MWHLabs Privacy Policy
Welcome to MWHLabs.
MWHLabs Privacy Policy for Service Use
MWH Labs (https://www.mwhlabs.net/, hereinafter referred to as the “Company”) complies with relevant laws and regulations regarding the protection of personal information, including the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Protection of Communications Secrets Act, and the Telecommunications Business Act.
This Privacy Policy is established to handle users’ personal information and concerns smoothly.
The Company will notify users of any changes to this Privacy Policy through platform notices (or individual notifications).
This policy is effective as of May 20, 2025.
1. Purpose of Personal Information Processing
The Company processes personal information for the following purposes. Personal information will not be used for any purpose other than those listed below, and if the purpose of use changes, prior consent will be obtained from the member.
Users may choose not to consent to the collection of personal information or choose not to provide certain data. However, in such cases, service access may be restricted.
a. Member Management
To verify user intent to sign up, identify and authenticate individuals for member services, verify age, confirm real addresses, send notices, prevent misuse of services, retain records for dispute resolution, etc.
b. Handling User Complaints
To identify the member, confirm complaints or inquiries, perform fact checks, send notifications, and report processing results.
c. Providing Products or Services
To provide MWH Labs services, process payments and settlements, authenticate identity for financial transactions, manage consultations, handle incidents, and conduct debt collection.
d. Service Development
To develop and customize new services or products, improve marketing messages and campaigns, conduct satisfaction surveys, provide services and advertisements based on demographic characteristics, and extract usage statistics.
e. Marketing and Advertisement (with consent to marketing info)
To deliver MWH Labs advertisements, service updates, and promotional offers.
f. Prevention of Service Abuse
To prevent repeated free use via re-registration or other forms of misuse.
g. Investigation of Hacking/Fraud and Legal Requests
To provide information in response to legitimate legal investigations or to fulfill legal obligations related to hacking, fraud, or other incidents.
2. Items of Personal Information Collected and Methods of Collection
The Company collects and processes the following personal information for the purposes stated above:
a. Information voluntarily provided by the user during registration and use of services:
Required information: Email address, nickname, user ID and password, and for users under the age of 14, legal guardian’s information.
b. Information automatically generated and collected during service and website usage:
IP address, cookies, MAC address, device information, browser type, search terms, service usage history, payment records, visit history, history of violations, access logs, etc.
3. Retention and Use Period of Personal Information
① The Company processes and retains personal information within the period agreed upon by the user at the time of collection.
② Personal information related to membership registration and management, service provision, complaint handling, and marketing/advertising is, in principle, retained and used until the user withdraws from the service (terminates the service contract).
③ Notwithstanding paragraphs ① and ② above, personal information may be retained and used until the reason ends or for the period stipulated by law in the following cases:
1) In the event of an investigation or inquiry due to a violation of relevant laws: until the end of the investigation or inquiry
2) If there is an outstanding obligation resulting from service use: until settlement is completed
3) To prevent misuse of free benefits upon re-registration: mobile phone number, etc. are retained for 1 year after withdrawal
4) Records related to transactions under the Act on the Consumer Protection in Electronic Commerce, etc.:
- Records of advertising and labeling: 6 months
- Records of consumer complaints or dispute resolution, and credit information collection and use: 3 years
- Records of contracts, cancellations, payments, and supply of goods: 5 years
5) Records of electronic financial transactions under the Electronic Financial Transactions Act: 5 years
6) Records under the Protection of Communications Secrets Act:
- Records of telecommunications such as time/date, start/end time, phone numbers, usage frequency, and base station info: 1 year
- Records of internet access logs and IP tracking: 3 months
4. Outsourcing of Personal Information Processing
The Company outsources certain personal information processing tasks as outlined below and takes necessary measures to ensure that outsourced personal data is safely managed in accordance with relevant laws and regulations.
Trustee Company: PG Company
Outsourced Task: Electronic payment services
Retention and Use Period of Personal Information: Until membership withdrawal or termination of the outsourcing contract
Mobile Authentication Company: Mobile identity verification and credit information inquiry/registration service
Amazon Web Services, Inc. (Seoul Division): Data storage and management service
5. Provision of Personal Information to Third Parties
① The Company does not, in principle, provide members' personal information to third parties without their consent. However, exceptions apply in the following cases:
● When the member has given prior consent to the provision of personal information to third parties
Recipient · Purpose of Provision · Information Provided · Retention and Use Period
None applicable – – –
② Members may refuse or withdraw their consent to the provision of personal information to third parties. However, depending on the nature of the services provided by the Company, some services may be restricted as a result.
6. Rights and Obligations of Data Subjects and Methods of Exercising Them
Members, as data subjects, may exercise the following rights regarding their personal information:
① Members may at any time exercise the following rights related to personal information protection regarding their personal data processed by the Company:
- Request access to personal information
- Request correction in case of errors
- Request deletion
- Request suspension of processing
② The rights under paragraph ① may be exercised by submitting a written request, email, or fax in accordance with Form No. 8 of the Enforcement Rules of the Personal Information Protection Act, and the Company will promptly take appropriate action.
③ If the data subject requests correction or deletion due to errors in personal information, the Company will not use or provide such personal information until the correction or deletion is completed.
④ Members can view, edit, or delete their personal information through the features provided on the website.
⑤ The rights under paragraph ① may also be exercised by a legal representative or a delegated person. In such cases, a power of attorney must be submitted in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act.
7. Procedures and Methods for Destroying Personal Information
In principle, a member’s personal information is promptly destroyed once the purpose of processing has been achieved. However, information that must be retained under other laws is stored separately for the legally prescribed period and then destroyed. The destruction procedures, deadlines, and methods are as follows:
A. Destruction Procedure
Information entered by the member is destroyed without delay after the purpose has been fulfilled. If it must be retained under relevant laws, it is transferred to a separate database (or stored in a separate document in the case of paper) and securely stored for a specified period in accordance with internal policies and legal requirements. During this period, such information is not used for any purpose other than those required by law.
B. Destruction Method
Personal information in electronic file format is permanently deleted using technical methods that prevent recovery or restoration. Printed documents containing personal information are shredded or incinerated.
C. Destruction Deadline
Personal information is destroyed immediately upon the expiration of the retention period, or once it is determined that the information is no longer necessary—such as when the purpose of processing has been achieved, the service is discontinued, or the business is closed.
8. Automatically Collected Personal Information and Refusal
The Company installs and operates cookies to provide personalized services to members. The purpose of cookie use and how to refuse cookies are as follows:
A. What Are Cookies?
Cookies are small text files sent by the server used to operate the website to the user's browser. These files are stored on the user's computer and used for operation.
B. Purpose of Using Cookies
Cookies are used to manage user sessions, provide personalized environments, analyze user activity information, verify statistics related to events and promotions, and offer optimized customized services.
C. Installation, Operation, and Refusal of Cookies
Users have the right to choose whether to allow cookies. Users can set their web browser options to allow all cookies, prompt each time a cookie is stored, or refuse all cookies. However, if cookies are refused, some services may be restricted or unavailable.
9. Measures to Ensure the Security of Personal Information
In accordance with the Personal Information Protection Act and related laws, the Company implements the following technical, administrative, and physical measures to ensure the security of personal information:
A. Technical Measures
Managing access rights to personal information processing systems, installing access control systems, encrypting unique identification information, installing security programs, etc.
B. Administrative Measures
Establishing and implementing internal management plans, conducting regular employee training, etc.
C. Physical Measures
Controlling access to data centers, storage rooms, and similar facilities.
10. Personal Information Protection Officer
① The Company is responsible for overseeing the handling of personal information and has designated the following individuals as the Personal Information Protection Officer and Manager to address user inquiries, complaints, and remedies related to personal data protection:
▶ Personal Information Protection Officer
Email: mwhlabs777@gmail.com
▶ Personal Information Protection Manager
Email: mwhlabs777@gmail.com
② Users may contact the Personal Information Protection Manager regarding all inquiries, complaints, or requests for remedy related to the protection of personal information arising from the use of the Company’s services. The Company will promptly respond to and process such inquiries.
11. Notification of Changes to the Privacy Policy
① In the event of any additions, deletions, or modifications to the current Privacy Policy, the Company will notify users of the reasons and details of the changes via the service website.
② If the Company intends to use personal information beyond the scope agreed to by the user or entrust it to a third party, the Company will obtain additional consent from the user in advance and notify the user individually via written notice, email, telephone, or by posting it on the website.
③ If the Company entrusts the collection, storage, processing, use, provision, management, or destruction of personal information to a third party, the Company will notify users of such matters through the Terms of Service, Privacy Policy, or other appropriate means.
12. Remedies for Infringement of Rights
Users may contact the following agencies for assistance with personal information infringement, dispute resolution, or counseling.
These agencies are independent from the Company. If you are not satisfied with the Company's internal handling of personal information complaints or need more detailed help, please contact one of the following:
Personal Information Dispute Mediation Committee: www.kopico.go.kr, 1833-6972
Personal Information Infringement Report Center: privacy.kisa.or.kr, 118
Supreme Prosecutors’ Office, Cybercrime Division: www.spo.go.kr, 02-3480-3570
National Police Agency, Cyber Bureau: cyberbureau.police.go.kr, 182
13. Changes to the Privacy Policy
If there are any additions, deletions, or modifications to this Privacy Policy, the Company will notify users through the website's "Notices" section at least 7 days prior to the effective date. However, if the changes involve significant modifications to user rights, such as the collection and use of personal information or provision to third parties, notice will be given at least 30 days in advance.
Announcement Date: May 20, 2025
Effective Date: May 20, 2025