Spray Privacy Policy

Indent Corporation Privacy Policy

Indent Corporation (https://spray.io/ hereinafter referred to as 'Company', 'Spray') complies with the personal information protection regulations of relevant laws and regulations that information and communication service providers must comply with, such as the Communications Secrets Protection Act, the Telecommunications Business Act, the Personal Information Protection Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, and is committed to protecting the rights and interests of users by establishing a privacy policy in accordance with relevant laws and regulations.

The privacy policy may be changed if there are changes in laws or guidelines related to personal information, or if the company's policy changes, but we will notify members of the changes without delay and post them on the privacy policy change history page so that you can check them at any time.

The Company's Privacy Policy contains the following contents.

Items of personal information to be collected and methods of collection

Purpose of collection and use of personal information

Provision of personal information to third parties

Consignment of personal information processing

Retention and use period of personal information

Procedures and methods for destroying personal information

Rights of users and legal representatives and how to exercise them

Matters concerning the installation/operation and rejection of automatic personal information collection devices

Measures to ensure the safety of personal information

10.

Contact information of the person in charge of personal information protection and the person in charge

11.

Notification of changes and request for consent

1. Items of Personal Information to be Collected and Methods of Collection.

A. Items of personal information to be collectedInformation of the person participating in the campaign (hereinafter referred to as "Campaigner"): Name, date of birth, gender, mobile phone number, *Additional personal information for campaign participation, shipping address, email address, SNS ID

•

Additional personal information required for participation in the Campaign may include size information, color information, skin type, age, etc.

B. Collection Method

We collect personal information after you express your intention to participate in the campaign.

2. Purpose of collecting and using personal information‍

Spray collects and utilizes necessary information related to the operation of affiliate marketing campaigns.

User data collected through Google Workspace APIs (including Gmail API) is used restrictively as follows:

No data collected through Google Workspace APIs will be used for the development, improvement, or training of generalized artificial intelligence (AI) or machine learning (ML) models.

The collected data will only be used to provide direct functionality of [Service Name] service.

We comply with Google's API Services User Data Policy

3. Provision of Personal Information to Third Parties Spray does not provide personal information to third parties except in cases falling under Article 17 of the Personal Information Protection Act, such as separate consent of the information subject, special provisions of the law, etc.

4. Consignment of Personal Information Processing SPRAY consigns personal information as follows to improve its services, and stipulates the necessary matters to ensure that personal information is managed safely in the consignment contract in accordance with the relevant laws and regulations. Spray entrusts personal information processing organizations and entrusted tasks as follows:1. Service-based infrastructure operation. Entrustee (Trustee): Amazon Web Services, Inc (Korea) I. Contents of consignment: Operation of infrastructure where personal information is stored. Retention period: Until the message service fulfills the purpose of use. Consignee (Trustee): Summers Platform (BizM) I. Contents of the entrusted work: Consignment of Kakao Alert Talk to campaign participants. Retention period: Until the member withdraws or the period prescribed by relevant laws and regulations or the end of the consignment contract

5. Retention and use period of personal information The Company collects users' personal information within the minimum scope necessary to provide the Service, and uses the collected information only within the scope of the user's consent. The Company does not use or disclose the user's personal information beyond the scope of consent without prior consent. The Company collects, uses, retains, and destroys the user's personal information as follows depending on the services provided.

Grounds for Retention	Records Retained	Retention Period
Act on the Protection of Communications Secrets	Personal information related to service use (login records)	3 months
Act on Consumer Protection in Electronic Commerce, etc.	Personal information related to service use (login records)	5 years
Act on Consumer Protection in Electronic Commerce, etc.	Records on payment and supply of goods, etc.	5 years
Act on Consumer Protection in Electronic Commerce, etc.	Records on consumer complaints or dispute handling	3 years
Company internal policies	Records of fraudulent or abnormal usage: Mobile phone number, email address, IP, log records	1 year

6. Destruction of Personal Information In principle, the Company destroys the collected personal information immediately after the purpose of use is achieved. If the retention period of personal information agreed to by the information subject has elapsed or the purpose of processing has been achieved, but the personal information must continue to be preserved in accordance with other laws and regulations, the personal information shall be transferred to a separate database (DB) or preserved in a different storage location. a. Destruction Procedure After the purpose of collecting and using personal information of users is achieved, the information shall be destroyed without delay after the retention period. However, it may be destroyed after being stored for a certain period of time in accordance with laws and regulations. If it is in the form of an electronic file, it is completely deleted using a technical method so that it cannot be recovered and reproduced, and in the case of records, printed materials, written materials, etc., it is destroyed by shredding or incineration.B. Method of DestructionPersonal information stored in the form of electronic files shall be destroyed in such a way that it cannot be restored. Personal information printed on paper (printed matter, written matter, etc.) shall be destroyed by shredding or incineration through a shredder.

7. Rights of Users and Legal Representatives and How to Exercise Them Members and their legal representatives may request access, modification, withdrawal of consent, deletion, etc. of personal information processed by the Company at any time, and may also request deletion of their accounts. However, if you withdraw your consent to the collection and processing of personal information or delete your account, you may be restricted from using some or all of the services.If a member requests correction of errors in personal information, the Company will not use or provide personal information until the error is corrected. In addition, if incorrect personal information is provided to a third party, the Company will notify the third party without delay of the corrected personal information at the request of the member so that the correction of the personal information can be made.The Company processes personal information requested by the member or legal representative to terminate the service use contract or delete the account as specified in the 'Retention and Use Period of Personal Information' and does not allow the member to view or use it for any other purpose.

8. Installation/Operation and Refusal of Automatic Personal Information Collection Devices In order to provide appropriate services to visitors to the Company's website, the Company uses 'cookies' to store and retrieve users' information from time to time. Cookies are small amounts of information sent to the user's computer browser by the server (HTTP) used to operate the website, and are also stored on the hard disk of the user's PC computer. a. Purpose of use of cookiesCookies are used to store and retrieve information of users. Purpose of use of cookiesCookies are used to prevent duplicate notifications of pop-up notices.Cookies are used to prevent pop-ups for writing reviews.B. Installation/operation and refusal of cookiesYou have the option to install cookies. Therefore, you can accept all cookies, confirm each time a cookie is saved, or refuse to save all cookies by setting options in your web browser.To refuse to set cookies, you can accept all cookies, confirm each time a cookie is saved, or refuse to save all cookies by selecting options in your web browser. - Example settings (for Internet Explorer): Tools > Internet Options > Privacy at the top of your web browser

9. Measures to secure the safety of personal information In accordance with Article 29 of the Personal Information Protection Act, SPRAY takes the following technical/administrative and physical measures necessary to ensure safety: a. Minimization of personal information processing staffSPRAY designates employees who process personal information and implements measures to manage personal information by minimizing access rights. b. Establishment and implementation of internal management planSPRAY establishes and implements an internal management plan for the safe processing of personal information. Spray conducts regular in-house and external training for employees who handle personal information on acquiring new security skills and their obligations to protect personal information.The handover of personal information-related tasks is carried out thoroughly while maintaining security, and responsibilities for personal information accidents are clarified after joining and leaving the company. We prevent information leakage by employees in advance by requiring newly hired employees to sign an information protection pledge or privacy pledge, and we have established and continuously implement internal procedures to audit the implementation of the privacy policy and compliance by employees. In addition, if your personal information is lost, leaked, altered, or damaged due to an internal manager's mistake or technical management accident, Spray will immediately notify you and take appropriate measures and compensation. Encryption of Personal InformationYour personal information is stored and managed with an encrypted password so that only you can know it, and for important data, we use separate security functions such as encrypting file and transmission data or using a file lock function. Restriction of access to personal informationWe take necessary measures to control access to personal information by granting, changing, or canceling access rights to the database system that processes personal information, and we use an intrusion prevention system to control unauthorized access from the outside.

10. Personal Information Protection Officer SPRAY is responsible for the overall handling of personal information and designates the person in charge of personal information protection as follows to handle complaints and remedy damages of information subjects related to the handling of personal information.Personal Information Protection OfficerName: Chungsoo Kim (COO)Email: contact@indentcorp.com ‍Department in charge of handling personal information complaintsDepartment: Customer SupportEmail: contact@indentcorp.comThe information subject may contact the personal information protection officer and the department in charge for all personal information protection-related inquiries, complaints, and damage relief arising from the use of Spray's services (or business). SPRAY will respond to and handle inquiries from the information subject without delay.

11. Notification of Changes and Request for Consent This Privacy Policy is applicable from the effective date. If the company changes the privacy policy, the company will continuously disclose the timing of the change and implementation, and the changed contents, and the changed contents will be disclosed at least 7 days in advance by comparing the before and after changes so that members can easily check them.