Inculabplus is committed to protecting users' personal information and complies with relevant laws and regulations.
Inculabplus Co., Ltd. (the “Company”) complies with relevant personal information protection laws and regulations, and establishes and publicly discloses its ‘Privacy Policy’ in accordance with Article 30 of the Personal Information Protection Act.
- General Provisions
- Purpose of Processing Personal Inforamtion, Collected/Used Items, and Retention/Usage Period
- Processing Personal Information of Children Under the Age of 14
- Personal Information Destruction Procedure and Methods
- Provision of Personal Information to Third Parties
- Standards for Determining Additional Usage/Provision of Personal Information
- Delegation of Personal Information Processing
- Overseas Transfer of Personal Information
- Security Measures for Personal Information
- Potential Disclosure of Sensitive Information; Non-Disclosure Selection Methods
- Processing of Pseudonymized Information
- Installation, Operation, and Objection to Devices Automatically Collecting Personal Information
- Collection and Use of Behavior Information by a Third Party through an Automatic Personal Information Collection Device, and Refusal to such Collection and Use
- Information Subjects’ and Legal Representatives’ Rights, Duties, and Exercising Method
- Privacy Officer
- Redress Procedures for Information Subjects’ Infringement Claims
- Processing of Personal Location Information
- Changes to the Privacy Policy
1. General Provisions
- Personal information refers to information about a living individual that falls under any of the following subparagraphs.
1) Information that can identify a specific individual, such as name, resident registration number, and image, etc.
2) Information that cannot identify a specific individual by itself but can easily be combined with other information to identify a specific individual.
3) Information that has been pseudonymized, which cannot identify a specific individual without the use or combination of additional information for restoration to its original state (“Pseudonymous Information”).
- The Company informs customers through its Privacy Policy about how their personal information is used, for what purposes and in what ways, and what measures are being taken to protect personal information.
- To enable customers to easily review and confirm the Privacy Policy at any time, the Company discloses the Privacy Policy on the first screen of its official website(http://inculabplus.com/en or https://kidstopia.co.kr/en/ )
- The Company may revise the Privacy Policy in accordance with changes in relevant laws, regulations, or internal operating policies. When revising the Privacy Policy, the Company assigns version numbers or similar references to help customers easily identify the amendments.
2. Purpose of Processing Personal Inforamtion, Collected/Used Items, and Retention/Usage Period
- When processing a customer's personal information, the Company notifies the collection purpose, collected items, and retention/usage period in advance through the Privacy Policy or a consent form for collection and use of personal information etc., in accordance with relevant laws and regulations.
- The Company may collect a customer's personal information in any of the following cases and use it within the scope of the collection purpose.
1) When the customer's consent has been obtained.
2) When it is required to comply with special legal provisions or legal obligations.
3) When it is necessary to perform its obligations under the agreement entered with the customer or to take actions in response to the customer’s requests during the process of entering into a contract.
4) When it is recognized as necessary to urgently protect the interests of the customer or a third party’s life, body, or property.
5) When it is necessary to achieve the Company's legitimate interests that clearly take precedence over the customer's rights
6) When it is urgently necessary for public safety and welfare, such as public health, etc.
- The Company processes the following personal information with the customer's consent.
Service | Legal Basis | Purpose of Collection/Use | Mandatory(Yes/No) | Collected/Used Items | Retention/Usage Period |
Kidstopia | Article 15(1)1 of the Personal Information Protection Act | 1:1 Inquiry reception and processing | Mandatory | User nickname, email, inquiry details | Until 12 months from collection date |
ㅤ | ㅤ | Business partnership inquiry reception and processing | ㅤ | Legal representative's name, company name, mobile phone number, email address, email, inquiry details | ㅤ |
ㅤ | ㅤ | Event winner notification and prize delivery | ㅤ | Legal representative's name, mobile phone number, Service user nickname | Until 3 months after winner announcement |
- The Company processes the following personal information without the customer's consent.
- The company does not process personal information without customer consent. However, if there is any case where personal information is processed without customer consent, we will provide relevant information accordingly.
- In any of the following cases, the Company may retain a customer's personal information until the expiry of relevant period set forth below.
1) When a customer's consent has been individually obtained, for the period for which consent was obtained.
2) When the service has been terminated for reasons including cancellation, etc. but the customer has not fully paid the usage fee (including other transaction fees), until the full payment is made.
3) When dispute such as complaint, lawsuit, etc. arises between the Company and the customer, and the dispute is not resolved within the retention period, until the dispute is resolved.
4) When it is necessary to preserve personal information for a certain period stipulated by relevant laws, including the Commercial Act, etc. The examples are as follows.
Legal Basis | Personal Information Items | Retention/ Usage period |
Article 266 of the Commercial Act | Personal information included in commercial books and important business documents | 10 years |
ㅤ | Personal information included in vouchers or similar supporting documents | 5 years |
Article 85-3 of the Framework Act on National Taxes | All transaction books and supporting documents | 5 years |
Article 6 of the Act on Consumer Protection in Electronic Commerce, and Article 6 of the Enforcement Decree of the same Act | Records of contracts, subscription cancellations, etc. | 5 years |
ㅤ | Records of payment and supply of goods, etc. | 5 years |
ㅤ | Records of customer complaints or dispute resolution | 3 years |
ㅤ | Records of advertisement | 6 months |
Article 20 of the Credit Information Use and Protection Act | Records of credit information processing, including collection, use, provision, and disposal, etc. | 3 years |
Article 15-2 of the Protection of Communications Secrets Act and Article 41 of the Enforcement Decree of the same Act | Name, resident registration number, and phone number necessary for the provision of telecommunication verification data | 12 months |
ㅤ | Telecommunication date/time, telecommunication start and end times, counterpart’s subscriber number such as caller/receiver number, etc., communication frequency, and location tracking data of base station that can identify the location of the information and communication device connected to the information and communication network | 12 months (or 6 months for information related to local and long-distance telephone services |
ㅤ | Log records of computer communications or internet usage by users of such telecommunication services and access point tracking data that can identify the locations of information and communication devices used by such users to access the information and communication network. | 3 months |
3. Processing Personal Information of Children Under the Age of 14
- When collecting personal information of a child under the age of 14, the Company obtains the consent of the child's legal guardian and collects only the minimum personal information necessary to perform the relevant service.
- If the Company collects personal information of a child under the age of 14 for the purpose of promoting its services, it obtains separate consent from the legal guardian.
- When collecting personal information of a child under the age of 14, the Company may collect only the minimum information, such as the name and contact information of the legal guardian, and verifies whether the legal guardian has duly consented through one of the following methods:
- The legal guardian indicates consent on an internet website where the consent details are posted, and the personal information processor informs the legal guardian to the legal guardian’s mobile phone via text message that the consent has been confirmed.
- The legal guardian indicates consent on an internet website where the consent details are posted, and the Company receives the legal guardian's credit or debit card information.
- The legal guardian indicates consent on an internet website where the consent details are posted, and the Company confirms the legal guardian's identity through mobile phone authentication or other methods.
- The Company directly issues a written consent form containing consent details to the legal guardian or sends it through mail or fax, and the legal guardian signs/seals such consent form after confirming the consent details and submits the form.
- The Company sends an email containing the consent details to the legal guardian, and the legal guardian returns an email expressing consent.
- The Company informs the legal guardian of the consent details through a phone call and obtains consent, or guides the legal guardian to an internet address or other methods to review the consent details and obtains consent through a follow-up phone call.
- Other methods equivalent to the above, through which the legal guardian is informed of the consent details and the Company confirms the legal guardian's expression of consent.
4. Personal Information Destruction Procedure and Methods
- When the purpose of collecting or using personal information is achieved or the retention and usage period has ended, the company deletes such information without delay, except in cases where retention is necessary according to the customer's consent, the terms of service, or relevant laws.
- For personal information recorded in writing, the company destroys it by shredding or incinerating it using a shredder, while for information stored electronically, it uses technical measures that render the records irretrievable.
- However, if permanent deletion is significantly difficult due to technical reasons, the company processes the information into anonymous data, making it impossible to restore and ensuring that the information can no longer identify an individual, considering time, cost, and technology reasonably.
5. Provision of Personal Information to Third Parties
- In cases where there are special provisions in laws such as the Framework Act on National Taxes, the Local Tax Act, the Protection of Communications Secrets Act, the Act on the Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act, etc. or in cases of emergencies such as disasters, infectious diseases, incidents or accidents that pose imminent risk to life or body or imminent risk of property loss, etc., the Company may use or provide personal information to a third party beyond the scope notified to the customer at the time of collecting personal information or specified in the terms of service. However, even under relevant laws and regulations, the Company does not unconditionally provide the customer's personal information. Instead, the Company provides the personal information in accordance with the procedures and methods stipluated by the applicable laws and regulations.
- The company does not disclose customer personal information to third parties, except as described above. If the company discloses customer personal information to a third party, we will inform the recipient of the information, the Purpose of Provision, the Provided Items, the Retention/Usage Period
6. Standards for Determining Additional Usage/Provision of Personal Information
- The Company does not additionally use or provide personal information. If additional use or provision continues to occur, it will provide relevant information.The Company may additionally use or provide personal information without the customer's consent by considering whether:
7. Delegation of Personal Information Processing
- The company does not delegate the processing of personal information. If the company does delegate the processing of a customer's personal information, we will inform you of the details of the delegated tasks and the entrusted entity.
8. Overseas Transfer of Personal Information
- The company does not transfer personal information overseas. If an overseas transfer of personal information occurs, the company will provide relevant information accordingly.
9. Security Measures for Personal Information
- Technical Measures: The Company takes the following technical measures to ensure the security of personal information to prevent loss, theft, leakage, alteration, or damage in processing the personal information.
Category | Details |
1 | Measures to prevent falsification or alteration of access records are taken. |
2 | Personal information is managed by applying encryption technology for storage or transmission in compliance with the level required by relevant laws, depending on the type of information. |
3 | Measures are taken to prevent damage caused by computer viruses, using antivirus programs. This includes regularly updating the antivirus software and promptly providing immediate updates as soon as a vaccine is released in the event of sudden virus outbreak, thereby preventing the violation of personal information. |
4 | Security devices (e.g., SSL, etc.) using cryptographic algorithms are adopted for secure transmission of personal information over the networks |
5 | Each server are managed by applying intrusion prevention systems and vulnerability analysis system to prepare for external threats such as hacking, etc. |
- Administrative and Physical Measures: For the secure protection of personal information, the Company receives objective certifications, such as information security management system certifications, from external professional organizations for key systems and facilities, and takes the following administrative and physical measures.
Category | Details |
1 | Internal management plan is established and implemented for personal information protection. |
2 | Access to personal information is restricted to the minimum number of necessary personnel. |
3 | Regular in-house and externally provided training on new security technologies and personal information protection obligations, etc. to employees handling personal information. |
4 | Security agreements entered with employees upon their joining the Company to prevent information leakage in advance and internal procedure established to audit implementation of the Privacy Policy and compliance by employees. |
5 | The handover of personal information processing tasks is thoroughly carried out in a secure manner, and the responsibilities for personal information accidents at the time of joining or leaving the Company are clearly defined. |
6 | Personal information and general data are separately stored and not mixed. |
7 | Computer rooms and data storage rooms, etc. are designated as special protection zones to which access is controlled. |
8 | Appropriate countermeasures are implemented and compensation are arranged for in cases of personal information theft, leakage, alteration, or damage caused by internal administrator’s errors or technical management accidents. |
10. Potential Disclosure of Sensitive Information; Non-Disclosure Selection Methods
- The Company does not disclose sensitive information. If there is a possibility of such disclosure, it will provide relevant information.
11. Processing of Pseudonymized Information
- The Company does not process pseudonymized information. If the Company processes pseudonymized information, it will provide relevant details.
12. Installation, Operation, and Objection to Devices Automatically Collecting Personal Information
- The company does not install or operate devices that automatically collect personal information. If the installation or operation of such devices occurs, we will provide relevant information.
13. Collection and Use of Behavior Information by a Third Party through an Automatic Personal Information Collection Device, and Refusal to such Collection and Use
- The Company does not allow third parties to collect behavioral information through devices automatically collecting personal information. If a third party collects behavioral information through device that automatically collects personal information, the Company will provide relevant information.
14. Information Subjects’ and Legal Representatives’ Rights, Duties, and Exercising Method
- A "data subject" refers to an individual who can be identified or identifiable through the processed personal information, meaning the customer themselves. A "legal representative" is a person authorized by laws such as the Civil Act to act on behalf of another individual regarding legal matters.
Section | Details |
1 | Information subjects may exercise their rights to request viewing, correction, deletion, suspension of processing, cancellation, or (in the case of automated decisions) objection to or explanation of automated decisions, etc. to the Company at any time. |
2 | For personal information of children under the age of 14, their legal representatives must personally request a viewing, etc. However, information subjects who are minors aged 14 or older may exercise their rights either directly or through their legal representatives. |
3 | Rights can be exercised by written notice, email, facsimile transmission to the Company, and the Company will take measures without delay. Information subjects may at any time directly view, modify, or delete their personal information through Web, App, or other means, or request a viewing through the customer service center, and they may withdraw their consent to the collection and use of personal information through “Termination of Membership.” In cases of automated decisions, information subjects may object to the automated decisions or request explanation thereof through customer service center or other channels. |
4 | Rights can be exercised through a legal representative, attorney-in-fact, or other representative. In this case, a power of attorney in the form of Form No. 11 of the "Public Notice on the Personal Information Processing" must be submitted. |
5 | Information subjects' rights to request viewing of personal information or suspension of its processing may be restricted in accordance with Articles 35(4) and 37(2) of the Personal Information Protection Act. |
6 | If the personal information is specified as subject to collection under other laws and regulations, the request for deletion of such personal information may not be made. |
7 | (In the case of automated decisions) Information subjects may not object to any automated decisions and may request only explanations and reviews in cases where (i) information subjects have consented to the fact that an automated decision is made, (ii) the Company notified them in advance through a contract or otherwise, or (iii) relevant law explicitly provides for such decisions. In addition, the requests for objection to or explanation of automated decisions may be rejected if there are justifiable reasons, such as concerns of undue harm to the life, body, property, or other interests of another person. |
8 | The Company verifies whether the person exercising the rights is the principal or a legitimate representative. |
9 | If the information subject’s repeated requests, etc. (e.g., for viewing or receiving personal information) raise concerns about affecting business or if the volume of requested information is substantial enough to incur significant costs, the Company may postpone responding to the request or refuse them or charge actual expenses (such as copying fees) to the information subject. |
10 | Information subjects may exercise their rights by contacting the Company's privacy officer or personal information complaint handling officer, and the Company will make efforts to process their requests promptly. |
15. Privacy Officer
The Company is fully dedicated to protect personal information for customers to safely use services, and has the following privacy officer for handling inquiries, complaints, and requests for redress in relation to personal information.
Privacy Officer
- Name : Kim mingu
- E-mail : support@inculabplus.com
16. Redress Procedures for Information Subjects’ Infringement Claims
- The Company values customer opinions and will provide prompt and accurate answers to customer inquiries made to customer service centers or dealerships.
1) The Company operates customer service centers for smooth communication with customers, and the contact details are as set forth below.
Category | Details |
E-mail Address | contact@inculabplus.com |
2) The Company will respond to requests for consultations submitted via email, fax, or mail to the best of its abilities within 12 hours after receipt. However, in principle, any requests submitted after usual work hours, on weekends, or public holidays are processed the following day.
- Customers may apply for dispute resolution or counseling through the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency's Personal Information Infringement Reporting Center for redress to personal information infringement claims. For inquiries regarding other personal information infringement reports or counseling, please contact the following organizations:
Category | Details (Phone Number, Website) |
Personal Information Dispute Mediation Committee | (Without area code) 1833-6972, www.kopico.go.kr |
Personal Information Infringement Reporting Center | (Without area code) 118, privacy.kisa.or.kr |
Supreme Prosecutors' Office | (Without area code) 1301, http://www.spo.go.kr |
National Police Agency | (Without area code) 182, http://ecrm.cyber.go.kr |
17. Processing of Personal Location Information
- The company does not process personal location information. If the company processes personal location information, we will inform you of the relevant details.
18. Changes to the Privacy Policy
- The company's personal information processing policy was revised on the following date, and if there is any addition, deletion, or modification of the contents due to changes in the government's policy or security technology, it will be notified through the "Notice" section of the personal information processing policy page before the revision.
- ・ Privacy policy version number : V1
- ・ Privacy policy effective date : 2025-12-01