The company Dio (hereinafter referred to as the “Company”) complies with the provisions of the “Personal Information Protection Act” and related laws to protect the freedom and rights of data subjects. The Company processes personal information lawfully and manages it safely. Accordingly, in accordance with Article 30 of the “Personal Information Protection Act,” the Company establishes and discloses this privacy policy to inform data subjects of the procedures and standards for personal information processing and to ensure that related complaints are handled swiftly and smoothly.

Article 1 (Items of Personal Information Collected and Methods of Collection)

The Company collects the following personal information for membership registration, personalized studio and dance class recommendations, etc.

• Required items: Name (nickname), Email, Password, Phone Number, IP Address, Payment Records
• Optional items: Information required by the Company to provide customized services
• Marketing and Advertising Utilization: New class openings, webpage access frequency information, user service and event planning, delivery of advertising information for events and promotions, user surveys, service and notice guidance

Article 2 (Purpose of Collecting and Using Personal Information)

The Company utilizes the collected personal information for the following purposes.

• Fee settlement for services provided, content delivery, purchase of class passes and payment of tuition fees, identity verification for financial transactions and financial services, smooth communication with users
• Membership management
• Identity verification for membership services, personal identification, prevention of fraudulent use by bad members, confirmation of intent to join, age verification, complaint processing, and delivery of notifications
• Utilization for marketing and advertising (new class openings, webpage access frequency information, user service and event planning, delivery of advertising information for events and promotions, user surveys, service and notice guidance)

Article 3 (Processing and Retention Period of Personal Information)

The Company processes and retains personal information within the period agreed upon for the retention and use of personal information collected from the data subject, or as prescribed by law. Furthermore, after achieving the purpose of collecting and using personal information, the Company shall dispose of the information without delay. However, if it is necessary to retain the information for a certain period due to obligations related to transaction management, as stipulated in relevant laws such as the Commercial Act and the “Act on the Consumer Protection in Electronic Commerce,” the information may be retained for a certain period.

• Records related to contracts or withdrawal of subscriptions: 5 years (Act on the Consumer Protection in Electronic Commerce)
• Records related to payment and supply of goods: 5 years (Act on the Consumer Protection in Electronic Commerce)
• Records related to consumer complaints or dispute resolution: 3 years (Act on the Consumer Protection in Electronic Commerce)
• When collected for temporary purposes such as surveys or events: At the end of the relevant survey or event
• Records related to advertising: 6 months (Article 6 of the Enforcement Decree of the Electronic Commerce Act)
• Records related to identity verification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.)
• Records related to visits (logs): 3 months (Protection of Communications Secrets Act)
• Books and evidential documents regarding all transactions as prescribed by tax laws: 5 years (Article 5-3 of the National Tax Basic Act)

Article 4 (Provision of Personal Information to Third Parties)

The Company will not use or provide personal information of data subjects to third parties beyond the scope notified in this privacy policy, except with the consent of the data subject or as prescribed by relevant laws. However, the following cases are exceptions.

• If the data subject has consented in advance
• If required by law or in response to a request from investigative authorities in accordance with the procedures and methods prescribed by law for investigative purposes

Article 5 (Entrustment of Personal Information Processing)

When outsourcing the processing of users‘ personal information for smooth business operations, the Company shall inform the data subjects in advance about the outsourcing party (hereinafter referred to as “Trustee”) and the contents of the entrusted work.

• Trustee: Contents of the entrusted work
• Naver Cloud Platform: Outsourcing of Alimtalk delivery
• KakaoTalk: Delivery of Alimtalk
• Toss Payments: Payment processing for credit cards, etc.
• Amazon Web Services (AWS): Email delivery

Article 6 (Rights and Obligations of Data Subjects and How to Exercise Them)

• Users and their legal representatives may at any time inquire about or modify their own personal information or that of children under the age of 14 registered with the Company, and may also request cancellation of membership.
• To inquire about or modify personal information of users or children under the age of 14, you can contact the personal information manager by phone or email for membership cancellation (withdrawal of consent), and the Company will take prompt action.
• If a user requests correction of erroneous personal information, the Company will not use or provide that personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction results without delay to ensure that the correction is made.
• The Company processes personal information that has been terminated or deleted at the request of users or legal representatives as specified in Article 3, and ensures that it cannot be accessed or used for other purposes.

Article 7 (Procedures and Methods for Destruction of Personal Information)

• Personal information of data subjects that has exceeded the retention period will be destroyed without delay. Personal information will be destroyed in a manner that prevents recovery or restoration.
• The procedures and methods for destroying personal information comply with the “Guidelines for Destruction of Personal Information,” and the destruction methods are as follows:
  • Printed materials: Shredded or incinerated
  • Personal information stored in electronic file format: Destroyed using technical methods that cannot restore the records (e.g., low format)

Article 8 (Measures to Ensure the Security of Personal Information)

The Company has established internal management plans, maintained access logs, and taken necessary technical, administrative, and physical measures to ensure that the personal information of data subjects is not lost, stolen, leaked, altered, or damaged.

• Administrative measures
  • Establishment of an internal management plan for the safe handling of personal information
  • Regular self-audits in accordance with the internal management plan
• Technical measures
  • Access rights to systems are granted on a need-to-know basis required for business operations
  • To preserve system access logs and prevent tampering, regular backups of log data are conducted, and documents are secured with password protection and stored in locked cabinets to prevent theft/loss
  • Security programs, such as antivirus software that can prevent/treat malicious programs, are installed and operated on personal information processing systems or work computers

Article 9 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

• The Company uses cookies to store and retrieve information about data subjects in order to provide personalized and customized services. Cookies are very small text files sent by the server operating the website to the browser of the data subject, which are stored on the user‘s computer‘s hard disk.
• The purpose of using cookies is as follows:
  • To understand the visit and usage patterns of each service and website visited by data subjects, security access status, content edits, user scale, etc., in order to provide optimized information to data subjects.
• Data subjects have the right to choose whether to install cookies. Therefore, they can set their web browser options to allow all cookies, to confirm each time a cookie is saved, or to refuse the storage of all cookies. However, if cookies are refused, some services that require login may be difficult to use.
• The method for specifying whether to allow cookie installation (for Chrome) is as follows:
  • Click [：] in the upper right corner, select [Advanced] from the menu > click [Site Settings] under [Privacy and Security] > [Cookies] > [View all cookies and site data] > search for the website name in the upper right corner > click the delete button on the right of that name.

Article 10 (Personal Information Protection Officer and Personal Information Management Responsible Person)

The Company has designated the relevant department and the personal information management officer as follows to protect the personal information of data subjects and to handle matters related to personal information.

• Name of Personal Information Management Officer: Choi Jung-ho
  • Phone number: 010-2513-8465
  • Email: jungho.choi@diowith.me
• You can report any personal information protection-related complaints arising from your use of the Company‘s services to the personal information management officer or the responsible department.
• If you need to report or consult about other personal information infringements, please contact the following organizations:
  • Personal Information Dispute Mediation Committee (https://www.kopico.go.kr/118)
  • Cyber Investigation Division of the Supreme Prosecutors‘ Office (https://www.spo.go.kr/1301)
  • Cyber Safety Bureau of the National Police Agency (http://cyberbureau.police.go.kr/182)