Privacy Policy
Effective Date: July 1, 2025
MaumDive (the "Company" or "we") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly handle related complaints.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, necessary measures such as obtaining separate consent will be implemented in accordance with Article 18 of the Personal Information Protection Act.
1. Website Member Management
Personal information is processed for the purposes of member registration confirmation, identity verification and authentication for membership services, member qualification maintenance and management, prevention of service abuse, confirmation of legal guardian consent when processing personal information of children under 14, various notices and notifications, complaint handling, and record preservation for dispute resolution.
2. Service or Product Provision
Personal information is processed for the purposes of providing psychological test results, providing customized content, service improvement and new service development, and AI-based personality analysis.
3. Marketing and Advertising
Personal information is processed for the purposes of service validity verification, event information and participation opportunity provision, advertising information provision, customized service provision, service provision and advertisement placement according to statistical characteristics, access frequency analysis, or statistics on members' service usage.
Article 2 (Items of Personal Information Processed)
The Company processes the following personal information items.
1. Website Member Management
- Required Items: Email, Password, Nickname
- Optional Items: Gender, Age Group, Date of Birth, Phone Number
2. Psychological Test Service Provision
- Collected Items: Test response content, test results, test participation date and time
- Optional Items: Profile photo (when using AI facial analysis service)
Automatically Collected Information: The following personal information items may be automatically generated and collected during internet service usage.
IP address, cookies, MAC address, service usage records, visit records, inappropriate usage records, browser information, operating system information, etc.
Article 3 (Processing and Retention Period of Personal Information)
① The Company processes and retains personal information within the personal information retention and use period according to laws or the personal information retention and use period agreed upon when collecting personal information from data subjects.
② The processing and retention periods for each personal information are as follows.
1. Website Member Information
Retention Period: Until membership withdrawal
However, in the following cases, information will be retained until the relevant reason ends.
- When investigations or inquiries related to violations of relevant laws are in progress: Until the completion of such investigations or inquiries
- When credit-debt relationships remain from website usage: Until such settlement
- Minimum necessary information for preventing fraudulent use: 1 year
2. Test Results and Participation Records
Retention Period: 1 year after membership withdrawal (for statistical analysis and service improvement purposes)
3. Legal Preservation Requirements
- Records related to contracts or withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce)
- Records related to payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce)
- Records related to consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce)
- Records related to labeling and advertising: 6 months (Act on Consumer Protection in Electronic Commerce)
- Website visit records: 3 months (Protection of Communications Secrets Act)
Article 4 (Third Party Provision of Personal Information)
① The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as data subject consent or special provisions of law.
② The Company is not currently providing personal information to third parties. If third party provision becomes necessary in the future, we will obtain prior consent.
Article 5 (Consignment of Personal Information Processing)
① The Company consigns personal information processing tasks as follows for smooth personal information processing.
Consigned Company Status
- Consignee: Google LLC
- Consigned Tasks: Web log analysis and website statistics (Google Analytics)
- Retention Period: Until membership withdrawal or consignment contract termination
- Consignee: OpenAI, Inc.
- Consigned Tasks: AI-based psychological analysis service provision
- Retention Period: Immediate deletion after service provision completion
② When concluding consignment contracts, the Company specifies in documents such as contracts matters related to prohibition of personal information processing other than consignment task performance purposes, technical and managerial protective measures, re-consignment restrictions, management and supervision of consignees, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether consignees safely process personal information.
③ If the content of consigned tasks or consignees change, we will disclose this without delay through this Privacy Policy.
Article 6 (Rights and Duties of Data Subjects and Legal Representatives and Methods of Exercise)
① Data subjects may exercise rights such as personal information access, correction, deletion, and processing suspension against the Company at any time.
② Rights may be exercised against the Company through written documents, email, or fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
③ Rights may also be exercised through legal representatives of data subjects or authorized agents. In this case, a power of attorney according to the attached Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
④ Requests for personal information access and processing suspension may be restricted by Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
⑥ When requests for access, correction/deletion, or processing suspension are made according to data subject rights, the Company verifies whether the requester is the person concerned or a legitimate representative.
Article 7 (Destruction of Personal Information)
① The Company destroys relevant personal information without delay when personal information becomes unnecessary due to expiration of retention period, achievement of processing purpose, etc.
② When personal information must continue to be preserved according to other laws despite expiration of the personal information retention period agreed upon by data subjects or achievement of processing purposes, the relevant personal information (or personal information file) is moved to a separate database (DB) or stored in a different location.
③ The procedures and methods for destroying personal information are as follows.
- Destruction Procedure: The Company establishes a personal information destruction plan for personal information (or personal information files) to be destroyed and destroys them. The Company selects personal information (or personal information files) for which destruction reasons have occurred and destroys personal information (or personal information files) with approval from the Company's personal information protection officer.
- Destruction Method: For electronic file information, the Company uses technical methods that cannot reproduce records. Personal information printed on paper is destroyed by shredding or incineration.
Article 8 (Measures to Ensure Safety of Personal Information)
The Company implements the following technical, managerial, and physical measures necessary to ensure safety in accordance with Article 29 of the Personal Information Protection Act.
1. Minimization and Training of Personal Information Handling Staff
We implement measures to manage personal information by designating staff who handle personal information and limiting to those in charge to minimize personnel.
2. Regular Internal Audits
We conduct regular internal audits (quarterly) to ensure stability related to personal information handling.
3. Establishment and Implementation of Internal Management Plans
We establish and implement internal management plans for safe processing of personal information.
4. Encryption of Personal Information
User personal information and passwords are encrypted and stored/managed so only the person knows them, and important data uses separate security functions such as file and transmission data encryption or file lock functions.
5. Technical Measures Against Hacking
The Company installs security programs and conducts periodic updates and inspections to prevent personal information leakage and damage from hacking or computer viruses, installs systems in areas with controlled external access, and monitors and blocks them technically/physically.
6. Access Restrictions to Personal Information
We take necessary measures for access control to personal information by granting, changing, and revoking access rights to database systems that process personal information, and control unauthorized external access using intrusion prevention systems.
7. Storage and Forgery Prevention of Access Records
We store and manage access records to personal information processing systems for at least 6 months and use security functions to prevent forgery, theft, and loss of access records.
8. Use of Locking Devices for Document Security
We store documents and auxiliary storage media containing personal information in secure locations with locking devices.
9. Access Control for Unauthorized Personnel
We maintain separate physical storage locations for personal information and establish and operate access control procedures for them.
Article 9 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
1. Purpose of Cookie Usage
Cookies are used to provide optimized information to users by identifying visit and usage patterns, popular search terms, secure access status, news editing positions, and access frequency for each service and website visited by users.
2. Installation, Operation, and Rejection of Cookies
- Installation, Operation, and Rejection of Cookies: Cookies can be refused by setting options in the Internet Options > Privacy menu at the top of the web browser.
Article 10 (Personal Information Protection Officer)
① The Company designates a personal information protection officer as follows to take overall responsibility for personal information processing tasks and to handle complaints and remedy damages related to personal information processing by data subjects.
▶ Personal Information Protection Officer
- Name: Park Sangwook
- Position: Personal Information Security Officer
- Contact: poporu54@gmail.com
※ This connects to the Personal Information Protection Department.
▶ Personal Information Protection Department
- Department: Personal Information Protection Team
- Manager: Park Sangwook
- Contact: poporu54@gmail.com
② Data subjects may contact the personal information protection officer and department for all personal information protection related inquiries, complaint handling, damage remedy, etc. that occur while using the Company's services (or business). The Company will respond and process data subject inquiries without delay.
Article 11 (Methods for Remedy of Rights Violations)
Data subjects may contact the following organizations for personal information violation reports, consultations, etc.
▶ Personal Information Violation Report Center (privacy.go.kr)
- Responsibilities: Personal information violation report reception and processing, damage remedy application reception and processing
- Website: privacy.go.kr
- Phone: 182 (without area code)
- Address: 4th floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul (01770)
▶ Personal Information Dispute Mediation Committee
- Responsibilities: Personal information dispute mediation application, collective dispute mediation (civil resolution)
- Website: www.kopico.go.kr
- Phone: 1833-6972 (without area code)
- Address: 4th floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul (03171)
▶ Supreme Prosecutors' Office Cybercrime Investigation Unit
- Website: www.spo.go.kr
- Phone: 02-3480-3573
▶ National Police Agency Cyber Terror Response Center
- Website: www.netan.go.kr
- Phone: 182 (without area code)
Article 12 (Changes to Privacy Policy)
① This Privacy Policy applies from the effective date, and when there are additions, deletions, and corrections to changes according to laws and policies, changes will be announced through notices 7 days before implementation.
② However, for major changes to data subject rights such as collection and use of personal information and third party provision, we will provide notice at least 30 days in advance and obtain data subject consent again if necessary.
This policy takes effect from July 1, 2025.
If you have any questions about MaumDive, please contact us at any time.