STAYGE Labs Privacy Policy

1. What is a Privacy Policy?

STAYGE Labs, Inc. (hereinafter referred to as the “Company”) collects, uses, and provides the User’s personal information based on the User’s consent, and actively protects the User’s rights (to self-determination concerning their personal information).

The Company, as an information and communications service provider, is subject to and complies with the applicable laws, personal information protection provisions, and guidelines of the Republic of Korea.

The Privacy Policy refers to the guidelines with which the Company complies to protect the User’s invaluable personal information so that the User can use the services safely.

This Privacy Policy applies to services (hereinafter referred to as the “Services”) provided by the Company.

2. Collection of Personal Information

The Company collects personal information to the minimum extent necessary for service provision.

The Company collects minimum personal information necessary to provide the User with the Services when the User signs up or uses the Services on the website, applications, or programs as follows:

To sign up for a STAYGE ID

Required: email, password, user name (nickname), profile image

To use paid-services

Payment via credit card: (part of) credit card number, name of credit card company, etc.

Payment via mobile phone number: mobile phone number, approval number, etc.

To process refund

Bank, account number, account holder's name, email

To issue cash receipt

Mobile phone number, card number for cash receipt

To process a customer inquiry

Additional information may be required when processing an inquiry or consultation through Customer Service.

Additional personal information collected in the Service

Service	Information to be collected
youmeOn	For signup: [required] nickname, profile image For ticket purchase and cancellation: [required] Purchaser information (email, mobile phone number), ticket purchase/cancellation/refund information, payment information To settle a streamer's ticket sales profit: [required] resident registration number, bank, bank account number, banck account holder’s name
tin	For signup: [required] username, profile image For receiving advertising information: [oprional] email, push token, username (nickname)
For all services	Event winners Products to be delivered: [required] name, address, phone number Mobile products: [required] mobile phone number, User name To process public charge and tax: [required] name, resident registration number, phone number, address, email To process customer inquiries General inquiries: [required] email, inquiry details Purchase-related inquiries: [required] email, inquiry details, purchase history, payment method information

For some Services, the Company may collect additional personal information, upon obtaining the User’s consent, to provide specialized services.

Required information: information needed to perform essential functions of the Services
Optional information: information collected additionally to provide more specialized services (No restrictions on the use of the Services even if the User opts out on optional information)

How personal information is collected:

The Company provides the User with prior notice of its collection of personal information. The Company collects personal information when:

the User consents to the collection of personal information and enters their personal information as they sign up or use the Services;
provided by affiliated services or organizations;
obtained from a website, email, fax, phone, etc. in the process of customer service consultation; or
the User participates in online or offline events.

The Company collects personal information as follows when the User uses the Services:

Information that may be automatically created and collected when the User uses the PC web, mobile web/app includes device information (OS, screen size, device ID, model of the device), IP address (to confirm the User’s country of access), cookies, date and time of visit, records of fraudulent use, records of service use.

The Company may obtain personal information from third parties for affiliated or connected services.

‍

3. Use of personal information

The Company uses personal information for the purposes of member administration, service provision, and improvement, new service development, etc.

The Company collects the minimum personal information necessary to provide the User with Services as follows when the User signs up or uses the Services on the website, applications, or programs:

Confirming member identity and consent to sign-up, confirming user identity/age, preventing fraudulent use or abuse;
Developing new services, providing services, processing questions or complaints, announcing notices;
In case of the use of paid services, transmitting content or shipping goods, settling payments, collecting a debt;
Preventing and restricting behaviors that may obstruct the smooth operation of the Services (including but not limited to account theft and fraudulent use);
Recommending customized content and using for marketing efforts based on demographics and user interests, preferences, and inclinations;
Offering personalization services;
Building statistics on the records of service use, access frequency, and service uses to create a service environment conducive to privacy protection and to improve services; and
Deidentifying personal information and using the de-identified information for statistical analysis and scientific research
Provision of event information, opportunities for participation, and advertising information

4. Provision and Entrustment of Personal Information

STAYGE Labs does NOT provide the User’s personal information to a third party unless consented to by the User or required by the laws.

The Company entrusts the following task to a third party.

The Company entrusts personal information processing tasks to a third party to perform tasks needed to provide the services. The Company manages and supervises the entrusted companies to comply with the applicable laws.

Domestic Entrusted Company

Entrusted company	Entrusted tasks
Amazon Web Service, Inc.	IDC for the operation of Service

International Entrusted Company

Entrusted company	Information Management Officer	Purpose	Items to be transferred	Country	Transfer Date and Method	Use Period
ActiveCampaign, LLC.	privacy@activecampaign.com	Email delivery to the users	email	United States	Transmitted via the network when the Member uses the Service.	Until the withdrawal from the Service or termination of the consignment agreement

5. Retention and disposal

The Company retains personal information until the purposes of the personal information use are fulfilled or the User deletes their account, with some exceptions applied.

The Company keeps the collected personal information until the purposes of the use of personal information are fulfilled or the User deletes their account. In case the Company terminates the Terms of Service with the User under the Terms of Use, however, the Company may keep the minimum personal information of the User for a certain period as required to prevent the User from signing up again during that period.

The Company destroys personal information without delay once the purposes of collection and use are fulfilled. The Company will employ the disposal methods and procedures as follows:

The Company destroys personal information in the form of electronic files securely to make the data unrecoverable and unrevivable. For other forms of personal information such as records, printouts, written forms, etc., the Company disposes of them by shredding or burning.

To comply with the internal policy, however, the Company keeps some types of personal information for certain periods before destroying them.

For prevention of improper signup or use, the Company will retain the email of the withdrawn Member for seven (7) days from the date of the Member’s withdrawal from the Service.

[Records regarding contract or withdrawal of subscription or records regarding payment and supply of goods]

Legal basis: Act on the Consumer Protection in Electronic Commerce
Retention period: 5 years

‍

[Records regarding consumer complaint or dispute handling]

Legal basis: Act on the Consumer Protection in Electronic Commerce
Retention period: 3 years

‍

[Records regarding books and supporting documentation related to transactions as required by the tax laws]

Legal basis: Framework Act on National Taxes and Corporate Tax Act
Retention period: 5 years

‍

[Records regarding electronic financial transactions]

Legal basis: Electronic Financial Transactions Act
Retention period: 5 years

[Records regarding website visits]

Legal basis: Protection of Communications Secrets Act
Retention period: 3 months

The Company stores separately or deletes personal information of a Member who has not used the Services for 1 year or a period set by the Member, and the stored information will be destroyed without delay after being kept for four (4) years. Once personal information reaches its expiration date, the Company destroys the information immediately in an unrecoverable manner, even if the information is obligated to be retained by the laws.

6. Use and provision of personal information within the scope reasonably related to the purpose of collection

Company may use personal information or provide personal information to a third party without the user's consent, taking into account each of the following criteria within the original purpose of collection and reasonable scope.

Whether it is related to the original purpose of collection is determined considering whether the original purpose of collection and the purpose of additional use and provision are related to the nature or disposition.
Whether there is predictability of additional use or provision of personal information, in light of the circumstances or processing practices of personal information collection, is determined in consideration of the relationship between personal information processors and users, the level of technology and speed of development, and general circumstances (practices) established for a considerable period of time.
Whether the user's interests are unfairly infringed is determined in consideration of whether the user's interests are substantially infringed in relation to additional purposes of use and whether the infringement is unfair.
Whether necessary measures have been taken to secure safety, such as alias processing or encryption is determined considering whether safety measures are taken in consideration of the possibility of infringement, etc.

‍7. Matters Concerning InstallationㆍOperation and Refusal of Automatic Personal Information Collection Device

The Company may use cookies to provide web-based services.

Cookies are used to assist the User with faster and more convenient navigation of the website and offer customized services.

What is a cookie??

A cookie is a small piece of data (text file) that the server sends to the User’s browser to operate a website. A cookie is stored on the User’s personal computer.

Purpose of cookies

Cookies are used to provide personalized and customized services to the User by storing and recalling the User's information. When the User visits a website, the website server reads the cookies saved in the User’s device to maintain the User’s settings and provide customized services. Cookies help the User access the website conveniently by using existing settings. Cookies are also used to provide the User with customized information such as optimized advertisement based on the User’s website visit history and use patterns.

Detailed cookie list

Cookies used by a third party software (Google Analytics)

Detailed cookie list : _ga, _gat, gid

Type: HTTP cookies
Placed by: google
Purposes
- The Company uses these cookies to improve the Services and deliver better user experiences.
- The cookies register a unique ID used to create statistical data on the visitor’s website usage patterns.
- The cookies are used by Google Analytics to adjust request speed.

Rejection of cookies

Cookies do not store identification information such as names and phone numbers. and the User reserves the right to choose to install cookies. The User can thus adjust web browser settings to accept all cookies, be asked about cookies every time they are saved or refuse all cookies. Provided that, if the User refuses the installation of cookies, the User may find it harder to navigate the web or use services that require login.

How to adjust cookie preferences or reject them

1) Internet Explorer: Select “Tools” menu at the top of the browser window > Select “Internet Options” > Select the “Privacy” tab > Set cookie options

2) Chrome: Click “Settings” at the top right > Click “Security and Privacy” > Click “Cookies and other site data”

3) For Microsoft Edge: Settings menu at the top of the web browser > Cookies and Site Permissions > Manage and delete cookies and site data

8. User’s Rights and the Means of Exercising those Rights

STAYGE Labs is committed to protecting the User’s rights.

The User can request to view, modify, delete, or suspend the processing of their personal information at any time.

More specifically, the User can adjust settings or delete the account in the Services. The User can also contact the Customer Center and submit a request in writing or via email. The Company will take immediate actions upon receiving such a request.

If the User requests to correct errors in personal information, the Company will not use or provide such personal information to third parties until the requested correction is made.

The User can exercise their rights through their legal representative or designated person by submitting a power of attorney to verify such representation or designation.

9. 개인정보 보호책임자 및 고충처리 부서

Questions about personal information protection?

If you have any questions, complaints, suggestions, and other matters related to personal information protection while using the Services, please contact the Company’s Data Protection Offer (DPO) or Data Protection Department. STAYGE Labs is committed to listening and responding to our Users quickly and sincerely.

Data Protection Officer

Name: Hyunsook Kang (Chief Operating Officer)
Affiliation: Legal/PR Team
Phone: 02-324-5761
email: privacy@stayge.io

If the User wishes to make a report or to consult about a potential infringement of personal information protection, please contact the following organizations:

Personal Information Infringement Report Center

+82-118
https://privacy.kisa.or.kr

Supreme Prosecutor’s Office, Cybercrime Investigation Division

+82-1301
cid@spo.go.kr

National Police Agency, Cyber Terror Response Center

+82-182
https://cyberbureau.police.go.kr

‍

10. Actions Taken to Protect Personal Information

STAYGE Labs is making efforts as follows to safeguard the User’s personal information.

The Company has implemented the following technical and managerial measures to protect users’ personal information from loss, theft, disclosure, modification, or damage.

1) Technical Measures

a. Personal information is protected by a password, and important data is protected through separate security functions, such as encryption of files and transmitted data and use of file lock functions.

b. Antivirus software is used to prevent damage from computer viruses. Antivirus software is updated periodically, and in the event of a sudden virus outbreak, the vaccine for the virus will be applied as soon as it is released to prevent the infringement of personal information.

c. SSL, a security protocol, has been adopted to help ensure the safe transmission of personal information through the network.

d. In order to prevent unauthorized disclosure of users’ personal information by hacking or other unauthorized access, the system is maintained in an area where external access is restricted, and intrusion-blocking devices are used.

2) Managerial Measures

a. The Company has procedures in place needed for appropriate management of and access to users’ personal information. Company officers and employees are required to understand and comply with these procedures, and compliance is monitored regularly.

b. The Company limits the number of persons who can process users’ personal information to a minimum, controls their access rights, and educates such personnel to comply with applicable laws and policies. Persons who process users’ personal information are the following:

Persons who deal directly or indirectly with users as they handle business
The Data Protection Officer, Data Protection Personnel, and other persons engaged in personal information management and protection duties
Others whose access to user’s personal information is necessary for their work duties

c. The Company requires new employees to sign an information protection pledge, reminds all of its employees from time to time of their duty to protect personal information, and has in place internal procedures to audit their compliance with such duties to prevent the unauthorized disclosure of information by its employees (including, personal information).

d. The transfer of duties for personal information managers takes place under secure conditions, and the Company prescribes the scope of liability regarding any personal information incidents for both current and former employees.

STAYGE Labs complies with the European Union’s General Data Protection Regulation (GDPR).

The Company complies with the GDPR and other data protection laws. The Company uses the User’s personal information for purposes as follows:

Member sign-up and service provision: The Company may use the User’s personal information to sign an agreement with the User and perform the Company’s obligations under the terms and conditions of the agreement. The Company may use the User’s identity, contact, finance, transaction, marketing, and communication data while providing the Services when, for example, notifying the User of changes in the Services or fulfilling the User’s request.
Security enhancement of the Services: The Company may use the User’s personal information to verify the User’s account, investigate suspicious activities, and apply the Terms of Service to the extent necessary for the Company to protect the rights of users and the Company regarding security enhancement and to perform the Company’s obligations under the applicable laws.
Service improvement: The Company may analyze data such as records of use to improve Services and develop new businesses by leveraging more relevant content and user experiences.
Promotion for the Services: The Company may use the User’s personal information to conduct marketing research and send promotional information to the User. The User can withdraw their consent to receiving marketing communication by clicking “unsubscribe” in the marketing message.

Under the GDPR and other relevant laws and regulations, the User can request to transfer their personal information to another controller or to suspend the processing of the personal information. The User also reserves the right to bring complaints to the information protection authorities. The User can make inquiries about data protection to the Customer Center. The Company processes such inquiries lawfully and quickly.

The Company’s Services are NOT intended for children. The Company collects personal information of children under the age of 16 who reside in the European Economic Area (EEA). In case the personal information of a child under the age of 16 living in the EEA is collected unintentionally in connection with the provision of the Services, the Company removes the information immediately. For inquiries about the personal information of children under the age of 16, please contact the Customer Center via phone or email.

To provide Services to the User, the Company may transfer, retain, and process personal information outside the EEA including the Republic of Korea. The User’s personal information may also be saved within the EEA when the information is stored in the device that the User uses to access the Services. When the Company transfers the User’s personal information outside the EEA, the Company guarantees a similar level of data protection as within the EEA by ensuring to take any one of the following measures:

The Company transfers personal information to countries that the European Committee (EC) considers providing an adequate level of protection for personal information protection; or
In case the Company uses certain service providers, the Company may use an EC-approved agreement with the provider to make sure that the same protection can be applied to personal information as in Europe.

For further inquiries about the measures to be taken by the Company when transferring personal information outside the EEA, please contact the Company.

STAYGE Labs complies with the California Consumer Privacy Act (CCPA).

The following notice applies only to California residents. Under the CCPA, consumers who reside in California can request to view, delete, or suspend the sale of personal information collected by the Company and NOT to be discriminated against for exercising the aforementioned rights. If the User exercises the right to opt-out-of-sale, the Company will not sell the User’s personal information and the Company will not discriminate against the User for exercising their rights related to personal information.

The User can request to view the personal information collected by the Company for the 12 months preceding the User’s request, including:
The categories and specific content of the User’s personal information collected;
The sources from which the Company collected personal information; and
The business or commercial purposes for collecting or selling the personal information
The User can request that the Company delete the collected personal information related to the User and the User’s device.
The Company can use the User’s personal information only in compliance with this Privacy Policy. The Company does not believe that the Company’s use and provision of personal information constitute the sale of personal information under the CCPA. The Company has not sold the User’s personal information in the past 12 months or neither does it plan to sell personal information.
The Company will NOT provide personal information to third parties for them to use for direct marketing activities.
Under California laws, the Company is obligated to disclose how the Company responds to web browser’s Do Not Track (DNT) requests. With no commercial or legal standards currently available for honoring DNT requests, the Company does NOT respond to DNT requests.
In case the User wishes to exercise their personal information rights under the California laws or has any questions on the Company’s personal information protection measures, please send email or contact the Customer Center. The Company will verify the User’s request and take reasonable measures to implement the request to the extent that the request does not violate the applicable laws. If the Company denies the User’s request, the Company will provide a reasonable reason for such denial.

11. Changes to this Privacy Policy

If there are any changes, additions, or deletions to the content of this Privacy Policy due to changes in the applicable privacy laws, policies and security technologies, etc., the Company will notify the users of the amendment by posting an announcement on the Presented LIVE Notice Board prior to the amendment of the Privacy Policy. If major changes in the User’s rights are to be made such as a change in personal information items collected or purpose of use, the Company will provide the User with a minimum 30-day prior notice.

Date of notification: February 20th, 2024
Date of enforcement: February 29th, 2024