April7 Inc. (hereinafter referred to as "the Company") abides by the related statutes of the privacy protection act and the law regarding the promotion of information and communication network use and protection of information. As an IT service provider, the Company also abides by the relevant matters of the personal information protection laws. Further, the Company is protecting the user's interests to the Company's best of abilities by defining this Privacy Policy.
1. What is the Privacy Policy?
April7 Co., Ltd. (hereinafter referred to as the "Company") complies with relevant laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, and is committed to protecting users' personal information.
This Privacy Policy applies when using the "Datalk" service (hereinafter referred to as the "Service") provided by the Company, and stipulates the collection, use, provision, and protection of personal information.
Users have the right to refuse consent to the collection, use, provision, and outsourcing of their personal information; however, refusal may result in limited or restricted access to some or all of the services.
2. Collection of Personal Information
The Company collects the following personal information to provide the Service.
1.
Personal information is collected through the following methods:
•
Homepage, application, written forms, phone calls, customer support boards, emails, and event entries
•
Provision from partner companies
•
Collection through information generation tools
2.
During service use or business processing, the following information may be collected:
•
Required Information: Date of birth, nickname, gender, phone number verification information, mobile phone number, basic profile information (profile photo, location information), OS and device information (including ADID and IDFA), access logs and service usage records (including IP address), records of misuse, locale information, payment records, marketing communication preferences, message reception preferences, chat history, call history, voice information, and location information (in accordance with the Location-Based Service Terms of Use)
•
Optional Information: Additional profile information entered by the user (interest keywords, self-introduction)
3.
For the purpose of providing optimized services, the following information may also be collected through platform operators:
•
Nickname, user ID, and profile photo used by the user within the Service
3. Use of Collected Personal Information
The Company uses the collected personal information for the following purposes:
1.
User Management
•
Identity verification and user identification for service use, prevention of unauthorized use and abuse by malicious users, confirmation of registration and withdrawal intentions, preservation of records for dispute resolution, handling of customer inquiries, delivery of important notifications, identification of event participants, and delivery of prizes.
2.
Provision and Maintenance of Services
•
Profile management, blocking of acquaintances, processing of in-app payments, responding to customer inquiries, confirming whether messages have been read, and providing notification services.
3.
Development and Improvement of Services and Content
•
Data analysis and statistics to improve service quality, development of new services, provision of customized services based on statistics, validation of service effectiveness, and analysis of service usage statistics and access frequency.
4.
Providing Optimized Content for Users
•
Delivery of event and promotional information, and provision of customized advertisements based on statistical characteristics.
4. Provision and Sharing of Personal Information
The Company uses users' personal information strictly within the scope of the purposes for which it was collected and does not use or provide it to third parties beyond this scope without the user's prior consent.
However, personal information may be provided in the following exceptional cases:
1.
When the user has given prior consent
a.
Before collecting or providing information, the Company will clearly inform the user of the partner’s name, the items to be collected or provided, and the retention period, and will obtain the user's consent.
b.
If the user does not consent, the information will not be collected or provided.
2.
When required by law or upon request from investigative agencies
a.
If requested by investigative agencies in accordance with the procedures and methods prescribed by law, the Company may comply with such requests.
5. Retention and Use Period of Personal Information
The Company will promptly destroy users' personal information once the purpose of its collection and use has been fulfilled. However, certain information will be retained for a specified period in accordance with applicable laws or the Company’s internal policies, and will not be used for any purposes other than those specified.
1.
Records related to contracts or withdrawal of subscriptions
•
Retention reason: Act on the Consumer Protection in Electronic Commerce, etc.
•
Retention period: 5 years
2.
Records related to payment and supply of goods or services
•
Retention reason: Act on the Consumer Protection in Electronic Commerce, etc.
•
Retention period: 5 years
3.
Records related to consumer complaints or dispute resolution
•
Retention reason: Act on the Consumer Protection in Electronic Commerce, etc.
•
Retention period: 3 years
4.
Service usage records, access logs, and IP address information
•
Retention reason: Protection of Communications Secrets Act
•
Retention period: 3 months
5.
Records of misuse (Company internal policy)
•
Retained items: Records of misuse
•
Retention reason: Prevention of misuse
•
Retention period: 1 year
6.
Records of use/provision of location information
•
Retained items: Records of use/provision of location information
•
Retention reason: Act on the Protection and Use of Location Information
•
Retention period: 6 months
6. Procedures and Methods for Destroying Personal Information
The Company promptly destroys personal information once the retention period has expired or the purpose of processing has been achieved. Additionally, in accordance with relevant laws and internal policies, the Company will destroy or separately store the personal information of users who have not used the Service for more than two years.
1.
Destruction Procedures
•
Personal information is destroyed immediately upon the expiration of the retention period specified in Section 5.
•
Except where retention is required by law, all information is permanently deleted in an unrecoverable manner.
2.
Destruction Methods
•
Personal information printed on paper is destroyed by shredding or incineration.
•
Personal information stored in electronic file formats is securely deleted using technical methods that make recovery impossible.
7. User Rights and How to Exercise Them
Users can view or modify their personal information at any time through in-app features and may request to terminate their use of the Service. To view or modify personal information, users may also utilize the "Delete Account" feature provided by the platform operator or app store operator.
If a user wishes to verify personal information not directly held by the Company, they can check their registration details with the platform operator or app store operator and provide the relevant information to the Company to verify their identity by cross-checking the collected data.
If a user requests the correction of any inaccuracies in their personal information, the Company will not use or provide the relevant information to third parties until the correction has been completed.
In the event of a termination or deletion request, the Company will process the personal information in accordance with Section 5 (Retention and Use Period of Personal Information) and will not access or use the information for any other purposes.
8. Provision of Personal Location Information to Third Parties
The Company does not provide personal location information to third parties without the consent of the subject of the personal location information.
However, if the Company operates a service that provides location information to a third party, the recipient, the purpose of provision, and other necessary details will be clearly informed in advance, and the consent of the subject will be obtained.
Exceptions apply in the following cases:
1.
When required by law
2.
When requested by an investigative agency for investigative purposes, following the procedures and methods prescribed by law
9. Rights of Guardians of Children Aged 8 and Under
1.
For the protection of the life or physical safety of individuals who fall under the following categories (hereinafter referred to as "Children Under 8, etc."), if a guardian consents to the collection, use, or provision of personal location information, such consent is deemed to have been given by the individual themselves:
a.
Children under the age of 8
b.
Persons under adult guardianship
c.
Persons with mental disabilities as defined in Article 2, Paragraph 2, Item 2 of the Act on Welfare of Persons with Disabilities, who are also classified as persons with severe disabilities under Article 2, Item 2 of the Act on the Employment Promotion and Vocational Rehabilitation of Persons with Disabilities and are registered under Article 32 of the Act on Welfare of Persons with Disabilities
2.
A guardian under Paragraph 1 refers to a person who actually protects the individual, and includes:
a.
The legal representative of a child under the age of 8 or a guardian as defined under Article 3 of the Act on the Duties of Guardianship
b.
The legal representative of a person under adult guardianship
c.
The legal representative of a person falling under Paragraph 1, Item 3, or the head of one of the following facilities:
i.
A residential facility for persons with disabilities under Article 58, Paragraph 1, Item 1 of the Act on Welfare of Persons with Disabilities (limited to facilities established and operated by the national or local government)
ii.
A community rehabilitation facility for persons with mental disorders under Article 3, Item 4 of the Mental Health and Welfare Act (limited to facilities established and operated by the national or local government)
iii.
A psychiatric care facility under Article 3, Item 5 of the same act
3.
If a guardian wishes to consent to the collection, use, or provision of personal location information to protect the life or physical safety of Children Under 8, etc., the guardian must submit a written consent form along with documentation proving their status as a guardian to the Company.
•
Upon providing consent, the guardian shall be deemed to have the full rights of the data subject regarding personal location information.
10. Outsourcing of Personal Information Processing
The Company entrusts part of its personal information processing tasks to external service providers for customer support and smooth service delivery.
When entering into outsourcing contracts, the Company takes necessary measures to protect personal information.
If the details of the outsourced tasks or the service providers change, the Company will announce the changes through a prior consent process or this Privacy Policy in accordance with relevant laws.
1.
Service Providers: Google Inc., Apple Inc.
•
Purpose of Outsourcing: Payment processing
•
Retention and Use Period: Until membership withdrawal or termination of the outsourcing agreement
2.
Service Providers: Amazon Web Services, Inc., Google Inc., Megazone Cloud Corporation
•
Purpose of Outsourcing: Data storage and cloud service infrastructure
•
Retention and Use Period: Until membership withdrawal or termination of the outsourcing agreement
3.
Service Providers: NHN Entertainment Corp., Nurigo Corp., Infobip Ltd
•
Purpose of Outsourcing: SMS transmission system operation
•
Retention and Use Period: Until membership withdrawal or termination of the outsourcing agreement
4.
Service Providers: Google Inc., Facebook, Kochava
•
Purpose of Outsourcing: Log analysis and online advertising performance tracking
•
Retention and Use Period: Until membership withdrawal or termination of the outsourcing agreement
11. Overseas Transfer of Personal Information
The Company entrusts some personal information processing tasks to overseas service providers for customer support and smooth service delivery.
When entering into outsourcing contracts, the Company implements legal and technical security measures to protect personal information.
If there are any changes to the service providers or the details of the outsourced tasks, the Company will either obtain prior consent or provide notification through this Privacy Policy in accordance with relevant laws.
•
Purpose: Log analysis and online advertising performance tracking / Data storage and cloud service infrastructure
•
Service Providers and Countries: (To be specified)
Service Provider | Contact Information of Recipient | Transferred Items | Country of Transfer | Time and Method of Transfer | Retention and Use Period of Personal Information |
Google Inc. | googlekrsupport@google.com | Payment information, ad response ID, log analysis, and online advertising performance tracking | United States | Transmission via network during service use | Until membership withdrawal or termination of the outsourcing agreement |
Apple Inc. | ent_kr@apple.com | Payment information, ad response ID, log analysis, and online advertising performance tracking | United States | Transmission via network during service use | Until membership withdrawal or termination of the outsourcing agreement |
Facebook | korealocalagent@support.facebook.com | Ad response ID, log analysis, and online advertising performance tracking | United States | Transmission via network during service use | Until membership withdrawal or termination of the outsourcing agreement |
Amazon Web Services, Inc.
| aws-korea-privacy@amazon.com | Service usage records or collected personal information | Republic of Korea (AWS Seoul Region) | Transmission via network during service use | Until membership withdrawal or termination of the outsourcing agreement |
Infobip Ltd. | data-protection-officer@infobip.com | Mobile phone number | Germany | Transmission via network during service use | Until membership withdrawal or termination of the outsourcing agreement |
Google Inc. | googlekrsupport@google.com | Service usage records or collected personal information | United States | Transmission via network during service use | Until membership withdrawal or termination of the outsourcing agreement |
Kochava Inc. | Collection and statistical analysis of behavioral information | United States | Transmission via network during service use | Until membership withdrawal or termination of the outsourcing agreement |
•
Users may refuse the overseas transfer of their personal information by contacting the Personal Information Protection Officer or the relevant department. However, if the overseas transfer is essential for the provision of certain services, refusal may result in restrictions on the use of those services.
12. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
1.
The Company uses cookies to store and retrieve user information from time to time in order to provide personalized and customized services.
Cookies are small data files that are sent to the user's browser when operating a website and are stored on the user's device (such as a PC).
When the user revisits the website, the server uses the stored cookies to maintain the user's settings and provide customized services.
2.
Cookies do not automatically collect information that directly identifies an individual, and users may refuse or delete cookies at any time.
However, if the storage of cookies is refused, some services may be limited.
3.
The method for setting cookie permissions is as follows (based on Internet Explorer):
① Select [Tools] → [Internet Options] from the top menu
② Click on the [Privacy] tab
③ Set the level of privacy settings to choose whether to allow cookies
13. Technical and Administrative Measures to Protect Personal Information
The Company implements the following technical and administrative measures to protect users' personal information safely:
1.
Technical Measures
•
The Company applies security features to personal information in accordance with applicable laws and internal policies.
•
To prevent damage from computer viruses, antivirus programs are installed and operated, and they are regularly updated to respond to the latest security threats.
•
Personal information is securely stored and managed, and when transmitted over the network, security measures such as encryption are applied.
•
To prevent personal information leakage due to external intrusions (such as hacking), the Company operates intrusion prevention and detection systems and performs 24-hour monitoring.
2.
Administrative Measures
•
Access rights to systems that store and process personal information are strictly managed by establishing criteria for granting, changing, and revoking access, and strict policies for password setting and modification are enforced.
•
Employees handling personal information are minimized, and regular training is conducted to ensure compliance with internal policies and relevant laws.
14. Contact Information for the Personal Information Protection Officer
The Company has designated a Personal Information Protection Officer to promptly and faithfully handle inquiries and complaints related to the protection of users' personal information.
If you have any questions regarding personal information while using the Service, please contact us at the details below.
1.
Personal Information Protection Officer
•
Name: Jin-Hwan Kim
•
Position: CEO
•
Phone: +82-2-2294-0407
•
Email: help@april7.co.kr
2.
Personal Location Information Protection Officer
•
Name: Jin-Hwan Kim
•
Position: CEO
•
Phone: +82-2-2294-0407
3.
Other External Contact Points
•
If you need to report or consult about a personal information breach, you may contact the following organizations:
◦
◦
Supreme Prosecutors’ Office Cyber Investigation Division (http://www.spo.go.kr / 1301 without area code)
◦
15. Others
1.
If the Company amends this Privacy Policy, it will notify users of the reason for the change and the effective date at least seven (7) days prior to the effective date via the Service.
However, if the changes significantly affect users' rights or obligations, the Company will provide prior notice at least thirty (30) days in advance.
2.
If users do not express any objection by the effective date after the Company has provided notice of the changes as described in Paragraph 1, they will be deemed to have agreed to the changes.
3.
If the Company intends to collect additional personal information or provide personal information to third parties, it will obtain separate consent from the users.
This Privacy Policy will take effect from May 12, 2025.