The application, related services, and websites (collectively, the “Service”) owned and operated by 4up (the “Company”) maintain this Privacy Policy in compliance with the Personal Information Protection Act (PIPA) of the Republic of Korea. This policy is intended to protect users’ personal information and rights and to promptly address any concerns regarding personal information.
If the Company revises this Privacy Policy, the revisions will be announced through Service notices or by individual notification via email.
## 1. Consent to the Collection and Use of Personal Information
The Company collects the minimum personal information necessary to form and perform the service-use agreement, using lawful and fair means. To collect personally identifiable information, the Company provides users with information about the collection and use of personal information at the time of membership registration. Clicking the “Agree” button is deemed consent to such collection and use.
## 2. Purposes of Collection and Use of Personal Information
The Company collects and processes personal information only for the following purposes. Collected personal information will not be used beyond these purposes, and the Company will obtain prior consent if the purpose changes.
1) **Account registration and login management for the website and application**
For verifying intent to register, identifying and authenticating users under the membership service, maintaining and managing membership status, verifying identity under the limited identity-verification system, preventing fraudulent service use, providing notices, handling complaints, and preserving records for dispute resolution.
2) **Handling user inquiries**
For verifying the user’s identity, confirming requests, contacting and notifying for fact-finding, and notifying processing results.
3) **Provision of goods or services**
For service provision, content delivery, and identity verification.
4) **Service improvement**
For developing new services, providing tailored services, providing services based on demographic characteristics or user activity, verifying service effectiveness, analyzing access frequency and user flow, and producing usage statistics.
5) **Marketing and advertising**
For providing event, promotion, and advertising information, offering participation opportunities, and displaying advertisements.
6) **Personal video information**
For crime prevention and investigation, and for the collection, analysis, and provision of location information.
## 3. Categories, Scope, and Methods of Collection
### 1) Personal information collected
The Company collects the following personal information for membership registration, smooth consultation, service provision, and contract fulfillment:
- **Required:** Name, ID (email address), password; for sign-up via SNS: email, name, profile, photo, identification token, member number
- **Optional:** Date of birth, age, gender, mobile phone number
- **Method of collection:** Entered during membership registration and service use within the application or on the website
### 2) Information collected from non-members
For limited service provision, the Company collects the following from non-members:
- **Required:** For mobile phones (smartphones) and mobile devices running a smart OS (e.g., Tablet PCs): model name, unique device identifier (UDID, IMEI, etc.), OS information, mobile carrier
- **Optional:** Personal information directly entered by the user (name, mobile phone number, address, etc.) when participating in online/offline non-member events or contacting customer service for accurate guidance
### 3) Installation, operation, and refusal of automatic data-collection devices
The Company uses cookies that store and frequently retrieve user information in order to provide personalized and customized services. Cookies are small pieces of information stored on the user’s device when the user accesses the application service or visits the website, and which can be read upon revisit. In addition, the following information may be automatically generated and collected during service use or processing:
- **Information collected:** IP address, cookies, access logs, location information, service-use records, error logs, etc.
- **Purpose of use:** To maintain user access sessions and to provide optimized, personalized services through information such as service use, visit behavior, records, and surveys. Access frequency and duration of members and non-members may also be analyzed to identify user preferences and interests for use in targeted marketing.
- **Installation, operation, and refusal:** Web users may allow all cookies, be prompted before each cookie is stored, or refuse all cookies through their browser settings. The application may not support cookie-setting options.
## 4. Retention and Use Period
The Company retains and uses users’ personal information only for the period necessary for its purpose. If the user withdraws consent or the purpose has been achieved, the Company destroys the personal information without delay. However, if retention is required by applicable laws, the Company retains the information for the period prescribed by such laws.
### Records under the Act on Consumer Protection in Electronic Commerce, etc.
| Type of Record | Retention Period |
| --- | --- |
| Records on labeling and advertising | 6 months |
| Records on consumer complaints or dispute resolution | 3 years |
| Records on credit-information collection, processing, and use | 3 years |
| Records on contracts or withdrawal of subscription | 5 years |
| Records on payment and supply of goods, etc. | 5 years |
## 5. Provision of Personal Information to Third Parties
1. The Company provides personal information to third parties only when the data subject has consented or where Articles 17 and 18 of the Personal Information Protection Act otherwise permit, including special provisions of law.
- Recipient:
- Purpose of use:
- Items provided:
- Retention and use period:
2. The Company currently does not provide personal information to any third party.
3. Notwithstanding the foregoing, the following are exceptions:
- Where requested by relevant authorities for investigation, trial, or administrative purposes under applicable laws
- Where requested under procedures prescribed by other applicable laws, including the Act on Confidentiality, the Use and Protection of Credit Information Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act, and the Criminal Procedure Act
## 6. Outsourcing of Personal-Information Processing
1) For smooth processing of personal-information tasks and service provision, the Company may outsource personal-information processing as follows:
- Trustee:
- Contents and purpose of the outsourced work:
- Company name and contact information:
- Retention and use period:
2) The Company currently does not outsource any such tasks. If the contents of the outsourced work or the trustee changes, this Privacy Policy will be updated and disclosed without delay.
## 7. Rights of Data Subjects and How to Exercise Them
As data subjects, users may exercise the following rights:
1) Data subjects may at any time exercise the following rights regarding the protection of personal information:
- Right to request access to personal information
- Right to request correction in case of error
- Right to request deletion
- Right to request suspension of processing
2) The rights under (1) may be exercised in writing, by email, or by facsimile (FAX) using Form No. 8 of the Enforcement Rules of the Personal Information Protection Act, and the Company shall act without delay.
3) If the data subject has requested correction or deletion due to errors, the Company will not use or provide the personal information in question until the correction or deletion is complete.
4) The Company does not accept membership registration from children under the age of 14, who require the consent of their legal guardian. Accordingly, no separate provisions for the rights and handling of legal guardians are maintained.
5) The rights under (1) may be exercised through an authorized agent. In such cases, a power of attorney in the form prescribed by Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
## 8. Destruction of Personal Information
In principle, when the purpose of personal-information processing has been achieved or the retention or processing period has expired, the Company destroys the relevant personal information without delay. The procedures, deadlines, and methods of destruction are as follows:
### 1) Destruction procedure
After the purpose of collection and use has been achieved, personal information entered by the user is transferred to a separate database (or, in the case of paper, separate documents) and is either stored for a certain period under internal policies and other related laws or destroyed immediately. Personal information so transferred is not used for any other purpose unless required by law.
### 2) Destruction deadline
Personal information is destroyed within 5 days from the end of the retention period when such period has expired, or within 5 days from the date the personal information is deemed unnecessary in cases such as achievement of the processing purpose, discontinuance of the service, or closure of the business.
### 3) Destruction method
Personal information printed on paper is shredded, and electronic files are erased using technical methods that prevent record restoration.
## 9. Personal Information Validity Period (Dormant Account Policy)
If a user has not logged in to or used the Company’s services for one year, the personal information of such inactive users will be stored and managed separately from that of active users (converted to a dormant account). The Company will notify the user via email, etc., 30 days before the conversion to a dormant account. Personal information stored separately will not be used or provided except where specifically permitted by applicable law, and will be retained for the period prescribed by applicable law and destroyed thereafter. However, personal information that has not been destroyed will be made available again at the time the user resumes service use, upon the user’s request.
## 10. Personal Information Protection Officer
The Company designates the following Personal Information Protection Officer to take overall responsibility for personal-information processing and to handle complaints and remedies regarding personal-information processing. Data subjects may contact the Personal Information Protection Officer and the responsible department for any inquiries, complaints, or remedies regarding personal-information protection arising from use of the Company’s services. The Company will respond as promptly and adequately as possible to inquiries and reports from data subjects.
- **Officer:** Jibidang Development Team
- **Email:** [email protected]
## 11. Changes to This Privacy Policy
This Privacy Policy applies from its effective date. Any additions, deletions, or corrections due to changes in laws or policies will be announced through notices at least 7 days before the changes take effect.
**Last revised:** March 12, 2024 (Effective: March 12, 2024)