Palette Inc. ("Company") places great importance on users' personal information and complies with relevant laws and regulations.
1. Personal Information Collected
1.1 The company collects only the minimum necessary personal information for service provision.
- 1.1.1 During the use of third-party services linked with the company, we may collect users' SNS accounts, post and advertisement performance data, and ad execution information.
1.2 The company collects personal information through the following methods:
- 1.2.1 Through customer service (webpage, email, fax, phone, etc.)
- 1.2.2 Offline events, seminars, etc.
- 1.2.3 When personal information is provided by affiliated third-party services or organizations
1.3 During service use (on PC, mobile web/app), information such as device info (OS, screen size, device ID, phone model), IP address, cookies, visit timestamps, abnormal usage logs, and service usage history may be automatically collected.
- 1.3.1 Cookies are small text files sent from the web server to the user's browser used to operate the website.
- 1.3.2 Cookies enable the web server to read saved cookies on the user's PC upon return visits and provide a more convenient service by maintaining personalized settings.
- 1.3.3 Users can choose whether to allow cookies through their browser settings to allow all, confirm each time, or reject all cookies.
2. Use of Collected Personal Information
2.1 The company uses personal information for member management, service development, and operation.
- 2.1.1 To provide personalized content based on usage statistics and analysis
- 2.1.2 For marketing and promotions such as event info, participation opportunities, and ad info
- 2.1.3 To build a secure service environment for privacy protection
- 2.1.4 For service improvement, new service development, inquiry handling, and notices
- 2.1.5 To offer third-party integration services such as social media sharing and ad performance analysis
3. Provision and Entrustment of Personal Information to Third Parties
3.1 The company provides users' personal information to third parties for service provision, operation, and development.
| Trustee Company | Entrusted Task | Retention & Use Period |
|---|---|---|
| Google Analytics | User data analysis | Until end of service agreement |
| Meta | Targeted advertising services | |
| Stibee | Email sending service |
3.1.2 When users use external affiliated services, the company may use their personal information within the necessary scope after obtaining their consent.
- 3.1.2.1 The company does not provide personal information collected via affiliates to third parties for purposes such as:
- 3.1.2.1.1 Direct sale or resale of user data
- 3.1.2.1.2 Credit, collateral, or lending
- 3.1.2.1.3 Targeted ads based on internet behavior, interests, demographics
- 3.1.2.1.4 Retargeting, personalized ads, or user-specific ads
- 3.1.2.2 To collect YouTube account data (views, likes, dislikes, comments), the company uses the Google API Client (YouTube Data API). Users can revoke access via Google Third-Party Apps & Services. By using YouTube services, users are considered to have agreed to YouTube and Google’s policies.
- 3.1.2.2.1 YouTube Terms of Service
- 3.1.2.2.2 YouTube Privacy Settings
- 3.1.2.2.3 YouTube API Terms
- 3.1.2.2.4 Google Privacy Policy
3.2 The company may provide personal information in emergencies such as disasters, infectious diseases, life-threatening events, or urgent property loss situations, or when legally obligated.
4. Destruction of Personal Information
4.1 According to relevant laws, the company retains certain data for the following periods:
- 4.1.1 Records of consumer complaints or disputes: 3 years
- 4.1.2 Service visit logs: 3 months
4.2 Personal information is destroyed using non-recoverable methods. Electronic files are securely deleted using technical means, and physical copies are shredded or incinerated.
5. Efforts to Protect Personal Information
- 5.1 Measures against hacking and viruses
- 5.1.1 Systems are installed in restricted areas with access controls, and backups and antivirus software are regularly maintained to prevent leaks or damage.
- 5.2 Minimizing and training personnel handling personal data
- 5.2.1 Only a minimum number of staff handle personal information, and they receive regular training. Password and access controls are strictly managed for systems storing or processing personal data.
6. Personal Information Manager and Department
6.2 For any reports or consultations regarding personal information violations, users may contact the following institutions:
- Personal Information Infringement Report Center: https://privacy.kisa.or.kr / 118
- Supreme Prosecutors' Office Cybercrime Division: https://spo.go.kr / 1301
- Korean National Police Agency Cyber Bureau: https://ecrm.police.go.kr / 182
7. Notification of Policy Revisions
If there are additions, deletions, or changes to this policy, we will notify users at least 7 days in advance. If the changes are significant, such as a change in the type or purpose of personal information collected, we will notify users at least 30 days in advance.
Announcement Date: January 2, 2025
Effective Date: January 2, 2025