[Mirroroid Co., Ltd. Privacy Policy] 

Article 1 (Purpose)

These Terms of Use are for wired/wireless Internet services provided by Mirroroid Korea Co., Ltd. (hereinafter referred to as the “Company”) or online/offline services (hereinafter referred to as “Services;” regardless of the type of wired/wireless terminals that can be accessed, this refers to all available “services” provided by the “Company.”), and was written for the purpose of disclosing matters regarding handling methods, collection methods, sharing, retention, destruction, protection, and use of personal information items within the Services.

When the Company revises its Personal Information Processing Policy, it is notified through a notice on the website, and if individual notification is required, the revision can be sent to e-mail addresses registered in member information.

Article 2 (Items of Personal Information to be Collected and Method of Collection)

The Company collects and processes the following items of personal information using the following methods for membership registration, smooth customer consultation, exchanges between members, and the provision of various services.

① When a user visits and engages in the Services provided by the Company, technical information including the following is automatically transmitted to the Company, and the Company stores it in log files. 

   1. Date and time of visit and duration of use of Services

 2. Information registered by the user (hashtags, content, communications, comments, photos, videos, text, scalp diagnosis results, skin measurement results, country information)

 3. Information about how users are using the app (execution data, device data, function usage, page clicks, log-in information and facial features, photos of faces with eyes, nose, mouth, etc., removed to prevent personal identification)

 4. If you request to "share a photo" via a QR code and KakaoTalk, we will temporarily store your photo in the cloud storage we use to send it to you according to your instructions, in which case we will comply with local laws.

 5. Log information collected automatically, such as PC device information, service access application, automatically generated information, IP address, latest access time, device information, service use record, and bad use record according to the use of the Services

② When signing up for the Services provided by the Company, the Company collects the following information. 

 

   1. Essential information

a. User's SNS (Google, Apple, etc.) account information for login 

b. Required profile information (user's name, phone number, country information, email address)

c. ID, encrypted password 

 

   2. Optional information

a. Optional profile information (gender, date of birth, skin information, profile picture, postal address)

b. Transaction information (credit card information, payment details, purchase details, shipping information, billing information)

c. Additional information you submit to us (e.g., address book or contact list, audio recordings, your responses to our surveys, specific personal information you have provided)

 

③ When installing the app provided by the Company, the Company automatically collects the following information.

  1. Device information (OS type, serial number, hardware information, etc.) browser type, device hardware, operating system, IP address, app version, device location and device unique identifier information, MAC address, mobile network carrier, device model, device resolution SR number and CPU architecture

Article 3 (Purpose of Collection and Use of Personal Information)

 

When signing up for membership, it can be combined with the member's e-mail address and used as information for personal identification.

 

The Company processes personal information for the following purposes, and processed personal information is not used for purposes other than the following purposes. If the purpose of use is changed, we will seek prior consent through a notice in advance.

① Membership registration and management

 

Personal information is processed for the purpose of notices/notifications, grievance handling, record preservation for dispute mediation, etc., confirmation of intention to sign up for membership, identification/authentication for the provision of membership Services, maintenance/management of member qualifications, identification by implementation of a limited identification system, delivery/sending of various notifications, etc.

② Handling civil affairs

 

Personal information is processed for the purpose of verifying the identity of the complainant, confirming complaints, contacting and notifying complainants for factual investigations, notifying processing results, and confirming and responding to opinions and inquiries about the Services.

③ Provision of goods or services

 

Personal information is processed for the purpose of delivering and displaying advertisements and content based on attribute information, terminal information, location information, and action history, providing the Services, providing content, providing customized services, providing identity authentication, and payment/settlement of fees.

④ Use for marketing and advertising

 

Personal information is processed for the purposes of developing new services (products) and the provision of customized services, the provision of event and advertisement information and opportunities to participate, the provision of the Services and advertisements according to demographic characteristics, the improvement of the Services, the development of new services, investigations and analyses of point usage and marketing, conducting campaigns/surveys/monitoring/reporting, checking the validity of the Services, identifying access frequency or statistics, storage, research, and analysis of members' use of the Services.

⑤ Personal video information

 

Personal information is processed for the purpose of crime prevention and investigations.

 

⑥ Others

 

Personal information is processed for the purpose of checking the details of the application and investigating various applications, various multiple applications, transfers of rights, registration of false information, etc., for commercial and exclusive purposes prohibited by the provision and use regulations, etc., of companies using the Services based on the consent and application of members.

Article 4 (Provision of Personal Information to Third Parties)

① The Company provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject and special provisions of the law. The Company provides personal information to third parties as follows.

 

 1. Recipient of personal information: AWS (Amazon Web Service)

 Purpose of using the personal information of recipients: Customer identification ID for face recognition login service, customer face recognition, store identification ID

 

 2. Recipient of personal information: Kakao

 Purpose of using personal information by the recipient: Collecting telephone numbers for photo sharing services

 

② The Company uses the personal information of its members within the scope notified in Article 3 and does not use it beyond the specified range or disclose the it to the outside without the members' prior consent. However, the following cases are exceptions.

 1. Where separate consent is obtained from the data subject 

   2. When there are special provisions in other laws

 3. Where the data subject or his/her legal representative is unable to express his/her intention or prior consent cannot be obtained due to unknown address, etc., and it is clearly deemed necessary for the immediate benefit of the life, body, or property of the data subject or a third party;

 4. Where personal information is used for purposes other than the intended purpose or it is not provided to a third party, if it is impossible to carry out the duties prescribed by other laws and deliberation and resolution have been completed by the Protection Committee;

 5. Where it is necessary to provide information to foreign countries or international organizations for the implementation of treaties and other international agreements

 6. Where it is necessary for the investigation of a crime or the filing or maintenance of a public prosecution

 7. Where it is necessary to carry out the judicial affairs of a court

 8. Where it is necessary for the execution of punishment, custody, or protective disposition;

Article 5 (Personal Information Retention and Use Period)

 

The Company processes and retains personal information within the period of retention and use of personal information according to the law or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.

 

The processing and retention period of each item of personal information is as follows.

 

① Personal information related to service membership registration and management is retained and used for the above purpose of use for up to three years from the date of agreement to its collection and use.

 - Grounds for retention: Agreement to the Company's Terms of Use and Privacy Policy

 - Related laws:

- Records on collection/processing and use of credit information: 3 years

- Records on consumer complaints or dispute handling: 3 years

- Records on payment and the supply of goods: 5 years

- Records on contract or subscription withdrawal: 5 years

- Records on displays/advertising: 6 months

 

② In principle, personal information is stored after the user signs up for membership until withdrawal, and after the user withdraws or the purpose of collecting and using personal information is achieved, the information is destroyed without delay. However, backup copies of the information below may be kept until the following period according to the Company's policy.

 1. Personal information preserved upon withdrawal of membership

  – Retention basis: Prevention of fraudulent use (company internal policy) | Retention period: 1 year after membership withdrawal

 2. Preservation of records related to personal information that can verify identity

  – Retention basis: Act on Promotion of Information and Communications Network Utilization and Information Protection | Retention period: 6 months

 3. Service access record

  – Retention basis: Protection of Communications Secrets Act | Retention period: 3 months

 4. Records concerning the handling of consumer complaints or disputes

  – Basis of retention: Act on Consumer Protection in Electronic Commerce, etc. | Retention period: 3 years

 5. Records on contract or subscription withdrawal, etc.

  – Grounds for retention: Commercial Act, Law on Consumer Protection in Electronic Commerce, etc. | Retention period: 5 years

 6. Records of payment settlements and the supply of goods, etc.

  – Grounds for retention: Commercial Act, Law on Consumer Protection in Electronic Commerce, etc. | Retention period: 5 years

Article 6 (Personal Information Destruction Procedure and Method)

In principle, the Company destroys personal information without delay when the purpose of processing the personal information is achieved. The procedure, time limit, and method of destruction are as follows.

① Destruction procedure

 

The information entered by the user for membership registration and use of the Services is transferred to a separate DB after the purpose is achieved (separate documents in the case of paper) and is stored for a certain period of time or immediately destroyed in accordance with internal policies and other related laws. At this time, the personal information transferred to the DB will not be used for any other purpose unless otherwise required by law.

② Deadline for destruction

 

If the personal information retention period of the user has elapsed, within 10 days from the end of the retention period, when the personal information becomes unnecessary due to the achievement of the purpose of processing the personal information, the abolition of the service, the termination of the business, etc., the personal information will be destroyed within 10 days from the date when processing is deemed unnecessary.

③ Destruction method

- Information in the form of electronic files is destroyed through technical methods that make it impossible to view records, and other printed personal information such as records, documents, and printed materials are shredded with a shredder or destroyed by incineration. If the app is deleted without membership withdrawal, personal information may remain with the service provider. At this time, members must request a separate withdrawal application from the service provider to destroy their personal information.

Article 7 (Matters Concerning the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

 

The Company uses cookies to store and find user information. Cookies are very small text files that the website sends to your computer browser and that are stored on your computer's hard disk.

① Purpose of using cookies

 

Cookies are used to provide personalized services such as targeted marketing, analysis of access frequency or visit times between members and non-members, device identification information (device ID or IMEI) to create account information, identification of usage patterns and areas of interest, traces of tracking, and member location information for displaying the distance between members within the service.

② Installation, operation and rejection of cookies

Users have the option to install cookies, and can refuse to save or delete these cookies at any time.

 

Cookie settings can be set by selecting options for each web browser: 1) allow all cookies, 2) check whenever a cookie is saved, and 3) refuse to save all cookies. The method of setting these cookies differs depending on the web browser, so please refer to the help for each browser for details.

 

 - Internet Explorer: Select Tools Menu > Select Internet Options > Click the Privacy tab > Set Privacy Level

 

 - Chrome : Select Settings Menu > Display Advanced Settings > Select Privacy-Content Settings > Cookie Level Settings

 - firefox : Select Options Menu > Select Personal Information > Visit History-Custom Settings > Cookie Level Settings

 - safari : Select Preferences Menu > Select Privacy Tab > Set Cookies and Website Data Levels

If you refuse to save cookies, you may experience difficulties in using some services, such as services that require logging in.

 

③ Mobile App Advertising Identifier (ADID)

To provide customized advertisements to customers, mobile apps collect and use ad identifiers (ADIDs). The Company automatically collects the service usage history of customers through cookies and advertisement identifiers, and uses it to run customized advertisements. Cookies and advertising identifiers collected by the company are not linked to other personal information and do not identify individuals. Users can refuse to receive these customized advertisements at any time.

Article 8 (Technical/Administrative Protection Measures for Personal Information)

In handling the personal information of members, the company takes the following technical/managerial and physical measures necessary to secure safety in accordance with Article 29 of the Personal Information Protection Act.

① Minimization and training of staff handling personal information

Employees handling personal information are limited to the person in charge, a separate password is given for access, and compliance with the personal information handling policy is always emphasized through regular training for the person in charge.

② Restriction of access to personal information

Access to the database system processing personal information is limited to specific employees, and measures are taken to control access to personal information through the granting, changing, or cancellation of access rights.

③ Encrypted ID and password

The member's personal information is protected by a password, and the ID and password are encrypted and stored and managed so only the member knows, and the ID information does not provide a change function.

④ Protection through other technical devices

We are doing our best to prevent leakage or damage of members' personal information due to hacking or computer viruses. In preparation for damage to personal information, firewalls are used to prevent leakage or damage of members' personal information or data. We are trying to make sure we have all possible technical devices to ensure systemic security.

Article 9 (Movement to Third Party Sites)

① The company may provide users with links to third-party websites or materials. In this case, the company has no control over external sites and materials, so it cannot be held responsible for and cannot guarantee the usefulness of the Services or materials provided therefrom.

② If you click on a link included on the Company‘s website to go to a page on another website, the Privacy Policy and Terms of Use of the Company’s website are irrelevant to the other website, so users should check the policy of the newly visited website and take care not to cause disadvantages or material damage. The user is solely responsible for this.

Article 10 (Rights of Users and Legal Representatives and How to Exercise Them)

 

Rights and obligations of the information subject and his/her legal representative and method of exercising them The users may exercise the following rights as the personal information subject.

 

① The information subject may exercise the right to view, correct, delete, process, or stop providing personal information at any time against the company.

② The exercise of rights under paragraph (1) can be done by writing, e-mailing, or faxing the company pursuant to Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.

③ The exercise of rights pursuant to Paragraph (1) hereof may be done through a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with the form of Attachment No. 11 of the Enforcement Rules of the Personal Information Protection Act.

④ Requests for viewing or suspension of processing of personal information may be restricted according to Article 35 Paragraph 5 and Article 37 Paragraph 2 of the Personal Information Protection Act.

⑤ Requests for correction or deletion of personal information cannot be made if the personal information is specified as a collection target under other laws.

⑥ The Company checks whether the person who made the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing according to the rights of the information subject, is the person or a legitimate agent. If the Company has a legitimate reason to reject a request for viewing or correcting all or part of the user's personal information, it will notify the user and explain the reason.

Article 11 (Privacy Officer)

① The Company is responsible for personal information processing, and designates a person in charge of personal information protection as follows to handle complaints and remedy damages of the information subject related to personal information processing.

▶ Privacy Officer

Name: Kim Young-shin

Position: Development Team Director

Position: Director

Contact Details: 02-6956-3850, info@mirrorroid.co.kr

 

▶ Personal Information Protecting Division

Department Name: Development Team

Person in charge: Director Kim Young-shin

Contact Details: 02-6956-3850, info@mirrorroid.co.kr

 

② Information subjects can inquire about personal information protection related inquiries, complaint handling, damage relief, etc., related to the use of the Company's Services (or business) to the person in charge of personal information protection and the department in charge. The Company will respond to and process inquiries from information subjects without delay.

Article 12 (Remedies for Infringements of Rights and Interests)

 

Subjects of personal information may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Reporting Center, etc., in order to receive aid in cases of personal information infringement. In addition, if you need to report or consult about other personal information infringement, please contact the following organizations.

 - Personal Information Infringement Report Center (www.1336.or.kr / 118 without country code)

 - Information Protection Mark Certification Committee (www.eprivacy.or.kr / 02-580-0533-4)

 - Internet Crime Investigation Center of the Supreme Prosecutors' Office (http://icic.sppo.go.kr / 02-3480-3600)

 - National Police Agency Cyber Terror Response Center (www.ctrc.go.kr / 02-392-0330)

Article 13 (Change of the Privacy Policy)

 

This Privacy Policy is applied from the enforcement date, and in the case of addition, deletion, or correction of changes in accordance with laws and policies, we will notify you through a notice or e-mail seven days before the implementation of the changes, but 30 days prior to enforcement for content that is deemed important.

 

Supplementary Provisions

First implementation: August 11, 2019

Revised date: December 9, 2022.