Privacy Policy
Here is an overview of our service's Privacy Policy. Please note that this policy may be updated in response to changes in relevant laws, regulations, or guidelines, as well as changes in our service.
Last updated
Here is an overview of our service's Privacy Policy. Please note that this policy may be updated in response to changes in relevant laws, regulations, or guidelines, as well as changes in our service.
Last updated
Mondrian AI Co. (hereinafter "the Company") regards the personal information of users who use the Service operated by the Company, runyour.ai (https://runyour.ai, hereinafter "the Service"), as very important and has the following privacy policy concerning the handling of personal information.
This privacy policy may be updated in accordance with changes in laws or guidelines related to personal information or changes in the Service policy, so please check it regularly when you visit. The Service's privacy policy contains the following:
a. The purpose of the Company collecting personal information is to confirm the user's identity and intention to use the Service in order to provide optimized and customized services. The Company collects only the minimum necessary information required to perform the essential functions of the Service during initial registration. Additional information necessary for payment processing, product delivery, refunds, etc., related to the use of the Service provided by the Company may also be collected.
b. The Company will not use personal information for purposes other than the collection and use purposes or provide it to third parties without the user's consent.
c. The Company may collect and use personal information for the following purposes. However, in cases where the collection and retention of resident registration numbers and bank account numbers are unavoidable under related laws such as the Act on Consumer Protection in Electronic Commerce Transactions, Basic Tax Law, Electronic Financial Transactions Act, and Act on Reporting and Use of Specific Financial Transaction Information, the Company may notify the user and collect such information.
1) Purchasing members / Selling members
| Purpose | Items | |
|---|---|---|
Selling members / users | Confirmation of identity, notification of contract fulfillment and terms changes, handling customer complaints such as confirmation of intention, and public opinion handling | Name, address, ID, password, mobile phone number, email address |
Providing customized services, statistical analysis of service usage records, surveys for new service development and quality improvement | Name, ID, service usage records, device information | |
Selling members | Issuance of tax invoices under Article 32 of the Value-Added Tax Act | Resident registration number |
Provision of product prices and payment services, etc. | Credit card information, bank account information, etc. | |
Seller Service Provision, etc. | Contact person's name, contact information, address |
2) Affiliate Services
When the Company collects additional personal information through affiliates for the purpose of providing affiliate services, it obtains separate consent from the user.
3) Others
During the process of using the Service or processing business, the following information may be automatically generated, collected, stored, combined, and analyzed:
Service usage records (IP address, cookies, visit date and time, etc.) and usage history information: prevention of misuse, prevention of unauthorized use, development of new services, and provision of customized services, etc.
d. When collecting personal information, the Company obtains the user's consent unless there is a legal basis, and does not collect information such as race, place of birth, hometown, ideology, political preferences, criminal records, health status, etc., which may infringe on the user's basic rights, except as provided by law or without the user's consent.
e. The Company enables anyone to join as a member, and does not collect personal information of minors under the age of 19 who require the consent of their legal guardian. However, in cases where consent is obtained from the legal guardian, personal information of users under the age of 19 may be collected and used.
f. The Company may collect personal information through the following methods:
Website, mobile applications, mobile web pages, written forms, fax, phone, customer center inquiries, event entries
Automatic collection through generated information collection tools
g. The Company establishes procedures for users to agree to provide necessary personal information for service use as 'required consent items'. If a user does not agree to provide the necessary personal information for using the service, the Company may refuse to provide the service.
a. The Company generally obtains prior consent from users before providing their personal information to external parties. However, exceptions include the following cases:
When there is a request from investigative or supervisory authorities in accordance with the procedures and methods prescribed by law for investigation purposes or investigations
When necessary for billing settlement purposes
When necessary to protect the urgent life, body, or property interests of users or third parties, even if consent cannot be obtained
b. The Company generally uses or provides personal information to third parties within the scope notified in 'Collection and Use of Personal Information', and does not exceed this scope. However, exceptions include the following cases:
When users have previously agreed to disclose or provide to third parties
When there is a request from investigative or supervisory authorities in accordance with the procedures and methods prescribed by law for investigation purposes or investigations
c. In other cases where it is necessary to provide personal information to third parties, the Company may provide personal information to third parties through proper procedures, such as obtaining consent from users. In cases where it is necessary to provide personal information to third parties for the performance of transactions, the Company may provide personal information by obtaining consent through proper procedures as follows:
| Recipient of sharing | Shared items | Purpose of the recipient's use | Retention and use period |
|---|---|---|---|
Seller/user | ID, name, mobile phone number, customer address | Information and Communication Service Provision Contract and Electronic Commerce (Online Sales) Contract Performance Processing Required for Business | 3 months after the end of service use |
※ However, if there is a need to retain it according to the relevant laws and regulations, it may be retained according to the retention period specified by the law.
d. Users can refuse to consent to the provision of personal information to third parties and can withdraw their consent to provide it at any time. Even if consent is refused, membership services can be used, but the use/provision of related services based on third-party provision may be restricted. Changes in other personal information provided to third parties will be notified separately and announced.
a. In order to provide smooth and enhanced services, the Company may entrust the processing of personal information to third parties. In this case, the Company informs users in advance of all of the following items and obtains their consent. It applies even if any of the following items change.
1) Person receiving the personal information processing outsourcing
2) The nature of the business outsourcing personal information processing
b. The Company may disclose the items under subparagraph (a) above to the public by disclosing them in accordance with the provisions of the Personal Information Protection Policy for the provision of information and communication services, and may entrust the personal information processing to a third party without going through the notice and consent procedures.
c. In relation to the processing of personal information, the Company is currently entrusted with the following tasks and takes necessary measures to ensure that the personal information is securely managed and to check periodically whether the subcontractor complies with its obligation to manage and destroy personal information.
1) Current status of domestic personal information processing outsourcing
| Entrusted company | Content of entrusted work |
|---|---|
NICE Evaluation Information, Korea Credit View Co., Ltd., Toss Payments | Identity verification (real name authentication, real name/account authentication, mobile phone authentication, I-PIN, duplicate registration confirmation information, linkage information verification, credit card authentication) |
Mobilians Co., Ltd., Korea Cyber Payment Co., Ltd., KESNET Co., Ltd., Galaxy Money Tree Co., Ltd., Danal Co., Ltd. | Payment processing (mobile phone, bank transfer, etc.) |
The Company generally retains and uses user personal information for the period notified and agreed upon. If the purpose of collecting and using personal information is achieved or if the user requests disposal, it is disposed of without delay. However, the following information is retained for the specified period for the reasons for information retention specified by the relevant laws.
a. Reasons for retaining information under laws and Company policies
If there is a need to retain the personal information of users according to the provisions of the relevant laws, it is retained in accordance with the law and is not used for other purposes such as marketing.
Reasons for information retention under relevant laws
Protection of Communications Secrets Act | When a court warrant is received and a request from an investigative agency is received | Log records, IP, etc. | 3 months |
Act on Consumer Protection in Electronic Commerce, etc. | Records of handling consumer complaints or disputes | Consumer identification information, dispute handling records, etc. | 3 years |
Records related to payment and supply of goods, etc. | Consumer identification information, contract/withdrawal records, etc. | 5 years | |
Records related to contracts or withdrawals | |||
Framework Act on National Taxes | Calculation of tax exemption period for tax assessment | Tax evidence, etc. | 10 years |
Calculation of statute of limitations for tax collection rights, etc. | For taxable income and reported tax data, etc., | 5 years | |
Value-Added Tax Act | Books, tax invoices, import tax invoices, receipts, etc. | VAT tax standard and declaration data, etc. | 5 years |
Electronic Financial Transactions Act | Confirmation of electronic financial transaction records | Records related to electronic financial transactions, information about the other party, etc. | 5 years |
Act on Reporting and Using Specified Financial Transaction Information | Customer identification obligation | Customer identification information, etc. | 5 years |
Company Policy on Retaining Information
Fraudulent Transaction Records
Retention Reason: Prevention of fraudulent transactions
Retention Period: 5 years
Retention Items: Name, ID, CI/DI, phone number, email address, date of birth
Fraudulent Transactions: Transactions that violate laws, service agreements between the company and users, public morals, or infringe upon the rights or interests of the company, members, or others.
b. The retention and use period of collected personal information starts from the service contract conclusion (membership registration) to service contract termination (withdrawal request, enforced termination included). Upon consent withdrawal, the company promptly destroys personal information except for data stored for a specified period based on the reasons for information retention. If personal information processing is entrusted to a third party, the company instructs them to also destroy the data.
c. Starting from October 2, 2023, personal information of users who have not used the company's services for one year will be notified to users in advance and either destroyed or separately stored based on Article 39-6 of the Personal Information Protection Act. However, according to relevant laws such as the Telecommunications Secrecy Act and the Act on Consumer Protection in Electronic Commerce, etc., if there is a need for preservation, the company preserves the personal information of users for a certain period specified by the relevant laws.
d. The company informs users of the fact that personal information is scheduled to be destroyed or separated and managed, along with the period until expiration, through notices such as announcements and emails at least 30 days prior. For this purpose, users must provide/update accurate contact information with the company.
e. Method of Destruction
Personal information of users is promptly destroyed once the purpose of collection and use has been achieved. Personal information printed on paper is destroyed by shredding or incineration, while personal information stored in electronic file format is destroyed using technical methods that make record retrieval impossible or physical methods.
a. Purpose of using cookies
The company uses 'cookies' to store user information for providing personalized services on the company-operated website. Cookies are small pieces of information that a website server sends to the user's browser and are stored on the user's computer's hard disk.
Through the use of cookies, the company is able to offer specific customized services that would not be possible otherwise.
The company can use cookies to identify members and maintain the member's login status.
b. Installation/Operation and Refusal of Cookies
Users have the option to allow or refuse cookie installation. Therefore, users can adjust options in their web browser to allow/refuse all cookies or to receive confirmation whenever cookies are stored.
Example of cookie refusal settings (in Internet Explorer): Tools at the top of the web browser > Internet Options > Privacy. If cookies are refused, some services provided by the company, such as personalized services, may become difficult to use.
a. Users and legal guardians may access and correct their personal information at any time through the "Information Modification" section of the site. Requests for access, correction, or deletion via email or written request will be promptly processed. If a user's personal information has been provided to or processed by a third party, the user may request its deletion from the company or the third party/processor. However, ID, name, and resident registration number cannot be corrected, except in cases of name change due to marriage or issues related to administrative registration numbers. Correction or deletion may be restricted if prohibited or limited by other laws.
b. Users and legal guardians may request suspension of processing regarding personal information in the service at any time. However, the company may refuse to suspend processing in the following cases:
When there is a special provision in the law or it is necessary to comply with legal obligations.
When there is a risk of harm to another person's life or body, or unfair infringement on another person's property and other benefits.
When it is difficult to perform the contract due to the user's failure to clearly express intent to terminate the contract.
c. Users may withdraw consent for the collection, use, and provision of personal information agreed upon during membership registration at any time. Withdrawal of consent can be done by clicking on "Member Withdrawal" within the company's website, or by contacting us via written or email communication, upon which necessary actions, including deletion of personal information, will be promptly taken. However, if retention of the user's personal information is required by law or terms and conditions, processing may be restricted. In such cases, the user must provide their membership ID and identification information for verification. Withdrawal may result in limited access to certain services or inconvenience.
Users are responsible for protecting their personal information. The company is not liable for problems arising from the transfer, lending, loss of ID, password, access means, or any issues that cannot be prevented through security measures due to the user's negligence or internet-related problems beyond the company's control, such as hacking.
a. Users must keep their personal information up-to-date, and are responsible for any problems caused by inaccurate information input.
b. Users may face loss of membership and legal penalties if they engage in membership registration using others' personal information or misuse IDs for payment processing.
c. Users are responsible for maintaining the security of IDs, passwords, etc., and must not transfer or lend them to third parties. Users must cooperate with periodic password changes for security in accordance with the company's privacy policy.
d. Users must log out of their accounts and close web browser programs after using the company's services.
e. Users must comply with the "Act on Promotion of Information and Communications Network Utilization and Information Protection," "Personal Information Protection Act," "Resident Registration Act," and other relevant laws related to personal information.
The company may provide links to other websites for users. However, this "Privacy Policy" does not apply to the activities of these linked websites regarding the collection of personal information.
The company implements the following technical and managerial safeguards to ensure the security of personal information from loss, theft, leakage, alteration, or damage during processing.
a. Establishment and Implementation of an Internal Management Plan for Personal Information
The company establishes and implements an internal management plan to securely manage and protect users' personal information during processing.
b. Encryption of Personal Information
Users' passwords are stored and managed using one-way encryption, and personal information can only be confirmed or modified by the user who knows the password. Personal information such as name, resident registration number, bank account number, and credit card number is encrypted using secure algorithms for storage and management.
c. Measures Against Hacking
The company operates intrusion detection and prevention systems 24 hours a day to prevent users' personal information from being leaked due to hacking or intrusions into the company's information and communication network. All intrusion detection and prevention systems are operated redundantly to prepare for emergencies. Sensitive personal information is encrypted during transmission over the network to ensure safe communication.
d. Minimization and Training of Personal Information Handlers
The company minimizes the number of personal information handlers and educates them on the importance of personal information protection through various managerial measures.
e. Operation of a Dedicated Privacy Protection Department
To efficiently protect personal information, the company ensures compliance with the privacy policy and promptly corrects any issues identified through regular checks.
f. Safeguards for Access Records and Prevention of Tampering
The company securely stores and manages access records of personal information handlers in the personal information processing system. Regular inspections are conducted to prevent tampering, alteration, or loss of these access records.
The company makes every effort to ensure users can safely use the company's services. Users can report any personal information protection issues related to the company's services, and the company will promptly and sincerely respond to such reports.
🛅 [Privacy Protection Officer]
Name: Hong Dae Yi
Email: runyour@mondrian.ai
Phone: 032-719-7047
FAX: 032-232-1104
※ For further reports or consultations on personal information infringement, please contact the following organizations:
Personal Information Dispute Mediation Committee / www.kopico.go.kr / 1833-6972
Personal Information Infringement Report Center / privacy.kisa.or.kr / (without area code) 118
Supreme Prosecutors' Office Cyber Crime Investigation Center / www.spo.go.kr / (without area code) 1301
National Police Agency Cyber Safety Bureau / https://ecrm.police.go.kr/minwon/main / (without area code) 182
This Privacy Policy may be subject to additions, deletions, or modifications due to changes in relevant laws and guidelines or the company's needs. In such cases, the company will provide prior notice at least 7 days in advance through the website or email. If prior notice is difficult, the company will notify users as soon as possible, and changes will take effect 7 days after notification unless otherwise specified. For significant changes, the company will notify users at least 30 days in advance, and changes will take effect 30 days after notification unless otherwise specified. Additionally, the company may seek separate consent from customers if required by relevant laws.
Effective Date | October 2, 2023
