MIPPIA Privacy Policy
MIPPIA Inc. (hereinafter referred to as the "Company") establishes and discloses the following Privacy Policy to protect the personal information of members using MIPPIA services and all related services (collectively referred to as "Services") in accordance with relevant laws and to handle any related inconveniences promptly and smoothly.
1. Purpose of Processing Personal Information
The Company processes personal information for various purposes.
- Service Provision: Personal information is processed for the purpose of providing the Company's various services, including member and organization utilization, service provision, content provision, customized service provision, and API services.
- Complaint Handling: Personal information is processed for handling complaints such as requests for access to personal information, correction/deletion of personal information, and suspension of personal information processing.
- Marketing and Advertising: Personal information is processed for the purpose of providing customized advertisements, events, promotional information, and participation opportunities.
- Service Improvement and Development: Personal information is processed for the purpose of improving existing services and developing new and customized services.
- Paid Service Provision: Personal information is processed for the purpose of payment and settlement when purchasing and using paid services.
2. Items and Methods of Personal Information Collection
The Company collects the following personal information for service provision.
| Category | Items Collected | Purpose of Use |
|---|---|---|
| Required | Email, nickname, name, address, password, mobile phone number, country of residence | Identity verification and member management |
| Required | Files and links uploaded by members | Service provision and development |
| Optional | Contact email address, name, mobile phone number | Marketing activities such as event notifications and newsletter distribution |
| Automatically Collected | IP address, cookies, access logs, visit date/time, service usage records, fraudulent use records, payment records, API call frequency, usage, error codes, request patterns, inquiries | Service provision |
| For Payment | Card company name, card number, email, date of birth, business registration number, account holder name, account number, bank name, mobile phone number and carrier information | Paid payment processing |
The methods of collecting personal information are as follows.
When collecting personal information, the Company always informs users in advance and obtains consent, and collects personal information through the following methods:
- When users consent to the collection of personal information and directly enter information during membership registration and service use
- When collected through mail, telephone, etc. during consultation through customer service
- When participating in online/offline events and promotions (separate consent is obtained for marketing purposes)
3. Processing and Retention Period of Personal Information
- The Company processes and retains personal information within the retention/use period of personal information required by law or agreed upon when collecting personal information from the data subject.
- The Company destroys personal information without delay when the purpose of collection and use has been achieved. When a member withdraws from the service or loses eligibility, the collected member information is destroyed without delay even without a separate request. However, despite member withdrawal or loss of eligibility, the following information is retained for the reasons below:
- Until the end of investigation or inquiry in case of ongoing investigation or inquiry due to violation of relevant laws
- Until settlement of claims/debts remaining from service use
- To prevent fraudulent re-registration and service use when the Company terminates the service agreement according to the Terms of Service
- When preservation is required by the provisions of relevant laws such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, the Company retains member information for the period specified in the relevant laws.
3-1. Retention Periods According to Laws
| Retention Items | Legal Basis | Retention Period |
|---|---|---|
| Service usage-related personal information (log records) | Protection of Communications Secrets Act | 3 months |
| Records on contracts or withdrawal of subscription | Act on Consumer Protection in Electronic Commerce | 5 years |
| Records on payment and supply of goods | Act on Consumer Protection in Electronic Commerce | 5 years |
| Records on consumer complaints or dispute resolution | Act on Consumer Protection in Electronic Commerce | 3 years |
| Records on display and advertising | Act on Consumer Protection in Electronic Commerce | 6 months |
| All transaction books and supporting documents as required by tax law | Framework Act on National Taxes | 5 years |
4. Provision of Personal Information
The Company uses members' personal information within the scope disclosed in the collection and purpose of personal information and does not use it beyond this scope or disclose customers' personal information to third parties without prior consent. However, exceptions are made in the following cases:
- When required by law or when there is a request from an investigative agency following procedures and methods prescribed by law for investigation purposes
5. Entrustment of Personal Information Processing
- Analytics Tools: Google Analytics, Amplitude, Fullstory
- Payment Services: Portone, Toss Payments, PayPal
- Infrastructure Operations: Google Cloud Platform, Naver Cloud Platform
Contracts for compliance with the Personal Information Protection Act are concluded with all trustees, and the scope of entrustment is minimized.
6. Destruction of Personal Information
Personal information is destroyed without delay when the purpose of collection and use has been achieved, and the procedures and methods are as follows:
- Destruction Procedure: The Company selects personal information for which destruction reasons have occurred and destroys personal information with the approval of the Company's personal information protection officer. If personal information must continue to be preserved according to other laws despite the expiration of the retention period agreed upon by the data subject or the achievement of the processing purpose, the relevant personal information is transferred to a separate database (DB) or stored in a different location.
- Destruction Method: Information in electronic file format is destroyed using technical methods that prevent the records from being reproduced. Personal information printed on paper is destroyed by shredding or incineration.
7. Rights and Obligations of Data Subjects and Legal Representatives
- Data subjects may exercise the following personal information protection-related rights against the Company at any time:
- a) Request for access to personal information
- b) Request for correction in case of errors
- c) Request for deletion
- d) Request for suspension of processing
- The rights under Paragraph 1 may be exercised against the Company in writing, by telephone, email, FAX, etc., and the Company will take action without delay.
- The rights under Paragraph 1 may be exercised through a legal representative of the data subject or an authorized agent. In this case, a power of attorney confirming the authorization to the agent must be submitted.
- Data subjects must not infringe on the personal information and privacy of themselves or others being processed by the Company in violation of the Personal Information Protection Act and other relevant laws.
8. Measures to Ensure the Safety of Personal Information
The Company takes appropriate technical, administrative, and physical measures necessary to ensure the safety of users' personal information against loss, theft, falsification, alteration, or damage in accordance with Article 29 of the Personal Information Protection Act.
- Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
- Technical Measures: Technical countermeasures against hacking, encryption of personal information, storage of access records and prevention of falsification, etc.
- Physical Measures: Access control to server rooms, data storage rooms, etc.
9. Changes to the Privacy Policy
The Company may revise this Privacy Policy in accordance with changes in relevant laws, service content, and internal policies.
- Obligation to Notify Changes: When the Privacy Policy is changed, the Company will notify at least 7 days before the effective date.
- Notice Regarding Continued Consent: If users continue to use the service after the revision of the Privacy Policy, they are deemed to have agreed to the revised Privacy Policy.
However, if matters requiring separate consent under the law are included, the Company will obtain additional consent from users.
10. Personal Information Protection Officer
The Company designates a personal information protection officer as follows to be responsible for overseeing personal information processing and to handle user complaints and remedy damages related to personal information processing.
Personal Information Protection Officer
- Name: Chanho Oh
- Position: CEO
- Email: och@mippia.com
If you need to report or consult about personal information infringement, you may contact the following organizations:
- Personal Information Infringement Report Center (118 without area code)
- Supreme Prosecutors' Office Cyber Investigation Division (1301 without area code)
- National Police Agency Cyber Bureau (182 without area code)
11. Supplementary Provisions
Effective Date
This Privacy Policy is effective from December 7, 2025.