Graphic Privacy Policy

1. Privacy Policy

Graphic Co., Ltd. (hereinafter referred to as the “Company”) complies with the Personal Information Protection Act and related laws to protect the freedom and rights of data subjects, processes personal information lawfully, and manages it securely. Accordingly, this Privacy Policy is established and disclosed to guide the procedures and standards for processing personal information and to ensure that related complaints can be handled promptly and smoothly.

2. Items Collected and Purpose of Use

The Company processes the following personal information items:

3. Retention and Use Period of Personal Information

1. In principle, the Company destroys users’ personal information without delay when membership is withdrawn or the purpose of use is achieved. However, in the following cases, the Company safely retains personal information for the specified period:
   1. If separately agreed upon by the user for a specific retention period
   2. Authentication codes collected for identity/age verification: Retained for 1 year from verification date
   3. Guardian information (excluding submitted documents): Retained until service termination by the child or upon adulthood
   4. ID retention to prevent fraudulent use: Retained for 6 months after withdrawal
2. In the following cases, information is retained until the expiration of the legal period:
   1. Act on Consumer Protection in Electronic Commerce
      1. Records on contracts or withdrawal of offers: 5 years
      2. Records on payment and supply of goods: 5 years
      3. Records on consumer complaints/dispute resolution: 3 years
   2. Protection of Communications Secrets Act
      1. Login records: 3 months
   3. International Contract Act, Corporate Tax Act
      1. Books and supporting documents for all transactions required under tax law: 5 years

4. Handling of Personal Information of Children Under 14

1. When collecting personal information of children under 14, the Company obtains consent from the legal guardian and collects only the minimum required information.
   • Required: Guardian’s name, date of birth, relationship with child, phone number
2. The Company may request minimal guardian information (name, contact, etc.) and verifies consent by one of the following methods:
   • Consent marked on a website, verified via guardian’s SMS
   • Consent marked on a website, verified via guardian’s credit/debit card info
   • Consent marked on a website, verified via guardian’s mobile phone authentication
   • Consent form issued directly, by mail, or fax with signed return
   • Consent email exchange
   • Telephone verification and reconfirmation call
   • Other equivalent methods

5. Provision to Third Parties

1. The Company provides personal information to third parties only with consent, special provisions of law, or other legal grounds under Articles 17 and 18 of the Personal Information Protection Act.
2. The Company may provide personal information to investigative agencies without consent if required by law.

6. Outsourcing and Overseas Transfer

(1) For smooth personal information processing, the Company outsources operations to overseas providers as follows:

(2) The Company specifies responsibilities such as prohibition of use beyond scope, technical/administrative safeguards, restrictions on re-outsourcing, management/supervision, and compensation in contracts, and supervises safe processing.

(3) If details or consignees change, the Company will disclose through this Policy without delay.

7. Destruction of Personal Information

1. The Company destroys personal information without delay once retention period ends or purpose is achieved.
2. If retention is legally required, the information is moved to a separate DB or stored separately.
3. Destruction procedure and method:
   1. Procedure
      • Selected and approved by Privacy Officer before destruction.
   2. Method
      • Electronic files: deleted irreversibly; Paper: shredded or incinerated.

8. Rights of Users and Legal Guardians

1. Users and guardians may request access, correction, deletion, suspension, etc. by written request, phone, or email. The Company will respond without delay, unless restricted by law.
2. Users may withdraw consent by terminating service or membership withdrawal at any time.
3. Requests can be made via representatives; the Company verifies requester identity or authority.

9. Use of Cookies

The Company uses cookies to provide customized services. Cookies are small data sent from the server to the user’s browser, stored on the user’s device.

1. Purpose
   • Analyzing visits and behaviors for optimized information and ads.
2. Installation/Refusal
   • Users may refuse cookies via browser settings (methods vary by browser).
   • Refusal may limit some login-required services.

10. Safeguards

The Company implements the following safeguards:

1. Administrative: Internal management, access control, record-keeping, employee training.
2. Technical: Access management, security systems, encryption, security software.
3. Physical: Restricted access to server/data rooms.

11. Privacy Officer

The Company appoints a Privacy Officer responsible for complaints and remedies.

Privacy Officer
Name: Sangwon Lee
Affiliation: Graphic
Email: graphic@graphic.fan
Phone: 070-4070-0204

Users may contact the Privacy Officer for inquiries, complaints, and remedies.

12. Remedies

Users may seek help from organizations such as the Personal Information Dispute Mediation Committee or KISA.

1. Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
2. KISA Privacy Center: 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)
4. Korean National Police: 182 (ecrm.cyber.go.kr)

13. Policy Changes

This Policy may be updated due to government policy or company needs. Additions/deletions will be announced without delay.

- Effective date: March 5, 2025