PRIVACY

  • PRIVACY

AITRICS Privacy Policy

AITRICS Co., Ltd. (“the Company”) establishes and discloses the following privacy policy in accordance with Article 30 of the Personal Information Protection Act to protect the freedom and rights of data subjects and to handle complaints related to personal information efficiently.

1. Purpose of Personal Information Processing

The Company processes personal information for the following purposes. The information collected will not be used for any purposes other than those listed below. If the purpose of use changes, the Company will obtain separate consent in accordance with Article 18 of the Personal Information Protection Act.

  • ① To provide services in response to product inquiries
  • ② To manage and respond to job applications and recruitment inquiries
2. Items of Personal Information Collected and Retention Period

The Company collects and uses personal information with the consent of the data subject in accordance with Article 15(1)(1) and Article 22(1)(7) of the Personal Information Protection Act.

Items Collected Purpose Retention Period Method
(Required) Name, Affiliation (hospital/company), Contact, Email Product Inquiry 3 years from date of collection Website
(Optional) Region
(Required) Name, Contact, Email, Resume Job Application and Recruitment Inquiry Destroyed immediately after the recruitment process ends Website
(Optional) Unstructured personal information via attachments
① Records related to consumer complaints or dispute resolution from product inquiries are retained for 3 years.
☞ Legal Basis: Article 6(1)(4) of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce
② Personal information of hired individuals is retained for 3 years from the date of resignation.
☞ Legal Basis: Article 42 of the Labor Standards Act
3. Procedures and Methods for Destruction of Personal Information

① The Company destroys personal information without delay when the retention period has expired or the purpose of processing has been fulfilled.

② If personal information must be retained due to other laws even after the consented retention period has passed or the purpose has been fulfilled, the information will be stored separately in a different database (DB) or storage location.

③ The Company selects the personal information to be destroyed, obtains approval from the Chief Privacy Officer, and then proceeds with destruction.

④ Electronic data is permanently deleted to prevent recovery, and physical documents are shredded or incinerated.

4. Outsourcing of Personal Information Processing

① The Company outsources personal information processing to the following entities for smooth service operation.

Processor Task
Suhoin Managing personal information for product use by employees with disabilities in the arts
JobKorea LLC (Ninehire) Talent recruitment management

② When signing outsourcing agreements, the Company specifies restrictions on processing outside of the delegated purpose, technical and administrative safeguards, prohibition of subcontracting, supervision, and liability for damages in accordance with Article 26 of the Personal Information Protection Act.

③ In accordance with Article 26(6) of the Personal Information Protection Act, if a processor further delegates the Company’s personal information processing tasks to a subcontractor, the processor must obtain the Company’s prior consent. The Company discloses the names of such subcontractors and the details of the re-delegated tasks through this Privacy Policy.

Sub-Processor Subcontracted Task
Amazon Web Services Inc. Cloud IT infrastructure management
NHN Cloud, BizTalk Inc. Kakao AlimTalk message transmission
Toss Payments Co., Ltd. Online payment processing
Channel Corporation Real-time chat support
Bespin Global Inc. Cloud service management (MSP)

※ [Link to Ninehire’s Privacy Policy]

④ Any changes to outsourcing tasks or processors will be disclosed promptly via this Privacy Policy.

5. Measures to Ensure the Security of Personal Information
The Company takes the following measures to ensure the security of personal information.

① Administrative measures: Establishment and implementation of an internal management plan and regular employee training

② Technical measures: Access control for personal information, encryption, and installation of security programs

③ Physical measures: Access restrictions to server rooms, document storage areas, and other key facilities

6. Use of Automatic Data Collection Tools (Cookies)

① The Company uses cookies to store and retrieve user information in order to provide personalized services and convenience to users.

② Cookies are small pieces of data sent from the server (HTTP) used to operate the website to the user’s browser and stored on the user’s PC or mobile device.

③ Data subjects can choose to allow or block cookies through their web browser settings. However, disabling cookies may result in limited access to customized services.

▶ How to enable/disable cookies in web browsers:

• Chrome : Settings > Privacy and Security > Clear browsing data

• Edge : Settings > Cookies and site permissions > Manage and delete cookies and site data

▶ How to enable/disable cookies in mobile browsers:

• Chrome : Mobile browser settings > Privacy and Security > Clear browsing data

• Safari : Device Settings > Safari > Advanced > Block All Cookies

• Samsung Internet : Mobile browser settings > Browsing data > Delete browsing data

7. Rights and Obligations of Data Subjects and Their Legal Representatives, and How to Exercise Them

① Data subjects may exercise the following rights with respect to the Company at any time: request to view, correct, delete, or suspend the processing of their personal information; withdraw consent; and object to or request an explanation regarding automated decision-making.

② These rights may be exercised by submitting a written request, via email, or by fax, in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act. The Company will take prompt action in response.

③ The right to request access to or suspension of processing of personal information may be restricted pursuant to Articles 35(4) and 37(2) of the Personal Information Protection Act.

④ If the collection of personal information is explicitly required by other laws, the data subject may not request its deletion.

⑤ The Company will verify whether the person exercising any of the above rights is the data subject themselves or a legitimate legal representative.

⑥ The Company allows data subjects to make requests for access to personal information, etc., to the department below. The Company will strive to ensure that requests for access to personal information are processed promptly.

▶ Department in Charge of Receiving and Processing Requests for Access to Personal Information

• Department Name: Strategic Sales & Marketing, HR&GA Team

• Contact Number and Email Address: 02-569-5507 / sm@aitrics.com, career@aitrics.com

8. Personal Information Protection Officer

The Company designates the following Chief Privacy Officer who is responsible for overseeing the overall tasks related to personal information processing and for handling complaints and providing remedies for data subjects regarding personal information matters.

▶ Department in Charge of Handling Requests Related to Personal Information

• Name : Jeong Ho Park

• Position : Chief Information Security Officer

• Contact Number and Email Address: 02-569-5507 / pjh@aitrics.com

Data subjects may contact the Chief Privacy Officer and the responsible department regarding all matters related to personal information protection, complaint handling, and remedies for damages that occur while using the Company's services. The Company will respond to and handle inquiries from data subjects without delay.

9. Remedies for Infringement of Data Subject Rights

Data subjects may contact the institutions listed below for assistance, consultation, or remedies related to personal information infringement. These institutions are independent from the Company. If you are not satisfied with the Company’s own handling of personal information complaints or remedies, or if you need more detailed support, please contact the following:

• Personal Information Infringement Report Center (privacy.kisa.or.kr, 118 without area code)

• Personal Information Dispute Mediation Committee (www.kopico.go.kr, 1833-6972 without area code)

• Supreme Prosecutors' Office (www.spo.go.kr, 1301 without area code)

• National Police Agency (ecrm.cyber.go.kr, 182 without area code)

10. Operation and Management of Fixed Video Surveillance Devices

The Company installs and operates fixed video surveillance devices as follows:

① Basis and Purpose of Installation: Facility safety and fire prevention

② Number of Installed Devices, Location, and Area Covered

Number of Devices Installation Location and Area Covered
2 devices Entire area of key facilities including office entrance and interior

③ Person in Charge of Management and Personnel with Access Right

Category Name Department Position Contact Number
Manager Jun Phang HR&GA Manager 02-569-5507

④ Video Recording Time, Retention Period, Storage Location, and Handling Method

Recording Time Retention Period Storage Location
24 hours 30 days from recording date Server Room
11. Changes to the Privacy Policy

① This policy shall take effect as of July 21, 2025. In the event of additions, deletions, or modifications due to changes in laws, policies, or security technologies, the revised Privacy Policy will be announced on the Company’s website or by other means.

② Previous versions of the Privacy Policy can be found below.