Privacy Policy

Privacy Policy for SMS, SNS Message Database Construction

Privacy Policy Statement

• ddai Inc. (hereinafter "ddai") values customer privacy and adheres to the 'Personal Information Protection Act' and related regulations to establish and comply with a privacy policy.
• The ddai's privacy policy (for SMS, SNS message database construction) may change due to legislative revisions, changes in government policies, or internal policy adjustments.
• Any revisions to dda's privacy policy will be announced through the ddai website (ai-dda.com) or via individual notice.
• Visitors are encouraged to regularly check the website for updates.

Section 1: General Principles

• Personal information refers to information related to a living individual, which includes name, social security number, etc., that can identify the individual (including information that can be easily combined with other information to identify the individual).
• ddai takes customer's privacy protection seriously, complying with the personal information protection regulations under the 'Personal Information Protection Act' and the 'Personal Information Protection Guidelines' established by the Ministry of Public Administration and Security.
• ddai's privacy policy is publicly accessible on our website for easy viewing at any time.
• ddai has established procedures for continuous improvement and revision of its privacy policy, including assigning version numbers to make it easy for customers to recognize changes.

Section 2: Collection of Personal Information

• Items Collected
  - Mandatory
  · Name, contact details, bank account number (for text provision payment)
  · Gender, age, residential area (city, county level), and text messages (SMS, KakaoTalk, Line, Twitter, etc.) chosen by the user to provide.
• Collection Methods
  - ddai collects personal information through user input on website forms and may collect some information via email in certain cases.

Section 3: Purpose of Collection and Use of Personal Information

• ddai collects personal information within the minimum necessary scope for the following purposes, to provide satisfactory services.
• However, sensitive personal information that may infringe upon the fundamental human rights of customers (such as race, ethnicity, beliefs, place of origin, political orientation, criminal record, health status, and sexual life) is not collected.

Section 4: Use, Provision, and Sharing of Personal Information

• ddai does not use or provide customers' personal information to others or other companies/organizations beyond the scope announced in Section 3 "Purpose of Collection and Use of Personal Information," except with the customer's consent or as permitted by relevant legal regulations. However, careful attention is given to the use and provision of personal information in the following cases:
  - In the event of a sale, merger, or acquisition where the rights and obligations of the service provider are fully transferred, we will provide detailed notice in advance about the legitimate reasons and procedures and offer customers the option to withdraw their consent.
  - Before providing or sharing customers' personal information with others, we will inform customers in advance about the recipient, the purpose of use by the recipient, the items of personal information to be provided or shared, and the rights to refuse consent and any disadvantages resulting from refusal of consent, and will seek their consent through email or in writing.
• Personal information can be provided without the customer's consent in the following cases, as permitted by relevant legal regulations:
  -For the fulfillment of contracts related to service provision.
  - As required by law or for investigative purposes according to the procedures and methods specified in the law.
  - When providing for statistical creation, academic research, or market surveys in a form that cannot identify specific individuals.

Section 5: Retention, Use Period, and Destruction of Personal Information

• ddai will promptly destroy customers' personal information once the purpose of its collection or the purpose for which it was provided is achieved. However, if there is a need to retain it for a certain period according to regulations such as the Telecommunications Secrets Protection Act and other related laws or internal policies, it will be retained for that period.
• Destruction Procedure and Method
  - Destruction Procedure: After the purpose is achieved, customers' personal information is transferred to a separate database and destroyed after a certain period of retention based on internal policies and other relevant legal reasons (refer to the retention and use period). This information will not be used for any purpose other than retention unless required by law.
  - Destruction Method: Personal information stored in electronic file format is deleted using technical methods that prevent the recovery of the records.

Section 6: Rights and Obligations of Users and Legal Representatives

• Customers have the right at any time to access, correct, delete, suspend processing, or withdraw consent for their registered personal information. Requests for access, correction, deletion, suspension of processing, or withdrawal of consent should be directed to the Personal Information Protection Officer or manager by letter, phone, or email. dda will promptly take action after verifying the individual’s identity.
• If a customer requests correction of erroneous personal information, ddai will not use or provide the personal information until the correction is completed. If incorrect information has already been provided to a third party, dda will notify the third party promptly of the correction to ensure it is made.
• Personal information requested to be deleted by a customer will be handled in accordance with the retention and use period of personal information collected by dda and other specified laws, and it will not be accessed or used for any other purposes.
• Customers are responsible for entering their personal information accurately to prevent accidental incidents. The customer is liable for any incidents resulting from inaccuracies in the information provided. If false information is entered, such as using someone else's information, membership may be terminated.
• Customers have the right to protect their personal information and the duty to protect themselves and not infringe on others' information. Customers should take care to prevent leaks of their personal information and avoid damaging others’ personal information, including in posts. Failure to fulfill these responsibilities may result in legal penalties.
• Protection of Minors' Personal Information
  - When collecting personal information from minors, ddai will obtain consent from their legal guardians beforehand, and will destroy the information immediately upon completion of the related task while managing the information diligently during the process.

Section 7: Personal Information Protection Officer

• ddai has designated officers to protect customers' personal information and to handle complaints and inquiries related to personal information.
• For reports of personal information breaches or for consultation, please contact the following institutions:
  - Personal Information Infringement Report Center (https://privacy.kisa.or.kr)
  - Supreme Prosecutors' Office, Advanced Crimes Investigation Division (www.spo.go.kr)
  - Cyber Security Bureau (http://cyberbureau.police.go.kr)

Section 8: Measures for Ensuring the Security of Personal Information

• ddai encrypts and manages critical personal information securely.
• Measures Against Hacking and Other Threats:
  - ddaㅑ makes every effort to prevent the leakage or damage of personal information due to hacking or computer viruses.
  - Data is regularly backed up to prepare for potential data breaches, and the latest antivirus software is used to prevent leakage or damage to personal information. Encryption techniques are also employed to securely transmit personal information over networks.
  - Intrusion prevention systems are utilized, and unauthorized access from external sources is controlled, along with employing all possible technical devices to secure system integrity.
• Minimization and Training of Handling Staff:
  - Access to personal information is limited to designated handlers, who are regularly given new passwords and undergo periodic training to manage personal information securely.
  - The transfer of duties involving personal information is conducted securely to ensure that responsibilities regarding personal information incidents are clear upon entry or departure of staff.
  - Computer rooms and data storage areas are designated as protected areas with strictly controlled access.
• Operation of a Dedicated Personal Information Protection Unit:
  - A dedicated internal personal information protection unit monitors compliance with protection measures and the conduct of personnel handling personal information, taking immediate corrective actions if problems are identified. However, ddai is not liable for any issues arising from a customer's negligence or problems on the internet.

Section 9: Notification of Changes to the Privacy Policy