EINEBLUME Co., Ltd. ("us", "we", or "our") operates the https://global.chatie.me website and mobile application(hereinafter referred to as the "Service" or “Chatie Service”). This page informs you of our policies regarding the collection, use and disclosure of personal information when you use our Service and the choices you have associated with that information. We use your information to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms of Service.

1. PURPOSES OF COLLECTION AND USE OF PERSONAL INFORMATION

We may collect and process personal information about you for the following purposes. We do not otherwise share your personal information with third parties or use your personal information for any other purposes unless otherwise expressly provided herein.

1.1. Inquiry Response

We may use your personal information in connection with responding to your inquiries and grievances. That is, we may process personal information about you to confirm your identity, to review your questions or complaints and to communicate to you with our responses.

1.2. Provision of Products or Services

We may process your personal information to develop new services or provide more personalized and streamlined services based on demographic information or information about your interest and also to monitor statistics for your use of our Services.

1.3. Promotional Events

We may use or process personal information about you to invite you to our special promotional events from time to time.

1.4. User Verification and Registration

We may collect and use personal information about you as our User (as defined in our Chatie Terms of Service) to verify your identity and status, to prevent unauthorized use or intrusion to our Services, to confirm your consent to join our Services, to verify registration status and prevent you from creating multiple accounts and also for our record keeping purposes in connection with dispute resolution and customer services.

2. COLLECTION AND USE OF PERSONAL INFORMATION

We may collect personal information about you in connection with providing the Chatie Services through the following methods.

2.1. Collection Methods

We may use the following methods to collect personal information about you.

1. through our website, on paper forms, via facsimile and phone, or Q&A board on our website or by your entrance to our promotional events;
2. through our agents and third party partners; or
3. via information collecting tools.

2.2. Collection and Use Policy

The following information about you may be collected on our website (https://global.chatie.me) or mobile application and we only use such information for the purposes set forth under “1. Purposes of Collection and Use of Personal Information.

1. Following information may be collected during user registration procedures.
   • [Registration with an email] Email, password, date of birth (optional), gender (optional)
   • [Registration with Facebook account] Social ID, name, email (optional), date of birth (optional), gender (optional)
   • [Registration with Google account] Social ID, email, date of birth (optional), gender (optional)
   • [Registration with Apple ID] Social ID, email, date of birth (optional), gender (optional)
2. Following information may be collected according to the user's choice in the process of using the artist service.
   • Profile Nickname
   • Profile picture
3. Following information may be collected according to the user's selection in the process of finding a member ID and participating in an event.
   • Gender
   • Birth date
   • Mobile phone number
   • Mobile phone telecom
4. Following information may be collected by the personal information trustee (payment agency) in the process of using paid services, while the company will not store payment information.
   • Common fields: payment date and time, payment method, payment store, payment amount, payment currency, payment IP
   • When paying by credit card: name of the card company, card number, etc.
   • For mobile phone payment: mobile phone number, telecommunication company, payment approval number, etc.
   • For wire transfer: bank name, account number, etc.
   • When using a gift certificate: Gift certificate number
   • When using Google or Apple payment: Payment ID
5. Following information may be automatically generated and collected in the process of using content.
   • Content used
   • Date of use
   • Date of purchase
6. Following information may be automatically generated and collected in the process of using the sponsorship service.
   • Sponsored person
   • Sponsorship Date
   • Sponsorship amount
7. During a withdrawal service, following personal information may be collected according to the user's choice for the purpose of account transfer and tax return.
   • Name
   • Resident registration number
   • Contact information (mobile phone number)
   • Bank account information (account holder, account number, bank name)
8. During mobile services provision, terminal information (device model, hardware ID, operating system version information) and basic service statistics (application usage information to provide synchronization and customized recommendation functions) may be collected, but this shall not identify individuals. If additional personal information collection is required while using the service, the Company shall notify the member in advance to obtain appropriate consents.
9. Following information may be automatically generated and collected in the course of service use or business processing.
   • IP Address
   • Date of visit
   • service usage record
   • cookie
   • access log
   • bad use record
   • App installation information
   • Network location information, etc.
10. Other information automatically collected: cookie, IP address, usage history, visiting history, and device information (model number, operating system and unique identifiers of the device)
11. Change of Control Notice: In the event that we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your personal information may be sold or transferred as part of such transaction. This Privacy Policy will apply to your personal information as transferred to the new entity
12. Your Right to Review and Update Information on the Website.
    You may access and review your personal information that you provided when you created your user account on the Website so that you can update your information from time to time. If you wish to cancel and delete your account, you may login and follow the instructions contained on our Website. Unless we have a legal basis to store your personal information to comply with tax or accounting rules and regulations, we will delete or de-identify the personal information we have collected about you upon your request to delete or cancel your account.
13. Sharing of Personal Information of Our Users
    We may disclose personal information about you if necessary to respond to the inquiries or verification requests that we receive in connection with the Chatie Services. We may also share information about our Users within the Company to provide, understand, or improve our Services.
14. Withdrawal of Consent
    You may reject cookies or delete them at any time by change settings on your mobile or PC browser. However, you may not be able to use a certain portion of the Chatie Services if you reject our use of cookies After the User enabled the respective settings on the device as provided above, we will no longer collect, use, share, or otherwise process personal information from that device for personalized advertising experience. Unless we have another legal basis for keeping the User’s personal information, we will also delete or de-identify the personal information we have collected about such User within 30 days from the date on which the User applied one of the above methods to withdraw consent.
15. Where Legally Required
    We will process personal information as necessary to comply with applicable laws. For example, we will collect from the Users of IP addresses to identify a country location so that we know whether such Users are located in the European Economic Area, the United Kingdom, or Switzerland, but we will not share the Users’ full IP addresses or retain the same internally.
16. Minors Under the Age of 16
    If a User resides in the European Economic Area, the United Kingdom, or Switzerland, then the User must be at least 16 years of age to give his/her consent to Chatie Services. We do not collect or otherwise process personal information from individuals in the European Economic Area, the United Kingdom, and Switzerland whom we know are under the age of 16, except to comply with apply laws or to support our legitimate interests.

3. PERSONAL INFORMATION AND THIRD PARTIES

We use personal Information about our Users only to the extent provided under “2. Collection and Use of Personal Information.” Except where we are required to disclose or submit personal information to comply with applicable laws, regulations, legal processes, governmental requests or court orders, we will not use or disclose to any third-party personal information about the Users for any other purposes without their prior consent.

4. RETENTION AND USE OF PERSONAL INFORMATION

We will promptly delete or de-identify the personal information we have stored about our Users once we have accomplished the purposes for collecting and storing the personal information as provided above with exception of the following reasons (and no other reasons) in which cases, we may store the personal information for the duration set forth below. Storing Personal Information Pursuant to Applicable Laws To the extent required under applicable laws, including, without limitation, the Commercial Act and the Act on the Consumer Protection in Electronic Commerce, etc., we may store personal information about you for certain period of time. We store such information only to be in compliance with applicable laws and only for the time period set forth below. In no case we use the information stored hereunder for any other purpose.

4.1. Pages Visited

1. Applicable Law: Protection of Communications Secret Act
2. Retention Period: 3 months

4.2. Records on Customer Complaints or Disputes

1. Applicable Law: Act on the Consumer Protection in Electronic Commerce, Etc.
2. Retention Period: 3 years

4.3. Records on Payments Made and Collected for Supply of Goods

1. Applicable Law: Act on the Consumer Protection in Electronic Commerce, Etc.
2. Retention Period: 5 years

4.4. Records on Entering into or Withdrawing from Contractual Relationship

1. Applicable Law: Act on the Consumer Protection in Electronic Commerce, Etc.
2. Retention Period: 5 years

4.5. Records on Collection and/or Processing of Credit Information

1. Applicable Law: Credit Information Use and Protection Act
2. Retention Period: 3 years

4.6. Records on Advertising and Display

1. Applicable Law: Act on the Consumer Protection in Electronic Commerce, Etc.
2. Retention Period: 6 months

5. DESTRUCTION OF PERSONAL INFORMATION

We will promptly destroy personal information that is no longer required to fulfil the identified purposes stated above. We apply the following procedures in destroying such personal information.

5.1. Destruction Procedures

We will move such personal information that is no longer required to fulfil the identified purposes to a separate DB (separate files in case of information in hard copies) and maintain it for set duration of time or promptly destroy as required by applicable laws. We will not use the personal information that is maintained in separate DB for any reasons except to comply with applicable laws.

5.2. Disposal Method

• Personal information stored in electronic format will be deleted by using a technical approach to prevent it from being restored.
• Information on paper form will be shredded or incinerated.

6. RIGHTS OF USERS

Users of Chatie Services can login in to check and update their personal information registered on our system at any time. If they wish to withdraw their consent to our processing of personal information about them, then the Users can either withdraw their consent or request for cancellation of their accounts (please note that you may not be able to use our services or any part thereof upon your withdrawal of your consent or cancellation). To access or modify your personal information, you can login to your account and click on ‘update member information’ and to cancel your account (or to withdraw your consent), you can click on ‘closing account’ and follow the instructions. You can also write to us or call or e-mail us and make your request to modify or cancel. If you request a correction of your personal information registered on our system, we will not use or share your information until the correction is completed. Also, if we have already shared the personal information containing an error with any third party, we will promptly notify the third party of the correction.

7. How We Protect Your Personal Information

We strive to safeguard personal information of our Users by utilizing technology and management system as follows.

7.1. Encryption of Personal Information

Sensitive and critical information such as your password is encrypted and only you can check and modify such information.

7.2. Protection from Security Threats

We are doing our best to safeguard personal information of our Users from being leaked or damaged by hacking or computer viruses. In order to prevent the loss of personal information, we back up our data on a regular basis, use the latest anti-virus program, and use encryption technology to securely transmit personal information on our network. In addition, we use firewall to block unauthorized access from the outside, and we try to equip all possible technical devices to secure our system.

7.3. Limiting Access to Your Personal Information

To reduce the risk of security breach, we are limiting access to personal information of our Users to only those employees who are specifically trained for handling of such information. We also change the password to the access periodically and place emphasis on the importance of safeguarding the personal information and compliance with applicable laws and policies by training our employees on a regular basis.

7.4. Special Force Dedicated for Protection of Personal Information

We have a special task force dedicated solely for protection of personal information of our Users. We continuously monitor our compliance with applicable laws and regulations and we strive to correct any breach or problem immediately upon notice.

8. RESPONSIBLE PERSONNEL

We have designated the following persons as administrators of personal information that we collect and process. You many direct your inquiries or complaints on our processing of your personal information to them. You may contact the below named administrators with all your inquiries on personal information. We will attempt to respond to your inquiries in a timely manner.

8.1. Personal Information Administrator

• Name: Jihoon Kang
• Title: Director
• E-MAIL: privacy@eineblu.me

8.2. Relevant Agencies

You may also contact the following agencies to report any personal information breach or other related inquiries.

• Privacy Infringement Report Center (http://www.118.or.kr, or dial 118)
• Cyber Crime Investigation Unit, Supreme Prosecutor’s Office (http://www.spo.go.kr, or dial 1301)
• Cyber Terror Response Center, National Police Agency (http://www.ctrc.go.kr, or dial 182)

9. APPLICABILITY OF THIS PRIVACY POLICY

Please note, this Privacy Policy does not apply to any personal information collected by other websites that you may access through the links provided on our services.

10. NOTIFICATION OF CHANGES TO THIS PRIVACY POLICY

We will provide at least 7 days prior notice, either on the notice tab on our Website or via E-mail, for any planned changes or modifications to this Privacy Policy. Any changes will be effective as of the effective date on the notice. If, however, we make any changes to signification provisions such as the purposes for collecting and using personal information about you and the circumstances on which we share such information with third parties, then we will provide at least 30 days prior notice for such signification changes. If any changes require your prior consent under applicable laws, including, without limitation, the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and Personal Information Protection Act, then we will request your consent prior to making any such changes.

11. YOUR DATA PROTECTION RIGHTS UNDER GDPR

We make the following efforts to comply with the EU GDPR (General Data Protection Regulation, “GDPR”).

• GDPR awareness raising activities
• Perform data protection impact assessment
• Ensuring User Rights
• Report and Notification of Personal Data breach

11.1. GDPR awareness raising activities

We are committed to companywide efforts and attention to complying with the GDPR. We identify the impact GDPR will have on our organization and are committed to complying with GDPR on a job-by-job basis by:

• Participating Department: Customer Management, Human Resources, Finance, Marketing, System Development, etc.
• Surveys of employees on privacy knowledge levels
• Official declaration of management's commitment to comply with GDPR
• Encourage participation in GDPR conferences and seminars
• Manage check list of departmental performance items

11.2. Data Protection Impact Assessment

We conduct a data protection impact assessment if the following situations are likely to pose a high risk to the rights and freedoms of natural persons as provided by GDPR.

• Rating or grading
• Automated decision making with legal or similarly important effects
• Monitoring using the system
• Sensitive Information
• Information Processing at Scale
• Linked or combined set of information
• Information on Vulnerable Data subjects
• User Rights Guarantee

11.3. User Rights Guarantee

We are committed to ensuring the Right to Delete (Right to Be Forgotten) as defined by GDPR. The data subject has the right (delete right) to request the deletion of personal data related to him.

• When personal data is no longer needed for the purpose of collection or processing
• When the data subject withdraws consent for the processing of personal data and there is no legal basis for processing the personal data
• When the data subject opposes the processing of personal data pursuant to Article 21 (Right to object), Paragraph 1 of GDPR, and there is no justifiable reason to override the processing of related personal data, or the data subject opposes to direct marketing pursuant to Article 21, Paragraph 2 of GDPR
• When personal data is illegally processed
• When personal data needs to be deleted to comply with EU or EU member state legislation
• When personal data has been collected in connection with the provision of information and social services to children

11.4. Restrictions to the Right to Be Forgotten

However, we can reject a delete request if one of the following is true:

• For the exercise of the right to freedom of expression and information
• To comply with legal obligations of the EU or EU Member States, to perform public affairs, or to exercise public authority granted to us
• For public health purposes
• For public record keeping and scientific or historical research and statistical purposes
• For the purpose of demonstrating, exercising or defending a legal claim
• Right to move personal data

11.5. Report and Notification of Personal Data Breach

We will report to the supervisory authority within 72 hours of becoming aware of a breach if any of the following infringements occur that could pose a risk to an individual's rights and freedoms:

• Discrimination
• Reputation damage
• Financial loss
• Secret leakage
• Other significant economic and social disadvantage risks

When there is a high risk of the freedom and rights of the data subject, the data subject is notified without delay.

12. YOUR DATA PROTECTION RIGHTS UNDER CCPA

If you are a California of USA resident, this Section shall apply only to the extent and when we are regulated under the California Consumer Privacy Act (the “CCPA”), as a business (as defined in the CCPA). [note: we may not be eligible as a business under CCPA until it satisfies some thresholds.]

12.1 Consumer Information Collected

We may collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with particular California residents, devices or households ("consumer information").

12.2 Use of Consumer Information

We may use consumer information for the business or commercial purposes and in the manner described in this Privacy Policy with respect to Personal Information.

12.3 Disclosures of Consumer Information for a Business Purpose

We may disclose your consumer information described above to a third party for a business purpose, as described in this Privacy Policy with respect to Personal Information of the following categories of consumer information under CCPA:

• identifiers
• personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
• internet or other similar network activity

12.4 Sales of Consumer Information

In the preceding twelve (12) months, we have not sold, and we do not and will not sell, consumer information that is subject to this Privacy Policy.

12.5 California Residents’ Rights and Choices

The CCPA provides California residents with specific rights regarding their consumer information. This Section 12.5 describes your CCPA rights (to the extent applicable to you) and explains how to exercise those rights.

1. Access to Specific Information and Data Portability Rights

   You may have the right to request that we disclose certain information to you about our collection and use of your consumer information over the past 12 months. Once we receive and confirm your verifiable consumer request (in the manner described in Section 12.6 below), to the extent required by the CCPA, we will disclose to you.

2. Deletion Request Rights

   You have the right to request that we delete any of your consumer information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable request from you (if you are a California resident) in the manner described in Section 12.6 below (“verifiable consumer request”), we will delete (and direct our service providers to delete) your consumer information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for our or our service provider(s)’ legitimate business purposes.

12.6 Exercising Access, Data Portability, and Deletion Rights

1. To exercise the access, data portability, and deletion rights described in Section 12.5 above, please submit a verifiable consumer request to us by either: (1) calling us at the number notified in this Privacy Policy (2) visiting our website; or (3) contacting us. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your consumer information.
2. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing.

12.7 Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including, unless permitted by the CCPA, by:

1. denying you goods or services
2. charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
3. providing you a different level or quality of goods or services
4. suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services

13. YOUR DATA PROTECTION RIGHTS UNDER DPB(India)

If you are a citizen of India, this Section shall apply only to the extent and when we are regulated under the (Personal) Data Protection Bill (the “DPB”).
You have the following rights:

13.1 Rights to Information

You have the rights to know what information we have collected on you.

13.2 Rights to Correction and Erasure

You have the rights to know the purpose for which we used your information. You also have the right to request the correction of inaccurate, incomplete, or misleading information, and to request an update of your data.

13.3 Rights to Portability

You have the right to request whatever data has been collected by us in a commonly used and machine-readable format.

13.4 Rights to be Forgotten

You have the right to request a restriction to our continued use or processing of personal data, and to request an end to your data being processed if the purpose of collecting the data is no longer being served.

14. YOUR DATA PROTECTION RIGHTS UNDER DPA(Philippines)

If you are a citizen of Philippines, this Section shall apply only to the extent and when we are regulated under the Data Privacy Act of 2012 (the “DPA”).
You have the following rights:

14.1 Rights of Data Subject

You are entitled to:
(a) be informed whether personal information pertaining to you shall be, are being or have been processed;
(b) be furnished the information how your personal information is processed by us before the entry of your personal information into the processing system;
(c) reasonable access to, upon demand, the contents of your personal information that were processed; the source of collection, the manner of processing or other information;
(d) dispute the inaccuracy or error in the personal information;
(e) suspend, withdraw or order the blocking, removal or destruction of your personal information from our filing system.

14.2 Transmissibility of Rights of the Data Subject

Your lawful heirs and assigns may invoke your rights of the data subject.

14.3 Rights to Data Portability

If applicable, you have the right to obtain from us a copy of data undergoing processing in an electronic or structured format.