PRIVACY POLICY

X lab., Inc. (hereinafter referred to as the “Company” or the “X lab., Inc.”) complies with the personal information protection provisions under the relevant laws to be observed by information communication service providers, including the Communications Secret Protection Act, the Telecommunications Business Act, the Act Relating to Information Communications Network Use Promotion and Information Protection, etc., and does its best to protect the rights and interests of users by setting forth privacy policies pursuant to the relevant laws.




1. Items of Personal Information to be Collected and Collection Methods


A. Items of Personal Information to be Collected


Firstly, the Company collects the following information when users first subscribe to the membership in order to provide membership subscriptions, smooth customer consultation, and various services.
- Unique device numbers (device IDs or IMEI), local formats

Secondly, in the process of using services, the following information may be automatically created and collected :
- Information on Users’ conditions, photos, cookies, visit dates and times, records of service uses, records of wrongful uses

B. Personal Information Collection Methods


The Company collects the personal information in the following ways :
- Automatically collecting the personal information by implementing or using programs of the X lab., Inc.
- Collecting the personal information by voluntary provisions of the personal information by users while users subscribe to or use the services



2. Purpose of Collection and Use of Personal Information


A. Performance of agreements on provisions of services, and payments of costs for provisions of services


Provisions of content, provisions of specific customized services, delivery of goods, or sending invoices, verifications of IDs, purchases or payments of costs, collection of costs

B. Control of members


To verify identifications for uses of membership services or according to the restricted verification system, to identify individuals, to prevent wrongful uses of undesirable members or unauthorized uses, to verify intents for subscriptions, to limit subscriptions and subscription frequencies, to verify consent by a legal representative to collect the personal information of a child of not more than fourteen (14) years old, to verify the identification of a legal representative afterwards, to retain records for dispute resolutions, to handle civil complaints including handling grievances, to convey notifications

C. Developing new services, Application thereof to marketing and advertisements


To develop new services and provide customized services, to provide services and publish advertisements according to demographic features, to verify the validity of services, to provide information for events or advertisements and provide opportunities to participate, to figure out access frequencies or obtain statistics on the service uses by members



3. Sharing and Provisions of Personal Information


The Company uses personal information of users only within the scope as notified in the “2. Purpose of Collection and Use of Personal Information,” and shall not use or in principle disclose to a third party the personal information of users in excess of the scope without the prior consent of users : provided, however, that exceptions are made in the following cases:


- In the event that users have given a prior consent to the disclosure ; or
- In the event that the disclosure is required under the provisions of laws or requested by

investigative agencies according to the procedures and methods prescribed under the laws for investigation purposes.




4. Delegation of Treatment of Personal Information


A. The Company delegates personal information for improvements of services as follows, and provides the required matters to safely control personal information in entering into a delegation agreement under relevant laws. The Company’s personal information delegated agencies and the content of delegation are as follows :


- Delegates : X lab., Inc.’s delegated matters : establishing and operating systems to provide the services
- Retention and Use Period for Personal Information : until the services are completed or members withdraw from their membership, or a delegation agreement is completed

B. The services specify the obligations to comply with relevant laws relating to personal information protection, maintain secrets on personal information, prohibit personal information from being provided to a third party, assume responsibilities upon the occurrence of an accident, and return or destroy personal information after the delegation period or handling thereof is completed, and manage to ensure that the obligations are complied with.




5. Retention and Use Period for Personal Information


In principle, once the purposes of collection and use of personal information have been fulfilled, the Company without delay destroys the personal information ; provided, however, that the Company retains the personal information during a specified period of time for the following reasons :


A. Reasons for information retention under the Company’s internal policies


- Records on wrongful uses
Reason for retention : preventing wrongful uses
Retention period : one (1) year

B. Reasons for information retention under relevant laws


In the event that it is necessary to preserve personal information under relevant laws including the Commercial Code, the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc., the Company retains the information of members for a certain period of time prescribed under relevant laws. In this case, the Company uses the personal information it retains only for the purpose of preservation thereof, and the retention period are as follows:

- Records on agreements or withdrawals of offers :
Reason for retention : the Act Relating to Protection of Consumers in Electronic Commercial Transactions, etc.
Retention period : five (5) years

- Records on payments and supplies of goods, etc. :
Reason for retention : the Act Relating to Protection of Consumers in Electronic Commercial Transactions, etc.
Retention period : five (5) years

- Records on complaints of consumers or dispute resolutions
Reason for retention : the Act Relating to Protection of Consumers in Electronic Commercial Transactions, etc.
Retention period : three (3) years

- Records on verification of identification
Reason for retention : the Act Relating to Promotion of Information Communications Network and Personal Information Protection
Retention period : six (6) months

- Records on visitations
Reason for retention : the Communications Secret Protection Act
Retention period : three (3) months



6. Destruction Procedures and Methods for Personal Information

The Company in principle destroys the personal information of users without delay if the purposes of collection or use of personal information have been fulfilled. The Company’s destruction procedures and methods for personal information are as follows:


A. Destruction Procedures

- The information entered by users for membership subscription, etc. is to be moved to a separate database, after the purposes have been fulfilled (a separate document in the case of a sheet), and to be destroyed after the information has been saved for a certain period of time according to the information protection reasons under the internal policies or other relevant laws (see the retention and use period for reference).
- The personal information is not used for purposes other than the purpose of being retained unless it is so required by laws.

B. Destruction Methods

- The personal information printed out in sheets is to be shredded by paper shredders or destroyed by way of incineration.
- The personal information saved in an electronic file format is to be deleted with the use of technical methods in which records cannot be regenerated.



7. Rights to Personal Information of Users and Legal Representatives, and the Exercise Methods


- Users or their legal representatives may at any time inquire or change their personal information or the personal information of children of not more than fourteen (14) years old, and may request terminations of subscriptions.

- Users or their legal representatives may change changing the “My Profile” within the services in order to inquire or change their personal information or the personal information of children of not more than fourteen (14) years old, or may directly read, correct their personal information or withdraw from membership by clicking on the “Delete Account” within the services in order to terminate the subscriptions (withdraw their consents).

- Or if users contact the personal information control manager in writing, by telephone or e-mail, the Company will take measures without delay.

- Where a user has requested corrections of errors in the personal information, the Company does not use or provide the personal information until the corrections are completed. Also where the wrong personal information has been already provided to a third party, the Company will make the corrections by giving the third party of the correction handling results without delay. - The Company handles the personal information terminated or deleted upon request of users or their legal representatives as specified in the “5. Retention and Use Period of Personal Information,” and take measures to ensure that the personal information is not read or used for any other purposes.




8. Matters on Installation, Operation, and Rejection of Automatic Collection Instruments of Personal Information


When a user implements services of the X LAB., INC., the Company automatically collects a device identification number (a device ID or IMEI) in order to create account information. In the event that a user refuses to a device identification being automatically collected, the user may not user the services of the X lab., Inc.




9. Technical and Managerial Protection Measures for Personal Information


The Company takes the following technical and/or managerial protection measures to establish security in treating the personal information of users, in order to ensure that the personal information is not lost, stolen. Leaked, altered, or damaged.


A. Measures in preparation of hacking or viruses


The Company uses its best effort to prevent members’ personal information being disclosed or damaged by hackings, computer viruses, etc. The Company frequently backs up materials in preparation of damages of personal information and prevents personal information or materials of users from being leaked or harmed by using the latest vaccine programs, and enables personal information to be safely transmitted on the networks through encoded communications, etc. And the Company controls unauthorized access from the outside by using firewall systems, and makes efforts to have all possible technical equipment to obtain security systematically.

B. Minimizing Treating Employees and Providing Education


The Company allows only authorized persons to treat personal information and for this purpose grants and regularly renews separate passwords, and at all times stresses out their compliance with X lab., Inc.’s privacy policies by frequently providing education to authorized persons.

C. Operation of Exclusive Organization for Protection of Personal Information


And the Company verifies performances of the privacy policies of X lab., Inc. and compliance therewith by authorized persons through its internal organization for protection of personal information, etc., and if it a problem is found out, the Company makes efforts to immediately solve and correct the problem(s); provided, however, that the Company will not take any liabilities for problems that have occurred as personal information has been disclosed due to the members’ own carelessness or problems on the Internet.



10. Contact Information of Personal Information Control Manager and Authorized Manager

You may report to the personal information control manager or the relevant department any complaints relating to all personal information protection incurred in using services of the Company. The Company will promptly give sufficient replies as to reports of users.


Personal Information Control Manager
Name: Paul Cho
Affiliation: X lab., Inc.
Position: CEO
Mail: contentsx@gmail.com

Authorized Person for Personal Information Control
Name: Paul Cho
Affiliation: X lab., Inc. CEO
Phone: +82 10-9565-9583
Mail: contentsx@gmail.com


If you need reports or consultations related to personal information infringements, please ask questions to the following institutions:

- Personal Information Infringement Reporting Center (www.118.or.kr/118)
- Information Protection Mark Certification Committee (www.eprivacy.or.kr/ 02-580-0533~4)
- Internet Crime Investigation Center of Supreme Prosecutors’ Office (http://www.spo.go.kr / 02-3480-2000)
- Cyber Crime Investigative Service of National Police Agency (www.ctrc.go.kr/ 02-392-0330)



11. Duty to Notify

In the event that there is a change in the content of the current privacy policies, the Company will notify the change(s) through the popup screen for notification and follow the designated implementation date.






Date of Notification : June 6, 2017
Date of Implementation : June 6, 2017