Been Together | 빈투게더

Privacy Policy of BeenTogether

BeenTogether Co., Ltd. (hereinafter referred to as the "Company") complies with the relevant laws and regulations regarding the protection of personal information, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Protection of Communications Secrets Act, and the Electric Communications Business Act, which information service providers must comply with, and has established this privacy policy to protect the rights and interests of users.

Through this privacy policy, the Company informs users of how the personal information provided by users is used for what purposes and in what manner, and what measures are taken to protect personal information. The Company is making this privacy policy available on the first page of the website ("http://beentogether.us") to enable users to easily access it at any time.

In the event of any revision to this privacy policy, the Company will notify users of the reason for the revision and the revised contents through the website notice (or individual notice). The Company is also assigning version numbers to any changes made to the privacy policy to enable users to easily identify the revised contents.

This privacy policy is effective as of March 24, 2023.

1. Collection of Personal Information and Collection Methods
A. Items of Personal Information Collected
a. When users join the service (or sign up for the service) through external services or connect their accounts, the Company collects the following personal information from third parties:
• Facebook, Inc.: Facebook ID, email address, nickname, profile picture
• Google: Google ID, email address, nickname, profile picture
• Apple: Apple ID, email address, nickname, profile picture

b. When users subscribe to the service, the Company collects the following personal information from third parties:
• Google: payment information (payment history, etc.), subscription history (start date, end date, etc.)
• Apple: payment information (payment history, etc.), subscription history (start date, end date, etc.)

c. The following information may be automatically generated and collected during the process of using the service or conducting business:
• IP address, visit date and time, service usage record, cookies, access log, record of wrongful use, app installation information, consultation history, payment history, and other information collected during the service usage process.
• App installation UUIDs, Crashlytics installation UUIDs, abnormal termination traces, mobile advertising IDs, IDFV/Android IDs, analytics app instance IDs, and other similar information.
• Text, images, and other information that users voluntarily input while using the BeenTogether app.

B. Collection Methods of Personal Information
The Company collects personal information through the following methods:
• Collection during the execution or use of the BeenTogether program
• Provision from partner companies
• Collection through information collection tools (including cookies)
• Collection through voluntary provision by users during use

2. Purposes of Collection and Use of Personal Information
The Company uses the collected personal information for the following purposes:
A. User Management
• Verification of user identity and personal identification
• Customer inquiries and complaint handling
• Subscription and fee payment

B. Utilization of Service Improvement Material
• Service improvement and development of new services based on user experience and function enhancement
• Development and customization of new services (products)
• Understanding access frequency
• Statistical analysis of user service usage
• Analysis of malfunctions occurring during app usage

C. Marketing and Advertising Utilization
• Provision of services and advertisement according to demographic characteristics
• Verification of the effectiveness of the service
• Provision of event and promotional information and opportunities for participation.

3. Sharing and Provision of Personal Information
The Company uses user personal information within the scope of the purposes stated in "2. Purposes of Collection and Use of Personal Information," and generally does not use, disclose, or provide user personal information beyond the scope of the consent or legal requirements. However, in the following cases, the Company may limitarily disclose user personal information with care:
• If users use the app data backup/restore function, the following information will be encrypted and stored in the user's own Google Drive service account. Data stored in Google Drive: anniversary setting information (including images)

The Company will not use user personal information beyond the scope notified in "2. Purposes of Collection and Use of Personal Information" or disclose user personal information to external parties in principle without prior consent from users. However, exceptions can be made in the following cases:
• If users have given prior consent
• If users have given prior consent for the use of a third-party service affiliated with the Company.

When the Company provides user personal information to a third party, it informs the user of the recipient, the purpose of use by the recipient, the personal information items provided, the period of retention and use of personal information, the fact that users have the right to refuse to consent, and the contents of any disadvantages resulting from refusal to consent via email or written notification, and requests user consent. The personal information provided to an affiliated service is limited to the information required to provide the service, such as the user's name, profile picture, and anniversary information. At the time of consent, the Company will provide guidance on the specific personal information content provided for each service. The personal information provided may be subject to additions/changes during the provision of the service, and if the personal information required for using the affiliated service changes, the Company will obtain additional consent from the user during the service usage.
• If required by law or if an investigation agency requests in accordance with the procedures and methods prescribed by law for investigation purposes.

4. Outsourcing of Personal Information Processing
1) The Company outsources personal information processing as follows for the performance of the service:

Outsourcing Company	Purpose of Outsourcing	Range of Personal Information Processed by Outsourcing	Method of Processing by Outsourcing
Google LLC	Collection and management of app error information through Firebase Crashlytics.	Identification information generated on the user's device	Transmitted and processed through API calls
Google LLC	Collection and management of app usage information through Firebase Analytics.	Identification information generated on the user's device	Transmitted and processed through API calls
RevenueCat	Subscription payment and management	Payment information generated through in-app purchases	Transmitted and processed through API calls

5. Retention and Use Period of Personal Information
The company will retain and use the user's personal information during the period in which the service is provided from the date of the user's registration. The user's personal information will be promptly destroyed 30 days after withdrawal, account deletion, or completion of the purpose of collecting and using personal information (in preparation for account resurrection application). For various disposal policies related to connections with other parties, refer to the notice provided in the terms and conditions or upon disconnection. In the case of records of fraudulent use, they will be kept for 1 year (for the purpose of preventing re-registration). However, if it is necessary to retain the member's information for a certain period of time according to the provisions of applicable laws and regulations, the company will retain and use the member's information for the purpose specified in such laws and regulations for a certain period of time. The examples of such periods are as follows:
• Records related to contracts or withdrawal of subscriptions: 5 years
• Records related to payment of fees and supply of goods: 5 years
• Records related to consumer complaints or disputes: 3 years
• Records related to visits: 3 months
• Records related to electronic financial transactions: 5 years
• Records related to identity verification: 6 months

6. Procedure and Method of Personal Information Destruction
The Company shall destroy personal information without delay once the purpose of collecting and using the information is achieved. The procedure and method of personal information destruction by the Company are as follows:

A. Procedure for destruction
• The information provided by users for membership registration is transferred to a separate DB (or file cabinet for paper-based documents) after the purpose has been fulfilled, and is stored for a certain period of time according to internal policies and related laws and regulations on information protection (refer to the retention and use period), before being destroyed.
• Personal information will not be used for any other purpose than that for which it is held, unless required by law.

B. Method
• Paper documents containing personal information shall be destroyed by shredding or incineration.
• Personal information stored in electronic files shall be deleted using a technology that makes it impossible to reproduce the records.

7. Rights and Obligations of Users and Legal Guardians and How to Exercise Them
• Users and legal guardians can access, correct, or request the deletion, modification, or suspension of their own or a child under 14's personal information registered at any time. If users do not agree with the processing of their personal information, they may refuse to consent or request withdrawal of membership (termination of membership). However, in such cases, the use of some or all of the services may be difficult.
• Users or legal guardians can directly view, correct, or withdraw from membership (withdrawal of consent) through the settings menu within the application to access or modify personal information. If it is not possible to do so on the website, please contact the personal information manager via email for action.
• If a user requests correction of personal information errors, we will not use or provide the personal information until the correction is completed. Additionally, if incorrect personal information has already been provided to a third party, we will immediately notify them of the correction results to facilitate correction.
• Personal information terminated or deleted by user request is processed in accordance with "5. Personal Information Retention and Usage Period" and cannot be accessed or used for any other purposes.
• The user is responsible for any accidents caused by inaccurate information input. Users are obligated to enter personal information accurately and keep it up-to-date to prevent unforeseen accidents.
• Users have the right to protect their personal information and the obligation to protect themselves and not infringe on others' information. Users must take care to prevent their personal information from being leaked and must exercise caution not to damage the personal information or dignity of others, including postings. If users fail to fulfill this responsibility and damage the personal information or dignity of others, they may be punished according to related laws and regulations.
• As a general rule, we do not collect personal information from minors. If personal information from minors is unavoidably collected due to payment requirements, etc., we will seek the consent of the legal guardian in advance and promptly destroy the personal information of the minor after the relevant task is completed, and strictly manage the personal information of minors during the task.

8. Information on the Installation/Operation of Automatic Collection Devices for Personal Information and Refusal Thereof
A. What are Cookies?
• The company uses 'cookies' to provide personalized and customized services to users.
• Cookies are very small text files that the server operating the website sends to the user's browser and stores on the user's hard drive. When the user visits the website again, the website server reads the contents of the cookie stored on the user's hard drive to maintain the user's preferences and provide customized services.
• Cookies do not automatically/actively collect information that identifies individuals, and users can refuse or delete these cookies at any time.

B. What is the purpose of the company's use of cookies?
• The company uses the information stored in cookies to help users access and use the PC or mobile website in the way they have set it up when they visit. In addition, the company uses the user's website visit history and usage patterns to provide optimized, personalized information such as advertising.

C. Installation/operation and refusal of cookies
• Users have the option to choose whether to allow cookies to be installed. Therefore, users can choose to allow all cookies, be prompted for confirmation each time a cookie is saved, or refuse to save all cookies by setting options in their web browser.
Example of setting method:
For Internet Explorer: Tools at the top of the web browser > Internet Options > Privacy
• However, if cookies are refused to be saved, there may be difficulty in using certain parts of the service that require login.

D. Purpose of collecting advertising identifiers when using mobile apps
• The company may collect the user's ADID/IDFA. ADID/IDFA is an advertising identification value for mobile app users that can be collected for customized service provision or for measuring better advertising environments.

How to refuse:
• Android: Settings > Google (Google Settings) > Ads > Turn off ad personalization settings
• iOS: Settings > Privacy > Advertising > Personalized Ads

E. Other Technologies Used
The company uses Google Firebase Crashlytics and Analytics services provided by Google LLC to analyze and evaluate how users use the BeenTogether app, understand user needs, and improve product offerings to provide more efficient services to users. All information collected by Firebase is processed in accordance with Google's and Firebase's privacy policies.
• Google Privacy Policy: https://policies.google.com/privacy
• Firebase Privacy Policy: https://firebase.google.com/support/privacy

F. Collection of Behavioral Information
• The company allows online personalized advertising providers to collect advertising identifiers and behavioral information as follows:
1) Advertising providers that collect and process behavioral information: Google, Facebook, Pangle
2) Method of collecting behavioral information: automatic collection and transmission when users use the company's app

G. Collection through Affiliated Services
The company provides affiliated services through the BeenTogether app for user convenience, and all information collected through the use of each affiliated service will be processed in accordance with the privacy policy of the respective affiliated service provider.
• BeenTogether Keyboard Privacy Policy: https://dkey.mlink.me/policy/privacy
• Notification Panel Add-on Privacy Policy: http://huvle.com/info/info_privacy.html

9. Technical/Managerial Measures for the Protection of Personal Information
The company is taking technical and managerial measures to ensure the safety of personal information from being lost, stolen, leaked, altered, or damaged during the processing of user's personal information.

A. Encryption of personal information
The company encrypts personal information in accordance with relevant laws and internal policies to securely store and manage it.

B. Measures against hacking and other security threats
The company takes its best efforts to prevent the leakage or damage of member's personal information due to hacking, computer viruses, or other security threats. It backs up data every six months to prepare for any data loss or damage, and utilizes the latest security patches and firewalls to prevent the leakage or damage of user's personal information or data. Additionally, it ensures safe transmission of personal information through encrypted communication. The company also uses intrusion prevention systems to control unauthorized external access and makes efforts to secure the system with all possible technical devices to ensure security.

C. Minimization and Education of Employees Processing Personal Information
The company limits the number of employees who handle personal information to designated individuals and provides them with separate passwords that are regularly updated. Regular education is also provided to these employees to emphasize compliance with the LoveTogether Privacy Policy.

D. Ensuring the Security of Pseudonymized Information Processing
When processing pseudonymized information, the Company separates and manages additional information required for restoring the original state, and grants differentiated access rights according to the tasks related to pseudonymized information or additional information. In addition, the Company issues user accounts for each pseudonymized information processor and ensures that they are not shared with other pseudonymized information processors.

E. Operation of Personal Information Protection Task Force
The company also strives to ensure compliance with the BeenTogether Privacy Policy and the adherence of responsible parties through the operation of an in-house personal information protection task force. In case of any issues found, the task force checks and immediately corrects the compliance status. However, the company is not responsible for any problems caused by the user's carelessness or issues that occur on the internet, such as the leakage of personal information, ID, or password.

10. Contact Information of Personal Information Manager and Officer
You may report any privacy-related complaints or issues arising from your use of the company's services to the personal information manager or relevant department.
The company will respond promptly and provide sufficient answers to user complaints.

Personal Information Manager:
Name: Hyungbae Park
Email: admin@beentogether.us

If you need to report or consult on any other personal information infringement, please contact the following organizations:

• Personal Information Protection Center (https://privacy.kisa.or.kr / 118 without an area code)
• Personal Information Dispute Mediation Committee (https://www.kopico.go.kr / 1833-6972)
• Supreme Prosecutors' Office (http://www.spo.go.kr / 02-3480-3573 or 1301 without an area code)
• Cyber Investigation Department of the National Police Agency (https://cyberbureau.police.go.kr / 182 without an area code)

11. Miscellaneous
Please note that our "BeenTogether Privacy Policy" does not apply to the collection of personal information by websites linked to the BeenTogether service.

12. Obligation to notify
If there are any additions, deletions, or modifications to the current privacy policy, the company will notify users at least 7 days in advance through its website, service, or other easily accessible means. However, in case of important changes to the user's rights such as the collection and use of personal information or provision to third parties, the company will notify users at least 30 days in advance.

Privacy Policy Version: v.1.2.

Effective Date: March 24, 2023.