Peertec Inc. (hereinafter referred to as the "Company") values users’ personal information highly, and is committed to safeguarding the personal information provided by users for the use of the Company's digital asset trading service, GDAC.
Accordingly, the Company complies with laws and regulations related to the protection of personal information, such as the "Act on Promotion of Information and Communications Network Utilization and Information Protection" and the "Personal Information Protection Act," and has established the policy of processing personal information to protect the rights and interests of users.
The Company notifies the guideline on processing personal information on the first page of the site so that users can easily check it at any time.
The Company’s Guideline on Processing Personal Information may be revised in accordance with relevant laws and regulations and the Company's internal policies, and any revisions will be easily checked through version management.
Article 1 (Purpose of Personal Information Collection)
The Company collects users' personal information for the following purposes. The collected personal information will not be used for any other purposes than those stated below. If the purpose of use is changed, necessary measures will be taken in accordance with Article 15 of the Personal Information Protection Act, such as obtaining separate consent.
- Membership Registration and Management
1) User identification, confirmation of intention to join and age, confirmation of applicant's representative
2) Prevention of use of services by fraudulent members
3) Service announcement and notification
4) Confirmation of the applicant's representative
- Provision of Goods or Services
1) Provision of various services, including affiliated company services
2) Provision of services agreed upon with users, billing for purchase and use of paid services
3) User consultation, receipt and handling of user complaints, record-keeping for dispute resolution, and notification of important information.
4) Analysis of service usage records and access frequency, statistics on service usage, establishment of service environment for privacy protection, provision of customized services, and utilization for service improvement.
5) Statistics on service usage.
- Event Information Notification
1) Use for information dissemination during new service development and event promotions, marketing, and advertising, etc.
- Handling of user complaints
1) Confirmation of the complainant's identity.
2) User consultation, receipt and handling of user complaints, record-keeping for dispute resolution, and notification of important information.
- Utilization of Information Related to Custody Service Usage
1) Use and provision of personal/corporate information/data for marketing and promotion purposes, including the use of personal information of corporate members and custody service usage information for marketing and promotion purposes, and the use and provision of corporate member usage information data.
2) Provision of data and information upon request by corporate members, including the provision of information related to statistics and data concerning corporate members that the Company allows and the provision of information related to statistics and data requested by corporate members for research purposes that the Company allows.
Article 2 (Personal Information Collection Items and Methods)
The Company collects both necessary and optional information to ensure smooth service provision.
- The personal information items collected when using the service
|Purpose of Collection||Classification of Members||Point of Collection||Division||Collection Items|
|Membership Registration and Management||Individual||When joining the membership||Essential||Email Address, Password|
|Corporation||When joining the membership||Essential||Email address, Password|
|Corporation||When verifying a corporation's identity as Level 2 member||Essential||Corporate representative’s information and identification card, Deputy’s information identification card, Beneficiary owner’s information|
|Provision of Goods or Services||Individual||Level 1 Email Verification||Essential||Email Address|
|Level 2 Mobile Phone Verification||Essential||Name, Mobile Phone Number, Date of Birth, gender, Domestic/Foreigner Information, Subscribed Telecommunication Company, Identity Verification Information (CI, DI), Nationality, Address|
|Level 2 ID Verification||Essential||
Choose 1 out of 4
- Resident Registration Card: Name, Resident registration number (including Back Digits), Date of Issue
- Driver's License: Name, Resident Registration Number (including Back Digits), Driver's License Number, Identification Number, Date of Issue
- (Foreign) Residence Card: Name, Registration Number, Date of Issue
- Domestic Residence Card: Name, Resident Registration Number, Date of Issue
|Level 3 Deposit and Withdrawal Account Verification||Essential||Bank Name, Account Number, Account Holder Name|
|Level 4 Kakao Pay Verification||Essential||
Verification Result (Token, Expired Time, Success or Failure)
※ Kakao Pay does not directly collect or store personal information required for identity verification.
|Handling of User Complaints||Individual, Corporation||
1:1 Talk for Consultation
Sending an Email
|Essential||Name, Mobile Phone Number, Email Address, Inquiry Details|
|Automatic Collection||Individual, Corporation||Use of Service||Essential||Device Information (OS, Screen Size, Device ID, Mobile Phone Number, UUID), IP Address, Service Use Record, User Status, Cookies|
|Termination of Contract||Individual, Corporation||Withdrawal||Essential||Name, Email
- Asset Reduction Agreement (Applies Only to Members Who Agree to Asset Reduction)
- Additional personal information items collected during handling user Complaints
|Content of Inquiry||Point of Collection||Collection Items|
|Reset of Mobile Phone Number||Inquiry||Non-face-to-face Identity Verification (Name, Date of Birth, Email Address), Certificate of Telecommunications company Use Contract (Name, Date of Birth, Mobile Phone Number)|
|Reset of OTP||Non-face-to-face Identity verification (Name, Date of Birth, Email Address)|
|Reset of Withdrawal Account||Non-face-to-face Identity verification (Name, Date of Birth, Email Address)|
|Incorrect Deposit||Deposit Confirmation (Name of Financial Institution for Incorrect Deposit, Account Number, Account Holder, Transfer Details), Non-face-to-face Identity Verification (Name, Date of Birth, Email Address), Evidence of Incorrect Deposit (Digital Asset
Wallet Address of Withdrawal, Exchange, TXID)
|Reconnection with Account||Non-face-to-face Identity Verification (Name, Date of Birth, Email Address), Mobile Phone Number|
|Identification document for Withdrawal||Non-face-to-face Identity Verification (Name, Date of Birth, Email Address), Bank Transaction Statement (Name, Account information, Account number), Transaction Purpose Confirmation (Name, Account Information, Account Number)|
|Request to Unlock the restricted transactions||Non-face-to-face Identity Verification (Name, Date of Birth, Email Address)|
- Methods of collecting personal information
1) Collection through websites, mobile web, 1:1 inquiries, email inquiries, chat consultations, etc.
2) Collection through automatic collection devices.
Article 3 (Retention and Use Period of Personal Information)
- The Company uses personal information within the retention and use period agreed upon by the user at the time of collection or within the period required by law.
- The retention and use periods for each type of personal information are as follows:
1) Membership registration and management: Until withdrawal
2) Provision of goods or services: Until the supply of goods or services is completed
3) Event information notification: Until the end of the event
4) Handling of user complaints: Up to 5 years after withdrawal
5) Utilization of information related to custody services: Until the end of the service use
- Notwithstanding the provisions of paragraph 2, personal information may be retained and used until the end of the relevant reason in the following cases. However, if the retention and use period is different, the longest period shall apply. The retention and use periods are as follows:
1) Act on Consumer Protection in Electronic Commerce, etc.
- Records related to contracts or withdrawal of subscription: for 5 years
- Records related to payment of fees and supply of goods, etc.: for 5 years
- Records related to compensation or erroneous payment: for 5 years
- Records related to consumer complaints or dispute resolution: for 3 years
2) Act on Reporting and Use of Specific Financial Transaction Information
- Customer verification records: for 5 years
3) Act on Protection of Communications Secrets
- Login records: for more than 3 months
- The Company converts the accounts of users who have not used the service for one year into dormant accounts and separately stores their personal information. However, 30 days before converting the user's account into a dormant account, the Company notifies the user of the fact that their personal information will be separately stored, the date of dormancy, and the personal information items that will be separately stored via email and text message.
- However, personal information is separately stored and managed in cases of accident investigation, dispute resolution, Handling of user complaints, and legal obligations.
Article 4 (Outsourcing of Personal Information Processing)
The Company entrusts external companies with some of the necessary tasks for providing various services to users to perform personal information processing. The Company also manages and supervises the entrusted companies to ensure that they do not violate personal information protection laws and regulations. The companies that the Company has entrusted with personal information processing are as follows.
- Domestic Trustee Company
|NICE Information Service Co., Ltd||Mobile Phone Identity Verification Service|
|Kakao Pay Corp.||Kakao Pay Verification Service|
|Infobank Corp.||Non-face-to-face Identity Verification Service|
|Sweet Tracker||Text Notification and KakaoTalk Notification Service|
|OK text||Notification of Important Contents and Marketing Messages to All Members|
|Stibee Inc.||Email Notification of Important Contents and Marketing Recipients for All Members|
|Samjung Data Service||Email Notification of Important Contents and Marketing Recipients for All Members|
|SK Broadband||Record-keeping for identity Verification Calls (Identity Verification Related to KRW Deposit and Digital Asset Withdrawal)|
|USEB Co Ltd.||Non-face-to-face Identity Verification|
|Daou Technology Inc.||As an agency for sending Kakao AlimTalk|
VerifyVASP Pte. Ltd.
|Execution of Digital Asset Travel Rules|
- Overseas Trustee Company
|Company Name and Contact||Country of Residence||Date and Method of Transfer||Transferred Details||Purpose of Use and Processing Period|
Amazon Web Services, Inc. (Japan Regional Office)
|Japan||Automatically sent to Japan at the time of collection completion of the account through the information and communication network||Personal information in Article 1, Paragraphs 1 and 3||
-Used for GDAC service and operation
-Until member withdrawal or consignment contract termination
|USA||Automatically sent to the United States at the time when customer-specific consultation service starts||Personal information under Article 1 Paragraph 2||
-Purpose of customer consultation information management
-Upon membership withdrawal or until the termination of the consignment contract
VerifyVASP Pte. Ltd.
|Singapore||When depositing and withdrawing digital assets, it is transferred through the network||Name of Sender/Receiver, Digital Asset Address||
-Performing Digital Asset Travel Rules
Article 5 (Provision of Personal Information to Third Parties)
In principle, the Company does not provide personal information to third parties. However, personal information may be provided under the following circumstances:
- When the user directly consents to the provision of their personal information to a third party.
- When there is an obligation to submit personal information to the Company due to relevant laws and regulations, anti-money laundering, financial fraud, etc.
- When there is an urgent need to alleviate a risk to the user's life or safety.
The details of the provision of personal information to third parties will be notified in the future if there is any provision to third parties.
Article 6 (Rights and Obligations of Users and Legal Representatives and Methods of Exercising Them)
Users have the right to access, correct, delete, and request the suspension of processing of their personal information from the Company at any time. However, the exercise of these rights may be limited in accordance with the provisions of related laws and regulations, such as Article 35(4), Article 36(1), and Article 37(2) of the Personal Information Protection Act.
Users may exercise their rights under the first paragraph through written documents, email, fax, etc., in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take prompt action in response.
The exercise of rights under the first paragraph may be done through a legal representative or an authorized agent of the user. In this case, an authorization letter in accordance with Form No. 11 of the Notice on Personal Information Processing Methods must be submitted.
If the personal information is specified as a collection target in other laws when requesting correction or deletion of personal information, such requests cannot be made.
The Company verifies whether the requester of access, correction, deletion, or suspension of processing is the user or a legitimate representative.
Article 7 (Destruction of Personal Information)
The Company shall promptly destroy relevant information after the retention period of personal information has elapsed or the purpose of collecting and using personal information has been achieved.
However, even if it falls under the first paragraph, information that must be retained under related laws and regulations shall be managed in a separate storage space designated by the law and shall not be used for any purpose other than that specified by the law.
The personal information items to be separated and stored are as follows: name, English name, mobile phone number, email, date of birth, gender, account information, nationality, CI, domestic/foreigner information, residence, identification information, and digital asset address.
The destruction of personal information shall be completely deleted using technical methods to prevent recovery and regeneration in the case of electronic file format, and in the case of records, prints, documents, etc., they shall be shredded or incinerated for destruction.
Article 8 (Measures for Ensuring the Security of Personal Information)
The Company has implemented administrative, technical, and physical measures to ensure the safety of personal information from loss, theft, leakage, alteration, or damage while processing user's personal information.
- Administrative Measures:
1) Establishment of an internal management plan: The Company has established and implemented an internal management plan to ensure the safe handling of personal information.
2) Education on personal information for personal information handlers: The Company is raising awareness of the importance of personal information protection through education and other administrative measures for personal information handlers.
- Technical Measures:
1) Access control for personal information: The Company minimizes the number of personnel handling personal information and takes necessary measures to control access to personal information by granting, changing, and revoking access rights to the database system that handles personal information.
2) Encryption of personal information: The Company encrypts user's personal information during transmission using an encrypted communication channel and stores important information such as passwords in an encrypted form.
3) Technical measures to prepare for hacking: The Company regularly backs up data to prepare for damage to personal information and uses the latest antivirus programs to prevent leakage or damage to user's personal information or data. The Company also uses intrusion prevention systems to control unauthorized access from external sources and strives to equip all possible technical devices to ensure security.
4) Storage and prevention of tampering with access records: The Company stores and manages records of access to the personal information processing system (web logs, summary information, etc.) and uses security functions to prevent tampering, theft, or loss of access records.
- Physical Measures:
1) Access control for unauthorized personnel: The Company operates access control systems and equipment to control the entry of external personnel to prevent leakage of personal information.
Article 9 (Matters Related to the Installation, Operation, and Refusal of Personal Information Automatic Collection Devices)
- Definition and Purpose of Cookies
- Installation, Operation, and Refusal of Cookies
1) Users have the right to choose whether to install cookies and can refuse or delete the storage of such cookies at any time. The method of refusing cookie settings is as follows:
- Microsoft Edge: Select the Tools menu > Settings > Privacy, search, and services > Tracking prevention settings
- Chrome : Select Settings Menu > Show Advanced Settings > Privacy and Security > Cookies and Other Site Data > Cookie Level Settings
- Safari : Select Preferences Menu > Privacy Tab > Cookie and Website Data Level Settings
Article 10 (Personal Information Protection Manager and Department in Charge)
The Company has designated the following departments and personal information protection managers to safeguard users' personal information and handle complaints related to personal information. Information subjects may request access to personal information in accordance with Article 35 of the Personal Information Protection Act through the following protection managers and departments in charge. The Company will make every effort to promptly process information subjects' requests for access to personal information.
[Personal Information Protection Manager]
Name: Ji Song-won
Position: Personal Information Protection Manager
[Department in Charge of Personal Information]
Department in Charge: Customer Center
Phone Number: 1600-3581
Article 11 (Remedies for Infringement of Rights)
If you need help with remedies or consultation regarding personal information infringement, you may contact the following organizations.
▶ Personal Information Infringement Notification Center (operated by Korea Internet & Security Agency)
- Website: https://privacy.kisa.or.kr
- Telephone: (without area code) 118
▶ Personal Information Dispute Resolution Committee (operated by Korea Internet & Security Agency)
- Website: https://www.kopico.go.kr
- Telephone: 1833-6972
▶ Cyber Investigation Department, Supreme Prosecutors' Office
- Website: https://www.spo.go.kr
- Telephone: (without area code) 1301
▶ National Police Agency Cyber Safety Bureau
- Website: https://ecrm.cyber.go.kr
- Telephone: (without area code) 182
The previous Privacy Policies are as follows.