KR EN
Request a Meeting

Current · Effective April 1, 2026

EverCura Co., Ltd. (hereinafter "the Company") complies with the personal information protection regulations applicable to information and communications service providers, including the Personal Information Protection Act. The Company establishes and maintains a privacy policy in accordance with relevant laws to protect the rights and interests of users. This Privacy Policy applies to the website services provided by the Company and contains the following information.

Personal Information Collected and Collection Methods

1. Items of Personal Information Collected

The Company collects the minimum personal information necessary to handle service inquiries and fulfill contracts, without a separate membership registration process.

  • Upon service inquiry: name, company name, contact number (mobile), email address, inquiry details
  • Upon service contract and payment: address (place of business), representative name, information for tax invoice issuance (email, etc.), payment records
  • During service use: service usage logs, access logs, cookies, and access IP addresses may be automatically generated and collected.

2. Collection Methods

  • Website (inquiry form), written forms, email, phone, fax, and automatic collection via data collection tools

Purpose of Collecting and Using Personal Information

The Company uses the collected personal information for the following purposes.

1. Fulfillment of Service Agreements and Billing

  • Providing EverCura services, processing purchases and payments, sending contracts and invoices, and verifying identity for financial transactions

2. Customer Management and Inquiry Handling

  • Identity verification for inquiries, contact and notification for fact investigation, complaint handling and notification of processing results

3. Marketing and Advertising (With Consent)

  • Delivering promotional information related to EverCura services and events, analyzing access frequency, and gathering statistics on customer service usage

Retention and Use Period of Personal Information

In principle, the Company destroys personal information without delay once the purpose of collection and use has been achieved. However, the following information is retained for the period specified below for the stated reasons.

1. Retention Based on Internal Policy

  • Inquiry and consultation service usage records
    • Items retained: Name, company name, contact number, email address, inquiry details
    • Reason for retention: Verification of inquiry history and provision of seamless service upon follow-up
    • Retention period: 3 years after inquiry is resolved (or until the purpose is achieved)

2. Retention Required by Applicable Law

Where retention is required under applicable laws such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, the Company retains customer information for the periods specified by those laws.

a. Records on contracts and withdrawal of subscription

  • Items retained: Service contracts (including consent forms), records of contract performance
  • Legal basis: Act on Consumer Protection in Electronic Commerce
  • Retention period: 5 years

b. Records on consumer complaints and dispute resolution

  • Items retained: Electronic documents related to customer complaints and disputes
  • Legal basis: Act on Consumer Protection in Electronic Commerce
  • Retention period: 5 years

c. Records on payment and supply of goods/services

  • Items retained: Payment records, tax invoice issuance records
  • Legal basis: Act on Consumer Protection in Electronic Commerce, Framework Act on National Taxes
  • Retention period: 5 years

d. Survey and statistical data

  • Items retained: Data containing personal information collected after survey compilation
  • Legal basis: Data collection for customer satisfaction activities and system improvement
  • Retention period: 5 years

e. Website visit records

  • Items retained: Website visit logs
  • Legal basis: Protection of Communications Secrets Act
  • Retention period: 3 months

However, for customers with an active service contract, information necessary for the provision of that service and fulfillment of the contract may be retained until the contract ends. Where retention is required by applicable law, such information is stored separately for the period prescribed by that law.

Destruction of Personal Information

In principle, the Company destroys personal information without delay once the purpose of processing has been achieved. The procedures, deadlines, and methods of destruction are as follows.

  • Destruction procedure: Information entered by users for inquiries or service contracts is transferred to a separate database once the purpose has been achieved and is stored for a designated period in accordance with internal policy and applicable laws before being destroyed. Such personal information is not used for any purpose other than retention unless required by law.
  • Destruction deadline and method: Personal information is destroyed without delay when the retention period has expired, the purpose of processing has been achieved, or the relevant business has been discontinued, rendering the information unnecessary. Electronic files are destroyed using technical methods that prevent recovery. Personal information printed on paper is destroyed by shredding or incineration.

Disclosure of Personal Information to Third Parties

In principle, the Company processes personal information only within the scope specified for the purpose of collection and use. Except in the cases listed below, the Company does not process personal information beyond its original purpose or provide it to third parties without the prior consent of the data subject.

  1. Where prior consent has been given, or where separate consent is obtained from the data subject
  2. Where there is a special provision in law, or where a request is made by an investigative authority in accordance with the procedures and methods prescribed by law
  3. Where it is clearly necessary for the urgent protection of the life, body, or property of the data subject or a third party, and prior consent cannot be obtained due to the data subject's incapacity or unknown address
  4. Where personal information is provided in a form that does not allow identification of a specific individual for purposes such as statistical compilation or academic research

Entrustment of Personal Information Processing

To provide smooth services, the Company entrusts personal information processing to external specialists as set out below, and stipulates the necessary provisions in entrustment agreements to ensure that personal information is managed securely.

Entrusted Company Entrusted Tasks
Salesforce.com, Inc. Operation of Customer Relationship Management (CRM) system and data storage (including overseas storage through global cloud infrastructure)

User Rights and How to Exercise Them

  1. Users may at any time exercise their rights against the Company, including the right to access, correct, delete, or request suspension of processing of their personal information.
  2. Rights may be exercised in writing, by email, or by mobile message to the Company, and the Company will respond without delay.
  3. If a user requests correction or deletion of personal information due to errors, the Company will not use or provide that information until the correction or deletion is completed.
  4. Rights may be exercised through a legal representative or an authorized agent of the user. In such cases, a power of attorney in accordance with Annex 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
  5. Personal information terminated or deleted at the user's request is handled in accordance with the retention periods stated in "Retention and Use Period of Personal Information" and is rendered inaccessible or unusable for any other purpose.

Security Measures for Personal Information

The Company takes the following measures to ensure the security of personal information.

  1. Administrative measures: Establishment and implementation of internal management plans, minimization of personnel handling personal information, and regular training
  2. Technical measures: Access control for personal information processing systems (including Salesforce), maintenance and tamper-prevention of access logs, encrypted transmission of personal information, installation and updating of security programs
  3. Physical measures: Access control for external visitors and locking mechanisms for data storage areas

Installation, Operation, and Refusal of Automatic Data Collection Devices

The Company operates "cookies" and similar tools that frequently store and retrieve your information. Cookies are small text files sent by the server operating the website to your browser and stored on your computer's hard disk.

1. Purpose of Cookies

Analysis of access frequency and visit times, identification and tracking of user preferences and interests, measurement of participation in events and number of visits, and provision of targeted marketing and personalized services

2. Installation, Operation, and Refusal of Cookies

You have the right to choose whether to accept cookies. You can configure your web browser settings to allow all cookies, confirm each time a cookie is saved, or refuse all cookies.

3. How to Refuse Cookie Installation

  • Chrome: Settings > Privacy and security > Clear browsing data
  • Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data
  • Safari: Preferences > Privacy > Manage Website Data

Please note that refusing to save cookies may cause difficulties in using personalized services.

Personal Information Complaint Service

To protect customers' personal information and handle complaints related to personal information, the Company has designated the following department and Privacy Officer.

Privacy Officer
 
Name
Cha Seulyena
Department
Distribution Business Division
Phone
010-2762-4324
Email
lina@ever-cura.com

You may report any personal information protection complaints arising from the use of the Company's services to the Privacy Officer or the relevant department. The Company will provide prompt and sufficient responses to user reports.

For additional reports or consultations regarding personal information infringement, please contact the following organizations.

  • Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
  • Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972)
  • Supreme Prosecutors' Office Cyber Investigation Department (spo.go.kr / area code + 1301)
  • National Police Agency Cyber Safety Bureau (cyberbureau.police.go.kr / 182 without area code)

Changes to the Privacy Policy

This Privacy Policy may be amended with additions, deletions, or modifications in response to changes in government policy or security technology, and in such cases the Company will notify users through the official website without delay.

  • This Privacy Policy is effective as of April 1, 2026.