1. What is the Privacy Policy?
TainAI (hereinafter referred to as "the Company") collects, uses, and provides personal information based on the user's consent and actively guarantees the user's rights (the right to self-determination regarding personal information).
The Company complies with relevant laws, regulations, and guidelines regarding personal information protection that must be observed by personal information handlers in South Korea.
This Privacy Policy applies to the TainAI services (hereinafter referred to as 'the Service') and users utilizing the services. It contains information about how personal information provided by users or collected by the Company is used and what measures are taken for personal information protection.
2. Purpose of Personal Information Processing
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent from the user in advance.
•
Member identification / Confirmation of intent to join, identity/age verification
•
Handling inquiries and complaints, delivering notices
•
Providing personalized services and various services
•
Prevention and sanction of acts that disrupt the smooth operation of the service (including account theft and fraudulent use)
•
Statistics on service usage records, access frequency, and service usage
•
Establishing a service environment for personal information protection, improving services, and developing new services
•
Confirming participation in events and activities, delivering prizes
•
Transmitting content and settling fees during the use of paid services, invoicing for payment history
•
Customized content recommendations based on demographic characteristics, user interests, preferences, and tendencies
•
Utilization for marketing and advertising purposes
•
Providing functions for gift giving and activity notification
The Company may use personal information or provide it to third parties without the user's consent within a scope reasonably related to the original collection purpose according to the law, considering whether it unfairly infringes upon the user's interests, the predictability of additional use or provision of personal information, and whether necessary measures such as encryption for ensuring safety have been taken.
3. Processing and Retention Period of Personal Information
In principle, TainAI retains and uses personal information for the period for which separate consent has been obtained from the user. In cases of membership withdrawal or when the purpose of collecting and using personal information has been achieved, personal information will be promptly destroyed. However, even if the user withdraws from membership or the purpose of collecting and using personal information has been fulfilled, certain information may be retained for a specified period in accordance with laws and service policies.
[Processing and Retention Period According to Service Policy]
•
Upon membership withdrawal, internal identification information will be retained for 7 days to prevent re-registration of bad users and fraudulent use. Records of cash recharge and ticket purchases for billing purposes will be retained for 35 days.
•
Content Management: Upon membership withdrawal, member information will be retained for 30 days for the purpose of handling complaints.
4. Items of Personal Information Processed
TainAI collects only the minimum necessary personal information required for providing services.
All users can utilize the services provided by the Company, and by signing up for membership, they can receive more diverse services.
[Types and Items of Personal Information Collected]
The types of personal information collected are as follows:
During the process of membership registration and service use, the following minimum personal information is collected, and “sensitive information” is not collected without the user's consent.
•
Mandatory Information: Information necessary to perform the essential functions of the service
•
Optional Information: Additional information collected to provide users with more specialized services (Not providing optional information does not restrict the use of services.)
•
Sensitive Information: Information that may infringe upon the user's privacy (e.g., race, beliefs, political orientation, criminal records, medical information)
Additionally, information that is automatically generated or collected during the use of the service includes the following:
•
Device information (model name, device ID, MAC address, OS), IP address, cookies, advertising identifiers, visit date and time, access time, records of fraudulent use, service usage records, etc.
TainAI receives personal information from third parties through partnerships and integrations between services.
Name of the Providing Company. | Purpose of Receiving. | Items Received | Retention and Use Period |
Kakao
| User identification within the service, membership management, and service provision | (Required) Profile information (nickname/profile picture), Kakao account (email address or phone number) | Until service withdrawal
|
구글 | User identification within the service, membership management, and service provision | Email address | Until service withdrawal
|
애플 | User identification within the service, membership management, and service provision | Email address | Until service withdrawal
|
We collect the minimum necessary personal information required for service provision, and the items of personal information collected are as follows.
Service Name | Category | Type | Personal Information Collected |
LoveyDovey | Membership Sign-up | Required | Kakao account (email address or phone number), nickname, profile picture, service usage history, purchase and payment history within the service, cookies or ad identifiers. For children under 14: Child and legal guardian verification information (name, gender, date of birth, phone number, mobile carrier information, nationality information, encrypted unique identification information (CI), duplicate membership confirmation information (DI). |
Cash Recharge | Required | Required | (For mobile phone payment): Phone number |
Cash Refund Application | Required | Required | Email address, account number, bank name, account holder name |
Identity Verification | Required | Required | Phone verification: name, date of birth, gender, nationality information, phone number, mobile carrier information, encrypted unique identification information (CI), duplicate membership confirmation information (DI) |
Event Winner Notification | Required | Required | For delivered goods: name, address, phone number; for mobile products: phone number; for winnings over 50,000 KRW: name, phone number, email address, address, resident registration number |
Customer Service | Required | Common | Email address, phone number |
Required | General Inquiry | Membership number | |
Required | Cash Refund Inquiry | Account number, bank name, account holder name, payment method | |
Optional | Information included in [carrier verification documents] | ||
Required | Cash Recharge Error | KakaoPage membership number, payment method | |
Optional | Google transaction order number | ||
Required | Content-related Inquiry | KakaoPage membership number | |
Required | Rights Violation Report | [Defamation / Personal Information Violation Report] Post Blocking Request: name, date of birth, email address, phone number (or fax number), masked copy of ID (if reported by a proxy). Power of Attorney: (grantor/agent) name, date of birth, phone number, masked copy of ID (if minor): personal information, legal guardian information (name, date of birth, phone number, relationship to applicant) | |
Required | [Copyright Infringement Report] | Replication and Transmission Interruption Request: (requestor/agent) name, date of birth, email address, phone number, address, masked copy of ID (if reported by a proxy). Power of Attorney: (grantor/agent) name, date of birth, phone number, masked copy of ID (if minor): personal information, legal guardian information (name, date of birth, phone number, relationship to applicant) | |
Required | [Self-Post Access Exclusion Request] | Self-Post Access Exclusion Request: name, date of birth, email address (or fax number), phone number, masked copy of ID (if reported by a proxy). Power of Attorney: (grantor/agent) name, date of birth, phone number, masked copy of ID; Access Exclusion Request Designation: requester (name, date of birth, email address, phone number), designated person (name, email address (or fax number), phone number, relationship to applicant), masked copy of ID (if minor): personal information, legal guardian information (name, date of birth, phone number, relationship to applicant) | |
Required | [Post Resumption Request] | Post Resumption Request: name, date of birth, author nickname, phone number (or fax number), email address, masked copy of ID (if reported by a proxy). Power of Attorney: (grantor/agent) name, date of birth, phone number, masked copy of ID (if minor): personal information, legal guardian information (name, date of birth, phone number, relationship to applicant) | |
Required | Information included in [proof documents] | ||
Required | Report of Illegal Distribution | (Reporter/Deletion Requestor) name, date of birth, phone number, email address |
Methods of Collecting Personal Data
The company informs users in advance when collecting personal data and obtains their consent. Personal data is collected through the following methods:
•
Membership Registration and Service Use: When users agree to the collection of personal data and enter their information directly.
•
Affiliate Services and Organizations: When receiving personal data from affiliate services or organizations.
•
Customer Center and 1:1 Inquiries: When personal data is provided through web pages, emails, or phone calls during consultation processes.
•
Participation in Events and Activities: When providing data through participation in events or activities conducted both online and offline.
Processing Personal Data of Children Under 14
When collecting personal data from children under the age of 14, the company obtains the consent of the legal representative and collects only the minimum necessary personal data required for service provision. In this process, the company may request minimal information such as the name and contact details of the legal representative and verifies their consent through the following methods:
•
Mobile Phone Authentication: Confirming the identity of the legal representative through mobile phone verification.
•
Written Consent: Providing a document detailing the consent for the legal representative to sign and submit.
•
Other Methods: Informing the legal representative of the consent details and confirming their intent to agree using similar methods.
Provision of Personal Data to Third Parties
The company does not provide users' personal data to third parties except with the user's separate consent or as required by law. When necessary for service connections with third parties, personal data is provided only to the extent required for service use.
Personal Data Processing Entrustees and Work Details
Category | Type | Provided Information |
Payple | Payment | Essential information related to payment |
Nice Information Communication | Authentication | Essential information for identity verification |
Neptune | Payment | Information for advertising point distribution |
Buzzvil | Payment | Information for advertising point distribution |
The table summarizes the personal data processing entrustees and the work they perform. Each entrustee receives the necessary information to carry out specific tasks.
7. Matters Concerning the Entrustment of Personal Data Processing
The company entrusts external vendors with necessary tasks for service provision, as outlined below, and manages and supervises these vendors to ensure compliance with relevant laws and regulations.
8. Procedures and Methods for Destroying Personal Data
The company will promptly destroy personal data when it is no longer necessary, such as upon membership withdrawal, expiration of the retention period, or achievement of the purpose of processing.
However, if retention is required by law or service policy, the data will be retained in accordance with “3. Personal Data Processing and Retention Period” before destruction.
The procedures and methods for destroying personal data are as follows:
[Destruction Procedure]
•
The company will promptly destroy personal data for which the reason for destruction has occurred.
[Destruction Method]
•
Personal data recorded and stored in electronic file formats will be destroyed in such a way that the records cannot be reconstructed. Personal data recorded and stored in paper documents will be shredded or incinerated.
9. Rights, Duties, and Exercise Methods of Users and Legal Representatives
Users and legal representatives can request to view and modify personal data related to themselves or children under 14 years of age at any time, and they can withdraw consent for collection, use, or provision, or request cancellation of their membership.
•
Users can exercise their rights to view, correct, delete, or suspend the processing of personal data at any time.
•
In the case of children under 14 years of age, the legal representative can exercise the rights to view, correct, delete, or suspend the processing of the child's personal data.
•
Any consent given for the collection/use/provision of personal data during membership registration can be revoked at any time. Withdrawal of consent for personal data processing (membership cancellation) can be requested directly through the “Withdrawal” feature within the service.
•
If it is difficult to correct or delete personal data directly for unavoidable reasons, users can contact the customer service center using the provided written, phone, or email contacts, and the company will promptly address the request.
•
When requesting correction of inaccuracies in personal data, the company will not use or provide that data until the correction is completed.
•
Rights can be exercised through the user’s legal representative or an authorized agent. In this case, a power of attorney must be submitted in accordance with the format specified in the "Notification on Personal Data Processing Methods (No. 2020-7)" Appendix 11.
•
When requesting access to and suspension of the processing of personal data, the company may inform the requester of the reasons for any limitations or refusals if required by law or for the protection of others' life, body, property, or other interests.
•
Requests for correction or deletion of personal data cannot be made if the data is explicitly required by other laws as a target for collection.
•
The company verifies whether the requester is the individual or a legitimate representative when responding to requests for viewing, correction, deletion, or suspension of personal data processing.
10. Measures to Ensure the Security of Personal Data
The company makes the following efforts to protect users' valuable personal data:
[Administrative Measures]
•
Responding swiftly to changes in relevant laws and regulations and enhancing management levels to ensure the safe protection of personal data.
•
Establishing policies and guidelines for personal data and conducting regular training for company employees on information security and personal data protection.
•
Limiting the number of personnel involved in personal data processing to a minimum.
•
Undergoing independent audits annually to verify compliance with domestic and international certification standards for information security and personal data protection management systems, while providing opportunities for improvement.
11. Installation and Operation of Automatic Personal Data Collection Devices and Refusal
The company uses cookies to store and retrieve user information for providing tailored services.
[What is a Cookie?]
•
A cookie is a small text file sent from the server running a website to the user’s browser, which is stored on the user's computer.
[Purpose of Use]
•
To maintain the user’s usage environment, enabling easy and convenient use of the website.
•
To provide differentiated information based on individual interests (targeted marketing, exposure to related services based on interests).
•
To analyze visit records and usage patterns for personalized service provision and information delivery, as well as service improvement.
[How to Refuse Cookie Collection]
•
Cookies do not store personal information such as names or phone numbers, and users have the option to refuse cookie installation. Users can set their web browser options to allow all cookies, to be prompted each time a cookie is saved, or to refuse all cookie storage. However, refusing cookie installation may hinder web usage and cause difficulties in using certain services that require login.
[Examples of Cookie Collection Option Settings]
•
For Internet Explorer: Top right corner of the web browser [Settings] menu > [Internet Options] > [Privacy] > [Advanced]
•
For Chrome: Top right corner of the web browser [...] menu > [Settings] > [Privacy and Security] > [Site Settings] > [Cookies and Site Data]
•
For MS Edge: Top right corner of the web browser [...] menu > [Settings] > [Privacy, Search, and Services] > [Tracking Prevention]
12. Collection, Use, Provision, and Refusal of Behavioral Information
The company collects and uses minimal behavioral information to provide optimized personalized services and benefits, as well as online targeted advertising to users of KakaoPage, KakaoWebtoon, and Melon services.
13. Contact Information for Personal Data Protection Officer
The company has appointed a Personal Data Protection Officer to handle all inquiries, complaints, and redress related to personal data protection arising from the use of the service. The company will strive to listen to your voice and provide prompt and sufficient responses.
[Personal Data Protection Officer and Department]
•
Name: Lee Jong-seok
•
Department: Product Team
•
Position: COO
•
Phone Number: 02-6242-1728
•
Email: support@tain.ai
14. Remedies for Users' Rights Infringement
Users and legal representatives of children under the age of 14 can apply for dispute resolution or consultation regarding personal data infringement to the Personal Data Dispute Mediation Committee or the Korea Internet & Security Agency's Personal Data Infringement Reporting Center. For other reports or inquiries related to personal data infringement, please contact the following organizations:
•
•
•
•
15. Other Provisions
•
The website may provide links to other companies' websites or materials. In such cases, the company does not bear responsibility for the usefulness of the services or materials provided by external sites, nor does it guarantee them.
•
Once you move to another site through links included on this website, the company’s ‘Personal Data Processing Policy’ no longer applies.
16. Changes to the Personal Data Processing Policy
The company may modify the Personal Data Processing Policy to reflect changes in laws or services. When changes are made to the policy, the company will notify users of the changes, and the revised Personal Data Processing Policy will take effect seven days after being posted.
However, in cases of significant changes affecting users' rights, such as changes in the items of personal data collected or the purpose of use, the company will provide notice at least 30 days in advance.
•
Date of announcement of changes to the Personal Data Processing Policy: March 20, 2024
•
Effective date of the Personal Data Processing Policy: March 20, 2024