APRO Korea Co., Ltd (“Company” hereinafter) complies with the personal information protection laws and regulations governing information and communication service providers, including the Act on Promotion of Information and Communication Network Utilization and Information Protection, the Personal Information Protection Act, the Protection of Communications Secrets Act, the Telecommunications Business Act, etc., and has established a privacy policy based on relevant laws and regulations to protect the rights and interests of its users.
This privacy policy applies to the use of APROBIT, a digital asset exchange, and related services (including mobile web/app) provided by the Company, and includes the following.
The contents of this privacy policy are as follows:
Article 1 Significance of Privacy Policy
Article 2 Purpose of Collection and Use of Personal Information
Article 3 What Personal Information is Collected, and How it is Collected
Article 4 Processing and Retention Period of Personal Information
Article 5 Provision of Personal Information to Third Parties
Article 6 Consignment of Handling of Personal Information
Article 7 Rights of Users and Legal Representatives, and How to Exercise the Rights
Article 8 Installation, Operation and Rejection of Automatic Personal Information Collector
Article 9 Personal Information Destruction Procedure and Method
Article 10 Measures to Secure the Safety of Personal Information
Article 11 Contact Information of Personal Information Officer and Security
Article 12 Obligation of Notice
Article 1 Significance of Privacy Policy
The privacy policy is significant, for the following reasons:
The policy provides transparent information related to the life cycle of personal information, such as what information is collected, how the collected information is used, with (to) whom the information is shared (entrusted or provided) as necessary, and when and how the information for which the purpose of its collection has been achieved is destroyed.
The policy informs users of their rights related to their personal information, and how they can exercise such rights.
In the event of an infringement of personal information, the policy informs users of whom to contact and how to get help to prevent further damage and recover from the damage that has already occurred.
Above all, the policy provides a means to protect the user's "right to self-determination of personal information" by defining rights and obligations between the Company and its users in relation to personal information.
Article 2 Purpose of Collection and Use of Personal Information
The company collects personal information for the following purposes. Collected personal information will not be used for any purpose other than the following, and prior consent will be required and obtained when the purpose of the use is changed.
If users agree to the collection of personal information and directly enter their information in the process of signing up and using the service, the Company will collect the personal information.
In the course of consultation with the customer center, the personal information of users may be collected via web pages, mail, fax, or telephone.
Personal information may be collected in writing at offline events, seminars, etc.
Personal information may be provided from external companies or organizations affiliated with the Company, and in such cases, in accordance with the Information and Communications Network Act, the affiliate concerned should provide the Company with the agreement to provide such personal information after receiving it from users.
Generated information, such as device information, can be automatically generated and collected in the course of using the PC web or mobile web/app.
▷ Purposes of use:
1. managing membership,
2. Join, verify identity, limit the number of sign-ups, take action to limit the use of members who violate the terms of use of the APROBIT, prevent acts that interfere with the normal operation of the service, prevent the illegal use of the service, handle complaints, give various notices, confirm intention to withdraw from membership, and keep records for dispute resolution.
3. providing goods or services,
4. Provide the service, provide contents, provide specific customized services, authenticate identity, settle and pay fees, and collect charges,
5. Develop new services (products) and provide customized services, provide services according to statistical characteristics, post advertisements, provide event and advertising information and participation opportunities, guide affiliate services, check the validity of services, understand access frequency, and collect statistics of the service use of members.
▷ Difference between required and optional items
Required items are information that is required to perform the essential functions of the service, while optional items are information that does not affect the use of the service itself, but is additionally collected to provide additional value to the user. The IDs and passwords collected at the time of sign-up are required for login, and the name and date of birth are used to distinguish users for the membership service operation. Mobile phone numbers for sign-up authentication are collected in order to apply restrictions on use when attempting to sign up for illegal purposes, such as posting illegal advertisements. Anyone can sign up as a member without consenting to the collection and use of such optional items, but you may not be able to receive benefits such as various events and promotional marketing information.
Article 3 What Personal Information is Collected, and How it is Collected
Personal information items collected by the company are as follows:
1. Personal information collected at the necessary time, such as membership sign-ups and digital asset transactions
Category |
When it is collected |
What is collected |
Sign-up |
When signing up (level 1 when signing up) |
Email, password and whether to receive event information (optional) |
Additional authentication |
changing information (change mobile phone number) |
A picture of yourself holding your ID card, purpose of authentication |
Changing information (When initializing OTP) |
||
Changing information (change deposit/withdrawal account) |
A picture of yourself holding your ID card, A picture of the first page of bank account confirmed additional deposit |
|
Proof of deposit |
Copy of transactional information, copy of receipt confirmation |
|
Digital asset trading |
Level 2 Authentication by mobile phone |
Name, mobile phone number, date of birth, gender, national information (local or foreigner), subscribed telecommunication company, identity verification information (CI, DI) |
Level 3 Authentication by checking account |
Financial institution name, account information, account holder name and AML(anti-money laundering) statement. |
|
Level 3 Authentication by ID card |
ID card (masking all except name and date of birth) |
|
Level 4 Residential authentication |
Address and transaction information (purpose of authentication, forecast transaction and so on) |
|
Level 5 Authentication by company |
Name of the company, business license, corporate register copy, certification of corporate seal - CEO: name, e-mail address, mobile phone number - person in charge: name, e-mail address, mobile phone number, a picture of the person’s face and ID card, date of birth and address |
|
Foreign transaction and deposit/withdrawal (residents overseas) |
A picture of passport (masking all except name, date of birth), a video of yourself holding your passport, purpose of authentication, mobile phone number and email address when signing up. |
|
Foreign transaction and deposit/withdrawal (resident in Korea) |
A picture of passport, A video of yourself holding your passport, alien registration card, a video of yourself holding your alien registration card, purpose of authentication, mobile phone number and email address when signing up. |
2. Personal information collected in accordance with the laws related to the provision of goods or services
Category |
When it is collected |
What is collected |
Event |
During tax payment |
Name, resident registration number, mobile phone number, ID card copy |
Inheritance |
When dealing with inheritance |
Name, date of birth, home address, mobile phone number, account number, family relationship documents |
Compensation |
When dealing with compensation |
Name, mobile phone number, email address |
Accidental deposit |
For restoration of accidental deposits |
Name, mobile phone number, email address, transaction ID, digital asset wallet address, deposit evidence |
Financial fraud |
For cancellation of transaction suspension |
Name, date of birth, account information, transaction history |
For refund of damage |
Name, date of birth, address, contact information, account number, e-mail, transaction history, details of damage relief application |
|
To report illegal multi-level sales |
Name, contact information, evidence of report to investigation agency, APROBIT wallet address |
3. Information collected automatically during use of the service
Category |
When it is collected |
What is collected |
Items created automatically in the course of use of the service |
When using service |
Terminal information (OS, screen size, device ID, MAC address, UUID), IP address, service usage record, user status information, cookies |
4. How to collect
The Company does not collect sensitive personal information (race or ethnicity, ideology or creed, origin and domicile of origin, political inclination and criminal record, health status and sexual orientation, etc.) that may infringe on users' basic human rights. The Company collects personal information in the following ways:
▷ Applications (PC, mobile, etc.), website, written form, telephone, fax (document facsimile), email, events, customer center
▷ Provision by partner companies
▷ Collection tool for generated information
Article 4 Processing of Personal Information and Retention Period
In principle, the personal information of users is destroyed without delay when the purpose of its collection has been achieved. The following information, however, will be retained for a specified period for the following reasons:
1. Information retention according to relevant laws and regulations
When it is required to preserve personal information in accordance with related laws such as below, the company keeps the member information for the period of time stipulated by the related laws.
Items to retain |
Grounds for retention |
Retention period |
Records on contract or withdrawal of subscription (consumer identification information, contract / subscription withdrawal records, etc.) |
Laws on Consumer Protection in Electronic Commerce |
5 years |
Records on payment and supply of goods, etc. (consumer identification information, contract / subscription withdrawal records, etc.) |
5 years |
|
Records on resolving consumer complaints or disputes (consumer identification information, dispute resolving records, etc.) |
3 years |
|
Records of display advertisements |
6 months |
|
Website visit history (logging records, IP etc) |
Article 12-2 of the Communications Secrets protection Act |
3 months |
Evidentiary documents concerning all transactions prescribed by tax law |
the Framework Act on National Taxes |
5 years |
Article 5 Provision of Personal Information to Third Parties
The Company will use the personal information of users within the scope specified in “1. Purpose of Collection and Use of Personal Information”, and provide personal information to a third party only in accordance with Articles 17 and 18 of the Personal Information Protection Act.
Without the prior consent of the users, the Company will not use personal information beyond the specified scope, and in principle, does not disclose users' personal information to outside parties. Personal information, however, may be used and provided to a third party with caution in the following cases:
1. When there has been a request by an investigative agency in accordance with the procedures and methods prescribed in the laws and regulations
2. Affiliation: The Company may provide users' personal information to affiliates or share it with affiliates in order to provide a better service. In this case, each user will be informed in advance, in writing or by e-mail, of who the affiliates are, what information is to be provided or shared, why such information should be provided or shared, and how and for how long such information will be protected and managed. Furthermore, the personal information will not be provided to or shared with affiliates until such is agreed to by each of the users. When there is a change in the affiliation or when the affiliation is closed, the user will be notified or asked for consent through the same procedure.
3. Sale, M&A, etc.: When all or part of the business is transferred, or when the rights and obligations of the service provider are transferred due to merger or inheritance, the users must be notified in order to guarantee their rights related to personal information protection.
4. When it is significantly difficult to obtain ordinary consent for economic and technical reasons, and the personal information necessary for the execution of the contract regarding the provision of services
5. When necessary to settle the fees for service provision
6. When specially provided by other laws such as the Communications Privacy Protection Act, the National Tax Act, the Act on the Promotion of Information and Communications Network Utilization and Information Protection, the Act on Financial Real Name Transactions and Confidentiality, the Act on the Use and Protection of Credit Information, the Framework Act on Telecommunications, the Telecommunication Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, and the Criminal Procedure Act. However, even if there is a special provision in the law and an administrative authority or an investigative agency requests the provision of a user’s personal information for administrative or investigation purposes, the personal information will be provided not unconditionally but in accordance with legitimate procedures, such as a warrant or officially stamped document.
Article 6 Consignment of Handling of Personal Information
1. For efficient personal information processing, the Company entrusts other companies with the processing of personal information, and manages and supervises them to ensure the relevant laws are not violated.
2. Members have the right to refuse to consent to the entrustment (provision) of personal information. However, members who refuse to consent may be restricted from using the service.
3. The companies entrusted with processing personal information by the Company and the relevant information and use period are as follows.
- Domestic consignment enterprise
Consigned companies |
Purpose of consignment |
Period of use of personal information |
Add-Up |
Customer consultation solutions and maintenance related to APROBIT service |
Until the withdrawal of membership or termination of entrustment contract |
COOCON |
Lv.3 security verification procedure for membership level change |
|
KG Mobilians |
Lv.3 security verification procedure for membership level change |
- Foreign consignment enterprise
Consigned companies |
Country |
Consignment purpose |
Consigned item |
Retention and use period |
Date and method of consignment |
Twilio |
The United State |
Self-authentication when signing up for overseas membership |
mobile phone number |
Do not save separately (destroy all after authenticating identity) |
Send date through the information and communications network with foreign members sign up. |
▷ When signing a contract, the Company specifies matters of responsibility in the contract, such as the prohibition of processing personal information other than for the purpose of performing entrusted work, technical and administrative protection measures, restrictions on subcontract, supervision of contractor, and compensation for damages, and checks whether the contractor handles personal information safely.
▷ When an entrusted service or contractor is added or changed, it will be disclosed without delay according to the personal information policy.
Article 7 Rights of Users and Legal Representatives, and How to Exercise the Rights
1. Users can exercise their right to view, correct, and delete their personal information and to request the suspension of processing of their personal information at any time. A user’s exercise of the right to view, correct, and delete personal information and to request to stop processing personal information may be limited in accordance with the relevant laws and regulations such as Article 35 (4), Article 36 (1), and Article 37 (2) of the Personal Information Protection Act.
2. Users can exercise their rights in writing, by email, or by fax in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the Company shall take appropriate measures without delay.
3. The exercise of rights pursuant to paragraph (1) may be done by the user's legal representative or by an authorized agent. In this case, a power of attorney must be submitted in accordance with Form 11 of the Enforcement Rules of the Personal Information Protection Act.
4. A request for the correction or deletion of personal information cannot be accepted if the personal information is specified as a collection target in other laws and regulations.
5. The Company will verify whether the person who makes a request to view, correct, delete, or suspend the processing of personal information according to the user rights is the principal or a legitimate agent.
Article 8 Installation, Operation and Rejection of Automatic Personal Information Collector
The Company uses 'cookies' that store and retrieve member information from time to time in order to provide personalized and customized services to each user.
Cookies are very small text files to be sent to the users' browsers by the website server and stored on the hard disks of users' computers.
When a user makes a subsequent visit to the website, the website server maintains the user's preferences and provides customized services by reading the contents of the cookie stored on the user's hard disk. Cookies do not automatically and actively collect personally identifiable information, and users may refuse or delete these cookies at any time.
▷ Purpose of using cookies
Cookies are used to provide users with a faster web environment and more convenient service by saving users' preferences. Users can properly conveniently use the service through cookies.
▷ How to refuse cookies
Users are given the option to install cookies. To exercise this option, users may set their web browsers either to allow all cookies, to check every time a cookie is stored, or to refuse all cookies.
Procedure for setting cookies by web-browser is as follows.
- Internet Explorer: Select Tools menu > Select Internet Options > Click the Privacy tab > Advanced
- Chrome: Select Setup Menu > Select Advanced Settings > Privacy and Security > Site Settings > Cookies and Site Data Settings
- Firefox: Select Option > Select personal information > visit history - Customization setting > Cookie level setting
- Safari: Select Option menu > Select personal information > Set cookie and website data level
However, if you disagree to install cookies, it may be difficult to use some services that require login.
Article 9 Personal Information Destruction Procedure and Method
In principle, once the purpose of the collection of personal information is achieved, the Company destroys the personal information of users without delay. The destruction procedure, schedule and method are as follows.
1. Destruction procedure and time
The information entered by users is destroyed after being stored for a certain period of time by separating DB (physical or logical) (separate documents in case of paper) in accordance with the internal policy other relevant laws and regulations, and then destroyed. In this case, personal information transferred to the DB will not be used for any other purpose under the law.
Once the purpose of collection of the personal information entered by users for service subscription has been achieved, such as on the termination of the service, the personal information will be destroyed immediately after the retention period specified by the internal policy and other related laws for the protection of information (see the retention and use period of personal information above). In general, if there is no remaining claim-obligation relationship, personal information collected at the time of membership sign-up and managed in the form of an electronic file is immediately deleted upon withdrawal from membership.
2. Destruction method
Personal information printed on paper will be shredded by a shredder or destroyed by incineration or chemical treatment, and personal information stored in the form of electronic files will be deleted using a technical method that prevents its recovery.
3. When and how to store separately.
If the service has not been used for 1 year according to the ‘Personal Information Validation Period’, the user’s account is converted to a dormant account. The personal information of dormant members is kept separately, and is managed by applying access restrictions and security. Additionally, the company notifies the users of the information by email 1 month prior to the date of separation of separation or storage of personal information.
Article 10 Measures to Secure the Safety of Personal Information
To prevent users' personal information from being lost, stolen, leaked, falsified or damaged, the Company is taking the following technical, administrative, and physical measures:
1. Administrative protection measures
▷ Establishment and implementation of internal management plan
- Designation of a personal information protection officer
- Specification of roles and responsibilities of personal information protection officer and personal information handlers
- Measures necessary to ensure the safety of personal information
- Education and training of personal information handlers and contractors
- Other matters necessary for the protection of personal information
▷ Regular self-auditing
- Separation of duties between personal information protection officer and auditor
- Specification of roles and responsibilities of personal information auditor
- Regular self-auditing to ensure the safety of handling personal information
▷ Training of handling staff
We always emphasize compliance with the personal information processing policy through frequent training for the person who in charge.
2. Technical protection measures
▷ Password encryption
The user password is stored and managed in encrypted form, so only the user knows the password and can verify the personal information.
▷ Countermeasures against hacking
The Company is committed to preventing the personal information of members from being leaked or damaged by hacking or computer viruses. The Company backs up data from time to time to prepare for any potential damage to personal information, and safely transmits personal information over the network through encrypted communication. In addition, the Company controls unauthorized access from the outside using an intrusion prevention system and attempts to provide all possible technical means to ensure systemic security.
▷ Minimal handling staff and training
One user account is assigned to each person who in charge with access to the personal information processing system to the minimum extent necessary for performing duties.
▷ Personal ID and password management
In principle, the user ID and password are to be used only by the user. The Company is not responsible for any problems arising from a user's own exposure of his/her personal information such as ID, password, or mobile phone number due to carelessness or the basic risks of the Internet.
As the security of your password is important, please change it frequently, and take special care to avoid the exposure of your personal information when logging in from a public PC.
▷ Antivirus software
The Company operates security programs such as anti-virus software that can prevent and handle malicious programs on the personal information processing system or business computers, uses the automatic update function of security programs, and periodically checks the terminals (PCs).
3. Physical protection measures
The Company establishes and operates procedures to control access to physical storage facilities, such as computer rooms and data storage rooms, that store personal information, and stores and manages documents and auxiliary storage media that contain personal information in a secure place with a lock.
Article 11 Contact Information of Personal Information Officer and Manager
The Company has designated a personal information protection officer who is responsible for the handling of personal information and in charge of resolving complaints from users and damage related to personal information handling.
1. The Company takes the protection of users' personal information very seriously and is striving to prevent users' personal information from being damaged, infringed or leaked. The Company, however, is not responsible for any information damage caused by an unexpected accident that occurs due to basic network risks such as hacking despite the technical complementary measures taken by the Company, as well as for any dispute involving posts made by visitors.
2. Any user who has any questions about personal information can contact the person in charge of Personal Information Protection through the following contact information or email and can expect to receive a quick and sincere response.
▷ Personal Information Protection Representative
Name : Lee SangIn
Position : CPO
E-mail : cs@aprobit.co.kr
▷ Perfonal Information Protection Manager
Name : Im HyeJeong
Position : Manager
E-mail : cs@aprobit.co.kr
Users can contact the personal information protection officer and the department in charge regarding any personal information protection issues, including resolving complaints and seek relief for damages, that occurred during the use of the company's service (or business). The company will promptly respond to user inquiries.
If users need counseling to obtain remedies against other infringements of personal information, they can contact the Personal Information Dispute Mediation Committee, the Supreme Prosecutors' Office, the National Police Agency, and the Korea Internet & Security Agency.
① Personal Information Dispute Mediation Committee (http://www.kopico.go.kr): (without national code) 1833-6972
② Supreme Prosecutors' Office Cybercrime Division (http://www.spo.go.kr): (without national code) 1301
③ National Police Agency Cyber Bureau (https://cyberbureau.police.go.kr/crime/sub1.jsp): (without national code) 182
④ Personal Information Infringement Report Center (http://privacy.kisa.or.kr): (without national code) 118
Article 12 Obligation of Notice
This personal information policy was applied starting from the effective date and if a provision of this policy is added, deleted, or amended due to changes in government policies or security technology, it will be announced as a 'Notice' on the Company's website at least 7 days before the change takes effect.
▷ Implementation date: 2020-09-04
This Privacy Policy will be applied from September 9, 2020.
Please check the previous Privacy Policy through the below link.