THEIA (hereinafter referred to as the 'Company') has implemented the following handling policy to protect users' personal information and rights and interests in accordance with the Personal Information Protection Act and to handle users' complaints related to personal information smoothly.
The company has enacted and complies with the personal information processing policy as follows and makes it easy for users to view it at any time.
If the company revises the privacy policy, it will be notified through the website notice (or individual notice).

○ This policy will be effective from 2022.02.01

1. Purpose of collection and use of personal information

Users' personal information is collected, used and processed for the following purposes.

2. Personal information processing and retention period

The company destroys the user's personal information without delay when the purpose of collection and use is achieved.
However, if it is necessary to preserve as follows in accordance with the relevant laws and regulations, the personal information of users is kept for a certain period of time as stipulated by the relevant laws and regulations.

1. ① When it is necessary to preserve according to laws such as the Commercial Act: 6 months (Act on Consumer Protection in Electronic Commerce)
2. ② Records on contract or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce)
3. ③ Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce)
4. ④ Records on handling consumer complaints or disputes: 3 years (Act on Consumer Protection in Electronic Commerce)
5. ⑤ Records on collection, processing and use of credit information: 3 years (Act on the Use and Protection of Credit Information)
6. ⑥ Retention of records related to identity verification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection, Article 44-5 and Enforcement Decree Article 29)
7. ⑦ Retention of records related to access: 3 months (Article 15-2 of the Communication Secret Protection Act and Article 41 of the Enforcement Decree
8. ⑧ If there is an individual consent of other members, it is stored until the period according to the individual consent.

3. Matters concerning the provision of personal information to third parties

1. ① The user's personal information is used within the scope of notifying the user through the personal information processing policy and obtaining consent and does not use it beyond this scope or provide it to a third party.
   In the case of providing personal information to a third party, consent is obtained after notifying the user of the 'recipient, the purpose of use of the recipient, the items of personal information to be provided and the retention period'.
2. ② However, for reasons stipulated by the Personal Information Protection Act and the Information and Communications Network Act, in the following cases, the member's personal information may be used or provided to a third party without the user's consent.
3. ③ If there are any other laws, but if there is a special provision in the law, we will not provide the user's personal information unconditionally, even if there is a request for administrative or investigation purposes by an administrative or investigative agency. It will be provided only if it can be confirmed that it is the data required by the law, such as in the case of a warrant or a written seal stamped by the head of the institution.

4. Rights of users and legal representatives and methods of exercising

Users can exercise the following rights as a subject of personal information.

1. ① The information subject can exercise the right to view, correct, delete,or suspend processing of personal information at any time with respect to the company.
2. ② The exercise of the rights pursuant to Paragraph 1 may be done in writing, e-mail, fax in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act for the company, and the company will take action without delay.
3. ③ The exercise of rights pursuant to Paragraph 1 may be done through an agent such as a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with Form 11 of the Enforcement Regulations of the Personal Information Protection Act.
4. ④ The rights of the information subject may be restricted in accordance with Article 35, Paragraph 5, Article 37 Paragraph 2 of the Personal Information Protection Act for requests to view and stop processing of personal information.
5. ⑤ Requests for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
6. ⑥ The company confirms whether the person who made the request, such as a request for reading, correction or deletion, or suspension of processing, is the person or a legitimate agent according to the right of the information subject.

5. Personal information destruction method

In principle, when the purpose of personal information processing is achieved, the company destroys the personal information without delay. The procedure, time limit and method of destruction are as follows.

1. ① Destruction procedure
   The company destroys information after the purpose of use is achieved (refer to the processing and retention period of personal information). At this time, the personal information transferred to the DB is not used for any other purpose except in cases pursuant to the law.
2. ② Deadline for destruction
   If the retention period of the personal information of the user has elapsed, the personal information will be stored within 5 days from the end of the retention period when the personal information becomes unnecessary, such as the achievement of the purpose of processing the personal information, the abolition of the service, or the termination of the business. The personal information has to destroy within 5 days from the date that processing is deemed unnecessary.
3. ③ Destruction method
   Information in the form of electronic files uses a technical method that cannot reproduce records. Personal information printed on paper is shredded with a shredder or destroyed through incineration.

6. Matters concerning the installation, operation and rejection of the automatic personal information collection device

The company operates cookies that store and find user information from time to time.
Cookies are very small text files sent to the user's browser by the server used to operate the company's website and are stored on the user's computer hard disk.
The company uses cookies for the following purposes:
Users who have used various marketing services that analyze the user's access type, visit time, and access frequency have the option to install cookies.
Therefore, the user can allow all cookies by setting options in the web browser, check each time a cookie is saved, or refuse to save all cookies.
If you want to change cookie-related settings, check Tools > Internet Options > Privacy section at the top of your web browser.

7. Writing for the person in charge of personal information protection

The company is responsible for overall handling of personal information, and has designated a person in charge of personal information protection as follows to handle complaints and damage relief from information subjects related to personal information processing.

▶ Person in charge of personal information protection
Full name :
Department :
Contact :
fax :
e-mail :

Your inquiry will be directed to the department in charge of personal information protection, and the company will promptly respond to inquiries from users.

8. Duty to notify

In the case of additions, deletions, or modifications to the current personal information handling policy due to changes in government policy or security technology, it must be notified through the notice on the website at least 7 days prior to the revision.