Privacy Policy

The Company processes personal information for the following purposes. Personal information processed shall not be used for any purpose other than the following, and if the purpose of use is changed, prior consent will be obtained.

A. Membership Registration and Management

We process personal information for the purposes of confirming the intention to register as a member, identifying and authenticating members in providing membership services, maintaining and managing membership qualifications, preventing fraudulent use of services, restricting use of services by users under 18 years of age, providing various notices and notifications, handling complaints, and preserving records for dispute resolution.

B. Provision of Services

We process personal information for the purposes of conducting value tests and analyzing results, calculating matching scores and recommending partners, providing profile information, chat (messaging) services, content provision, customized services, identity verification, and age verification.

C. Handling Civil Affairs

We process personal information for the purposes of verifying the identity of complainants, confirming civil affairs matters, contacting and notifying for fact-finding investigations, notifying processing results, and handling reports between members.

D. Marketing and Advertising Utilization

We process personal information for the purposes of developing new services and providing customized services, providing information on events and advertisements and providing participation opportunities, providing services and advertising based on demographic characteristics, verifying service effectiveness, determining access frequency, or statistics on members' use of services.

E. Payment and Refund Processing

We process personal information for the purposes of processing payments for paid services (premium subscriptions, additional recommendations, super likes, etc.), processing refunds, and managing purchase history.

F. Safety and Security

We process personal information for the purposes of providing a safe service environment for members, preventing, detecting, and responding to violations of terms of service, preventing fraud and misconduct, and maintaining service integrity and security.

The Company collects the following personal information to provide services.

A. Information Collected During Membership Registration

1. Google Social Login: Email address, name, profile photo

2. Apple Social Login: Email address (optional provision), name

B. Information Collected During Profile Setup

Required items: Nationality, language used, year of birth, gender, profile photo

Optional items: Self-introduction, additional photos

C. Information Collected During Service Use

1. Value test data: Selected categories (family, finance, communication, lifestyle, etc.), responses to each question, value analysis results

2. Matching data: Matching scores, recommendation history, like/pass records

3. Chat data: Chat messages, photos and files sent

4. Payment data: Purchase items, transaction dates, payment amounts, payment method information

5. Report and customer support data: Report content, inquiry content, processing results

D. Automatically Collected Information

The following information may be automatically generated or collected during the service use process or service provision business process.

IP address, device information (device ID, device type, operating system), app settings information, access logs, visit date and time, service usage records, inappropriate usage records, advertising identifiers, cookies

The Company processes and retains personal information within the period of retention and use of personal information according to laws or the period of retention and use of personal information agreed upon when collecting personal information from data subjects.

In principle, the Company destroys personal information without delay when the purpose of processing personal information is achieved. However, the following information shall be retained for the specified periods.

A. Retention Based on Internal Company Policy

1. Information related to membership registration and management: 3 months after account closure (safety retention period)

2. Information of members banned for violating terms of service: 1 year after ban (to prevent re-registration)

3. Customer management communication records: 6 years from the date

4. Payment and subscription history: 3 years after final account closure

B. Retention Based on Related Laws

1. Records on contracts or withdrawal of offers, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

2. Records on payment and supply of goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

3. Records on consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)

4. Records on labeling and advertising: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)

5. Records on collection/processing and use of credit information: 3 years (Act on the Use and Protection of Credit Information)

6. Records on access (logs): At least 1 year (Protection of Communications Secrets Act)

Additionally, if there is no service usage activity for 2 years, the account may be automatically closed, and data will be processed according to the above criteria.

The Company provides personal information to third parties only when it falls under Article 17 and Article 18 of the Personal Information Protection Act, such as with the consent of the data subject or special provisions of law.

The Company currently does not provide personal information to third parties. If provision to third parties becomes necessary in the future, we will notify in advance and obtain consent regarding the recipient, purpose of provision, items provided, and retention and use period.

However, the following cases are exceptions:

1. When separate consent is obtained from the data subject

2. When there are special provisions in the law or when it is unavoidable to comply with legal obligations

3. When the data subject or their legal representative is unable to express their intention or when prior consent cannot be obtained due to unknown address, etc., and it is clearly recognized as necessary for the urgent benefit of life, body, or property of the data subject or a third party

4. When necessary for criminal investigation and initiation and maintenance of public prosecution

5. When necessary for the court to perform judicial duties

The Company entrusts personal information processing tasks as follows for service operation.

1. Cloud services (data hosting and storage): Amazon Web Services, Inc.

2. Payment processing: Each app store operator (Google Play, Apple App Store)

3. Customer support: Internal company processing (no entrustment)

When entering into an entrustment contract, the Company specifies in documents such as contracts matters concerning prohibition of personal information processing other than the purpose of entrusted work, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of trustees, and liability for damages, etc., in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the trustee processes personal information safely.

If the content of entrusted work or the trustee changes, we will disclose it through this Privacy Policy without delay.

Harmony Match is a global service, and personal information may be transferred overseas to provide services.

A. Status of Overseas Transfer

1. Recipient: Amazon Web Services, Inc.

2. Countries transferred to: United States, Japan, Republic of Korea (varies by service region)

3. Purpose of transfer: Data hosting and service provision through cloud services

4. Items transferred: All personal information necessary for service use

5. Retention and use period: Until member withdrawal or termination of entrustment contract

B. Safeguards

When personal information is transferred overseas, the Company takes appropriate protective measures in accordance with the Personal Information Protection Act and related laws. For members residing in the EU/EEA/UK/Switzerland, Standard Contractual Clauses are applied to ensure safe transfer of personal information.

Users, as data subjects, may exercise the following rights:

1. Request to access personal information

2. Request to correct if there are errors

3. Request to delete

4. Request to suspend processing

Rights may be exercised to the Company in writing, by email (dev@myloveidol.com), by facsimile (FAX), etc., according to Form No. 8 attached to the Enforcement Rule of the Personal Information Protection Act, and the Company will take action without delay.

Additionally, you can directly exercise the following rights through in-service settings:

1. View and edit profile information: Available directly in profile settings within the service

2. Delete account: Available through member withdrawal in service settings

3. Refuse to receive marketing notifications: Can be changed in notification settings within the service

When a data subject requests correction or deletion of errors in personal information, the Company will not use or provide such personal information until the correction or deletion is completed.

Rights may be exercised through an agent such as a legal representative or authorized person of the data subject. In this case, a power of attorney according to Form No. 11 attached to the Enforcement Rule of the Personal Information Protection Act must be submitted.

In principle, the Company destroys personal information without delay when the purpose of processing personal information is achieved. The procedures, deadlines, and methods of destruction are as follows.

A. Destruction Procedure

Information entered by users is transferred to a separate database after the purpose is achieved (in the case of paper, to separate documents) and stored for a certain period according to internal policies and other related laws or destroyed immediately. At this time, personal information transferred to the database is not used for other purposes unless required by law.

B. Destruction Deadline

Users' personal information will be destroyed within 5 days from the end date of the retention period when the retention period of personal information has expired, and within 5 days from the date when the personal information is recognized as unnecessary when the purpose of processing personal information is achieved, the service is discontinued, the business is terminated, etc.

C. Destruction Method

Information in electronic file form is destroyed using technical methods that make records irreproducible. Personal information printed on paper is destroyed by shredding with a shredder or by incineration.

The Company is taking the following technical, managerial, and physical measures necessary to ensure safety in accordance with Article 29 of the Personal Information Protection Act.

1. Minimization of employees handling personal information and training: We designate employees who handle personal information, limit them to those in charge, and minimize them to implement measures to manage personal information.

2. Regular internal audits: We conduct regular (quarterly) internal audits to ensure safety related to personal information handling.

3. Establishment and implementation of internal management plans: We establish and implement internal management plans for safe processing of personal information.

4. Encryption of personal information: Users' personal information is stored and managed in encrypted form, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions.

5. Technical measures against hacking, etc.: The Company installs security programs to prevent leakage and damage of personal information due to hacking or computer viruses, etc., periodically updates and inspects them, installs systems in areas controlled from external access, and monitors and blocks them technically and physically.

6. Restriction of access to personal information: The Company takes necessary measures to control access to personal information by granting, changing, and deleting access rights to database systems that process personal information, and controls unauthorized access from outside using intrusion prevention systems.

7. Storage and prevention of forgery/alteration of access records: We store and manage records of access to personal information processing systems for at least 1 year, and use security functions to prevent access records from being forged, altered, stolen, or lost.

The Company uses "cookies" to store and periodically retrieve usage information to provide individual customized services to users.

A. Purpose of Using Cookies

They are used to provide optimized services to users by identifying visits to and use of each service page visited by users, analyzing users' interests and preferences, whether they access securely, etc.

B. Installation, Operation, and Refusal of Cookies

Users have the right to choose cookie installation. You can refuse to store cookies by setting options in Tools > Internet Options > Privacy menu at the top of your web browser.

However, if you refuse to store cookies, you may experience difficulties in using customized services.

C. Advertising Identifiers

Mobile app services may collect advertising identifiers (ADID/IDFA), and users can refuse or reset advertising identifier collection in device settings.

The Company designates a Personal Information Protection Officer as follows to take overall responsibility for work related to personal information processing and to handle complaints and remedy damages for data subjects related to personal information processing.

Personal Information Protection Officer

Name: Han Seong-ho (한성호)

Position: CEO

Contact: dev@myloveidol.com

Personal Information Protection Department

Department name: Security Team

Contact: dev@myloveidol.com

Data subjects may contact the Personal Information Protection Officer and the department in charge regarding all matters concerning personal information protection, complaint handling, damage remedy, etc., that occurred while using the Company's services. The Company will respond to and process data subjects' inquiries without delay.

Harmony Match services are restricted to individuals aged 18 and older. Individuals under the age of 18 cannot use the service.

If the Company becomes aware that a user is under 18 years of age, it will immediately destroy the user's personal information and delete the account.

If you suspect a member is under 18 years of age, please use the in-service reporting function.

Data subjects may request access to personal information in accordance with Article 35 of the Personal Information Protection Act to the department below. The Company will strive to process data subjects' requests for access to personal information promptly.

Department for Receiving and Processing Access Requests

Department name: Security Team

Contact: dev@myloveidol.com

Data subjects may also make requests for access to personal information through the Ministry of the Interior and Safety's "Personal Information Protection Portal" website (www.privacy.go.kr), in addition to the above department.

The following organizations are separate from the Company, and if you are not satisfied with the results of the Company's own personal information complaint handling and damage remedy or need more detailed assistance, please contact them.

Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)

Jurisdiction: Report personal information infringement facts, consultation requests

Website: privacy.kisa.or.kr

Phone: 118 (without area code)

Personal Information Dispute Mediation Committee

Jurisdiction: Personal information dispute mediation application, collective dispute mediation (civil resolution)

Website: www.kopico.go.kr

Phone: 1833-6972 (without area code)

Supreme Prosecutors' Office Cyber Investigation Division

Phone: 1301 (without area code)

Website: www.spo.go.kr

National Police Agency Cyber Investigation Bureau

Phone: 182 (without area code)

Website: ecrm.cyber.go.kr

Members residing in the European Economic Area (EEA), the United Kingdom, or Switzerland have the following additional rights under the GDPR (General Data Protection Regulation) and related laws.

1. Right to data portability: The right to receive your personal information in a structured, commonly used, and machine-readable format

2. Right to restriction of processing: The right to request temporary suspension of personal information processing under certain conditions

3. Right to object to automated decision-making: The right to object to decisions based solely on automated decision-making, including profiling

4. Right to lodge a complaint with a supervisory authority: The right to lodge a complaint with the data protection supervisory authority in your place of residence, place of work, or place of alleged infringement

The Company applies the following as the legal basis for processing personal information:

1. Performance of a contract: Processing necessary for service provision and account management

2. Legitimate interests: Service improvement, safety maintenance, fraud prevention, etc.

3. Legal obligation: Fulfillment of obligations under laws

4. Consent: Processing of sensitive data or for marketing purposes

This Privacy Policy applies from the effective date, and if there are additions, deletions, or corrections to changes in laws and policies, we will notify you through announcements starting 7 days before the implementation of the changes.

However, if there are significant changes to members' rights, we will notify at least 30 days in advance and, if necessary, provide individual notification via email or in-service alerts.