Privacy Policy – BRIDGE Lab.

Certainly! Here’s the English translation of the Privacy Policy:

Bridge (hereinafter referred to as the “Company”) establishes and discloses the following Privacy Policy to protect the personal information of data subjects using ‘Product’ (hereinafter referred to as the “App”) in accordance with applicable laws and to handle related issues quickly and efficiently.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes:

Membership Registration and Management: To confirm membership intention, identify and authenticate users, maintain and manage membership status, prevent unauthorized use of services, and provide various notifications.
Provision of Goods or Services: To provide services, deliver contracts/invoices, provide basic and customized services, perform identity and age verification, process payments, and handle debt collection.
Grievance Handling: To verify the identity of data subjects, confirm complaints, contact for fact-finding, and notify of processing results.
Marketing and Advertising: To provide tailored advertisements, offer event participation opportunities, and compile statistics on service usage (optional).
Service Improvement and Development of New and Customized Services.
Processing of Pseudonymized Information for Statistical Compilation, Scientific Research, and Public Record Preservation.

Article 2 (Personal Information Items Processed)

The Company collects and processes the following personal information items from users of the App:

Basic Information Collected at Registration (Required): Email, nickname.
Additional Information Provided Based on the Chosen Registration Method:

Method	Partner Company	Collected Items
Google	Google	Email, name, profile image
Apple	Apple	Email

Collected Items for Paid Services:

Credit Card Payment: Card issuer, card number, and payment information.
Bank Transfer: Account holder name, account number, and bank information.
Mobile Payment: Mobile number, telecom provider, and payment information.

Automatically Collected Information During Service Usage: Cookies, service usage records (visit records, records of improper usage), device information (phone model, OS name and version), advertising identifiers, etc.
Grievance Handling: Required information among the items listed above is collected and processed.

Article 3 (Retention and Processing Period of Personal Information)

The Company promptly destroys personal information upon membership cancellation or upon achieving the processing purpose. However, if the Company terminates the service usage contract per the Terms of Service, it will retain user information for one year to prevent re-registration and unauthorized service usage, after which the information will be immediately deleted.
Notwithstanding the above, the Company retains certain information based on the following legal obligations until the retention period ends:
Service usage-related information (log records): 3 months as required by the Act on Protection of Communications Secrets.
Records on contracts, withdrawal, payments, and goods/services: 5 years per the Act on the Consumer Protection in Electronic Commerce, etc.
Records on customer complaints and dispute resolutions: 3 years per the Act on the Consumer Protection in Electronic Commerce, etc.

Article 4 (Provision of Personal Information to Third Parties)

The Company provides personal information to third parties only with the data subject’s consent or under special provisions of applicable laws such as the Personal Information Protection Act.
The Company may provide pseudonymized information to third parties while complying with the Personal Information Protection Act.

Article 5 (Outsourcing of Personal Information Processing and Cross-Border Transfers)

The Company outsources certain tasks to external parties to facilitate efficient personal information processing as follows:

Contractor	Task Description
Google Inc. (Google Cloud Platform)	Data storage, provision of cloud services

The Company outsources certain tasks to overseas servers for efficient processing of personal information as follows:

Google Inc. (Google Firebase, Google Analytics Services)

Transferred Data: App store/version, country of residence, language settings, device model information, service access time/usage history, etc.
Country: United States
Address and Contact Information: 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA, +1-650-253-0000
Transfer Timing and Method: Transmitted via network at the time of service usage.
Purpose of Use by Recipient: Collection and analysis of app usage history and crash data.
Retention Period: 14 months post-collection.

Users may refuse consent for the cross-border transfer of personal information as described above; however, this may limit their ability to register and use the service.

Article 6 (Use and Provision of Personal Information Within Reasonable Scope of Collection Purpose)

The Company may use or provide personal information to third parties within the scope reasonably related to the initial collection purpose, based on the following criteria:

Relevance to Initial Collection Purpose: Whether the additional purpose aligns with the nature or trend of the initial purpose.
Predictability Based on Collection Circumstances or Practices: Considering factors like the relationship between the data controller and subject, technological advancements, and established practices over a significant period.
Impact on Data Subject’s Rights: Whether the data subject’s interests are materially infringed in relation to the additional purpose, and if so, whether this infringement is unjust.
Implementation of Safeguards: Whether safety measures, such as pseudonymization or encryption, are in place to mitigate potential risks.

Article 7 (Rights and Obligations of Data Subjects and Exercise Methods)

Users may exercise their rights to view, correct, delete, and suspend the processing of their personal information at any time.
The exercise of rights under Paragraph 1 can be carried out via written, electronic mail, or other means as prescribed by Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will act on these requests without delay.
The exercise of rights under Paragraph 1 may be conducted through the user’s legal representative or a delegated person. In such cases, a power of attorney as per the guidelines on the processing of personal information must be submitted.
Rights to view, correct, delete, and suspend processing of personal information may be restricted under relevant laws, such as Articles 35(4), 36(1), and 37(2) of the Personal Information Protection Act.
Requests for deletion or correction of personal information may be refused if such data is explicitly collected under other laws.
The Company verifies that the requester is the user or a legitimate representative before responding to requests for access, correction, deletion, or suspension of processing.

Article 8 (Destruction of Personal Information)

The Company promptly destroys personal information when it becomes unnecessary due to expiration of the retention period or achievement of processing purposes.
In cases where the retention period has expired or the purpose of processing has been achieved but personal information must be retained per Article 3, the Company stores it in a separate database (DB) or a different storage location.
Procedures and methods for destroying personal information are as follows:
Destruction Procedure: The Company identifies personal information to be destroyed, obtains approval from the Personal Information Protection Officer, and then destroys it.
Destruction Method: The Company uses technical measures to prevent the recovery of electronically stored information and shreds or incinerates paper records.

Article 9 (Measures to Ensure Security of Personal Information)

The Company takes the following measures to secure the safety of personal information:

Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
Technical Measures: Encryption of passwords, installation of security programs, etc.

Article 10 (Installation, Operation, and Refusal of Automatic Information Collection Devices)

The Company uses cookies to provide users with personalized services. Cookies are small amounts of information sent by the website server to users’ browser and may be stored on the user’s PC hard disk.

Purpose of Using Cookies: To analyze user access frequency, visit times, and service usage patterns, track user movements, determine secure access, manage security, improve services, and develop new and customized services.
Installation, Operation, and Refusal of Cookies: Users may choose whether to allow cookies. Users can configure their browser settings to accept all cookies, confirm each time cookies are saved, or refuse all cookies.
Refusing cookies may result in difficulties using certain services requiring login.

Article 11 (Personal Information Protection Officer)

The Company appoints a Personal Information Protection Officer to oversee personal information processing and to address complaints and provide relief to data subjects.

Personal Information Protection Officer

Name: Dukhyun Lee
Position: CEO
Contact Information: dukhyun.lee@brdg.kr

Data subjects may contact the Personal Information Protection Officer or the responsible department regarding any personal information-related queries, complaints, or relief requests arising from using the Company’s services. The Company will respond promptly and process inquiries.

Article 12 (Amendment of Privacy Policy)

This Privacy Policy may be amended due to changes in relevant laws or internal policies. Amendments will be announced through the “Notice” section of the service at least 7 days prior to enforcement, or 30 days prior for significant changes in data subject rights, such as collection and use of personal information.

Supplementary Provisions (February 1, 2024)

This Privacy Policy takes effect on February 1

, 2024.

Let me know if you need further customization or clarification!