Privacy Policy

Article 1: Items of Personal Information Collected and Purposes

1.1 Mandatory Items Collected

We collect the following mandatory personal information to provide you with our services:

• Name: Required for account identification and service delivery
• Email Address: Used for account management, communications, and password recovery
• Position and Affiliation: Collected to better understand our user base and provide relevant services
• Profile Picture: Optional visual identifier for your account
• Service Usage Records: Data regarding how you interact with our platform and features
• Access Logs: Records of when and how you access our services
• Cookies: Used to maintain session information and improve your experience
• Access IP Address: Recorded for security and fraud prevention purposes
• Payment Records: Transaction history and billing information for subscription management

1.2 Optional Items

During membership registration, you may optionally provide additional information to enhance your profile and experience with our services.

1.3 Processing Purposes

Your personal information is collected and processed for the following purposes:

• Customer Registration: To create and maintain your account
• Identity Verification: To ensure account security and prevent unauthorized access
• Membership Management: To administer subscription tiers and access levels
• Payment Processing: To process payments and maintain billing records
• Educational Content: To provide relevant tutorials, documentation, and learning materials
• Events and Announcements: To inform you about webinars, new features, and product updates
• Service Improvement: To analyze usage patterns and optimize our platform

Article 2: Processing and Retention Period

We retain your personal information for different periods depending on the type of data and the purposes for which it was collected:

After the retention period expires, we securely delete or anonymize your personal information in accordance with our data destruction procedures outlined in Article 6.

Article 3: Provision to Third Parties

Murple Corporation does not provide your personal information to third parties without your explicit consent. We do not sell, rent, or share your data with external organizations for commercial purposes.

The only exceptions to this policy are:

• When required by law or legal process (court orders, government requests)
• When necessary to provide services you have requested (service providers with contractual obligations)
• When you have explicitly given your consent for specific third-party sharing

In all cases, we ensure that third parties are bound by strict confidentiality obligations and comply with applicable data protection regulations.

Article 4: Consignment of Processing

We engage third-party service providers to assist in processing your personal information. These processors are carefully selected and contractually obligated to protect your data:

4.1 Domestic Service Providers

• Payple Co., Ltd.: Payment processing and transaction management. This provider handles all payment-related operations securely and complies with PCI-DSS standards.

4.2 Overseas Service Providers

• Amplitude Inc. (United States): Analytics and user behavior analysis. Amplitude helps us understand how users interact with our platform to improve service quality.
• Google LLC / Google Analytics (Ireland): Web analytics and traffic analysis. Google Analytics provides insights into website usage patterns and user engagement.
• Hotjar Ltd (Ireland): User experience analytics including session recordings and heatmaps. Hotjar helps us understand user interactions and optimize the user interface.

All overseas processors comply with international data transfer agreements and maintain adequate safeguards for your personal information.

Article 5: Data Subject Rights

As a data subject, you have the following rights regarding your personal information:

5.1 Right to Access

You have the right to request access to your personal information that we hold. We will provide you with a copy of your data in a clear and understandable format within 30 days of your request.

5.2 Right to Correction

If you believe any of your personal information is inaccurate, incomplete, or outdated, you have the right to request correction. We will update your information promptly and notify you of the changes.

5.3 Right to Deletion

You may request the deletion of your personal information, subject to legal and contractual obligations. Upon your request, we will delete your data within 30 days, unless we are legally required to retain it for compliance purposes.

5.4 Right to Suspend Processing

You may request that we suspend processing of your personal information for a specified period. During the suspension, we will not use your data for any purpose other than maintaining necessary security measures.

5.5 How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at the details provided in Article 9. Your request will be processed in accordance with applicable data protection laws.

Article 6: Destruction Procedures

When your personal information reaches the end of its retention period, or when you request deletion, we employ secure destruction methods to ensure complete removal:

6.1 Electronic Data Destruction

• Secure overwriting using industry-standard algorithms (e.g., DOD 5220.22-M standards)
• Cryptographic erasure of encrypted data
• Physical destruction of storage media containing unencrypted sensitive data
• Permanent deletion from all backup systems and archives

6.2 Physical Document Destruction

• Shredding of printed documents containing personal information
• Incineration of sensitive physical media
• Secure disposal through certified document destruction services

6.3 Timeline

All destruction procedures must be completed within 5 days of the destruction initiation date. Certified proof of destruction is maintained in our records.

Article 7: Security Measures

Murple Corporation implements comprehensive technical and managerial security measures to protect your personal information from unauthorized access, alteration, or disclosure.

7.1 Technical Security Measures

• Encryption: All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256 encryption.
• Antivirus and Anti-Malware Protection: We maintain continuous scanning and protection against malicious software on all systems processing personal information.
• Intrusion Prevention Systems: Advanced firewalls and intrusion detection systems monitor and prevent unauthorized access attempts.
• Access Controls: Strict authentication mechanisms, including multi-factor authentication, limit access to personal information.
• Regular Security Audits: We conduct periodic penetration testing and vulnerability assessments to identify and address security gaps.

7.2 Managerial Security Measures

• Employee Training: All employees with access to personal information receive regular privacy and security training.
• Confidentiality Agreements: Employees sign strict confidentiality agreements regarding the protection of personal information.
• Access Restrictions: Only authorized personnel with legitimate business needs can access personal information.
• Incident Response Plan: We maintain a comprehensive incident response plan to quickly identify and mitigate any security breaches.
• Data Protection Impact Assessment: We regularly conduct assessments to identify risks and implement protective measures.

Article 8: Remedies and Complaints

If you have concerns about how we handle your personal information or believe your rights have been violated, you have several options for recourse:

8.1 Internal Resolution

Please contact our Data Protection Officer (see Article 9) to file a complaint. We will investigate your concerns and respond within 30 days.

8.2 External Regulatory Bodies

You may file a complaint with the following regulatory authorities:

• Korean Personal Information Protection Commission (KOPICO): The primary data protection authority in Korea
• Korea Internet Security Agency (KISA): For cybersecurity-related complaints and incidents
• ePrivacy Committee: For privacy concerns related to electronic communications
• Prosecutor's Office: For criminal violations of data protection laws
• Cyber Police (경찰청 사이버범죄 신고): For cybercrime-related incidents involving personal data

Article 9: Data Protection Officer

Murple Corporation has appointed a Data Protection Officer responsible for overseeing our privacy practices and addressing your concerns:

You may contact our Data Protection Officer for any privacy-related inquiries, complaints, or to exercise your data subject rights. We aim to respond to all requests within 10 business days.

Article 10: Obligation to Notify Changes

This Privacy Policy may be updated from time to time to reflect changes in our data handling practices, legal requirements, or technological advancements.

10.1 Notice of Changes

We will provide you with at least 7 days advance notice before implementing any significant changes to this Privacy Policy. Notifications will be sent via email to the address associated with your account.

10.2 Acceptance of Changes

Continued use of our services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes, you have the right to discontinue using our services and request deletion of your account.

10.3 Version Control

We maintain a version history of our Privacy Policy, and you can request previous versions if needed.