Privacy Policy
FireX Co., Ltd. (hereinafter referred to as "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to handle related grievances promptly and smoothly.
Effective Date: January 1, 2025
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be implemented, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
- Service Provision: Personal information is processed for the purpose of providing menu information, content, and customized services.
- Push Notification Service: Push notification tokens are processed for the purpose of delivering menu update notifications and announcements.
- Service Improvement: Personal information is processed for the purpose of analyzing service usage statistics, improving services, and developing new services.
Article 2 (Processing and Retention Period of Personal Information)
(1) The Company processes and retains personal information within the period of retention and use of personal information pursuant to laws and regulations or the period of retention and use of personal information agreed upon when collecting personal information from the data subject.
(2) The processing and retention periods for each type of personal information are as follows:
- Service Usage Records: Until termination of service use
- Push Notification Tokens: Until app deletion or notification opt-out
- Access Logs: 3 months (pursuant to the Protection of Communications Secrets Act)
Article 3 (Items of Personal Information Processed)
The Company processes the following items of personal information:
- Required Items: None (service available without registration)
- Optional Items: Push notification token (when notification consent is given)
- Automatically Collected Items: IP address, cookies, service usage records, visit records, device information (OS version, app version)
Article 4 (Provision of Personal Information to Third Parties)
(1) The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases that fall under Articles 17 and 18 of the Personal Information Protection Act, such as consent of the data subject or special provisions of laws.
(2) The Company does not currently provide personal information to third parties.
Article 5 (Entrustment of Personal Information Processing)
(1) The Company entrusts personal information processing as follows for smooth personal information handling:
| Trustee | Entrusted Tasks |
|---|---|
| Expo (Expo.dev) | Push notification delivery |
| Vercel Inc. | Web service hosting and data storage |
| Cloudinary | Image storage and delivery |
(2) When concluding entrustment contracts, the Company specifies in documents such as contracts matters concerning prohibition of processing personal information beyond the purpose of entrusted work, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of trustees, and liability for damages, in accordance with Article 26 of the Personal Information Protection Act, and supervises whether trustees process personal information safely.
Article 6 (Procedures and Methods for Destruction of Personal Information)
(1) The Company destroys personal information without delay when personal information becomes unnecessary, such as the expiration of the retention period or achievement of the purpose of processing.
(2) If personal information must continue to be preserved pursuant to other laws despite the expiration of the retention period agreed upon by the data subject or the achievement of the purpose of processing, the personal information is moved to a separate database (DB) or stored in a different storage location.
(3) The procedures and methods for destroying personal information are as follows:
- Destruction Procedure: The Company selects personal information for which destruction grounds have occurred and destroys the personal information with approval from the Company's personal information protection officer.
- Destruction Method: Information in electronic file format is destroyed using technical methods that prevent record regeneration.
Article 7 (Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercising Them)
(1) Data subjects may exercise rights such as requesting access to, correction, deletion, or suspension of processing of personal information against the Company at any time.
(2) The exercise of rights under Paragraph 1 may be made to the Company in writing, by email, or by fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
(3) The exercise of rights under Paragraph 1 may be made through a legal representative of the data subject or an authorized agent. In this case, a power of attorney according to Form No. 11 of the "Notice on Methods of Processing Personal Information (No. 2020-7)" must be submitted.
(4) Requests for access to and suspension of processing of personal information may be restricted pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
Article 8 (Measures to Ensure Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information:
- Minimization and Training of Employees Handling Personal Information: The Company designates employees who handle personal information and limits them to those in charge, minimizing the number of personnel managing personal information.
- Technical Measures Against Hacking: The Company installs security programs to prevent leakage and damage of personal information due to hacking or computer viruses, performs periodic updates and inspections, and installs systems in areas with controlled access from outside, monitoring and blocking technically and physically.
- Encryption of Personal Information: Users' personal information is stored and managed encrypted, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions.
- Storage and Prevention of Forgery of Access Records: Records of access to the personal information processing system are stored and managed for at least one year.
Article 9 (Matters Concerning Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
(1) The Company uses 'cookies' that store and retrieve usage information from time to time to provide individualized customized services to users.
(2) Cookies are small pieces of information sent by the server (http) used to operate a website to the user's computer browser and may be stored on the hard disk of users' PC computers.
- Purpose of Using Cookies: Used to identify visit and usage patterns of each service and website visited by users, popular search terms, secure connection status, etc., to provide optimized information to users.
- Installation, Operation, and Rejection of Cookies: You can refuse to store cookies by setting options in the Tools > Internet Options > Privacy menu at the top of your web browser.
- If You Refuse to Store Cookies: Difficulty in using customized services may occur.
Article 10 (Personal Information Protection Officer)
(1) The Company designates a personal information protection officer as follows to take overall responsibility for personal information processing and to handle complaints and damage relief of data subjects related to personal information processing.
Personal Information Protection Officer
Name: Jinwoo Cheon
Position: CEO
Contact: firexkorea@gmail.com
(2) Data subjects may contact the personal information protection officer regarding all personal information protection inquiries, complaint handling, damage relief, etc. arising from using the Company's services (or business). The Company will respond to and process inquiries from data subjects without delay.
Article 11 (Methods of Remedying Infringement of Rights)
Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive relief from personal information infringement. For other reports and consultations on personal information infringement, please contact the following organizations:
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
- National Police Agency: 182 (ecrm.cyber.go.kr)
Persons whose rights or interests have been infringed by disposition or omission by the head of a public institution in response to requests under Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may request administrative appeal as prescribed by the Administrative Appeals Act.
Article 12 (Changes to Privacy Policy)
This Privacy Policy is effective from January 1, 2025. Previous privacy policies can be found below.