Privacy Policy
SwissFriends Privacy Policy
Artfriends Inc. (the "Company") complies with the Personal Information Protection Act and related laws in connection with the SwissFriends service it operates (the "Service"), and establishes and discloses this Privacy Policy as follows in order to protect Members' personal information.
Article 1 (Purpose of Processing, Items Processed, and Retention Period)
The Company collects the minimum personal information necessary to provide the Service. The items collected are divided into required items and optional items.
1. Required Items
| Category | Purpose of Collection | Items Collected | Retention and Use Period |
|---|---|---|---|
| Sign-up (social login) | Identity verification, provision of membership services, account management | Email, name or nickname, and user identifier provided by the social login provider (Naver, Apple, Google) | Until account withdrawal |
| Community chat service | Providing real-time community chat, service operation, prevention of abuse, dispute handling | Nickname, profile picture (if set), self-introduction (if set), chat messages and images | Until account withdrawal (retained for the required period where retention is mandated by law) |
| AI travel assistant | Generating the in-chat AI assistant's responses (weather, travel information, etc.) | Content of messages the user sends to the AI | Until the purpose of generating the response is achieved (see Article 3, Delegation) |
| Push notifications | Sending app push notifications (new messages, mentions, reactions, etc.) | Device push token (FCM/APNs) | Until account withdrawal or notifications are disabled |
| Service operation and security | Ensuring service stability, preventing abuse and misuse, rate limiting | Access logs, IP address, device and browser information | Retention period required by relevant laws |
2. Optional Items
| Category | Purpose of Collection | Items Collected | Retention and Use Period |
|---|---|---|---|
| Service usage analysis and statistics | Statistical analysis of service usage, service improvement | Service usage records (app usage history, access logs, cookies), device information, de-identified information | Destroyed without delay upon withdrawal of consent or account withdrawal (retained for the applicable period where separate retention is required by law) |
The Company may de-identify users' access information and the like so that specific individuals cannot be identified, and use it for purposes such as service improvement and statistical analysis.
SwissFriends does not provide paid payment, product purchase, or reservation features, and therefore does not collect payment methods, settlement information, reservation-holder information, or the like.
Article 2 (Provision of Personal Information to Third Parties)
The Company processes a data subject's personal information only within the scope specified in Article 1 and, in principle, does not provide personal information to third parties. It provides personal information to third parties only where Articles 17 and 18 of the Personal Information Protection Act apply, such as with the data subject's consent or under special provisions of law.
The Company may provide personal information to relevant authorities without the data subject's consent as follows.
| Legal Basis | Recipient | Purpose of Provision | Items Provided |
|---|---|---|---|
| Personal Information Protection Act Article 18(2)2 (special provisions of law), Criminal Procedure Act Article 215 | Competent police agency, prosecutors' office | Requests made through search, seizure, or verification warrants | Information within the scope of the request |
※ Where personal information is provided to an overseas third party or delegated overseas, such matters are separately described in Article 3 (Delegation of Personal Information Processing).
Article 3 (Delegation of Personal Information Processing)
The Company may delegate personal information processing tasks in order to provide the Service, and manages and supervises the delegated companies to ensure their compliance with the law.
Overseas Delegatees
| Delegatee | Destination Country | Timing and Method of Transfer | Delegated Task (Purpose) | Retention and Use Period |
|---|---|---|---|---|
| Google LLC (Google Cloud Platform, Firebase Cloud Messaging) | United States | Transmitted over the network from the time of service use | Server and data storage infrastructure, sending Android push notifications | Destroyed immediately upon account withdrawal or withdrawal of consent |
| Apple Inc. (Apple Push Notification service) | United States | Transmitted over the network from the time of sending a push | Sending iOS push notifications | Until the purpose of delegation is achieved |
| Anthropic PBC / OpenAI, L.L.C. | United States | Transmitted over the network from the time the AI assistant is invoked | Generating the AI travel assistant's responses (large language model processing) | Until the purpose of processing the request is achieved |
The above delegation status must be verified and updated according to actual contracts and operations (item for pre-launch legal review).
Article 4 (Destruction of Personal Information)
When the retention period for personal information has elapsed or the purpose of processing has been achieved, the Company destroys the relevant information without delay.
- Electronic file form: deleted using a technical method that makes recovery impossible
- Paper document form: destroyed by shredding or incineration
When a Member requests account withdrawal from the Service, the Company destroys the personal information without delay, except for information subject to a retention obligation under relevant laws. However, chat messages and the like that other Members are viewing may be retained in an anonymized state in which the author cannot be identified, for the normal operation of the Service.
Article 5 (Rights of the Data Subject and How to Exercise Them)
Members may at any time request to access, correct, delete, or suspend the processing of their personal information, or withdraw their consent.
- Requests can be made directly through the in-service My Page or via the Privacy Officer's contact details below (email, phone)
- Rights may be exercised through a legal representative or an authorized agent
Article 6 (Measures to Ensure the Security of Personal Information)
The Company implements the following measures to ensure the security of personal information.
- Administrative measures: establishment and implementation of an internal management plan, employee training
- Technical measures: access-rights management, encryption, installation of security programs
- Physical measures: access control to computer rooms and data storage rooms
Article 7 (Installation and Operation of Automatic Personal Information Collection Devices, and Refusal Thereof)
The Company may use cookies and the like in the course of providing the Service.
Members may refuse to store cookies through their browser settings, but some parts of the Service may then be restricted.
Article 8 (Privacy Officer)
The Company designates a Privacy Officer to handle inquiries and complaints related to personal information processing.
- Privacy Officer: Chansu Seo
- Position: CEO
- Contact: Phone 070-7918-3582, Email info@artfrnd.com
Article 9 (Purpose of AI Use and Processing of Pseudonymized/Anonymized Information)
The Company provides an in-chat AI travel assistant feature and, for this purpose, may transmit the messages a user sends to the AI to overseas delegatees for large language model (LLM) processing (see Article 3). The Company may pseudonymize or anonymize personal information and use it for purposes such as compiling internal statistics and improving the Service; in such cases it ensures that individuals cannot be identified and complies with the security measures required by law.
Article 10 (Remedies for Infringement of the Data Subject's Rights)
- In order to obtain relief for personal information infringement, a data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Privacy Infringement Report Center, and the like.
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Privacy Infringement Report Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
- National Police Agency: 182 (ecrm.cyber.go.kr)
- The Company guarantees the data subject's right to informational self-determination and strives to provide consultation and remedies for personal information infringement. If you need to file a report or seek consultation, please contact the address specified in Article 8 (Privacy Officer).
Article 11 (Effective Date and Notice)
This Privacy Policy takes effect on ____ , 20. (effective date to be confirmed)
The Company may amend this Privacy Policy in accordance with changes in laws, policies, or security technology, and where there are changes, it will notify Members through in-service announcements (or a separate notice).