EFFECTIVE JUNE 1, 2024
Tradeverse (the “Company”, “we”, or other pronoun cases of “we”) lawfully processes and securely manages personal information in compliance with Personal Information Protection Act and other Relevant Laws to safeguard the freedoms and rights of those who are the subjects of and identifiable through the information (the “Data Subjects”). We implement and publish this privacy policy (this “Privacy Policy”) to guide Data Subjects on our procedures and standards for processing personal information and to ensure that any grievances in relation thereto are addressed swiftly and efficiently.
Any capitalized terms used but not defined herein shall have the respective meaning ascribed to such terms under Tradeverse Terms of Service (the "ToS”). If undefined thereunder, they shall take on the generally accepted meaning.
Article 1. Collection and Use of Personal Information
Article 2. Processing of Pseudonymized Information
Article 4. Retention, Use, and Destruction of Personal Information
Article 5. Entrustment of Personal Information Processing
Article 6. Third-Party Transfer of Personal Information
Article 7. Overseas Transfer of Personal Information
Article 8. Safeguarding of Personal Information
Article 9. Rights Held by Users and Their Legal Representatives
Article 10. Privacy Officer and Remedies for Privacy Infringement
We collect personal information of Data Subjects to the minimum extent necessary based on the specific Services, differentiating the purpose of collection, the items collected, and the retention and usage period for each service as follows:
①MEMBERSHIP REGISTRATION AND SERVICE USE
PURPOSE OF COLLECTION | PERSONAL INFORMATION COLLECTED | RETENTION AND USAGE PERIOD | |
REQUIRED | OPTIONAL | ||
Membership registration for Tradeverse service provision and user identification | User ID, Username, Avatar, Banner Display, Email, Consent to Proxy Joining of Servers, Member Information in Servers (Nickname, Avatar, Roles, etc.) | Until membership withdrawal | |
Inquiry and complaint handling | User ID, Username, Email, Name | Until membership withdrawal or for 3 years pursuant to relevant laws. | |
Providing Tradeverse AI Services and improving service performance and algorithms | Conversation information with AI (including conversation content, images, and videos), Service usage behavior information (input data and outputs) | Until membership withdrawal | |
Social (SNS) Registration | (Discord) Email / Username / Date of Birth / OAuth2 Information | (Discord)Nickname | Until membership withdrawal |
PURPOSE OF COLLECTION | PERSONAL INFORMATION COLLECTED | RETENTION AND USAGE PERIOD | |
REQUIRED | OPTIONAL | ||
Sending information about Tradeverse and partner events and benefits, service-related updates, and news | User ID, Name, Username, Phone Number, Email | Until consent withdrawal |
③ SERVICE OPERATION AND MANAGEMENT
PURPOSE OF COLLECTION | PERSONAL INFORMATION COLLECTED | RETENTION AND USAGE PERIOD | |
REQUIRED | OPTIONAL | ||
Payment card registration and payment | Email, Card Information (Card Number, Expiry Date, CVC), Alipay Name, Address (Country, City, District, Detailed Address, Postal Code), Date of Birth/Business Registration Number | Until membership withdrawal or for 5 years pursuant to relevant laws. |
④MISCELLANEOUS
The Company processes pseudonymized information for the purposes described below. Pseudonymized information refers to personal information that has been processed to prevent identification of the Data Subject without the use or combination of additional information required to restore it to its original state.
①UTILIZATION OF PSEUDONYMIZED INFORMATION
PURPOSE OF PROCESSING | PERSONAL INFORMATION PSEUDONYMIZED | RETENTION AND USAGE PERIOD |
Not applicable | Not applicable | For 5 years from pseudonymization |
②SAFEGUARDING OF PSEUDONYMIZED INFORMATION
The Company automatically generates and collects the following information from users during their Service use, which may be used for the purposes listed below:
①PURPOSE OF AUTOMATICALLY COLLECTING PERSONAL INFORMATION
②AUTOMATIC COLLECTION OF PERSONAL INFORMATION AND METHODS TO REFUSE COLLECTION
[Web]
The Company processes the collected personal information within the period agreed upon by the user at the time of collection or within the retention and usage period stipulated by relevant laws. When the purpose of data collection is achieved and the retention period has expired, the Company will promptly destroy the personal information in an irrecoverable manner.
①USER INFORMATION
②MANDATORY RETENTION PERIOD UNDER THE RELEVANT LAWS
PURPOSE OF RETENTION | LEGAL BASIS | STATUTORY RETENTION PERIOD |
Records related to cancellation of contracts or subscriptions, etc. | Act On The Consumer Protection In Electronic Commerce | 5 years |
Records related to payment for and supply of goods, etc. | Act On The Consumer Protection In Electronic Commerce | 5 years |
Records related to resolution of consumer complaints or disputes | Act On The Consumer Protection In Electronic Commerce | 3 years |
Records related to marks and advertisements | Act On The Consumer Protection In Electronic Commerce | 6 months |
Books and evidential documents related to all transactions, as prescribed by tax-related statutes | Framework Act on National Taxes | 5 years |
Access Records | Protection Of Communications Secrets Act | 3 months |
③PROCEDURES AND METHODS FOR DESTRUCTION: The Company identifies and destroys personal information for which the reason for destruction has been triggered. Personal information recorded and stored in electronic file formats is destroyed in a manner that prevents the records from being recovered. Personal information recorded and stored in paper documents is shredded or incinerated.
The Company outsources certain personal information processing tasks to ensure smooth handling of personal data operations. When entering into entrustment contracts for outsourcing, the Company supervises the entrustees to ensure they handle personal information securely, in accordance with relevant laws and regulations. If the content of the entrusted tasks or the entrustees changes, the Company will promptly disclose this information through prior consent notices or by updating this Privacy Policy, in accordance with relevant legal requirements.
①ENTRUSTED TASKS AND ENTRUSTEES
ENTRUSTEE | ENTRUSTED TASKS | ENTRUSTED PERSONAL INFORMATION |
STRIPE | Member payment system for Service use | Email, card information (card number, expiration date, CVC), Alipay name, address (country, city, district, detailed address, postal code), date of birth/business registration number |
IWINV | Web server operation for Service use | User ID, username, avatar, banner view, email, consent to join server, member information in servers (nickname, avatar, roles, etc.) |
The Company processes personal information solely as described in Article 1. The Company does not provide personal information to any third party except under the Data Subject’s separate prior consent or as specifically required by relevant laws.
①THIRD-PARTY PROVISION WITHOUT PRIOR CONSENT BASED ON RELEVANT LAWS:
To facilitate the seamless provision of services, the Company may transfer its users’ personal information to countries overseas, depending on the users’ location, in which case the Company will obtain the users’ consent in advance.
The Company takes necessary measures to securely manage user personal information and prevent its loss, theft, leakage, alteration, or damage. The following technical, administrative, and physical measures are in place:
①MINIMIZATION AND TRAINING OF PERSONAL INFORMATION HANDLING STAFF: the number of employees who handle personal information is minimized, and regular training on personal information protection is conducted to implement effective management measures.
②ESTABLISHMENT AND IMPLEMENTATION OF INTERNAL MANAGEMENT PLAN: an internal management plan is established and implemented to ensure the secure processing of personal information.
③RETENTION OF ACCESS RECORDS AND PREVENTION OF ALTERATION THEREOF: access Records to the personal information processing system (e.g., web logs, summary information) are retained and managed for at least one year. Also, security features are used to prevent alteration, theft, or loss of access records.
④ENCRYPTION OF PERSONAL INFORMATION: user personal information is encrypted during storage and management.
⑤TECHNICAL MEASURES AGAINST HACKING: security programs are installed and regularly updated and inspected to prevent personal information leakage and damage from hacking or computer viruses. Systems are installed in areas with restricted external access and are monitored and blocked both technically and physically.
⑥ACCESS CONTROL LIMITATIONS: measures are in place to control access to personal information through the granting, changing, and revocation of access rights to the personal information processing system.
①Users of the Services are entitled to the following:
②A Data Subject has the right to request perusal, correction, deletion, or suspension of the processing of such personal information at any time (the “Data Subject Rights”). The Data Subject Rights may be exercised in writing, e-mail, facsimile transmission, or other comparable manner, in compliance with Article 41, Paragraph 1 of Enforcement Decree of the Personal Information Protection Act of Korea. The Company will promptly respond to any such exercise of rights made.
③The Data Subject Rights may be exercised through a legal representative, in which case the respective Data Subject must execute and submit a pertinent power of attorney respect to processing of personal information.
④Notwithstanding any provisions to the contrary herein, the exercise of Data Subject Rights may be restricted in accordance with Article 35, Paragraph 4 and Article 37, Paragraph 2 of Personal Information Protection Act of Korea.
⑤Upon receiving a request to exercise Data Subject Rights, the Company reserves the right to conduct identity verification to ensure that the individual asserting these rights is either the Member or a legitimate legal representative thereof.
The Company designates the following person as the privacy officer responsible for overseeing personal information processing. This includes managing user complaints and remedies, as well as handling requests for personal information perusal (“Privacy Officer”):
PRIVACY OFFICER
Name:Taeyup Kim
Position: Chief Information Security Officer (CISO)
Contact: support@tradeverse.one
①PRIVACY OFFICER’S ROLES AND RESPONSIBILITIES: users may direct any inquiries regarding personal information protection, complaints, remedies, or other issues arising from their use of the Services to the Privacy Officer. The Company will make a good faith effort to promptly process any such inquiries.
②AGENCIES FOR ASSISTANCE WITH PRIVACY INFRINGEMENT: in Korea, Users can seek dispute resolution or consultation through Personal Information Dispute Mediation Committee, Korea Internet & Security Agency's Personal Information Infringement Reporting Center, and other relevant institutions to redress in case of personal information infringement. The following organizations are also accessible for reporting and consultations concerning personal information infringement. For call originating from outside Korea, kindly input the international calling code and country code:
①We reserve the right to revise this Privacy Policy as needed to align with changes in legal, regulatory, or operational requirements. Any such revisions, including their effective date, will be communicated to you in compliance with relevant laws. Your continued use of our Services after the effective date of a revision will constitute your acknowledgment and acceptance of the revision.