Privacy Policy

Laon People values the privacy of its users and complies with relevant laws and regulations, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.

This Privacy Policy provides clear guidance regarding the personal information collected by the Company, the purposes and methods of processing, and the protective measures implemented. The specific items collected and the purposes of processing may be additionally provided when using the Service or through a separate consent screen.

This Privacy Policy will be posted on the Company's official website (Laon People) and related service pages, and any changes will be notified in accordance with applicable laws and regulations.

Article 1 [Purpose of the Privacy Policy]

In this Privacy Policy, Laon People (hereinafter the "Company") prioritizes the protection of users' rights when processing personal information on its website (Laon People) and related services.

• a) Transparency in the processing of personal information: The Company provides clear information about what personal information it collects, how it is used, with whom it is shared if necessary (e.g., outsourcing or provision), and when and how it is destroyed once its purpose has been fulfilled.
• b) Guidance on the rights of data subjects: The Company informs data subjects of their rights regarding personal information and explains how and in what manner they can exercise those rights.
• C) Response procedures in the event of a personal information breach: In the event of a personal information breach, the Company provides information on who to contact and what measures can be taken to prevent further harm and remedy any damage that has already occurred.

This Privacy Policy is based on the Personal Information Protection Act and related laws and regulations and establishes the basic principles for personal information protection between the Company and its users.

Article 2 [Methods of Collecting Personal Information]

The Company may collect users' personal information through the following methods.

• a) Direct input: Personal information provided directly by users through the Company’s website, mobile app, or application.
• B) Consultation and inquiry response process: Information voluntarily provided by users through customer center, chat, email, offline consultation, etc.
• C) Provision from affiliates or external login-linked platforms: Information provided by affiliates or through interlinked services (Kakao, Naver, Google, etc.) with the consent of the user.
• d) Automatically collected information: Information automatically generated or collected during the use of the services (e.g., IP address, cookies, access times, usage history, browser information, etc.).

The Company obtains prior consent to collect personal information, except as otherwise permitted by applicable laws.

Article 3 [Personal Information Collected and Used]

The Company collects personal information only in the following cases when users use the Laon People website:

• a) For customer inquiries

  [Required] Name, company name, email address, phone number, inquiry type, product of interest, subject, and inquiry content

• b) When downloading materials

  [Required] Name, company name, department, email address, phone number, assigned password

• c) Automatically collected information

  IP address, browser type, date and time of access, usage history, cookie information, OS and device information, etc.
  * Users may refuse consent for optional items, and such refusal will not restrict the use of the services. However, refusal of consent for required items may limit the provision of certain services.

• d) Participation in events and marketing The Company may additionally collect and use personal information for users who wish to participate in events or marketing activities, for which separate consent will be obtained. Examples include:
  • ① Advertising Information Notification - [Optional] Name, email address, (mobile) phone number, company name, etc.
  • ② Event participation - [Optional] Mobile phone number, email address, social media account name (for social media events)
  • ③ Delivery of goods, prizes, etc. - [Optional] Name, phone number, address, email address

Article 4 [Purpose of Collection and Use of Personal Information]

The Company processes the collected personal information only within the scope of the following purposes, and if the purpose of processing is changed, prior consent is obtained in accordance with relevant laws and regulations.

• a) Respond to customer inquiries and technical support
  • Verify and process customer requests submitted through the Contact Us page.
  • Provide consultations and technical support related to products and services.
• b) Notification of announcements and policy changes
  • Notify users of changes to the Privacy Policy, Terms of Use, or other matters.
  • Deliver important service-related announcements.
• c) Service improvement and security measures
  • Monitor service operations and improve service quality.
  • Prevent unauthorized access and illegal use
  • Analyze system logs and errors to ensure reliability
• d) Compliance with legal obligations and dispute response
  • Fulfill obligations under applicable laws.
  • Respond to violations of the Terms of Use.
  • Handle disputes, including providing explanations, responding to complaints, and taking legal actions.
• e) Marketing and event notifications (with separate consent)
  • Provide marketing information, such as events and promotions
  • Deliver service recommendations and advertising information

* The Company obtains separate consent from the user for marketing and advertising purposes. Even if the user does not provide consent, their use of the services will not be restricted.

Article 5 [Retention and Use Period of Personal Information]

• a) General retention and usage periods

  The collected personal information will be retained and used for as long as the user remains a user, and will be promptly destroyed if the user ceases to use the Services or, even while using the Services, if the purpose for which the information was collected has been fully achieved.

  However, the following items may be retained for a certain period to provide the Services and support the user, with retention periods communicated at the time of consent or through individual notices.

  Purpose of Retention	Retention Period	Retained Items
  For resolving user complaints and disputes after withdrawal from the Services	30 days	Access history, access date and time, access location information, bad usage history, device information, download history, external platform ID
  For providing marketing information and event-related notifications, and for selecting winners	6 months	Name, address, phone number, and email address

  * If the collection is for an event, the retention period may vary depending on the event. If an individual event notice specifies a separate retention period, that period takes precedence.

• b) Items retained for legal compliance

  If retention of user information is required under applicable laws, the Company will retain the information for the legally specified period. In this case, the Company uses the information solely for the purpose of retention, and the retention period is as follows.

  Category	Retained Items	Retention Period	Applicable Law
  Records related to labeling and advertising	Contents of the labeling, advertising, etc.	6 months	Article 6 of the E-Commerce Act
  Records related to consumer complaints and dispute resolution	Details of complaint handling, etc.	3 years	Article 6 of the E-Commerce Act
  Communication history, such as access logs and IP information	Access location information and log history	1 year	Article 15 of the Protection of Communications Secrets Act

Article 6 [Procedures and Methods of Destruction of Personal Information]

The Company will promptly destroy personal information once the purpose of its collection has been fulfilled, the retention period has expired, or the user withdraws consent. The process and methods for destroying personal information are as follows.

• a) Destruction Procedures
  • The Company will destroy personal information for which destruction is required, with the approval of the person in charge of personal information protection, in accordance with internal policies and applicable laws.
  • Personal information that has exceeded its retention period will be destroyed in a way that makes reproduction impossible.
  • However, if retention is required by law or with the user's consent, the information will be stored separately and destroyed without delay once the applicable retention period ends. In such cases, the segregated personal information is stored and managed separately from general personal information, with access strictly restricted.
• b) Destruction Methods
  • Electronic files: Deleted using technical methods that make recovery or reproduction impossible (e.g., low-level formatting, data overwriting, etc.).
  • Paper documents or other printed materials: Destroyed using physical methods such as shredding or incineration.

  * Existing members may request access, correction, or deletion of their personal information until it is destroyed, and the Company will promptly take appropriate action.

Article 7 [Sharing and Provision of Personal Information]

In principle, the Company does not provide personal information to third parties without the consent of the user, and personal information is provided to third parties only in the following cases:

• a) Criteria for third-party provision
  • ① When separate consent has been obtained from the information subject
  • ② When required by laws or to fulfill a legal obligation
  • ③ When urgently necessary to protect the life, body, or property of the information subject or a third party
  • ④ When provided in a form that does not identify a specific individual, as necessary for statistical purposes, academic research, or similar purposes
• b) By law or upon request of law enforcement agencies

  The Company may provide personal information in accordance with the procedures and methods prescribed by law if requested by investigative or administrative agencies. In this case, the legal basis must be clear, and the information will be handled following due process.

Article 8 [Outsourcing the Processing of Personal Information]

• a) The Company entrusts certain personal information processing tasks to external companies to ensure smooth operation of the services. When entering into an outsourcing agreement, the Company specifies in the contract the necessary matters for the entrusted party to safely process personal information in accordance with Article 26 of the Personal Information Protection Act, and conducts regular management and supervision.

The Company will notify the user in advance of any changes to the outsourcing company or the scope of outsourced work through an update to this Privacy Policy or via a separate individual notice.

Article 9 [Rights of Users and Their Legal Representatives and How to Exercise Them]

• a) Privacy of children under 14
  • ① If the Company requires consent for the collection, use, or provision of personal information of children under 14 (hereinafter "children"), the Company shall obtain the separate consent of their legal representative.
  • ② To obtain consent under Paragraph ①, the Company may request only the minimum necessary information, such as the legal representative's name and contact information. This information will not be used for any other purpose or provided to third parties except for confirming the legal representative's consent.
  • ③ The legal representative's consent may be used to resolve consumer complaints or disputes related to contracts between the child and the Company, withdrawal of subscription, payments, or the supply of goods.
  • ④ The child's legal representative may request access to, correction of, or withdrawal of consent for the child's personal information, and the Company shall take necessary measures without delay.
• b) Matters concerning the management of personal information of the information subject
  • ① Users may exercise the following rights at any time:
    • a) Request access to, modification, or deletion of personal information.
    • b) Request the suspension of personal information processing.
    • c) Withdraw consent to the collection, use, or provision of personal information.
  • ② Users may request the suspension of the processing of their personal information to ensure that their rights are fulfilled, in accordance with the methods provided when collecting and using personal information. However, a suspension request may be denied under Article 37(2) of the Personal Information Protection Act if:
    • a) Retention is clearly required by law, or
    • (b) It may infringe on the rights or interests of others.
  • ③ Users may withdraw their consent to the collection and use of personal information at any time by withdrawing membership, etc.
  • ④ If the user requests correction of inaccurate personal information, the Company will not use or share that personal information until the correction is completed. In addition, if the Company has already shared incorrect personal information with a third party, it will notify the third party without delay and apply the correction immediately.
  • ⑤ Any other inquiries related to the exercise of your rights can be directed to Customer Support or the Privacy Officer.

Article 10 [Installation, Operation and Rejection of Automatic Collection Devices for Personal Information]

• a) Operation of automatic collection devices such as cookies
  • ① The Company installs and operates devices that automatically collect personal information such as cookies (access information files) to provide a convenient user experience.
  • ② Cookies are very small text files sent to the user's device by the server that operates the application and stored on the device’s storage. When the application is subsequently used, the server reads the contents of the cookies stored on the user's device to maintain preferences and provide personalized services.
  • Users can choose whether to allow the installation of cookies. Accordingly, users may accept all cookies, confirm each time a cookie is stored, or refuse to store all cookies through device settings or options. However, if all cookies are refused, the provision of the services may be limited or unavailable.
  • ④ How to configure cookie installation settings
    • Internet Explorer: Select the Tools menu ☞ Select Internet Options ☞ Click the Privacy tab ☞ Set your privacy level
    • Chrome: Select the Settings menu ☞ Select Show advanced settings ☞ Select Privacy & content settings ☞ Set cookie levels
    • Firefox: Select Options menu ☞ Select Privacy ☞ Go to Browsing history > customize settings ☞ Set cookie level
    • Safari: Select the Preferences menu ☞ Select the Privacy tab ☞ Set cookie and website data levels
• b) Collection of advertising identifiers and personalized advertising
  • ① The Company collects and uses users' advertising identifiers to provide more useful services in consideration of users' characteristics.
  • Advertising identifiers are non-persistent, non-personal identifiers, such as Android advertising IDs, Apple's ID for advertising, etc.
  • ③ Advertising identifiers may be analyzed as a result of the user's online usage behavior, access history, etc. and provided as online customized advertisements considering user characteristics.
    • Name of the ad provider that collects and processes behavioral information: Google AdMob
    • Method of behavioral information collection: Automatically collected and transmitted when users visit and launch apps/webs
  • ④ Users can opt out by changing the settings on their device, which can be reset at any time.
    • Name of the ad provider that collects and processes behavioral information: Google AdMob
    • Method of behavioral information collection: Automatically collected and transmitted when users visit and launch apps/webs
• c) Use of website usage statistics analysis tools
  • ① The Company utilizes the following statistical analysis tools for the purpose of statistical analysis of service usage and service improvement.
    • a) ELK (Elasticsearch, Logstash, Kibana)
    • b) Google Analytics
    • c) Firebase
  • ② The Company collects behavioral information of website users through Google Analytics; in this case, only non-personally identifiable information is collected..
  • ③ Users may opt out of Google Analytics by following the instructions below.
    https://tools.google.com/dlpage/gaoptout/
  • ④ ELK is a log collection tool used to monitor product functionality, system errors, and related events. The logs collected do not include personal information such as error codes or feature usage history and are limited to non-identifiable information used solely for technical operations.
  • ⑤ Firebase is used to analyze mobile app usage patterns, collect crash reports, and study user behavior. It collects information such as app version, device information (OS, model), usage time, event logs, and crash reports.
    • a) The collected information is stored in a non-personally identifiable form and is used only to improve app performance and analyze features.
    • b) Tracking based on Firebase can be limited through mobile device settings or in-app settings.

Article 11 [Measures to Secure the Safety of Personal Information]

The Company has implemented the following technical, physical, and administrative safeguards to protect the personal information processed and to prevent its loss, disclosure, alteration, or destruction.

• a) Technical safeguards
  • ① Password Encryption
    Passwords are stored and managed in encrypted form. Therefore, if a user forgets a password, it cannot be verified; instead, a new password is issued after a predetermined identity verification process.
  • ② Strengthening network security
    The Company takes various technical measures to prevent the leakage of users' personal information through abnormal network access such as hacking and computer viruses, and conducts constant monitoring of network access.
    In addition, the Company uses a secure encrypted communication method for communication between the Company's servers and databases.
• b) Administrative safeguards
  • ① Conducting personal information protection training and internal inspection
    The Company regularly conducts training for employees on maintaining the security of users' personal information, and checks the status of personal information processing and compliance by those in charge.
  • ② Designation and management of personal information handlers
    A dedicated person is assigned to manage personal information, ensuring expertise in handling it and minimizing the risk of leakage.
• c) Physical safeguards
  • ① Access and storage control
    Areas where personal information is processed and stored are set up as secure areas and controlled so that only those authorized to process personal information can enter, and tangible and electronic records containing personal information are stored in places with testing devices or on computers with separate access rights.

Article 12 [Contact Information for the Privacy Officer and Representatives]

• a) Users may contact the designated officer or representative below to submit their comments or complaints about the Company's Privacy Policy by email or telephone. The Company will provide an initial response within five (5) business days of receipt and will make every effort to process in a prompt and diligent manner. The following representatives of the Company will make every effort to hear from the user and address their complaint.

  Privacy Officer/Manager and Contact Information

  • Privacy Officer: Kiwook Yoon, Managing Director/CTO
  • Privacy Manager: Yonghyun Jung • Phone: 1899-3058
  • Email: privacy@laonpeople.com
• b) If a report or consultation regarding other personal information infringements is required, contact the following organizations.
  • ① Personal Information Dispute Mediation Committee (http://www.kopico.go.kr/ 1833-6972 without area code)
  • ② Personal Information Infringement Report Center (http://privacy.kisa.or.kr / 118 without area code)
  • ③ Cyber Investigation Division of the Supreme Public Prosecutors' Office (Supreme Public Prosecutors' Office / 1301 without area code)
  • ④ National Police Agency Cyber Investigation Bureau (Cybercrime Reporting System (ECRM) / 182 without area code)

Article 13 [Obligation to Notify Prior to Revisions]

• a) The Company's Privacy Policy may be amended due to changes in laws and the Company's internal policies. In such cases, the Company shall notify users of the changes at least 7 days prior to the effective date by posting the amendments and their effective date on the Company's homepage or within the Service in a manner that users can easily confirm.
• b) However, if the change is disadvantageous or significant to users, the Company will notify them at least 30 days before the effective date, and may request consent again if necessary.
• c) The previous versions of the Privacy Policy will be made available with a revision history so that users can easily see what has changed.