[Persora] Privacy Policy of Persora

Persora ("the Service") complies with the "Personal Information Protection Act" and related laws to protect the freedom and rights of data subjects, process personal information legally, and manage it safely. In accordance with Article 30 of the "Personal Information Protection Act," this privacy policy is established and disclosed to guide data subjects regarding the procedures and standards of personal information processing, and to handle complaints related to personal information promptly and efficiently.

○ This privacy policy applies from September 24, 2024.

Article 1 (Purpose of Processing Personal Information, Collection Items, Retention, and Usage Period)

Persora processes personal information of data subjects as follows:

Purpose of Collection	Required Items	Optional Items	Retention and Usage Period
Service provision and improvement of service performance, algorithm enhancement	Development of new services (products), provision of customized services, algorithm enhancement	Usage information (input data and results)
Inquiries and complaint handling	Confirmation of complaints, notification for factual investigation, notification of results	Email	Contact information, consultation content

Article 2 (Provision of Personal Information to Third Parties)

Persora processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases falling under Articles 17 and 18 of the "Personal Information Protection Act," such as with the consent of the data subject or under special legal provisions.

Article 3 (Overseas Transfer of Personal Information)

Persora does not provide personal information to overseas businesses. However, for the purpose of performing contracts related to information and communication services and enhancing user convenience, personal information processing tasks are transferred abroad as follows:

Purpose	Items	Timing and Method	Retention Period	Company and Country	Contact Information
Data storage and system management	Usage information (input data and results), email, contact information, consultation content	Transferred via encrypted network upon service provision	Until withdrawal of consent or termination of the delegation contract, whichever occurs first	Google Firebase (FCM) / USA	-

Article 4 (Procedures and Methods for Destruction of Personal Information)

Persora will promptly destroy personal information when the retention period expires or when it is no longer necessary to retain it due to the fulfillment of its purpose.
If the retention period agreed upon by the data subject has expired, or the processing purpose has been fulfilled, but other laws require continued retention, the personal information will be transferred to a separate database (DB) or stored in a different location.
Procedures and methods for the destruction of personal information are as follows:
1. Destruction Procedure: Persora selects personal information for which the reason for destruction has occurred and destroys it with the approval of the person responsible for personal information protection.
2. Destruction Method: Personal information stored electronically will be deleted so it cannot be recovered, and paper documents containing personal information will be shredded or incinerated.

Article 5 (Rights and Obligations of Data Subjects and Methods of Exercise)

Data subjects have the right to request access, correction, deletion, or suspension of personal information processing regarding Persora at any time.
- For children under 14, requests regarding personal information must be made by a legal representative. Data subjects aged 14 or older may exercise their rights themselves or through a legal representative.
Rights can be exercised by submitting a written, email, or fax request to Persora in accordance with Article 41(1) of the Enforcement Decree of the "Personal Information Protection Act."
Rights may also be exercised by a legal representative or an authorized agent of the data subject. In such cases, a power of attorney must be submitted using the form specified in Annex 11 of the "Guidelines for Processing Personal Information."
Requests for access or suspension of processing may be restricted under Articles 35(4) and 37(2) of the "Personal Information Protection Act."