HONG-CHAN (hereinafter referred to as "the Company") values personal information and is committed to protecting it. Through this Privacy Policy, the Company aims to inform users about how the personal information provided by users is used and in what manner, and what measures are taken to protect personal information.

This Privacy Policy may be changed from time to time due to changes in government laws and guidelines or changes in the Company's internal policies. When changes are made, the revised Privacy Policy will be posted on the service pages provided by the Company.

Article 1 (Purpose)

HONG-CHAN (hereinafter referred to as "the Company") establishes this Privacy Policy (hereinafter referred to as "this Policy") to protect the information (hereinafter referred to as "personal information") of individuals (hereinafter referred to as "users" or "individuals") who use the services provided by the Company (hereinafter referred to as "Company services"), comply with relevant laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as "Information and Communications Network Act"), and to promptly and smoothly handle complaints related to the protection of personal information of service users.

Article 2 (Principles of Personal Information Processing)

1. In accordance with personal information-related laws and this Policy, the Company may collect users' personal information only within the scope necessary for the intended purpose.

Article 3 (Information for Membership Registration)

1. The Company collects the following information for users' membership registration for Company services:
   1. Required information: email address, user name

Article 4 (Personal Information Collection Methods)

1. The Company collects users' personal information through the following methods:
   1. Users directly entering their personal information into Company services
   2. Users entering their personal information through services other than the Company's website, such as applications provided by the Company
   3. OAuth input when registering/logging in with SNS accounts (Google, Kakao, Naver)

Article 5 (Use of Personal Information)

1. The Company uses personal information in the following cases:
   1. When necessary for Company operations, such as delivering announcements
   2. For service improvement for users, such as responding to usage inquiries and handling complaints
   3. To provide Company services
   4. To restrict usage of members who violate laws and Company terms, and to prevent and sanction acts that interfere with the smooth operation of services, including fraudulent use
   5. When necessary for service advertising and promotions

Article 6 (Retention and Use Period of Personal Information)

1. The Company retains and uses users' personal information for the period necessary to achieve the purpose of collecting and using personal information.
2. Notwithstanding the preceding paragraph, the Company retains service abuse records according to internal policies for up to one year from the time of membership withdrawal to prevent fraudulent registration and use.

Article 7 (Retention and Use Period of Personal Information According to Laws)

1. The Company retains and uses personal information according to relevant laws as follows:
   1. Information retained and retention period according to the Act on Consumer Protection in Electronic Commerce
   • Records regarding contracts or withdrawal of subscription: 5 years
   • Records regarding payment and supply of goods: 5 years
   • Records regarding consumer complaints or dispute resolution: 3 years
   • Records regarding display and advertising: 6 months
   2. Information retained and retention period according to the Protection of Communications Secrets Act
   • Website log record data: 3 months
   3. Information retained and retention period according to the Electronic Financial Transactions Act
   • Records regarding electronic financial transactions: 5 years
   4. Act on the Protection and Use of Location Information
   • Records regarding personal location information: 6 months

Article 8 (Principles of Personal Information Destruction)

1. In principle, the Company destroys relevant information without delay when personal information is no longer needed, such as when the purpose of personal information processing is achieved or the retention and use period has expired.

Article 9 (Personal Information Processing for Service Non-users)

1. The Company, in principle, notifies users in advance and destroys or separately stores personal information of users who have not used Company services for one year.
2. Personal information of long-term non-users is separately stored and kept securely, and notification to such users is sent to their email address at least 30 days before the separate storage processing date.
3. Long-term non-users who wish to continue using services before the Company separates the non-user database can simply log in to the service.
4. Long-term non-users can restore their accounts with their consent when they log in to the service.
5. The Company stores separately kept personal information for 4 years and then destroys it without delay.

Article 10 (Personal Information Destruction Procedure)

1. Information entered by users for membership registration is transferred to a separate database after the personal information processing purpose is achieved and stored for a certain period according to internal policies and information protection reasons under other relevant laws (refer to retention and use period) before being destroyed.
2. The Company destroys personal information for which destruction reasons have occurred through the approval process of the personal information protection officer.

Article 11 (Personal Information Destruction Methods)

1. The Company deletes personal information stored in electronic file format using technical methods that cannot reproduce records, and destroys personal information printed on paper through shredding or incineration.

Article 12 (Measures for Transmitting Marketing Information)

1. When the Company transmits commercial marketing information for profit purposes using electronic transmission media, it obtains explicit prior consent from users. However, prior consent is not required in any of the following cases:
   1. When the Company has directly collected contact information from recipients through transactional relationships for goods, and intends to transmit commercial marketing information for the same type of goods that the Company has processed and transacted with recipients within 6 months from the end of the transaction
   2. When a telephone solicitation seller under the "Door-to-Door Sales Act" verbally notifies recipients of the source of personal information collection and makes telephone solicitations
2. Notwithstanding the preceding paragraph, when recipients express their intention to refuse reception or withdraw prior consent, the Company does not transmit commercial marketing information for profit purposes and notifies the processing results of reception refusal and consent withdrawal.
3. When the Company transmits commercial marketing information for profit purposes using electronic transmission media, it specifically discloses the following matters in the marketing information:
   1. Company name and contact information
   2. Matters regarding the expression of intention to refuse reception or withdraw reception consent
4. When the Company transmits commercial marketing information for profit purposes using electronic transmission media, it does not take any of the following measures:
   1. Measures to avoid or interfere with marketing information recipients' refusal to receive or withdrawal of reception consent
   2. Measures to automatically create recipients' contact information such as phone numbers and email addresses by combining numbers, symbols, or characters
   3. Measures to automatically register phone numbers or email addresses for the purpose of transmitting commercial marketing information
   4. Various measures to conceal the identity of marketing information senders or advertising transmission sources
   5. Various measures to deceive recipients and induce replies for the purpose of transmitting commercial marketing information

Article 13 (Protection of Children's Personal Information)

1. To protect the personal information of children under 14 years of age, the Company allows membership registration only for users aged 14 and above.
2. Notwithstanding paragraph 1, when a user is a child under 14 years of age, the Company obtains consent for the collection, use, and provision of the child's personal information from the child's legal representative.
3. In the case of paragraph 2, the Company additionally collects the legal representative's name, date of birth, gender, duplicate registration confirmation information (ID), and mobile phone number.
4. The information in paragraph 2 is collected through the legal representative's email and other necessary information.

Article 14 (Personal Information Inquiry and Withdrawal of Collection Consent)

1. Users and legal representatives may inquire about or modify their registered personal information at any time and may request withdrawal of personal information collection consent.
2. To withdraw consent for the collection of their registration information, users and legal representatives must contact the Company through written communication, telephone, or email to the personal information protection officer or person in charge, and in this case, the Company must take action without delay.

Article 15 (Personal Information Changes, etc.)

1. Users may request correction of errors in personal information to the Company through the methods described in the preceding article.
2. In the case of the preceding paragraph, the Company does not use or provide personal information until correction of personal information is completed, and if incorrect personal information has already been provided to third parties, the Company promptly notifies third parties of the correction processing results to ensure correction is made.

Article 16 (Users' Obligations)

1. Users must keep their personal information up to date, and users are responsible for problems arising from inaccurate information input.
2. In case of membership registration using another person's personal information, user qualifications may be lost or punishment may be imposed according to relevant personal information protection laws.
3. Users are responsible for maintaining security of email addresses, names, etc., and cannot transfer or lend them to third parties.

Article 17 (Company's Designation of Personal Information Protection Officer)

1. To protect users' personal information and handle complaints related to personal information, the Company designates relevant departments and personal information protection officers as follows:
   1. Personal Information Protection Officer Name: Jieun Suh
   2. Email: help@hongchan-nihongo.com