Elice Terms of Service

ELICE Inc. Privacy Policy

Table of Contents

1. Purpose of Processing Personal Information
2. Retention Period of Personal Information
3. Categories of Personal Information
4. Processing Personal Information of Children Under 14
5. Provision of Personal Information to Third Parties
6. Entrustment of Personal Information
7. Destruction of Personal Information
8. Rights of Users & Legal Representatives and Exercising Those Rights
9. Measures to Ensure the Security of Personal Information
10. Security Measures for Public System Personal Information
11. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
12. Criteria for Additional Use and Provision
13. Personal Information Protection Officer, etc.
14. Methods of Remedy for Infringement of Rights
15. Changes to the Privacy Policy

Elice Inc. (hereinafter referred to as the "Company") complies with the Personal Information Protection Act of the Republic of Korea, GDPR and related laws to protect the freedom and rights of users, and processes and manages personal information in a lawful and safe manner. In accordance with Article 30 of the Personal Information Protection Act, this privacy policy is established and disclosed to guide users on the procedures and standards related to the processing of personal information and where the privacy infringement takes place, privacy policy guides users who to contact and what kind of help users should expect to prevent further damage and restore the damage users have already sustained.

1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes. Personal information will not be used for any purposes other than the following, and if the purpose of use changes, necessary measures will be taken in accordance with Article 18 of the Personal Information Protection Act, such as obtaining separate consent.

• Confirmation of membership registration intent
• Identification of members
• Maintenance and management of membership
• Prevention of fraudulent use of services
• Confirmation of legal representative consent for the collection and processing of personal information of children under 14
• Identification when exercising rights of legal representatives
• Providing goods or services
• Delivery of items, transmission, and delivery of invoices and contracts
• Payment and settlement of fees, identity verification, and refund processing
• Submission of training information and reimbursement documents for employment insurance refunds
• Handling inquiries or complaints, notices, and various notifications
• Providing event and advertising information and participation opportunities
• Service usage records, access frequency, and statistics on service usage

2. Retention Period of Personal Information

The Company processes and retains personal information within the period of retention and use of personal information as agreed upon when collecting personal information from the user, or within the period stipulated by law. Personal information collected for membership registration and management is retained until the member withdraws from the service. However, in the following cases, personal information is retained until the reasons are resolved:

• If an investigation or inquiry is in progress due to a violation of related laws, until the investigation or inquiry is completed
• If there is a remaining creditor-debtor relationship due to the use of the website, until the settlement of the creditor-debtor relationship
• Until the contract between the operating institution partnered with the Company and the Company related to the service used by the member is terminated

The Company retains personal information for the period specified by relevant laws and regulations in unavoidable circumstances where retention is required by law. In this case, the retained personal information is used only for the purpose of retention. Major legal retention periods applicable to the Company are as follows:

• Information on payment and supply of goods: 5 years (Act On The Consumer Protection In Electronic Commerce Article 6)
• Records on contracts or withdrawal of subscriptions: 5 years
• Records on consumer complaints or dispute resolution: 3 years
• Records on display/advertising: 6 months
• Records on electronic financial transactions: 5 years (Electronic Financial Transactions Act)
• Website visit records: 3 months (Protection of Communications Secrets Act)

3. Categories of Personal Information

The main categories of personal information collected by the Company according to the specific contents of the services provided are as follows. Users should note that the categories of personal information collected by the Company may vary depending on the service they use.

• Information collected during membership registration (all services)
  • Required items: Name, login ID, email, linked SNS login account (email), profile information (nickname/profile picture), device information
• When using the Learning Experience Platform (LXP)
  • Required items: Necessary required items as per the operating policy of the operating institution partnered with the Company (e.g., user video (monitor screen, webcam screen, voice), etc.)
• When using Elice Test
  • Required items: User video (monitor screen, webcam screen, video captured by mobile phone camera, voice), ID card copy (face, date of birth, gender) as per the operating policy of the evaluation/test operating institution partnered with the Company
• When using payment/refund services
  • Required items: Mobile phone number, transaction details (bank name, payment method, part of the card number, approval number)
  • Optional items: Refund account information (bank name, account number, account holder)
  • Retention and use period: Retention period as per related laws
• Nationally funded reimbursement training courses (K-Digital Training, K-Digital Credit, Digital Convergence Training)
  • Required items: Mobile phone number, date of birth, gender, resident registration number (applicable only to digital convergence training courses), address (applicable only to K-Digital Training)
  • Legal basis: National Lifelong Vocational Competency Development Act Article 20 and its Enforcement Decree Article 52-2 Paragraph 1 Subparagraph 5
• When using Elice Works
  • Required items: Career information
  • Optional items: Mobile phone number
• When making inquiries (excluding representative email, representative, and business phone numbers)
  • Required items: Email
  • Optional items: Mobile phone number
• Processing of pseudonymous information
  • Processing purpose: Analysis and research of learning data
  • Processing items: Name, affiliation, age
  • Retention and use period: Until the analysis and research of learning data is completed
• Processing of facial data
  • Processing purpose: AI research purposes
  • Processing items: Facial identification data
  • Retention and use period: For 3 years from the time of collection

4. Processing Personal Information of Children Under 14

When collecting personal information of children under 14, the Company seeks the consent of legal representatives. During this process, the Company collects the name, relationship, and contact information of the legal representative. The Company may request the child to provide the minimum information necessary, such as the legal representative's name and contact information, when collecting personal information of children under 14 and confirms the legal representative's consent using one of the following methods:

• Displaying the consent details on the website, allowing the legal representative to indicate their consent, and notifying the legal representative of the confirmation of consent via text message
• Displaying the consent details on the website, allowing the legal representative to indicate their consent, and receiving credit card or debit card information from the legal representative
• Displaying the consent details on the website, allowing the legal representative to indicate their consent, and verifying the legal representative's identity through mobile phone verification
• Providing a consent form directly to the legal representative by mail or fax, and requiring the legal representative to sign and return it
• Sending an email with the consent details and receiving a reply email from the legal representative indicating their consent
• Informing the legal representative of the consent details via phone and obtaining consent, or guiding the legal representative to check the consent details through an internet address and obtaining consent again through a phone call
• Any other method that notifies the legal representative of the consent details and confirms the intention of consent in compliance with applicable laws

5. Provision of Personal Information to Third Parties

The Company processes personal information within the scope specified in the purpose of processing personal information and provides personal information to third parties only with the consent of the user or in special cases stipulated by law, such as Article 17 and Article 18 of the Personal Information Protection Act. The Company may provide personal information to third parties within the minimum necessary range with the consent of the user.

Mandatory items:

• Services: Private LMS rental support project, Digital Convergence Training, K-Digital Training, K-Digital Credit
  • Recipients: Human Resources Development Service of Korea, Korea Employment Information Service
  • Purpose of use: Monitoring of vocational competency development training
  • Provided items: Name, date of birth, gender, resident registration number (applicable only to digital convergence training courses), address, mobile phone number, ID, email, device information, training information, learning information
  • Retention and use period: From the date of information provision until the achievement of the purpose of provision

Optional items:

• Service: Customized platform for customers
  • Recipients: Crowdworks Inc.
  • Purpose of use: Operation of 'Academy' business, management of AIDE qualification exams
  • Provided items: Name, ID (if registered via SNS, the respective account ID), email, mobile phone number, date of birth and gender on resident registration, payment information
  • Retention and use period: From the date of information provision until the achievement of the purpose of provision
• Service: K-Digital Training
  • Recipients: BetweenJobs
  • Purpose of use: Utilized for career coaching and recruitment
  • Provided items: Name, mobile phone number, email, address, academic information, and learning data
  • Retention and use period: From the date of information provision until the achievement of the purpose of provision

The Company may provide personal information to third parties without the consent of the user in the following cases:

• When special provisions exist in the Personal Information Protection Act or other laws
• When necessary to perform obligations under a contract with the user or to take pre-contractual measures at the request of the user (Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act)
• When necessary to process or store personal information overseas for the performance of a contract with the user (If the user wishes to refuse the overseas transfer of personal information, they may request to stop processing as per Article 9, Paragraph 1 of this policy)
• When required by investigative agencies following the procedures and methods prescribed by law for investigative purposes

The user can withdraw their consent to the provision of personal information to third parties at any time, and changes to the provision of personal information to third parties will be announced. The user may refuse consent to the provision of personal information to third parties, but if they refuse consent to mandatory items, the use/provision of the related service may be restricted.

6. Entrustment of Personal Information Processing

The Company entrusts personal information processing tasks to facilitate the processing of personal information as follows:

• Delegated companies: Amazon Web Services Korea, Microsoft Korea, Google Cloud Korea, Naver Cloud Corp., 42 Cloud Corp.
• Delegated tasks: Processing, storage, and maintenance of personal information using cloud services

The Company ensures that when signing a delegation contract, it specifies in the contract documents the prohibition of processing personal information beyond the purpose of performing the delegated tasks, the implementation of technical and managerial protection measures, restrictions on re-delegation, supervision of the delegate, and liability for damages as per Article 26 of the Personal Information Protection Act, and supervises the delegate to ensure the safe processing of personal information. If there is any change in the content of the delegated tasks or the delegate, the Company will promptly disclose it through this privacy policy. The user may refuse consent to the delegation of personal information processing, but if they refuse consent, the use/provision of related services may be restricted. The Company discloses the names of sub-entrusts if they are identified.

7. Destruction of Personal Information

The Company destroys personal information without delay when the retention period of personal information has expired, the processing purpose has been achieved, or personal information is no longer necessary. Personal information for which the retention period consented by the user has expired or the processing purpose has been achieved, but needs to be retained according to other laws, is moved to a separate database (DB) or stored in a different location. The procedure and method of destroying personal information are as follows:

• Destruction procedure: Information entered or provided by individuals is moved to a separate DB (in the case of paper, a separate document) after achieving the purpose, stored for a certain period according to internal policies and other relevant laws, or destroyed immediately. Personal information moved to the DB is not used for other purposes unless required by law.
• Destruction period: Personal information is destroyed within 5 days from the end date of the retention period or within 5 days from the date when the personal information is deemed unnecessary.
• Destruction method: Information in electronic file format is destroyed using technical methods that prevent the recovery of records. Personal information printed on paper is destroyed by shredding or incineration.

8. Rights of Users & Legal Representatives and Exercising Those Rights

The user can exercise the following rights related to personal information protection at any time:

• Request to view personal information
• Request to correct errors
• Request to delete personal information
• Request to stop Company processing personal information

The exercise of rights can be done through written, email, or fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take measures without delay to the extent that it does not interfere with the performance. Rights can also be exercised through a legal representative or a delegated person with the submission of a power of attorney in accordance with Form 11 of the "Public Notice on Personal Information Processing Methods [No. 2020-07 / Enforcement August 11, 2020]". Requests to view or stop processing personal information may be restricted according to Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act. If the user requests correction or deletion of errors in personal information, the Company does not use or provide the personal information until the correction or deletion is completed. The Company verifies whether the requester is the data subject or a legitimate representative when processing requests for viewing, correction, deletion, or stopping processing of personal information.

Requests for viewing, correction, deletion, or stopping processing of personal information for children under 14 must be made by the legal representative, and minors over 14 can exercise their rights directly or through a legal representative.

9. Measures to Ensure the Security of Personal Information

To ensure the security of personal information, the Company takes the following technical, managerial, and physical measures:

• Managerial measures: Establishment and implementation of personal information protection regulations and guidelines, operation of a dedicated organization, and training of personal information handlers
• Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation, and updating of security programs
• Physical measures: Access control to server rooms and document storage rooms, storage of documents containing personal information in secure places with locking devices

10. Security Measures for Public System Personal Information

The Company faithfully applies the safety measures criteria of public system operators as per Article 30-2 of the Enforcement Decree of the Personal Information Protection Act and Articles 14 to 17 of the Standards for Measures to Ensure the Security of Personal Information by the Personal Information Protection Commission. The Company designates a separate management responsibility for public systems and includes the roles and responsibilities of the management responsibility in the internal management plan. Physical measures include granting, changing, or deleting access rights to public systems in connection with personnel information and checking the details of granting, changing, or deleting access rights at least once every half year. The Company provides functions that allow the public system using institutions to directly check the access records of personal information handlers.

11. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

• To provide personalized services to users, the Company uses cookies that store and retrieve usage information from time to time. A cookie is a small amount of information sent by the server used to operate the website to the user's computer browser and is stored on the user's PC hard disk. The purpose of using cookies is to analyze the visit and usage patterns of users to provide optimized information to users. Users can refuse to store cookies by adjusting the options in the internet options menu of the web browser. However, refusing to store cookies may cause difficulties in using customized services.

• For better service provision, the Company uses Google Analytics, Facebook Pixel, Kakao Pixel, and Hotjar, which are web log collection tools. These tools collect non-identifiable information about user behavior on the Company's website through cookies. The collected non-identifiable behavioral information may be used for online advertising purposes through Google's Google AdWords service, Facebook's business tools, and Kakao Moment.

• Users can refuse the use of cookies by Google Analytics, Facebook Pixel, Kakao Pixel, and Hotjar by installing browser add-ons or by setting browser cookie preferences.

  • Installation of the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout)
  • Changing ad settings within the Facebook platform or utilizing the opt-out program (https://optout.aboutads.info/?c=2&lang=EN)
  • Setting to refuse the use of Kakao cookies (Internet Explorer: Tools → Internet Options → Privacy/Chrome: Settings → Privacy and Security)
  • For instructions on how to block Hotjar, refer to Hotjar's Do Not Track settings (https://www.hotjar.com/legal/compliance/opt-out)

12. Criteria for Additional Use and Provision

The Company may use or provide personal information additionally without the consent of the user by considering the factors stipulated in Article 15, Paragraph 3, and Article 17, Paragraph 4 of the Personal Information Protection Act and Article 14-2 of the Enforcement Decree of the Personal Information Protection Act. The Company considers the following factors to use or provide personal information additionally without the consent of the user:

• Whether the purpose of additional use or provision of personal information is related to the original purpose of collection
• Whether additional use or provision of personal information was predictable given the circumstances under which the personal information was collected or processing practices
• Whether additional use or provision of personal information unreasonably infringes on the interests of the user
• Whether measures such as pseudonymization or encryption were taken to ensure security

13. Personal Information Protection Officer, etc.

The Company designates the following person as the personal information protection officer to take overall responsibility for the processing of personal information, handle complaints, and provide relief to users:

• Name: Gunwoo Nam
• Position: CISO
• Contact: andy.gw.nam@elicer.com, 070-4633-2015
• Name: Sung June Yoo
• Position: Personal Information Manager
• Contact: sungjune.yoo@elicer.com, 070-4633-2015

Users can contact the personal information protection officer and the department in charge for all inquiries, complaints, and damage relief related to personal information protection while using the Company's services. The Company will respond and handle inquiries without delay.

14. Methods of Remedy for Infringement of Rights

Users can seek dispute resolution or consultation from the Personal Information Dispute Mediation Commission, the Korea Internet & Security Agency Personal Information Infringement Report Center, etc., to remedy damage caused by personal information infringement. Other personal information infringement reports and consultations can be directed to the following institutions:

• Personal Information Infringement Report Center (Korea Internet & Security Agency)
  • Business: Reporting and consulting on personal information infringement
  • Website: kisa.or.kr
  • Phone: 82-118
  • Address: 9 Jinheung-gil, Naju-si, Jeollanam-do, Korea Internet & Security Agency
• Personal Information Dispute Mediation Commission
  • Business: Dispute mediation, collective dispute mediation (civil resolution)
  • Website: www.kopico.go.kr
  • Phone: 82-1833-6972
  • Address: 209 Sejong-daero, Jongno-gu, Seoul, Government Complex Seoul, 12th Floor
• Supreme Prosecutors' Office Cyber Crime Investigation Division
  • Website: www.spo.go.kr
  • Phone: 82-1301
  • Address: 157 Banpo-daero, Seocho-gu, Seoul
• National Police Agency Cyber Crime Investigation Division
  • Website: ecrm.cyber.go.kr
  • Phone: 82-182
  • Address: 97 Tongil-ro, Seodaemun-gu, Seoul

The Company endeavors to guarantee the data subject's right to self-determination and to provide consultation and remedy for personal information infringement. If you need to report or consult, please contact the "Personal Information Protection Department" mentioned in Article 13, Paragraph 1 of this policy.

15. Changes to the Privacy Policy

This Privacy Policy applies from June 20, 2024. Previous privacy policies can be found below.