that prevent the recipient of the advertising information from refusing to receive or withdrawing consent to receive the advertising information
B. Measures that automatically generate the recipient's contact information, such as a phone number or e-mail address, by combining numeric signs or characters
C. Measures that automatically register a phone number or e-mail address for the purpose of sending commercial information for commercial purposes
R. Various measures to conceal the identity of the sender of advertising information or the source of the advertisement
E. Any measure that deceives the recipient into replying to the advertisement for the purpose of sending commercial information for profit
Article 18 (Personal Information Protection of Children)
  1. In order to protect the personal information of children under the age of 14, the Company allows membership only for users over the age of 14.
  2. Notwithstanding Paragraph 1, if the user is a child under the age of 14, the Company shall obtain consent from the child's legal representative to collect, use, and provide the child's personal information.
  3. In the case of Paragraph 2, the Company shall additionally collect the legal representative's name, date of birth, gender, duplicate registration identification information (ID), and mobile phone number.
Article 19 (Withdrawal of Consent to View and Collect Personal Information)
  1. Users and their legal representatives may view or modify their registered personal information at any time and may request the withdrawal of consent to collect personal information.
  2. Users and their legal representatives may contact the personal information protection officer or person in charge in writing, by phone, or by e-mail to withdraw their consent to the collection of their subscription information, and the Company will take action without delay.
Article 20 (Change of Personal Information, etc.
  1. The user may request the Company to correct any errors in personal information through the method in the preceding paragraph.
  2. The Company will not use or provide personal information until the correction of personal information in the case of the preceding paragraph is completed, and if incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the correction can be made.
Article 21 (User's Obligations)
  1. The user shall keep his/her personal information up to date, and the user shall be responsible for any problems arising from the user's inaccurate information.
  2. If the user's personal information is stolen, he/she may be disqualified as a user or punished under the relevant personal information protection laws.
  3. The user is responsible for maintaining the security of his/her e-mail address, password, etc. and may not transfer or lend it to a third party.
Article 22 (Management of Personal Information by the Company)
The Company takes necessary technical and administrative protection measures to ensure the safety of personal information in order to prevent loss, theft, leakage, alteration, damage, etc. when processing personal information of users.
Article 23 (Handling of Deleted Information)
The Company shall handle personal information that has been terminated or deleted at the request of the user or legal representative as specified in the "Retention and Use Period of Personal Information" collected by the Company, and shall not allow access or use for any other purpose.
Article 24 (Encryption of Passwords)
The user's password is stored and managed by one-way encryption, and verification and change of personal information can only be made by the person who knows the password.
Article 25 (Measures against Hacking, etc.
  1. The Company is committed to preventing the leakage or damage of users' personal information due to intrusion into information and communication networks such as hacking and computer viruses.
  2. The Company uses the latest antivirus programs to prevent the leakage or damage of users' personal information or data.
  3. The Company is committed to security by using an intrusion prevention system in case of any eventuality.
  4. When the Company collects and retains sensitive personal information, it ensures that personal information can be transmitted safely on the network through encrypted communication, etc.
Article 26 (Minimization of Personal Information Processing and Training)
The Company limits the number of personal information-related processing personnel to a minimum and emphasizes compliance with laws and regulations and internal policies through administrative measures such as training for personal information processors.
Article 27 (Measures Against Personal Information Leakage, etc.
When the Company becomes aware of the loss, theft, or leakage of personal information (hereinafter referred to as "leakage, etc."), the Company shall notify the user of all of the following items without delay and report it to the Korea Communications Commission or the Korea Internet & Security Agency.
  1. Items of personal information that have been leaked, etc.
  2. When the leakage, etc. occurred
  3. Measures that the user can take
  4. Countermeasures by information and communication service providers, etc.
  5. Departments and contacts where the user can receive consultation, etc.
Article 28 (Exceptions to Measures for Personal Information Leakage, etc.
The Company may take measures to replace the preceding notice by posting it on the Company's homepage for at least 30 days if there is a legitimate reason, such as not being able to obtain the user's contact information despite the preceding notice.
Article 29 (Installation, Operation, and Refusal of Automatic Collection of Personal Information)
  1. The Company uses automatic collection of personal information (hereinafter referred to as 'cookies') to store and retrieve usage information from time to time in order to provide users with individually customized services. A cookie is a small amount of information sent by the server (http) used to operate the website to the user's web browser (including PC and mobile) and is also stored in the user's storage space.
  2. The user has the option to install cookies. Therefore, you can accept all cookies, confirm each time a cookie is saved, or refuse to save all cookies by setting options in your web browser.
  3. However, if you refuse to save cookies, you may have difficulty using some of our services that require you to log in.
Article 30 (How to specify permission to install cookies)
You can set settings such as accepting cookies and blocking cookies through your web browser options settings.
  1. Edge: Settings menu in the upper right corner of your web browser > Cookies and site permissions > Manage and delete cookies and site data
  2. Chrome: Settings menu in the upper right corner of your web browser > Privacy and security > Cookies and other site data
  3. Whale: Settings menu in the upper right corner of your web browser > Privacy > Cookies and other site data
Article 31 (Designation of the Company's Personal Information Protection Officer)
  1. The Company designates the relevant departments and personal information protection officers as follows to protect users' personal information and handle complaints related to personal information.

A. Privacy Officer

1) Name: MinOh Kim

2) Position: CTO

3) Phone number: 010-9566-6385

4) Email: min55555k@gmail.com

Article 32 (Remedies for Infringement of Rights and Interests)
  1. In order to receive relief from personal information infringement, the information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of the Korea Internet & Security Agency. For other personal information infringement reports and consultations, please contact the following organizations:

A. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)

B. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)

C. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)

E. National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

  1. The Company guarantees the information subject's right to self-determination of personal information, and strives to provide counseling and damage relief due to personal information infringement, and if you need to report or consult, please contact the department in charge of Paragraph 1.
  2. A person whose rights or interests have been infringed by a disposition or omission made by the head of a public institution in response to a request under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may file an administrative appeal as prescribed by the Administrative Appeals Act.

A. Central Administrative Appeals Commission: (without area code) 110 (www.simpan.go.kr)

Addendum

Article 1 This policy is effective as of January 1, 2025.