4Grit (collectively, “Company”) values personal information of customers and does best to protect customers’ personal information. Company observes regulations that information and communication service providers shall observe including ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC., PERSONAL INFORMATION PROTECTION ACT, and ENFORCEMENT DECREE OF THE PERSONAL INFORMATION PROTECTION ACT. Company shall inform customers of how personal information is used in which way and purpose via Privacy Policy. If Company revises Privacy Policy, Company shall upload notice (or sending notification to each customer) in Website.

This Policy shall take effect on September 29, 2016.

Article 1. Agreement on Collection and Use of Personal Information

Company collects minimum amount of personal information only necessary in implementing service use contracts in a legal and fair way. Company provides customers with contents of personal information collection ∙ use when creating account and thinks customers agree on Article 1 when they click the checkbox next to “I agree to Terms of Service and Privacy Policy.”

Article 2. Personal Information Collected and Collection Method

Company collects the following personal information to provide services including signup, consultation, and service selection and implementation of contracts.

Collected information: email, encrypted password, phone number, company name Company may collect the following information required in payment on the payment period if customers attempt to use paid services.

– Collected information: Information (name) of customers with payment method, credit card Information, payment approval number

Company collects the following information to provide customers with consultation on service use inquiries.

– Collected information: name, company name (optional), email

The following information may be collected during using the service.

– cookies, service use record, visit history record, access log, access IP address, domain, name of website, event of page activity, etc.

Company collects personal information in the following way.

– Use of the home page and filling out of a form, consultation.
– Information is collected automatically when customers install or use scripts related to services provided by Company.

Company does not require personal information which may infringe basic human rights (race and ethnicity, ideology and doctrine, hometown and legal domicile, political orientation and criminal record, health status and sex life, etc.) and informs customers that Company shall not collect and use such information for any other purposes.

Article 3. Collection of Personal Information and Use Purpose

Company uses the collected personal information for the following purposes.

• Provide services

Provide services, calculate fees for paid services, provide contents, verify customer’s identity, send contracts and bills, and collect fees.

• Manage membership

dentify sign-up intent, verify customer’s identity for receiving membership service, identify individual customers, prohibit bad customers from illegal and unpermitted service use, verify individual’s identity upon limited implementation of verification system, keep records to be used for dispute settlement, resolve inquiries including complaints, and deliver notifications.

• Do marketing and commercials

Develop new services and provide customized services, provide event and promotional information as well as provide opportunity to engage in events, check efficiency of service, figure out access frequency, provide service and upload advertisement based on statistical features, and draw statistics on customers’ service use.

Article 4. Retention of Personal Information and Use Period

User’s personal information shall be deleted after being used for its purpose. User’s personal information is retained and used for services until users withdraw the membership (terminate service use contract). However, Company may retain collected information for the following prescribed purposes and period and shall not use for other purposes.

1. If there is any ongoing investigation · examination due to violation of related laws, Company retains the information until the ongoing investigation · examination is ended.

2. If Company has a debtor/debtee relationship with customers, Company retains the information until such relationship is completely cleared up.

3. Records on trades including mark · commercials, contracts and implementation of contracts based on [ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC.]

– Records on mark · commercials: 6 months

– Records on resolving customer complaints or disputes: 3 years

– Records on contract or subscription withdrawal: 5 years

– Record on making payment and providing goods and others: 5 years

4. Records on electronic financial transactions based on [ELECTRONIC FINANCIAL TRANSACTIONS ACT]: 5 years

5. Records on visiting the website based on [PROTECTION OF COMMUNICATIONS SECRETS ACT]: 3 months


Article 5. Onward Transfer of Personal Information to Third Parties

Company shall collect personal information of customers only within the range stated in collection and use of personal information. Company shall provide third parties with customers’ personal information only in cases applied to Article 17 and 18 of PERSONAL INFORMATION PROTECTION ACT including consent of information subject and special regulations in law.

Article 6. Right · Responsibility of Customer and Method of Exerting Right

Customers may search or modify their registered personal information and may request cancellation of subscription whenever necessary.

For exercise of right according to Paragraph 1 of Article 6, customers may exercise to Company based on Form 8 of Addendum of Enforcement Rules to Personal Information Protection Act via in writing, email, or facsimile (FAX) and Company will take immediate measure for the exercised rights by customers.

If customers want to search or revise their personal information, they need to click the button of “change personal information.” Click “membership withdrawal” to cancel subscription. Ccustomers may search, revise, or withdraw after user authentication.

Company shall not use or provide applicable personal information until Company completes correction after there are request for correction on error in personal information. However, exceptionally for the following cases, Company may open and correct personal information.

1. In a case that it has concern for damaging life, body, asset, or rights and interests of customers themselves or the third party

2. In a case that it has concern for having considerable impact on business of the related service providers

3. In a case that it violates laws

Customers may exercise their rights based on Paragraph 1 of Article 6 via their legal or entrusted representative. In the abovementioned case, customers shall submit a power of attorney according to Form 11 of Addendum of Enforcement Rules to Personal Information Protection Act.

Article 7. Installation, Operation, and Refusal to Automatic Personal Information Collecting Device

Cookies are character-string information (text files) stored in a web browser by a web server and sent back to the server when there are additional requests. After requests made, cookies are stored in the computer hard disk of customers.

Company installs and runs cookies storing and searching information of customers via the internet service. Information that Company collects via cookies is limited to unique number of customers and Company does not collect other information. The unqiue numbers collected via cookies may be used for the following purposes.

1. Provide customized service based on areas of interest of each customer.

2. Use for a targeted marketing by grasping tastes and areas of interest of users by analyzing access frequency or duration of both members and non-members.

3. Use for standards of service restructuring and others by tracking and analyzing which services that customers used. Customers can choose whether to accept cookies or not. Customers may allow to place all cookies on their computers by setting options in a web browser or going through confirmation whenever cookies are stored or may reject all cookies. If customers reject cookies, some services by Company may become unavailable.

Article 8. Onward Transfers of Personal Information

Company transfers personal information as follows to improve service. In case of onward transfer according to related laws, Company sets required items to safely manage personal information.Details on agency and content for transfer are as follows.

Content: agency for credit card payment
Period: until the transfer contract ends.

Article 9. How Company Deletes Personal Information

Company immediately deletes the collected information after using for its purpose based on its storage and use period. The information to delete, deletion procedures, and methods are as follows.

Deletion Procedure

Company stores and retains the personal information collected to provide applicable services for a certain period (refer to Article 4 Retention of Personal Information and Use Period) based on internal policy and other related laws for information protection and deletes after being used for its sole purpose.

Deletion Method

Company shred written forms or printed materials with personal information and technically delete electronic files which can never be replayed.

Article 10. Measurement of Securing Stability of Personal Information

Company takes technical/administrative and physical measures required to secure stability according to Article 29 of PERSONAL INFORMATION PROTECTION ACT.

Encryption of Personal Information

Company takes necessary measures to control access to personal information by provision, change, and deletion of access right to the database system processing personal information and controls unauthorized external access by using an infringement blocking system.

Stroage of Access Record and Prevention of Forgery

– Company retains and manages records of access to the personal information process system at least 6 months. Company uses security function to protect the access record from being forged, stolen, or lost.

Use of Locking System for Document Security

– Company keeps documents and auxiliary storage devices with personal information in a safe place with locking system.

Article 11. Revisions to Privacy Policy

– The current privacy policy is effective as of the enforcement date. If any addition, deletion, and revision is made on the privacy policy, changes will be notified on the home page at least seven (7) days before the revision.

Article 12. How to Recover Infringed Rights

– Customers may ask consultation to the following agencies on remedy for damage. As independent agencies to Company, if customers are not satisfied with Company’s dealing with complaints or remedies, they may ask for much detailed help.

Personal Information Dispute Mediation Committee ( / 82-1833-6972)
Personal Information Infringement Report Center of Korea Internet & Security Agency (KISA) ( / 82-118)
Cybercrime Investigation Division at Supreme Prosecutors’ Office (SPO) ( / 82-2-3480-2000)
Cyber Terror Investigation Section ( / 82-2-392-0330)
Personal Information Protection Mark Accreditation Committee ( / 82-2-580-0533~4)

Article 13. Manager Responsible for Personal Information

Company appoints managers responsible for overall personal information protection as follows to process and resolve complaints and damages of subjects of information in relation to process of personal information.
Manager Responsible for Personal Information

Name: Taejoon Park
Position: CEO
Contact: 82-10-2048-4397
Manager Responsible for Personal Information
Name: Inho Jung
Position: Leader of the part
Contact: 82-10-9954-3265