Gruuz (gruuz.com, hereinafter referred to as the “Company”) complies with all applicable laws and regulations that information and communication service providers must adhere to, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Communications Secrets Protection Act, and the Telecommunications Business Act. The Company is committed to protecting user rights and interests by implementing a privacy policy in accordance with these legal requirements.
This Privacy Policy outlines the following:
- Personal information items collected and methods of collection
- Purpose of collection and use of personal information
- Retention and use period of collected personal information
- Procedures and methods for destroying personal information
- Sharing and provision of personal information
- Entrustment of collected personal information
- Rights of users and legal representatives and methods of exercising them
- Matters related to installation/operation and refusal of automatic personal information collection devices
- Technical/administrative measures related to personal information protection
- Personal information manager and person in charge
- Personal information-related reporting and dispute resolution
- Obligation to notify policy changes
1. Personal Information Items Collected and Methods of Collection
A. Items of Personal Information Collected
The Company collects the following personal information to provide services such as membership registration, service application, and customer consultation:
- Information Collected During Membership Registration
- Required: ID, password, name, mobile phone number, email
- Optional: Phone number (required for overseas members)
- Information Collected During Listing Registration
- Required: Name, ID
- Optional: Contact information (phone/mobile), display of registered contact information, message receipt preferences
- Information Collected During Paid Service Usage
- Credit Card Payments: Cardholder name, card company name, card number, card expiration date
- Bank Transfers: Bank name, account number, account holder name
- Mobile Payments: Subscriber name, mobile phone number, payment approval number
- Information Collected Automatically During Service Use
- IP address, cookies, visit timestamps, service usage records, improper usage records
B. Methods of Collecting Personal Information
The Company collects personal information using the following methods:
- Membership registration via website or written forms
- Service inquiries via phone, email, or consultation forms
- Automatic data collection through cookies and other tracking technologies
2. Purpose of Collection and Use of Personal Information
The Company collects and uses personal information for the following purposes:
- Provision of Services
- Fulfillment of service contracts, payment processing, service delivery, and identity verification
- Development of personalized services and statistical analysis
- Membership Management
- Identity verification, prevention of unauthorized access or fraudulent use, record-keeping for dispute resolution
- Marketing and Advertising
- Notification of promotions and events, delivery of customized advertisements
3. Retention and Use Period of Personal Information
The Company retains personal information only as long as necessary to fulfill the purposes outlined above, unless a longer retention period is required by applicable laws.
- Retention by Company Policy
- Fraudulent or improper usage records: Retained for 1 year
- Retention Required by Law
- Contract records: Retained for 5 years
- Payment and financial transaction records: Retained for 5 years
- Consumer complaints and dispute resolution records: Retained for 3 years
4. Procedures and Methods for Destroying Personal Information
- Destruction Procedures
- Personal information is moved to a separate database once its purpose is fulfilled and is destroyed after the legally required retention period.
- Destruction Methods
- Electronic files: Deleted using technical methods ensuring irrecoverability
- Paper records: Shredded or incinerated
5. Sharing and Provision of Personal Information
The Company does not disclose personal information to third parties except in the following cases:
- When the user has explicitly consented
- When disclosure is required by law or requested by a governmental authority
6. Entrustment of Collected Personal Information
The Company may entrust the processing of personal information to third-party service providers to enhance service quality.
- Entrusted Tasks: Data storage, payment processing, customer support
- Compliance: All third parties are bound by confidentiality agreements ensuring data protection.
7. User Rights and How to Exercise Them
Users or their legal representatives may view, correct, or request deletion of their personal information at any time.
- How to Exercise: Access the “Edit Member Information” or “Withdraw Membership” sections on the website.
The Company ensures prompt action on all user requests and notifies third parties if incorrect information has been shared previously.
8. Use of Cookies and Refusal
Cookies are used to enhance user experience and provide personalized services. Users may manage cookie preferences in their web browser settings. However, disabling cookies may affect the availability of certain services.
9. Technical and Administrative Security Measures
The Company employs industry-standard measures to protect user data, including but not limited to:
- Technical Security: Data encryption, intrusion prevention systems, and regular security audits
- Administrative Security: Access controls, staff training on data privacy
10. Personal Information Inquiries
For any questions or concerns related to personal information, users may contact:
- Email: support@gruuz.com
11. Notification of Changes to Policy
Any updates to this policy will be announced on the Company’s website at least 7 days before implementation.
- Effective Date: 2024-07-22
