Privacy Policy (29-09-2023)

Draftify Inc. (hereinafter referred to as the "Company", or “We”) complies with the personal information protection regulations under the relevant laws and regulations, such as the Act on Promotion of Information and Communication Network Utilization and Information Protection, the Personal Information Protection Act, the Communication Secret Protection Act, and the Telecommunications Business Act.

Through this Privacy Policy, the Company will inform Members(hereinafter referred to as the “Member”, “Members”, or “You”) of the purpose and method of using the personal information provided by the Members and what measures are being taken to protect the personal information.

This Privacy Policy is effective from September 29, 2023.

Section 1 (Items and Methods of Collecting Personal Information)

1.1. Items of personal information collected

1.1.1 The Company is collecting the following personal information.

1.1.1.1 Membership Registration

  • Required items: Name, nickname, contact information (email), third-party service provision information used for social login, consent to age 14 or older, consent to terms of use, consent to personal information processing policy
  • Optional Items : registration path, consent to receive promotional notifications

1.1.1.2 the use of a paid service

  • Required items : Payment Information
    • Card payment: Card name, card number, expiration date, etc.
    • Mobile phone payment: mobile phone number, carrier, payment approval number, etc.
    • Account transfer: Bank name, account number, etc.
    • Simple payment: Payment account information, payment (integrated) password, mobile phone number, date of birth, etc.
  • Optional items : Legal representative information (for minor Membership only)

1.1.1.3 When self-verification is requred,

  • Requiered items: name, date of birth, gender, domestic/foreign, mobile phone number, mobile carrier information or ipin information, identification value (CI, DI, etc.)

1.1.1.4 When using third-party services

1.1.1.4.1 Collection through User consent

  • The Company collects information through official APIs of platforms supported as third parties (Google API or YouTube Data API, Twitch, etc.)
  • Collection through partners/affiliates/agencies, and collection through generated information collection tools

1.1.1.4.2 The following information may be inquired or collected with the user's consent through the YouTube Data API or Google API to provide normal services according to the functions the user wants to use.

  • Creator/Viewer in Common: Login Information, Member Profile
  • Creator: channel information (channel name, channel address, etc.), chat list, subscriber list, Super Chat list, Membership (sponsor) information

1.1.1.4.3 However, for some items, if the individual does not agree to provide information for a specific item or if the platform requests it, it will be accessed or collected except for the corresponding information.

1.1.2 The following information can be automatically generated and collected in the process of using the service or processing the business.

  • IP Address, Cookies, Date and Time of Visit, Service Usage History, Bad Usage History, Device Token, Device Information (model name, os version, device unique number, firmware version, ), carrier information, network location information, automatic update of service applications, remember user information, provide customized advertisements, content and information, monitor the effectiveness of marketing campaigns, monitor and record total site usage, including total number of visitors and access pages, and track user participation in promotions and other activities when installing mobile apps.

1.2 Methods of collecting personal information

The Company collects personal information in the following ways.

  • Home page (Member registration, bulletin board, etc.), mobile, written form, fax, telephone, customer center inquiry, e-mail, event application, delivery request
  • Provided by Affiliates (Partners)
  • collection for the generating information collection tool

1.3 Processing of unique identification information

The Company collects personal information in the following ways.

  • Unique identification information refers to the resident registration number, foreigner registration number, etc. under Section 24 (1) of the Personal Information Protection Act and Section 19 of the Enforcement Decree of the Personal Information Protection Act.
  • The Company collects and processes unique identification information for the following purposes. ( Compliance with obligationsfor settlement, transaction and use of payment services, taxation charges for winners of in-kind prizes, handling complaints, )
  • The collected unique identification information is not used or provided for purposes other than the purpose of collecting personal information, except as stipulated by the Personal Information Protection Act and other laws, and is encrypted and managed safely.

Section 2 (Purpose of Collection and Use of Personal Information)

The Company processes personal information for the following purposes: The personal information being processed will not be used for any purpose other than the following purposes, and if the purpose of use is changed, necessary measures such as obtaining separate consent pursuant to Section 18 of the Personal Information Protection Act will be implemented.

2.1 Fulfillment of contract for service provision and settlement of fees according to service provision

Collection and use of content provision, specific customized service provision, delivery of goods, delivery of bills, etc., identification, purchase and payment of charges, collection of charges, income declaration by the  National Tax Service,   deposit of sponsored  amount settlement,  and smooth service provision.

2.2 Member management

Providing Membership services, personal identification, restrictions on the use of Members who violate the terms of use, sanctions on acts that interfere with the smooth operation of the service and illegal use of the service, confirmation of intention to join, restriction of the number of subscriptions, confirmation of consent of legal representatives when collecting personal information for children under the age of 14, confirmation of consent of legal representatives when paying for minors under the age of 19, later identification of legal representatives, preservation of records for dispute mediation, delivery of notices, and confirmation of intention to leave Membership

2.3 Developing new services and utilizing them for marketing and advertising

Development of new services and provision of customized services, provision of services and advertisement based on statistical characteristics, validation of services, provision of event information and opportunities for participation, provision of advertising information, identification of access frequency, statistics on Members' use of services

Section 3 Period of retention and use of personal information

3.1 The Company may retain and use the collected personal information of the Member while the Member maintains his/her Membership.

3.2 In the event of a Member's withdrawal or disqualification, the Company will delete and destroy the collected Member information even if there is no separate request from the Member. However, despite the withdrawal or disqualification of the Member, the following information will be preserved for the specified period for the following reasons:

3.2.1 Retention of information according to the Company's internal policy

  • Record of Membership information to restrict re-joining of withdrawn Members: 1year
  • Record of Membership information to restrict re-joining of restricted Members and fraudulent Members: 1 year or permanently (saved separately) depending on the restriction period.

3.2.2 Information retention required by related laws

  • Records on display/advertising : : 6 months (the Consumer Protection in Electronic Commerce, etc.)
  • Records on contract or subscription withdrawal, etc.: 5 years (the Consumer Protection in Electronic Commerce, etc.)
  • Records on payment and supply of goods, etc.: 5 years (the Consumer Protection in Electronic Commerce, etc.)
  • Records on electronic financial transactions: 5 years (the Electronic Financial Transactions Act)
  • Records on consumer complaints or disputes: 3 years (the Consumer Protection in Electronic Commerce, etc.)
  • Login records: 3 months (the Communications Secret Protection Act)

Section 4 Right to refusal of  consent and notice of disadvantage of refusal

Members have the right to refuse consent  for the collection and use personal information. However, if Members refuse to consent to the minimum collection and use of personal information necessary for signing and implementing a contract, Members cannot use the service, and if Members refuse to agree to collect and use personal information for marketing activities and public relations, Members may not be provided with information on events and benefits, or may have disadvantages such as providing free gifts and promotions, using affiliated services, applying discounts, and not accumulating points.

※ In addition to the consent of this provision, the Company may provide personal information to third parties as agreed by the Members.

Section 5 Procedures and methods for destroying personal information

The Company shall destroy the information without delay after the purpose of collecting and using personal information is essentially achieved. The procedure and method for destroying the Company's personal information are as follows.

5.1 Destruction Procedure

5.1.1 The information provided by the Member for Membership registration will be transferred to a separate database after the purpose is achieved (a separate document file for paper) and stored for a certain period of time according to the internal policy and other related laws and regulations (see retention and use period) before being destroyed.

5.1.2 Personal information transferred to a separate database is not used for purposes other than retention purposes unless required by law.

5.2 Method of destruction

5.2.1 Personal information stored in electronic file format is deleted using a technical method that cannot reproduce the records.

5.2.2 Personal information printed on paper is crushed with a shredder or destroyed through incineration.

5.3 Expiration date of personal information (dormant account policy)

5.3.1 The personal information of service Members in a dormant state without a service usage record for one year is stored and managed separately from the Member's personal information. However, if there is a request from a dormant service Member, personal information will be provided again when the service is resumed.

5.3.2 The Company will notify the Members of the information by e-mail or e-mail 30 days before the transition to a dormant account.

5.3.3 Personal information stored separately shall not be used or provided unless otherwise specified in other laws and regulations. In addition, personal information stored separately will be destroyed without delay after a certain period (1 year) as specified in the relevant laws and regulations, and the relevant information will be notified to the Members by e-mail 30 days before the destruction.

Section 6 Rights of Members and Legal Representatives and Methods of Exercising the Rights

6.1 Members and legal representatives may view or modify the registered personal information of themselves or children under the age of 14 at any time, and if they do not agree with the Company's processing of personal information, they may refuse consent or request the cancellation of Membership (withdrawal from Membership). However, in such a case, it may be difficult to use some or all of the services.

6.2 To access or modify the personal information of a child under 14 years of age, or for withdrawal (withdrawal of consent), you can click on "Personal Information Change" (or "Modify Member Information," etc.) for modification, or "Withdraw Membership" for withdrawal. After going through the identity verification process, you can directly view, correct, or withdraw. Alternatively, you may contact the personal information management manager in writing or by e-mail, and the Company will take action without delay. The Company verifies whether the person making the request, such as a request for viewing, request for correction or deletion, or request for suspension of processing according to the rights of the government entity., is the requester himself/herself or a legitimate agent .

6.3 If a Member or legal representative requests correction of an error in personal information, the relevant personal information shall not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction processing result without delay so that the correction can be made. The Company processes personal information canceled or deleted at the request of Members as specified in "Section 3. Period of retention and use of personal information" and prevents it from being viewed or used for other purposes.

6.4 A request for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.

Section 7 Matters Concerning the Installation, Operation, Refusal of Automatic Personal Information Collection Devices

The Company operates a "cookie" and other devices that stores and finds Members' information from time to time. A cookie is a  tiny text file sent by a  server that  runs a  Company's  website to a  Member's  browser and is  stored on the  Member's  computer hard disk . The purpose of using cookies and how to reject cookie settings are as follows.

7.1 Purpose of use of cookies, etc.

7.1.1 When a Member visits a website, the website server reads the contents of the cookies stored on the user's hard disk to maintain the Member's preferences and provide customized services.

7.1.2 Cookies do not automatically or actively collect information that identifies individuals , and users can refuse to save or delete these cookies at any time .

7.1.3 They are used to provide users with optimized customized information, including advertisements, by identifying the types of visits and use of services and websites visited by users, popular search terms, security access, news editing, and user size.

7.2 Installation/operation and rejection of cookies

7.2.1 The user has the option to install cookies. Therefore, users can allow all cookies by setting options in a web browser, go through a verification each time they are saved, or refuse to save all cookies.

7.2.2 However, if you refuse to save your cookies, it may be difficult to use some of the services that require you to log in, and in this case, the Company will not be responsible.

7.2.3 The method of specifying whether to allow cookies installation (for Internet Explorer) is as follows. ① [Tools] → [Internet Options] ② [Privacy]Tab → [Privacy Processing Level] Settings

Google Analytics

7.3 For the purpose of providing better services to customers, the Company uses Google Analytics, a web analysis service provided by Google, Inc. (hereinafter reffered to as 'Google'), to analyze and evaluate how customers use the service, understand customer demand, and improve and customize the service to deliver efficient service.

7.4 It can be used by Google Analytics for the purpose of statistics and academic research.

7.5 Processing of information collected through Google Analytics is subject to the Google Privacy Policy and the terms and conditions of Google Analytics service.

7.6 You can disable the use of cookies by selecting the appropriate parameters in your browser. If you don't want to use Google Analytics in your browser, you can install the Google Analytics add-on for your browser on https://tools.google.com/dlpage/gaoptou[t](https://tools.google.com/dlpage/gaoptout) .

Section 8 Provision and sharing of personal information to third parties

8.1 The Company processes the Member's personal information within the scope notified in "Section 2. Purpose of Collection and Use of Personal Information", and provides personal information to a third party only if it falls under Sections 17 and 18 of the Personal Information Protection Act, such as the Member's prior consent and special provisions of the Act, and does not provide the personal information of the data subject to a third party. However, in order to provide smooth service, the Company may use and provide personal information only to the minimum extent necessary with the consent of the Members in the following cases.

8.1.1 When the Member has agreed in advance

8.1.2 Where it is necessary for settlement of accounts related to service provision or events;

8.1.3 Where the relevant personal information is provided to other Members to the extent necessary in connection with the services provided by the Company;

8.2 When the Company is obligated to submit a Member's personal information pursuant to the provisions of the law, or when there is a request from an investigative agency for investigation purposes in accordance with the procedures and methods set forth in the law. B. The Company may provide Members' personal information to  affiliates or share it with them for better service provision.. When providing or sharing personal information with third parties,, the Company will go through the consent process in advance. Members will be informed of the person receiving personal information, the purpose of using personal information, the items of personal information provided, the period of holding and using personal information, the right to refuse consent to provide information, and the disadvantages caused by refusal of consent.

8.3 In order to provide better services and convenience to Members, the Company entrusts the collection, storage, and processing of Members' personal information to other companies as follows within the necessary scope of work under the Member’s consent.

ConsigneePurpose of provisionItems to be providedRetention and Use Period
DAOU DATA Corp.
Payple, Inc.
PaymentWall		Electronic payment agency(Credit card payment) Plasquad  account/ID, Member e-mail, payment amount  (Culture Gift Certificate/Smart Moon Payment) Plasquad  account/ID, Cultureland  Member ID and password, payment amount, Member IP (partial) (Book gift certificate payment) Plasquad  account/ID, Book & Life  Member ID and password, payment amount  (Happy Money  Gift Certificate  payment) Plasquad account/ID, Member IP (partial), Happy Money Member ID and password, payment amount (Cell phone payment) Plasquad account/ID, payment amount, mobile phone number, payment frequent flyer 7 digits, IP, Safety Payment password (partial)5 years as of payment date
Viva Republica Co., Ltd.Electronic payment agencyName, mobile phone number, payment amount5 years as of payment date
Google
YouTube
Twitch		Leveraging third-party APIslogin information, Member profile, channel information, chat list, subscriber list,  Super Chat list, Membership informationFor the duration of the contract to utilize third-party API services
Taxation firm Daeseung, Rio CompanyProcessing of donations and reporting business income of individual business ownersName, resident registration number or foreigner registration number, business number (if you are a business operator), account information (bank, depositor name, account number)At the time of achieving the purpose of processing or until the end of the consignment contract (However, details permitted to be stored under the Framework Act on National Taxes shall be stored for a period prescribed by the Act).
NHN CloudSend SMS in lieu of customersMobile phone numberAt the time of achieving the purpose of processing or until the end of the consignment contract

Even if the purpose of provision is achieved or requested to withdraw, the information necessary for the performance of the contract, such as internal reporting, audit and inspection, cost settlement (claim), etc., shall be retained and used for up to six months after the end of the service, and if non-fulfillment/dispute continues, until the performance is completed/dispute is resolved, and if there are special provisions in related laws such as the Commercial Act, it shall be kept accordingly.

Section 9 Technical and Managerial Protection Measures for Personal Information

The Company is taking the following technical and managerial measures to ensure safety so that personal information is not lost, stolen, leaked, tampered with or damaged in processing users' personal information.

9.1 Technical measures

The Company is taking the following technical measures to ensure safety so that personal information is not lost, stolen, leaked, tampered with or damaged in handling Members' personal information.

9.1.1 Members' personal information is protected by passwords, and important data is protected through a separate security feature by encrypting file and transfer data or by using file lock.

9.1.2 The Company is using a vaccine program to prevent damage from computer viruses. Vaccine programs are updated periodically and, in the event of a sudden outbreak of the virus, they are provided as soon as the vaccine is available, preventing personal information from being compromised.

9.1.3 The Company adopts a security device (SSL or SET) that enables secure transmission of personal information on the network using cryptographic algorithms.

9.1.4 In preparation for external intrusion such as hacking, the Company is making every effort to secure each server by using an intrusion prevention system and a vulnerability analysis system.

9.1.5 When personal information managers and handlers want to access personal information from outside, they use safe access methods such as VPN and security connections, and take measures to check and process personal information so that unauthorized persons such as outsiders cannot access personal information.

9.2 Managerial measures

9.2.1 The Company prepares procedures necessary for accessing and managing Members' personal information so that employees understand and comply with them.

9.2.2 The Company limits access to personal information to the minimum necessary for performing duties by providing each task handler with one account and differentiating permissions. Access to personal information is restricted except for the following tasks except for the following tasks. ①If necessary for security purposes (e.g. bug or abusing) ② if compliance with relevant laws and regulations in the operation of the service ③ if aggregated and used for internal operations in accordance with applicable privacy and legal requirements.

9.2.3 The Company ensures that access rights to personal information are modified or revoked when there is a change in personnel responsible for handling personal information.

9.2.4 The Company provides regular in-house training and outsourced training on the acquisition of new security technologies and personal information protection obligations for employees who handle Members' personal information.

9.2.5 The transfer of personal information-related handlers is carried out thoroughly while security is maintained, and the responsibility for personal information accidents is clarified after joining and leaving the Company.

9.2.6 When processing a Member's personal information using a computer, the Company designates a person with access rights to the personal information, gives the person an ID and password, and regularly updates the password.

9.2.7 When hiring new employees, the Company requires them to sign an information protection agreement or a personal information protection agreement to prevent information leakage by employees in advance In addition, internal procedures are established to audit the implementation of the Privacy Policy and compliance of employees.

9.2.8 The Company requires employees to sign a confidentiality agreement upon retirement so that those who handled the Member's personal information do not damage, infringe or divulge personal information they have learned in their duties.

9.2.9 In order to conclude a service agreementor provide services, the Company takes necessary measures to verify the identity of a Member when collecting or providing information related to payment such as credit card numbers or bank payment account details

9.2.10 In accordance with Section 29-2 (2) of the Information and Communication Network Act and Section 16 of the Enforcement Decree of the same Act, the Company protects the personal information of Members who have not used its services for a period of one year by storing and managing their personal information separately from that of other Members.

9.2.11 The Company is not responsible for incidents resulting from Members' mistakes or the inherent risks of the internet. Members shall properly manage his or her ID and password and take responsibility for it to protect his or her personal information. In addition, It is recommended to avoid using easily guessable passwords and to change change password regularly.

9.2.12 If you access our homepage on a shared PC and log in to another site, make sure to close the homepage after logging out of the service. Otherwise, there is a risk that Members' information such as ID and password may be easily leaked to others through the browser.

9.3 Physical measures

Access is controlled physically and logically by setting computer rooms and data storage rooms as special protected areas.

Section 10 Person in charge of personal information management related to personal information protection work

In order to protect Members' personal information and to deal with complaints related to personal information, the Company designates relevant departments and personal information management officers as follows. Members may report all personal information protection-related complaints arising from using the Company's services to the personal information management manager or department in charge. The Company will respond quickly and fully to the Members' reports.

[Personal Information Protection Officer]

Name: Jeong Yong-cheol

Affiliated: Representative

Position: Representative

[Personal Information Protection Department]

Department: Operation team

Phone: +82-2-6191-0033

Email: contact@draftify.gg

If you need to report or consult on other personal information infringement, please contact the following institution.

  • Personal Information Infringement Reporting Center (Dial 118)
  • Cybercrime Investigation Team of the Supreme Prosecutors' Office (www.spo.go.kr / +82-2-3480-3571)
  • Cyber Security Bureau of the National Police Agency (182, no country code)

Section 11 Obligations to notify

If there is any addition, deletion, or modification to this Privacy Policy, the Members will be notified through "Notices".

Section 12 Changes to the Personal Information Processing Policy

This Privacy Policy will take effect from September 4, 2023. You can find the previous Privacy Policy below.