Murple Corporation (hereinafter referred to as the "Company") complies with relevant personal information protection regulations under the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Protection of Communications Secrets Act, the Telecommunications Business Act, and other related laws that information and communications service providers must comply with. In accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following privacy policy to protect the personal information of data subjects and to handle related grievances promptly and smoothly.
This privacy policy applies to Murfy (www.murfy.ai/) and the services included therein (hereinafter referred to as the "Service"). Through this privacy policy, the Company informs you of the purposes and methods of using the personal information you provide and the measures taken to protect your personal information. The Company will notify you of any amendments to the privacy policy through notices or email.
Article 1: Items of Personal Information Collected and Purposes of Processing
① The items of personal information processed by the Company are as follows:
- Mandatory items: Name (first name, last name), email, position, affiliation, profile picture, service usage records, access logs, cookies, access IP information, payment records
- Optional items: Membership registration route
Users can manually refuse the mandatory item cookies. Cookies are used to support faster and more convenient use of the website and to provide personalized services.
② The Company processes personal information for the following purposes and does not use it for purposes other than those stated below:
- Confirming the intention of customer registration
- Identifying and authenticating individuals for service provision
- Maintaining and managing membership status
- Processing payment for the supply of services
- Providing educational content
- Supplying services and related events
- Utilizing for service improvement
Article 2: Processing and Retention Period of Personal Information
① The Company processes and retains personal information within the period consented to by the data subject when collecting personal information or within the period stipulated by law.
② Specific personal information processing and retention periods are as follows:
- Records on contracts or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce, Article 6)
- Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, Article 6)
- Records on consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, Article 6)
- Records on display/advertisement: 6 months (Act on Consumer Protection in Electronic Commerce, Article 6)
- Records on service visit: 3 months (Protection of Communications Secrets Act, Article 15-2)
- Records on electronic financial transactions: 5 years (Electronic Financial Transactions Act)
Article 3: Provision of Personal Information to Third Parties
The Company does not provide personal information to third parties without separate consent from the data subject or unless it falls under special provisions of the law as stipulated in Article 17 of the Personal Information Protection Act.
Article 4: Consignment of Personal Information Processing
① The Company consigns personal information processing tasks for smooth personal information handling as follows:
[Domestic Consignment]
- Payple Co., Ltd.some text
- Phone number: 1522-5013
- Consigned tasks: Purchase and payment processing
- Provided customer information: Mobile phone number, name, email
- Consignment period: Until contract termination
[Overseas Consignment]
- Amplitude, Inc. ([email protected])some text
- Country: United States
- Consigned tasks: Product/service usage and statistical analysis
- Consignment period: Until the purpose of consignment is achieved
- Google LLC (Google Analytics)some text
- Country: Ireland
- Consigned tasks: Service performance measurement and user experience improvement
- Consignment period: Until membership withdrawal or consignment contract termination
- Hotjar Ltd.some text
- Country: Ireland
- Consigned tasks: Service performance measurement and user experience improvement
- Consignment period: Until membership withdrawal or consignment contract termination
② When signing a consignment contract, the Company specifies the prohibition of personal information processing for purposes other than the performance of consigned tasks, technical and managerial protection measures, restriction on re-consignment, management and supervision of the consignee, and liability for damages in the contract documents in accordance with Article 25 of the Personal Information Protection Act, and supervises the consignee to ensure the safe processing of personal information.
③ If the contents of the consigned tasks or the consignee change, the Company will disclose it promptly through this privacy policy.
Article 5: Rights and Obligations of Data Subjects and How to Exercise Them
Data subjects can exercise the following rights related to personal information protection at any time with the Company:
- Request to view personal information
- Request to correct any errors
- Request to delete personal information
- Request to suspend processing of personal information
Article 6: Procedures and Methods for Destroying Personal Information
The Company, in principle, destroys personal information without delay when the purpose of processing personal information is achieved. However, this does not apply if the information must be preserved according to other laws. The procedures, deadlines, and methods of destruction are as follows:
- Destruction proceduressome text
- Unnecessary personal information and personal information files are destroyed under the responsibility of the person in charge of personal information protection according to internal policies.
- Destruction methodssome text
- Electronic information is destroyed using technical methods that make the records irrecoverable.
- Printed personal information is shredded or incinerated.
- Destruction deadlinessome text
- Personal information whose retention period has expired is destroyed within 5 days from the end of the retention period.
- Personal information deemed unnecessary, such as achieving the processing purpose, discontinuation of the service, or termination of the business, is destroyed within 5 days from the date it is deemed unnecessary.
Article 7: Measures to Ensure the Security of Personal Information
The Company takes the following measures to ensure the security of personal information:
- Technical Measuressome text
- Personal information is protected by passwords, and important data is protected through encryption or file lock functions.
- The Company uses vaccine programs to prevent damage from computer viruses. Vaccine programs are updated regularly, and sudden viruses are provided immediately upon release to prevent personal information infringement.
- Each server uses intrusion prevention systems and vulnerability analysis systems to ensure security against external intrusions like hacking.
- Managerial Measuressome text
- The Company restricts access to personal information to a minimum number of people and strictly limits access to personal information handlers through frequent education emphasizing compliance with this policy.
Article 8: Remedies for Infringement of Rights
Data subjects can contact the following organizations for reporting or counseling regarding personal information infringement:
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 02-405-5150)
- Korea Internet & Security Agency Personal Information Infringement Report Center (www.privacy.kisa.or.kr / 118)
- ePrivacy Certification Committee (www.eprivacy.or.kr / 02-550-9531)
- Supreme Prosecutors' Office Cyber Crime Investigation Division (www.spo.go.kr / 02-3480-2000)
- Cyber Bureau of the National Police Agency (cyberbureau.police.go.kr / 02-3150-2659)
Article 9: Personal Information Protection Officer
The Company designates the following personal information protection officer to be responsible for overseeing the handling of personal information, addressing complaints, and providing relief for damages related to personal information processing:
- Personal Information Protection Officer: Shounan An(CEO)
- Contact: 010-5379-3771
- Email: [email protected]
Article 10: Obligation to Notify Policy Changes
This privacy policy applies from the effective date and any additions, deletions, or modifications in accordance with laws and policies will be notified through announcements at least 7 days before the changes take effect.
Supplementary Provisions
(Effective Date) This privacy policy is effective from April 4, 2024.