Piccha

1. Significance of the Privacy Policy

“Privacy Policy” refers to the guidelines that Piccha must comply with so that its users can use the services with security by protecting their personal information. Piccha, operated by Moon Corporation (hereinafter referred to as the ‘Company’), collects, uses, and provides personal information based on the user's consent and strives to ensure the user’s right to self-determination of personal information. Piccha complies with laws related to personal information protection, such as the 『Personal Information Protection Act』, 『Act on Promotion of Information Network System Utilization and Information Protection』, 『Protection of Communications Secrets Act』 and 『Telecommunications Business Act』, which information and communication service providers must comply with.

2. Collected items and collection method for personal information

Piccha collects the minimum amount of personal information necessary to provide the services. For signing up for a membership or using the services, it collects the minimum amount of personal information necessary to provide the following services through the website or individual applications or programs.

[For registering as a member]

Categories	Items
Email	Required: Email address, password, membership type, mobile phone number, name, phone number, and address Optional: Visiting route
Naver	Required: Email address for Naver account Optional: Naver user name and profile picture, date of birth, and gender
Apple	Required: Email address for Apple account Optional: Apple Nickname, Date of Birth, and Gender
KakaoTalk	Required: Email address for Kakao account Optional: Kakao user name and profile picture, date of birth, and gender
Google	Required: Email address for Google account Optional: Google user name and profile picture, date of birth, and gender
Facebook	Required: Email address for Facebook account Optional: Facebook user name and profile picture, date of birth, and gender

[Information required during using the services]

User name, gender, date of birth, social media account address, photos provided, photographed, transmitted, streamed, and/or uploaded by the user during using the services, videos (including captured screenshots), voice information, user-generated short messages, user-generated text, geographical information, log data, cookies, location information, access information, IP address, device performance, bandwidth, service usage statistics (URL, redirected URL, etc.) network type, carrier information, device information (type of device, model name, device ID, OS) from the user's network access, when an error occurs, the date and time of the error and the status of the function and application being used at the time of the error, advertising identifier, user's service activity history, user's gift purchase and provision history, interactions between the user and other users, such as the user's following of other users, user's report details, broadcast time, Information on each interaction between the user and the service or between the user and the company's website, such as broadcast viewing time, device time zone, version of application used by the user, locale, country, and language of the user's device, location (country, city) at the time of user login, user's app store purchase history, payment information such as card information, purchase of paid services within the service, information and details related to usage and refunds, and languages available to the user ※ To use the live streaming feature, Piccha uses the user's information to post, transmit, and broadcast the user's live broadcast, which not only members but non-member users can watch on the web or through third-party applications.

[For participating in applied events and reward programs(Optional)]

Copy of ID, real name, resident registration number, account information, and email address

[For inquiries to customer centers(Optional)]

Phone customer center: outgoing phone number

Internet customer center: email and mobile phone number

※ The above information may be collected when making an inquiry/report to the customer center, and depending on the type of inquiry/report, there may be additional personal information required from the member.

3. Information automatically collected during the use of the service

Device information (OS, screen size, device ID, phone model, terminal model name), IP addresses, cookies and similar technologies (e.g., network beacons, flash cookies, etc.), date and time of visit, illegal use, and service usage records may be automatically generated and collected during the process of using PC internet and mobile internet/apps.

4. Purpose of using personal information

Personal information shall be used only for the purpose of member management for all of Piccha's services (including mobile web/apps), the development, provision, and improvement of services, the establishment of a safe Internet environment, and the development of new services. The minimum amount of personal information necessary to provide the services as follows shall be collected through the website, individual applications, or programs when signing up for a membership or during the use of the service.

Membership management, including confirming intent to sign up for memberships, confirming ages, verifying the identities of users and legal representatives, identifying users, confirming the intention to withdraw from membership, etc
Service provision, inquiry or complaint handling, and payment record management for paid service provision, etc
Restrictions on the use of members who violate the laws and the terms of use of Piccha, prevention and sanctions against acts that interfere with the smooth operations of the services, including fraudulent use, prevention of account thefts and fraudulent transactions, delivery of notices such as revision of terms and conditions, preservation of records for dispute mediation, user protection and service operations, such as handling civil complaints
Provision of event information and opportunities to participate, provision of information for advertising purposes, such as information on new products, new features and services of Piccha, and use for marketing, promotional, and business purposes
Provide customized services through estimating demographic characteristics and users' interests, preferences, and tendencies
Use for service use records, statistics on access frequencies and service uses, the establishment of a service environment in terms of privacy protection, and service improvement

5. Entrustment of provision and processing of personal information

In order to provide better services, provide user convenience, and carry out marketing tasks, Piccha may entrust the processing of users' personal information to a third party as follows. Through business entrust contracts, Piccha stipulates the obligations of trustees for compliance with laws and regulations related to personal information protection, the prohibition of processing personal information for purposes other than the purpose of entrusting work, and the return or destruction of personal information after processing is completed, and manages trustees to comply with them.

Entrusted company	Details of entrusted business
Amazon Web Services Inc.	Information storage and system operations
Braze Inc.	Service use behavior analysis and communication
AppsFlyer Ltd.	Service improvement and advertising analysis
AWS Pinpoint	Service provision
Google Cloud Platform	Information storage and system operations
Google Analytics	Service use behavior analysis
Google Firebase	Service use behavior analysis
Facebook	Advertising analysis
Tiktok Pte. Ltd.	Advertising analysis
Apple search ads.	Advertising analysis
Google Ads	Advertising analysis
Twitter	Advertising analysis
Google DV360	Advertising analysis
Toss Payments Co., Ltd.	Payment processing (mobile phones, credit cards, paper gift certificates and other payment methods)
NICE Information Service Co., Ltd.	Identity verifications
Korea Mobile Certification Co., Ltd.	Service provision
SCI Information Service Co., Ltd.	Provision of age and identity verification services
KG Inicis Co., Ltd.	Provision of payment service and notice service

6. Overseas transfer of personal information

For the purposes of providing services, providing user convenience, and carrying out marketing tasks, Piccha may transfer or manage personal information of users abroad as follows:

Transferred company (contact)	Transferred country	Items of personal information to be transferred	Purpose of the transferee	Retention and use Period	Date and method of transfer
Amazon Web Services Inc. (aws-korea-privacy@amazon.com)	U.S.A.	All information collected during the service provision process	Service and use behavior analysis	Until the purpose of use is achieved	Transfer from time to time through the information network system during membership registration and service provision.
Google Cloud Platform (googlekrsupport@google.com)	U.S.A.	All information collected during the service provision process	Information storage and system operations
Google Analytics (googlekrsupport@google.com)	U.S.A.	Device information, gender, age, IP information, location information, and purchase history	Service use behavior analysis
Google Firebase (googlekrsupport@google.com)	U.S.A.	Device information, gender, age, IP information, location information, and purchase history	Service use behavior analysis
Facebook (+82 2-737-0455)	U.S.A.	Device information, device language, advertising identifier information, IP information, location information, access records, purchase history, app activity history (including gender selection), and carrier information	Advertising analysis
Braze Inc. (privacy@braze.com)	U.S.A.	Gender, date of birth, country information, device information, IP information, purchase history, access records, and app activity history	Service use behavior analysis
Tiktok Pte. Ltd. (business-servicesupport@tiktok.com)	Singapore	Device information, device language, advertising identifier information, IP information, location information, access records, purchase history, app activity history, and carrier information	Advertising analysis
Apple search ads (https://www.apple.com/kr/privacy/contact/)	U.S.A.	Device information, device language, advertising identifier information, IP information, location information, access records, purchase history, app activity history, and carrier information	Advertising analysis
Snapchat (dpo@snap.com)	U.S.A.	Device information, device language, advertising identifier information, IP information, location information, access records, purchase history, app activity history, and carrier information	Advertising analysis
Google Ads (kr-lcs-game@google.com)	U.S.A.	Device information, device language, advertising identifier information, IP information, location information, access records, purchase history, app activity history (including gender selection), and carrier information	Advertising analysis
Twitter (lcs_kr@twitter.com)	U.S.A.	Device information, device language, advertising identifier information, IP information, location information, access records, purchase history, app activity history (including gender selection), and carrier	Advertising analysis
Google DV360 (googlekrsupport@google.com)	U.S.A.	Device information, device language, advertising identifier information, IP information, location information, access records, purchase history, app activity history (including gender selection), and carrier information	Advertising analysis
AppsFlyer Ltd. (privacy@appsflyer.com)	U.S.A.	Gender, country information, device language, access records, and purchase history information	Service improvement and advertising analysis
AWS Pinpoint (aws-korea-privacy@amazon.com)	U.S.A.	Phone number	Service provision
Cloudflare, Inc. (privacyquestions@cloudflare.com)	U.S.A. and other countries	All information collected during the service provision process	Information storage and system operations	Up to 7 days

7. Retention, use period, and destruction of personal information

[Retention and use period of personal information]

The period of retention and use of personal information by Piccha shall be as follows.

Retained Items: Same as Article 2 Collected items for personal information
Grounds for retention: The member's consent (however, related regulations of the Personal Information Protection Act applies to pseudonymous information.)
Retention period: Membership period (however, it is defined as until the company needs it for pseudonymous information.)

Piccha shall destroy the personal information within five days from the end of the retention period when the company's personal information retention period has elapsed, or within 5 days from the date the personal information becomes unnecessary, such as after achieving the purpose of processing personal information, abolishing the service, or terminating the business. However, the information to be destroyed after a certain period of storage according to the internal policy shall be as follows.

Items necessary for service operations and member rights protection shall be as follows:
- Retained items: E-mail address provided by the member, mobile phone number, member classification, name, date of birth, affiliation name, and service fraud records
- Grounds for retention: Member's consent
- Retention period: 6 months after membership withdrawal
In addition, personal information to be preserved for a certain period of time, according to related laws, shall be as follows. [Regarding location information, please refer to Use or provision of personal location information (Article 7 (3)) of the Terms and Conditions of Use of Location-based Services for the ground and period of retention of the confirmation data for the collection, use, and provision of Piccha's location information.]
- Records on transactions, such as displays and advertisements, contract details and execution, etc., in accordance with the Consumer Protection Act in electronic commerce, etc
  - Records on contract or subscription withdrawal: 5 years
  - Records on payments and supplies of goods (products paid for, payment dates, payment amounts, etc.): 5 years
  - Records on consumer complaint or dispute handling: 3 years
  - Records on displays and advertisements: 6 months
- Records on electronic financial transactions in accordance with the Electronic Financial Transactions Act: 5 years
- Service visit records according to the Protection of Communications Secrets Act: 3 months

[Destruction of personal information]

Piccha separately stores or retains the personal information of members who have not used the service for one year after separating them according to the ‘Personal Information Validity System’ and informs the subjects at least 30 days before the date of the separate storage process. The separately stored personal information shall be destroyed without delay after storage for 4 years. Personal information destruction procedures and methods shall be as follows:

Destruction procedure : Information entered for membership registration, etc., shall be destroyed after being stored for a certain period of time after the purpose is achieved, according to internal policies and other reasons for information protection pursuant to relevant laws (see the retention and use period). This personal information will not be used for any purpose other than retention, unless otherwise required by law.
Destruction method : Personal information printed on paper shall be shredded with a shredder or destroyed by incineration. Personal information stored in the form of electronic files shall be deleted using a technical method that cannot reproduce the record.

8. Rights of users or their legal representatives and how to exercise them

Users or their legal representatives may request to view or correct the personal information at any time regarding the following matters:
- User's personal information retained by Piccha
- Piccha's use of the user's personal information or details provided to third parties
- Details of consent to the collection, use, and provision of personal information to Piccha
Users may view and correct their information directly from Piccha's website or app and separately request the person in charge of personal information protection to view and correct their personal information in writing, by phone, by e-mail, etc.
Users or their legal representatives may request suspension of their personal information processing at any time.
Users or their legal representatives may withdraw their consent given at the time of membership registration to the collection, use, and provision of personal information (withdraw from membership) at any time. Membership withdrawal can be done directly after going through the identity verification procedure in the menu of [Settings] - [Withdrawal] in the app, or separately in writing, by phone, or by e-mail to the person in charge of personal information protection. However, even if there is a withdrawal of consent (withdrawal of membership), the minimum amount of information may be retained in accordance with relevant laws and regulations.

9. Matters concerning the installation, operation, and refusal of automatic personal information collection devices

Piccha uses ‘cookies’ and similar technologies to store and find users' information from time to time. A cookie is a file containing information about Internet use that the company's server sends to the user's terminal using Piccha's website or app and is stored on the user's terminal.

[Purpose of using cookies]

Providing targeted marketing and personalized services by analyzing the access frequency and visiting times of members and non-members, identifying users' tastes and areas of interest, tracking traces, and identifying the degree of participation in various events and the number of visits

[How to reject cookie installations]

Users shall have the option of choosing whether to install cookies. Users may allow all cookies, go through confirmation whenever a cookie is saved, or refuse to save all cookies by setting options in their web browsers. However, if you refuse to install cookies, you may experience inconvenience in using the web, and you may have difficulty using some services that require login.

[Setting method]

For Internet Explorer: Tools at the top of the web browser > Internet Options > Privacy Internet
For Chrome: Settings on the menu on the right side of the web browser > Indication of advanced settings at the bottom of the screen > Button for settings for personal information content > Cookies
For Microsoft Edge: Settings at the top of the web browser > Cookies and site permissions > Cookies and saved data > Manage and delete cookies and site data > Block third-party cookies
For Safari: Safari at the top left > Settings > Privacy > Cookies and website data > Block all cookies

10. Person in charge of personal information protection

In order to protect the personal information of members and handle complaints related to personal information, Piccha has designated the person in charge of personal information protection as follows:

Personal Information Protection Officer and Representative: Eun-Rin Lee
Tel: +82 70-4154-1737
Email: help@pichha.app

Users may contact the person in charge of personal information protection or the department in charge of all complaints related to personal information protection that occur while using Piccha Services.

11. Measures to ensure the safety of personal information

Piccha takes the following technical and managerial measures to ensure safety so that personal information shall not be lost, stolen, leaked, falsified, or damaged in handling the personal information of users.

Encryption of personal information
Users' personal information is protected by passwords, and important data is protected through separate security features such as encrypting files and transmission data or using a file lock feature.
Technical measures against hacking, etc
Piccha controls access (SSL, etc.) to personal information from outside to prevent leakage of or damage to users' personal information by hacking or computer viruses and regularly updates anti-virus programs to prevent personal information from being infringed.
Restriction of access to the personal information processing system
Piccha records the details of granting, changing, and canceling access rights to personal information handlers, regulates and operates the password generation method and change cycle as shown below, and takes other necessary measures to restrict access to personal information.
- Composed of a minimum length of 6 characters and a maximum of 16 characters with a combination of the following character types:
  - Uppercase and lowercase English letters
  - Numbers
  - Special characters
- Passwords that are similar to ideas and personal information that are easy to guess, such as consecutive numbers, birthdays, or phone numbers, shall not be used.
Training of staff handling personal information
Administrative measures are implemented, such as conducting regular training on the acquisition of new security technologies and obligations to protect personal information for the persons in charge of handling personal information and granting separate passwords to manage access rights.
Account and password management
In principle, the e-mail account and password used by the user are intended to be used only by the user. Piccha shall not be responsible for problems caused by the leakage of personal information such as accounts and passwords due to the user's personal negligence or for problems caused by the fundamental risks of the Internet. Please change your password frequently and pay special attention to prevent the leakage of personal information when logging in from a public PC.

12. Matters regarding changes to the personal information processing policy

Piccha shall notify the users through a notice on its website at least 7 days in advance when revising the personal information processing policy. However, when there is a significant change in the items of personal information collected or the purpose of use, etc., it shall be notified at least 30 days in advance and implemented after 30 days unless otherwise notified. In addition, Piccha may obtain separate consent from members if necessary in accordance with relevant laws and regulations.

13. Civil services related to personal information

Users may contact the following institutions when they need to report or consult about personal information infringement.

Personal information infringement reporting center : (without area code)118 (https://privacy.kisa.or.kr)
Personal Information Dispute Mediation Committee : 1833-6972 (https://www.kopico.go.kr)
The Cyber Investigation Division of the Supreme Prosecutors' Office : (without area code)1301, cid@spo.go.kr (https://www.spo.go.kr)
National Police Agency's cybercrime reporting system : (without area code)182 (https://ecrm.cyber.go.kr/minwon/main)

14. Others

For matters not stipulated in this Privacy Policy, Piccha's Terms and Conditions take precedence within the scope of related laws.

Enforcement date of the Personal Information Processing Policy: February 24, 2023