개인정보처리방침
비즈AI는 회원님의 개인정보를 소중히 생각하며, 관련 법령에 따라 안전하게 보호하고 있습니다.
개인정보처리방침 정보
시행일자: 2025년 1월 1일
최종 수정일: 2025년 7월 25일
개인정보보호책임자: 반창혁 (changhyeok@naver.com)
목차
This is an English translation provided for convenience. In case of any discrepancy, the Korean version shall prevail.
1. Purpose of Processing Personal Information
BizAI (hereinafter the "Company") processes personal information for the following purposes. The personal information being processed shall not be used for any purpose other than those listed below, and if the purpose of use is changed, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
A. Website Membership Registration and Management
- Verification of intent to register as a member
- Identification and authentication of individuals for the provision of membership-based services
- Maintenance and management of membership status
- Prevention of fraudulent use of services
- Various notices and notifications
- Handling of grievances
B. Provision of Goods or Services
- Provision of lecture services
- Provision of content
- Provision of customized services
- Identity verification
- Payment and settlement of fees
- Debt collection
C. Use for Marketing and Advertising
- Development of new services (products) and provision of customized services
- Provision of events and advertising information and opportunities to participate
- Provision of services and placement of advertisements based on demographic characteristics
- Verification of the effectiveness of services
- Analysis of access frequency or statistics on members' use of services
2. Processing and Retention Period of Personal Information
The Company processes and retains personal information within the retention and use period stipulated by applicable laws or within the retention and use period agreed upon by the data subject at the time of collection.
| Purpose of Processing | Personal Information Items | Retention Period |
|---|---|---|
| Website membership registration and management | Name, email, phone number, password | Until membership withdrawal |
| Provision of goods or services | Name, email, payment information, course history | 5 years after completion of service provision |
| Use for marketing and advertising | Name, email, service usage records | Until withdrawal of consent |
| Retention pursuant to laws | Records related to contracts or withdrawal of subscription, etc. | 5 years |
Where retention is required under applicable laws, personal information will be retained for the relevant period.
3. Items of Personal Information Processed
The Company processes the following items of personal information.
A. Mandatory Items
- Name : Member identification and service provision
- Email address : Login ID, service-related notices
- Password : Identity verification and security
- Mobile phone number : Identity verification, delivery of important notices
B. Optional Items
- Date of birth : Provision of customized services
- Gender : Statistical analysis and provision of customized services
- Areas of interest : Personalized content recommendations
- Profile picture : Enhancement of service usability
C. Automatically Collected Items
- IP address, cookies, MAC address, service usage records
- Access logs, country of access information
- Records of improper use
D. Payment Information (When Using Paid Services)
- Credit card number, bank account information
- Payment approval number, payment date and time
Payment information is stored in encrypted form and is destroyed immediately upon completion of payment.
4. Provision of Personal Information to Third Parties
In principle, the Company processes the data subject's personal information within the scope specified for the purposes of collection and use, and does not process it beyond the original purpose or provide it to third parties without the prior consent of the data subject.
However, the following cases are exceptions:
- Where separate consent has been obtained from the data subject
- Where there are special provisions in law or where it is unavoidable to comply with legal obligations
- Where the data subject or their legal representative is unable to express their intention, or where prior consent cannot be obtained due to unknown address or similar reasons, and it is deemed clearly necessary for the urgent benefit of the life, body, or property of the data subject or a third party
- Where it is necessary for purposes such as compiling statistics or academic research, and personal information is provided in a form that does not identify a specific individual
Current Status of Provision to Third Parties
| Recipient | Purpose of Provision | Items Provided | Retention and Use Period |
|---|---|---|---|
| TossPayments Co., Ltd. | Processing of payments for paid services such as lectures and goods, and management of payment records | Name, payment information | Until completion of supply of goods/services and the retention period required under applicable laws |
5. Consignment of Personal Information Processing and Overseas Transfer
For the smooth processing of personal information tasks, the Company consigns personal information processing tasks as follows.
| Consignee (Data Processor) | Details of Consigned Tasks | Retention and Use Period of Personal Information |
|---|---|---|
| Google LLC | Email (SMTP) delivery — membership registration verification, service notices | Until termination of the consignment contract |
| icode | SMS (text message) delivery | Until termination of the consignment contract |
| Cloudflare, Inc. | Video content streaming and delivery (CDN) | Until termination of the consignment contract |
When concluding a consignment contract, in accordance with Article 26 of the Personal Information Protection Act, the Company specifies in documents such as the contract matters concerning the prohibition of processing personal information for purposes other than performing the consigned tasks, technical and managerial protection measures, restrictions on re-consignment, management and supervision of the consignee, and liability such as compensation for damages, and supervises whether the consignee processes personal information safely.
Overseas Transfer of Personal Information
For the provision of services such as video content streaming, the Company transfers personal information overseas as follows. The data subject may refuse the overseas transfer of personal information, and if refused, the use of some services such as watching video lectures may be restricted.
| Recipient of Transfer | Country of Transfer | Items Transferred | Date and Method of Transfer | Purpose of Use | Retention and Use Period |
|---|---|---|---|---|---|
| Cloudflare, Inc. | United States | IP address, device/access information, video viewing records | Transmitted via the information and communications network at the time of service use | Video content streaming and delivery (CDN) | Until achievement of the purpose of use or termination of the consignment contract |
| Google LLC | United States | Name, email address | Transmitted via the information and communications network at the time of email delivery | Email (SMTP) delivery | Until achievement of the purpose of use or termination of the consignment contract |
How to refuse overseas transfer: Members may refuse the overseas transfer of personal information through the customer center (changhyeok@naver.com) or by withdrawing their membership. However, the use of some services such as video lectures may be restricted.
6. Rights and Obligations of the Data Subject
The data subject may exercise the following rights related to the protection of personal information against the Company at any time.
A. Request for Notification of Personal Information Processing Status
The data subject may request notification of the personal information processing status pursuant to Article 35 of the Personal Information Protection Act.
B. Request to Access Personal Information
The data subject may request access to their personal information pursuant to Article 35 of the Personal Information Protection Act, and the Company shall respond without delay.
C. Request to Correct or Delete Personal Information
The data subject may request correction or deletion of their personal information pursuant to Article 36 of the Personal Information Protection Act.
D. Request to Suspend Processing of Personal Information
The data subject may request suspension of the processing of their personal information pursuant to Article 37 of the Personal Information Protection Act.
Rights may be exercised in writing, by email, by facsimile (FAX), etc., pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
Rights may also be exercised through a representative such as the data subject's legal representative or a duly authorized agent. In this case, a power of attorney in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
7. Destruction of Personal Information
When personal information becomes unnecessary due to the expiration of the retention period or the achievement of the processing purpose, the Company destroys the relevant personal information without delay.
A. Destruction Procedure
- Information entered by the member is transferred to a separate database (or a separate set of documents in the case of paper) after the purpose is achieved, and is stored for a certain period in accordance with internal policies and other applicable laws before being destroyed, or is destroyed immediately.
- At this time, personal information transferred to the database is not used for any other purpose except as required by law.
B. Destruction Deadline
- Where the retention period of the user's personal information has elapsed, it is destroyed within 5 days from the end of the retention period.
- Where personal information becomes unnecessary due to the achievement of the processing purpose, the discontinuation of the relevant service, the closure of the business, etc., it is destroyed within 5 days from the date on which the processing of the personal information is deemed unnecessary.
C. Destruction Method
- Information in electronic file form : Destroyed using methods such as Low Level Format so that the records cannot be reproduced
- Personal information printed on paper : Destroyed by shredding with a shredder or by incineration
8. Measures to Ensure the Security of Personal Information
In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, managerial, and physical measures necessary to ensure security.
A. Minimization and Training of Staff Handling Personal Information
The Company implements measures to manage personal information by designating staff who handle personal information and limiting them to dedicated personnel, thereby minimizing the number of such staff.
B. Regular Self-Audits
To ensure the security of personal information handling, the Company conducts self-audits on a regular basis (once per quarter).
C. Establishment and Implementation of an Internal Management Plan
The Company establishes and implements an internal management plan for the safe processing of personal information.
D. Encryption of Personal Information
Users' personal information, with passwords stored and managed in encrypted form so that only the individual can know them, and the Company uses separate security functions such as encrypting files and transmitted data or using file-locking functions for important data.
E. Technical Measures Against Hacking, etc.
To prevent leakage and damage of personal information caused by hacking, computer viruses, etc., the Company installs security programs, periodically updates and inspects them, installs systems in areas with controlled access from the outside, and monitors and blocks them both technically and physically.
F. Restriction of Access to Personal Information
The Company takes necessary measures to control access to personal information by granting, changing, and revoking access rights to the database system that processes personal information, and controls unauthorized access from the outside using an intrusion prevention system.
G. Retention of Access Records and Prevention of Forgery and Alteration
The Company retains and manages records of access to the personal information processing system for at least 1 year; however, where personal information of 50,000 or more data subjects is processed or unique identification information is processed, such records are retained and managed for at least 2 years.
H. Use of Locking Devices for Document Security
The Company stores documents and auxiliary storage media containing personal information in a secure location with a locking device.
9. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
A. Purpose of Using Cookies
The Company uses "cookies" that store and frequently retrieve usage information in order to provide users with individually customized services.
B. Installation, Operation, and Refusal of Cookies
- Users can refuse the storage of cookies through the option settings in the Tools > Internet Options > Privacy menu at the top of the web browser.
- If you refuse the storage of cookies, difficulties may arise in using customized services.
C. Web Analytics Tools
This website uses Google Analytics, a web analytics service. Google Analytics uses "cookies" to analyze the use of the website.
Information about your use of the website (including your IP address) generated by Google Analytics is transmitted to and stored on Google servers.
D. Advertising Identifiers in Mobile Apps
In mobile apps, advertising identifiers (ADID, IDFA) may be collected to provide customized advertising services, and these can be blocked in the settings of the mobile device.
10. Personal Information Protection Officer
The Company designates a Personal Information Protection Officer as follows, who is overall responsible for tasks related to the processing of personal information and handles complaints and remedies for damages from data subjects related to the processing of personal information.
Personal Information Protection Officer
Name: Ban Chang-hyeok
Position: CEO
Contact: 070-7012-2881
Email: changhyeok@naver.com
Data subjects may direct all inquiries, complaints, and requests for remedies related to personal information protection arising while using the Company's services (or business) to the Personal Information Protection Officer. The Company will respond to and handle the data subject's inquiries without delay.
11. Remedies for Infringement of Rights and Interests
Data subjects may file reports of personal information infringement or seek consultation with the following organizations. These organizations are separate from the Company; if you are not satisfied with the Company's own handling of personal information complaints and remedies for damages, or if you need more detailed assistance, please contact them.
Personal Information Protection Commission
Responsibilities: Receipt and handling of personal information infringement reports, mediation of collective disputes (personal information infringement reports from overseas, online reports)
Website: privacy.go.kr
Phone: 182 (no area code required)
Address: (03171) 4th Floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul
Personal Information Protection Specialized Organizations
Personal Information Infringement Report Center: 118 (no area code required) (privacy.go.kr)
Personal Information Dispute Mediation Committee: 1833-6972 (no area code required) (www.kopico.go.kr)
Cyber Crime Investigation Division, Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)
Cyber Terror Response Center, National Police Agency: 182 (no area code required) (cyberbureau.police.go.kr)
Any person whose rights or interests have been infringed due to a disposition or omission made by the head of a public institution in response to a request under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction or Deletion of Personal Information), or Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may request an administrative appeal in accordance with the Administrative Appeals Act.
Central Administrative Appeals Commission: 110 (no area code required) (www.simpan.go.kr)
12. Changes to the Privacy Policy
This Privacy Policy applies from its effective date, and in the event of any additions, deletions, or corrections to its contents due to laws or policies, such changes will be notified through announcements from 7 days prior to the implementation of the changes.
Revision History
- v1.0 (January 1, 2024): Initial enactment of the Privacy Policy
- v1.1 (July 1, 2024): Added provisions related to the use of cookies
- v2.0 (January 1, 2025): Reflected the strengthened personal information protection policy
- v2.1 (July 25, 2025): Updated information on personal information processing consignees
This policy is effective from July 25, 2025.
Inquiries and Reports
If you have any inquiries about the Privacy Policy, please contact us at the following:
- Email: changhyeok@naver.com
- Phone: 070-7012-2881
- Address: Room 220, Building B, Taewang Alpha City Suseong, 11 Alpha City 1-ro 42-gil, Suseong-gu, Daegu
Consent to Collection and Use of Personal Information
In accordance with Articles 15, 17, 22, and 24 of the Personal Information Protection Act, BizAI seeks your consent to the collection and use of personal information as follows.
You have the right to refuse consent to the collection and use of mandatory personal information; however, if you refuse consent, the use of services may be restricted.
Consent to Use for Marketing (Optional)
The Company uses the collected personal information for the following purposes, and you have the right to refuse consent. Even if you refuse consent to optional information, you may still use the services.
- Development of new services and provision of customized services
- Provision of events and advertising information
- Statistics and analysis on the use of services
Methods of Collecting Personal Information
The Company collects personal information through the following methods:
- Website, written forms, fax, telephone, consultation bulletin boards, email
- Provision from partner companies
- Collection through generated-information collection tools