Privacy Policy

1. Purpose of the Privacy Policy

DATABANK Inc. (“DATABANK” or “Company”) puts its best efforts in complying with privacy protection provisions of applicable laws and regulations to be adhered to  info-communication Service  providers including the Act on Promotion of Information and Communication Network Use and Protection of Information, the Privacy Protection Act, the Communications Privacy Act, the Telecommunications Business Act and to protect the rights and interests of Users by establishing its privacy protection policy in accordance with applicable laws and regulations.

DATABANK informs the purpose and the usage of Personal Information provided by Users through this Privacy Policy (the “Privacy Policy’) and the measures to be taken for protecting information.

DATABANK takes measures to enable Users to easily see the Privacy Policy at any time by making the Privacy Policy accessible on the homepage.

2. Personal Information to Be Collected

DATABANK collects minimal Personal Information as follows for membership, smooth consultation and provision of various services (the “Services”). The Personal Information to be collected from the User by the DATABANK at the time of joining membership is as follows:

1) Items to be collected at the time of joining membership

- In case of joining membership by email: name, email address, phone number, preferred country(ies) for study abroad and password of a User

- In case of joining membership by connecting a Facebook account: name, e-mail address (ID) of a User as listed on Facebook account, phone number, preferred country(ies) for study abroad.

- In case of joining membership by connecting a Google account: name, e-mail address (ID) of a User as listed on Google account, phone number, preferred country(ies) for study abroad.

- In case of joining membership by connecting a Apple account: name, e-mail address (ID) of a User as listed on Apple account, phone number, preferred country(ies) for study abroad.

- Other information as may be needed.

In addition to the information directly provided by the User, the Company may collect the following information in the course of using the Services of the Company. The following information may be automatically created and collected in the course of using the Services.

2) Scope of the Personal Information which may be collected in the course of using the Services.

- IP address, Cookies, Service use record, Age

- Information of a terminal for reporting errors (manufacturer, model name, type and version of OS and App version)

- Information entered and literary work created by the User in the course of using the Services  

DATABANK does not collect any sensitive information (including the Personal Information and genetic information which discloses race, ethnicity, political opinion, religious or philosophical beliefs, or union membership and biometrics, health information, sexual life or sexual orientation with which people can uniquely identify the natural person)

3) DATABANK collects the information of the User in the following ways.

Mobile application, web page, written form, fax, email, telephone call through customer center, online consultation, entry for events, etc.  

3. Use of the Collected Personal Information

The Company uses the collected Personal Information of the User only for the following purposes including membership management, smooth provision and operation of Services, development, provision and improvement of Services in terms of DATABANK and all the Services related to DATABANK:

1) Member management: The Company uses the Personal Information for member management including confirmation of the intent to join membership, confirmation of ages, process of the consent of a legal representative, confirmation of identification of a User and a legal representative, User identification and confirmation of the intent to membership withdrawal.

2) The Company uses the Personal Information for the purpose of restrictions on the use of Members violating laws, regulations, terms and conditions of use; prevention and disciplinary action against any act disrupting the smooth operation of Services including wrongful use, prevention of account theft and wrongful transactions; delivery of details to be notified such as notice of modification of functions or policies of the Company site or application; record preservation for dispute mediation; protection of Users such as processing of civil complaints; and operation of Services.

3) The Company uses the Personal Information for the execution of an agreement for provision of Services as requested by the User, identification after provision of paid-up Services, purchase, payment of fees and settlement of fees.  

4) They Company uses the Personal Information for the purpose of providing services such as personalized learning and study materials.

5) In addition to provision of existing Services including content, the Company uses the Personal Information for demographic analysis, analysis of visits and records of usage of Services, and discovery of new Services and improvement of existing Services including provision of customized Services based on the Personal Information and interest.

6) The Company uses the Personal Information for the provision of events and advertising information and provision of an opportunities to participation therein, provision of customer-based customized Services, provision of Services and the posting of advertisements based on statistical characteristics, confirmation of effectiveness of Services, identification of access frequency and statistics on the Member’s use of Services.  

7) The Company may provide the Personal Information to institutions such as overseas educational organizations, overseas visa agencies, TOEFL and IELTS test centers, etc., for the purpose of service improvement and development, or as required for specific objectives.

8) The Company uses the Personal Information in order to construct a safe environment for using Services so that the User feels at ease and uses the Services in terms of security, privacy and safety.

In cases where the Company uses the Personal Information for purposes other than those as set forth herein, the Company shall try to obtain the consent from the Members.

4. Lawful Processes of the Personal Information under Application of GDPR

If the case falls under any of the following parameters, DATABANK treats the Personal Information of the User lawfully:

- When the User consents to the processes of his/her own Personal Information;

- When the processes are necessary for performing any actions stipulated by the contract to which the User is a party and taking measures as requested by the User prior to conclusion of a contract (including member management and verification);

- For performance of actions stipulated by the contract for provision of Services as requested by the User, payment and settlement of fees;

- When the processes are necessary for complying with legal obligations applicable to the Company;

- For compliance with applicable laws, regulations, requirement of legal process and the government;

- When the processes of the Personal Information are necessary in order to protect important profit of Users or other natural persons;

- For the detection, prevention of and response against fraud, abuse cases, security risk, and technical problems which may harm Users or other natural persons;

- When the processes of the Personal Information are necessary for carrying out duties for public interest or exercising public authority granted to the Company; or

- When the processes of the Personal Information are necessary for the purpose of justifiable profit sought for by the Company or a 3rd party

(However, this shall not be applicable to the cases where the User’s profit, basic rights and freedoms related to protection of the Personal Information prevails over such profit including the cases where the User is a child).

5. Sharing and Provision of the Personal Information with a 3rd Party

DATABANK does not provide any Personal Information to the outside parties without the consent of the Users, in principle: provided that, if the case falls under any of the following parameters, the Company will provide the Personal Information:

- When the User shares his or her own Personal Information with a certain company in advance and selects to receive information on products and services of the relevant company;

- When the User chooses for his or her Personal Information to be shared with other company’s site or platform including social networking sites;

- When the User gives prior consent;

- When the Personal Information is processed in a form with which people cannot identify specific individuals and provided for preparation of statistics, academic research and market survey;

- When the provision of the Personal Information is requested under the laws, regulations or by investigation agencies under the process and method as prescribed in the laws and regulations for the purpose of an investigation;

- When the provision of the Personal Information is requested under the process as prescribed in other applicable laws and regulations including the Act on Financial Real-Name Transaction and Secrecy, the Act on the Use and Protection of Credit Information, the Framework Act on Electrical Communication, the Electrical Communication Business Act, the Local Tax Act, the Consumer Protection Act, the Korea Bank Act and the Criminal Procedural Act; or

- When the partner and Service suppliers of the Company carry out the Services including settlement treatment, performance of orders and dispute resolution (including dispute on payment and shipment) for and on behalf of the Company.

6. Consignment of the Collected Personal Information

DATABANK consigns the part of duties necessary for providing the Services to external companies, and sets forth, manages/supervises the matters necessary for the consignee companies to carry out safe processes of the Personal Information under the Privacy Protection Act. If DATABANK does not use the service related to the duties consigned to a consigned company, the Personal Information of a User is not provided to the consignee company.

The duties consigned to be processed in overseas countries out of the processes of the Personal Information consigned by DATABANK are as follows:

In order to provide better Service, when it is necessary for DATABANK to provide the Personal Information of a User to a 3rd party including other companies, the Company will go through the process of obtaining the consent after giving prior notice to Users on the following: who is the partner; what are the items of the Personal Information to be provided or shared; the purpose of use of the Personal Information to be provided or shared; until when the Personal Information is shared; and how the Personal Information is protected and managed. Any Personal Information without the consent of the User is not provided or shared to a 3rd party.

As for the method of notice and consent, the notice is to be given, and the consent is to be obtained by sending email simultaneously at least 7 days prior thereto through the bulletin board on the homepage. However, in an exceptional case where prior notice is not possible, the provision and sharing of the Personal Information may be held concurrently with the notice. DATABANK will make its best effort in ensuring that the Personal Information of a User will not be provided thoughtlessly in violation of the original purpose of collection and purpose of use as set forth in the Privacy Policy.

The Company uses Google Analytics and Mixpanel, the web analysis Service.

Method of Opt-out: ‘Opt-out’ means ensuring that the data of a User is not collected by others. As for Google Analytics, a User may opt out itself in the program of Google by using the Opt-out Browser Add-on of Google Analytics. The Opt-out Browser Add-on of Google Analytics may be used by visiting https://tools.google.com/dlpage/gaoptout.

As for the details of Opt-out of Mixpanel, the User may visit and refer to the page of Adjust Setting in https://allaboutdnt.com/.

7. Period of Retention and Use of the Personal Information

In principle, the Company destructs Users’ Personal Information immediately after the purpose of its collection and use has been achieved without delay excluding the cases where the retention is required under laws or internal policies.

The cases where the retention of the Personal Information for certain period is required under laws and regulations including the Act on Consumer Protection in E-commerce, the Framework Act of E-documents and E-transaction, the Telecommunication Secrecy Protection Act are as follows, and DATABANK retains the Personal Information under the provisions of laws and regulations during such period and never use such Personal Information for other purposes.

- Item of preservation: Record of withdrawal of a contract or subscription

Ground of preservation: Act on Consumer Protection in E-commerce (to be retained for 5 years)

- Item of preservation: Record of payment and supply of goods

Ground of preservation: Act on Consumer Protection in E-commerce (to be retained for 5 years)

- Item of preservation: Record of consumer complaints or dispute treatment

Ground of preservation: Act on Consumer Protection in E-commerce (to be retained for 3 years)

- Item of preservation: Record of mark and advertisement

Ground of preservation: Act on Consumer Protection in E-commerce (to be retained for 6 months)

- Item of preservation: Books and evidentiary documents for all the transactions as prescribed in the taxation act

Ground of preservation: Framework Act of National Tax (to be retained for 5 years)

- Item of preservation: Date, commencement and termination hour of telecommunication of subscriber, number of opposite subscriber and usage frequency

Ground of preservation: Telecommunication Secrecy Protection Act (to be retained for 1 year)

- Item of preservation: Computer communication, internet, log record data and access place detection data

Ground of preservation: Telecommunication Secrecy Protection Act (to be retained for 3 months)

DATABANK keeps and manages separately the Personal Information of a Member if the Member does not use the Services for one year in accordance with the ‘expiration system of personal information.’

In such event, until 30 days before the lapse of such periods as set forth above, the Company informs the Member of the fact that the Personal Information of the Member is stored and managed separately, expiration date and the items of such Personal Information in a way of sending email, written, fax, telephone call or in other similar way.

However, while using the Service, the Personal Information is converted into a dormant ID at the time of deletion of Service regardless of the expiration date. The Personal Information converted into dormant ID will be discarded without delay after being retained for 4 years.

8. Procedures and Methods of Destruction of the Personal Information

In principle, DATABANK destructs the Users’ Personal Information immediately upon membership withdrawal without delay. However, the Company safely stores the Personal Information for relevant periods when: a separate consent to retention period of the Personal Information is obtained from the User; or the obligation to retain the Personal Information for a certain period is required under the laws and regulations.

In such an event, the Personal Information stored and managed separately will never be used for other purposes unless otherwise stated in the laws and regulations. The Company destructs hard copies of the Personal Information by shredding with a pulverizer or incinerating them. The Company deletes the Personal Information stored in an electric file by using a method that technologically disables the restoration.

DATABANK keeps and manages separately the Personal Information of a Member if the Member does not use the Services for one year in accordance with the ‘expiration system of personal information.’  

9. Rights of Users and Legal Representatives and Methods of Exercise

The User may exercise the following rights:

The Company does not collect any Personal Information of children under 14 but, if a child under 14 provides his or her Personal Information to the Company different from the intent of the Company, the User and his or her legal representative may access or correct his or her Personal Information registered and may request for termination of membership at any time. In order to access or correct the Personal Information of Users or children under 14, the button of ‘changes in Personal Information’ (or ‘changes in member information’) or ‘withdrawal of the membership’ (withdrawal of consent) shall be clicked for going through the identification process so that direct access, correction or withdrawal would be available. Otherwise, if you contact the person responsible for managing the Personal Information by sending a letter, making a telephone call or sending an email, the Company will take measures without delay. Any Personal Information terminated or deleted as requested by the User or his or her legal representative is processed as clearly stated in the Retention and Use Period of the Personal Information to Be Collected by the Company and processed so that such Personal Information will not be accessed or used for other purposes.  

The User or his or her legal representative may exercise the following rights in terms of the Company’s collection, use and sharing of the Personal Information as the principal of information:

1. Right to access to the Personal Information: The User or his or her legal representative may access the information and request for confirmation of the record of collection, use and sharing of such information according to the related act.

2. Right to make corrections in the Personal Information: The User or his or her legal representative may request for making corrections of incorrect or incomplete information.  

3. Right to delete the Personal Information: The User or his or her legal representative may request for deletion of information for the reason of achievement of purposes and withdrawal of consent.

4. Right to restrict on the processes of the Personal Information: The User or his or her legal representative may request for restrictions on information processes if a dispute on the accuracy of information or legality of information processes exists or if it is necessary for information preservation.

5. Right to transfer: The User or his or her legal representative may request for provision or transfer of information.

6. Right to object: The User or his or her legal representative may request for suspending information processes for the purpose of direct marketing, information processes following justifiable profit or exercise of public duties and authority to carry out duties, and information processes for research and statistical purposes.

7. Right to object to automated individual decision making including profiling: The User or his or her legal representative may request for suspending automated information processes which results in legal effect to him/herself or has an important impact on him or her including profiling.  

If you contact the Company (or person responsible for managing the Personal Information or an agent) by giving a letter, making a telephone call or sending an email, the Company will take measures without delay. However, the Company may reject such requests only for justifiable reasons as clearly prescribed in the laws or other reasons equivalent thereto.

10. Ways of Access, Correction, Withdrawal of the Personal Information and Withdrawal of Consent

Depending on the circumstances, the Member may access, make corrections in the Personal Information registered, withdraw membership, delete and suspend the processes in the following way:

- Request by sending an email to the responsible person for managing the Personal Information

 Upon a Member's request for corrections in errors of the Personal Information, the Company does not use or provide such Personal Information until such correction is completed. Any exercise of the rights under this Clause may be carried out through the agent including legal representative or delegate of the information principal and, in such event, the power of attorney shall be prepared in a form as stated in Schedule Form No. 11 of the Enforcement Regulations of the Privacy Protection Act.

To make inquiries and corrections in the Personal Information of Users or children under 14, the User shall click the button of ‘changes in Personal Information (or ‘changes in member information’) or ‘withdrawal of the membership’ (withdrawal of consent), go through an identification process so that direct access, correction or withdrawal will be available.

Upon a Member's request for corrections in errors of the Personal Information, the Company does not use or provide such Personal Information until such correction is completed.

11. DATABANK’s Effort for Privacy Protection

In order to safely manage the Personal Information of Users, DATABANK seeks for the following technical/managerial measures:

- Encryption of the Personal Information:

Member’s ID and password are stored and managed after being encoded so that they are known only to the Member, and the confirmation and modification of the Personal Information are available only to the User him/herself who knows the password.

- Countermeasures against hacking:

DATABANK makes its best effort in preventing any divulge or damage in the Personal Information of the Member caused by hacking or computer virus.

In order to be prepared for the damage in the Personal Information, the Company frequently makes backup and prevents the divulge or damage in the Personal Information or data of Users by using the latest vaccine program and ensures that the Personal Information can be safely transmitted in the network through encoded communication.

In addition, the Company controls unauthorized access from the outside by using an invasion blockage system and makes its best effort in being equipped with all the technical devices available for securing systematic security.

- Establishment and execution of an internal management plan:

The Company establishes an internal management plan for the Personal Information including the matters of an organization and operation of the organization for protecting Personal Information such as designating a responsible person for privacy protection and checks whether such plan is executed well or not every year.

DATABANK staff handling the Personal Information related matters is limited to the person in charge thereof, and a separate password is given for this and renewed regularly. Compliance with the Privacy Policy is always emphasized through frequent training of the person in charge.

- Countermeasures against falsification and alteration of access record:

However, notwithstanding such effort, the Company shall never be responsible for any problem caused by divulge of the Personal Information including ID and password arising out of the problem in the internet or communication or negligence of Users.

12. Establishment, Operation and Way of Rejection of Automatic Devices (Cookies) of the Personal Information

DATABANK may collect the collective and non-personal information through Cookies. Cookies are very small text files sent to the browser used by the User by the server used for operating a website and are stored in the hard disk of the terminal used. Cookies expire at the time of the end of the browser and log out.

Website servers help Users with access and use by reading the contents of Cookies and having the environmental set up to be maintained. In addition, it analyzes each Service of the Company visited by the User, access frequency, visit hour and times, and identifies the form of use of the User and event participation information to use for the marketing for Members and provision of customized Service.

The User may reject or delete the establishment of Cookies at any time. Accordingly, the User may allow all the Cookies by setting the option in the web browser, go through the confirmation process whenever the Cookies are to be stored, or reject the storage of all the Cookies. However, if the User rejects the storage of Cookies, the User may have difficulty in using some Services of the Company that requires log-in. For allowance for the establishment of Cookies, a separate setting shall be made by web browsers.

13. Responsibility for the Sites and Service of a 3rd Party

The websites, products, and Services of DATABANK may include the links to the websites, products, and services of a 3rd party and the Privacy Policy of such 3rd party’s site linked may differ from the policy of the Company. Accordingly, the User shall additionally review the Privacy Policy of such 3rd party’s site.

14. Overseas Transfer of Data

As DATABANK carries out its business all over the world, it may provide the Personal Information of a User to the Company and other companies located in overseas countries for the purpose as clearly set forth herein. For the place where the Personal Information is transferred, owned or processed, the Company takes reasonable measures for the protection of the Personal Information.

In addition, upon use or disclosure of the Personal Information gained in the EU or Swiss, the Company seeks for other plan in the EU rules or obtaining the consent from Users so that it complies with the US-EU Privacy Shield Treaty and the Swiss-US Privacy Shield Treaty and uses the standardized agreement approved by the European Commission, or proper safety device is guaranteed.

15. Guide to the Residents of California

For the person residing in California, certain rights may be added.

In order to comply with the Online Privacy Protection Laws of California, DATABANK prepares preventive measures necessary for protecting the Personal Information of a Member. The User may request for the confirmation of information divulge if the Personal Information is divulged. In addition, all the Users of the website of the Company may modify the information at any time by accessing the personal account and using the information correction menu. Moreover, DATABANK does not detect the visitor of a website.

Moreover, the Company does not use the sign of ‘detection prevention.’ DATABANK does not collect the information identifying individuals through advertising and does not provide it to other companies without the consent of Users.

16. A Responsible Person for Managing the Personal Information

DATABANK designates a responsible person for managing the Personal Information as prescribed in the Act on Promotion of Information and Communication Network Use and Protection of Information as follows:

Name of a responsible person for managing the Personal Information: Dahoon Song

Position: CEO

E-mail: dsong4444@data-bank.ai

Mail for customer support: support@data-bank.ai

The responsible person for managing the Personal Information is a person responsible for protecting the Personal Information of a customer and preventing from divulging of the Personal Information of the customer, helps Users to take at ease in using the Services provided by the Company and is responsible for any accident occurring in violation of the matters notified to the Users in protecting the Personal Information.

The User may make all the inquiries related to protection of the Personal Information generated in using the Services of DATABANK, and matters of complaint treatment and remedies to the person responsible for protecting the Personal Information or the department in charge thereof. DATABANK will reply thereto and handle without delay upon receipt of such inquiries of the User.

However, even if DATABANK takes supplemental technical measures, DATABANK shall not be liable for damage and loss of information caused by an unforeseeable accident arising out of the risk in a basic network including hacking, or various disputes caused by the posts created by Users.    

If necessary for other report or consultation of Personal Information infringement, please contact the following agencies:

- Report Center of Personal Data Infringement
     (http://privacy.kisa.or.kr / 118 without local code)

- Cyber Crime Investigation Team of the Supreme Prosecutor’s Office
 (http://www.spo.go.kr / 1301 without local code)

- Cyber Terror Response Center of the National Police Agency  
 (https://ecrm.cyber.go.kr/ 182 without local code)

17. Obligation to Give a Notice of Modification of the Privacy Policy

Upon addition, deletion and amendment of the contents hereof, the Company will give a prior notice through the ‘bulletin board’ at least 7 days prior to revision.

However, upon important changes in the rights of a User including changes in the items of the Personal Information to be collected and purpose of use, the Company gives a prior public notice at least 30 days before and, if necessary, may obtain the consent from the User.

18. Effort in Compliance with GDPR

In order to comply with the privacy protection law (GDPR) of the EU, DATABANK Inc. (the “DATABANK”) makes the following efforts:

• Activities for enhancement of the awareness of GDPR;

• Conducting an evaluation of the impact of the Personal Information;

• Guaranteeing the right of a User; and

• Reporting and giving notice of divulge of the Personal Information.

Activities for Enhancement of the Awareness of GDPR

In order to comply with GDPR, DATABANK makes its best effort and interest company-wide. DATABANK confirms the effect of GDPR on the Company and makes its best effort in complying with GDPR by the duties through the following activities:  

• Participating department: Customer management, human resources, finance, marketing, system development, etc.;

• Conducting a survey on the level of knowledge of privacy protection of the members of organization;

• Making official announcements of executives’ willingness for compliance with GDPR;

• Encouraging the participation in GDPR conference and seminar; and

• Managing the checklist of items to be carried out by departments.

Conducting an Evaluation of the Impact of the Personal Information

If the case falls under any of the followings which are likely to result in high risk to the right and freedom of natural person as prescribed in GDPR, DATABANK evaluates the impact of the Personal Information:

    1. Evaluation or grade;

2. Automated decision making which has legal effect or other similar important effect;

3. Monitoring by using a system;

4. Sensitive information;

5. Information to be processed massively;

6. Series of information linked or consolidated; or

7. Information about vulnerable information principal.

Guaranteeing the Rights of Users

DATABANK makes its best effort in guaranteeing the following rights of Users as prescribed in GDPR:

• Right to deletion (right to be forgotten)

The information principal shall have the right (right to deletion) to request for deleting the Personal Information related to him/herself.

1. When it is no longer necessary in relation to the purpose of collection or processes of the Personal Information;

2. When the information principal withdraws the consent to the processes of the Personal Information and there is no legal ground for the processes of such Personal Information;

3. When the information principal objects to the processes of the Personal Information under Article 21 (Right to Rejection) (1) of GDPR and there is no justifiable reason for preference over the processes of the Personal Information or the information principal objects to direct marketing under Article 21 (2) of GDPR;

4. When the Personal Information is unlawfully processed;

5. When the deletion of the Personal Information is necessary for complying with the laws and regulations of EU or EU member state; or

6. When the Personal Information is collected related to the provision of information society service for the children.

However, if the case falls under any of the followings, DATABANK may reject to request for deletion of Personal Information:

   1. When it is for exercising of the right to freedom of expression and information;

2. When it is for complying with the legal obligations of the EU or EU member state, or exercising public duties or public authority granted to DATABANK;

3. When it is for the purpose of public health for public interest;

4. When it is for the purpose of record preservation for public interest, scientific or historical research and statistical purpose; or

5. When it is for proving, exercising or defending the right to file legal claims.

• Right to transfer Personal Information

1. Upon request of the information principal, DATABANK shall provide the information to the information principal without unreasonable delay and provide information related to the transfer of information received by DATABANK within one month after receiving the application for information transfer. If the time is to be taken because the information processes to be transferred is complicated, the Company will give notice of the cause and period of extension (2-month extension is available but total extension period cannot exceed 3 months) within 1 month.

2. If no measures are taken by DATABANK for the application from the information principal, the information principal may request DATABANK to explain the reason not to take the measures or request for judicial remedy filed with the regulatory organization within 1 month from the application date.

3. The transfer of information is provided free of charge.

4. The information principal may directly receive the Personal Information provided to DATABANK and, if technically available, may apply for direct provision with other controllers.

5. Upon receiving an application for transfer of information from the information principal, DATABANK shall provide the Personal Information in the “form systematically constituted, generally and broadly usable and readable with a machine.”  

Report and Notice of Divulge of the Personal Information

If any of the following infringement which may cause a risk to the right and freedom of individuals occurs, DATABANK shall make a report with regulatory agencies within 72 hours from the date when it came to know the fact of divulgence:

1. Discriminatory act;

2. Damage on reputation;

3. Financial loss;

4. Divulgence of secret; or

5. Other important economic or social disadvantageous risks.

If a high risk on the freedom and right of information principle is expected, DATABANK shall inform the information principal of the fact of such divulgence without unreasonable delay.

Date of public notice: October 12, 2023

Date of execution: October 20, 2023