CPLABS Inc. (hereinafter referred to as the "Company") complies with all personal information protection laws and regulations, including the Information and Communications Network Act (hereinafter referred to as the "Information and Communications Network Act") and the Personal Information Protection Act, in relation to the collection of user personal information regarding the MYKEEPiN service (hereinafter referred to as the "Service").
Through this Privacy Policy, the Company informs users about how their personal information is processed, for what purposes, and the efforts the Company makes to protect personal information effectively and actively. This Privacy Policy may change according to changes in related laws or the Company’s operating policies.
Article 1. Collection of Personal Information Items and Collection Methods
1. Personal Information Collected
① The Company does not collect personal information for the use of the service. The service is a self-sovereign identity service where users directly store, manage, and submit their personal information, including certificates and identity information, on their own mobile devices in the form of user-owned data.
② Additional information may only be collected with the user’s explicit consent when using supplementary or customized services.
③ The following information may be automatically generated and collected during the service use process or business operations:
Service usage records, access logs, device unique numbers (device ID or IMEI), DID, gender, year of birth, IP address, device model name, and other device-related information necessary for providing the service.
However, if the user's personal information is collected for event prize delivery purposes, the user will be notified in advance, and consent will be obtained. Furthermore, this information will only be used for the service or purposes explicitly disclosed to the user and will not be used for any other purposes.
2. Methods of Collecting Personal Information
① Participation in online/offline events or activities
② Direct input of information by the user during service registration or use with consent to the collection of personal information
③ Information provided by partners
3. Items Accessed by the App when Using the Service
Category;Access Item;Basis for Use;Purpose of Access
Optional Access;Camera;Consent of the data subject;QR code scanning, identity card capture
Article 2. Retention, Use, and Disposal of Personal Information
1. The Company primarily stores personally identifiable information only on the user's mobile device and only stores non-identifiable attribute data (such as DID, authentication type, and authentication time) on the Wepublic Wallet service server.
2. If a user no longer wishes to use the service and uninstalls the app, the personal information stored on the device will be deleted.
3. In cases where retention of personal information is required by relevant laws, the Company may retain personal information for the period defined by those laws. In such cases, the Company will use the retained information only for the specified purpose and will delete it after the retention period defined by the law.
Records of visits: 3 months (Telecommunications Privacy Protection Act)
4. Methods of Disposal
Personal information stored in electronic file format will be deleted using technical methods that prevent recovery.
Article 3. Provision of Personal Information to Third Parties
The Company will use personal information only within the scope disclosed in the "Purpose of Collection and Use of Personal Information" section of this Privacy Policy or as specified in the service terms and conditions. The Company will not use personal information beyond this scope or provide it to third parties, except in the following cases where user consent is obtained or as allowed by law.
1. Telecommunications Providers
① Recipients: SK Telecom, KT Corporation, LG Uplus
② Purpose of Use: Prevention of fraudulent use through identity verification (certificate issuance/renewal/deletion, service provision)
③ Personal Information Provided: Mobile phone number, name, date of birth, gender, CI
④ Retention and Use Period: Until the app is deleted (Information is encrypted and stored on the user's device; the service does not store personal information)
2. Using Institutions
① Recipients: Institutions selected by the user to verify the consistency of the user’s electronic signature information and verification data using the certificate issued by the Company.
② Purpose of Use: Use of certificate service, prevention of fraudulent use through signer identification, member identification, and customer service.
③ Personal Information Provided: Mobile phone number, name, date of birth, gender, telecom provider information, user identifier (CI).
④ Retention and Use Period: Until the app is deleted (Information is encrypted and stored on the user's device, and the service does not store personal information. However, information may be retained for the period required by relevant laws.)
3. Agencies
① Recipients: Agencies or intermediaries that provide or facilitate certification tasks, such as certificate signing and related services, under an agency or partnership agreement with the "Company," or that mediate services between the "Using Institutions" and the "Company" for the provision of the "Service."
② Purpose of Use: Intermediation of certificate services.
③ Personal Information Provided: Mobile phone number, name, date of birth, gender, telecom provider information, user identifier (CI), certificate information.
④ Retention and Use Period: Until the app is deleted (Information is encrypted and stored on the user's device as a certificate, and the service does not store personal information. However, if required by relevant laws, the information may be retained for the period specified by law.)
Third-Party Disclosure Overview
Galaxia Money Tree Co., Ltd., ComicsV Co., MagicEq, Kookon Co., MYKEEPiN Wallet
※ Specific details regarding each recipient and purpose are available for review.
Article 4. Rights and Obligations of the Data Subject and How to Exercise Them
1. Users have the right to view, modify, or request the deletion of their personal information, as well as request the termination of membership, at any time.
2. When users modify their personal information, the updated information will be immediately reflected on the user's device. Additionally, if the personal information has been provided to third parties, the modifications will be updated for them as well.
Article 5. Installation, Operation, and Rejection of Automatic Collection Devices
Cookies are small text files sent by the service's server to the user's device and stored there. Cookie information is used solely for device identification purposes and does not identify individual users.
Purpose of Using Cookies
The Company uses cookies to provide personalized services by storing and retrieving user information. Additionally, the data is used to analyze the frequency of visits or usage time, track preferences and interests, and target marketing.
Refusing Cookie Collection
Users can limit the storage of cookies by configuring their browser options. On mobile apps, users can disable personalized ads as follows:
1. Android: Settings > Google Settings > Ads > Disable "Opt Out of Personalized Ads"
Article 6. Technical and Administrative Measures for the Protection of Personal Information
The Company implements the following technical and administrative measures to ensure the security of personal information and prevent loss, theft, leakage, alteration, or destruction.
1. Service Security
① Access to the service is secured through biometric authentication or PIN code authentication. The private key used for coin transactions is securely stored in the device's Secure Enclave (S.E.), ensuring high security.
2. Measures Against Hacking
① Personal information is stored only on the member's device and can be accessed only with the member's consent.
3. Minimization and Training of Personnel
① The Company limits the handling of personal information to authorized personnel, who are assigned unique passwords that are regularly updated. Personnel undergo regular training to ensure compliance with the Privacy Policy.
Article 7. Privacy Protection Officer and Remedies for Rights Violations
1. Privacy Officer and Department
The Company has designated a Privacy Officer to oversee personal information processing, handle user complaints, and provide remedies related to personal information processing.
Phone: 1899-9942 (Excluding lunch hours, weekends, and public holidays)
2. Remedies for Privacy Violations
Users can request dispute resolution or consultations regarding personal information violations from the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency (KISA) Personal Information Infringement Report Center, or other relevant agencies.
Any additions, deletions, or modifications to this Privacy Policy will be announced at least 7 days prior to implementation via the service or website.