Flydrop (hereinafter referred to as "the Company") establishes and discloses this privacy policy to protect the personal information of data subjects in accordance with the "Personal Information Protection Act" and to handle related complaints promptly and smoothly.


Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The processed personal information will not be used for any purposes other than the following, and in case of any changes to the purpose of use, necessary measures will be taken, such as obtaining separate consent in accordance with the "Personal Information Protection Act."

1. Website membership registration and management
The Company processes personal information for the purpose of confirming membership registration, verifying and authenticating the member's identity for the provision of membership services, maintaining and managing membership qualifications, preventing unauthorized use of services, confirming the consent of legal representatives for the processing of personal information of children under the age of 14, providing various notices, and handling complaints.

2. Handling of Complaints and Inquiries
The Company processes personal information for the purpose of confirming the identity of the complainant, verifying the details of the complaint, contacting and notifying for fact-finding purposes, and notifying the results of processing.

3. Provision of Goods or Services
The Company processes personal information for the purpose of providing services, providing content, providing customized services, verifying identity and age, and processing payment.

4. Utilization of Marketing and Advertising
The Company processes personal information for the purpose of developing new services (products) and providing customized services, providing information on events and promotional activities, providing opportunities to participate in such events, providing services and displaying advertisements based on demographic characteristics, confirming the validity of services, and generating statistics on the frequency of access or the use of services by members.


Article 2 (Processing and Retention Period of Personal Information)
① The Company processes and retains personal information within the period of time stipulated by law for the retention and use of personal information or within the period agreed upon with the information subject when collecting personal information.
② The processing and retention periods for each type of personal information are as follows:
1. Membership registration and management on the website: 5 years
2. Handling of complaints and inquiries: 3 years
3. Provision of goods or services: 5 years
4. Utilization of marketing and advertising: 6 months


Article 3 (Items of Processed Personal Information)
The Company processes the following personal information:
1. Membership registration and management on the website : Email address
2. Handling of complaints and inquiries : Email address
3. Provision of goods or services : Email address, nickname, service usage history, payment history
4. Utilization of marketing and advertising : Email address, service usage history, payment history


Article 4 (Handling of Personal Information of Children Under the Age of 14)
1. When collecting personal information from children under the age of 14, the company obtains the consent of their legal guardian and collects the minimum amount of personal information necessary for the provision of the service.
- Required items: Name of legal guardian, relationship, contact information.
2. In addition, when collecting personal information of children for the purpose of advertising related to the company's services, separate consent is obtained from the legal guardian.
3. When collecting personal information of children under the age of 14, the company may request the minimum information necessary from the child, such as the name and contact information of the legal guardian, and confirms whether the legal guardian has consented through one of the following methods:
- Displaying the consent form on the website and having the legal guardian indicate their consent, and notifying the legal guardian of the confirmation of the consent through a text message to their mobile phone.
- Displaying the consent form on the website and having the legal guardian indicate their consent, and obtaining the legal guardian's card information, such as credit card or debit card.
- Issuing a written consent form directly to the legal guardian or sending it by mail or fax, and having the legal guardian sign and submit the consent form.
- Sending an email with the consent form and receiving an email from the legal guardian indicating their consent.
- Informing the legal guardian of the consent form and how to confirm their consent through phone call or website, and obtaining their consent through a follow-up phone call.
- Other similar methods of informing the legal guardian of the consent form and confirming their consent.


Article 5 (Matters related to the outsourcing of personal information processing)
① The company may entrust the processing of personal information to a third party for smooth handling of personal information tasks.
② When entering into an outsourcing contract, the company specifies matters related to the prohibition of processing personal information beyond the purpose of performing the entrusted task, technical/managerial protection measures, restrictions on re-entrustment, management and supervision of subcontractors, liability for damages, etc. in a contract or other documents in accordance with Article 26 of the Personal Information Protection Act, and monitors whether the subcontractor processes personal information securely.
③ If the content of the entrusted task or the subcontractor changes, the company will promptly disclose such changes through this privacy policy.


Article 6 (Procedure and method of personal information destruction)
① The company destroys personal information without delay when it becomes unnecessary due to the expiration of the retention period or the achievement of the processing purpose.
② If personal information must be retained under another law despite the expiration of the retention period agreed upon with the data subject or the achievement of the processing purpose, the company shall transfer the relevant personal information to a separate database or store it in a different location.
③ The procedure and method of personal information destruction are as follows:
1. Procedure of destruction
The company selects personal information for destruction and obtains approval from its personal information protection manager before destroying the personal information.
2. Method of destruction
The company destroys electronically recorded personal information in a manner that makes it impossible to restore the records, and destroys personal information recorded and stored on paper by shredding or incinerating it.


Article 7 (Measures for Disposal of Personal Information of Non-Users)
① The company shall convert users who have not used the service for one year into dormant accounts and separately store their personal information. The separately stored personal information shall be destroyed without delay after one year of storage.
② The company informs users who are about to become dormant members of the fact that their personal information is separately stored, the date of dormancy, and the personal information items that are separately stored by email, text message, or other means of notification that can be sent to users up to 30 days prior to the transition to dormancy.
③ If you do not wish to convert to a dormant account, you can log in to the service before the transition to a dormant account. In addition, even if the account is converted to a dormant account, you can restore the account and use the service normally with the user's consent if you log in.


Article 8 (Rights and Obligations of Data Subjects and Legal Representatives and the Method of Exercising Them)
① Data subjects may exercise their right to access, correct, delete, and request the suspension of processing of their personal information at any time against the company.
② The exercise of the rights under paragraph 1 may be made in writing, by electronic mail, etc. to the company in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the company shall promptly take measures in response.
③ The rights under paragraph 1 may be exercised through a legal representative or an agent who has been delegated. In this case, a power of attorney must be submitted.
④ The right to access and request the suspension of processing of personal information may be limited by law.
⑤ If personal information is specified as a collection target in other laws, the request for correction and deletion of personal information cannot be made.
⑥ The company confirms whether the person who requests access, correction/deletion, or suspension of processing of personal information under the data subject's rights is the person himself or a legitimate representative.


Article 9 (Measures for Ensuring Security of Personal Information) The company takes the following measures to ensure the security of personal information:
1. Administrative measures: establishment and implementation of internal management plans, operation of a dedicated organization, regular employee education
2. Technical measures: management of access to personal information systems, installation of access control systems, encryption of personal information, installation and update of security programs
3. Physical measures: access control of computer rooms, data storage rooms, etc.


Article 10 (Installation, Operation and Refusal of Automatic Collection Device for Personal Information)
The company does not use "cookies" that store and retrieve usage information of the information subject.


Article 11 (Collection, Use and Refusal of Behavioral Information)
The company does not collect, use or provide behavioral information for online personalized advertising, etc.


Article 12 (Criteria for Additional Use and Provision) ① The company may use and provide personal information additionally without the consent of the information subject in consideration of the "Personal Information Protection Act." Item Purpose of Use and Provision Retention and Use Period
Nickname, Email Regularly providing additional service-related information Immediate destruction upon achievement of the purpose
② In order to use and provide personal information additionally without the consent of the information subject, the company has considered the following:
▶ Whether the purpose of using and providing personal information additionally is related to the purpose of the original collection.
▶ Whether there is predictability for additional use and provision based on the circumstances of collecting or processing personal information.
▶ Whether additional use and provision of personal information unreasonably infringes on the interests of the information subject.
▶ Whether the necessary measures for security such as anonymization or encryption have been taken.


Article 13 (Personal Information Protection Manager)
① The company is designating a personal information protection manager as follows to take overall responsibility for personal information processing and handle complaints and remedies related to personal information processing.
■ Personal Information Protection Manager
- Affiliation: Flydrop
- Name: Alexander K
- Contact: contact@airdropper.net
② Information subjects can inquire about all personal information protection related matters including complaints and remedies related to personal information processing that have arisen while using the company's services to the personal information protection manager and the department in charge. The company will respond and process information subject inquiries promptly.