Política de privacidad

K-Culture Space lawfully processes and securely manages personal information in compliance with the Personal Information Protection Act of Korea and related laws and regulations to protect users' freedom and rights. Under Article 30 of the Personal Information Protection Act, we establish and disclose this Privacy Policy to explain procedures and standards for processing and protecting personal information and to handle related concerns quickly and smoothly.

Purpose of Processing Personal Information

We process personal information for the following purposes. Personal information currently processed is not used for purposes other than those listed below. If the purpose of use changes, we will take necessary measures, including obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

1. Service provision: prevention of abusive use and operational management of the service, and provision of search and AI chat services

Items of Personal Information Processed

We collect and use personal information only within the minimum scope necessary to provide services. During service provision, we process the following information directly provided by users and information automatically generated/collected, without separate consent where permitted by law. Generated information such as device data may be automatically collected during use of web/app services.

1. Service operations
   • Legal basis: Article 15(1)4 of the Personal Information Protection Act ("performance of contract")
   • Collected and used items: cookies, device information (IP address, web browser type, operating system), service usage records (search terms, inquiry content)

Processing and Retention Period

1. We process and retain personal information within the retention/use period required by law or agreed to by users at the time of collection. In principle, user personal information is destroyed without delay once the processing purpose is achieved.
2. Retention periods for each processing purpose are as follows.
   1. Prevention of abusive use and service operation management: destroyed without delay after real-time abuse detection and appropriate actions for abnormal system behavior
   2. Provision of search and AI chat services: destroyed without delay after completion of the search/chat service

Procedure and Method of Destruction

1. When personal information becomes unnecessary due to expiration of the retention period, achievement of the processing purpose, or similar reasons, we destroy the information without delay.
2. If personal information must continue to be retained under other laws even after the agreed retention period has passed or the processing purpose has been achieved, such information is moved to a separate database (DB) or stored in a different location.

Provision of Personal Information to Third Parties

1. We process users' personal information only within the scope stated in this Privacy Policy. We provide personal information to third parties only where users consent, where special provisions of law apply, or where Articles 17 and 18 of the Personal Information Protection Act permit such provision. Otherwise, we do not provide personal information to third parties. However, personal information may be processed in the following cases.
   1. Where the user has agreed in advance to third-party provision and disclosure
   2. Where disclosure is required by laws and regulations

Entrustment of Personal Information Processing

1. For smooth processing of personal information-related tasks, we entrust certain processing operations as follows.
   1. Entrusted party (processor): Google LLC
   2. Entrusted task: processing user search terms and inquiry content through AI models
2. When entering into an entrustment contract, we specify in written documents (such as contracts), in accordance with Article 26 of the Personal Information Protection Act, matters including prohibition of processing personal information for purposes other than entrusted tasks, technical/administrative safeguards, limits on re-entrustment, management/supervision of processors, and liability such as damages, and we supervise whether processors handle personal information safely.
3. Under Article 26(6) of the Personal Information Protection Act, if a processor re-entrusts our personal information processing tasks, prior consent from us is required. If entrusted tasks or processors change, we will disclose such changes through this Privacy Policy without delay.

Cross-Border Collection and Processing of Personal Information

1. To provide services, we collect and process personal information outside Korea.
   1. Legal basis for overseas transfer: Article 28-8(1)3(a) of the Personal Information Protection Act (overseas entrustment/storage for contract performance)
   2. Personal information items entrusted for processing: user search terms and inquiry content
   3. Country receiving the personal information: United States
   4. Timing and method of transfer: remote transfer over a dedicated encrypted network within 0 days from service use
   5. Recipient (entrusted processor) of transferred personal information: Google LLC
   6. Purpose of use: infrastructure development/operation for service provision and provision of AI services
   7. Retention/use period: Google LLC uses the data only for real-time processing purposes and deletes it immediately after processing is complete. However, certain data may be retained for a limited period to comply with legal requirements. For details, refer to the official terms.
   8. Method/procedure/effect of refusal: users may refuse overseas transfer by discontinuing use of the service. However, due to service characteristics, refusing overseas transfer may limit service use.

Measures to Ensure Security of Personal Information

1. We take the following measures to ensure the security of personal information.
   1. Administrative measures: establishment/implementation of internal management plans, regular employee training
   2. Technical measures: access control and permission management for personal information processing systems, access control systems, encryption of personal information, installation and updates of security programs
   3. Physical measures: access control for servers and file systems

Installation/Operation of Automatic Collection Devices and Refusal

Automatically collected devices in operation

1. We use cookies to store and retrieve usage information in order to provide personalized services and convenience.

2. Cookies are small pieces of information sent by the website server (http) to the user's browser and stored on the user's PC or mobile device.

3. Users can allow or block cookies through web browser settings. However, refusing cookie storage may make it difficult to use customized services.

   ▶ Allow/block cookies in web browsers

   • Chrome: Browser Settings > Privacy and Security > Clear browsing data
   • Edge: Browser Settings > Cookies and Site Permissions > Manage and delete cookies and site data

   ▶ Allow/block cookies in mobile browsers

   • Chrome: Mobile Browser Settings > Privacy and Security > Clear browsing data
   • Safari: Device Settings > Safari > Advanced > Block All Cookies
   • Samsung Internet: Mobile Browser Settings > Browsing history > Clear browsing data

• For questions about behavioral information, exercise of opt-out rights, or reporting of harms, users may contact us below.

  ▶ Privacy contact

  • Contact: K-Culture Space
  • Email: kculturespace@googlegroups.com

Users' Rights, Obligations, and Methods of Exercise (including Legal Representatives)

1. Users may exercise rights at any time, including requesting access, correction, deletion, suspension of processing, withdrawal, objection to automated decisions, or explanation thereof (collectively, "exercise of rights").
   ※ For children under 14, legal representatives must directly request access, etc. For minors aged 14 or older, the minor may exercise rights directly or through a legal representative.

2. Rights may be exercised by written document, email, fax, etc. under Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and we will act without delay.

3. Rights may also be exercised through an agent such as a legal representative or authorized person. In this case, a power of attorney in the form of Appendix Form No. 11 of the "Public Notice on Methods of Processing Personal Information" must be submitted.

4. Requests for access and suspension of processing may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.

5. If other laws expressly designate the relevant personal information as a collection target, deletion of that information may not be requested.

6. We verify whether the person exercising rights is the data subject or a duly authorized representative.

7. Users may exercise rights through the contact information below, and we will strive to process such requests promptly.

   ▶ Contact for access and rights requests

   • Contact: K-Culture Space
   • Email: kculturespace@googlegroups.com

Chief Privacy Officer

1. We designate the following person in charge to oversee personal information processing and handle user complaints and remedies related to personal information processing.

   ▶ Chief Privacy Officer

   • Contact: K-Culture Space
   • Email: kculturespace@googlegroups.com

2. Users may contact the Chief Privacy Officer regarding all privacy-related inquiries, complaints, and remedies arising while using our services, and we will respond and process them without delay.

Additional Notice for Users Outside Korea

1. This Privacy Policy is drafted under the laws of the Republic of Korea, and the same processing baseline is applied to users outside Korea for service operations.
2. Depending on your country or region, mandatory local privacy rules (for example, data subject rights, notice obligations, and regulatory filing requirements) may additionally apply.
3. If any part of this Policy conflicts with mandatory laws in your jurisdiction, those mandatory local laws prevail to the extent of the conflict.
4. Users outside Korea may submit privacy requests and rights requests through the contact channels listed in this Policy, and we will respond in good faith within the scope permitted by applicable laws.

1) Notice for EEA and UK Users

1. Where EEA or UK privacy laws apply, users may exercise rights such as access, correction, deletion, restriction, objection, and data portability to the extent provided by applicable law.
2. Such users may lodge a complaint with their local supervisory authority, and may also contact us first for resolution.
3. Where required by law, we will appoint an EEA and/or UK representative and disclose representative details in this Policy or through service notices.

2) Notice for U.S. Users (including California)

1. Where applicable U.S. state privacy laws apply, users may exercise rights to know, delete, correct, restrict processing, or opt out of certain processing, as provided by those laws.
2. Rights requests may be submitted through the contact channel in this Policy and are handled after reasonable identity verification.
3. If our service meets legal business thresholds under applicable law, we will provide any additional required notices and request procedures in this Policy or a separate notice.

3) Notice on International Transfers and Safeguards

1. Personal information of users outside Korea may also be transferred to and processed by processors located in the United States (for example, Google LLC) to provide the service.
2. Where required by applicable law, we apply appropriate contractual and technical safeguards for international transfers, including Standard Contractual Clauses (SCCs) or equivalent safeguards.
3. Users may request additional information regarding international transfers through the contact channel in this Policy.

Changes to This Privacy Policy

1. This Privacy Policy takes effect on April 1, 2025.
2. Previous versions of this Privacy Policy can be checked below.