RVDO Privacy Policy
PAULUS Co.,Ltd.(hereinafter "Company") considers the privacy of our customers who use our services to be of utmost importance and strives to comply with relevant laws and regulations, including the "Act on Promotion of Information and Communications Network Utilization and Information Protection" and the "Personal Information Protection Act."
This Privacy Policy (hereinafter "Policy") will be effective from January 1, 2025. Any amendments to this Policy will be announced through notices on our application and website, or through individual notifications via email or other means.
The Company makes this Privacy Policy readily available on the first page of our website for users to access at any time. This Privacy Policy may be modified in accordance with relevant laws and the Company's internal policies, and we maintain version control to make it easy to identify any changes.
1.Purpose of Collection, Types of Personal Information Processed, and Collection Methods
1. Purpose of Collection
The Company collects customers' personal information through various methods, including websites and applications, for the following purposes. The collected personal information will not be used for purposes other than those listed below. If there are any changes to the purpose of use, we will obtain separate consent as required by Article 18 of the Personal Information Protection Act.
A. Membership Registration and Management
- User identification and customer verification
- User information management and delivery of various notices
- Non-face-to-face identity verification for account deletion and mobile phone number/withdrawal account reset
B. Provision of Goods or Services
- Verification of digital asset transaction relationships
- Inheritance and transfer processes
- Establishment, maintenance, and termination of digital asset transaction relationships
- Prevention of fraudulent use and account protection
- Restriction of actions violating laws and service terms
- Improvement of existing services and development of new services
- Ensuring service stability
- Provision of new and customized services through service usage statistics and analysis
- Prevention of service abuse and protection against illegal activities
C. Event Information
- Provision of various events and promotional information
D. Grievance Handling
- Verification of complainant identity and grievance details
- Contact and notification for fact-finding, notification of processing results
- Remedial measures and handling of erroneous transfers
- Handling requests for personal information access, correction, or processing suspension
2. Types of Personal Information Collected
A. Membership Registration and Management Information
- Email address
- Name
- Mobile phone number
- Telecommunications carrier
- Identity verification information (CI, DI)
- Date of birth
- Password
- Gender
- Nationality/Residency information
- Bank name and account number
- PIN
- Documentation proving name change or naturalization[Section continues with detailed information about other categories...]
2.Processing and Retention Period of Personal Information
(1) The Company processes and retains personal information within the processing/retention period stipulated by law or within the processing/retention period agreed upon when collecting personal information from users. The processing and retention periods for each type of personal information are as follows:
1. Membership registration and management: Until membership withdrawal
2. Provision of goods or services: Until the completion of goods/services supply and related payment/settlement
3. Event information notification: Until the end of the relevant event
4. Grievance handling: Until the end of the longer period between 5 years after membership withdrawal or the retention period specified by relevant laws
(2) In the following cases, personal information may be processed and retained until the end of the relevant cause. However, when different processing and retention periods apply, the longest period shall be followed:
1. When preservation is necessary according to relevant laws and regulations, the Company shall retain customer information for certain periods as specified by relevant laws as follows. In such cases, the Company shall move the personal information to a separate database (DB) or store it in a different location.
3.Personal Information Destruction Procedures and Methods
1. General Principles
The Company shall destroy personal information without delay when the retention period specified in Article 2 and related laws has expired, or when the personal information becomes unnecessary due to the fulfillment of its processing purpose, unless there are justifiable reasons for retention.
However, if personal information must be preserved in accordance with laws despite the expiration of the retention period or the achievement of processing purposes, such information will be transferred to a separate database (DB) or stored in a different location.
2. Special Provisions for Dormant Accounts
Notwithstanding the preceding paragraph, when processing dormant accounts for users without mobile phone verification information under the 'Personal Information Validity Period System,' the separated personal information will be destroyed after 6 months from the dormancy conversion date. However, for users without mobile phone verification information who were already processed as dormant and separately stored before the revision date of this Privacy Policy (January 1, 2023), their personal information will be destroyed 6 months from the said revision date.
3. Destruction Procedures
The personal information destruction procedure involves selecting personal information for which destruction causes have occurred, such as the expiration of the retention period or achievement of processing purposes, and destroying it through automatic system deletion or with the approval of the personal information protection officer.
4. Destruction Methods
Personal information is destroyed in the following ways:Electronic files: Permanent deletion using methods that prevent reproductionPaper documents: Shredding or incineration
4. Installation and Operation of Automatic Personal Information Collection Devices and Their Rejection
1. Cookie Usage
The Company may operate "cookies" that frequently store and retrieve customer information. Cookies are small text files sent from customers' web browsers to servers operating the Company's website and are stored on customers' computer hard drives and mobile devices.
2. Purpose of Cookie Usage
The Company uses cookies to remember language and environment settings, implement automatic login functions, and provide personalized services.
3. Cookie Control Options
Customers have control over cookie installation. Through web browser settings, customers can choose to allow all cookies, verify each cookie storage, or reject all cookie storage. However, service provision may be limited if customers reject cookie installation.
Cookie Settings Methods:
- Microsoft Edge: Settings > Site Permissions > Cookies and Site Data > Set Cookie Level
- Chrome: Settings > Advanced Settings > Privacy and Security > Cookies and Other Site Data > Set Cookie Level
- Safari: Preferences > Privacy > Set Cookies and Website Data Level
5.Provision of Personal Information to Third Parties
1. Basic Principles
The Company processes personal information only within the purposes specified in Article 1 (Purpose of Personal Information Processing) and provides it to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, with the customer's prior consent. However, personal information may be used for purposes beyond the original scope or provided to third parties in the following cases:
- With the data subject's consent
- When required by special provisions of law or to comply with legal obligations
- When necessary to protect the vital interests of the customer or third party
- When requested by investigative agencies in accordance with legal procedures
- When provided in de-identified form for statistical compilation, academic research, or market research
- When prior consent has been obtained from the customer
2. Consent Requirements
When obtaining consent under paragraph 1, the Company shall inform customers of:
- The recipient of personal information
- The purpose of use
- The items of personal information to be used or provided
- The period of retention and use
- The right to refuse consent and any disadvantages of such refusal
6.Outsourcing of Personal Information Processing
1. Basic Principles
The Company does not outsource personal information processing to others without customer consent. However, the Company outsources personal information processing as follows for service provision, improvement, and new service development:
Contractor / Privacy Policy / Outsourced Tasks
[Details of contractors and their tasks related to analyzing customer service usage patterns, access records, etc., to provide personalized services]
2. Outsourcing Agreements
When outsourcing personal information processing, the Company clearly stipulates through outsourcing contracts the compliance with personal information protection instructions, confidentiality of personal information, prohibition of third-party provision, and liability for incidents. These contract contents are stored in written or electronic form. Any changes to contractors or outsourced tasks will be notified through one or more methods such as written notice, email, website announcement, or similar methods.
7.Customer Rights, Obligations, and Exercise Methods
(1) Customers can exercise their rights to access, correct, delete, and suspend the processing of their personal information at any time. The company verifies whether the person requesting access, correction, deletion, or processing suspension is the individual themselves or their legitimate representative.
However, the exercise of these rights regarding personal information access, correction, deletion, and processing suspension may be restricted according to relevant laws such as Article 35(4), Article 36(1), and Article 37(2) of the Personal Information Protection Act. When requesting correction or deletion of personal information, if other laws specify that personal information as subject to collection, deletion cannot be requested.
Customers can exercise their rights through written documents, email, or FAX according to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
These rights can be exercised through a legal representative or authorized agent. In this case, a power of attorney must be submitted according to Form No. 11 of the "Notice on Personal Information Processing Methods." Customers and legal representatives of customers under 14 years of age (hereinafter collectively referred to as "customers" in this article) can submit a personal information access request form to the company to request access to their personal information and that of children under 14 (applicable only to legal representatives)
.In this case, unless there are special circumstances, the company will respond regarding access possibility within 10 days of receiving the request form. If the company refuses or delays access, it will notify the reasons for refusal or delay. The company may restrict or refuse access by notifying customers of the reason in the following cases:
- When access is prohibited or restricted by law
- When there is risk of harm to another person's life or body, or unfair infringement of another person's property and other interests
(2) Customers who have accessed their personal information can request correction or deletion of information that is incorrect or unverifiable. However, if other laws specify that personal information as subject to collection, deletion cannot be requested.
(3) The company will notify the customer of the measures taken within 10 days of receiving a correction/deletion request under paragraph 2. If the deletion request is not followed, the company will notify the fact, reason, and appeal method through a personal information correction/deletion result notification.
(4) Customers can request the suspension of processing of their personal information. However, in the following cases or if there are other legitimate reasons, the company may refuse the suspension request after notifying the customer of the reason:
- When there are special legal provisions or it is unavoidable to comply with legal obligations
- When there is risk of harm to another person's life or body, or unfair infringement of another person's property and other interests
- When service provision under contract becomes difficult without processing personal information, and the customer has not clearly expressed intention to terminate the contract
(5) The company will notify the measures taken within 10 days of receiving a suspension request under paragraph 4. If the processing suspension request is not followed, the company will notify the fact, reason, and appeal method through a personal information processing suspension result notification.
(6) The company does not sell customers' personal information. If the company intends to sell customers' personal information to third parties, it will explicitly notify and obtain consent from customers, and customers can refuse the sale of their personal information.
(7) Customers can request the company to transfer their collected personal information to other institutions or customers.
(8) Customers can withdraw their consent to personal information collection and use. However, in this case, they can no longer use the service as members and must withdraw their membership. Customers can request membership withdrawal through email within the company's service.
(9) Customers can request the company through the personal information protection officer mentioned in Article 13 or email within the company's service to exercise their rights under this article or seek remedies for infringement of personal information-related rights.
8.International Transfer of Personal Information
(1) If a customer's residence is not in the Republic of Korea, personal information collected by the company may be stored and processed on servers located in regions other than the customer's country of residence as follows:
Jurisdictions processing personal information: Republic of Korea where the company headquarters is located, and countries where Amazon Web Services regions are located, including the United States, Africa, Hong Kong, India, Singapore, Australia, Japan, Canada, Germany, Ireland, United Kingdom, Italy, France, Sweden, Bahrain, Brazil, etc.
Purpose of information transfer: Storage and processing of company servers, handling of requested services and related inquiries
(2) When transferring personal information, the company applies protection measures in accordance with the Personal Information Protection Act to protect personal information and ensure appropriate protection levels.
9.Security Measures for Personal Information
The company implements the following administrative, technical, and physical measures necessary for security in accordance with Article 29 of the Personal Information Protection Act:
(1) Passwords are encrypted for storage and management, known only to customers themselves, and personal information verification and modification are only possible by the individual who knows the password.
(2) The company installs systems in areas with controlled external access to prevent customer personal information from being leaked or damaged by hacking or computer viruses. The company regularly backs up data to prepare for damage to personal information, uses the latest anti-virus programs to prevent leakage or damage of customers' personal information or data, and enables secure transmission of personal information over networks through encrypted communication.
(3) The company limits personal information processing staff to designated personnel, assigns separate passwords that are regularly updated, and constantly emphasizes compliance with personal information processing policies through regular training of personnel.
10.Behavioral Information Management
(1) Behavioral information refers to online customer activity information that can identify and analyze customers' interests, preferences, and tendencies, such as website visit history, purchase and search history.
(2) The company processes behavioral information for product and service development, customer analysis, and service provision based on usage patterns.
1. Collected Behavioral Information
Items: Web/app service visit records, usage records such as search/click, device information, IP address, ADID, IDFA, IDFV, and other user activity information.
2. Collection Method
Automatically generated and stored through log information analysis tools (Amplitude, Appsflyer, Google Analytics) when users use the service.
3. Collection Purpose
Processed for product and service development, statistics and customer analysis, service speed and status improvement, and other services based on user behavioral information.
4. Retention and Usage Period
Retained for 5 years after membership withdrawal, deleted without delay after retention period.
5. User Control Rights Exercise Method
Customers can refuse usage by adjusting browser settings to refuse cookie storage, etc.
- Web browser (example): Settings > Site Permissions > Cookies and Site Data > Set Cookie Level
- Smartphone (example / may vary slightly depending on OS version)
• Android phone: Settings > Privacy > Ads > Select or Deselect Ad Personalization
• iPhone: Settings > Privacy > Tracking > Allow or Disable Apps to Request Tracking
- Google Analytics Opt-out Guide
11.Responsibility for Linked Sites
The company may provide customers with links to other external sites. In such cases, the company has no control over external sites and therefore cannot be responsible for or guarantee the usefulness, truthfulness, or legality of services or materials provided by external sites. The privacy policies of linked external sites are unrelated to the company, so please check the policies of the respective external sites.
12.Personal Information Protection Officer, etc.
(1) The company is doing its best to ensure that customers can safely use the company's services. Customers can report all personal information protection complaints related to the company's service use to the personal information management officer or dedicated department, and the company will respond promptly and sincerely to customers' reports.
(2) If you need to report or consult about other personal information infringements, please contact the following institutions:
▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Website: privacy.kisa.or.kr
- Phone: (without area code) 118
▶ Personal Information Dispute Mediation Committee
- Website: www.kopico.go.kr
- Phone: (without area code) 1833-6972
▶ Supreme Prosecutors' Office
- Website: www.spo.go.kr
- Phone: (without area code) 1301
▶ National Police Agency Cyber Investigation Bureau
- Website: ecrm.cyber.go.kr
- Phone: (without area code) 182
13.Language
This Privacy Policy is written in Korean and English, and in case of any conflict between the Korean and English versions, the Korean Privacy Policy shall prevail.
14.Changes to Privacy Policy
Announcement date: January 1, 2025
Effective date: January 1, 2025
When the company changes its privacy policy, it continuously discloses the timing of changes and implementation, and the changed content. The changed content is disclosed by comparing before and after changes for easy confirmation by users.
<Supplementary Provision>
This Privacy Policy is effective from January 1, 2025.
