Refinder Privacy Policy

Last modified June 18, 2024

Thinkfree Inc. (hereinafter referred to as ‘Thinkfree’ or the ‘Company’) complies with laws, regulations, and guidelines for personal information protection and establishes and publishes a personal information processing policy to protect users’ personal information and rights and to smoothly handle complaints related to personal information.

The Company complies with the relevant laws and personal information protection regulations and guidelines of the Republic of Korea that are mandatory for personal information controllers and establishes the Privacy Policy and opens it to the public.

This Privacy Policy applies to the services based on the Thinkfree Service (hereinafter referred to as ‘Service’) Account, offered by the Company.

Matters not specified in this Privacy Policy shall be governed by the operation policy and rules that complete the package service and relevant laws, and the terms of use for the subsequent services and the operation policy regulations for each service in the Privacy Policy.

Also, if this Privacy Policy is inconsistent with a specific guideline, the operation policy and the specific guideline will prevail.

1. Purpose of Personal Information Collection and Utilization

The company collects personal information as follows for membership, smooth communication, service application, and consultation.

In terms of member management, personal information is used to confirm subscription intention, handle requests such as complaints and inquiries, and give notices.

In terms of service provision, personal information is used for purposes such as sending estimates, contracts, and invoices, providing contents, self-certification, age authentication, payment/settlement, and debt collection.

In addition, your personal information such as email address, name, profile image etc. may be displayed within the service under circumstances where personal information needs to be viewed, for example, when other users share their files with you or your post is published.

Personal information is used to provide event information for marketing activities or to analyze user access frequency or service usage statistics.

2. List of Personal Information, and Personal Information Retention and Utilization Period

The Company processes and retains personal information within the retention period agreed upon when collecting personal information from users or within the retention period in accordance with the law.

Service	Items of collection	Retention and Utilization Period
Sign up	[For Email ID member sign-up][Required] Email (User ID), password, date of birth[Optional] Profile information setting: Profile image, Email (User ID) to consent to marketing and promotions [For Social Login member Sign-on] Google, Microsoft [Required] Email(User ID), name, etc. [OAuth information for social networking service account log-in] [Required] Email (User ID), email, name (nickname), Token received from OAuth service provider [Consent by the legal guardian provided for signing up of a user under 14][Required] Consent and agreement by the legal guardian	For membership withdrawal and termination of service agreement(However, an exception applies when the information is stored separately for a certain period according to the relevant laws.)
Phone number verification	[Required] mobile number
Recovery email registration	[Required] Email
Inquiry	[Required] Information required for customer consultation: Name, email, product information

Personal information collected per service user consent

Service	Items of collection	Retention and Utilization Period
Refinder	[Service usage] [Required] Name, Email [Product inquiry] [Required] Company name, Product information[Optional] Phone number	For membership withdrawal and termination of service agreement(However, an exception applies when the information is stored separately for a certain period according to the relevant laws.)

If it is necessary to preserve personal information in accordance with the provisions of related laws, the Company preserves personal information for a certain period of time as set forth in the relevant laws and regulations as follows:

Retention period according to related laws

Retention items	Relevant statutory provisions	Retention period
Records of contracts or revocation of subscriptions	Act on the consumer protection regarding e-commerce	5 years
Record of payment and supply of goods		5 years
Record of consumer complaint or dispute resolution		5 years
Visit history	Protection of Communications Secrets Act	3 months
Record of electronic documents using certified electronic address	Framework Act on electronic documents and transactions	10 years

3. Provision of Personal Information to Third Parties

The Company processes the users’ personal information only within the scope specified in the purpose of processing and provides personal information to a third party only when the information subject consents or the situation falls under special provisions of the law, and otherwise the Company shall not provide the users’ personal information to a third party.

4. Procedure and Method of Personal Information Destruction

In principle, information shall be destroyed without delay after the purpose of collecting and using personal information is achieved. Destruction procedures and methods are as follows.

A. Disposal procedure

The Company classifies the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the person in charge of personal information protection of the Company.

B. Disposal method

Personal information printed on paper is destroyed by grinding or incineration with a shredder.The personal information stored in the electronic file form is deleted in an unrecoverable technical manner.

5. Consignment of Personal Information Processing

6. Right of User and Legal Representative and Right Exercise

The company entrusts and operates your personal information to an external professional company to provide services and stipulates necessary matters for the safe management of personal information during consignment contracts in accordance with the relevant statutes. The details of the company’s personal information consignment processing agency and consignment work are as follows.

Consignee	Details of consignment	Personal Information Retentionand Utilization Period
Amazon Web Service	System development, operation, and data storage for service offer	Until membership withdrawalor termination of consignment contract

Consignee: Open AI OpCo, LLC

Purpose: We use the OpenAI API to power certain features on our platform, which may require us to send your input data (such as text queries, processed document data, document metadata etc.) to OpenAI’s servers for processing.

Personal Information Retention and Utilization: To understand how OpenAI handles your data, please review their privacy policy available at https://openai.com/policies/privacy-policy/, https://openai.com/enterprise-privacy/.

Consignee: Google Inc.

Purpose: We use the Gemini API to power certain features on our platform, which may require us to send your input data (such as text queries, processed document data, document metadata etc.) to Google’s servers for processing.

Personal Information Retention and Utilization: To understand how Google handles your data, please review their privacy policy available at https://policies.google.com/privacy

The Company establishes stipulating matters necessary for safe management of personal information when entering into a consignment contract and supervises whether the consignee handles personal information safely.If the information of the entrusted business or the consignee is changed, the Company will disclose it through this Privacy Policy without delay.

Service users can exercise the right to the Company at any time, such as viewing, correcting, deleting, or requesting suspension of processing of personal information. Right can be exercised through a legal representative or a delegated proxy by submitting the document of delegation, Annex “the Enforcement Regulation of Personal Information Protection.” The Inspection Request team for personal information will provide the form of the document of delegation upon the form request.

1. You can exercise your rights regarding personal information by sending a document or e-mail, or via fax, etc. in accordance with the relevant laws and regulations, and the Company will take action without delay.

Rights can also be exercised through an agent, such as the user’s legal representative or a person authorized to do so. In this case, you must submit a power of attorney in accordance with the “Notice on Personal Information Processing Methods.”
The user’s right to request access to and suspension of processing of personal information may be restricted in accordance with relevant laws and regulations.
Requests for correction or deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.
The Company shall verify the identity of the user or their representative when they request access, correction, deletion, suspension of treatment based on the rights of the user.
1. Users can access, view, modify, or delete their own personal information at any time via [My Page].
2. If the user no longer intends to use the Company’s services, he/she can terminate the service agreement through [Membership withdrawal].

You can refer to the information in 10. Customer Service Regarding Personal Information to contact the Chief Privacy Officer or grievance department. to make your inquiry regarding personal information.

7. Matters concerning the installation, operation, and refusal of automatic personal information collection devices

A. Guides on the use of Cookie for membership.

What is a cookie?
The Company uses and saves cookies in the member authentication section where you log in to provide a customized service for you. Cookies are text files that are automatically generated in your web browser when you access the website. This cookie will be automatically deleted when you log out (Log-out) and close your web browser.
Purpose of use
Cookies store and utilize your visit and usage behavior of the Thinkfree services and websites, IP address, browser type, connection server, server location, and response to certain ads. When a customized service is provided, the user’s personal information is not provided.
How to Refuse to Save Cookies
Users reserve the right to choose to install cookies. Users can adjust web browser settings to accept or refuse cookies. However, refusing to save cookies may limit the use of some services.

How to access cookie settings in Internet Explorer
* Tools → Internet Options → Privacy → Advanced → Cookies in Settings
How to access cookie settings in Microsoft Edge
* At the top of the web browser, select [Settings and more] → [Settings] → [Site permissions] → [Cookies and site data]
How to access cookie settings in Chrome
* At the top of the web browser, click on the three dots and [Settings] → [Privacy and security] → [Cookies and other sate data]

B. Guides on Google Analytics

The Company uses Google Analytics, a web analytics service provided by Google LLC (hereinafter referred to as “Google”) to better serve customers. Through this, we analyze how you use the service and identify demand to improve the service and product.
Google Analytics uses the Cookie key to collect how you use your website.
Google sends and stores information collected through cookies to Google servers in the United States.
Google may provide this information to third parties, if required by law, or to third parties that process it on behalf of Google.
Google does not associate your IP address with any other data it has.
Unless you specifically refuse to use cookies, you agree to use all information generated through Google Analytics and cookies created during your company’s service use.
Information on Google’s privacy can be found here.
If you want to refuse data collection by Google Analytics, you can either set it up on Google’s site or refuse to save cookies via [How to Refuse to Save Cookies] above. However, please note that refusing to save cookies may limit the use of some services that require login, and that you are solely responsible for them.

C. Behavior information

1) Mixpanel

Mixpanel is a user behavior analytics tool that helps understand how users are interacting with a website through session replays and heatmaps.

Mixpanel uses Cookies to collect how users use the website.If the user wants to refuse data collection, he/she can refuse to save cookies via [How to Refuse to Save Cookies] above. However, please note that refusing to save cookies may limit the use of some services that require login, and that you are solely responsible for them.

Information on Mixpanel’s privacy can be found here.

D. How to control data

If you do not want to target personalized ads, you can block them by clicking the “i” button in the upper right corner of the ads that appear. Setting values can be changed at any time.

Additionally, all users can opt out of all personalized ads using privacy features such as private browsing, iOS (Limit Ad Tracking) and Android Off Personalization settings.

[Web Browser]

Microsoft Edge: [Settings] → [Cookies and site permissions] → [Allow sites to store and read cookie data] uncheck
Chrome: Select [Settings] → [Privacy & Security] → [Cookies and other site data] → [Block all cookies] at the top of the web browser

[App]

Android: Select [Settings] → [Google] → [Ads] → [Disable Ads Personalization]
iOS: Select [Settings] → [Privacy & Security] → [Tracking] → [App recommends tracking]

E. User damage relief method

In case of damage related to customized advertisement, please contact the personal information grievance handling department specified in 10. Customer Service Regarding Personal Information.

8. Criteria for Determining Additional Use and Provision of Personal Information

Category	Purpose of use	Retention and utilization period
For identity proofing infomation(DI)	Identity proofing for account ID and password recovery	Until membership Withdrawal After Identity proofing

The company may use and provide personal information without the consent of the information subject in accordance with relevant laws and regulations.

The company describes separate use and provision without the consent of the information subject.
- Whether the purpose of using and providing personal information is clearly related by checking whether it is related to the first purpose of collection
- In the case of confirming and predicting whether there is predictability of additional provision when considering the circumstances in which personal information was collected or applied to the processing measures
- Where the provision of additional use of personal information does not enable the information subject to enjoy the benefits by checking whether the provision of additional use of personal information can enable the information subject’s property
- In the case of taking necessary measures for parts such as pseudonymization or plug-ins

In cases where the Service is granted access to your Google Workspace, Thinkfree does not retain user data obtained through Workspace APIs to develop, improve, or train generalized AI and/or ML models.

9. Matters Concerning Anonymized Information Processing

A. The company handles personal information collected for statistical collection, related research, public record preservation, etc. to protect specific personal information as follows.

1) Matters Concerning Anonymized Information Processing

Category	Purpose of use	Purpose of item	Retention and utilization period
Usage statistics	Improve the performance and functionality of the Service	Statistics such as usage time and services to improve the performance and function of service	Until analysis of combined statistical data is completed or membership withdrawal

10. Customer Service Regarding Personal Information

The company shall designate the privacy protection officer and the person in charge of personal information management as follows in order to handle complaints related to personal information protection and personal information and grievance department.

A. Chief Privacy Officer, CPO

Name: Park Jihoon
Affiliated and Position: Division Manager / Strategic Growth Division

A user may request the following department to peruse personal information under Article 35 of the Personal Information Protection Act. The company will make efforts to expedite the user’s request for personal information and grievance department.

B. Request for viewing of personal information and grievance department

Name: Park Jihoon
Affiliated and Position: Division Manager / Strategic Growth Division
Email: [email protected]
Phone number: 1566-5192

C. Rights and Interests Infringement and Protection

The users can inquire about damage relief and consultation regarding personal information infringement to the following agencies. The agencies below are separate organizations from the company. If you are not satisfied with the company’s own personal information complaint handling and damage relief results, or if you need more detailed help, please contact us.

Personal Information Dispute Mediation Committee (http://kopico.go.kr/ (82)1833-6972)
Personal Information Infringement Reporting Center (http://privacy.kisa.or.kr/ (82)118)
Cyber Investigation Department of the Supreme Prosecutors’ Office (http://www.spo.go.kr/ (82)1301)
Cyber Investigation Bureau of National Police Agency (https://ecrm.cyber.go.kr/ (82)182 caller-paid)

11. Matters Concerning Measures to Ensure the Personal Information Safety

Thinkfree takes the following measures for securing safety of personal information of its users:

A. Confidential personal information is encrypted.

Confidential personal information including user passwords is encrypted to store and manage.

B. Efforts are made to secure personal information against hacking or computer viruses.

The company has installed a privacy processing system with protection measures for external breach to prevent loss, theft, leakage, alteration, outside intrusion, hacking, etc.

C. Minimized the number of staff allowed to access personal information and provided training

It minimizes the number of employees who process personal information and reduces the risk of personal information leakage by blocking the use of external Internet services on important PCs. In addition, we provide regular training on personal information protection obligations and security.

12. Obligation to give notice before changing the Privacy Policy

When the Company amends the processing policy, it shall give a notice of the amendment in the form of an announcement within the Service or through a proper electronic method stating the reason for the amendment along with the current policy and the date of effect 7 days before the effective date until a day before the effective date.

In addition, matters not set forth in this Privacy Policy shall be governed by applicable laws, regulations, commercial practices and service policies (if applicable) within the service website. The Company may implement separate operating policies for each individual service.