Privacy Policy

Yoyo Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses the following Privacy Policy to ensure the rights of users under the Personal Information Protection Act and to smoothly handle users’ grievances related to personal information.

1. Items of Personal Information Collected and Methods of Collection

  1. Items of Personal Information Collected

The Company collects the following personal information as mandatory items when users register using another social service account:

  • Name (Google/Kakao/X)

  • Surname (Google/Kakao/X)

  • Email (Google/Kakao/X)

  • Profile picture (Google/Kakao/X)

During the service use process or business processing, the following information may be automatically generated and collected:

  • IP address, cookies, visit date and time, service use records, misuse records, device information

During payment reservation and payment, the following information is collected:

  • Payment date and time, payment amount, currency, name, email, contact information, credit card information (card number, expiration date, date of birth, business registration number, first two digits of the password)

In case of payment cancellation or refund, the following information is collected:

  • Account information, proof documents (copy of payment statement)

When using services requiring delivery, the following information is collected:

  • Recipient's name, email, contact information, recipient's delivery address

For creator verification, the following mandatory information is collected according to the Value-Added Tax Act:

  • For individuals: Resident registration number, name, account information, proof documents (copy of ID, copy of bankbook), contact information

  • For businesses: Business registration number, business name, representative's name, tax type, account information, proof documents (copy of business registration, copy of bankbook), contact information

When registering customer service inquiries, the following information is collected:

  • Email address, Yoyo login email, device usage environment, and access location

  1. Methods of Collecting Personal Information

The Company, in principle, informs users about the collection of personal information and seeks their consent in advance. Personal information is collected in the following ways:

  • Users consent to the collection of personal information and directly enter information during the membership registration, service use, and help center consultation process.

  • Information such as IP and device information is automatically generated and collected during the service use process.

2. Purpose of Collecting and Using Personal Information

The Company processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures will be taken under the Personal Information Protection Act.

  1. Membership Registration and Management Personal information is processed for the purpose of confirming membership intention, identifying and authenticating members for membership services, verifying creators, maintaining and managing membership qualifications, preventing fraudulent use of services, issuing various notifications and announcements, handling grievances, and preserving records for dispute resolution.

  2. Service Provision and Improvement Personal information is processed for the purpose of providing and improving services and content, providing and improving personalized services, payment, refund, transaction, delivery services, and settlement.

The Company may process collected personal information into pseudonymized data for purposes such as statistics, scientific research, and public record preservation. In such cases, pseudonymized information is stored and managed separately from additional information to prevent re-identification, and necessary technical and managerial protective measures are taken.

3. Retention and Use Period of Personal Information

In principle, the user's personal information is destroyed without delay once the purpose of collecting and using personal information is achieved. However, the following information is retained for the specified period for the reasons stated below.

  1. Reasons for Retention of Information by Company Policy

    • Fraudulent use records (violation of laws or terms of service, infringement of third-party rights)

      • Retained items: DI (Duplication Information) of identity verification, phone number, registration email address, sanctions-related records, and posts

      • Retention period: 5 years from the date of withdrawal or until the completion of handling the report

    • Prevention of fraudulent registration and abuse of membership benefits

      • Retained items: DI of identity verification

      • Retention period: 3 years from the date of withdrawal

  2. Reasons for Retention of Information by Related Laws The Company retains member information for a certain period as prescribed by relevant laws such as the Commercial Act and the Act on the Consumer Protection in Electronic Commerce. In this case, the information is used solely for the purpose of retention. Key retention information, retention purpose, and retention period are as follows:

    • Records related to contracts or withdrawal of subscriptions

      • Retention basis: Act on the Consumer Protection in Electronic Commerce

      • Retention period: 5 years

    • Records on payment and supply of goods

      • Retention basis: Act on the Consumer Protection in Electronic Commerce

      • Retention period: 5 years

    • Records on consumer complaints or dispute resolution

      • Retention basis: Act on the Consumer Protection in Electronic Commerce

      • Retention period: 3 years

    • Service visit records

      • Retention basis: Protection of Communications Secrets Act

      • Retention period: 3 months

    • Books and evidence documents related to all transactions prescribed by tax laws

      • Retention basis: Framework Act on National Taxes

      • Retention period: 5 years

    • Records on electronic financial transactions

      • Retention basis: Electronic Financial Transactions Act

      • Retention period: 5 years

    • Records on labeling and advertising

      • Retention basis: Act on the Consumer Protection in Electronic Commerce

      • Retention period: 6 months

4. Provision of Personal Information

In principle, the Company does not provide personal information to external parties without the user's consent. However, personal information may be provided in the following cases:

  • When the user has directly consented to the provision of personal information to use the service.

  • When the Company is obliged to submit personal information under relevant laws.

  • When it is necessary to protect the user's or third party's life or safety from imminent danger.

  • When a transaction is made through the Company's services, personal information may be provided to the extent necessary for smooth communication, delivery, and consultation between the parties involved.

When personal information is provided with the user's consent:

  • When paid services are provided between members through the Company's mediation (providing purchaser/sponsor information to the creator)

    • Personal information subject: Member receiving the paid service (purchaser/sponsor)

    • Recipient of personal information: Member providing the paid service (creator)

    • Purpose of use by the recipient: Providing paid services, payment (dispatch/delivery, etc.), fulfilling obligations such as exchange/refund, notifications regarding progress, and handling complaints and disputes

    • Provided personal information items: Name, email, contact information, delivery information during payment or payment reservation

    • Retention and use period by the recipient: Immediate destruction of provided purchaser/sponsor personal information upon completion of payment (retained for the necessary period if required by relevant laws)

  • When receiving paid services between members through the Company's mediation (providing creator information to the sponsor)

    • Personal information subject: Member providing the paid service (creator)

    • Recipient of personal information: Member receiving the paid service (purchaser/sponsor)

    • Purpose of use by the recipient: Handling complaints, inquiries, and disputes regarding paid services

    • Provided personal information items: Name (or name of the corporation and representative for business entities), contact information, email

    • Retention and use period by the recipient: Immediate destruction of provided creator personal information upon achievement of purpose (retained for the necessary period if required by relevant laws)

5. Destruction of Personal Information

In principle, the Company destroys personal information without delay once the purpose of processing personal information is achieved. Information subject to retention obligations under laws is also destroyed without delay after the retention period has expired. The procedures and methods for destruction are as follows:

  1. Destruction Procedure

    • The Company selects personal information for which the destruction reason has occurred and destroys it upon approval from the Privacy Officer.

  2. Destruction Method

    • Information in electronic file format is destroyed using technical methods that prevent the record from being restored. Printed personal information is destroyed by shredding or incineration.

6. Rights of Users and Legal Representatives and How to Exercise Them

  1. Rights of Users and Legal Representatives

    • Users can view or correct their personal information at any time and request the deletion or suspension of processing their personal information. However, deletion and suspension of processing may restrict the use of some or all services.

    • The Company may restrict or refuse the viewing, correction, deletion, or suspension of processing of personal information if:

      • It is required by law or unavoidable to comply with legal obligations.

      • There is a concern that it may harm the life or body of another person or unfairly infringe on another person's property and other interests.

      • If the contract cannot be performed without processing personal information, and the user does not clearly express their intention to terminate the contract.

  2. Methods and Procedures for Exercising Rights

    • Users can view, correct, delete, or withdraw their personal information through the following methods:

      • [Settings] screen within the service

      • [Creator Verification] screen within the service if the creator verification is completed

    • Users can request the suspension of processing personal information through inquiries to the Privacy Officer and the responsible department.

  3. Inquiries through the Privacy Officer and the Responsible Department:

    • Users may appoint an agent (legal representative or a person delegated by the user) to request the viewing, correction, deletion, and suspension of processing of personal information on their behalf. In this case, the agent must submit a power of attorney to the Company.

    • Legal representatives of children under 18 have the right to view, correct, delete, suspend the processing, and withdraw consent to the collection and use of their children's personal information.

7. Installation, Operation, and Rejection of Automatic Collection Devices for Personal Information

  1. Purpose of Using Cookies

    • The Company uses cookies to provide users with faster and more convenient service use and to provide customized services. Cookies are very small text files sent to the user's browser by the server used to operate the website, which are stored on the user's device.

  2. Installation/Operation and Rejection of Cookies

    • Users have the option to allow cookies, check each time cookies are stored, or reject all cookies through their web browser settings. However, if cookies are rejected, some services that require login may be difficult to use.

How to Set Cookies in Browsers:

  • Chrome

  • Safari

  • Firefox

  • Edge

8. Measures to Ensure the Security of Personal Information

The Company takes the following protective measures to ensure the security of personal information:

  1. Minimization and Training of Personal Information Handling Staff

    • The Company limits access to personal information to the minimum necessary employees and continuously manages access rights. Regular training on personal information protection and security is provided.

  2. Establishment and Implementation of Internal Management Plan

    • The Company establishes and implements an internal management plan for the safe processing of personal information.

  3. Encryption of Personal Information

    • Personal information required by law to be encrypted, such as passwords and unique identification numbers, is managed through encryption.

  4. Technical Measures Against Hacking

    • The Company controls access to personal information and periodically checks access records to prevent the leakage and damage of personal information.

9. Privacy Officer and Responsible Department

Information subjects can contact the Privacy Officer and the responsible department for all inquiries related to personal information protection, complaint handling, damage relief, and requests for access to personal information under the Personal Information Protection Act while using the Company's services. The Company will respond and handle the inquiries without delay.

Privacy Officer and Responsible Department:

  • Name: Marcus Abila

  • Department: Privacy Protection Team

  • Contact: privacy@yoyo.space

For further reporting or consultation on personal information infringement, please contact the following institutions:

10. Changes to the Privacy Policy

This Privacy Policy is effective from the effective date, and any additions, deletions, or modifications in accordance with laws and policies will be notified through notices (or individual notices) at least 7 days before the changes take effect.

Effective Date of Privacy Policy: June 11, 2024