Privacy Policy

By applying for or using Helloboard services provided through the Helloboard website (hereinafter the "Site") operated by Helloboard (hereinafter the "Company"), you agree to the Helloboard Terms of Service and this Privacy Policy. This Privacy Policy is always posted in a designated space on the Site and, if revised, the changed content and reasons will be announced on the Site so that users can know. Terms used in this Privacy Policy have the same meanings as those in the Helloboard Terms of Service.

1. Purpose of Collection and Use of Personal Information

Civil Service Processing
Processing personal information for identity verification, complaint confirmation, fact investigation, and notification of results.
Provision of Goods or Services
Processing personal information for providing new services, demographic-based services, advertisements, service validation, statistics, authentication, age verification, billing, and collection.
Marketing and Advertising
Processing personal information for providing event and advertising information, participation opportunities, and usage statistics.
Membership Management
Processing personal information for member identification, confirmation of registration intent, content provision, restriction of service for violating terms, prevention of unauthorized use, dispute resolution, and delivery of notices.

2. Personal Information Collection and Use Policy

2.1. Method of Collection

Website, written forms, fax, phone, consultation board, email, event entry
Collection via information generation tools

2.2. Items Collected

Required: Email, contact person name, contact person number, company name, password, mobile phone number, email address, company name
Optional: None
Collection method: Membership page on the site

2.3. Policy for Processing and Use

Collected items: Personal information specified in Section 2
Other items: Cookies, IP info, usage records, visit records, device info (hardware model, OS version, device ID, etc.) may be automatically generated and collected during service use.
Ownership change: In the event of bankruptcy, merger, acquisition, reorganization, or sale of assets, your personal information may be sold or transferred as part of such transaction. This privacy policy will apply to personal information transferred to the new entity.
Access or modification of user information: If you created an account for the Helloboard site, the company provides all users with access and modification functions for the personal information they provided when creating the account. If you wish to delete your account, you can request account deletion after logging in to the site and following the instructions. Unless there is a legal basis for storing personal information such as tax or accounting law compliance, the company will delete or de-identify personal information upon request.
Disclosure and sharing: If necessary to provide Helloboard services, your personal information may be disclosed. The company may also use the information internally to provide or improve services.

3. Provision of Personal Information to Third Parties

The company uses personal information within the scope notified in "2. Personal Information Collection and Use Policy" and does not use or disclose it externally beyond this scope without the user's prior consent. However, exceptions are made in the following cases, and even then, the company provides personal information to the minimum extent permitted by law.
If users have consented in advance
If required by law or for investigation purposes, in accordance with legal procedures and methods
The company provides personal information to third parties as follows: Recipient: AWS (Amazon Web Service), Purpose: Email sending service, Information provided: User email

4. Consignment of Personal Information Processing

Consignee: Google
Consignment work: Schedule management feature in the service
When concluding a consignment contract, the company specifies in the contract or other documents the prohibition of processing personal information for purposes other than consignment work, technical and managerial protection measures, restrictions on re-consignment, management and supervision of the consignee, compensation for damages, etc., and supervises whether the consignee safely processes personal information.
If the content or consignee of the consignment work changes, it will be disclosed without delay through this Privacy Policy.

The company transfers personal information overseas as follows.

Consignee	Country	Time and Method of Transfer	Contact	Items Transferred	Purpose	Retention Period
Amazon Web Services, Inc.	Japan	Transferred over the network at the time of service use	aws-korea-privacy@amazon.com	All personal information collected by the company as specified in the Privacy Policy	Service provision and storage of personal information	Until membership withdrawal

5. Retention and Use Period of Personal Information

In principle, the user's personal information is destroyed without delay when the purpose of collection and use is achieved. However, the following information is retained for the period specified below for the following reasons, and is never used for any other purpose. If it is necessary to retain member information in accordance with the provisions of relevant laws such as the Commercial Act, the Act on Consumer Protection in Electronic Commerce, etc., the company retains member information for a certain period as stipulated by relevant laws. In this case, the company uses the information only for the purpose of retention, and the retention period is as follows.

Type	Reason for Retention	Retention Period
Website visit records	Protection of Communications Secrets Act	3 months
Records on consumer complaints or dispute resolution	Act on Consumer Protection in Electronic Commerce, etc.	3 years
Records on payment and supply of goods, etc.	Act on Consumer Protection in Electronic Commerce, etc.	5 years
Records on contracts or withdrawal of subscription, etc.	Act on Consumer Protection in Electronic Commerce, etc.	5 years
Records on collection/processing and use of credit information	Use and Protection of Credit Information Act	3 years
Records on display/advertising	Act on Consumer Protection in Electronic Commerce, etc.	6 months

6. Personal Information Destruction Procedures and Methods

Destruction Procedure
Information entered by individuals for the use of the company's services is transferred to a separate DB (separate documents in the case of paper) after the collection purpose has been achieved, and is stored for a certain period according to internal policies and other relevant laws, or is immediately destroyed. At this time, personal information transferred to a separate DB is not used for other purposes except as required by law.
Destruction Method
- Information in electronic file format is deleted using technical methods that cannot reproduce the records.
- Personal information printed on paper is destroyed by shredding with a shredder or by incineration.

7. Rights of Users and Legal Representatives

Users can view or modify their personal information at any time, and if they do not agree to the company's processing of personal information, they can refuse consent or request membership termination (withdrawal). However, in such cases, it may be difficult to use some or all of the services.
For viewing and modifying personal information, users can directly access, correct, or withdraw through the "Personal Information Change" (or "Member Information Modification", etc.) procedure, and for membership termination (consent withdrawal), through the "Member Withdrawal" procedure after going through the identity verification process. Alternatively, if you contact the protection officer in writing, by phone, or by email, we will take action without delay.
If a user requests correction of errors in personal information, we will not use or provide the personal information until the correction is completed.
In addition, if incorrect personal information has already been provided to a third party, we will notify the third party of the correction result without delay so that the correction can be made.
The company processes personal information that has been terminated or deleted at the request of users in accordance with "4. Retention and Use Period of Personal Information" and processes it so that it cannot be viewed or used for other purposes.

8. Technical and Administrative Measures for Personal Information Protection

Personal Information Encryption
Important information such as user passwords is encrypted, stored, and managed, and personal information can only be confirmed and changed by the user themselves.
Measures Against Hacking
The company is doing its best to prevent the leakage or damage of members' personal information due to hacking or computer viruses. We regularly back up data to prepare for damage to personal information, and use the latest anti-virus programs to prevent users' personal information or data from being leaked or damaged, and use encrypted communication to safely transmit personal information over the network. We also control unauthorized access from outside using an intrusion prevention system, and are striving to equip all possible technical devices to secure security systematically.
Minimization and Training of Personal Information Handling Staff
We minimize the number of employees who handle personal information and provide personal information protection training to relevant employees. Access rights to personal information processors are granted to a minimum number of personnel and are regularly updated, and we always emphasize compliance with the company's personal information processing policy through frequent training of personnel.
Operation of a Dedicated Personal Information Protection Organization
We operate a dedicated department for personal information protection and strive to immediately correct and rectify any issues found by checking the implementation of the personal information handling policy and compliance of personal information handlers.

9. Personal Information Manager and Department in Charge

Personal Information Protection Officer
Name : Seunghun Kim
Position : CEO
Rank : CEO
Contact : contact@helloboard.io

Personal Information Protection Department
Department : Personal Information Protection Department
Contact : contact@helloboard.io

Related Organizations

Personal Information Infringement Report Center (http://www.118.or.kr, 118 (without area code))
Supreme Prosecutors'Office Cyber Crime Investigation Division (http://www.spo.go.kr, 1301 (without area code))
Personal Information Dispute Mediation Committee (http://www.kopico.go.kr, 1833-6972 (without area code))
National Police Agency Cyber Security Bureau (http://www.ctrc.go.kr, 182 (without area code))

10. Others

Please note that this Privacy Policy does not apply to the collection of personal information by external websites linked to the services provided by the company.

11. Obligation to Notify Privacy Policy

This Privacy Policy is effective from May 1, 2025. However, if the Privacy Policy is changed, it will be announced 30 days in advance and implemented after 30 days have passed. In addition, if content related to matters requiring separate consent from customers is added or changed in accordance with relevant laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., regarding the collection and use of personal information and provision to third parties, the company will obtain separate consent from customers in accordance with relevant laws.

Addendum
Article 1 This policy is effective from May 1, 2025.