Privacy Policy

Innerverse Inc. (hereinafter referred to as "Company") processes personal information lawfully and manages it securely in compliance with the Personal Information Protection Act and related laws to protect the freedom and rights of data subjects in operating the Toonkit service. Accordingly, in accordance with the Personal Information Protection Act, we hereby establish and publicly disclose this Privacy Policy to inform users of the procedures and standards regarding the processing and protection of personal information, and to promptly and smoothly handle related grievances.

1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, we will implement necessary measures such as obtaining separate consent in accordance with the Personal Information Protection Act.

• Membership registration and management: Verification of membership intention, identification and authentication for (paid) membership services, maintenance and management of membership status, prevention of fraudulent use of services, service-related notices, complaint handling and civil affairs processing, verification of legal guardian consent when processing personal information of children under 14, various notifications
• Provision of goods or services: Provision of basic/customized services, sending contracts and invoices, content provision, identity verification, age verification, payment and settlement of content fees for paid services, statistical analysis and utilization of service usage, service improvement
• New service development and marketing/advertising utilization: Development of new services and provision of customized services, feature improvement, service provision based on demographic characteristics, provision of various events and promotional information, verification of service validity, understanding access frequency, and statistical purposes for members' service usage

The Company automatically collects the following personal information items during users' service usage process.

• IP address, cookies, MAC address
• Service usage records (visit and usage records, fraudulent usage records, etc.)
• Browser name and version information

2. Items of Personal Information Processed

The Company collects and processes the minimum personal information necessary for service use.

Membership Registration and Management

When Providing Goods or Services

• User's usage logs, text (prompts) entered by members, images, videos

When Using Paid Services

• Credit card payment: Card company name, card number, and other credit card information
• Simple payment: Payment information linked to TossPay, KakaoPay, Payco, etc.
• Mobile phone payment: Mobile phone number, carrier, and other payment information
• Gift certificate: Gift certificate number, relevant site ID

When Handling Grievances

Collection and processing of necessary items from the above information and separate items required for grievance handling from users

Automatically Collected Information

The following information may be automatically generated and collected during service usage or business processing.

• IP address, cookies, MAC address
• Service usage records (visit and usage records, fraudulent usage records, etc.)
• Browser name and version information

When collecting personally identifiable information and sensitive information, the Company always informs users of all relevant matters through the Terms of Service and Privacy Policy, and processes consent for personal information collection when users click the consent button for personal information provision and/or sensitive information provision. However, when collecting personal information of children under 14 years of age, additional consent from a legal guardian is required.

3. Processing and Retention Period of Personal Information

The Company processes and retains personal information within the retention and usage period specified by law or within the retention and usage period agreed upon when collecting personal information from users. The processing and retention periods for each category of personal information are as follows.

• Membership registration and management: 14 days from membership withdrawal
• Performance of service provision contract: 14 days from membership withdrawal
• Marketing and advertising utilization: Until withdrawal of consent for marketing and advertising utilization
• Service improvement and customized service development: 14 days from membership withdrawal

Separately from the above, personal information may be retained and used until the end of the applicable period in the following cases.

• Until the completion of investigation when an investigation is in progress due to violation of related laws
• Until settlement when credit/debt relationships remain with members or third parties from service usage

Retention Under Related Laws

Act on Consumer Protection in Electronic Commerce

• Records of contracts or subscription withdrawal, payment, supply of goods (buyer information, product purchase/cancellation/exchange/ refund information, recipient information, payment information, invoice number): 5 years
• Records of consumer complaints or dispute resolution (customer number, name, phone number, email address, consultation records, complaint or dispute resolution results): 3 years
• Records of display and advertising: 6 months

Protection of Communications Secrets Act, Article 15-2

• Computer communications, internet log records, connection tracking data: 3 months

Framework Act on National Taxes, Article 85-3

• All accounting books and supporting documents for transactions prescribed by tax law: 5 years

4. Provision of Personal Information to Third Parties

The Company processes users' personal information only within the scope specified in the purposes of processing personal information, and provides personal information to third parties only in cases permitted by the Personal Information Protection Act, such as user consent or special provisions of laws, and does not otherwise provide users' personal information to third parties.

5. Entrustment of Personal Information Processing

The Company entrusts personal information processing as follows for smooth personal information handling.

When concluding entrustment contracts, the Company specifies matters regarding prohibition of personal information processing beyond the purpose of entrusted tasks, technical and administrative protective measures, restrictions on re-entrustment, supervision of trustees, and liability including damages in contract documents, and supervises whether trustees process personal information safely. When trustees re-entrust the Company's personal information processing tasks, they obtain the Company's consent.

If the content of entrusted tasks or trustees changes, we will promptly disclose this through this Privacy Policy.

6. Rights and Obligations of Users and Legal Guardians and Methods of Exercise

Users may exercise their rights to request access, correction, deletion, suspension of processing, and withdrawal of consent regarding personal information, as well as refusal or request for explanation of automated decisions, at any time to the Company.

• The exercise of rights under the preceding paragraph may be done through the user's legal guardian or an authorized representative. In this case, you must submit a power of attorney that can verify the delegation to the representative.
• The exercise of rights under the preceding paragraph may be done in writing or by email, and the Company will take action without delay.
• Users may request access at any time by sending an inquiry email to cs@toonkit.io.
• Users may withdraw consent to the collection and use of personal information at any time through 'Account Deletion'.
• Users may refuse automated decisions and request explanations at any time by sending an inquiry email to cs@toonkit.io.

Some rights may be restricted in accordance with related laws such as the Personal Information Protection Act, as shown in the following examples.

• If personal information is specified as a collection target in other laws, deletion of that personal information cannot be requested.
• If user consent has been obtained regarding the fact that automated decisions will be made, or if notified in advance through a contract, or if clearly stipulated by law, refusal of automated decisions is not recognized, and only requests for explanation and review are possible.
• Requests for refusal or explanation of automated decisions may be rejected if there are legitimate reasons such as concerns about unfairly infringing on the life, body, property, or other interests of others.

Users may exercise their rights at the following department.

• Department: Business Development Team
• Contact: cs@toonkit.io

7. Destruction of Personal Information

When personal information becomes unnecessary due to the expiration of the retention period or achievement of processing purposes, the relevant personal information is destroyed without delay.

If personal information must be retained in accordance with internal policies and other related laws despite the expiration of the agreed retention period or achievement of processing purposes, the personal information is moved to a separate database (or separate file cabinet for paper documents) and safely stored for a certain period before being destroyed.

Procedures and Methods of Personal Information Destruction

• Destruction procedure and timing: The Company destroys users' personal information within 5 days from the end date of the retention period when the retention period has expired, or within 5 days from the date when personal information processing is recognized as unnecessary when the personal information becomes unnecessary due to achievement of processing purposes, discontinuation of the relevant service, or termination of business, with approval from the personal information protection officer.
• Destruction method: Personal information recorded and stored in electronic file format is destroyed so that records cannot be reproduced, and personal information recorded and stored in paper documents is shredded or incinerated.

8. Measures to Ensure Security of Personal Information

The Company takes the following measures to ensure the security of personal information.

• Administrative measures: Establishment and implementation of internal management plans, regular employee training
• Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and update of security programs
• Physical measures: Access control to computer rooms, data storage rooms, etc.

9. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

The Company uses 'cookies' that store and retrieve usage information as follows to provide individual customized services to users. Cookies are small pieces of information sent by the server operating the website to the user's computer web browser and may be stored on the hard disk of the user's PC computer or mobile device.

Purpose of Using Cookies

Used for maintaining user login, analyzing user access frequency and visit time, understanding user service usage patterns and tracking, secure connection status, and security management through user scale, as well as service improvement and new service development.

Installation, Operation, and Rejection of Cookies

Service users have the right to choose whether to install cookies. Therefore, users can reject the storage of cookies by changing settings as follows.

• Android: Settings > Privacy > Ads > Delete advertising ID
• iPhone: Settings > Privacy > Tracking > Turn off Allow Apps to Request to Track
• Internet Explorer: Tools > Internet Options > Privacy > Settings > Block Cookies
• Microsoft Edge: Settings and more > Settings > Privacy, search, and services > Tracking prevention, Cookies and site permissions settings
• Chrome: Customize and control > Settings > Privacy and security > Select desired cookie blocking method in Third-party cookies

If you refuse to store cookies, you may experience difficulties using some services.

10. Personal Information Protection Officer

The Company designates a personal information protection officer as follows to take overall responsibility for personal information processing and to handle complaints and remedy damages related to personal information processing.

You may report all personal information protection-related complaints that arise while using the Company's services to the personal information protection officer or the relevant department. The Company will provide prompt and sufficient responses to customers' reports.

11. Methods for Remedy of Rights Infringement

Data subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive remedies for personal information infringement. For other personal information infringement reports and consultations, please contact the following organizations.

The following organizations are separate from the Company. If you are not satisfied with the Company's own personal information complaint handling and damage remedy results, or if you need more detailed help, please contact them.

• Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
• Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office Cyber Investigation Division: (without area code) 1301 (www.spo.go.kr)
• National Police Agency Cyber Bureau: (without area code) 182 (ecrm.police.go.kr)

The Company strives to guarantee users' right to self-determination of personal information and to consult and remedy damages caused by personal information infringement. If you need to report or consult, please contact the following department.

12. Changes to This Privacy Policy

The Company may modify this Privacy Policy for purposes such as reflecting changes in laws or services. When this Privacy Policy is changed, the changes will be posted, and the modified Privacy Policy will take effect 7 days after posting.