Privacy Policy for READING &

iPortfolio Co., Ltd. (hereinafter referred to as "the Company") establishes and discloses this privacy policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly address any grievances related to it.

This Privacy Policy may be revised from time to time in accordance with changes in governmental laws, guidelines, or the Company's terms and internal policies. When revised, the Company will notify users through website announcements or individual notifications.

1. Items of Personal Information Collected

The Company collects the following personal information for purposes such as membership registration, consultation, and service applications.

Purpose	Category	Personal Information Item
Membership Registration	General Membership Registration (Common)	[Required] Name, ID, password, email, mobile phone number
SNS Account Registration and Simplified Login Integration	Sign in with Kakao	[Required] Profile information (nickname/profile picture), login identifier [Optional] Kakao account (email, mobile phone number)
	Sign in with Apple	[Required] Email (randomly generated if "Hide My Email" is enabled), login identifier
	Sign in with Whale Space	[Required] User type (student/teacher), login identifier [Optional] WhaleSpace account (email)
Provision of Goods or Services	Product Orders	[Required] Payment information, payment records
	Product Orders (for Delivery)	[Required] Payment information, payment records, shipping details (recipient's name, recipient's phone number, recipient's address)
	Service Use (Input and Edit of Member Information)	[Required] Child's name, child's date of birth [Optional] Parent's name, school/preschool name
	Consultation and Service Applications	[Required] Name, mobile phone number, email, date of birth, consultation details, order information
	Use of AI Services for Performance and Algorithm Improvement	[Required] Conversational data exchanged with the AI (including audio conversations), service usage behavior information (input data and results)
	Use of Video Class Services for Quality Improvement	[Required] Conversational data exchanged with the AI (including audio conversations), service usage behavior information (input data and results)
	Automatically Collected and Generated Information During Service Use	[Required] Service visit and usage records, learning information, purchase history, browser information, device information (operating system, model name, device unique ID, OS version, app version), IP address, and user voice data recorded during sessions

2. Methods of Collecting Personal Information

The Company collects personal information using the following methods:

1. Website, application, telephone, consultation boards, email, event participation, delivery requests, and AI service usage.

3. Purpose of Collecting and Using Personal Information

The personal information collected by the Company is used for the following purposes:

1. Execution of service contracts and billing for provided services: Content delivery, tailored service provision, purchase and billing, delivery of goods or invoices, personal identification for financial transactions.
2. Membership management: Identity verification for member services, personal identification, confirmation of intent to join, legal guardian consent verification for children under 14, handling complaints, and delivery of notices.
3. Development of new services and marketing/advertising activities: Development of new services and tailored offerings, advertisements based on statistical characteristics, service validation, event information and participation opportunities, delivery of promotional content, analysis of visit frequency, service quality improvement, and service usage statistics

4. Retention and Usage Period of Personal Information

As a principle, the Company destroys personal information without delay once the purpose of its collection and usage has been fulfilled. However, in compliance with relevant laws, certain personal information may be retained for specified periods as outlined below:

1. Records related to contracts or cancellations: Retained for 5 years, based on the Act on the Consumer Protection in Electronic Commerce, etc.
2. Records related to payments and supply of goods: Retained for 5 years, based on the Act on the Consumer Protection in Electronic Commerce, etc.
3. Records related to consumer complaints or disputes: Retained for 3 years, based on the Act on the Consumer Protection in Electronic Commerce, etc.
4. Records related to identity verification: Retained for 6 months, based on the Act on Promotion of Information and Communications Network Utilization and Information Protection.
5. Records related to website visits: Retained for 3 months, based on the Communications Secrets Protection Act.

5. Procedures and Methods for Destroying Personal Information

The Company destroys personal information without delay once the purpose of its collection and usage has been achieved. The destruction procedures and methods are as follows:

1. Destruction Procedures
   1. Personal information provided by users for purposes such as membership registration is transferred to a separate database (or a secure storage case for paper records) after the purpose has been fulfilled.
   2. The transferred information is retained for a designated period in compliance with internal policies and relevant legal requirements before it is destroyed.
   3. Personal information stored in the separate database is not used for any purpose other than those allowed by law.
2. Destruction Methods
   1. For Paper Records: Printed personal information is shredded or incinerated to ensure complete destruction.
   2. For Electronic Records: Electronically stored personal information is permanently deleted using technical methods that make recovery impossible.

6. Delegation of Personal Information Handling

To ensure the smooth and convenient provision of services, the Company delegates the handling of personal information to external specialized service providers within a strictly limited scope. When entering into delegation agreements, the Company establishes separate provisions to ensure the safe management of personal information by the entrusted entities.

Entrusted Entity	Delegated Task	Retention and Usage Period
Toss Payments	Payment processing, purchase safety services	Until membership withdrawal or termination of delegation contract
Daou Technology Co., Ltd.	SMS delivery	Immediate deletion upon achieving purpose
BizTalk Co., Ltd.	Identity verification, notification messages	Immediate deletion upon achieving purpose
DS Innovation	Product delivery, returns, and exchanges	Immediate deletion upon achieving purpose
KT Alpha Co., Ltd.	Event prize gifticon SMS delivery	Immediate deletion upon achieving purpose
Channel Corporation	Customer center operations, customer consultation, marketing tasks	Immediate deletion upon achieving purpose

The Company transfers personal information overseas to ensure smooth operation of AI services and video class services. While users may refuse the transfer, such refusal may result in the inability to use or restrictions on the services.

• Services Involved: LAURA Activities, LAURA Reports, READING & Letters, READING & Care
• Country of Transfer: United States

Overseas Entrusted Entities and Tasks

• OpenAI: Responsible for generating conversations for LAURA Activities, creating LAURA Reports, generating content for READING & Letters, and improving AI service performance. Personal information is deleted immediately without storage.
• ZOOM: Provides technical support for video class services under READING& Care. Personal information is deleted immediately without storage.

The cross-border transfer of personal information is based on Article 28-8, Paragraph 1, Subparagraph 3(a) of the Personal Information Protection Act, which permits cross-border processing or storage for contract execution.
The Company does not delegate customer information to external entities without consent. Should additional delegation become necessary, the Company will notify users of the entrusted entity and tasks and obtain prior consent when required.

7. Rights of Users and Legal Representatives and Methods to Exercise Them

1. Users and legal representatives may, at any time, access or modify the personal information registered under their name or for children under the age of 14. They may also request to terminate membership.
   1. Access or Modify Personal Information: To access or modify personal information (including that of children under 14), users can click on options such as "Edit Personal Information" or "Modify Member Information."
   2. Withdraw Membership (Consent Withdrawal): To withdraw membership, users can click "Withdraw Membership," complete the identity verification process, and directly access, correct, or delete their information.
2. Alternatively, users can contact the personal information manager via written request, telephone, or email, and their requests will be addressed promptly.
3. When a correction to personal information is requested, the Company will not use or provide the information until the correction is complete. If incorrect information has already been shared with a third party, the corrected information will be promptly communicated to the third party.
4. Personal information deleted or terminated at the user's request will be handled in accordance with the "Retention and Usage Period of Personal Information" and will not be used or accessed for any other purpose.

8. Installation, Operation, and Refusal of Automatic Data Collection Devices

1. What Are Cookies?
   1. Cookies are small text files sent by a website server to the user’s browser and stored on their computer’s hard drive. They are used to store user preferences and provide personalized and customized services.
   2. Cookies do not automatically or actively collect personally identifiable information. Users can delete or refuse cookie storage at any time.
2. Purpose of Cookies
   The Company uses cookies to:
   • Analyze users’ visit patterns, usage habits, secure connections, and overall user scale across services and websites.
   • Provide optimized, personalized information and service recommendations.
3. Cookie Settings and Refusal
   Users have the right to manage cookie storage:
   • Set browsers to allow all cookies, prompt for consent when cookies are saved, or refuse all cookies.
   • Note: Refusing cookies may limit access to some services requiring login.
   • Steps for Cookie Settings in Internet Explorer:
     1. Select [Tools] > [Internet Options].
     2. Click on the [Privacy Tab].
     3. Adjust the [Privacy Settings].

9. Personal Information Complaint Services

The Company designates the following personnel and departments to protect personal information and address complaints:

1. Personal Information Manager:
   • Name: Jiho Park
   • Position: Head of Business Division
   • Phone: 1566-2246
   • Email: contact@iporfolio.co.kr
2. Customer Service Department:
   • Department: Marketing Team
   • Phone: 1566-2246
   • Email: info@readingn.com

Users may report all personal information protection-related complaints to the above contacts. The Company promises prompt and sufficient responses to reported issues. For additional assistance, users may contact the following organizations:

• Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
• Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
• National Police Agency: 182 (cyberbureau.police.go.kr)

10. Changes to the Privacy Policy

This Privacy Policy takes effect on December 17, 2024.

Announcement Date: December 5, 2024

Effective Date: December 17, 2024

To see the previous version of this Privacy Policy, please click here.