Privacy Policy

Walking House Collective Co., Ltd. (hereinafter referred to as the 'Company') considers the protection of users' personal information very important, and protects the personal information provided by users to the company in order to use the company's services (digital asset transaction service and related services). We are doing our best. Accordingly, the company complies with laws related to personal information protection such as the “Personal Information Protection Act”.

The company discloses this privacy policy on the first screen of the site so that users can easily check it at any time.

This Privacy Policy may be changed according to relevant laws and regulations and the company's internal policies.

Article 1 (Purpose of processing personal information)

The company processes user personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be implemented.

1. Management
   • User identification, customer confirmation, user information management, and delivery of various notices
   • Withdrawal processing through non-face-to-face identity verification, initialization of mobile phone number and withdrawal account, etc.
2. Provision of goods or services
   • Confirm digital asset transaction relationship
   • Inheritance and transfer
   • Matters related to overall service management, such as establishment, maintenance, and termination of digital asset transaction relationships
3. Event information guide
   • Provision of various event and advertisement information
   • Provision of new services and customized services, etc.
4. Grievance Handling
   • Verification of the identity of the complainant and complaints
   • Contact and notification for fact-finding, and notification of processing results
   • Damage relief and error transmission, etc.

Article 2 (Processing and Retention Period of Personal Information)

1. The company processes and retains personal information within the personal information processing and retention period in accordance with laws and regulations or within the personal information processing and retention period agreed upon when collecting personal information from users.
2. Each personal information processing and retention period is as follows.
   1. Membership registration and management: Until withdrawal
   2. Provision of goods or services: Until the completion of supply of goods or services and payment and settlement of related expenses
   3. Event information information: Until the end of the event
   4. Grievance handling: 5 years after membership withdrawal or until the end of the long-term storage period set by the relevant laws and regulations
3. Notwithstanding Paragraph 2, in the following cases, personal information may be processed and retained until the end of the relevant reason. However, if the personal information processing and retention period is different, the period is the longest.
   1. 1. In the case of any of the following cases, until the end of the relevant period
      • Customer verification record 5 years (ACT ON REPORTING AND USAGE OF SPECIFIC FINANCIAL TRANSACTION INFORMATION)
      • Records on contract or subscription withdrawal 5 years, Records on payment and supply of goods 5 years, Records on consumer complaints or dispute resolution 3 years (Act on Consumer Protection in Electronic Commerce, Etc.)
      • Login history 3 months or more (Communication Secret Protection Act)
      • Record of tax payment 5 years, Cash receipt processing record 5 years (Basic National Tax Act)
   2. If an investigation or investigation due to a violation of the relevant laws and regulations is in progress, until the investigation or investigation is completed.
   3. If the bond/debt relationship remains due to the use of the service, until the relevant claim/debt is settled
   4. If a legal dispute procedure such as a lawsuit is ongoing between the user and the company, until the end of the procedure is finalized
4. The company separates the personal information of other users from other users' personal information and stores them separately from other users' personal information, unless a separate period is stipulated in other laws or when there is a request from the user. · Manage. However, until 30 days before the expiration of the period, the fact that personal information is separated and stored and managed, the expiration date of the period and the items of the personal information are notified to the user by any one of e-mail, written, fax, telephone, or similar methods.

Article 3 (Provision of Personal Information to Third Parties)

1. The company processes the user's personal information only within the scope specified in Article 1 (Purpose of Personal Information Processing) of the personal information processing policy, and when there is the consent of the information subject, special provisions of the law, or it is unavoidable to comply with legal obligations We provide personal information to third parties only in cases falling under Articles 17 (Provision of Personal Information) and Article 18 (Restrictions on Use and Provision of Personal Information for Other Purposes) of the Personal Information Protection Act.
2. The company provides the following personal information to third parties with the user's prior consent. The recipient is subject to change without notice according to the characteristics of affiliated services and contracts.

Article 4 (Rights and Duties of Users and Legal Representatives and Method of Exercising them)

1. The user can exercise the right to view, correct, delete, and suspend processing of personal information at any time with respect to the company.
   However, as stipulated in related laws such as Article 35 (4), Article 36 (1), and Article 37 (2) of the Personal Information Protection Act, the exercise of the user's right to access, correct, delete, or suspend processing of personal information is prohibited. may be limited.
2. Users can exercise their rights in writing, e-mail, fax, etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
3. The exercise of the rights pursuant to Paragraph 1 may be done through the user's legal representative or an agent such as a person who has been delegated. In this case, you must submit a power of attorney in accordance with Attachment No. 11 form of the “Personal Information Handling Method Notice”.
4. When requesting correction or deletion of personal information, if the personal information is specified as a collection target in other laws, the deletion cannot be requested.
5. The company confirms whether the person who made the request for reading, correction or deletion, request for suspension of processing, etc. is the person or a legitimate agent according to the user's right to use.

Article 5 (Items of personal information to be processed)

1. The company collects essential and optional information for the establishment, maintenance, implementation, management of digital asset transactions and provision of product services as follows.
   1. Provision of goods or services
      • Personal customer verification :
        [Basic information] Name (English), place of residence, nationality, email
        [Required information] Occupation, work information (work name, work address), transaction purpose, source of funds
        [Identification Card Verification] (Korean) Copy of ID card, name, resident registration number, driver's license number, issuance date
        [Account Verification] Name of financial institution, account number
      • KRW deposit and withdrawal : [Account verification with real name verification] Financial institution name, account number
      • Inheritance : Mobile phone number, nickname, family relationship certificate, copy of ID card, death certificate, basic certificate, seal certificate
      • Assignment : Name, date of birth, mobile phone number, account (e-mail), nickname, copy of ID
      • Issuance of cash receipts : Mobile phone number, business number
      • Register your personal wallet address : Your digital asset address
   2. Event information guide
      • Event win : [When paying taxes and utility bills] Copy of ID
   3. Grievance Handling
      • Erroneous transmission return : Evidence of erroneous transmission
      • Damage relief(due to financial fraud) : Name, date of birth, contact information, mobile phone number, copy of ID card, transaction history of damage deposit and withdrawal
      • Proof of loss of foreign nationality : Certificate of loss of nationality, resident registration number included in certificate of loss of nationality
      • Proof of purpose of stay in Korea : Employment certificate or school enrollment certificate, domestic residence certificate or alien registration certificate, immigration control certificate, unique identification information included in each document
      • Alien Resident Certificate : Name and date of birth on the residence certificate
      • Confirmation for normalization of abnormal deposit and withdrawal accounts : Name, date of birth, mobile phone number
      • Digital asset deposit application : TXID, proof of withdrawal, name of withdrawal exchange, profile information of withdrawal exchange
      • Digital asset return application : TXID, proof of withdrawal, name and quantity of digital assets, proof of possession of digital asset address used for withdrawal, address of digital asset to be returned and proof of possession
      • Cancellation of withdrawal suspension upon request : Call recording for identity verification
      • Contact NFT Trading Support : [Individual] Name, website or SNS address, e-mail address, contact information
      • [Corporation] Website or SNS address, e-mail address, contact information
   4. Items created and processed in the course of using the service Service use : Device information (OS, model name, telecommunication company, unique device number, language information, ADID, IDFA, IDFV), IP address, service usage record, cookie
2. In accordance with Article 15 of the Personal Information Protection Act (collection and use of personal information), the company may collect personal information in any of the following cases and use it within the scope of the purpose of collection.
   1. If there are special provisions in the law or it is unavoidable to comply with the legal obligations
   2. When it is unavoidably necessary for the conclusion and execution of a contract with the data subject
   3. When the information subject or his/her legal representative is unable to express his/her intention or prior consent cannot be obtained due to unknown address, etc. If recognized
   4. When it is necessary to achieve the legitimate interests of the personal information controller and clearly takes precedence over the rights of the data subject. In this case, it is limited to cases that are significantly related to the legitimate interests of the personal information controller and do not exceed a reasonable scope.

Article 6 (Destruction of Personal Information)

1. The company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or achievement of the purpose of processing.
2. If the personal information retention period agreed by the user has elapsed or the purpose of processing has been achieved, personal information must be kept according to laws and regulations, by moving the personal information to a separate database (DB) or by changing the storage location. Preserve. [Legal basis / division]
   1. Personal Information Protection Act (Personal information of members who have not used the service for one year)
   2. ACT ON REPORTING AND USAGE OF SPECIFIC FINANCIAL TRANSACTION INFORMATION (Personal information of withdrawal members who have completed customer verification)
      [Items of personal information to be preserved] name, email, mobile phone number, date of birth, gender, domestic/foreigner information, CI, DI, bank, account number, residence, nationality, occupation, job information, transaction purpose, source of funds, ID Information, residence certificate, personal digital asset address
3. The personal information destruction procedure selects personal information for which a cause for destruction has occurred, such as the elapse of the personal information retention period and achievement of the processing purpose, and destroys the personal information with automatic deletion of the system or approval from the person in charge of personal information protection.
4. The method of destroying personal information is as follows.
   1. Personal information stored in electronic file format is permanently deleted so that records cannot be reproduced.
   2. Personal information recorded and stored in paper documents shall be shredded or incinerated with a shredder.

Article 7 (Measures to ensure the safety of personal information)

In accordance with Article 29 of the Personal Information Protection Act, the company is taking administrative, technical, and physical measures necessary to secure safety as follows.

1. Administrative Actions
   • Establishment of internal management plan: The company establishes and implements an internal management plan for the safe management of personal information processed by the company.
   • Minimization and education of personal information handlers: The company limits personal information handlers to the minimum necessary for business performance, and recognizes the importance of personal information protection through administrative measures such as education for personal information handlers.
2. Technical measures
   • Management of access right to personal information processing system: We are taking necessary measures to control access to personal information through granting, changing, and canceling access to the database system that processes personal information. We are controlling unauthorized access.
   • Encryption of personal information: The company encrypts and stores and manages personal information such as user's unique identification information and bank account number using a secure encryption algorithm.
   • Technical measures against hacking: The company is doing its best to prevent leakage or damage to users' personal information due to hacking or computer viruses. Data is backed up in preparation for damage to personal information, and the latest vaccine program is used to prevent leakage or damage to users' personal information or data, and to ensure safe transmission of personal information over the network through encrypted communication, etc. there is.
3. Physical Measures
   • In order to prevent leakage or damage to users' personal information, the company is installing a system in an area where access is controlled from outside, and establishing and operating access control procedures.

Article 8 (Matters concerning the installation and operation of automatic personal information collection devices and their rejection)

1. The company uses 'cookies' to store and retrieve usage information from time to time to provide users with service convenience.
2. Cookies are a small amount of information that the website transmits to the customer's computer browser (Internet Explorer, etc.).
   1. Purpose of use of cookies
      Cookies store the user's preferred settings, etc. to support a faster web environment for users, and use them to improve services for convenient use. This makes it easier for users to use the service.
   2. Installation, operation and rejection of cookies
      Users have the option of installing cookies and may refuse to store or delete these cookies at any time.
   3. How to reject cookie settings
      Users have the option of installing cookies and may refuse to store or delete these cookies at any time.
      • Internet Explorer: Select Tools menu > Select Internet Options > Click Privacy tab > Advanced privacy settings > Cookie level settings
      • Chrome: Select Settings menu > Select Show advanced settings > Privacy and security > Cookies and other site data > Cookie level settings
      • Safari: Select Preferences menu > Privacy tab > Cookie and website data level settings

Article 9 (Management of behavioral information)

1. Behavior information refers to online user activity information that can identify and analyze users' interests, interests, preferences, and tendencies, such as website visit history, purchase and search history, etc.
2. The company processes behavioral information for product and service development, customer analysis, and service provision according to usage behavior.
   1. Behavioral information items to be collected
      We collect user activity information such as web/app service visit records, search/click usage records, device information, IP address, ADID, IDFA, IDFV, etc.
   2. Collection method
      When users use the service, they are automatically created and saved through log information analysis tools (Amplitude, Appsflyer, Google Analytics).
   3. Purpose of collection
      It is processed for the purpose of product and service development, statistical and customer analysis, service speed and status improvement, and other user behavior information-based service provision.
   4. Retention and use period
      It is retained for 5 years after membership withdrawal, and is deleted without delay when the retention period has elapsed.
   5. How to exercise user control
      Customers can refuse use by adjusting their browser settings, such as refusing to store cookies.
      • Web browser (example): Tools > Internet Options > Privacy > Advanced > Cookie Blocker
      • Smartphone (Example / It may be slightly different depending on the OS version.)
        • Android phone: Settings > Privacy > Advertisements > Advertisement customization on or off
        • iPhone: Settings > Privacy > Tracking > Allow or disable the app to request tracking
      • Guidance on disabling Google Analytics settings
   6. How to apply for user damage relief
      • Phone number : 02-798-8932
      • Email : info@walkinghousenewyork.com

Article 10 (Person in charge of personal information protection and department in charge)

1. In order to protect users' personal information and handle complaints related to personal information, the company has designated the relevant department and person in charge of personal information protection as follows.

   ▶ Person in charge of personal information protection

   • Name : Walking House New York
   • Phone number : +82 2-798-8932
   • Email : info@walkinghousenewyork.com
2. All complaints related to personal information protection that occur while users use the company's services may be directed to the person in charge of personal information protection and the department in charge. The company will answer and handle users' inquiries.

Article 11 (Request for viewing personal information)

Receiving and processing departments for personal information access requests

• Phone number : +82 2-798-8932
• Email : info@walkinghousenewyork.com

Article 12 (Remedies for Infringement of Rights)

If you need damage relief or consultation for personal information infringement, you can contact the following organizations.

▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)

• - Homepage: privacy.kisa.or.kr
• - Telephone: (without area code) 118

▶ Personal Information Dispute Mediation Committee

• Website: www.kopico.go.krr
• Tel: (without area code) 1833-6972

▶ Supreme Prosecutor's Office

• Website: www.spo.go.kr
• Phone: (without area code) 1301

▶ National Police Agency Cyber ​​Investigation Bureau

• Homepage: ecrm.cyber.go.kr
• Telephone: (without area code) 182

Article 13 (Liability for Linked Sites)

The company may provide users with links to other external sites. In this case, since the company has no control over the external site, it cannot be held responsible or guaranteed for the usefulness, truthfulness, and legality of the services or data provided by the user from the external site. Please check the policy of the relevant external site.

Article 14 (Change of Privacy Policy)

When the company changes the personal information processing policy, it continuously discloses the time of change and enforcement and the changed content, and the changed content is disclosed by comparing before and after the change so that users can easily check it.

Addendum

This Privacy Policy is effective from September 7, 2022.