Demaf ('https://friends.demaf.us', hereinafter referred to as 'Demaf') has established the following policy to protect users' personal information and rights in accordance with the Personal Information Protection Act and to smoothly handle users' complaints related to personal information.

Demaf will notify users through website announcements (or individual notices) if the privacy policy is revised.

○ This policy is effective from February 1, 2023.

1. Purpose of Processing Personal Information

Demaf ('https://friends.demaf.us', hereinafter referred to as 'Demaf') processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use changes, prior consent will be obtained.

a. Membership Registration and Management

Confirmation of membership intention, identification/authentication for member services, maintenance/management of membership qualifications, implementation of limited identification system, prevention of fraudulent use of services, confirmation of legal representative's consent for collecting personal information of children under 14, notifications, handling complaints, and record preservation for dispute resolution.

b. Handling Civil Complaints

Verification of complainant's identity, confirmation of complaint details, contact/notification for fact investigation, and notification of processing results.

c. Provision of Goods or Services

Provision of services, content, customized services, identity verification, age verification, payment/settlement of fees.

d. Marketing and Advertising

Development of new services/products, provision of customized services, provision of event and advertising information and participation opportunities, service provision and advertisement placement based on demographic characteristics, verification of service effectiveness, frequency analysis, and statistics on members' service usage.

2. Status of Personal Information Files

• Personal Information Items: Email, mobile phone number, password, login ID, gender, date of birth, name, service usage records, access logs, cookies, access IP information, payment records
• Collection Method: Website
• Retention Basis: Service
• Retention Period: 5 years
• Related Laws
  1. Records of consumer complaints or dispute resolution: 3 years
  2. Records of contracts or withdrawal of offers: 5 years
  3. Records of display/advertising: 6 months

3. Processing and Retention Period of Personal Information

① Demaf ('Demaf') processes and retains personal information within the period agreed upon by the data subject or as stipulated by law.

② The processing and retention period for each type of personal information is as follows:

1. Records of consumer complaints or dispute resolution: 3 years
2. Records of contracts or withdrawal of offers: 5 years
3. Records of display/advertising: 6 months

4. Provision of Personal Information to Third Parties

① Demaf ('https://friends.demaf.us', hereinafter referred to as 'Demaf') provides personal information to third parties only in cases where the data subject has given consent, or as stipulated by law under Articles 17 and 18 of the Personal Information Protection Act.
② Demaf ('https://friends.demaf.us') provides personal information to third parties as follows:

1. Third-Party Provision
- Recipient: Facebook, Google, Naver, Kakao
- Purpose of Use: Analytics tools
- Retention and Use Period: 3 years

5. Entrustment of Personal Information Processing

① Demaf ('Demaf') entrusts personal information processing tasks as follows for smooth handling of personal information.

1. Entrustment
- Entrusted Party:
- Content of Entrusted Tasks:
- Entrustment Period:

② Demaf ('https://friends.demaf.us', hereinafter referred to as 'Demaf') specifies in contracts or documents the prohibition of processing personal information for purposes other than the entrusted tasks, technical/managerial protection measures, restrictions on re-entrustment, supervision of entrusted parties, and compensation for damages, in accordance with Article 25 of the Personal Information Protection Act.
③ If the content of entrusted tasks or entrusted parties changes, Demaf will disclose such changes promptly through this privacy policy.

6. Rights and Obligations of Data Subjects and Legal Representatives

① Data subjects can exercise their rights to request access, correction, deletion, and suspension of processing of personal information at any time.
② The exercise of rights under Paragraph 1 can be made through written, electronic mail, or fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and Demaf will take action promptly.
③ The exercise of rights under Paragraph 1 can also be made through legal representatives or authorized agents. In this case, a power of attorney in the form prescribed in Annex 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
④ Requests for access and suspension of processing may be restricted under Articles 35, Paragraph 5, and 37, Paragraph 2 of the Personal Information Protection Act.
⑤ Requests for correction and deletion cannot be made if the personal information is specified as a collection target under other laws.
⑥ Demaf verifies whether the requester is the data subject or a legitimate representative when requests for access, correction, deletion, or suspension of processing are made.

7. Items of Personal Information Processed

① Demaf ('https://friends.demaf.us', hereinafter referred to as 'Demaf') processes the following personal information items.

1. Membership Registration and Management
- Required Items: Email, password, service usage records, access logs, cookies, access IP information, payment records
- Optional Items: Mobile phone number, gender, date of birth, name

8. Destruction of Personal Information

Demaf ('Demaf') destroys personal information promptly when the purpose of processing is achieved. The procedure, timing, and method of destruction are as follows:

- Destruction Procedure
Information entered by users is transferred to a separate database (or separate documents in the case of paper) after the purpose is achieved and stored for a certain period according to internal policies and other relevant laws before being destroyed. During this time, the transferred personal information is not used for other purposes.

- Destruction Timing
Personal information is destroyed within 5 days from the end of the retention period or within 5 days from the date it is deemed unnecessary due to the achievement of the processing purpose, service discontinuation, or business termination.

9. Matters Regarding Automatic Collection Devices for Personal Information

1. Demaf uses 'cookies' to store and retrieve usage information to provide customized services.
2. Cookies are small pieces of information sent by the server (HTTP) operating the website to the user's computer browser and stored on the user's PC hard disk.
   1. Purpose of Cookie Use: Cookies are used to provide optimized information by identifying the usage patterns, popular search terms, security connection status, etc., of services and websites visited by users.
   2. Installation, Operation, and Rejection of Cookies: Users can refuse to store cookies by setting options in the privacy menu of the browser's tools-internet options.
   3. If cookies are refused, difficulties may arise in using customized services.

10. Designation of Personal Information Protection Officer

① Demaf ('https://friends.demaf.us', hereinafter referred to as 'Demaf') designates the following personal information protection officer to oversee personal information processing tasks, handle complaints, and provide relief related to personal information processing.

▶ Personal Information Protection Officer
Name: Namhyung Kim
Position: CTO
Contact: 010-8249-1481, contact@demaf.kr
※ Connected to the Personal Information Protection Department.

▶ Personal Information Protection Department
Person in Charge: Namhyung Kim
Position: CTO
Contact: 010-8249-1481, contact@demaf.kr

② Data subjects can contact the personal information protection officer and department for all inquiries, complaints, and relief related to personal information protection arising from the use of Demaf's services (or business). Demaf will respond and process inquiries promptly.

11. Changes to the Privacy Policy

① This privacy policy applies from the effective date, and any additions, deletions, or corrections to the content will be notified through announcements 7 days before the changes take effect.

12. Measures to Ensure the Security of Personal Information

Demaf ('Demaf') implements the following technical, managerial, and physical measures to ensure the security of personal information in accordance with Article 29 of the Personal Information Protection Act.

1. Technical Measures Against Hacking
Demaf installs security programs, conducts regular updates and inspections, and installs systems in areas with controlled access to prevent personal information leakage and damage caused by hacking or computer viruses.

2. Encryption of Personal Information
Users' personal information and passwords are encrypted for storage and management, ensuring that only the user knows them. Important data is encrypted or locked using separate security features.

3. Retention and Prevention of Tampering of Access Records
Access records to the personal information processing system are retained and managed for at least 6 months, and security features are used to prevent tampering, theft, or loss of access records.

4. Restriction of Access to Personal Information
Access rights to the database system processing personal information are granted, changed, and revoked to control access to personal information, and unauthorized access is controlled using intrusion prevention systems.