Privacy Policy

MWX (hereinafter referred to as "Company") complies with the relevant legal provisions regarding the protection of personal information under the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the "Information and Communications Network Act"), the Personal Information Protection Act, the Communications Secrecy Protection Act, the Telecommunications Business Act, and other laws that information service providers must comply with, and has established and implemented a privacy policy based on the relevant laws to protect the rights and interests of users.

The Company establishes and implements a privacy policy to protect users' personal information and to handle user complaints related to personal information smoothly. When revising the privacy policy, the Company announces it through the notice section (or individual notice) of the website and mobile application (hereinafter referred to as the "Platform") operated and provided by the Company.

Article 1 Purpose of Collection and Use of Personal Information

Except as otherwise provided by the consent of the user or by law, the Company does not use the user's personal information beyond the scope notified in this Article. The purposes of using the collected personal information are as follows:

1. Member Management: Verification of identity, personal identification, prevention of misuse by bad members and unauthorized use, confirmation of intention to join, limitation on joining and frequency of joining, future verification of legal representatives, record retention for dispute resolution, age verification, complaint handling, notification of important information, etc.

2. Development of Customized Services: Development and specialization of new services (products), improvement of advertising information such as events, satisfaction surveys, provision of services and advertising according to demographic characteristics, extraction of statistics on service usage, development and provision of services according to usage type

3. Pseudonym processing for statistical analysis, scientific research, and public interest record retention

4. Marketing and Advertising Provision (with consent to receive marketing information): Event notifications, service guidance, benefit provision, reward allocation, coupon provision guidance

Article 2 Items and Methods of Collecting Personal Information

1. Items of Personal Information Collected

1) Mandatory Items

2) Optional Items

Additionally, the following information may be collected during the user's platform usage process or business processing:

• When using wire or online counseling: Counseling records (service usage history, wire/online counseling recording content, etc.)

• When using the platform: Device and environment information (IP Address, cookies, visit date and time, device information, etc.)

• When using paid services
  • Mandatory items: Name, date of birth, gender, address, phone number
  • When paying by credit card: Card number (part), card issuer name, etc.
  • When paying by mobile phone number: Mobile phone number, payment approval number, etc.

2. Methods of Personal Information Collection

The Company collects personal information through the following methods:

• Membership registration, application for sub-services, and information collection through the platform

• Collection through payment services

• Collection through identity verification services

• Use of wire or online counseling services

• Event prize participation, delivery requests

• Automatic collection through generated information collection tools

• Automatic collection during service usage process

• Personal or third-party complaints or reports

Article 3 Processing and Retention Period of Personal Information

The personal information processed by the Company is processed within the scope specified for the purpose of collection and use, and the purpose and retention period of the personal information files registered and disclosed under the Personal Information Protection Act and other related laws are separately regulated according to the characteristics of each personal information file. Personal information is generally disposed of when the purpose of collection and use is achieved, but may be retained for a certain period under certain circumstances.

The personal information of members is promptly disposed of when the purpose of collection and use is achieved. However, the Company retains member information even after withdrawal for the following purposes:

• Reason for retention: Prevention of confusion in managing bad service members, service registration and usage, etc.

• Retention period: 1 year

If there is a need to retain information pursuant to the provisions of related laws and regulations, the Company retains member information for a certain period as specified in the related laws and regulations. In this case, the Company uses the retained information only for the purpose of retention.

Records related to contracts or withdrawal of subscriptions

• Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.

• Retention period: 5 years

Records related to payment and supply of goods, etc.

• Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.

• Retention period: 5 years

Records related to consumer complaints or dispute resolution

• Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.

• Retention period: 3 years

Records related to display/advertising

• Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.

• Retention period: 6 months

Records related to identity verification

• Reason for retention: Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.

• Retention period: 6 months

Website visit records

• Reason for retention: Telecommunications Business Act

• Retention period: 3 months

Records related to electronic financial transactions

• Reason for retention: Electronic Financial Transactions Act

• Retention period: 5 years

Article 4 Right to Refuse Consent and Consequences of Refusal

Users have the right to refuse consent for the collection and use of personal information. However, if consent for the minimum necessary collection and use of personal information required for service usage is refused, certain functions based on user location (such as recording current location, searching current location, etc.) may not be available. Also, if consent for the collection and use of personal information for marketing activities and promotions or optional collection and use is refused, users may not receive information about events or benefits, may not receive gifts or promotional items, may not be able to use affiliated services, may not receive discounts, or may not be able to accumulate credits, among other consequences.

Article 5 Procedure and Method of Personal Information Destruction

The Company shall promptly destroy personal information once the purpose of collection and use has been achieved. However, if personal information must be retained in accordance with relevant laws and regulations, it shall be destroyed by irreversibly rendering it unusable after the expiration of the retention period. The procedure and method of personal information destruction by the Company are as follows:

1. Procedure for Personal Information Destruction

The information entered by users is transferred to a separate database (or separate document for paper-based information) after the purpose of collection and use has been achieved, and it is stored for a certain period of time in accordance with internal regulations and other relevant laws and then destroyed immediately. Information transferred to the database is not used for purposes other than those permitted by law.

2. Period of Personal Information Destruction

When the retention period of personal information has expired or when personal information is deemed unnecessary for the purpose of processing due to the achievement of the processing purpose, termination of the service, or termination of the business, the personal information is destroyed without delay (within 5 business days, unless there are justifiable reasons).

3. Method of Personal Information Destruction

For electronically stored information, technical methods such as nullification or randomization for databases and low-level formatting for storage devices are used to irreversibly destroy the information. Personal information printed on paper is shredded or incinerated for destruction.

Article 6 Rights of Users and Methods of Exercising Them

1. Users may at any time access or modify their personal information registered and request access to their personal information.

2. Users may request the suspension of the processing of personal information at any time, except in cases where there are special provisions in the law.

3. Users may withdraw their consent to the collection and use of personal information through the "Withdraw Membership" screen after going through the identity verification process.

4. If a user requests the correction of personal information errors, the information will not be used or provided until the correction is completed. Additionally, if incorrect personal information has already been provided to a third party, the result of the correction will be promptly notified to the third party to ensure that the correction is made.

5. Personal information that has been terminated or deleted at the request of the user is handled in accordance with Article 3 and cannot be accessed or used for any other purposes.

6. Users can directly manage their rights on the "Settings" screen. However, if direct processing is not possible, users may request the exercise of their rights in writing, by phone, or by email to the personal information protection department, and the company will notify them of the method and results of exercising their rights within the period specified by relevant laws and regulations.

7. If a user wishes to delegate the rights under this clause, they must receive delegation from the user and submit the user's proxy to the company.

Article 7 Provision of Personal Information to Third Parties

The Company uses personal information of users within the scope notified in Article 1 and generally does not disclose personal information to external parties without the prior consent of users. However, exceptions may apply in the following cases:

• When the user has agreed in advance to provide it to a third party

• When necessary for payment and settlement of services provided

• When required by law or when there is a request from an investigative agency or supervisory authority according to the procedures and methods prescribed by law for investigation or investigation purposes

• When necessary for statistical processing, academic research, or market research, provided that it is processed in a form that cannot identify specific individuals

Furthermore, if it is necessary to provide personal information to a third party for better service provision, the company will explicitly specify the following: the recipient of the personal information, the purpose of using the personal information by the recipient, the items of personal information provided, the retention and use period of the personal information by the recipient, and the fact that users have the right to refuse information provision and the consequences of such refusal.

Article 8 Measures for Ensuring the Security of Personal Information

The Company takes the following measures to ensure the security of personal information:

1) Access Control to Personal Information: Necessary measures are taken to control access to personal information by granting, changing, or revoking access rights to personal information processing systems, and intrusion prevention systems are used to control unauthorized access from external sources.

2) Preservation of Access Records: Records of accessing personal information processing systems are kept and managed for a minimum of 6 months.

3) Encryption of Personal Information: Personal information is securely stored and managed through encryption. Additionally, important data is encrypted during storage and transmission using separate security functions.

4) Installation of Security Programs and Regular Inspection and Update: Security programs are installed and regularly updated and checked to prevent personal information leakage or damage due to hacking, computer viruses, etc.

Article 9 Department Responsible for Personal Information Protection Business and Personal Information Protection Manager

The Company designates the following departments and personal information protection managers to protect users' personal information and handle complaints related to personal information. Users may report all complaints related to personal information protection when using the Company's services to the personal information management responsible department or contact person. The Company will promptly provide sufficient answers to user complaints.

Personal Information Protection Manager:

• Name: Yoo Seung Hyun

• Position: Head of Service

• Email: jpyujh10@gmail.com

If you need to report or consult about other personal information infringements, please contact the following institutions: - Personal Information Dispute Mediation Committee (http://www.kopico.go.kr/) - Personal Information Infringement Report Center (http://privacy.kisa.or.kr/) - Cyber Safety Bureau of the National Police Agency (http://cyberbureau.police.go.kr/)