Privacy Policy for SDKs

Buzzvil Co., Ltd., (Hereinafter, the “Company”) considers the personal information of users to be very important. This Privacy Policy sets forth in detail the main policies for protecting personal information that are applied to the data that the Company collects through Buzzvil's advertising network business (the “Business”).

1. Data to be collected and collection method

The Company does not collect or store personal information that can be used to identify a specific individual, including, but not limited to, name, phone number, email, and health status.
The Company automatically collects the following anonymous data during the course of business to achieve the purposes of use as specified in Article 3. Some information is collected directly with user consent.

- Device identifiers defined as non-personal data, such as point affiliates' user identifiers, Google advertising IDs (GAID), Android IDs, advertiser identifiers (IDFA), vendor identifiers (IDFV), cookies, etc., as well as IP addresses and package lists
- Gender, birth year, local information, language used, device manufacturer, device name, carrier used, OS version, user agent, resolution, time zone, service usage record, WIFI connection status, etc.

3. Purposes of use

The Company uses the collected data for the following purposes:
- For posting customized, interest-based advertising based on the inferred interests and preferences of individuals, and for analyzing advertising effects;
- For responding to requests for customer support and solving any customer support problems accurately;
- For limiting the number of impressions of posted advertisements (to prevent users from viewing the same advertisement multiple times), tracing conversions (to allow users to receive points for the advertisements they have participated in), reporting, securing and defecting fraud; and
- For improving other business.

4. Data sharing with third parties

In principle, the Company does not provide user information to third parties without prior consent. However, data may be shared for the smooth business operation of the Company and compliance with related laws as follows:
- Sharing with advertisers and affiliates for the purpose of measuring advertisement performance, making settlements, providing customized advertisements or responding to customer services
- The request of an investigative agency under the procedures and methods prescribed by law

5. Data security and storage

The Company considers the security of customer information to be very important. The Company secures data through industry-standard security measures, including the use of firewalls and encryption, and retains data for as long as it is required for any of the below.
- To complete the provision of customer support services
- To comply with applicable legal and regulatory obligations
- To prevent unauthorized use or abuse by unauthorized businesses and re-registration of illegal members
- To present such data in disputes between users or other disputes

6. Other important information

- The Company does not collect data on children aged 13 or under, and does not targeting those aged 13 or under with advertisements.
- If you have any questions about this Privacy Policy, please contact us using the contact information below.

Email: contact@buzzvil.com
Address: 3F, Daelim Building, 272 Seokchonhosu-ro, Songpa-gu, Seoul, Republic of Korea

7. Amendments to the Privacy Policy

The Company may amend this Privacy Policy for various reasons, including for improving procedures for handling the personal information of users, for reflecting changes to the Company's business, or for complying with relevant laws and regulations. If the Company amends this Privacy Policy, the Company will notify users of such amendment through the Business‘s services or by using other reasonable means 7 days of more before the effective date of the amendment. However, if there is any important change in the rights or obligations of users, the Company will notify user of such change no less than 30 days before it goes into effect. <Announced on October 5, 2020 (Enforced on October 5, 2020)>

Appendix to the Privacy Policy for Korean Users

The Company provides the Privacy Policy to transparently provide what data of users is collected, how such collected data is used, with whom the data is shared (“consignment” or “provision”) if necessary and when and how data that have achieved its purpose of use is destroyed. In addition to general content and principles, this Appendix provides information on additional matters required by the information protection-related regulations of the Republic of Korea.

1. Consignment of personal information handling

The Company consigns personal information to improve business quality as follows and required matters are set forth to safely manage personal information subject to consignment agreements in accordance with relevant laws and regulations:
The consignment agency for handling personal information and the consignment content of the Company shall be as follows:
- Consignee: AWS
- Consignment content: Operation and management of the cloud server

2. Period of retention and use of personal information

The Company retains and uses collected information only for the period required to provide business services. However, information that must be kept according to relevant laws and regulations (not limited to the examples below) will be retained for the period specified by the relevant laws and regulations and shall be used within the scope of the purpose.

A. Subscriptions and management of business members
- Subscription information of members
  - Purpose of retention: To prevent re-subscription after withdrawal of members who have lost their qualification
  - Retention period: 30 days
- History of measures taken against illegal use by members
  - Purpose of retention: To prevent the recurrence of malicious use by members
  - Retention period: 6 months
- In the case of any of the following reasons, until the termination of the reason
  - In the case of an investigation or inspection for violations of related laws and regulations, until the investigation or inspection is closed
  - In the case of a remaining claim and obligation relationships resulting from the use of the Business, until the settlement of such relationship
B. Provision of goods or services
- Records on contract or subscription withdrawal
  - Ground for retention: Act on the Consumer Protection in Electronic Commerce, Etc
  - Retention period: 5 years
- Records on payment and supply of goods
  - Ground for retention: Act on the Consumer Protection in Electronic Commerce, Etc.
  - Retention period: 5 years
- Records on consumer complaints or dispute handling
  - Ground for retention: Act on the Consumer Protection in Electronic Commerce, Etc.
  - Retention period: 3 years
- Records related to use for the Business
  - Ground for retention: Protection of Communications Secret Act
  - Retention period: 3 months

3. Matters concerning the installation, operation and rejection of automatic personal information collection devices

- The company automatically collects the information specified in Article 2 of this text to achieve the Purposes of use specified in Article 3 of this text.
- If the user refuses the automatic collection of the information, he or she may be restricted from the use of the company‘s services.

4. Analysis of business use records

The Company uses advertising identifiers of users and analysis software to provide suitable and more useful services to users.

Advertising identifiers may be rejected or reset to prevent them from being used for interest-based advertising by changing the settings of the device to a non-persistent and non-personal identifier, such as an Android advertising ID or Apple advertising ID, and this cannot be not used to connect with personal information or identify individuals.

Analysis software is used to analyze information that is automatically generated when a user visits a website or uses a mobile service, and it may be refused by the user.

- Rejecting the collection of advertising identifiers
  - For Android [Settings -> Google -> Ads] or [Settings -> General -> Account & Sync -> Google -> Personal Information and Protection of Personal Information->Advertising Settings]

5. Destruction of personal information

- When personal information becomes unnecessary due to the expiration of the personal information retention period and the achievement of the processing purpose, the Company destroys the personal information without delay in such a way that it cannot be recovered or reproduced.
- If the personal information retention period for which the Company has obtained consent from its members expires, or if the personal information must be retained in accordance with relevant laws and regulations despite the achievement of the purpose of use, the personal information may be transferred to separate database (DB) or retained in a different storage location.
- The procedure and method of destroying personal information are as follows:

Destruction procedure
The Company selects personal information which has been slated for destruction and destroys it.
Destruction method
The Company takes the following measures when completely destroying (by incineration or shredding), deleting or destroying part of the personal information with a dedicated device or when it is difficult to destroy the personal information by using said methods:
- In the case of electronic files: After deleting the personal information, managing and supervising to prevent recovery and playback
- In the case of other records, prints, documents, or other recording media: Deleting the relevant part by masking or punching

6. Members' rights, duties and exercise method

- Members and their legal representatives (if the member is a child under the age of 14) may inquire, or request to modify or terminate the subscription of their own registered personal information or that of children under the age of 14 at any time with the privacy manager. (The name, contact information and email of the privacy manager must be written.)
- Inquiries and requests for the modification of the personal information of members and their legal representatives may be made to the privacy officer of the Company in writing or by telephone, e-mail, fax, etc., and the Company takes measures without delay upon receipt thereof.
- If a member requests the correction of an error in her or her personal information, the Company shall not use said personal information or provide it to a third party until the correction is completed. In addition, if incorrect personal information has already been provided to a third party by the Company, the Company will promptly notify the third party of the correction so that the correction can be made.

7. Measures to secure the safety of personal information

The Company has established and applies technical and administrative measures to protect its customers‘ personal information.

- Technical measures
  The Company takes the following technical measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged in handling customers' personal information:
  - The personal information of customers is protected by a password, and important data is protected through a separate security function such as encrypting files and transmission data or using a file lock.
  - The Company uses anti-virus programs as a measure to prevent damage caused by computer viruses.
  - Anti-virus programs are updated regularly, and if a virus appears suddenly, a solution is provided as soon as it is available to prevent personal information from being breached.
  - The Company employs a security device (SSL) that can securely transmit personal information over the network using a cryptographic algorithm.
  - In preparation for external intrusions, such as hacking, the Company uses an intrusion prevention system and a vulnerability analysis system for each server to ensure security.
- Administrative measures
  The Company restricts access to its customers‘ personal information to a minimum number of people. Those who fall under the minimum number of people are as follows:
  - Those who perform marketing directly to users;
  - Those, such as privacy officers and privacy managers, who perform personal information management tasks; and
  - Those who are inevitable for the handling of personal information for other business purposes.
  - Regular in-house training and outsourced training are provided for employees who handle personal information on the acquisition of new security technologies and obligations to protect personal information.
  - The Company has established internal procedures to prevent new employees from leaking information, such as by receiving a security pledge from those in charge of personal information and auditing implementation and compliance with the Privacy Policy.
  - The transfer of work of personal information-related handlers is carried out thoroughly while security is maintained and responsibility for personal information accidents after joining and leaving the Company is clarified.
  - Personal information and general data are not mixed but are stored separately.
- Physical measures: Access control to the computer room, data storage room, etc.

8. Information on Privacy Officers

- The Company designates a privacy officer responsible for the handling of personal information as follows in order to handle complaints and compensation for members related to the handling of personal information:
  - Privacy Officer
    - Name: Joo-eun Seo
    - Position: Chief Privacy Officer
    - Contact: contact@buzzvil.com
  - Privacy Manager
    - Name: Tae-kyu Lee
    - Position: Manager
    - Contact: contact@buzzvil.com

buzzvil