To safeguard the privacy and rights of data subjects, Cryptolab Inc. (“the Company”) responsibly processes and securely manages personal information in accordance with the Personal Information Protection Act (“PIPA”) and applicable laws and regulations. In line with Article 30 of the PIPA, we have established and disclosed this privacy policy to inform data subjects about our procedures and standards for processing and protecting personal information, as well as to ensure the efficient handling of related complaints.
1. Purpose, Scope, and Duration of Personal Information Collection and Use
The Company will collect and use personal information only to the minimum extent necessary to provide services, in compliance with the PIPA. The Company processes the following personal information with the consent of the data subject in accordance with Articles 15(1)(1) of the PIPA.
| Collected Items | Purpose of Collection and Use | Period of Retention and Use |
|---|---|---|
| E-mail address, Name, Occupation | To sign up a CODE.HEAAN account | Until a member terminating its account |
2. Procedure and Method of Destruction of Personal Information
The Company will promptly destroy personal information when it is no longer necessary due to the expiration of the retention period or the achievement of the processing purpose.
When destroying personal information, the Company will take commercially reasonable and technically possible measures to make the personal information irrecoverable or irreproducible as follows:
- Electronic files which contain personal information will permanently be deleted using a technical method which makes the files irrecoverable; and
- Any other records, print-outs, documents or any other recording media will be shredded or incinerated.
If continued retention of personal information is required under other laws and regulations, despite the expiration of the retention period or the completion of the processing purpose, such information will be moved to a separate database or retained in a different location.
3. Criteria for Determining Additional Use and Provision
In accordance with Article 15(3) or Article 17(4) of the PIPA, the Company may use or provide personal information without the data subject’s consent by taking into account the factors outlined in Article 14-2 of the Enforcement Decree of the PIPA.
To proceed with the additional use and provision of personal information without consent, the Company has evaluated the following considerations:
- Criteria for determining whether it is relevant to the original purpose of collection
- Criteria for determining whether additional use or provision of personal information is foreseeable by data subjects, based on the circumstances under which the information was collected or the practices in which it is processed
- Criteria for determining whether the interests of data subjects are unfairly infringed
- Criteria for determining whether necessary safety measures, such as pseudonymization or encryption, have been implemented
4. Matters to Ensure Personal Information Security
To ensure the safety of personal information, the Company implements the following measures:
- Managerial Measures: Implementing an internal management plan, operating a dedicated organization, and providing regular training for employees.
- Technical Measures: Managing access rights to the personal information processing system, installing access control systems, encrypting personal information, and maintaining up-to-date security programs.
- Physical Measures: Controlling access to the IT room, data storage room, and other sensitive areas.
5. Rights and Responsibilities of Data Subjects and Their Legal Representatives, and How to Exercise Them
At any time, the data subject may exercise their right to request that the Company access, correct, delete, suspend the processing of, or withdraw personal information, or to refuse or seek an explanation for an automated decision (“Exercise of Right”). The Company is committed to taking immediate measures in response.
However, the data subject’s rights to request access to and suspend the processing of their personal information may be restricted by Articles 35(4) and 37(2) of the PIPA. Furthermore, the Company cannot delete personal information if other laws and regulations require its collection.
According to Article 41(1) of the Enforcement Decree of the PIPA, you may exercise your rights with the Company in writing, via email, facsimile, etc. You may also exercise your rights through a representative or an authorized agent. In such cases, a power of attorney must be submitted in the form specified in Annex No. 11 of the Notification on How to Process Personal Information, and the Company will verify the identity of the person exercising the rights as either the data subject or their authorized representative.
6. Remedies for Infringement of Rights and Interests
To address any personal information infringement, individuals may apply for dispute resolution or seek consultation through the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency’s Personal Information Infringement Reporting Center, among others. Additionally, the following institutions can be contacted for further reports and consultations regarding personal information infringement.
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
- National Police Agency: 182 (ecrm.cyber.go.kr)
7. Amendments to this Privacy Policy
This Privacy Policy is effective from May 2nd, 2025.
- [May 2nd, 2025 - TBD] https://heaan.io/privacy-policy