개인정보 처리방침 | lavarwave | Global Total Safety Platform

Lavarwave Co., Ltd. (hereinafter “Lavarwave,” https://www.lavarwave.co.kr and https://www.lavarwave.com) establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act of the Republic of Korea to protect the personal information of data subjects and to ensure prompt and efficient handling of related inquiries or complaints.

Lavarwave is a company located in the Republic of Korea. Accordingly, this Privacy Policy applies not only to data subjects who use Lavarwave’s services within Korea, but also to those who access the Lavarwave websites (.co.kr, .com, etc.) from overseas—including the United States, China, and other regions—for consultation or service agreements.

Article 1 (Purpose of Processing Personal Information)

1. Lavarwave processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those specified below. If the purpose of use is changed, Lavarwave will take necessary measures—such as obtaining separate consent—in accordance with Article 18 of the Personal Information Protection Act.

1. Provision of Goods or Services
Personal information is processed for the purpose of providing customized services (including obscene-video distribution prevention solutions) and for billing and payment settlement.

2. Customer Management
Personal information is processed for the performance of contracts, handling customer complaints, customer support, and delivering important notifications.

3. Marketing and Advertising
Personal information is processed for purposes such as verifying service effectiveness based on demographic characteristics.

4. Processing of Video Information
Personal information is processed for the prevention and investigation of crimes.

5. Provision of Services to Overseas Users
For users who access Lavarwave websites (such as .com) from outside Korea—including the United States, China, and other regions—personal information may also be processed for the above purposes: service provision, customer management, marketing and advertising, and support for crime prevention and investigation. In such cases, Lavarwave adheres to the same principles and procedures defined in this Privacy Policy.

Article 2 (Retention and Use Period of Personal Information)

1. Lavarwave processes and retains personal information within the period permitted by applicable laws or within the retention and use period agreed upon with the data subject at the time of collection.

2. The processing and retention periods for each category of personal information are as follows:

1. Provision of goods or services:
Personal information is retained for 5 years after the completion of service provision and payment/settlement, in accordance with the guidelines of the Personal Information Protection Commission. Upon the customer’s request, the information will be destroyed without delay.
However, if any of the following circumstances apply, the information will be retained until the end of the relevant period and then destroyed:

a. Records related to labeling/advertising, contracts, and performance under the Act on Consumer Protection in Electronic Commerce, etc.

Records on labeling/advertising: 6 months
Records on contracts, withdrawal of subscription, payment, and supply of goods/services: 5 years
Contract records: name, address, date of birth, contact information, payment method, payment amount, payment date
Consultation records: gender, contact information, date of birth, mobile device type, incident information, search keywords
Records on consumer complaints or dispute resolution: 3 years

b. Retention of communication confirmation data under Article 41 of the Protection of Communications Secrets Act

Date and time of telecommunications, start/end time, counterparty number, usage volume, originating base station location: 1 year
Computer communication and Internet log records, access-trace data: 3 months

c. When an investigation or inquiry is in progress due to a violation of relevant laws: Retention continues until the completion of such investigation or inquiry.

d. When obligations or claims related to service use remain unresolved: Retention continues until the settlement of such obligations or claims.

3. When the services are used via the website from outside Korea (such as from the U.S. or China), the same retention periods described above are applied, unless otherwise required by foreign laws. However, if the laws of the user’s country explicitly require a different mandatory retention period, Lavarwave may adjust the retention period within that legal scope and will notify users individually or through relevant terms and policies.

Article 3 (Rights and Obligations of Data Subjects and Their Legal Representatives, and Methods of Exercise)

The data subject may, at any time, exercise their rights against Lavarwave to request access to, correction of, deletion of, or suspension of processing of their personal information.
Pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, the exercise of the rights under Paragraph 1 may be made to Lavarwave in writing, by email, fax, or other means. Lavarwave will take necessary measures without delay.
The rights under Paragraph 1 may also be exercised through the data subject’s legal representative or an agent duly authorized by the data subject. In such cases, a power of attorney in the form prescribed in Annex Form No. 11 of the “Public Notice on the Method of Processing Personal Information (No. 2020-7)” must be submitted.
Requests for access or suspension of processing may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act.
Requests for correction or deletion may not be granted where another law explicitly specifies that such personal information must be collected.
When handling requests for access, correction, deletion, or suspension of processing based on the rights of the data subject, Lavarwave will verify whether the requester is the data subject themselves or a legitimate representative.
For data subjects residing outside Korea, such as in the United States or China, if the personal information protection laws of the country of residence provide additional rights, Lavarwave will make reasonable efforts to support the exercise of such rights within the scope permitted by those laws. However, Lavarwave processes personal information based on the laws of the Republic of Korea, and this does not imply that all rights under every country’s legal system are guaranteed.

Article 4 (Items of Personal Information Processed)

Lavarwave collects, uses, and processes the following categories of personal information to the minimum extent necessary for the smooth provision of goods or services.
Information collected for contract execution
Name, email address, mobile phone number, text message records, call records, SNS chat records, email communications, mobile device visit logs, address book (contact list), incident-related videos and photos, and captured images from such videos.
Information necessary for providing contracted services
Internet browsing records, chat records, service usage records, address book (contact list), incident-related videos and photos, and captured images from such videos.
Information required for service fee payment
Card number and expiration date (collected optionally with the data subject’s consent).
In the course of using internet services, the following personal information may be automatically generated and collected:
IP address, cookies, MAC address, service usage records, visit logs, records of improper use, etc.
For users accessing the service from outside Korea, such as from the United States or China, Lavarwave, in principle, collects and uses personal information only within the scope of the items listed above. If additional personal information is required specifically from overseas users, separate notice and consent will be obtained at the time of collection.

Article 5 (Destruction of Personal Information)

Lavarwave shall, without delay, destroy the relevant personal information in accordance with Article 2 of this provision when the retention period of the personal information has expired or the purpose of processing has been achieved, rendering the personal information no longer necessary.
If personal information must continue to be preserved pursuant to other applicable laws, even after the retention period consented to by the data subject has expired or the purpose of processing has been fulfilled, the relevant information will be stored separately by transferring it to a separate database (DB) or designating a different storage location.
The procedures and methods for destroying personal information are as follows:
1. Destruction Procedure
Lavarwave identifies personal information for which a destruction cause has arisen and destroys it upon approval by the company’s Personal Information Protection Officer.

2. Destruction Method
- Personal information in electronic file format is destroyed using technical methods that render the records irrecoverable.
- Personal information printed on paper is destroyed by shredding or incineration.

Article 6 (Outsourcing of Processing of Collected Personal Information)

1. In accordance with Article 28 of the Personal Information Protection Act of the Republic of Korea and other applicable laws and regulations, Lavarwave may outsource part of its personal information processing tasks to third parties to the minimum extent necessary for the provision of the Services. Lavarwave shall impose contractual obligations on such service providers, including security measures, confidentiality obligations, and restrictions and controls on re-outsourcing, and shall supervise their compliance.

Outsourced Service Provider	Scope of Outsourced Processing	Retention / Use Period
Eximbay	Processing of electronic payments such as credit cards, bank transfers, and simple payments, and management of payment-related information	As specified in each payment service provider’s Privacy Policy
GMO Sign	Processing of electronic payments such as credit cards, bank transfers, and simple payments, and management of payment-related information	As specified in each platform provider’s Privacy Policy
Glosign	(Domestic) Creation of electronic signatures, execution of electronic contracts, and storage and management of contract documents	As specified in each platform provider’s Privacy Policy

Article 7 (Provision of Collected Personal Information to Third Parties)

1. Lavarwave uses customers’ personal information only within the scope disclosed under “Items of Personal Information Collected and Methods of Collection,” and shall not use such information beyond that scope or, in principle, provide users’ personal information to third parties without the users’ prior consent.

Article 8 (Measures to Ensure the Security of Personal Information)

1. Lavarwave implements the following measures to ensure the security of personal information:

1. Regular Internal Audits
To secure the stability of personal information handling, Lavarwave conducts regular internal audits (once per quarter).

2. Minimization and Training of Personnel Handling Personal Information
Employees authorized to handle personal information are designated and limited to a minimum number. Lavarwave implements management measures to ensure proper handling through training and restricted access.

3. Establishment and Implementation of an Internal Management Plan
An internal management plan has been established and is implemented to ensure the safe processing of personal information.

4. Technical Measures Against Hacking and Similar Threats
Security programs are installed and regularly updated and inspected to prevent the leakage or damage of personal information caused by hacking or computer viruses. Systems are placed in areas with restricted external access and are subject to technical and physical monitoring and blocking.

5. Encryption of Personal Information
User passwords are encrypted and stored so that only the user can know them. Important data is encrypted during storage and transmission or protected using file-locking and other dedicated security features.

6. Retention and Protection of Access Records
Access logs to personal information processing systems are retained and managed for at least one year. If personal information of 50,000 or more data subjects is added or if unique identification information or sensitive information is processed, access logs are retained for at least two years. Security measures are implemented to prevent the access records from being forged, altered, stolen, or lost.

7. Access Restriction to Personal Information
Access to the database system that processes personal information is controlled through the granting, modification, and revocation of access rights. Unauthorized external access is blocked using intrusion prevention systems.

8. Use of Locking Devices for Document Security
Documents, auxiliary storage media, and similar items containing personal information are stored in secure locations equipped with locking devices.

9. Control of Physical Access by Unauthorized Personnel
Physical storage locations containing personal information are separated and managed through established procedures for access control.

Article 9 (Matters Related to the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

Lavarwave uses cookies to store and retrieve usage information in order to provide users with personalized services.
A cookie is a small piece of data sent from the server (http) operating the website to the user’s web browser, and it may be stored on the user's computer hard drive.
Purpose of Using Cookies
Cookies are used to understand users’ visit histories and usage patterns for each service and website, popular search terms, and whether secure connections are used, in order to provide optimized information to users.
Installation, Operation, and Rejection of Cookies
Users may refuse cookie storage by adjusting the options in their web browser: Tools > Internet Options > Privacy menu.
Consequences of Refusing Cookies
If cookie storage is refused, some personalized services may become difficult to use.

Article 10 (Personal Information Protection Officer)

1. Lavarwave appoints the following Personal Information Protection Officer to take overall responsibility for tasks related to personal information processing, and to handle data subjects’ complaints and remedies related to personal information processing.

Category	Personal Information Protection Officer
Republic of Korea	Position	CISO/CPO
	Name	Junyeop Kim
	Contact	+82-2-1811-9634 administrator@lavarwave.co.kr
Other countries outside the Republic of Korea	Position	CISO/CPO
	Name	Junyeop Kim
	Contact	obd_shoya@lavarwave.co.kr

② Data subjects may contact the Personal Information Protection Officer or the relevant department regarding any inquiries, complaints, or requests for remedies related to personal information protection that arise while using Lavarwave’s services (or business). Lavarwave will respond to and handle such inquiries without delay.

③ Data subjects using the services from outside Korea, including the United States or China, may also request inquiries or exercise their rights regarding personal information through the above contact information, and Lavarwave will respond faithfully within the scope permitted by applicable laws.

Article 11 (Request for Access to Personal Information)

In accordance with the applicable personal data protection laws, data subjects may submit a request to access their personal information to the department listed below. Lavarwave will make every effort to ensure that such requests are processed promptly.

Category	Department in Charge of Receiving and Processing Access Requests
Republic of Korea	Position	CISO/CPO
	Name	Junyeop Kim
	Contact	+82-2-1811-9634 administrator@lavarwave.co.kr
Other countries outside the Republic of Korea	Position	CISO/CPO
	Name	Junyeop Kim
	Contact	obd_shoya@lavarwave.co.kr

Article 12 (Remedies for Infringement of Rights)

1. To seek remedies for damages caused by a personal information breach, the data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency (KISA) Personal Information Infringement Report Center, or other relevant organizations. For reporting or consulting on other personal information infringements, please contact the following agencies:

1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

3. Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)

4. Korean National Police Agency: 182 (ecrm.cyber.go.kr)

2. If a data subject suffers infringement of their rights or interests due to a disposition or omission by the head of a public institution regarding a request made under Article 35 (Access to Personal Information), Article 36 (Correction or Deletion of Personal Information), or Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act, the data subject may file an administrative appeal in accordance with the Administrative Appeals Act.

※ For more details on administrative appeals, please refer to the website of the National Administrative Appeals Committee (www.simpan.go.kr).

3. Data subjects residing outside Korea (e.g., in the United States or China) may file complaints with the personal information supervisory authorities or regulatory agencies of their respective countries. As each country has different organizations and procedures, please consult the relevant guidance provided by the government or supervisory authority of the concerned country.

Article 13 (Changes to the Privacy Policy)

1. This Privacy Policy may be amended due to government policy changes, legal requirements, or the needs of the company. In the event of any additions, deletions, or modifications, such changes will be announced in advance through the website and will take effect from the date of the announcement. However, if significant matters—such as the purposes of collecting and using personal information or the scope of third-party disclosures—are added, deleted, or modified, such changes will be announced at least 30 days in advance on the website.

2. For the convenience of global users, Lavarwave may provide translated versions of this Privacy Policy in English, Chinese, or other languages. In such cases, the translated versions are provided solely for reference to aid understanding; the Korean version of this Privacy Policy shall prevail and take priority in legal effect and interpretation.

Article 14 (Processing and Overseas Transfer of Personal Information for Users Residing Outside Korea)

1. When data subjects residing outside Korea—such as in the United States or China—access Lavarwave’s website (including .co.kr, .com, etc.) to request consultation or enter into a service contract, Lavarwave collects, uses, and retains their personal information in accordance with this Privacy Policy.

2. Personal information collected by Lavarwave may be stored or processed on servers located in the Republic of Korea or on servers operated by cloud service providers contracted by Lavarwave, which may be located either domestically or overseas. Accordingly, the personal information of users residing outside Korea may be transferred to Korea or to a third country.

3. By using Lavarwave’s services or agreeing to this Privacy Policy, data subjects are deemed to have acknowledged and consented to the possibility of such overseas transfers. However, if the data subject’s country of residence requires separate consent or specific notification procedures under its personal data protection laws, Lavarwave will respect such requirements and implement the necessary procedures within a reasonable scope.

4. Lavarwave strives to ensure that personal information transferred overseas is protected at a level that meets or exceeds the standards set forth in this Privacy Policy and applicable laws, by implementing contractual, technical, and administrative safeguards.

5. Lavarwave does not currently maintain any separate corporate entities in the United States, China, or other foreign jurisdictions. Services for overseas users, as well as the processing of their personal information, are performed by Lavarwave’s headquarters located in the Republic of Korea. Users residing abroad may submit inquiries or exercise their rights regarding personal information through the Personal Information Protection Officer and responsible department designated in this Policy.