Privacy Policy
At PentaServices, we value your privacy and adhere to all applicable regulations.
Last Updated: 2025.02.18
Privacy Policy
PentaServices (hereinafter referred to as the "Company") complies with the Personal Information Protection Act and related laws, and establishes and discloses the following privacy policy to protect and safely manage users' personal information.
This policy is effective from February 16, 2025.
1. Purpose of Collection and Use of Personal Information
The Company collects and uses minimal personal information for the following purposes:
| Purpose | Collected Items | Retention Period |
|---|---|---|
| Member Registration and Management | (Required) ID, Password, Email Address, Mobile Phone Number, Name | Immediately deleted upon membership withdrawal |
| Service Provision and Contract Fulfillment | (Required) Name, Contact Information, Payment Details (Partial Card Number), Business Registration Number (Corporate Customers) | 5 years after contract termination |
| Automated Service Provision (Console Usage) | (Required) IP Address, Service Usage Records, Device Information | 1 year |
| Customer Inquiries and Support | (Required) Name, Email Address, Phone Number, Inquiry Details | 3 years |
| Legal Obligations (Tax Invoice Issuance, etc.) | (Required) Name, Business Registration Number, Payment Information | As per relevant laws |
2. Retention and Disposal of Personal Information
The Company promptly disposes of personal information when the retention period expires or the purpose of processing is achieved.
- Electronic File Format: Deletion using unrecoverable technical methods
- Paper Documents: Shredding or incineration
However, the following information may be retained for certain periods as required by law:
| Retention Items | Retention Period | Relevant Law |
|---|---|---|
| Contract or Withdrawal Records | 5 years | E-Commerce Act |
| Payment and Supply Records | 5 years | E-Commerce Act |
| Consumer Complaint and Dispute Records | 3 years | E-Commerce Act |
| Log Records and Access IP | 1 year | Communications Privacy Protection Act |
3. Third-Party Provision of Personal Information
The Company does not provide users' personal information to external parties as a principle. However, information may be provided only when required by law or with user consent.
Exceptions (Provision Based on Legal Requirements)
- Requests from investigative or administrative agencies as per legal requirements
- When necessary for payment processing through credit card companies, payment gateways (PG)
4. Outsourcing of Personal Information Processing
The Company outsources some tasks to external companies for smooth service provision. The outsourcing companies are as follows:
| Outsourced Task | Service Provider | Retention and Usage Period |
|---|---|---|
| Payment and Billing Management | NICE Payments Co., Ltd., Hyosung FMS Co., Ltd. | Until contract termination |
| Server Operation and Data Storage | 4096 SVCS LLC, AWS, Google Cloud | Until contract termination |
| Customer Support and Inquiry Handling | Intercom, Inc. | Until contract termination |
The Company takes necessary measures to protect personal information during outsourcing contracts and supervises the service providers to ensure secure processing of personal information.
5. International Transfer of Personal Information
The Company may transfer personal information internationally for cloud server and payment processing purposes, managed as follows:
| Transfer Purpose | Destination Country | Service Provider | Transferred Items | Protection Measures |
|---|---|---|---|---|
| Server and Data Management | USA, Singapore | 4096 SVCS LLC, AWS, Google Cloud | Service Usage Records, Logs | Security Certification (ISO27001, etc.) |
| Payment Processing | USA | Stripe, PayPal | Payment Information | Compliance with International Security Standards |
6. User Rights and Exercise Methods
Users can exercise the following rights at any time:
- Request to View Personal Information
- Request for Correction or Deletion of Personal Information
- Request to Stop Processing
Rights can be exercised through email (corp@pentaservices.co.kr) or customer service, and requests will be processed within 10 days.
7. Technical and Administrative Measures for Personal Information Protection
The Company implements the following measures to protect users' personal information:
Technical Measures
- SSL Encryption (Data Transmission Protection)
- Firewall and Intrusion Detection System Operation
- Personal Information Access Restrictions (Authority Management)
Administrative Measures
- Minimizing Personal Information Handling Staff
- Regular Security Training and Inspection
- Password Encryption Storage
8. Personal Information Protection Officer and Contact Information
The Company designates a responsible officer for handling personal information protection inquiries.
- Personal Information Protection Officer: Sangyeop Han
- Contact: 010-4337-2590
- Email: privacy@pentaservices.co.kr
Please submit personal information-related inquiries through the above contact information.
9. Changes to Privacy Policy
This privacy policy may be revised according to changes in laws or service policies. Changes will be announced at least 7 days in advance, and significant changes will be applied immediately after revision.
- Initial Implementation Date: February 16, 2025
- Latest Revision Date: February 16, 2025
Previous versions of the privacy policy can be found here.
Strong Security
We safeguard your personal data with the latest security technologies.
Data Encryption
All personal data is securely stored using industry-standard encryption techniques.
Transparent Data Handling
We provide clear and transparent information about our data collection and usage practices.