Privacy Policy
Privacy Policy
XOOX Co., Ltd. (hereinafter referred to as the “Company”) complies with personal information protection regulations under relevant laws, such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection. The Company has established a Privacy Policy in accordance with applicable laws to protect the rights and interests of data subjects, including customers, employees, and website users. Through this Privacy Policy, the Company informs data subjects about the purposes and methods of processing the personal information provided and the measures taken to protect personal information. The Company will notify data subjects of any revisions to the Privacy Policy through announcements on the XOOX website (or through individual notices).
The Company’s publicly disclosed policies regarding personal information consist of two parts: the [Privacy Policy] concerning the protection of all personal information processed by the Company, and the [CCTV Operation and Management Policy] concerning the protection of personal video information. However, separate privacy policies apply to other XOOX websites beyond this website.
1. Privacy Policy
XOOX Co., Ltd. (hereinafter referred to as the “Company”) places great importance on personal information protection and processes and securely manages personal information in accordance with the Personal Information Protection Act and related laws. Pursuant to Article 30 of the Personal Information Protection Act, the Company has established and discloses the following Privacy Policy to inform data subjects about the procedures and standards for personal information processing and to promptly and smoothly address related grievances.
01. Personal Information Collection Items and Methods
1. Personal Information Collection Items
The Company collects the following personal information when data subjects use the website services. Only essential personal information required for service provision is collected, and additional personal information is collected only after obtaining separate consent.
• Product/Solution/Partnership/General Inquiries and Complaint Handling
◦ Required Items: Name, company name, phone number, email, industry, inquiry details
• Service Analysis and Service Quality Improvement
◦ Service usage and termination records, access logs, cookies, IP address
2. Personal Information Collection Methods
The Company collects personal information through the customer inquiry board on the website. During the use of website services, certain information is automatically collected through log analysis programs and methods such as cookies.
02. Purpose, Retention, and Use Period of Personal Information Collection
1. Purpose of Collection and Use
• Product/Solution/Partnership/General Inquiries and Complaint Handling
◦ To confirm and respond to inquiries or complaints, contact or notify for fact-finding, and inform about processing results.
• Service Analysis and Service Quality Improvement
◦ To provide better services to users and enhance the quality of the Site through service usage analysis.
2. Retention and Use Period
• Product/Solution/Partnership/General Inquiries and Complaint Handling: 1 year
• Service Analysis and Service Quality Improvement: 14 months
03. Personal Information Destruction Procedures and Methods
1. The Company destroys personal information without delay when the retention period expires or the processing purpose is achieved, rendering the information unnecessary.
2. If personal information must be retained due to other laws despite the expiration of the retention period or achievement of the processing purpose, the personal information (or personal information files) is transferred to a separate database (DB) or stored in a different location.
3. The procedures and methods for destroying personal information are as follows:
• Destruction Procedure: The Company establishes a personal information destruction plan for information subject to destruction and selects personal information for which destruction reasons have arisen. The Company destroys personal information upon internal approval.
• Destruction Method: Personal information stored in electronic file formats is destroyed in a manner that prevents recovery, and personal information recorded or stored on paper documents is destroyed by shredding or incineration.
04. Provision of Personal Information to Third Parties
The Company processes personal information only within the scope specified in the processing purposes and provides personal information to third parties only in cases compliant with Articles 17 and 18 of the Personal Information Protection Act, such as:
• When separate consent is obtained from the data subject.
• When special provisions exist in other laws.
• When deemed necessary to protect the life, body, or property interests of the data subject or a third party in urgent situations.
• When urgently required for public safety, such as public health.
The Company does not provide personal information to third parties except in the above cases.
06. Measures to Ensure the Security of Personal Information
The Company takes the following technical, managerial, and physical measures to ensure the security of personal information as required by Article 29 of the Personal Information Protection Act:
• Minimization of Personal Information Handlers: The Company minimizes the authority of personal information handlers to protect personal information.
• Regular Training for Handlers: Regular training is conducted to enhance awareness of personal information protection.
• Regular Internal Inspections: The Company conducts regular internal inspections to ensure the security of personal information processing.
• Establishment and Implementation of Internal Management Plans: Internal management plans are established and managed for the secure processing and management of personal information.
• Encryption of Personal Information: Personal information and passwords of data subjects are encrypted for storage and management, and secure functions are used during transmission.
• Technical Measures Against Hacking: The Company installs security programs, conducts periodic updates and inspections, and places systems in access-controlled areas to prevent personal information leaks or damage due to hacking or viruses, with technical and physical monitoring and blocking.
• Access Restrictions to Personal Information: The Company implements necessary measures to control access to personal information processing systems through granting, modifying, or revoking access rights and uses intrusion prevention systems to block unauthorized external access.
• Storage and Anti-Tampering of Access Logs: Access logs to the personal information processing system are stored and managed, with security functions to prevent tampering, theft, or loss.
• Use of Locking Devices for Document Security: Documents and auxiliary storage media containing personal information are stored in secure locations with locking devices.
• Access Control for Unauthorized Persons: The Company maintains separate physical storage locations for personal information and establishes and operates access control procedures.
07. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
1. The Company uses cookies to collect and use behavioral information without identifying individuals to provide personalized services and convenience.
2. Cookies are small pieces of information sent by the server (http) used for website operations to the user’s browser and stored on the user’s PC or mobile device. They are used to identify user services, usage patterns, and search terms to provide more convenient services.
3. Users can set options in their web browser to allow or block cookies. However, refusing to store cookies may cause difficulties in using personalized services.
4. The Company collects only the minimum behavioral information necessary to provide optimized services and does not collect sensitive behavioral information.
08. Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercise
1. Data subjects may exercise the following rights regarding personal information at any time with the Company: access, correction, deletion, suspension of processing, withdrawal of consent, and refusal or explanation of automated decisions.
2. These rights can be exercised in accordance with the Personal Information Protection Act through written requests, email, or fax, and the Company will take action without delay.
3. If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
4. The rights in item 1 may be exercised through a legal representative or an authorized agent. In such cases, a power of attorney in the format specified in Annex 11 of the “Notice on Personal Information Processing Methods” must be submitted.
5. The right to request access or suspension of processing may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.
6. Requests for correction or deletion of personal information cannot be made if the personal information is specified as a collection target under other laws.
7. The Company verifies whether the person exercising the rights is the data subject or a legitimate representative.
8. If there are legitimate reasons to refuse access, correction, deletion, or suspension of processing for all or part of the personal information, the Company will notify the customer and explain the reasons.
9. Requests for personal information access under Article 35 of the Personal Information Protection Act can be made to the following department:
• Department: XOOX EHS Team
• Contact: 070-4519-6451
09. Personal Information Protection Officer and Department
To protect customers’ personal information and handle related complaints, the Company designates the following personal information protection officer and department:
1. Personal Information Protection Officer
• Yi Bohyung, Representative of XOOX
2. Personal Information Department
• Department: XOOX EHS Team
• Phone: 070-4519-6451
• Email: Ai@xooxbot.com
10. Remedies for Infringement of Data Subjects’ Rights
1. The Company strives to protect data subjects’ personal information. To seek remedies for personal information infringements, data subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency’s Personal Information Infringement Report Center, or other relevant organizations. For additional reporting or consultation regarding personal information infringements, please contact the following institutions:
• Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
• Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
• Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)
• National Police Agency: 182 (ecrm.police.go.kr)
2. The Company guarantees data subjects’ right to self-determination regarding personal information and strives to provide consultation and remedies for personal information infringements. For any reporting or consultation needs, please contact the personal information department listed above.
11. Scope of Application of the Privacy Policy
This Privacy Policy applies to the use of the Company’s website (https://www.xooxbot.com). Separate privacy policies may apply to individual services provided by the Company.
12. Notification of Privacy Policy Revisions
If there are additions, deletions, or modifications to the content of this Privacy Policy, the Company will notify the reasons and details of the changes through the website’s notice board before implementing the revised Privacy Policy.
13. Matters Concerning Changes to the Privacy Policy
This Privacy Policy is effective as of July 7, 2025.