Privacy Policy
BARO AI (hereinafter referred to as the "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to handle related complaints promptly and efficiently.

Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information processed is not used for purposes other than those specified below. If there is any change in the purpose of use, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

Membership Registration and Management

The Company processes personal information for purposes such as verifying membership registration intent, providing membership-based services, identifying and authenticating users, maintaining and managing membership, implementing a restricted identity verification system, preventing fraudulent service use, verifying legal guardian consent for users under 14, sending notifications, and handling complaints.
Provision of Goods or Services

The Company processes personal information for purposes such as delivering goods, providing services, sending contracts and invoices, offering personalized services, verifying identity and age, processing payments, and collecting outstanding amounts.
Complaint Handling

The Company processes personal information for purposes such as verifying the identity of complainants, confirming complaints, communicating for fact-checking, and providing results of complaint resolutions.
Article 2 (Retention and Use Period of Personal Information)
The Company processes and retains personal information within the retention and use period agreed upon when collecting the information or as required by law.
The processing and retention periods for each category of personal information are as follows:
Membership Registration and Management: Until the member withdraws from the business/organization's website.
However, if any of the following reasons apply, the data will be retained until the reason no longer applies:
If an investigation is ongoing due to a violation of relevant laws, the data will be retained until the investigation concludes.
If there are outstanding claims or liabilities arising from website use, the data will be retained until the claim or liability is settled.
Article 5 (Rights of Users and Their Legal Representatives and How to Exercise Them)
Data subjects may exercise the following rights concerning their personal information at any time:
Request access to personal information
Request correction if there are errors
Request deletion
Request suspension of processing
These rights can be exercised through written communication, telephone, email, or fax, and the Company will respond promptly.
If a user requests correction or deletion of personal information due to errors, the Company will not use or provide the data until the correction or deletion is complete.
These rights can also be exercised through a legal representative or an authorized agent, in which case an official authorization form must be submitted.
Users must not violate relevant laws by infringing upon their own or others' personal information or privacy while using the Company's services.
Article 6 (Personal Information Items Processed)
The Company processes the following personal information:

Membership Registration and Management

Required: Name, date of birth, ID, password, address, phone number, gender, email
Provision of Goods or Services

Required: Name, date of birth, ID, password, address, phone number, email, i-PIN number, credit card number, bank account information (for payment processing)
Automatically Collected Information During Internet Use

IP address, cookies, MAC address, service usage records, visit history, improper usage records, etc.
Article 7 (Destruction of Personal Information)
When personal information is no longer necessary due to expiration of the retention period or fulfillment of the processing purpose, the Company will promptly destroy the data.
If personal information must be retained beyond the agreed period due to legal obligations, it will be stored in a separate database (DB) or a different storage location.
The destruction procedures and methods are as follows:
Destruction Procedure: The Company selects data subject to destruction and obtains approval from the personal information protection officer before destroying it.
Destruction Method:
Electronic files: Permanently deleted using low-level formatting to prevent recovery.
Paper documents: Shredded or incinerated.
Article 8 (Measures to Ensure Security of Personal Information)
The Company implements the following measures to ensure the security of personal information:

Administrative Measures: Establishment and implementation of internal management plans, regular staff training
Technical Measures: Access control for personal information processing systems, installation of access control systems, encryption of unique identifiers, installation of security programs
Physical Measures: Access control for data centers and document storage rooms
Article 9 (Use of Automated Personal Information Collection Devices and Refusal Options)
The Company uses cookies to provide customized services by storing and retrieving user information.
Cookies are small data files sent from a website server to a user's browser and stored on the user's hard drive.
Purpose: To analyze user visitation and usage patterns, popular search terms, and security access to optimize service provision.
Control & Refusal: Users can refuse cookie storage by adjusting their browser settings (Tools > Internet Options > Privacy).
Impact of Refusal: Disabling cookies may cause difficulties in using personalized services.
Article 10 (Personal Information Protection Officer)
The Company appoints a personal information protection officer to oversee personal data processing and handle related inquiries, complaints, and damage relief.

Personal Information Protection Officer

Name: Seunghyun Lee
Contact: anna@baroai.com
Personal Information Protection Department

Department: Business Planning Team
Contact: anna@baroai.com
Article 11 (Personal Information Access Request)
Data subjects may request access to their personal information under Article 35 of the Personal Information Protection Act through the following department. The Company will make every effort to process these requests promptly.

Personal Information Access Request Handling Department
Department: Business Planning Team
Contact: anna@baroai.com
Article 12 (Remedies for Personal Information Infringement)
Data subjects may contact the following organizations for assistance with personal information protection issues:

Personal Information Infringement Report Center (KISA)

Website: privacy.kisa.or.kr
Phone: 118
Address: 3rd Floor, 9 Jinheung-gil, Naju, Jeollanam-do, Republic of Korea
Personal Information Dispute Mediation Committee

Website: www.kopico.go.kr
Phone: 1833-6972
Address: 4th Floor, 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea
Supreme Prosecutors’ Office Cyber Crime Investigation Division

Phone: 02-3480-3573
Website: www.spo.go.kr
Korean National Police Agency Cyber Safety Bureau

Phone: 182
Website: cyberbureau.police.go.kr
Article 13 (Implementation and Changes to the Privacy Policy)
This Privacy Policy is effective as of June 30, 2020.