Privacy Policy
Rating Labs Inc. (hereinafter referred to as the "Company") has established and discloses this Privacy Policy in accordance with applicable privacy laws in order to protect customers’ personal information and to handle any related grievances swiftly and smoothly.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. Processed personal information will not be used for purposes other than those listed below. If the purpose of use changes, the Company will seek prior consent.
① Membership Registration and Management
Personal information is processed for the purpose of confirming a user’s intent to sign up, verifying identity for the provision of membership-based services, maintaining and managing membership eligibility, implementing identity verification under limited verification systems, preventing unauthorized use of the service, confirming consent of a legal guardian when collecting personal information of children under the age of 14, sending notices and notifications, handling complaints, and retaining records for dispute resolution.
② Handling Inquiries and Complaints
Personal information is processed to verify the identity of the inquirer, confirm the content of the inquiry, make contact for fact-checking and notification, and to provide results.
③ Provision of Goods or Services
Personal information is processed for the provision of services, content, personalized services, identity verification, and age verification.
④ Use in Marketing and Advertising
Personal information is processed for the development of new services, provision of personalized services, delivery of event and promotional information and opportunities to participate, delivery of advertisements tailored to demographic characteristics, verification of service effectiveness, analysis of visit frequency, and generation of statistics on service use by members.
⑤ Personal Video Information
Personal video information may be collected and processed for crime prevention and investigation, facility safety, fire prevention, analysis, and information provision.
Article 2 (Items of Personal Information Collected)
① The Company collects the minimum necessary personal information as required for membership registration, smooth customer support, and the provision of various services. The following information is collected as mandatory items:
- Kakao Easy Sign-Up
- Required items: Profile information (email address, user ID)
- Naver Easy Sign-Up
- Required items: Profile information (email address, user ID)
- Apple Easy Sign-Up
- Required items: Profile information (email address, user ID)
- Google Easy Sign-Up
- Required items: Profile information (email address, user ID)
② Additional Information Collected During Service Use
In the course of using the service or during the processing of service-related tasks, the following information may be automatically generated or additionally collected. This data is used for purposes such as service usage history management, enhanced security, and provision of personalized services.
- Age, occupation, interests, frequently used platforms, and preferred K-pop artists
- Device information, access logs, timestamps of visits, IP address, and geolocation (Geo-IP)
- Payment and purchase information, service usage records, and records of misuse or violations
- Advertising identifiers (such as ADID, IDFA, etc.)
Article 3 (Retention and Use Period of Personal Information)
① The Company processes and retains personal information within the period stipulated by applicable laws or within the retention and usage period consented to by the data subject at the time of collection.
② As a general rule, the Company promptly destroys personal information once the purpose of its processing has been achieved. However, certain information may be retained for a specified period before destruction according to internal policies, as outlined below:
- Membership Registration and Management
Personal information related to membership registration and management is retained and used for up to three (3) years from the date of consent to collection and use.
- Legal basis: Consent from the data subject
- Retention period: Records related to the collection, processing, and use of credit information: 3 years
Article 4 (Provision of Personal Information to Third Parties)
① The Company provides personal information to third parties only in cases that fall under Articles 17 and 18 of the Personal Information Protection Act, such as when the data subject has given consent or when specifically permitted by law.
② The Company does not currently provide any personal information to third parties.
Article 5. Consent to the Provision of Personal Information to Third Parties (For Reward Exchange)
In accordance with the Personal Information Protection Act and other applicable laws, the Company protects the personal information of its members. The Company seeks your consent to provide the following personal information to third parties for the purpose of processing reward exchanges.
① Recipients of the Information
Mobile coupon issuers, gift voucher providers, and other affiliated reward service partners.
② Items Provided
Mobile phone number, shipping address (if applicable), full name (if applicable), exchange history, user identification information, reward item details, etc.
③ Purpose of Collection and Use
- To verify user identity and process reward exchanges
- To provide related services such as mobile coupon delivery
- To respond to customer inquiries and manage exchange history
④ Retention and Use Period
- Information will be retained until the purpose of provision is fulfilled and will be promptly destroyed thereafter.
2. However, if retention is required by applicable laws, the information will be stored for the period specified by the relevant legislation.
Article 6 (Outsourcing of Personal Information Processing)
① The Company does not outsource any personal information processing tasks.
② When entering into outsourcing agreements, the Company stipulates the following in documents such as contracts, in accordance with Article 25 of the Personal Information Protection Act: prohibition of processing personal information for purposes other than the entrusted tasks, implementation of technical and managerial protection measures, restrictions on sub-outsourcing, management and supervision of the trustee, and liability for damages. The Company also supervises whether the trustee processes personal information securely.
③ If there are any changes to the details of the outsourced work or the trustee, such changes will be promptly disclosed through this Privacy Policy.
Article 7 (Rights and Obligations of Data Subjects and Methods of Exercising Them)
As the subject of personal information, members may exercise the following rights:
① Data subjects may exercise the following rights related to personal information protection with respect to Rating Labs Inc. (MURAPOP) at any time:
- Request access to personal information
- Request correction of errors, if any
- Request deletion
- Request suspension of processing
② The exercise of rights under Paragraph ① may be made to the Company via written request, email, or customer service in accordance with the Enforcement Rule of the Personal Information Protection Act, and the Company will take prompt action accordingly.
③ If a data subject requests the correction or deletion of personal information due to errors, the Company shall not use or provide such personal information until the correction or deletion is completed.
④ The rights under Paragraph ① may also be exercised through a legal representative or an agent delegated by the data subject. In such cases, a power of attorney must be submitted in accordance with the Enforcement Rule of the Personal Information Protection Act.
Article 8 (Destruction of Personal Information)
In principle, the Company shall promptly destroy personal information once the purpose of its processing has been achieved. The procedures, timelines, and methods of destruction are as follows:
① Destruction Procedure
Information entered by users is transferred to a separate database (or stored in a separate physical file in the case of paper documents) after the purpose has been fulfilled, and is retained for a certain period in accordance with internal policies and relevant laws before being destroyed. Personal information transferred to the database shall not be used for any other purpose unless required by law.
② Destruction Timeline
Personal information of users whose retention period has expired shall be destroyed within five (5) days from the end date of the retention period. If the personal information becomes unnecessary due to fulfillment of the processing purpose, discontinuation of the relevant service, or termination of business, it shall be destroyed within five (5) days from the date it is deemed no longer necessary.
③ Destruction Method
Personal information in electronic file format shall be destroyed using technical methods that make the records irrecoverable.
Article 9 (Measures to Ensure the Security of Personal Information)
In accordance with Article 29 of the Personal Information Protection Act, the Company implements the following technical, managerial, and physical measures to ensure the security of personal information:
① Minimization and Training of Personnel Handling Personal Information
The Company designates specific staff members to handle personal information and limits access to only those personnel, thereby implementing management measures to minimize exposure.
② Regular Self-Audits
To ensure the security of personal information handling, the Company conducts regular self-audits on a quarterly basis.
③ Establishment and Implementation of Internal Management Plans
To ensure the secure handling of personal information, the Company has established and implements internal management plans.
④ Encryption of Personal Information
Passwords and other sensitive personal information are stored and managed in encrypted form, so only the user can know them. Important data is encrypted or protected using file lock functions or other security measures during storage and transmission.
⑤ Technical Measures Against Hacking and Viruses
To prevent the leakage or damage of personal information caused by hacking or computer viruses, the Company installs security programs, regularly updates and checks them, and installs systems in restricted-access areas to monitor and block unauthorized access both technically and physically.
⑥ Access Restrictions to Personal Information
Access to databases processing personal information is controlled by granting, changing, and revoking access rights. The Company uses intrusion prevention systems to block unauthorized external access.
⑦ Retention and Protection of Access Logs
The Company keeps access logs to personal information processing systems for at least six (6) months and uses security features to prevent forgery, alteration, theft, or loss of such logs.
Article 10 (Appointment of the Personal Information Protection Officer)
① The Company designates a Personal Information Protection Officer who is responsible for the overall handling of personal information. This officer also manages the processing of complaints and remedies related to personal information matters as described below:
▶ Personal Information Protection Officer
Department: Information Security Team
Phone: +82-70-7779-4545
Email: tylee@ratinglabs.ai
② Data subjects may contact the Personal Information Protection Officer and the responsible department regarding any inquiries, complaints, or requests for remedy related to the protection of personal information that arise while using the Company’s services. The Company will respond and handle such inquiries without delay.
③ In addition to the contact methods outlined in paragraph ①, data subjects may also request access to personal information through the Ministry of the Interior and Safety’s Personal Information Protection Support Portal (www.privacy.go.kr).
▶ Access method:
Go to the portal → “Personal Information Complaints” → “Request Access to Personal Information” (Note: You will need to verify your identity through I-PIN authentication.)
Article 11 (Request for Access to Personal Information)
The institutions listed below are independent from Rating Labs Inc. If you are not satisfied with the Company's handling of personal information-related complaints or remedies, or if you require more detailed assistance, please contact the following organizations:
▶ Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)
- Responsibilities: Reporting personal information breaches, consultation requests
- Website: privacy.kisa.or.kr
- Phone: 118 (toll-free)
▶ Personal Information Dispute Mediation Committee (Operated by Korea Internet & Security Agency)
- Responsibilities: Requesting mediation for disputes related to personal information, class action dispute mediation (civil resolution)
- Website: privacy.kisa.or.kr
- Phone: 118 (toll-free)
▶ Supreme Prosecutors’ Office Cybercrime Investigation Division
- Phone: +82-2-3480-3573
- Website: www.spo.go.kr
▶ Cyber Bureau of the National Police Agency
- Phone: 1566-0112
- Website: www.netan.go.kr
Article 12 (Changes to the Privacy Policy)
In the event of any additions, deletions, or modifications to this policy due to amendments in applicable laws and regulations regarding personal information protection, the Company will notify users of the changes through the notice section at least seven (7) days prior to the effective date.
Terms of Service Service Operation Policy Disclaimer & Legal Notice Privacy Policy
Marketing Information Consent Location-Based Service Terms Youth Protection Policy