This Privacy Policy (hereinafter referred to as the "Policy") is established by 'Barah Innovation' (hereinafter referred to as the "Company") to protect the personal information and rights of customers using the internet site operated by the Company (https://barahinnovation.com) (hereinafter referred to as the "Site"), and to smoothly handle related grievances, in accordance with relevant laws and regulations. The Company plans to announce any revisions to this Policy through notice on the website (or individual notice).

Article 1. Purpose of Collection and Use of Personal Information

The Company collects personal information for the purposes specified in the following subparagraphs. The collected personal information will not be used for purposes other than those specified below, and the Company plans to seek prior consent if the purpose of use is changed.

Handling of Customer Grievances (Civil Petitions)

For the purpose of confirming the identity of the complainant, verifying the complaint, contacting the complainant for fact-finding, and notifying the results of the processing.

Service Provision

For the purpose of providing services, content, customized services, identity verification, age verification, and other input.

Marketing and Advertising Utilization

For the purpose of developing new services and providing customized services, providing opportunities for events and advertising information, providing services and placing advertisements according to demographic characteristics, verifying the effectiveness of services, monitoring access frequency, or compiling statistics on members' service usage.

Article 2. Items of Personal Information Collected and Methods of Collection

Items of Personal Information Collected

① Form Mail Inquiries

[Required Items] Name, Email, Mobile Phone Number

② Information automatically generated and collected during service use or work processing

[Required Items] Access IP Information, Cookie, Service Usage Records, Access Log

③ Others

• When additional personal information not collected during membership registration is collected for using supplementary services, customized services, or participating in events, the Company will notify the users of the relevant items and process the work after obtaining separate consent.

Methods of Personal Information Collection

• Collection via online methods such as website, membership registration through the consultation board, Collection via offline methods such as telephone, written application forms within the Company, Collection via email, event participation, etc.
• Provision from identity verification institutions or partners.
• Collection through generated information collection tools.

Article 3. Retention and Use Period of Personal Information

• 1. The Company retains and uses personal information within the period consented to by the user at the time of collection. However, if preservation is necessary according to the provisions of relevant laws and regulations, the Company preserves the information in accordance with those laws.
• 2. For members, the retention and use period of personal information is from the time of service use contract conclusion (membership registration) until the termination of the service use contract (including withdrawal request and dismissal). Except where a separate period is set by other laws or upon the customer's request, the Company destroys the personal information of members who have not re-used the service for the period defined by law (1 year). However, the member will be notified of the fact that the personal information will be destroyed, the expiration date, and the specific items of personal information 30 days prior to the expiration date via email, telephone, or a similar method.
• 3. The personal information retention period according to related laws is as follows:
  • <Information to be Stored / Retention Period>
    Records on display/advertisement : 6 months
    Records of computer communication or internet access : 3 months
• 4. Even if there is no legal basis in related laws, the information may be retained according to the Company's policy if it is necessary to prevent significant loss to the Company, or for crimes and lawsuits. However, only the minimum period and items necessary to achieve that purpose are retained.
  • <Information to be Stored / Retention Period>
    Member information whose qualification has been lost according to the terms of use : 5 years

Article 4. Provision of Personal Information to Third Parties

• 1. In principle, the Company does not provide the personal information of users to external parties. However, exceptions are made in cases where there are special provisions in the law as in the following subparagraphs, or when it is unavoidable to comply with legal obligations. When providing personal information to a third party for purposes other than the original purpose, the Company requests the recipient to impose certain restrictions on the purpose and method of use, or to take necessary measures to ensure security, so that the personal information is processed safely.
  • ① Where users have consented in advance
  • ② Where there are grounds in other laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., the Telecommunications Business Act, and the Credit Information Use and Protection Act
  • ③ Where the information is provided in a form that does not allow specific individuals to be identified, for the purpose of compiling statistics, academic research, market surveys, information provision, and sending notification emails
  • ④ Where the data subject or their legal representative is unable to express their intention, or prior consent cannot be obtained due to an unknown address, and it is urgently necessary for the life, body, or property interests of the data subject or a third party
  • ⑤ Where it is necessary for criminal investigation and prosecution and maintenance, court trial work, and execution of sentences, and proper procedures have been followed
• 2. If a third-party provider arises, it will proceed through separate consent.
• 3. Withdrawal of consent for third-party provision can be requested to Barah Innovation (https://barahinnovation.com), and the information will be immediately destroyed upon withdrawal of consent.

Article 5. Procedures and Methods of Personal Information Destruction

The Company destroys the personal information when the purpose of collection and use of the personal information is achieved or when the retention period expires. The destruction procedure and method are as follows. However, this is an exception in cases where the personal information must be preserved by other laws and regulations.

Destruction Procedure

Information entered by the user is transferred to a separate database (or separate documents for paper) after the purpose is achieved, and is stored for a certain period according to internal policies and other related laws, or is destroyed immediately. At this time, personal information transferred to the database is not used for any purpose other than as required by law.

Destruction Deadline

If the retention period of the user's personal information has passed, the personal information is destroyed within 5 business days from the end date of the retention period. If the personal information becomes unnecessary due to the achievement of the personal information processing purpose, the abolition of the service, or the termination of the business, the personal information is destroyed within 5 business days from the date it is recognized as no longer necessary for processing. In the case of refusal by the legal representative for a child under the age of 14, or if consent cannot be confirmed, the personal information is destroyed within 5 business days from the date of collection.

Destruction Method

Information in the form of electronic files uses a technical method that prevents the record from being reproduced. Personal information printed on paper is shredded with a shredder or destroyed through incineration.

Article 6. Rights of Users and Legal Representatives and How to Exercise Them

• 1. Users may withdraw their consent to the collection, use, and provision of personal information to the Company at any time. Upon withdrawal of consent, the Company takes necessary measures, such as destroying the collected personal information without delay.
• 2. Users may request the Company to access, provide, or correct the following matters related to themselves:
  • ① The user's personal information held by the Company
  • ② Status of the use and provision of the user's personal information to third parties
  • ③ Status of consent to the Company for the collection, use, and provision of personal information
• 3. If a user requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
• 4. Users can request access to their personal information through the department listed below. The Company will strive to process the user's request for access to personal information quickly.


• <Inquiries related to Personal Information Access>

  Representative Number

  070-8095-9395

  Email

  barahinnovation@naver.com

Article 7. Matters Concerning the Installation/Operation of Personal Information Automatic Collection Devices and the Refusal Thereof

• 1. The Company uses Cookies, which store and retrieve user information frequently, to identify users, maintain a member's login status, and provide customized services for each user. A Cookie is a small amount of information sent by the website server to the user's web browser and is stored on the user's computer hard disk.
• 2. Users have a choice regarding the installation of Cookies. Users can allow/refuse all cookies through the web browser settings, or choose to receive confirmation whenever a cookie is stored. However, if the user refuses the storage of cookies, the use of some services provided by the Company, such as personalized services, may be difficult.
  • The method for refusing Cookie settings is as follows (based on Internet Explorer):
    Select [Tools] menu [Internet Options] > Select [Privacy] tab > Select desired option in [Advanced]

Article 8. Measures to Ensure the Safety of Personal Information

The Company is taking the following technical/administrative and physical measures necessary to ensure safety in accordance with Article 29 of the Personal Information Protection Act and Article 28 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc..

Personal Information Processing

Minimization and training of employees. The Company designates employees who handle personal information and implements measures to manage personal information by minimizing the number of responsible persons.

Regular Self-Audits

Regular self-audits are conducted (once per quarter) to secure safety related to personal information processing.

Establishment and Implementation of Internal Management Plan

An internal management plan is established and implemented for the safe processing of personal information.

Encryption of Personal Information

Users' personal information is encrypted, stored, and managed, so only the user can know it. Important data is secured with separate security features, such as encrypting files and transmitted data or using a file lock function.

Technical Countermeasures against Hacking, etc.

The Company installs security programs to prevent personal information leakage and damage from hacking or computer viruses, conducts periodic updates and checks, and installs systems in areas where external access is controlled, monitoring and blocking them technically/physically.

Restriction of Access to Personal Information

Necessary measures are taken to control access to personal information by granting, changing, or revoking access rights to the database system that handles personal information, and unauthorized access from the outside is controlled using an intrusion prevention system.

Retention of Access Records and Prevention of Forgery/Alteration

Records of access to the personal information processing system are stored and managed for at least 6 months, and security functions are used to prevent access records from being forged, altered, stolen, or lost.

Use of Locking Devices for Document Security

Documents containing personal information, auxiliary storage media, etc., are kept in a secure place with a locking device.

Control of Access for Unauthorized Persons

A separate physical storage place for personal information is maintained, and procedures for access control are established and operated for this location.

Article 9. Personal Information Protection Officer

Users can inquire about all matters related to personal information protection, complaint handling, and damage relief that arise while using the Company's services to the Personal Information Protection Officer and the responsible department. The Company will respond to and process the user's inquiries.

[Personal Information Protection Officer]

Name : Jinho Kang

Title : CEO

Contact : 070-8095-9395

Article 10. Methods for Relief of Rights Infringement

Users can inquire about damage relief and consultation regarding personal information infringement to the organizations below. (Please use these if you are not satisfied with the Company's own personal information complaint processing or damage relief results, or if you need more detailed assistance).

Comprehensive Personal Information Support Portal (Operated by the Ministry of the Interior and Safety)

• Website : http://www.privacy.go.kr
• Phone Number : 02-403-0073

Personal Information Infringement Report Center (Operated by the Korea Internet & Security Agency - KISA)

• Website : http://privacy.kisa.or.kr
• Phone Number : 118 (Without Area Code)

Personal Information Dispute Mediation Committee (Operated by the Korea Internet & Security Agency - KISA)

• Website : http://www.kopico.go.kr
• Phone Number : 1833-6972

Cyber Bureau of the National Police Agency

• Website : http://cyberbureau.police.go.kr
• Phone Number : 182 (Without Area Code)

Article 11. Notification of Changes to the Privacy Policy

This Privacy Policy may be changed due to government policies, laws, or the needs of the Company. If there are additions, deletions, or corrections to the content, the changes will be announced in advance through a notice on the website or email 7 days before the implementation of the change. If prior notice is difficult, it will be announced as quickly as possible. However, if important matters such as the purpose of personal information collection and use, or the recipient of third-party provision are added, deleted, or corrected, it will be announced 30 days in advance.