[Privacy Policy]
(1) IoTrust Co., Ltd. (hereinafter referred to as the “Company”) complies with the personal information protection regulations and related laws applicable to information and communication service providers. The company is doing its best to protect the rights and interests of users (hereinafter “users”) by establishing this privacy policy in accordance with relevant laws and regulations.
(2) The company complies with the Personal Information Protection Act (hereinafter referred to as “PIPA”), the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. in processing personal information.
Article 2 (Information Collected)
The company collects the following personal information from users to provide the Wepin service.
| Classification | Details | Required or Not | Collection Time |
| SSO Login account registration | E-mail, name (or nickname) registered for login, photo (profile), login password hash, encrypted key | Required | When registering an account |
| Use of Service | Wallet status information (Number of PIN failures) | When using the service | |
| Wallet address (blockchain address that stores cryptoasset and NFTs) | Required | Automatically generated after password setting | |
| Information automatically generated and collected in the process of using the service | Service use records, access logs, blockchain transaction records, information necessary to check the safe operation environment of the service | Required | When using the service |
| List of cryptoasset, NFTs | Required | When using the service | |
| User setting information | Required | When using the service | |
| Customer Consultation | E-mail address | Required | Handling complaints |
Article 3 (Personal information collection method)
The company collects personal information in the following ways.
| Classification | Details |
| Online | Collection through service dashboards or widgets, web and mobile apps, and the API provided by the company |
| Collection through consent to the provision by a third party |
Article 4 (Purpose of collection and use of personal information)
The company processes personal information for the following purposes. Personal information is not used for other purposes, and when the purpose of use is changed, we will obtain separate consent or take necessary measures.
| Classification | Details | Purpose of use |
| SSO Login account registration | E-mail, name (or nickname) registered for login, photo (profile), login password hash, encrypted key | Sign up to use the service and verify user identity |
| Use of Service | Wallet status information (Number of PIN failures) | Restrict access to the wallet if the PIN exceeds the limit. Display the wallet address created by the user on the dashboard |
| Wallet address (blockchain address that stores cryptoasset and NFTs) | Restrict access to the wallet if the PIN exceeds the limit. Display the wallet address created by the user on the dashboard | |
| Information automatically generated and collected in the process of using the service | Service use records, access logs, blockchain transaction records, information necessary to check the safe operation environment of the service | Detection and prevention of unauthorized service use and fraudulent use. Identification, personal environment settings, confirmation of cryptoasset transmission history. Delivery of notices (notification of changes in the company's service provision function or policy), analysis of service use records and access frequency, and provision of customized services based on service use statistics. Securing service stability, providing safe service, restricting violations of laws and service terms and conditions, etc. |
| List of cryptoasset, NFTs | Detection and prevention of unauthorized service use and fraudulent use. Identification, personal environment settings, confirmation of cryptoasset transmission history. Delivery of notices (notification of changes in the company's service provision function or policy), analysis of service use records and access frequency, and provision of customized services based on service use statistics. Securing service stability, providing safe service, restricting violations of laws and service terms and conditions, etc. | |
| User setting information | Detection and prevention of unauthorized service use and fraudulent use. Identification, personal environment settings, confirmation of cryptoasset transmission history. Delivery of notices (notification of changes in the company's service provision function or policy), analysis of service use records and access frequency, and provision of customized services based on service use statistics. Securing service stability, providing safe service, restricting violations of laws and service terms and conditions, etc. | |
| Customer Consultation | E-mail address | Retention of records for handling complaints, including customer consultation and handling complaints, mediation and resolution of disputes. |
Article 5 (Provision of Personal Information to Third Parties)
In principle, the company processes the personal information of the information subject within the scope specified for the purpose of collecting and using the personal information of the information subject, and does not process or provide it to a third party beyond the original purpose scope without the prior consent of the information subject, except in the following cases.
- In cases where separate consent is obtained from the information subject
- In cases where there are special provisions in laws (ordinances)
- In cases where the information subject or legal representative is unable to make a statement or the address is unknown, and the prior consent cannot be obtained, and it is clearly considered necessary to protect the urgent life, body, or property interests of the information subject or a third party.
- In cases where it is necessary to conduct the relevant work prescribed by other laws (ordinances) if personal information is not used for purposes other than the purpose or provided to a third party, and the meeting has been reviewed and approved.
- In cases where it is necessary for the investigation and prosecution of a crime,
- In cases where it is necessary for the performance of judicial duties of the court,
- In cases where it is necessary for the enforcement of punishment, custody, or protective measures.
Article 6 (Processing of Provision of Personal Information to Third Parties)
The company provides the information necessary for users to receive various services from the companies, institutions, and blockchain projects that have contracted with the company for the purpose of providing the Wepin service to the company's customers with the consent of the users. The company also supervises the company’s customers to prevent them from violating the relevant personal information protection laws. The information is based on the time when the user confirmed it, and the company will notify the users if the company information or the purpose of provision is changed.
[Information Provider]
| Information Recipient | Purpose of provision | Personal information provided | Personal information usage period |
| Companies that have contracted with the company to provide the Wepin service to their customers (third-party consent is obtained by the company when installing Wepin) | To provide a variety of customer services including Wepin services. | • Login information: login provider,
email, name/nickname registered in the login, photo (profile), etc. • Wallet information: wallet status (number of PIN failures), wallet address • Wallet assets: list/number of tokens owned, owned NFTs • User settings information: language and currency, etc. |
Until member withdrawal or contract termination with company’s customers |
Article 7 (Retention and use period of personal information)
| Classification | Details | Period of use |
| SSO Login account registration | E-mail, name (or nickname) registered for login, photo (profile), login password hash, encrypted key | Until membership withdrawal |
| Use of Service | Wallet status information (Number of PIN failures) | Until membership withdrawal |
| Wallet address (blockchain address that stores cryptoasset and NFTs) | Until membership withdrawal | |
| Information automatically generated and collected in the process of using the service | Service use records, access logs, transaction records, information necessary to check the safe operation environment of the service | Until membership withdrawal |
| List of cryptoasset, NFTs | Until membership withdrawal | |
| User setting information | Until membership withdrawal | |
| Customer Consultation | E-mail address | When handling customer consultation |
Article 8 (Personal information destruction procedure and method)
(1) When personal information becomes unnecessary (including completion of processing of personal information, abolition of service, and termination of business), it is safely processed in accordance with paragraph 3 below.
(2) The company identifies the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the person in charge of personal information protection.
(3) The company destroys personal information in the following ways.
Personal information recorded and stored on paper: shredded with a shredder or destroyed by incineration.
Personal information stored in the form of electronic files: Permanently delete records so that they cannot be reproduced.
Article 9 (Matters concerning the installation, operation, and rejection of automatic personal information collection devices)
(1) The company uses ‘cookies’ that store and retrieve usage information from time to time to provide service convenience to users. A cookie is a small piece of information that a website stores on your computer browser (such as Internet Explorer). Cookies identify the user's computer, but do not personally identify the user.
(2) The company uses cookies for the following purposes.
Cookies store the user's preferred settings, etc. to support a faster web environment for users, and are used to improve services for convenient use. This allows users to use the service more easily.
(3) Cookie installation, operation and rejection
Most browsers are initially set to accept cookies. Users can set their browser to reject cookies and control or delete cookies as they wish. You can delete any cookies already on your device and you can disable the placement of these cookies in most browsers. You should be aware that you may need to manually adjust some preferences each time you visit the website and that some services and features may not work if you do not accept cookies.
(4) The company also collects the following information through similar technologies.
- Log and usage data: This log data may include information about your IP address, device information, browser type, settings and activity on the service. (Device event information and hardware settings)
- Device data: We collect device data, such as information about the computer, phone, tablet or other device you use to access the service. Depending on the device you are using, this device data may include IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, internet service provider and/or carrier, operating system, system configuration information, and language preferences, Settings, Country, Location, and more.
- Location data: We collect location data, such as device location information, which may be accurate or inaccurate. The amount of information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells you where you are (based on your IP address). You may object to the collection of this information by denying access to the information or by disabling location settings on your device.
Article 10 (Administrative and technical protective measures for personal information)
(1) Administrative measures: Establishment and execution of internal management plans, regular employee training, etc.
(2) Technical measures: Management of access rights such as personal information processing system, installation of access control system, encryption of unique identification information, etc., installation of security program
(3) Physical measures: Control access to computer room, data storage room, etc.
Article 11 (Personal Information Protection Officer)
In order to protect the personal information of members, handle complaints and inquiries related to personal information, and request access to personal information, the company appoints the relevant department and personal information manager as follows.
| Personal Information Protection Officer | Name : Minho Yoo Title : Personal Information Protection Officer Phone Number : (82) 02-6959-3559 E-mail : wepin.contact@iotrust.kr |
| Department in charge of personal information complaint handling and personal information access requests | Wepin Customer Support Team Phone Number : (82) 02-6959-3559 E-mail : wepin.contact@iotrust.kr |
Article 12 (Remedy for Infringement of Rights and Interests)
Remedies for Infringement of Rights Information subjects can inquire about damage relief and consultation for personal information infringement to the following organizations.
<The organizations below are independent from the company. If you are not satisfied with the company's own personal information complaint handling and damage relief results, or if you need more detailed help, please contact them>
Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Responsibilities : Report personal information infringement, apply for consultation
- Phone Number : (82) 118
- Address : 9, Jinheung-gil, Naju-si, Jeollanam-do, Republic of Korea, (58324)
Personal Information Dispute Mediation Committee
- Responsibilities : Personal information dispute mediation application, collective dispute mediation (civil settlement)
- Homepage : https://www.kopico.go.kr/
- Phone Number : (82) 1833-6972
- Address : 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea, (03171)
Supreme Prosecutor's Office Cybercrime Investigation Team: (82) 02-3480-3574 (www.spo.go.kr)
National Police Agency Cyber Security Bureau: (82) 182 (https://ecrm.police.go.kr/minwon/main)
Date of announcement: August 25, 2023
Effective Date: September 1, 2023
End of Document.