Privacy Protection Policy
NationA Co., Ltd. (hereinafter the "Company") complies with the Personal Information Protection Act and applicable laws and regulations to protect the freedoms and rights of data subjects, lawfully processes personal information, and safely manages such information. Pursuant to Article 30 of the Personal Information Protection Act, the Company hereby establishes and operates this Privacy Policy in order to inform data subjects of the procedures and standards regarding the processing of personal information, and to ensure the prompt and smooth handling of any related grievances.
The Company processes personal information for the following purposes. The personal information processed will not be used for any purpose other than the followings, and if the purpose of processing is modified or altered, the Company will take necessary measures such as obtaining the consent from data subjects.
| Purpose | Details |
|---|---|
| Signing up and member management Service delivery | Confirmation of intent to register for membership, identification and authentication for membership-based services, prevention of fraudulent use of services, verification of age for membership, maintenance or restriction of membership qualifications, and provision of various notices and announcements |
| Marketing campaigns and promotions | Provision of event and promotion information and participation opportunities, and provision of marketing information |
As a rule, the Company processes personal information based on the consent of the data subject. However, in the following cases, the Company may collect and use personal information without the data subject's consent, within the scope of the collection purpose:
In addition, the Company may process personal information for the following purposes:
The personal information processed by the Company are as follows. Company processes and retains personal information within the period of use and retention agreed upon when collecting personal information of the data subject or within the period set forth in the relevant laws and regulations.
| Intended Purpose | Information Processed | Retention and Usage Period |
|---|---|---|
| Signing up and member management Service delivery | Name, email account, password, phone number, occupation, gender, date of birth, and credentials for easy sign-in | Until the data subject discontinues use of the Service However, (1) in the event of an ongoing investigation in violation of relevant laws and regulations, the records shall be retained until the end of such proceedings; (2) in the event of a debt or liability due to the use of the Services, the records shall be retained until the settlement of such debt or liability, and (3) records of displayed advertisements shall be retained for at least six months in accordance with the Electronic Commerce Act. |
| Personalized advertising and marketing, service improvements, and new service development | Same as above | Until the data subject discontinues use of the Service However, (1) in the event of an ongoing investigation in violation of relevant laws and regulations, the records shall be retained until the end of such proceedings; (2) in the event of a debt or liability due to the use of the Services, the records shall be retained until the settlement of such debt or liability, and (3) records of displayed advertisements shall be retained for at least six months in accordance with the Electronic Commerce Act. |
During the provision of services, the following types of information may be automatically generated and collected:
As a general rule, the Company does not provide personal information of data subjects to third parties. However, when providing personal information to a third party, the Company shall inform the data subject of the recipient of the personal information, the purpose of the recipient's use, the items of personal information provided, the retention and use period, the right to refuse consent, and any disadvantages arising from refusal, and shall obtain the data subject's consent
In such cases as set forth in Paragraph 1, the Company shall not provide personal information to third parties beyond the scope of the purpose of collection. If personal information must be provided to a third party beyond the original collection purpose, the Company shall first notify the data subject of the recipient, the recipient's purpose of use, the items of personal information provided, the retention and use period, the right to refuse consent, and any disadvantages arising from refusal, and shall obtain the data subject's consent.
Notwithstanding Paragraph 1, the Company may provide personal information to third parties without the consent of the data subject in the following cases:
Data subjects may exercise the following rights regarding their personal information processed by the Company at any time:
The data subject may exercise the rights set forth in the preceding Paragraph 1 via the bulletin on the platform operated by the Company or via an email to the Company, and the Company will promptly address their request
If the data subject requests the correction of errors or removal of personal information, the Company will not use or provide the personal information until the correction or removal is completed. If incorrect personal information is provided to any third parties, the Company will immediately notify the third parties so that it can be corrected or removed.
The legal representative of the data subject or a person authorized by the data subject may exercise the rights set forth in the preceding Paragraph 1 on behalf of the data subject if they submit a written evidence of their authority, such as a power of attorney, to the Company.
When personal information becomes unnecessary due to achievement of the processing purpose, expiration of the retention and use period, or termination of business, the Company shall promptly destroy the personal information.
Notwithstanding the preceding Paragraph 1, if the Company is required to preserve such personal information as required by the relevant laws and regulations, the relevant personal information shall be stored and managed separately from other personal information.
The procedures and method for destroying personal information are as follows.
The Company takes the following measures to prevent the loss, theft, leakage, tampering, falsification or damage of personal information of data subjects.
We have designated the department in charge and a person who acts as a Chief Privacy Officer to take responsibility of protecting personal information, resolving any related complaints, providing damage relief, and accepting a request to access.
Data subjects may contact the institutions listed below for remedies, consultation, or assistance regarding personal information infringement. These institutions are separate from the Company, and may be contacted if the data subject is not satisfied with the Company's internal handling of complaints or remedies, or if further detailed assistance is required.
| Relevant Institution | Address | Contact Info | Website |
|---|---|---|---|
| Personal Information Infringement Report Center (under the Korea Internet & Security Agency) | 9 Jinheung-gil, Naju-si, Jeollanam-do (Bitgaram-dong) | Call at 118 | privacy.kisa.or.kr |
| Personal Information Protection Commission | 12 Floor 209 Sejong-daero, Jongno-gu, Seoul | Call at 1833-6972 | www.kopico.go.kr |
| Cyber Crime Investigation Unit, Supreme Prosecutor's Office | - | Call at 1301 | www.spo.go.kr |
| ECRM, National Police Agency | - | Call at 182 | ecrm.cyber.go.kr |
This Privacy Policy shall be effective as of 1st September., 2025.