Privacy Policy1. Privacy Policy2. Collection of Personal Information3. Use of Personal Information4. Provision of Personal Information5. Destruction of Personal Information6. Rights of Users & Exercising Those Rights7. Matters Concerning Automatic Personal Information Collection Device (InstallationㆍOperation and Refusal)8. Actions Taken to Protect Personal Information9. Privacy Protection Officer10. Amendment to the Privacy Policy
Privacy Policy
1. Privacy Policy
“Privacy Policy” is the guideline that PLUME.D Inc. (hereinafter, the “Company”) should comply so that users can use every service of AvaKit (hereinafter, the “Service”) provided by the Company. The Company provides this Privacy Policy in compliance with the relevant laws and regulations and guidelines of Republic of Korea.
The Company collects, uses, and provides personal information based on the consent of the user. Any matter that is not prescribed herein shall be stipulated in each Sublevel Service's privacy polices. In case of any conflicts between the content herein and any provisions of each Sublevel Service's privacy polices, the Latter shall override this Private Policy.
2. Collection of Personal Information
The Company collects the minimum personal information to provide the Service.
The following minimum personal information is collected when a user signs up for the Service or while the user uses the Service, through the home page and individual apps.
The minimum necessary information for service provisioning is classified as obligatory, and the user's consent is solicited for its acquisition. Furthermore, supplementary data may be collected to provide tailored services. This supplementary data is categorized as optional and requires the user's consent. However, even in cases where consent is withheld for optional data, there shall be no restrictions on utilizing the service.
[To sign up]
- Required Email, password, name (nickname), dates of birth, phone number, country info
[To verify one’s identity]
- Required Phone number, country info
[To use paid-service]
- Required Credit card number, expire date, first two digits of credit card password, Information of cardholder (name, phone number, and email, etc.)
[To process refund]
- Required Bank, account number, account holder's name, email
[To use Youtube features]
- Required
- User information (nickname, ID), channel information (channel name, channel address, the number of subscribers, etc.), lists of YouTube live, chatting data
AvaKit’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
The method to collect personal information is as follows.
In case of collecting personal information, the Company informs the fact to a user in advance and asks for his/her consent. Personal information is collected via the following methods:
- The user agrees to the collection of personal information and enters relevant information when signing up for a service or while the user uses the Services
- Personal information is provided through affiliated services or groups.
- Personal information is provided via the home page, email, during in-app user report.
- The user participates in online and/or offline events.
Information, including device information, IP address, cookie, and service usage history are automatically generated and collected while using the Service.
- Service usage history is information that can be automatically recorded and/or collected in the Company’s server when information that is automatically generated during the use of the Service or entered by the user is transmitted or received. Such information may or may not be categorized as personal information, depending on whether the information is combined with other information or how it is processed.
Service usage history may include contents entered or shared by the user, keywords entered by the user, visit and access records, records of fraudulent use of the Service, and location information. For example, the number of activation of the specific feature that the user has implemented, whether the specific feature is used or not and crash reports are transmitted to other users through the Company server. The Company can process information, including service usage history, for the purpose of providing the Service, and may, if needed, acquire additional consent from users to use the information.
3. Use of Personal Information
Personal information is used to to provide and improve Service and to develop new services.
- Member identification, confirmation of the user’s will to sign up, user and age verification
- Message transmission between friends, friend registration and suggestion
- To resolve inquiries or complaints, and deliver notices
- To send content or settle charges when using Services that needs payment
- Prevention and sanction of any act that interrupts normal service operation of the service
- The establishment of a service environment conducive to new service creation, functional enhancements, personalized service provision, and privacy safeguarding;
- Statistics pertaining to service usage records, frequency of access, and service utilization
Additional personal information may be used or provided.
The personal information may be used or provided to a third party, without consent from the user and in accordance with related laws, to the extent that the information is collected and used for reasons related to the purpose of collection. At this time, collective consideration is made to whether the additional use and collection of personal information is related to the original purpose of collection, the circumstances of the collection or processing practices can lead to expectations of further use or provision of personal information, the collection and use unjustifiably impeded on the user's interests, and/or whether measures where taken to secure security, such as pseudonymization or encryption.
Processed Items and Purposes | Additional Use | Pseudonymization |
Personal information items collected based on a user's agreement are processed for purposes required to provide Services including membership management. Processed items and their purposes are disclosed in Company's Privacy Policy at all times. | Personal information may be used or provided additionally within the scope reasonably related to the original purpose of collection, based on the consideration of the relevancy to the original purpose, the circumstances of collection and processing practices. | After pseudonymizing the collected personal information to make it impossible to identify a particular individual, Company may process the information for archiving purposes in the public interest, scientific research purposes or statistical purposes. |
4. Provision of Personal Information
PLUME.D Inc. does not provide personal information to any third party without your consent or unless demanded by applicable laws.
Company does not provide personal information to any third party without your consent or unless demanded by applicable laws. However, Company can provide necessary organizations with personal information without consent from the information owner in the event of a disaster, communicable disease, incidents or accidents that can lead to death or physical endangerment, and/or emergency situations that can lead to immediate financial loss.
The following affairs are entrusted to provide the Services.
If needed for service provision, some personal information processing tasks may be entrusted to an external entity. Company manages and supervises whether the entrusted entity complies with laws and regulations on personal information protection by limiting the entrusted entity's processing of personal information to that necessary to execute the entrusted tasks, applying technical and administrative protective measures and restricting re-entrustment. Users may refuse overseas transfer of personal information through the Customer Center. If a user refuses to transfer personal information overseas, the use of services that require overseas transfer of personal information may be restricted.
Provision to Third Parties | Entrustment of Processing | Crossborder Transfer |
Company only provides personal information to a third party when a user directly consents to the provision of personal information in order to use the services of an outside partner. The list of third parties receiving personal information can be viewed in the table below. | Company entrusts part of its work necessary to provide services to outside companies. In case of entrustment, Company carries out management and supervision on a regular basis to ensure that the companies comply with applicable laws related to personal information protection. | The personal information of users may be transferred overseas when a user consents to the provision of personal information in order to use the services of an overseas partner. In addition, the processing of specific personal information is entrusted to an overseas partner to send text messages to foreign countries, and for other purposes. |
<List of Entrust Partners for Personal Information Handling>
Consignment company | Purpose of consignment work |
Toss Payments Co,, Ltd. | Processing of payments (via credit card)
Account validation |
PayPal | Processing of payments (via credit card)
Account validation |
Paddle | Processing of payments (via credit card)
Account validation |
Twilio | Sending messages for authentication (SMS) |
5. Destruction of Personal Information
The user's personal information is to be destroyed immediately once the purpose of the collection and use of personal information is fulfilled. The procedure and method of destruction is as follows:
The method of destroying personal information that has to be destroyed because the purpose of collecting or using personal information has been achieved, or because the user has unsubscribed from the Service, will be determined depending on the format of the personal information. Personal information stored in electronic file formats is to be deleted using technical means which make the information unrecoverable. Personal information printed on paper records, printed matters and documents is to be destroyed through shredding or incineration.
Any information that is destroyed after being stored for a certain period under the internal policies is as follows:
1) The following information is destroyed after being kept for the maximum three (3) years from the date of user’s withdrawal from the Service.
- Service account and email address to send guide emails and correspond to customer services
- Encrypted usage history to prevent duplicated event participation
- Improper usage records
2) Reports and records of rights infringement reports and sanctions will be retained for a period of five (5) years from the date of report receipt and subsequently discarded.
Moreover, Company adheres to operational policies that involve the separate storage or deletion of personal information of users who have not utilized the service for a duration of one (1) year. Separately stored personal information is retained for a period of three (3) years, after which it is promptly disposed of.
Other personal information that must be retained in accordance with applicable laws can be viewed in the table below.
Records to be Retained | Applicable Law | Retention Period |
Records of contract or withdrawal of subscription | Act on the Consumer Protection in Electronic Commerce, etc. | 5 years |
Records of payment and supplying goods | Act on the Consumer Protection in Electronic Commerce, etc. | 5 years |
Records of consumer’s complaint and the settlement of dispute | Act on the Consumer Protection in Electronic Commerce, etc. | 3 years |
Records of marks and advertisement | Act on the Consumer Protection in Electronic Commerce, etc. | 6 months |
Records related to the distribution of electronic documents via Official Electronic Addresses | Electronic Document and Electronic Transaction Act | 10 years |
Books and supporting documents for all transactions specified by the Tax Act | Framework Act on National Taxes | 5 years |
Records of electronic financial transactions | Electronic Financial Transactions Act | 5 years |
Service visit records | Protection of Communications Secrets Act | 3 months |
Records related to customer verification and reports of suspicious transactions, etc. | Act on Reporting and Using Specified Financial Transaction Information | 5 years after unregistration from the service |
6. Rights of Users & Exercising Those Rights
Users may possess the following rights regarding the handling of their personal information:
- The right to request access to personal information
- The right to request rectification of personal information
- The right to request suspension of personal information processing
- The right to request deletion of personal information and to withdraw consent or terminate membership
Users can directly exercise their rights such as the viewing (inquiry) of personal information at any time through the following functions within the service, or make a request through the Customer Service(Discord, Twitter, etc.).
- View (inquire) and edit Service account information
When Company receives a user's request regarding the above matters, Company will take necessary measures without delay. If a user requests for the revision of incorrect personal information, such information shall not be used or provided until the revision is completed.
7. Matters Concerning Automatic Personal Information Collection Device (InstallationㆍOperation and Refusal)
Cookies can be used to provide the web-based services.
Cookies are used to support a faster and more convenient use of websites and to provide customized services.
What is a Cookie?:
A cookie is a small piece of text file usually set by the web server, sent from a website and stored in a User's computer hard disk while the user is browsing that website.
Purpose of use:
Company uses cookies which save and retrieve user information in order to provide personal customized service. When a user visits the website, the website server reads cookies stored on the user's device to maintain environment settings and customized services. Cookies help the user use the website easily and conveniently by finding out the user's preferences. Also, they are used to provide customized marketing information by tracing the number of visiting to the website and use patterns.
Rejection of cookies:
The user has the option to install cookies. They can go to the top of the web browser, click "Settings > Privacy and security > Cookies and other site data" and decide whether to block or allow cookies. when a user rejects the storage of a cookie, then the user may have some difficulties in using a service.
8. Actions Taken to Protect Personal Information
Company works hard to protect our users' precious personal information.
- Users' personal information is encrypted.
- Users' personal information is transmitted through encrypted communication channels, and important information, including passwords, are encrypted when stored.
- Personal information is protected from hacking attempts and computer viruses.
- Systems are installed in areas restricted from external factors to prevent users' personal information from being leaked or damaged by hacking or computer viruses. A 24-hour monitoring system has been installed to detect and block any hacking attempts, and vaccine programs are being used to protect the system from the latest malware and viruses.
- Personal information is handled by minimum personnel. Risk of personal information breach is minimized by assigning only a necessary handful of people to handle users' personal information.
- We limit the number of employees involved in personal information processing to a minimum.
Company complies with the European Union’s General Data Protection Regulation and the laws and regulations of the European Union states (hereinafter the “GDPR”). The following may apply when Company provides services to users in EU countries.
[Purpose/Basis of Personal Information Processing]
Company uses personal information collected from users only for purposes specified in "3. Use of Personal Information", informs users prior to any use thereof and asks for agreement. In addition, Company may process personal information in accordance with applicable laws including GDPR in any of the following cases:
- Consent of the data subject
- Sign and fulfill a contract with the data subject
- legal compliance
- When personal information processing is necessary for the material benefit of the data subject
- For the pursuit of legitimate interests of the company (except for cases where the benefits, rights or freedom of the data subject is more important than that of the company.)
[Guarantee of Users' Rights in EU Countries]
In accordance with applicable laws including GDPR, a user may request that his or her personal information be transferred to another manager, and refuse the processing of his or her information. In addition, a user has a right to file a complaint with data privacy protection authorities.
Also, Company may also use personal information for marketing purposes such as event promotion or advertisements, for which Company obtains a prior agreement. A user may withdraw the agreement at any time if he or she doesn't want it.
A user may inquire the foregoing matters to the Customer Service via document, phone or email. The request will be handled in a proper and timely manner.
When a user requests for the correction of personal information, the concerned information shall not be displayed until such correction is completed.
9. Privacy Protection Officer
Company has designated the Privacy Protection Officer responsible for responding to user inquiries regarding personal information and resolving related complaints.
[Privacy Protection Officer]
Name | Kyung Min Lee |
Position | CEO |
Email | contact@plumed.kr
avakit.help@gmail.com |
If you have any inquiries, complaints, or suggestions about personal information protection, please contact us using the information provided. We will promptly review your concerns and provide a response.
10. Amendment to the Privacy Policy
Company may amend its Privacy Policy to reflect any legal or service changes. Company shall notify such amendment in advance, and the amended Privacy Policy shall take effect seven (7) days after the foregoing notification.
However, in the case of substantial changes to user rights, we will inform you with a minimum of thirty (30) days' notice.
Company always entreasures users' information, and continues to exert its utmost efforts for users to use our Service more safely.
- Notification Date: April 23, 2024
- Enforcement Date: April 30, 2024