Status of Changes

Privacy Policy (Dec. 6, 2022)

Privacy Policy (Dec. 6, 2022)

VWX Co., Ltd. (“Company” or “Website”) complies with the Personal Information Protection Act and other relevant laws and regulations to protect the freedom and rights of information subjects, and handles personal data lawfully and securely.
In accordance with Article 30 of the Personal Information Protection Act, the Company hereby establishes and discloses the Privacy Policy in order to guide the data subject on the procedures and standards for personal data processing and to ensure prompt and smooth handling of related complaints.

Article 1 (Purposes of Collecting and Using Personal Data)

The Company collects personal data for the following purposes and will not use the collected personal data for any purposes other than those stated below. If the purpose of use is changed, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

(1) Identity verification for using membership-based services, confirming one's consent, responding to customer inquiries, introducing new information, and delivering notifications

(2) Performance of contracts related to service provision and fee settlement for service provision, personal verification, audition/casting information matching, personal identification for content delivery, mutual contact between members, purchase and fee payment, product and proof delivery, prevention of unauthorized use, and prevention of unauthorized usage

(3) Customized service provision for service development and marketing/advertising utilization, service guidance and promotion, statistical analysis and access frequency tracking for service improvement and new service development based on statistical characteristics, advertising according to statistical characteristics, and providing event information and participation opportunities

(4) Statistical analysis for audition/casting progress and trend analysis, data analysis for service enhancement

Article 2 (Items of Personal Data to Be Collected and Collection Methods)

(1) Items collected when registering as a member
1. Items collected during signing up
(a) Email sign-up members
Required items: Name, gender, age, date of birth, password, phone number, email, Instagram, and other external service integration settings chosen by the user
(b) Social sign-up members
Social platform: Kakao
Required information: Kakao account (email), Kakao channel add status and history, Kakao account (phone number), name, gender, age, date of birth

2. Information collected when registering a profile
Required information: Name, mobile phone number, e-mail
Optional items: Profile/Cover image, self-introduction, occupation, career history, educational background, awards and others, website (social network), etc.

3. Information collected when filling out an application form
Required items: Name, mobile phone number, email, subject, content
Optional items: Gender, portfolio, etc.

4. Information collected when using the casting proposal service - Required items: Profile image, name, mobile phone number, email

5. Information collected when using paid information
Required items: Card company name, card number, date of birth, and password (for personal cards) or business registration number (for corporate cards) collected during mobile service usage

6. Items collected when using mobile services
Due to the nature of mobile services, information about the device model may be collected, but this is in a non-identifiable form.

7. Items automatically collected during the process of using the Service or business processing
IP address, cookies, visit date and time, service usage records, records of improper use, advertising ID, connection environment

(b) Personal data collection methods
Website, service usage, fee settlement, event participation, customer center inquiries

Article 3 (Provision, Outsourcing of Handling, and Overseas Transfer of Personal Data)

The Company will only use personal data within the scope notified in Article 1 (Purposes of Collecting and Using Personal Data), and will not use it beyond this scope without the user’s prior consent.
(1) The Company outsources the handling of personal data for the improvement of service and stipulates necessary matters to manage personal data safely when signing an outsourcing contract according to relevant laws. We will notify you of any changes through notices or the Privacy Policy.

Third party: Stibee
Outsourced task: Email sending service, including newsletters

Third party: Nurigo
Outsourced task: SMS sending service, Kakao Notification/Friendtalk service provider

Third party: Amazon Web Services (AWS Kor)
Outsourced task: Cloud IT infrastructure provision

(2) In the following cases, personal data may be provided or used through appropriate procedures.
1. In the event that the rights and obligations of a service provider for sale or merger are transferred or assigned, the user must be notified in advance and given the option to withdraw his/her consent for the use of their personal information.

2. When users apply for auditions/casting posts through the website, their personal information such as contact details and resumes are provided for the purpose of the recruitment process.

3. When using the casting proposal service, members can send casting proposals to each other for casting purposes. Personal data can be accessed only if the user accepts the proposal.
Recipient of personal information: Users whose casting proposals have been accepted
Purpose of using personal information by the recipient: Carrying out the casting process
Items of personal information provided: Profile image, name, contact information, email, etc.
Period of retention and use of personal information by the recipient: One (1) week after the user's acceptance

4. In the case of providing to educational institutions

5. However, the following cases are exceptions.
- If the user agrees in advance (the term “agrees in advance” means that the user voluntarily agrees to provide his/her personal data to a third party for the purpose of using the service, etc.)
- If provision of the data is required by the law or investigative authorities for investigative purposes under relevant laws

(3) We provide or store members’ personal data overseas in the following cases.
1. There are overseas companies that the Company provides personal data of members who wish to work abroad to. The Company will give prior notice in case of any changes through partnership. In this case, we go through a process of obtaining individual consent, and if there is no consent, we do not provide the personal data.

Article 4 (Retention and Use Period of Personal Data)

The Website will retain and use the user’s personal data only during the period of providing services from the date of membership registration. If the user withdraws consent for the collection and use of personal data, or if the purpose of collection and use is achieved or the retention period expires, the personal data will be promptly destroyed.
However, the following cases will be preserved for the specified reasons and duration.
(1) If there is a need to preserve according to the provisions of the Commercial Act or other relevant laws, we will retain transaction records and minimum basic information for the period specified by the law. In such cases, the Company uses the said information for the following purposes only and the retention period is as follows.
1. Contract or subscription withdrawal records: Five (5) years 2. Supply records including payment and goods: Five (5) years 3. Consumer complaints or dispute settlement records: Three (3) years 4. Record of fraudulent use and related activities: Five (5) years 5. Website visit history (login history, access history): One (1) year

(2) When a Member requests withdrawal, the Company follows the principle of promptly destroying personal data while processing the withdrawal. However, when a Member with a history of applying through the Company withdraws, the Company retains the application history and related personal data for five (5) years after withdrawal for the following preservation reasons.
1. In order to complete the performance of the casting contract related to the Company’s service provision, it is necessary to retain the Member's application information.

(3) We will retain the information for the agreed period, unless the retention period has not expired and individual consent has been obtained, after giving prior notice of the retention period.

(4) In order to protect personal data, if a user does not use the Website for one (1) year, his/her email (or account information set by the user through integration with external services such as Facebook) can be separated as a “dormant account” and the use of that account can be suspended. In this case, the Company will notify the user in advance, thirty (30) days prior to the “scheduled date for handling dormant accounts,” through one of the methods such as email, written notice, or SMS. If the user confirms his/her identity and expresses his/her intention to use the Website again, he/she will be able to use the Website.

Article 5 (Personal Data Destruction Procedure and Method of Destruction)

In principle, the personal data of users is destroyed without delay when the purpose of collection and use of personal data is achieved. The following is the procedure and the method of destruction of personal data of the Company.
(1) The information provided by the user for membership registration and other purposes will be transferred to a separate database (or a separate filing cabinet for paper documents) after the purpose is achieved, and will be stored for a certain period of time according to internal policies and other relevant laws and regulations for information protection reasons, and then destroyed. At this time personal data transferred to a database will not be used for any other purpose.

(2) Data recorded in a paper is destroyed by a shredder or incinerated. Personal data stored in the form of an electronic file is deleted using a method that makes it impossible to restore.

Article 6 (Information on the Installation, Operation, and Refusal of Cookies)

(1) Cookies are small text files sent by the server used to operate a website to the user’s browser and stored on the user’s hard drive.

(2) The cookies collected on the Website is the same as items stipulated in Article 2 (Items of Personal Data to Be Collected and Collection Methods), and they will not be used for purposes other than the purposes stipulated in Article 1 (Purposes of Collecting and Using Personal Data).

(3) Users have the right to choose whether to install cookies. Users may select options in the web browser settings to allow all cookies, require confirmation to save cookies, or reject to save all cookies. The method for specifying whether to allow cookie installation (in the case of Internet Explorer) is as follows.
Internet Explorer web browser
[Tools] > [Internet Options] > [Privacy] tab > [Settings] change

Chrome web browser
Top right menu [Settings] > [Privacy and security] > [Third-party cookies] settings

Safari web browser
Go to [Safari] > [Preferences] > [Security] in the top left menu bar of MacOS and select whether to allow cookies.
However, if you refuse to save cookies, there may be difficulties in using some services that require login.

Article 7 (Technical and Administrative Measures for the Protection of Personal Data)

(1) Personal data of users is protected by passwords, and files and various data are encrypted or protected by separate security features through file locking functions.

(2) All data is stored in a highly secure data center. We divide and restrict access permissions to personal data, and do not store it in offline spaces such as personal PCs where external intrusions are possible.

(3) The employees handling personal data are composed of a minimum number of personnel, and regular training is conducted on acquiring new security technologies and obligations related to personal data protection. Internal audit procedures are implemented to ensure the maintenance of security.

(4) The Company makes every effort to protect the personal data of users. However, we do not take responsibility for any issues that arise from the user’s personal negligence, such as the leakage of personal information (including account information set by the user through email or integration with external services such as Facebook) or the inherent risks of the Internet.

Article 8 (Link)

The Website may include various banners and links. In many cases, the Website is connected to pages of other websites, which is done to disclose the source of the content provided or due to contractual relationships with advertisers. Please review the privacy policy of the newly visited website as it is unrelated to the Website when clicking on a link included on the Website that redirects to another site’s page.

Article 9 (Protection of Children's Personal Data)

The Company allows the addition of guardian’s contact information in order to provide appropriate protective measures in unreasonable situations that may arise when minors under the age of fourteen (14) engage in job-seeking activities.

Article 10 (Protection of Non-members’ Personal Data)

On the Website, even without registering as a Member, users can access most of the content, excluding personal information and key resume information that is not intended for public disclosure.

Article 11 (Rights of Users and Methods of Exercising Them)

Users and their legal guardians have the right to access, disclose, and keep private, modify, and delete their own information or the information of the minor in question, at any time. Users and legal guardians can handle personal information inquiries/modifications/cancellations (withdrawal of consent) through “Member Information Management,” and if you contact the personal data protection manager via email, we will take action after going through the process of verifying your identity. If users request to correct errors in their personal data, the Company does not use or provide the data until completing such correction. If the Company provides a third party with false personal data, the Company will notify the third party in order for the correction to be made without delay. The Company handles personal data pursuant to Article 4. (Retention and Use Period of Personal Data). The collected personal data cannot be accessed or used for any other purposes.

Article 12 (Personal Data Processing Department and Complaint Service)

The Company designates and provides the following personal data processing department and contact information in order to protect users’ personal data and handle complaints related to personal data.

Personal Data Protection Manager
Name: Director Seo Il-yeong
Affiliation: Personal Data Protection Team
Contact: ask@vwxlabs.com
Phone number: +82-70-4903-0220
If you need consultation regarding personal data, you can contact the organization below.

Privacy Call Center: http://privacy.kisa.or.kr/ +82-118
Cyber Investigation Department of the Prosecution Service: http://www.spo.go.kr/ +82-1301
National Police Agency Cyber Safety Bureau: http://www.ctrc.go.kr/ +82-182

Supplementary Provisions

The current Privacy Policy may have additions, deletions, or modifications due to changes in laws, policies, or security technologies. In such cases, we will notify seven (7) days in advance of the effective date, or thirty (30) days in advance of the effective date if it significantly affects the rights of the information subject.
• Date of posting: December 6, 2022
• Effective date: December 16, 2022