BACKND Privacy Policy

This Policy (the "Policy") explains the way of treatment of the information which is provided or collected in the websites(www.backnd.com) of BACKND on which this Policy is posted. In addition the Policy also explains the information which is provided or collected in the course of using the console or applications of AFI, Inc. which exist in the websites or platforms of other companies. AFI, Inc. is the controller of the information provided or collected in the websites on which this Policy is posted and in the course of using the applications of AFI, Inc. which exist in the websites or platforms of other companies. Through this Policy, AFI, Inc. regards personal information of the users as important and informs them of the purpose and method of Company's using the personal information provided by the users and the measures taken by AFI, Inc. for protection of those personal information.

16th December 2021

Article 1. Information to be collected and Use of collected information

AFI, Inc. acknowledges the importance of protecting your privacy and is committed to collecting and using only the necessary minimal customer information for specific purposes. We employ various methods, including website interactions, written forms, telephone communications, and email correspondence, to collect and utilize this information.Personal information items to be collected by AFI, Inc. are as follows:

1. When you sign up for membership, we collect and utilize the following information to ensure smooth communication, including user identification, notification delivery, complaint handling, and providing service/event information:

• BACKND Member management
  [Required] Email address (login ID), password, mobile phone number, company name (or team name)

1. In order to provide services, issue invoices based on service usage, improve our services, and develop new offerings, we collect and use the following information:

• Service usage:
  [Required] Project data
• Payment information:
  [Required] Credit card information (card issuer name, bill key etc., for payment settlement)
• [Optional] Bank account information (bank name, account holder name) **Inquiries and troubleshooting for errors or issues
  [Optional] Console access for troubleshooting purposes**
•  **Notification service for server failures
  [Optional] Email address, Slack Team, Webhook URL (including Microsoft), DISCORD SERVER

2. If you wish to participate in events, promotions, marketing activities, or surveys, we collect and use the following information (optional):

• Email address (login ID), mobile phone number, company name (or team name), project data, consent for receiving marketing information

3. For smooth response and handling of telephone consultations and website inquiries, we collect and use the following information if you request such services:

• Inquiries for non-members on the website:
  [Required] Name (or team name, company name), email address, phone number
• Inquiries via the Hunting Line:
  [Required] Name (or team name, company name), phone number

4. During the process of using our services, the following information may be indirectly collected:

• IP address, service usage records, access logs, cookies, device information (device ID, ADID), network connection information

Article 2. Period for retention and use of personal information, and Procedure and method of destruction of personal information

1. Period for retention and use of personal information
   During your use of AFI, Inc.'s services, your personal information will be retained by AFI, Inc. for the duration of your usage to ensure the smooth provision of services. However, once the purpose of collection or provision has been achieved, or if you withdraw your consent or terminate your membership, only your company name (or team name), ID and the date and time of termination will be retained. All other information will be promptly and securely disposed of, ensuring that it cannot be accessed or used for any purpose. The retained company name (or team name), ID and termination date and time may be kept for potential future disputes but will not be used for personal identification or any other purposes.
2. Exceptions to the period for retention and use of personal information
   Even after the purpose of collection or provision has been achieved, there are certain circumstances where all or part of the personal information may be retained for a certain period in accordance with the rights and obligations related to transactions, as required by relevant laws and regulations. The exceptions include:
   a. Retention required by law:
    - Retention of transaction records and documentary evidence: 5 years
    - Retention of records related to contracts or withdrawal of subscription: 5 years
    - Retention of records related to payment of fees and supply of goods: 5 years
    - Retention of records related to consumer complaints or dispute resolution: 3 years
    - Retention of records related to the collection, processing, and use of credit information: 3 years
    - Retention of access logs: 3 months
   Personal information may be retained in whole or in part for a certain period in accordance with other relevant laws and regulations.
   b. Consent-based retention: Retention of personal information for which individual consent has been obtained from the customer.
   c. Advance notice and consent:Retention of personal information for a specified period when the retention period has been notified or specified in advance to the customer, and the customer has given consent through appropriate procedures.
   a. Prevention of fraudulent registration and usage: User ID and company/team name, withdrawal date information will be retained for 6 months from the date of withdrawal.
3. Procedure and method of destruction of personal information
   AFI, Inc. follows the approved procedure for the destruction of personal information that is due for disposal. The following methods are utilized:
   a. when the users consent to disclose in advance;
   - when the user selects to be provided by the information of products and services of certain companies by sharing his or her personal information with those companies
   - when the user selects to allow his or her personal information to be shared with the sites or platform of other companies such as social networking sites
   - other cases where the user gives prior consent for sharing his or her personal information
   b. when disclosure is required by the laws:
   - if required to be disclosed by the laws and regulations; or
   - if required to be disclosed by the investigative agencies for detecting crimes in accordance with the procedure and method as prescribed in the laws and regulations

Article 3.  Disclosure of collected information

AFI, Inc. strictly processes customer's personal information within the scope of purposes specified in this Privacy Policy and does not exceed the original scope or provide it to 3rd parties without the customer's prior consent. Except for the following cases, AFI, Inc. will not disclose personal information with a 3rd party.

a. When we have obtained the customer's prior consent.
b. When there is a request from a relevant authority for investigative purposes based on applicable laws and regulations, unless there is a concern of unjust infringement on the interests of the customer or third party.

Article 4. Outsourcing of Personal Information Processing

AFI, Inc. outsources certain personal information processing tasks to ensure smooth and efficient service provision. The following are the entrusted companies and the tasks they handle:

1. Amazon Web Service Inc.: Data storage. The personal information will be retained and used until the user withdraws membership or the outsourcing contract expires.
2. Gabia Inc.: Sending text messages. The personal information will be retained and used until the user withdraws membership or the outsourcing contract expires.
3. Samjeong Data Service Co., Ltd.: Sending emails. The personal information will be retained and used until the user withdraws membership or the outsourcing contract expires.
4. Paypal.: [International] Payment processing. The personal information will be retained and used until the user withdraws membership or the outsourcing contract expires.
5. Korea Port One Co., Ltd.: [International]  Payment processing. The personal information will be retained and used until the user withdraws membership or the outsourcing contract expires.
6. MBISolution Co., Ltd.: ARS (Automatic Response System) service. The personal information will be retained and used until the user withdraws membership or the outsourcing contract expires.

※ AFI, Inc. ensures that the entrusted companies handling customer information take necessary measures related to the protection of personal information.

Article 5: Contact Information of AFI, Inc.

AFI, Inc. has appointed a Personal Information Management Officer to protect customer's personal information and handle any complaints related to personal information. If you have any inquiries or concerns regarding personal information, please contact the following personnel. We will respond to your inquiries promptly and diligently.
AFI, Inc.
Address: 17 Achasan-ro, Seongdong-gu, Seoul, Republic of Korea
Email: help@backnd.com

Email inquiries are accepted at any time (excluding weekends and public holidays). Feel free to reach out to us if you have any questions regarding this policy or if you need to update your personal information.

[Only for individuals residing in South Korea]
If you require assistance or consultation regarding other incidents of personal information breaches, please reach out to the following organizations:
- Personal Information Breach Report Center: 118 (no area code needed) (privacy.kisa.or.kr)
- Cyber Investigation Department, Supreme Prosecutors' Office: 1301 (no area code needed) (www.spo.go.kr)
- Cyber Investigation Bureau, Korean National Police Agency: 182 (no area code needed) (ecrm.cyber.go.kr)

Article 6. Method for Accessing, Correcting, and Withdrawing Consent for Personal Information

Customers have the right to access, correct, delete, or request the suspension of processing of their personal information registered with AFI, Inc. If customers wish to exercise these rights, they can contact the right person using the information provided in Article 5. After verifying the customer's identity through the necessary procedures, we will promptly take the requested actions.
However, there are cases where access and correction of personal information may be restricted, including:
a. When there is a significant concern of harming the life, body, property, or rights and interests of the individual or a 3rd party.
b. When there is a significant concern of interfering with the business operations of the service provider.
c. When it is necessary to violate applicable laws.

Article 7. Rejection of Cookies and Similar Technologies for Personal Information

1. AFI, Inc. uses 'cookies' to store and retrieve user information for providing personalized services.
2. Cookies are very small text files sent to the users' browser by the server (HTTP) used for operating AFI, Inc.'s websites, and they are stored on the users' computer hard drives.
   a. Purpose of using cookies: Cookies are used to provide specific customized services that are only possible through the use of cookies. They can be used to identify members and maintain their login status.
   b. Rejecting the installation and operation of cookies: Users have the option to reject the installation and operation of cookies. They can either allow all cookies by adjusting the web browser settings, choose to be notified each time a cookie is saved, or refuse to save all cookies. However, please note that if users reject the installation of cookies, it may be difficult for them to use certain parts of the services provided by AFI, Inc..

• Edge: [...] (top-right corner)→ [Settings] → [Privacy, search, and services]
• Chrome: [⋮] (top-right corner) → [Settings] → [Privacy and Security]
  ※ Other web browsers may have different settings methods.

3. AFI, Inc. may collect collective and impersonal information through 'web beacons'. Web beacon is a small quantity of code which exists on websites and emails. By using web beacons, we may know whether a user has interacted with certain webs or the contents of email. It is used for evaluating, improving services and setting-up users' experiences so that much improved services can be provided by AFI, Inc. to the user.

4. In addition, AFI, Inc. may use various external web log analysis tools such as Google Analytics..

• Blocking Google Analytics: https://tools.google.com/dlpage/gaoptout/?hl=en
  ※ For other web log analysis tools, please follow the specific rejection methods provided by each tool.

Article 8. Protection of personal information of children

In principle, the AFI, Inc does not collect any information from the children under 13 or equivalent minimum age as prescribed in the laws in relevant jurisdiction.

(Additional procedure for collecting personal information from children) However, if AFI, Inc. collects any personal information from children under 13 or equivalent minimum age as prescribed in the laws in relevant jurisdiction for the services for unavoidable reason, AFI, Inc. will go through the additional procedure of the followings for protecting that personal information of children:
• verify, to the extent that efforts are reasonably made, whether they are children of the age at which consent from their guardian is required and the consenting person is an authorized one.
• obtain consent from the parents or guardian of children so as to collect personal information of children or directly send the information of products and services of AFI, Inc.
• give the parents or guardian of children a notice of AFI, Inc.'s policy of privacy protection for children including the items, purpose and sharing of personal information collected
• grant to legal representatives of children a right to access to personal information of that children/correction or deletion of personal information/temporary suspension of treatment of personal information/ and request for withdrawal of their consent provided before
• limit the amount of personal information exceeding those necessary for participation in online activities

Article 9. Technical and Administrative Measures for Personal Information Protection

AFI, Inc. takes the following technical and administrative measures to protect personal information:
- Minimization and training of personnel handling personal information:
AFI, Inc. designates responsible individuals to handle personal information, minimizing the number of personnel involved. Training programs are provided to ensure that employees understand and comply with personal information management policies.
- Countermeasures against hacking and other security breaches:

AFI, Inc. installs and maintains security programs to prevent unauthorized access, hacking, and other security breaches. Regular updates and checks are performed to enhance security. Systems are installed in controlled areas with restricted access, and technical and physical monitoring measures are implemented to detect and prevent security incidents.
- Encryption of personal information:
AFI, Inc. uses encryption techniques to protect personal information. User data is transmitted over encrypted communication channels, and important information such as passwords is stored in encrypted form. Additional security measures such as file encryption, secure transmission protocols, and file locking functions are employed to safeguard sensitive data.
- Storage and prevention of Tampering of access records:
Access records to the personal information processing systems are stored and managed for a specific period. A minimum storage period of 1 year is implemented for most cases, and for cases involving a large number of data subjects or sensitive information, a minimum storage period of 2 years is enforced. Security measures are in place to prevent unauthorized access, tampering, manipulation, or deletion of access records.
- Access control to personal information:
AFI, Inc. controls access to personal information through authorized permissions. Access to the database systems handling personal information is granted, modified, or revoked based on the principle of least privilege. Intrusion prevention systems and access control mechanisms are implemented to restrict unauthorized access attempts and protect personal information.
- Use of locking devices for document security:
Documents and auxiliary storage media that contain personal information are stored in secure locations equipped with locking devices.

Article 10. Linked Website

AFI, Inc. may provide links to websites or resources of other companies for the convenience of customers.  However, in such cases, AFI, Inc. does not have control over these external sites or resources, and therefore, cannot be held responsible for their services or the usefulness of their information. AFI, Inc. also does not guarantee the accuracy or reliability of any content found on these external sites or resources.
When customers click on a link provided by AFI, Inc. and are redirected to another website, the privacy policy of that specific website becomes applicable. It is important for customers to review the privacy policy of the newly visited site to understand how their personal information will be handled, as it may differ from the privacy policy of AFI, Inc.

Article 11. Management of User-generated Content

1. AFI, Inc. values the user-generated content of its customers and strives to protect it from tampering, alteration, or deletion. However, there are certain exceptions to this policy. The following cases are not covered by the protection:

• Posting false information with the intent to defame others and harm their reputation.
• Disclosing personal information of others without their consent.
• Content that infringes upon the copyrights of AFI, Inc. or third parties, or content that deviates from the topic of the discussion board.
• To promote a positive online community, AFI, Inc. reserves the right to edit or partially delete personal information without obtaining consent when it is disclosed without permission.
• If the content is more suitable for a different discussion board, AFI, Inc. may relocate it to the appropriate location and provide relevant information to prevent confusion.
• In other cases, explicit warnings may be issued, followed by deletion measures.
  
  

2. It is important to note that the individual who posted the content holds the fundamental rights and responsibilities associated with it. Please exercise caution and carefully consider before voluntarily disclosing any personal or sensitive information in your posts, as protecting such information becomes challenging once it is made public.

Article 12. Others

AFI, Inc. may collect and use personal information beyond what is specified in this Privacy Policy with separate consent obtained from the data subject. In such cases, the content of the consent form takes precedence. However, for matters not covered in the consent form, the provisions of this Privacy Policy shall apply.

Article 13. Modification of Privacy Protection Policy

AFI, Inc. reserves the right to amend or modify this Privacy Policy as needed. In the event of any changes, AFI, Inc. will publicly announce the revised policy through its website bulletin board, announcement or other appropriate means (such as written documents, fax, or email). If required by applicable laws, AFI, Inc. will obtain consent from users for any significant changes to the policy.
However, in case of significant changes to the collected personal information items or purposes of use that may affect user rights, we will provide a minimum of 30 days' notice and may seek user consent again if necessary.