Privacy Policy

Section 1: Purpose

DEVS Inc. (the "Company") establishes this Privacy Policy (this "Policy") to protect the personal information of individuals ("Users" or "Individuals") using the services provided by the Company ("Company Services"), comply with relevant laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection ("Information and Communications Network Act"), and handle complaints related to personal information protection swiftly and smoothly.

Section 2: Principles of Personal Information Processing

In accordance with relevant laws and this Policy, the Company may collect Users' personal information and may provide the collected personal information to third parties only with the individual's consent. However, in cases where the law requires it, the Company may provide the collected personal information of Users to third parties without prior consent.

Section 3: Disclosure of this Policy

  1. The Company discloses this Policy through the main page of the Company's website or a linked page from the main page, so that Users can easily check this Policy at any time.
  2. When disclosing this Policy, the Company ensures that the text size, color, etc., are easy for Users to read.

Section 4: Changes to this Policy

  1. This Policy may be revised according to changes in relevant laws, guidelines, notices, or changes in the Company's services' policies or content.
  2. If this Policy is revised, the Company will notify Users through one or more of the following methods:
    • Announcement on the main page of the Company's website or a separate pop-up window.
    • Notification via written mail, fax, email, or similar means.
  3. The Company will announce the revised Policy at least seven days before the effective date. However, for significant changes affecting Users' rights, the announcement will be made at least 30 days in advance.

Section 5: Information Required for Membership Registration

  1. Mandatory information: Email or ID token value, encrypted password
  2. Optional information: Profile image, nickname, etc.

Section 6: Information for Providing Company Services

The Company collects the following information to provide its services to Users:

  1. Mandatory information: ID and email address
  2. Optional information:
    (For physical product delivery) Name, phone number, address,
    (For mobile product delivery) Phone number, and
    (For tax processing) Name, social security number, phone number, address, email address

Section 7: Information for Service Use and Fraud Detection

The Company collects the following information for statistical analysis of service use and detection and analysis of fraudulent use. (Fraudulent use refers to activities such as repeated membership withdrawal and re-registration, purchase and cancellation of items, etc., to unlawfully obtain economic benefits such as events and member benefits provided by the Company, activities prohibited by the terms of service, identity theft, etc.)

  1. Mandatory information: Service usage records, cookies, access information, and device information
  2. Optional information: Additional devices, Push Token, other log records, etc.

Section 8: Methods of Collecting Personal Information

The Company collects personal information through the following methods:

  1. When Users enter their personal information on the Company's website
  2. When Users enter their personal information through services other than the Company's website, such as applications
  3. When Users enter their personal information during the process of using the Company's services, such as customer center inquiries and bulletin board activities

Section 9: Use of Personal Information

The Company uses personal information in the following cases:

  1. For notifications related to Company operations
  2. To respond to inquiries, handle complaints, and improve services for Users
  3. To provide the Company's services
  4. To take measures against and sanction members who violate laws and the Company's terms, including preventing and responding to activities that hinder the smooth operation of services, such as fraudulent use

Section 10: Provision of Personal Information with Prior Consent

  1. The Company may provide personal information to third parties in the following cases with prior consent from Users:
    • Subsidiaries or affiliates of the Company
    • Third-party service providers (Google, Apple, etc.) to facilitate the provision of services
    • Third parties for data collection and processing (Google Analytics)
    • IT service providers, including data storage, hosting, and servers (no restrictions)
    • Suppliers, analysis, error loggers, debt collectors, and data collection for maintenance or troubleshooting purposes
    • Existing or potential agents or business partners
    • Sponsors or partners of the Company's events, promotions, and marketing activities
  2. The Company will notify Users of any changes in third-party relationships or termination of such relationships and seek consent using the same procedures.

Section 11: Retention and Use Period of Personal Information

  1. The Company retains and uses personal information for the period necessary to achieve the purpose of collection and use of personal information.
  2. Notwithstanding the preceding paragraph, the Company retains records of fraudulent use for up to one year from the time of member withdrawal to prevent re-registration and fraudulent use.

Section 12: Retention and Use Period of Personal Information According to Laws

The Company retains and uses personal information according to relevant laws:

  1. Retention and use period under the Act on Consumer Protection in Electronic Commerce, etc.:
    • Records of contracts or withdrawals of offers: 5 years
    • Records of payment and supply of goods: 5 years
    • Records of consumer complaints or dispute resolution: 3 years
    • Records of display and advertisement: 6 months
  2. Retention and use period under the Protection of Communications Secrets Act:
    • Website log records: 3 months
  3. Retention and use period under the Electronic Financial Transactions Act:
    • Records of electronic financial transactions: 5 years
  4. Retention and use period under the Act on the Protection and Use of Location Information:
    • Records of personal location information: 6 months

Section 13: Principles of Destroying Personal Information

The Company, in principle, destroys personal information without delay when the purpose of processing personal information is achieved, the retention and use period has elapsed, or the personal information is no longer needed.

Section 14: Procedures for Destroying Personal Information

The Company collects information for statistical analysis of service use and detection and analysis of fraudulent use. (Fraudulent use refers to activities such as repeated membership withdrawal and re-registration, purchase and cancellation of items, etc., to unlawfully obtain economic benefits such as events and member benefits provided by the Company, activities prohibited by the terms of service, identity theft, etc.)

  1. Information entered by Users for membership registration, etc., is transferred to a separate database (in the case of paper, a separate filing cabinet) after the purpose of processing personal information is achieved and is stored for a certain period according to internal policies and relevant laws before being destroyed.
  2. The Company destroys personal information with the approval of the personal information protection officer when the reason for destruction occurs.

Section 15: Methods of Destroying Personal Information

The Company deletes personal information stored in electronic file format using technical methods that prevent the records from being reproduced, and destroys printed personal information by shredding or incinerating it.

Section 16: Measures for Sending Advertising Information

  1. The Company obtains Users' explicit prior consent when sending commercial information for profit using electronic transmission media. However, prior consent is not required in the following cases:
    • When the Company collects the contact information directly from the recipient through a transaction relationship, and the Company sends commercial information for profit about goods or services similar to those traded within six months from the end of the transaction
    • When a telephone solicitation seller under the Act on Door-to-Door Sales, etc., informs the recipient of the source of personal information and makes a telephone solicitation
  2. Notwithstanding the preceding paragraph, the Company does not send commercial information for profit if the recipient expresses their refusal or withdraws their prior consent and notifies the result of processing the refusal or withdrawal.
  3. When sending commercial information for profit using electronic transmission media from 9 PM to 8 AM the next day, the Company obtains separate prior consent from the recipient, notwithstanding the first paragraph.
  4. When sending commercial information for profit using electronic transmission media, the Company clearly discloses the following information in the commercial information:
    • Company name and contact information
    • Information on how to express refusal or withdraw prior consent for receiving commercial information
  5. When sending commercial information for profit using electronic transmission media, the Company does not take the following actions:
    • Avoiding or interfering with the recipient's refusal or withdrawal of prior consent for receiving commercial information
    • Creating the recipient's contact information (telephone number, email address, etc.) automatically by combining numbers, symbols, or letters
    • Automatically registering the recipient's contact information for the purpose of sending commercial information
    • Hiding the sender's identity or the source of the advertisement to send commercial information
    • Deceiving the recipient to induce a reply for the purpose of sending commercial information for profit

Section 17: Withdrawal of Consent for Personal Information Collection and Viewing

  1. Users and legal representatives can view or modify their registered personal information at any time and request withdrawal of consent for personal information collection.
  2. To withdraw consent for the collection of their personal information, Users and legal representatives can contact the personal information protection officer or the responsible person in writing, by phone, or via email, and the Company will take action without delay.

Section 18: Correction of Personal Information

  1. Users can request correction of errors in their personal information by the methods described in the preceding article.
  2. The Company will not use or provide personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction result without delay to ensure the correction is made.

Section 19: Measures for Protecting Personal Information

The Company takes necessary technical and managerial measures to secure the safety of personal information and prevent loss, theft, leakage, alteration, or damage of personal information during processing.

Section 20: Handling of Deleted Information

Personal information deleted at the request of Users or legal representatives is processed according to the retention and use period described in this Policy and cannot be viewed or used for any other purposes.

Section 21: Measures against Hacking

  1. The Company makes every effort to prevent personal information from being leaked or damaged due to hacking or computer viruses.
  2. The Company uses the latest antivirus programs to prevent the leakage or damage of personal information and data.
  3. The Company employs intrusion prevention systems and makes every effort to ensure security.
  4. The Company uses encrypted communication to safely transmit sensitive personal information (if collected and retained) over the network.

Section 22: Minimization and Education of Personal Information Handlers

The Company minimizes the number of personal information handlers and emphasizes compliance with relevant laws and internal policies through training and management measures.

Section 23: Measures against Personal Information Leaks

If the Company becomes aware of the loss, theft, leakage, alteration, or damage of personal information, the Company will notify the affected Users without delay and report it to the Korea Communications Commission or the Korea Internet & Security Agency.

  1. Personal information items that have been leaked
  2. Time of the leakage
  3. Measures that Users can take
  4. Actions taken by the Company to respond
  5. Department and contact information for User inquiries

Section 24: Exceptions to Measures against Personal Information Leaks

If the Company cannot contact Users for a legitimate reason, the Company may replace the notification by posting it on the Company's website for at least 30 days.

Section 25: Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

  1. The Company uses cookies, which store and retrieve usage information to provide personalized services to Users. Cookies are small amounts of information sent by the server operating the website (http) to the User's web browser (including PCs and mobiles) and stored in the User's storage space.
  2. Users have the option to allow the installation of cookies. Therefore, Users can choose to allow all cookies, confirm each time a cookie is saved, or refuse all cookies by adjusting the settings in their web browser.
  3. However, refusing to save cookies may make it difficult to use some of the Company's services that require login.

Section 26: How to Specify Cookie Installation Permissions

Users can configure options in their web browser to allow cookies, block cookies, or specify settings.

  1. Edge: Settings menu at the top right of the web browser → Cookies and site permissions → Manage and delete cookies and site data
  2. Chrome: Settings menu at the top right of the web browser → Privacy and security → Cookies and other site data
  3. Whale: Settings menu at the top right of the web browser → Privacy protection → Cookies and other site data
    • The Company operates a dedicated department for the protection of personal information and strives to immediately resolve any issues that arise and ensure compliance with this Privacy Policy.
    • Information subjects can request access to their personal information in accordance with Article 35 of the Personal Information Protection Act through the following department, and the Company will strive to process such requests promptly.
  4. Personal Information Protection Officer
    • Department: Tech Team
    • Officer: Choi Yoo Jin
    • Email: hello@wellxy.io

Section 27: Remedies for Rights Infringement

  1. Information subjects can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, etc., for relief from personal information infringement. For further information on personal information infringement reports and consultations, please contact the following organizations.
    • Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
    • Korea Internet & Security Agency's Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
  2. The Company strives to guarantee the right of information subjects to self-determination regarding personal information, and to resolve any issues related to personal information infringement through the responsible department specified in paragraph 1.
  3. If an information subject's rights or interests are infringed upon due to the disposition or omission of public institution heads according to Articles 35 (access to personal information), 36 (correction and deletion of personal information), or 37 (suspension of personal information processing) of the Personal Information Protection Act, they may file an administrative appeal in accordance with the Administrative Appeals Act.
    • Central Administrative Appeals Commission: (without area code) 110 (www.simpan.go.kr)

Addendum

Article 1 This Policy will be effective from July 1, 2024.