Privacy Policy

1. General
Novelux (hereinafter referred to as "the Company") values the protection of members' personal information and strives to protect it at all times. The Company complies with all relevant laws and regulations related to personal information protection, including the "Act on Promotion of Information and Communication Network Utilization and Information Protection," and has established a privacy policy based on these laws to ensure the protection of user rights.
1) The Company has established a "Privacy Policy," which is publicly available on its website and mobile application, allowing users to easily access it at any time.

2. Collection Methods and Items of Personal Information
The Company collects the following personal information for membership registration, consultation, and service applications:
1) The Company collects the following information during membership registration and service postings:
 ① Mobile phone number, device unique identifier (device ID, etc.)
2) Range of personal information that may be collected during the service usage process:
 ① Information entered and content created by users during the service usage process
3) Methods of collecting personal information:
 ① Mobile applications, web pages, written forms, faxes, telephone and online consultations through customer centers, event participation
 ② Collection through information generation tools

3. Purpose of Collecting and Using Personal Information
1) Smooth provision and operation of services
2) Member management
 ① Member identification, prevention of fraudulent use and unauthorized use, confirmation of intent to join, restriction on the number of registrations and membership, record retention for dispute resolution, complaint handling, notification of important notices, etc.
3) Providing customized services, providing statistical services and advertisements based on demographic characteristics, sending regular publications, confirming the validity of services, providing information on events and advertisements, and providing opportunities for participation

4. Consent for Collection, Use, and Provision of Personal Information
The Company provides a procedure for users to check their agreement to the collection of personal information when they initially register as a member or when related to service usage. If users check the agreement, it is presumed that they have agreed to the collection of personal information.

5. Use and Provision of Personal Information Beyond the Purpose and Third-Party Provision
1) The Company will not use or provide user's personal information beyond the scope notified in "3. Purpose of Collecting and Using Personal Information."
2) However, user consent will be obtained through appropriate procedures in the following cases:
 ① Affiliation: For better service provision, the Company may provide user information to affiliated companies. In this case, the Company will go through the procedure of notifying users of the affiliated company, the items of personal information provided, the purpose of providing personal information, the duration of provision, and measures to protect personal information. If users do not agree, the Company will not provide information to affiliated companies, and in case of changes or termination of the affiliation, users will be notified. Even if users agree to provide information, they can withdraw their consent at any time.
 ② Outsourcing: To provide better services and process personal information, the Company may outsource the handling of personal information. In this case, the Company will provide detailed notifications regarding the outsourcing company's name, purpose, range of personal information handled, and duration of outsourcing.
3) Exceptions:
 ① For settlement of fees related to service provision
 ② In the case of transactions concluded through the services provided by the Company, providing relevant information to the parties involved for smooth communication
 ③ When users have given prior consent
 ④ Pursuant to the provisions of the law or in cases where there is a request from an investigation agency according to the procedures and methods prescribed by the law for investigation purposes
 ⑤ In cases where it is deemed necessary for the life, body, or property interests of the data subject or a third party in a state where the data subject or the legal representative cannot express their intention or the address is unknown, and when it is clearly necessary to prioritize the legitimate interests of the data controller over the rights of the data subject. However, this is limited to cases where there is a clear relationship between the legitimate interests of the data controller and the reasonable scope.
 ⑥ When it is clearly necessary to achieve the legitimate interests of the personal information controller, and the relationship with the data subject's rights is prioritized, and it does not exceed a reasonable range.
6. Retention Period and Disposal of Personal Information
1) The Company generally retains the collected personal information until the end of the service usage contract, as stipulated in Article 10 of the Terms and Conditions, which is "Contract Period and Termination of Service Contract." In the event of termination of the service contract, the Company immediately disposes of the member's personal information and takes measures to promptly dispose of information provided to third parties.
(However, to prevent re-registration during the re-registration grace period, personal information will be disposed of two months after the end of the service contract.)
 ① If there is a need to preserve transaction records and minimal basic information for the period specified by law, such as the preservation period prescribed by the Commercial Act
 ② If the retention period is announced and has not expired, or if the member's consent is obtained, the information is retained for the agreed period
 ③ The following cases retain personal information for the specified periods:
  - Record of contract or withdrawal
  Retention reason: Consumer protection under the Act on Consumer Protection in Electronic Commerce, etc.
  Retention period: 5 years
  - Records related to payment and supply of goods, etc.
  Retention reason: Consumer protection under the Act on Consumer Protection in Electronic Commerce, etc.
  Retention period: 5 years
  - Record of consumer complaints or dispute resolution
  Retention reason: Consumer protection under the Act on Consumer Protection in Electronic Commerce, etc.
  Retention period: 3 years
  - Record of identity verification
  Retention reason: Information and Communication Network Promotion and Information Protection Act
  Retention period: 6 months
  - Record of visits
  Retention reason: Telecommunications Secrecy Protection Act
  Retention period: 3 months
3) If there is a request from the member to view personal information that the Company has obtained with consent, the Company takes immediate action to allow the member to view and confirm it.
7. Procedure and Method of Personal Information Disposal
1) The Company promptly disposes of personal information that has become unnecessary, such as when the retention period of personal information expires or the purpose of processing is achieved.
2) If personal information with consent for retention expires or if it is necessary to continue storing personal information according to other laws, the Company moves the relevant personal information to a separate database (DB) or stores it in a different location. Personal information stored separately is not used for purposes other than the purpose of retention unless required by law.
3) The procedure and method of personal information disposal are as follows:
 - Disposal procedure
  The Company selects personal information for disposal when the reason for disposal arises and disposes of personal information after obtaining approval from the Company's personal information protection manager.
 - Disposal method
  For electronically recorded and stored personal information, the Company uses methods such as low-level format to make the information irretrievable. For personal information recorded and stored on paper, the Company shreds or incinerates the information.
8. Rights of Users and Legal Representatives and Methods of Exercise
1) Users and legal representatives can access or modify their personal information registered at any time, and they can request registration or withdrawal.
2) For personal information viewing and modification, users can undergo the identity verification process through the "My Information" section, and for registration or withdrawal, they can directly request access, correction, or withdrawal through the customer center.
3) Users can also contact the personal information management responsible person in writing, by phone, or by email to request the viewing, modification, or withdrawal of personal information.
4) If a user requests correction of an error in personal information, the Company does not use or provide the personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the correction results are immediately notified to the third party.
5) Personal information that has been terminated or deleted at the request of the user is processed in accordance with the provisions of Article 6, "Retention Period and Disposal of Personal Information."
9. Matters Regarding the Collection of Location-Based Information
The Company may collect location-based information for the smooth provision of services. For details, please refer to the Location-Based Service Terms and Conditions.
10. Technical and Managerial Measures for the Protection of Personal Information
The Company takes the following technical/managerial measures to ensure the security of users' personal information in handling it to prevent loss, theft, leakage, alteration, or damage:
1) Measures against hacking
 The Company makes every effort to prevent the leakage or damage of user's personal information due to hacking or computer viruses. It regularly backs up data to prevent damage to user's personal information or data leakage. The Company also uses the latest antivirus programs to prevent information leakage or damage during transmission over the network through encrypted communication. The Company controls unauthorized access from external sources using intrusion prevention systems and strives to implement all possible technical devices to secure security.
2) Minimization and education of handling staff
 Handling staff related to personal information at the Company is limited to specific personnel. Separate passwords are assigned for this purpose, and they are regularly updated. Regular education is conducted for handling staff to emphasize compliance with the Personal Information Handling Policy.
3) Operation of a dedicated personal information protection organization
 The Company checks compliance with the Personal Information Handling Policy and the compliance of personnel through an in-house personal information protection organization. If any issues are discovered, the Company strives to rectify and correct them immediately. However, the Company is not responsible for any problems arising from the user's own negligence, intentional acts of the Company, or significant negligence.
11. Personal Information Manager
1) Novelux manages the personal information of members collected through the appointment of a personal information manager and a personal information management officer as follows:
 ① Personal Information Manager: Myeong-ho Yeo (070-4149-0165)
 ② Personal Information Management Officer: Myeong-ho Yeo (070-4149-0165)
12. Establishment and Handling of Opinions and Complaints
1) The Company values the opinions of users regarding personal information and ensures that users have the right to receive sincere answers to inquiries related to personal information.
2) The Company operates a customer center for smooth communication with users. Details are as follows:
 Name: Novelux Customer Center
 Email: cs@novelux.com
 Phone Number: 070-4149-0165
 Consultation Hours: 10:00 AM to 5:30 PM, excluding holidays, weekends, and lunchtime (12:00 PM to 1:00 PM).
3) If you need to report or consult about other personal information infringements, please contact the following organizations:
 - Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
 - Information Protection Mark Certification Committee (www.eprivacy.or.kr / 02-580-0533~4)
 - Cyber Crime Investigation Department of the Supreme Prosecutors' Office (www.spo.go.kr / 02-3480-2000)
 - Cyber Terror Response Center of the National Police Agency (www.ctrc.go.kr / 02-392-0330)
This Privacy Policy may be revised, added, or modified in content. In such cases, the Company will announce it through the "Notice" screen within Novelux services at least 7 days before the effective date.
Announcement Date: February 26, 2024
Effective Date: February 26, 2024