Privacy Policy

EFFECTIVE JUNE 1, 2024

Tradeverse (the “Company”, “we”, or other pronoun cases of “we”) lawfully processes and securely manages personal information in compliance with Personal Information Protection Act and other Relevant Laws to safeguard the freedoms and rights of those who are the subjects of and identifiable through the information (the “Data Subjects”). We implement and publish this privacy policy (this “Privacy Policy”) to guide Data Subjects on our procedures and standards for processing personal information and to ensure that any grievances in relation thereto are addressed swiftly and efficiently.

Any capitalized terms used but not defined herein shall have the respective meaning ascribed to such terms under Tradeverse Terms of Service (the "ToS”). If undefined thereunder, they shall take on the generally accepted meaning.

Article 1. Collection and Use of Personal Information

We collect personal information of Data Subjects to the minimum extent necessary based on the specific Services, differentiating the purpose of collection, the items collected, and the retention and usage period for each service as follows:

MEMBERSHIP REGISTRATION AND SERVICE USE

PURPOSE OF COLLECTION PERSONAL INFORMATION COLLECTED RETENTION AND USAGE PERIOD
REQUIRED OPTIONAL
Membership registration for Tradeverse service provision and user identification User ID, Username, Avatar, Banner Display, Email, Consent to Proxy Joining of Servers, Member Information in Servers (Nickname, Avatar, Roles, etc.) Until membership withdrawal
Inquiry and complaint handling User ID, Username, Email, Name Until membership withdrawal or for 3 years pursuant to relevant laws.
Providing Tradeverse AI Services and improving service performance and algorithms Conversation information with AI (including conversation content, images, and videos), Service usage behavior information (input data and outputs) Until membership withdrawal
Social (SNS) Registration (Discord) Email / Username / Date of Birth / OAuth2 Information (Discord)Nickname Until membership withdrawal

       MARKETING

PURPOSE OF COLLECTION PERSONAL INFORMATION COLLECTED RETENTION AND USAGE PERIOD
REQUIRED OPTIONAL
Sending information about Tradeverse and partner events and benefits, service-related updates, and news User ID, Name, Username, Phone Number, Email Until consent withdrawal

       SERVICE OPERATION AND MANAGEMENT

PURPOSE OF COLLECTION PERSONAL INFORMATION COLLECTED RETENTION AND USAGE PERIOD
REQUIRED OPTIONAL
Payment card registration and payment Email, Card Information (Card Number, Expiry Date, CVC), Alipay Name, Address (Country, City, District, Detailed Address, Postal Code), Date of Birth/Business Registration Number Until membership withdrawal or for 5 years pursuant to relevant laws.

MISCELLANEOUS

  • The Company does not collect personal information of minors under the age of 14.
  • If there is any change in the purpose and items of Member information processed by the Company, prior consent will be requested in accordance with relevant laws.
  • The Company principally prohibits the processing of resident registration numbers and only processes them when specifically required by law, Presidential Decree, National Assembly Regulations, Supreme Court Regulations, Constitutional Court Regulations, National Election Commission Regulations, or Board of Audit and Inspection Regulations.
  • The Company collects personal information in the following ways and obtains prior consent before collection:
    1. by users directly entering personal information during the Service use process and fill out the personal information collection and usage consent form;
    2. by offline collection through written consent forms during events such as fairs, seminars, and activities; or
    3. by automatic generation and collection of cookies, access logs, etc., during the Service use process.
Article 2. Processing of Pseudonymized Information

The Company processes pseudonymized information for the purposes described below. Pseudonymized information refers to personal information that has been processed to prevent identification of the Data Subject without the use or combination of additional information required to restore it to its original state.

UTILIZATION OF PSEUDONYMIZED INFORMATION

PURPOSE OF PROCESSING PERSONAL INFORMATION PSEUDONYMIZED RETENTION AND USAGE PERIOD
Not applicable Not applicable For 5 years from pseudonymization

SAFEGUARDING OF PSEUDONYMIZED INFORMATION

  • The Company takes measures to ensure the security of pseudonymized information and the additional information required to restore it to its original state ("Additional Information").
  • Pseudonymized information and Additional Information are stored separately; provided that if Additional Information is no longer needed, it is destroyed.
  • Access rights to pseudonymized information and Additional Information are managed and controlled by separating the access rights, granting the minimum necessary access rights for performing tasks, and keeping records of the access rights.
Article 3. Automatic Collection of Personal Information, Collection of Behavioral Data, and Refusal of Collection

The Company automatically generates and collects the following information from users during their Service use, which may be used for the purposes listed below:

PURPOSE OF AUTOMATICALLY COLLECTING PERSONAL INFORMATION

  • Compliance with Relevant Laws: the Company is obligated to retain users’ access records (login logs) to comply with relevant laws and regulations.
  • Web Usability Analysis and Improvement: date and time of visit, Service usage records, and cookie ID are collected, retained and used for 5 years from collection, and immediately deleted after the retention period expires.

AUTOMATIC COLLECTION OF PERSONAL INFORMATION AND METHODS TO REFUSE COLLECTION

  • Analysis tools below are used to collect and analyze users’ key behaviors (“Behavioral Information”). The likelihood of Data Subject being identified from the collected information is low:
  1. Entrusted Service Provider: STRIPE
  2. Entrusted Service Provider: IWINV
  • Methods to Refuse the Installation and Operation of Automatic Personal Information Collection Devices (e.g., Cookies):

[Web]

  1. Internet Explorer: Tools > Internet Options > Privacy Menu > Settings
  2. Microsoft Edge: Menu > Settings > View Advanced Settings > Cookies Menu > Settings
  3. Chrome: Menu > Settings > Advanced > Content Settings > Cookies Menu > Settings
  4. Chrome Mobile: Chrome App > More > Clear Browsing Data > Select Period > Check 'Cookies and Site Data' and 'Cached Images and Files' > Clear Browsing Data
  5. Safari Mobile: Safari App > Clear History and Website Data > Confirm
  6. Naver Mobile: Naver App > Settings > Clear Cache + Clear Browsing History > Clear Cookies
Article 4. Retention, Use, and Destruction of Personal Information

The Company processes the collected personal information within the period agreed upon by the user at the time of collection or within the retention and usage period stipulated by relevant laws. When the purpose of data collection is achieved and the retention period has expired, the Company will promptly destroy the personal information in an irrecoverable manner.

USER INFORMATION

  • If a user withdraws from Service membership, the Company retains the following personal information of the user for 30 days to prevent misuse or facilitate continuation of Services upon re-registration after withdrawal.
  • from collection until membership withdrawal; provided, however, that the usage and retention period may be extended if required by relevant laws.
  1. Email, Discord ID
  • Notwithstanding, if the relevant laws otherwise require retaining of personal information, the Company will comply with the provisions of such laws.

MANDATORY RETENTION PERIOD UNDER THE RELEVANT LAWS

PURPOSE OF RETENTION LEGAL BASIS STATUTORY RETENTION PERIOD
Records related to cancellation of contracts or subscriptions, etc. Act On The Consumer Protection In Electronic Commerce 5 years
Records related to payment for and supply of goods, etc. Act On The Consumer Protection In Electronic Commerce 5 years
Records related to resolution of consumer complaints or disputes Act On The Consumer Protection In Electronic Commerce 3 years
Records related to marks and advertisements Act On The Consumer Protection In Electronic Commerce 6 months
Books and evidential documents related to all transactions, as prescribed by tax-related statutes Framework Act on National Taxes 5 years
Access Records Protection Of Communications Secrets Act 3 months

PROCEDURES AND METHODS FOR DESTRUCTION: The Company identifies and destroys personal information for which the reason for destruction has been triggered. Personal information recorded and stored in electronic file formats is destroyed in a manner that prevents the records from being recovered. Personal information recorded and stored in paper documents is shredded or incinerated.

Article 5. Entrustment of Personal Information Processing

The Company outsources certain personal information processing tasks to ensure smooth handling of personal data operations. When entering into entrustment contracts for outsourcing, the Company supervises the entrustees to ensure they handle personal information securely, in accordance with relevant laws and regulations. If the content of the entrusted tasks or the entrustees changes, the Company will promptly disclose this information through prior consent notices or by updating this Privacy Policy, in accordance with relevant legal requirements.

ENTRUSTED TASKS AND ENTRUSTEES

ENTRUSTEE ENTRUSTED TASKS ENTRUSTED PERSONAL INFORMATION
STRIPE Member payment system for Service use Email, card information (card number, expiration date, CVC), Alipay name, address (country, city, district, detailed address, postal code), date of birth/business registration number
IWINV Web server operation for Service use User ID, username, avatar, banner view, email, consent to join server, member information in servers (nickname, avatar, roles, etc.)
Article 6. Third-Party Transfer of Personal Information

The Company processes personal information solely as described in Article 1. The Company does not provide personal information to any third party except under the Data Subject’s separate prior consent or as specifically required by relevant laws.

THIRD-PARTY PROVISION WITHOUT PRIOR CONSENT BASED ON RELEVANT LAWS:

  • when necessary for compiling statistics, academic research, or market research, and provided in a form that does not identify specific individual;
  • when requested by a national institution under relevant laws;
  • for investigative purposes related to crime or upon request from the authorities regulating ethics and standards for information and communication;
  • in emergencies involving disasters, infectious diseases, urgent life or physical danger, accidents, or urgent property loss; or
  • when requested according to other procedures specified by relevant laws.
Article 7. Overseas Transfer of Personal Information

To facilitate the seamless provision of services, the Company may transfer its users’ personal information to countries overseas, depending on the users’ location, in which case the Company will obtain the users’ consent in advance.

Article 8. Safeguarding of Personal Information

The Company takes necessary measures to securely manage user personal information and prevent its loss, theft, leakage, alteration, or damage. The following technical, administrative, and physical measures are in place:

MINIMIZATION AND TRAINING OF PERSONAL INFORMATION HANDLING STAFF: the number of employees who handle personal information is minimized, and regular training on personal information protection is conducted to implement effective management measures.

ESTABLISHMENT AND IMPLEMENTATION OF INTERNAL MANAGEMENT PLAN: an internal management plan is established and implemented to ensure the secure processing of personal information.

RETENTION OF ACCESS RECORDS AND PREVENTION OF ALTERATION THEREOF: access Records to the personal information processing system (e.g., web logs, summary information) are retained and managed for at least one year. Also, security features are used to prevent alteration, theft, or loss of access records.

ENCRYPTION OF PERSONAL INFORMATION: user personal information is encrypted during storage and management.

TECHNICAL MEASURES AGAINST HACKING: security programs are installed and regularly updated and inspected to prevent personal information leakage and damage from hacking or computer viruses. Systems are installed in areas with restricted external access and are monitored and blocked both technically and physically.

ACCESS CONTROL LIMITATIONS: measures are in place to control access to personal information through the granting, changing, and revocation of access rights to the personal information processing system.

Article 9. Rights Held by Users and Their Legal Representatives

Users of the Services are entitled to the following:

  • To access their subscription information: pricing > manage subscription
  • To cancel their subscription: pricing > manage subscription > cancel plan

A Data Subject has the right to request perusal, correction, deletion, or suspension of the processing of such personal information at any time (the “Data Subject Rights”). The Data Subject Rights may be exercised in writing, e-mail, facsimile transmission, or other comparable manner, in compliance with Article 41, Paragraph 1 of Enforcement Decree of the Personal Information Protection Act of Korea. The Company will promptly respond to any such exercise of rights made.

The Data Subject Rights may be exercised through a legal representative, in which case the respective Data Subject must execute and submit a pertinent power of attorney respect to processing of personal information.

Notwithstanding any provisions to the contrary herein, the exercise of Data Subject Rights may be restricted in accordance with Article 35, Paragraph 4 and Article 37, Paragraph 2 of Personal Information Protection Act of Korea.

Upon receiving a request to exercise Data Subject Rights, the Company reserves the right to conduct identity verification to ensure that the individual asserting these rights is either the Member or a legitimate legal representative thereof.

Article 10. Privacy Officer and Remedies for Privacy Infringement

The Company designates the following person as the privacy officer responsible for overseeing personal information processing. This includes managing user complaints and remedies, as well as handling requests for personal information perusal (“Privacy Officer”):

PRIVACY OFFICER

Name:Taeyup Kim

Position: Chief Information Security Officer (CISO)

Contact: support@tradeverse.one

PRIVACY OFFICER’S ROLES AND RESPONSIBILITIES: users may direct any inquiries regarding personal information protection, complaints, remedies, or other issues arising from their use of the Services to the Privacy Officer. The Company will make a good faith effort to promptly process any such inquiries.

AGENCIES FOR ASSISTANCE WITH PRIVACY INFRINGEMENT: in Korea, Users can seek dispute resolution or consultation through Personal Information Dispute Mediation Committee, Korea Internet & Security Agency's Personal Information Infringement Reporting Center, and other relevant institutions to redress in case of personal information infringement. The following organizations are also accessible for reporting and consultations concerning personal information infringement. For call originating from outside Korea, kindly input the international calling code and country code:

  • Personal Information Infringement Reporting Center: (without area code) 118 (privacy.kisa.or.kr)
  • Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
  • Supreme Public Prosecutors' Office: 1301 (without area code) (www.spo.go.kr)
  • National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
Article 11. Changes to Privacy Policy

We reserve the right to revise this Privacy Policy as needed to align with changes in legal, regulatory, or operational requirements. Any such revisions, including their effective date, will be communicated to you in compliance with relevant laws. Your continued use of our Services after the effective date of a revision will constitute your acknowledgment and acceptance of the revision.