English / 한국어

SartiArt Privacy Policy

Privacy Policy

SATI Art (hereinafter referred to as "the Company") operated by Vana Company complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, and other relevant personal information laws. The Company is committed to protecting users' personal information and their rights.

Through this Privacy Policy, we inform users about the purpose and method of personal information collection, and the measures taken to protect personal information. In the event of any revisions to this Privacy Policy, the Company will announce them through website notifications (or individual notices).

Article 1 [Types of Personal Information Collected and Processed]

During service use, service usage records may be automatically generated and collected.

Categories of Collected Personal Information

1. When Signing Up

   • When registering via social login: Social media ID (or email-format ID), name (or nickname), profile image, and social login-generated number.

   • When registering via email: Email address, password, name (or nickname).

2. Automatically Collected Information

   • App push permissions.

   • Mobile device model, OS information, device token, Google Advertising ID (ADID), Apple Advertising ID (IDFA).

   • IP address, cookies, visit timestamps, records of misuse, service usage records.

3. For Paid Services

   • If necessary for payment processing: Credit card information, bank transfer details, telecom provider information, gift certificate numbers, and other payment-related details.

4. For Events, Promotions, Prize Shipments, or Inquiries

   • Additional personal information may be collected upon separate notice and consent.

Methods of Collecting Personal Information

The Company collects personal information through the following methods:

1. When users provide information directly during sign-up or service use.

2. Automatically generated and collected information during mobile application or website use.

3. When users voluntarily provide information during service interactions.

Article 2 [Purpose of Personal Information Collection]

The Company utilizes the collected personal information for the following purposes:

• Fulfillment of service agreements, fee settlements, and content provision for paid services.

• User identification for membership-based services, prevention of fraudulent use, duplicate account verification, record retention for dispute resolution, complaint handling, and notification delivery.

• Development of new services, personalized services, validation of service effectiveness, analysis of access frequency, service usage statistics, and provision of event and promotional information.

Article 3 [Provision of Personal Information to Third Parties (Overseas Transfers)]

The Company uses collected personal information within the scope notified to users and does not provide it to third parties beyond the agreed-upon scope. However, for service provision and user convenience, personal information may be transmitted overseas as follows:

• Purpose: Data storage and system operation/management.

• Method: Encrypted transmission during service provision.

• Retention Period: Until consent is withdrawn or contract termination.

• Recipient & Country: Google (Firebase) / United States.

• Contact Information: googlekrsupport@google.com.

Article 4 [Retention, Use Period, and Disposal of Personal Information]

1. If a user cancels their membership, the Company retains their personal information for 30 days to prevent misuse (email, nickname, service usage records).

2. If a user does not access the service for over a year, they will be notified 30 days in advance that their personal information will be deleted, and their account will be classified as dormant. Dormant accounts are deleted after 36 months.

3. If required by law, personal information is retained for the following periods:

   • Electronic transaction records: 5 years.

   • Contract, payment, and supply records: 5 years.

   • Consumer complaints or dispute resolution records: 3 years.

   • Advertising/marketing records: Until consent withdrawal or membership cancellation.

   • Website visit logs: 3 months.

Method of Disposal

• Printed personal information is shredded or incinerated.

• Electronic files are deleted using technical and physical methods to prevent recovery.

Article 5 [Cookies and Automatic Collection of Personal Information]

The Company may use cookies to provide tailored services to users. Cookies store and retrieve user information but do not personally identify users.

1. Purpose of Cookies: Analyzing visit frequency, tracking user preferences and participation in events, targeted marketing, and personalized service provision.

2. Managing Cookies: Users can manage cookie settings in their browser ([Tools -> Internet Options -> Privacy -> Advanced Settings]). However, disabling cookies may limit service functionality.

3. The Company may analyze users' service usage data to provide customized content, personalized advertising, and detect security threats such as spam, malware, and unauthorized access.

Article 6 [Security Measures for Personal Information]

The Company implements the following measures to ensure the security of users’ personal information:

Administrative Measures

• Establishment and enforcement of an internal management plan.

• Minimization and training of personal information handling staff.

Technical Measures

• Access control management for personal information processing systems.

• Installation of access control systems.

• Encryption of unique identifiers and equivalent security measures.

• Installation and updates of security programs.

• Maintenance of access logs and prevention of forgery or alteration.

Article 7 [User and Legal Representative Rights and Exercise Methods]

The Company ensures that users (or their legal representatives) can exercise the following rights:

1. Access or Modification: Through profile settings.

2. Account Deletion or Membership Withdrawal: Through profile settings -> account deletion.

3. Request for Suspension or Deletion: Users can submit requests via written documents or email.

4. If a user requests correction or deletion of erroneous personal information, the Company will not use or provide the relevant data until the correction or deletion is complete.

5. If required by other laws, certain personal information may not be deleted.

6. Identity verification is required for information requests, modifications, deletions, or suspension requests.

Legal Representative’s Rights

1. Legal representatives or authorized agents must submit a power of attorney in accordance with the enforcement rules of the Personal Information Protection Act.

2. The Company verifies the legitimacy of the agent before processing such requests.

Article 8 [Personal Information Protection Officer]

To protect users’ personal information and address related complaints, the Company has designated a Personal Information Protection Officer:

• Name: Namjoo Kim.

• Position: CEO.

• Email: develop@vanacom.com.

For further inquiries, users can contact the following agencies:

• Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

• Korea Internet & Security Agency (KISA) Privacy Infringement Center: 118 (privacy.kisa.or.kr)

• Supreme Prosecutors’ Office Cyber Investigation Division: 1301 (www.spo.go.kr)

• National Police Agency Cyber Investigation Bureau: 182 (https://ecrm.cyber.go.kr/minwon/main)

Article 9 [Changes to the Privacy Policy]

The Company may revise this Privacy Policy to reflect legal or service changes. In such cases, changes will be posted, and the revised policy will take effect seven days after publication.

Supplementary Provision

• This Privacy Policy is effective as of February 1, 2024.