Upbit Developer Center Privacy Policy v1.1

Upbit Developer Center Privacy Policy

Dunamu Inc. (hereinafter referred to as the “Company”) considers the protection of personal information of users very important and is doing its best to protect the personal information provided by users to the Company in order to use the Company's services (An open API service provided by the company as a connection module, which allows users to connect their own web services, mobile applications, and other applications to the Upbit system provided by DUNAMU, enabling balance inquiry, order placement, and withdrawal functions). Therefore, the Company complies with laws and regulations related to the protection of personal information, such as the Personal Information Protection Act.

The Company makes this Privacy Policy available on the first screen of its website so that users can easily check it at any time. This Privacy Policy may be changed in accordance with applicable laws and regulations and the Company's internal policies, and any changes will be managed through version control for easy reference.

Article 1 (Purpose for Processing Personal Information)
Article 2 (Processing and Retention Period of Personal Information)
Article 3 (Provision of Personal Information to Third Parties)
Article 4 (Outsourcing of Personal Information Processing)
Article 5 (Transfer of Personal Information to Overseas Parties)
Article 6 (Rights and Obligations of Users and Legal Representatives and Their Exercise Methods)
Article 7 (Items of Personal Information Being Processed)
Article 8 (Destruction of Personal Information)
Article 9 (Measures for Ensuring the Security of Personal Information)
Article 10 (Installation, Operation, and Rejection of Automatic Collection Devices for Personal Information)
Article 11 (Personal Information Protection Manager and Department in Charge)
Article 12 (Request for Access to Personal Information)
Article 13 (Remedies for Infringement of Rights)
Article 14 (Responsibility for Linked Sites)
Article 15 (Changes to the Privacy Policy)

Article 1 (Purpose for Processing Personal Information)

The Company processes users’ personal information for the following purposes. The processed personal information is not used for purposes other than the following, and if the purpose of use is changed, necessary measures, such as obtaining separate consent under Article 18 of the Personal Information Protection Act, will be taken.

1. Account Registration and Management: - Verification of the identity and Details of the complaint; - Contact/notification for fact-finding or response to the complaint, and notification of the result of processing; - Service usage guidance, etc.

Article 2 (Processing and Retention Period of Personal Information)

① The Company shall process and retain personal information within the period of time required by law for personal information processing and retention or within the period of processing and holding personal information agreed upon when collecting personal information from users.

② The period of time for processing and retention of each personal information is as follows:

1. Record of Handling Service-Related Complaints : 3 years

③ Despite Paragraph 2 of this Article, personal information may be processed and retained for the following items, until the reason for the following items is resolved. However, if the processing and retention period of personal information is different, the longest period will be applied.

1. If it falls under the reasons specified in the relevant laws and regulations, until the end of the period specified for such reasons

2. If an investigation is ongoing due to a violation of applicable laws and regulations, the personal information will be stored until the end of the relevant investigation is concluded

3. If there is an outstanding debt or credit relationship due to using the service, the personal information will be stored until the debt is settled

4. If there is an ongoing legal dispute between the user and the Company, the personal information will be stored until the dispute is officially resolved

Article 3 (Provision of Personal Information to Third Parties)

① The Company handles users' personal information only within the scope specified in Article 1 of the Privacy Policy (Purpose for Processing Personal Information), and the Company provides personal information to the third parties only if it falls under Articles 17 (Provision of Personal Information) and 18 (Restrictions on the Use and Provision of Personal Information other than the Purpose) of the Personal Information Protection Act.

② The Company does not provide personal information to Third Parties.

Article 4 (Outsourcing of Personal Information Processing)

① The Company outsources some of the necessary work for providing services to external companies, and manages and supervises the outsourced companies to prevent violations of related laws.

② The personal information processing tasks that the Company has outsourced to external companies are as follows.

Consignment Company	Content of consignment
Zendesk, Inc.	Service-related complaint handling

Article 5 (Transfer of Personal Information to Overseas Parties)

The Company transfers personal information overseas as follows.

1. Personal Information Processing Overseas Consignment Company

Consignment Company	Purpose of Consignment	Consignment Items	Country of Consignment, Contact	Date and Method of Consignment	Retention and Use Period
Zendesk, Inc.	Service-related complaint handling	Email, Profile Name of Email, Contents of Consultation	Japan, [email protected]	When handling complaints, data is transferred over the network	3 years

Article 6 (Rights and Obligations of Users and Legal Representatives and Their Exercise Methods)

① Users have the right to access, correct, delete, or request the suspension of processing of their personal information from the Company at any time.
However, such rights may be limited in accordance with the provisions of relevant laws, including Article 35, Paragraph 4, Article 36, Paragraph 1, and Article 37, Paragraph 2 of the Personal Information Protection Act.

② Users can exercise their rights by submitting a written request, email, fax, etc. as stipulated in Article 41, Paragraph1 of the Enforcement Regulations of the Personal Information Protection Act, and the Company will take appropriate measures without a delay.

③ Users may exercise their rights under Paragraph 1 through their legal representatives or authorized agents. In this case, they must submit a power of attorney in accordance with the form of Annex 11 of the “Regulation on Personal Information Processing Methods.”

④ If the personal information is designated as a collection target in other laws, the deletion of such information cannot be requested.

⑤ The Company confirms whether the requester for access, correction, deletion, or suspension of processing is the user or a legitimate representative of the user, before providing access or taking any requested actions.

Article 7 (Items of Personal Information Being Processed)

The Company collects essential and optional information as follows, for setting up, maintaining, executing, managing digital asset transactions, and providing product and services.

Category	Collected Items
Service-related complaint handling	Email, Profile Name of Email, Contents of Consultation
Items Generated and Processed during the Service Usage Process	Service Usage Record

Article 8 (Destruction of Personal Information)

① When personal information becomes unnecessary due to the passage of the retention period or the accomplishment of the processing purpose, the Company shall promptly destroy such personal information.

② In the case of personal information that must be retained under the law despite the expiration of the retention period for personal information or the accomplishment of the processing purpose, the Company will move such personal information to a separate database or store it in a different location.

③ The personal information for which a reason for destruction has occurred due to the passage of the retention period or the accomplishment of the processing purpose, shall be destroyed upon approval of the personal information protection manager or through automatic deletion by the system.

④ The method of personal information destruction is as follows.

1. Personal information stored in electronic form is permanently deleted to prevent playback of the record

2. Personal information recorded or stored on paper documents is shredded or incinerated

Article 9 (Measures for Ensuring the Security of Personal Information)

The Company has implemented the following administrative, technical, and physical measures necessary for ensuring the security of personal information, in accordance with Article 29 of the Personal Information Protection Act.

1. Administrative measures: - Establishment of an internal management plan : The Company has established and implemented an internal management plan to ensure the secure management of personal information.; - Minimization and education of personal information handlers : The Company limits personal information handlers to the minimum necessary for job performance, and educates them on the importance of personal information protection.
2. Technical measures: - Management of access rights to personal information processing systems : The Company grants, modifies, and revokes access rights to databases that process personal information to control access to personal information. It also uses intrusion prevention systems to control unauthorized access from external sources.; - Encryption of personal information : The Company encrypts and stores and manages personal information such as the user's unique identification information and bank account number using a secure encryption algorithm.; - Technical measures to prepare for hacking: The Company is doing its best to prevent the leakage or damage of user's personal information due to hacking, computer viruses, or other means. It backs up data in anticipation of damage to personal information, uses up-to-date virus protection software to prevent the leakage or damage of personal information or data, and uses encrypted communication to safely transmit personal information over the network.
3. Physical measures: - To prevent the leakage or damage of personal information, the Company installs systems in areas that are secured against external access and has established and operates access control procedures.

Article 10 (Installation, Operation, and Rejection of Automatic Collection Devices for Personal Information)

① The Company uses ‘cookie,’ which store and retrieve user information, in order to provide more convenient services to users.

② Cookie is small amounts of information that websites send to customers' computer browsers (such as Internet Explorer, etc.).

1. Purpose of using cookies

Cookies are used to store user preferences and other information to provide a faster web environment and to improve services for more convenient use. This allows users to use services more easily.

2. Installation, operation, and refusal of cookies

Users have the option to refuse or delete the installation of cookies at any time.

3. How to refuse cookie setting

Users have the option to refuse or delete the installation of cookies at any time.

- Internet Explorer : Select Tools menu > Select Internet Option > Select Privacy menu > Advanced Privacy settings > Cookie level settings

- Chrome : Select Settings menu > Show advanced settings > Privacy and security > Cookies and other site dat > Cookie level settings

- Safari : Select Preferences menu > Privacy tab > Cookie and website data level settings

Article 11 (Personal Information Protection Manager and Department in Charge)

① The Company designates the following department and personal information protection manager to protect user's personal information and handle complaints related to personal information.

▶ Personal Information Protection Person-In-Charge: - Name : Jaeyong Jeong; - Position : Personal Information Protection Person-In-Charg; - Contact : 1588-5682 (Support Center); - Email : [email protected]; - Department in charge : Personal Information Protection Team

▶ Personal Information Protection Manager: - Name : Bo-ok Shin; - Position : Personal Information Protection Manager; - Contact : 1588-5682 (Support Center); - Email : [email protected]; - Department in charge : Personal Information Protection Team

② Any complaints related to the protection of personal information that arise while using the Company's services can be directed to the personal information protection person-in-charge or the relevant department. The Company will respond and handle the user's inquiry in a timely manner.

Article 12 (Request for Access to Personal Information)

▶ Department responsible for processing requests for access to personal information: - Department in charge : Operation Support Team; - Contact : 1588-5682 (Support Center); - Email : [email protected]

Article 13 (Remedies for Infringement of Rights)

If you need help with remedies or consultation regarding personal information infringement, you may contact the following organizations.

▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency): - Website : privacy.kisa.or.kr; - Contact : 118 (without area code)

▶ Personal Information Dispute Mediation Committee: - Website : www.kopico.go.kr; - Contact : 1833-6972 (without area code)

▶ The Supreme Public Prosecutors Office: - Website : www.spo.go.kr; - Contact : 1301 (without area code)

▶ The Cyberbureau: - Website : ecrm.cyber.go.kr; - Contact : 182 (without area code)

Article 14 (Responsibility for Linked Sites)

The Company may provide links to external sites for users. In this case, the Company cannot guarantee or be responsible for the usefulness, truthfulness, or legality of the services or information provided by the external sites, as the Company has no control over them. The privacy policies of linked external sites are not related to the Company, so please check the policies of the relevant external site.

Article 15 (Changes to the Privacy Policy)

In the event that the Company changes its privacy policy, it will continually disclose the timing of the change and the changed contents, and will make the changed contents easily accessible to users by comparing the contents before and after the change.

<Supplementary Provisions>
This Privacy Policy V1.1 is effective as of August 3rd, 2023.

Link to Privacy Policy v1.0 (2022.09.29 ~ 2023.08.02)