Privacy Policy

Chrema (hereinafter referred to as "the Company") values the personal information of its users and complies with the relevant laws, regulations, and guidelines for personal information protection in the Republic of Korea. Through this privacy policy, the Company informs users of the purpose and method of using their personal information and the measures taken to protect personal information.

Article 1 (Items of Personal Information Collected)

The Company collects the minimum personal information necessary for providing services when users sign up for Chrema services or during the use of services.

When signing up for membership

Required items: location information (country, city), email address, mobile phone number (including country code), password, service usage history

When using the service

Required items: nickname
Optional items: name, mobile phone address book (phone numbers and names of third parties), date of birth, blockchain wallet address

※ Members can refuse to provide information by not entering optional items. However, if some optional information is not entered or consented to, there may be limitations in using the service as follows:

① If the blockchain wallet address is not entered: Virtual assets held in the Chrema wallet cannot be withdrawn to an external wallet.

Article 2 (Methods of Collecting Personal Information)

The Company collects users' personal information in the following ways:

When users agree to the collection of personal information and directly enter information during the membership registration and service use process, the relevant personal information is collected.
Personal information of users may be collected through web pages, mail, fax, phone, messages, etc. during the consultation process through the customer center.
Personal information may be collected through written forms at offline events.
Personal information may be provided by external companies or organizations affiliated with the Company. In such cases, the affiliated company obtains the user's consent for providing personal information in accordance with the Personal Information Protection Act before providing it to the Company.
Generated information such as device information may be automatically generated and collected during the use of mobile applications.

Article 3 (Purpose of Collecting and Using Personal Information)

The Company collects personal information for the following purposes. All information provided by users will not be used for any purpose other than the necessary purposes below, and prior consent will be obtained if the purpose of use changes.

Membership registration and management Confirming the intention to sign up for membership, identifying users, maintaining and managing membership qualifications, verifying identity in accordance with the implementation of the limited identification system, preventing unauthorized use of services, verifying the consent of legal representatives when collecting personal information of children under the age of 14, verifying the identity of legal representatives, confirming the intention to withdraw from membership, various notices and notifications, handling complaints, preserving records for dispute resolution, etc.
Handling civil complaints Verifying the identity of the complainant, confirming the details of the complaint, contacting and notifying for fact-finding, notifying the processing results, etc.
Providing services Providing services such as content, transferring virtual assets to external wallets, discovering new service elements and improving existing services, etc.
Statistical analysis Verifying the validity of statistical analysis services, identifying the frequency of access, or statistics on users' service usage, etc.
Utilization for marketing and advertising Delivering the latest information and providing customized services for the development of new services and events, providing services and displaying advertisements based on statistical analysis, etc.

Article 4 (Retention and Usage Period of Personal Information)

The Company retains and uses the personal information of users for the period during which they receive services as members of the services operated by the Company from the date they signed up. The Company promptly destroys the relevant personal information when users withdraw their consent to the collection and use of personal information. However, when users withdraw their membership from the platform services operated by the Company or the Company expels users, the Company retains personal information for 30 days from the date of termination of the usage contract to prepare for abuse of rights, prevention of misuse, infringement of rights, resolution of disputes related to defamation, and requests for investigative cooperation. Additionally, the Company retains personal information for the period specified by relevant laws and regulations as follows when it is necessary to retain it in accordance with the provisions of relevant laws and regulations.

However, if it is necessary to preserve information in accordance with relevant laws and regulations, the Company will retain member information for a certain period of time as stipulated by relevant laws and regulations, as follows:

When users withdraw their membership or the Company expels users, the Company preserves personal information for 30 days from the date of termination of the usage contract to prepare for abuse of rights, prevention of misuse, infringement of rights/defamation disputes, and requests for investigative cooperation.
The Company preserves the following information for the specified period:

Records related to contracts or withdrawal of subscriptions Basis for preservation: Act on the Consumer Protection in Electronic Commerce, Etc. (Preservation period: 5 years)
Records related to payment and supply of goods, etc. Basis for preservation: Act on the Consumer Protection in Electronic Commerce, Etc. (Preservation period: 5 years)
Records related to consumer complaints or dispute resolution Basis for preservation: Act on the Consumer Protection in Electronic Commerce, Etc. (Preservation period: 3 years)
Records related to indications/advertisements Basis for preservation: Act on the Consumer Protection in Electronic Commerce, Etc. (Preservation period: 6 months)
Records related to electronic finance Basis for preservation: Electronic Financial Transactions Act (Preservation period: 5 years)
Records related to service use such as access logs Basis for preservation: Protection of Communications Secrets Act (Preservation period: 3 months)

Article 5 (Procedures and Methods of Destroying Personal Information)

In principle, the Company destroys the relevant information without delay after the purpose of collecting and using personal information has been achieved. The procedures and methods of destruction are as follows:

Destruction procedure: The information entered by users for membership registration, etc. is transferred to a separate database (in the case of paper, a separate document file) after the purpose has been achieved and is stored for a certain period of time (refer to the retention and usage period) in accordance with internal policies and other relevant laws and regulations for information protection reasons, and then destroyed.
Destruction method: Personal information transferred to a separate database is not used for any other purpose unless required by law. Personal information stored in the form of electronic files is deleted using technical methods that make it impossible to reproduce the records. Personal information printed on paper is shredded or incinerated.

Article 6 (Provision of Collected Personal Information to Third Parties)

The Company does not provide personal information to third parties without the prior consent of users. However, personal information may be provided only when the user directly consents to the provision of personal information in order to use the services of external affiliated companies, when the Company has an obligation to submit personal information to the Company under relevant laws and regulations, and when there is an imminent risk to the user's life or safety, and it is necessary to resolve this risk.

Article 7 (Rights of Users and Legal Representatives and How to Exercise Them)

Users and legal representatives can exercise the following personal information protection rights to the Company at any time:

Request for access to personal information
Request for correction in case of errors, etc.
Request for deletion
Request for suspension of processing

The exercise of rights under Paragraph 1 can be made to the Company in writing, by phone, email, or fax, and the Company will take action without delay.
If the user requests correction or deletion of errors, etc. in personal information, the Company does not use or provide the personal information until the correction or deletion is completed. In addition, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the result of the correction process without delay so that correction can be made.
The exercise of rights under Paragraph 1 may be done through a legal representative of the user or a delegated person such as an agent. In this case, a power of attorney in accordance with the Enforcement Rule of the Personal Information Protection Act must be submitted.
Users shall not infringe on the personal information and privacy of themselves or others processed by the Company in violation of the Personal Information Protection Act and other relevant laws and regulations.

The Company designates a personal information protection officer as follows to take overall responsibility for the handling of personal information and to handle complaints and damage relief related to the processing of personal information of data subjects.

Personal Information Protection Officer

Name: Dooan Kim
Position: Director (CTO)
Phone number: 010-5749-9428
Email: chrema@chrema.net (Connected to the department in charge of personal information protection)

All inquiries related to personal information protection, complaint handling, and damage relief that occur while using the Company's services can be made to the personal information protection officer and the department in charge. The Company will respond to and handle customer inquiries without delay.
For other reports or consultations regarding personal information infringement, please contact the following organizations:

Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
Cyber Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / 1301 without area code)
Cyber Bureau, National Police Agency (ecrm.police.go.kr / 182 without area code)

Article 9 (Measures to Ensure the Safety of Personal Information)

In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, managerial, and physical measures necessary to ensure safety:

Minimization and education of employees handling personal information: The Company implements measures to manage personal information by designating employees who handle personal information and limiting them to the minimum number of persons in charge.
Regular self-audits: The Company conducts self-audits regularly (quarterly) to ensure the stability of personal information handling.
Establishment and implementation of an internal management plan: The Company establishes and implements an internal management plan for the safe processing of personal information.
Encryption of personal information: Users' personal information and passwords are stored and managed in encrypted form, so only the user can know them. Important data is protected by using additional security functions such as encrypting files and transmission data or using file locking functions.
Technical measures against hacking, etc.: The Company installs security programs and conducts regular updates and inspections to prevent leakage and damage of personal information due to hacking or computer viruses. The Company also installs systems in areas with controlled access from the outside and monitors and blocks them technically and physically.
Restriction of access to personal information: The Company takes necessary measures to control access to personal information by granting, changing, and deleting access rights to the database system that processes personal information, and controls unauthorized access from the outside using an intrusion prevention system.
Retention and prevention of forgery/alteration of access records: The Company retains and manages access records to the personal information processing system for at least 6 months and uses security functions to prevent forgery, theft, and loss of access records.
Use of locking devices for document security: Documents and auxiliary storage media containing personal information are stored in a secure place with locking devices.
Access control for unauthorized persons: The Company establishes and operates access control procedures by separately maintaining a physical storage location for storing personal information.

This privacy policy takes effect from the date of enforcement, and in the event of additions, deletions, and corrections of changes in accordance with laws, regulations, and policies, the changes will be notified through a notice 7 days prior to the implementation of the changes.

Article 10 (Matters Concerning the Revision and Notification Obligations of Personal Information Processing Guidelines)

In the event that the Company revises the personal information processing guidelines due to changes in government laws and guidelines or changes in the Company's internal guidelines, the changed content will be notified 7 days in advance through the notice menu of the sites and service applications operated by the Company or through additional personal information. The revised terms and conditions will take effect 7 days after they are posted.

However, if there are significant changes in user rights, such as changes in the items of personal information collected or the purpose of use, it will be notified at least 30 days in advance and, if necessary, user consent may be obtained again.