Privacy Policy

Dareun Inc. (Dookki Topokki) (hereinafter referred to as “Company”) is concerned with the personal information of users and complies with the laws related to personal information protection such as the Act on Promotion of Information and Communications Network Utilization and Information Protection Etc. and the Personal Information Protection Act.

The Company shall inform the user of the purpose and method of using the personal information provided by the user through the Privacy Policy, and what measures and efforts are made for the protection of personal information.

When the Company revises or changes the Privacy Policy, it shall notify the user through the website notice (or individual notice).

The Privacy Policy of the Company includes the following information:

1. Purpose and processing personal information and processed items,

2. Personal information processing and retention period,

3. Personal information consignment processing,

4. Provision of personal information to third parties,

5. Matters on rights and obligations and method of exercise thereof by the information subject,

6. Procedure and method of personal information discarding,

7. Matters on rejection of the installation and operation of the personal information automatic collecting device,

8. Measures on securing of safety of personal information,

9. Civil complaint service regarding personal information, and

10. Duty of notification

1. Purpose and processing personal information and processed items

The Company shall use the collected personal information for the following purposes. All information provided by the user shall not be used for any purpose other than that required for the following purposes, and the Company shall ask for the user’s prior consent if changes are made.

1.1. The Company shall collect personal information with the following methods:

A. Personal identification based on the opening of a franchise and application for start-up consultation, processing of the application, and securing communication channels, etc.

- Processed items: Name, mobile phone number, email address

B. Personal identification, counseling and complaint processing, proposals or suggestions for the use of the customer support services

- Processed items: Name, mobile phone number, email address

1.2. The purpose of processing personal information files registered and disclosed in accordance with Article 32 of the Personal Information Protection Act is as follows:

No.

Name of personal information file

Basis for operation

Purpose of processing

1

Franchise opening and start-up consultation application

Consent of the information subject

Personal identification, processing of the application, securing communication channels

2

Information registered for CS

Consent of the information subject

Personal identification, complaints and suggestions processing, deliver of notifications

2. Personal information processing and retention period

In principle, the Company shall immediately delete the personal information of the user when the purpose of collecting and using the personal information is achieved. However, according to the provisions of related laws such as the Commercial Code, the following cases shall be kept for exceptionally specified period.

No.

Name of personal information file

Basis for operation

Retention period

1

Franchise opening and start-up consultation application

Consent of the information subject

3 years

2

Information registered for CS

Consent of the information subject

3 years

3. Personal information consignment processing

The Company entrusts the following personal information processing tasks for smooth personal information processing.

Purpose

Trustee

Provided information

Respond to customer inquiries and requests for start-up consultation on the website service

Web Monster

Name, mobile phone number, email address

Send gift certificates to customers

Smartcon

Name, mobile phone number

4. Provision of personal information to third parties

The Company uses the user's personal information within the scope as stated in the purpose and processing and use of personal information and processed items and shall not use it beyond the scope or provide it to others, other companies or organizations.

However, the following items are provided to third parties for the prompt resolution of customer complaints and inquiries.

A. Purpose of provision: Prompt resolution of complaints and inquiries from the store

B. Recipient: Owner of the relevant franchise store

C. Provided personal information items: Name, email address, mobile phone number

D. Period of provision: Destroyed immediately upon the fulfillment of the purpose such as resolving complaints and inquiries

5. Matters on rights and obligations and method of exercise thereof by the information subject

5.1. Information subjects (or legal representatives, if the subject is below 14 of age) may exercise their right to access, correct, delete or suspend processing of personal information at any time.

5.2. The rights under Paragraph 1 can be exercised by submitting the completed Attached Form 8 of the Enforcement Rules to Personal Information Protection Act in writing or via email and fax, and the follow-up actions shall be taken immediately.

5.3. The rights under Paragraph 1 can be exercised through a proxy such as the legal representative of the information subject. In this case, the user must submit a power of attorney according to Attached Form 11 of the Enforcement Rules to Personal Information Protection Act.

5.4. The request of suspension of personal information viewing and processing may restrict the rights of the information subject as per Article 35 (5) and Article 37 (2) of the Personal Information Protection Act.

5.5. Requests for correction or deletion of personal information cannot be processed if the relevant information is required to be collected by other laws.

5.6. It shall be confirmed that the person making the request, such as a request for viewing, correction or deletion, or request for suspension of processing according to the right of the information subject, is himself or herself or a lawful representative.

6. Procedure and method of personal information discarding

In principle, the Company destroys the personal information without delay when the purpose of processing personal information is achieved. However, this shall not apply if it must be preserved under other laws. The procedures, deadlines and methods of destruction are as follows:

6.1. Method of discarding

A. Unnecessary personal information and personal information files are destroyed in accordance with the internal policy procedures under the responsibility of the CPO.

B. Personal information that has expired shall be destroyed without delay on the expiration date.

C. When the personal information file is no longer needed following the fulfillment of the purpose of processing the personal information file, abolishment of the service, or closing of the business, the personal information files shall be destroyed without delay from the date when the processing of the personal information is deemed unnecessary.

6.2. Method of destruction

A. For information in electronic form, use a technical method that cannot reproduce the record.

B. For personal information printed on paper, destroy by shredding or incineration.

7. Matters on rejection of the installation and operation of the personal information automatic collecting device

The Company does not use cookies that store and retrieve usage information from time to time in order to provide a personalized service to the users.

8. Measures on securing of safety of personal information

The Company takes the following technical, administrative and physical measures necessary to secure safety in accordance with Article 29 of the Personal Information Protection Act.

8.1. Administrative measures: Establishment and implementation of internal management plans, regular employee education, etc.

8.2. Technical measures: Access authorization control for personal information processing system, installation of access control system, encryption of unique identification information, installation of security programs

8.3. Physical measures: Access control to the data processing room and the data archive room

9. Civil complaint service regarding personal information

The Company appoints relevant departments and privacy officers as follows to protect personal information of the customers and to handle personal information-related complaints

A. Chief privacy officer: Do Keun Park, CEO

B. Privacy officer: Jung Sik Kim, Team Manager

- Team/Position: Future Growth Team/Team Manager

- Phone: 031-603-1607

- Email: kimjs@dookki.co.kr

You may report any personal information protection-related complaints arising from the use of the Company's services to the CPO or the responsible department. The Company shall promptly and fully respond to the report of the users.

To report or consult about other personal information infringement, please contact the following organizations.

1. Korea Internet & Security Agency (privacy.kisa.or.kr / 118 (without area code))

2. Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)

3. Supreme Prosecutors’ Office Cyber Crime Investigation Center (www.spo.go.kr / 1301 (without area code))

4. Korean National Police Agency Cyber Bureau (cyberbureau.police.go.kr / 182 (without area code))

10. Notification duty

Any additions, deletions, or modifications to the current privacy policy shall be notified through the Notice on the website at least seven (7) days prior to the revision.

- This policy shall be implemented starting May 1, 2019.