Privacy Policy

Apposter (hereinafter the “Company”) herewith discloses the Privacy Policy of the Company to protect your personal information and help you address privacy related issues promptly and smoothly. 

Article 1. General Provisions
The Company complies with related laws such as the Personal Information Protection Act, the Act on Promotion of Information and Communication Network Utilization and Information Protection, and the Act on the Use and Protection of Credit Information for the protection of members' personal information.

Article 2. Consent to the Processing of Personal Information
The company is going through a procedure for agreeing to the terms of service and privacy policy in the membership registration process. The member conveys his/her consent to the company by directly entering an indication to the effect of ``I agree to this privacy policy'' on the website, etc., and the company considers that the member has read and fully agreed to this privacy policy.

Article 3. Purpose of Processing Personal Information
The Company is processing personal information of members for the reasons in the following and do not use it for other purposes.
① Member management: Member identification and verification, notification and announcement delivery to members
② Member counseling: Member counseling and complaint reception and handling, reporting of customer service result
③ Provision of service: Provision of service, improvement in service quality, prevention of fraudulent use of service, development of new service/technology, provision of customized service
④ Marketing, advertisement and PR: Delivery of advertisement information about the service

Article 4. Items of Collected Personal Information and Collection Method
The Company collects minimum personal information needed to use the service provided by the company. When the Company needs additional personal information for service provision, the Company will obtain separate consent for that explicitly.
① When signing up for membership: User name, e-mail address, password
- Member identification and verification, notification and announcement delivery to members
② When using the service: IP Address, cookie, connection logs, service usage record
- Provision of service, improvement in service quality, prevention of fraudulent use of service, development of new service/technology, provision of. Customized service    
- Health Connect
1) Information clearly and accurately describing the types of data accessed, requested, and/or collected 
The TIMEFLIK app collects only the StepsCadence/Steps data type from Health Connect on your mobile device. This data is used to enhance your experience by displaying real-time step counts on your watch face and enabling dynamic design updates (e.g., color changes or animations based on activity). This is directly linked to TIMEFLIK’s core function of providing personalized Wear OS watch face experiences.
2) Description of how the data is used and/or shared
The collected StepsCadence/Steps data is used solely for real-time activity tracking and dynamic watch face customization (e.g., color changes or animations based on step counts). TIMEFLIK does not use this data for secondary purposes such as advertising, data sales, or syncing with incompatible platforms. Data is not shared with third parties unless explicitly consented by the user for security or legal compliance purposes, with all such cases transparently disclosed in our Privacy Policy.
3) User help documentation explaining how users can manage or delete their data and what happens to data when an account is deactivated and/or deleted
You can manage or revoke Health Connect permissions anytime via the app’s Settings > Permissions menu. To delete your data, go to Settings > Data & Privacy > Clear Health Data, where you can remove StepsCadence/Steps data. If you deactivate or delete your account, all associated health data will be permanently erased from our servers within 30 days, as outlined in our Privacy Policy accessible in the app.
4) Information related to the secure handling of all personal and sensitive user data, such as using the latest encryption technologies (e.g., HTTPS connections) for transmission
TIMEFLIK ensures the secure handling of your personal and sensitive data, including StepsCadence/Steps, by using the latest encryption technologies like HTTPS for all data transmissions. Data is stored securely on our servers with strict access controls, and we adhere to industry standards to protect against unauthorized access, loss, or disclosure. For more details, please refer to our Privacy Policy within the app.
③ When using content transaction and settlement: account number, bank name, account holder
- Identification of seller, confirmation of transaction and settlement information, payment of settlement amount

Article 5. Period of Retaining and Utilizing Collected Personal Information
① The Company processes and retains personal information for the duration provided for by relevant statutes for the retention and use of personal information or the period to which each data subject consents when personal information is collected. 
② If a user terminates the service or loses their user qualification, the company will delete and destroy the collected user's information without delay, even if there is no separate request. However, despite the termination of membership or loss of user qualification, the following information will be retained for the reasons stated below.
a. When there is an on-going inquiry or investigation regarding violation of related legislation: until the termination of the inquiry/investigation
b. When there is remaining claim-obligation relationship regarding use of website, etc.: until the end of calculation of the claim-obligation relationship
③ The Company may disable accounts where the user has not logged in for more than ninety (90) days. If the account has been dormant for one (1) year, the Company deletes the account and may destroys the user’s personal information. The Company will give notice thirty (30) days prior to deleting a user account and discarding personal information. 
④ The Company can own personal information as per the following related legislation.
a. Record about payment and supply of commodities(5 years): Act on the Consumer Protection in Electronic Commerce, etc.
b. Record about contract or subscription withdrawal(5 years): Act on the Consumer Protection in Electronic Commerce, etc.
c. Record about customer dissatisfaction or trouble processing(3 years): Act on the Consumer Protection in Electronic Commerce, etc.
d. History of display advertising(6 months): Act on the Consumer Protection in Electronic Commerce, etc.
e. Record about electronic transaction(5 years): Electronic Financial Transactions Act
f. Record about website visit(3 months): Protection of Communications Secrets Act
g. Record about credit information collection/processing and use(3 years): Credit Information Use and Protection Act

Article 6. Provision of Personal Information to Third Party
① The company may provide personal information to a third party or use it for other purposes only when it obtains the consent of the member and when provision to a third party is permitted in accordance with related laws according to Articles 17 and 18 of the Personal Information Protection Act.
② It is possible to use personal information for other purposes or provide personal information to the third party without consent of member in accordance with the related legislations in the following situations:
a. When it is needed for utilization fee calculation for charged service
b. When the provision is for purposes such as academic study, statistics, etc. and is in a form that cannot identify typical individual
c. When it is needed for crime investigation and prosecution and its maintenance
d. When it is needed for the trial of the court
e. When there is special regulation in the law such as Other Personal Information Protection Act, Act on Real Name Financial Transactions and Confidentiality, Credit Information Use and Protection Act, Framework Act on Telecommunication, Telecommunications Business Act, Local Tax Act, Consumer Protection Act, Bank of Korea Act, and Criminal Procedure Act.

Article 7. Personal Information Consignment Processing
The company entrusts the following personal information processing tasks for smooth personal information processing.
-Consignee: Amazon Web Services, Inc
-Managed Work: Infrastructure management for service provision and analysis

Article 8. Rights, Obligations, and Methods of Exercise of information subject
① Member can exercise one’s rights regarding personal information protection of the following:
a. Browsing of personal information
b. Demand for correction of personal information due to error, etc.
c. Elimination of personal information
d. Cessation of processing of personal information
② Members can exercise rights regarding Paragraph 1 through letter, phone call, email, FAX, and other ways. The Company manages member’s inquiries without delay.
③ In the case that a member demanded for correction of error or deletion of personal information, the Company does not use or provide that personal information until correction or deletion is done.
④ Members should not invade privacy of the information subject of the personal information processed by the Company or others in violation of related laws such as the Personal Information Protection Act.

Article 9. Destruction of Personal Information
① The Company destroys the personal information without delay when the personal information becomes unnecessary, such as the elapse of the personal information retention period or the achievement of the processing purpose.
② In case that personal information must be preserved due to different legislation despite the elapse of the personal information retention period agreed by the member or the achievement of the processing purpose, that personal information is moved to a separate database (DB) or preserved in a different storage place.
③ Following is the process and method of personal information destruction:
a. Destruction Process: The Company selects the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the Company's personal information protection manager.
b. Destruction Method: The Company destroys personal information recorded and stored in the form of electronic files using technical methods so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.

Article 10. Effort for Personal Information Protection
① The Company puts best effort to protect personal information of members safely, thus, protecting personal information more safely than the level required by the Act on Promotion of Information and Communications Network Utilization and Information Protection and Personal Information Protection Act through the method determined in this article.
② Personal information of the member is encrypted. In addition to passwords, unique identification numbers, account numbers, and card numbers that require encryption by law, e-mail addresses and mobile phone numbers are additionally encrypted and stored.
③ We maintain the number of personal information handlers to a minimum. We manage employees who handle personal information to a minimum, and continue to emphasize that the protection of members' personal information is the most important value through regular and occasional training for personal information handlers.
④ To prevent leakage and damage of personal information due to hacking or computer viruses, security programs are installed, periodic updates and inspections are performed. Systems are installed in areas where access from the outside is restricted, and technically and physically monitored and blocked.
⑤ Documents containing personal information, auxiliary storage media, etc. are stored in a safe place with a locking device.
⑥ We have a separate physical storage place where personal information is stored, and access is controlled.
⑦ The company takes various security measures to protect sensitive health data. Sensitive information is encrypted using AES-256-GCM and is used only to display step counts on the watch face. This data is not stored on the server.

Article 11. Matters Concerning the Installation, Operation and Rejection of Automatic Personal Information Collection Devices
① The Company uses cookie that store and retrieve usage information from time to time in order to provide individual customized services to members.
② Cookie is a small amount of information that the server (http) which is used for operation of a website and other purposes sends to a member’s computer browser. It can be stored on a hard disk within a member’s PC computer.
a. Purpose of usage of cookie: It is used to provide optimized information to members by identifying the types of visits and usage, popular search terms, secure access, etc. for each service and site visited by members.
b. Rejection of installation/operation of cookie
  •Web browser: Rejection for saving cookie can be done by clicking on Tool > Internet Option > Personal Information Option on the upper part of the web browser.
  •Chrome: Rejection for saving cookie can be done by clicking on Icon “ “ > Setting > Advanced > Content Setting in the personal information section > Cookies and other site data on the upper part of Chrome
  •Android: Rejection for saving cookie can be done by clicking on Android browser (internet icon) > Menu > Setting > Personal Information Protection and Security > Cookies. 
  •iPhone: Rejection for saving cookie can be done by clicking on iPhone Setting app > Safari > Personal Information Protection and Security.
③ The use of service provided by the Company is limited when a member rejects saving cookie.

Article 12. Privacy Policy Change and Notice Obligations
① If there is any addition, deletion, or modification of the contents of this Privacy Policy, the Company will notify you in advance through the website or app at least seven (7) days prior to the revision and notify you individually.
② When there is a significant change in the rights of members, such as changes in the items of personal information to be collected and the purpose of use, we will notify and notify at least 30 days in advance through the website or app, and the member's consent will be obtained again.

Article 13. Transfer of personal information due to business transfer, etc.
If the company transfers personal information to another person due to the transfer or merger of all or part of the business, the company must notify the member in advance of the following matters by way of notice, announcement, and other ways.
① The fact that personal information is being transferred
② Name (if it’s a corporation, the name of the corporation), address, phone number and other contact information of the person who is receiving personal information.
③ Methods and procedures that can be taken if the information subject does not want to transfer personal information

Article 14. Compliance to GDPR Compliance
① The Company processes personal data in compliance with Personal Information Protection Act of the Republic of Korea, however, for users residing in the EU, the Company abide by the EU General Data Protection Regulation (GDPR).
② The Company processes personal information based on the following principles that the personal data shall be:
a. Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
b. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d. Accurate and, where necessary, kept up to date;
e. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
f. Processed in a manner that ensures appropriate security of the personal data.
g. In compliance with the GDPR and the Company is responsible for the compliance and shall take necessary measures to demonstrate its compliance. 
③ The users may exercise the following rights:
a. The right to get information about the processing of personal data, including who requested it, for what purposes and how the data will be used, etc., in a clear and concise manner.
b. The right to access personal information/ obtain access to the personal data held about you
c. The right to ask for incorrect, inaccurate or incomplete personal data to be corrected.
d. The right to request deletion of personal information;
e. The right to suspend or limit processing personal information.
f. The right to receive personal data in a particular format and, when technically possible, send it to another controller.
g. The right to object to the processing of personal data.
h.The right to request necessary information in case the Company makes decision based on automated processing.

Article 15. Person in Charge of personal information protection
① The Company is responsible for the handling of personal information and appoints the person in charge of personal information protection as follows for the administration of complaints and damage relief of the information subject related to the processing of personal information.
  • Person in Charge of Personal Information Protection
  - Name: Sunghyun Kyung
  - Position: CEO
  - Phone Number: +82-2-538-0333
  - Email: apposter@apposter.com
② Members may contact the person in charge of the personal information protection and/or administrative department for information regarding all personal information protection, complaint management, and damage relief. The Company replies and manages member’s inquiries without delay.

Article 16. Remedy for Infringement of Rights and Interests
Members can contact the following organizations for damage relief, consultation, etc. for personal information infringement.
• Personal Information Infringement Reporting Center (Operated by Korea Internet & Security Agency (KISA))
  - Task in Charge: Report and consultation application of personal information infringement
  - Website: privacy.kisa.or.kr 
  - Phone: (without national number) 118
  - Address: (58324) 9, Jinheung-gil, Naju-si, Jeollanam-do, Republic of Korea, 3rd floor
Personal Information Infringement Report Center
• Personal Information Dispute Mediation Committee
  - Task in Charge: Personal information dispute mediation application, collective dispute mediation (civil settlement)
  - Website:  www.kopico.go.kr 
  - Phone: (without national number) 1833-6972
  - Address: (03171) 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea

• Supreme Prosecutors’ Office (SPO) Cybercrime Investigation Department: +82-2-3480-3573 (www.spo.go.kr)
• Korean National Police Agency Cyber Bureau: 182 (http://cyberbureau.police.go.kr)


(Addendum) This policy will be effective from June 27, 2024. The previous policy is superseded by this policy.