GenaBack

Privacy Policy

Our policy regarding the collection and processing of personal information

Last Updated: 2025.11.21 • Effective from November 21, 2025

Article 1 (Purpose)

OCEANCODE (hereinafter referred to as "the Company") establishes this Privacy Policy (hereinafter referred to as "this Policy") to protect the personal information of individuals (hereinafter referred to as "Users" or "Individuals") who use the services provided by the Company (hereinafter referred to as "Company Services"), comply with relevant laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and promptly and smoothly handle complaints related to users' personal information protection.

Article 2 (Principles of Personal Information Processing)

In accordance with personal information-related laws and this Policy, the Company may collect users' personal information, and the collected personal information may be provided to third parties only with the consent of the individual. However, the Company may provide users' collected personal information to third parties without prior consent when legally compelled by laws and regulations.

Article 3 (Disclosure of Policy)

  1. The Company discloses this Policy through the homepage's main page or a linked page so that users can easily check this Policy at any time.
  2. When disclosing this Policy in accordance with Paragraph 1, the Company uses font size, color, etc. to enable users to easily check this Policy.

Article 4 (Changes to Policy)

  1. This Policy may be revised in accordance with changes to personal information-related laws, guidelines, notices, or government or Company service policies or content.
  2. When revising this Policy pursuant to Paragraph 1, the Company shall notify by one or more of the following methods:
    • Notification through the notice section of the Company's website main page or a separate window
    • Notification to users by mail, facsimile, email, or similar methods
  3. The notification in Paragraph 2 shall be made at least 7 days prior to the effective date of the Policy revision. However, in case of significant changes to user rights, notification shall be made at least 30 days in advance.

Article 5 (Information for Membership Registration)

The Company collects the following information for users' membership registration for Company services.

  • Required Information: Email address, password, name and nickname

Article 6 (Information for Identity Verification)

The Company collects the following information for user identity verification.

  • Required Information: Email address

Article 7 (Information for Payment Services)

The Company collects the following information to provide payment services to users.

  • Required Information: Card number, card password, and expiration date

Article 8 (Information for Service Provision)

The Company collects the following information to provide its services to users.

  • Required Information: User ID and email address

Article 9 (Information for Service Usage and Fraud Prevention)

The Company collects the following information for statistics and analysis of service usage and identification and analysis of fraudulent use.

  • Required Information: Service usage records

Article 10 (Methods of Personal Information Collection)

The Company collects users' personal information through the following methods:

  1. Users entering their personal information on the Company's website
  2. Users entering their personal information through services other than the homepage provided by the Company, such as applications
  3. Users entering personal information upon receiving emails sent by the Company
  4. Users entering information while using Company services such as customer service consultations and bulletin board activities

Article 11 (Use of Personal Information)

The Company uses personal information in the following cases:

  1. For Company operations such as delivering notices
  2. For service improvement, such as responding to inquiries and handling complaints
  3. For providing Company services
  4. For restricting use by members who violate laws and Company terms, and preventing and sanctioning acts that interfere with smooth service operations, including fraudulent use
  5. For developing new services
  6. For marketing purposes such as event and promotional notifications

Article 12 (Retention and Use Period of Personal Information)

  1. The Company retains and uses users' personal information for the period necessary to achieve the purpose of collection and use of personal information.
  2. Notwithstanding the preceding paragraph, the Company retains fraudulent service use records for up to 1 year from the time of membership withdrawal to prevent fraudulent registration and use in accordance with internal policies.

Article 13 (Legal Retention Period of Personal Information)

The Company retains and uses personal information in accordance with relevant laws as follows:

Consumer Protection in Electronic Commerce Act

  • Records of contracts or withdrawal of offers: 5 years
  • Records of payment and supply of goods: 5 years
  • Records of consumer complaints or dispute resolution: 3 years
  • Records of labeling and advertising: 6 months

Protection of Communications Secrets Act

  • Website log records: 3 months

Electronic Financial Transactions Act

  • Records of electronic financial transactions: 5 years

Location Information Protection and Use Act

  • Records of personal location information: 6 months

Article 14 (Personal Information Destruction Procedures)

In principle, the Company destroys personal information without delay when it is no longer needed, such as when the purpose of processing personal information is achieved or the retention and use period has expired.

Article 15 (Personal Information Destruction Process)

  1. Information entered by users for membership registration, etc. is transferred to a separate database (or separate file cabinet in case of paper) after achieving the purpose of personal information processing and stored for a certain period in accordance with internal policies and information protection reasons under relevant laws (refer to retention and use period) before being destroyed.
  2. The Company destroys personal information for which destruction reasons have occurred through the approval process of the privacy officer.

Article 16 (Personal Information Destruction Methods)

The Company deletes personal information stored in electronic file format using technical methods that make records irreproducible, and destroys personal information printed on paper by shredding or incineration.

Article 17 (Measures for Advertising Information Transmission)

  1. When transmitting commercial advertising information using electronic transmission media, the Company obtains users' explicit prior consent.
  2. Notwithstanding the preceding paragraph, the Company does not transmit commercial advertising information when recipients express refusal or withdraw prior consent, and notifies the processing results of refusal and consent withdrawal.
  3. When transmitting commercial advertising information using electronic transmission media between 9 PM and 8 AM the next day, the Company obtains separate prior consent from recipients notwithstanding Paragraph 1.

Article 18 (User Obligations)

  1. Users must maintain their personal information in an up-to-date state, and users are responsible for problems arising from inaccurate information input.
  2. In case of membership registration using another person's personal information, users may lose their qualifications or be punished in accordance with relevant personal information protection laws.
  3. Users are responsible for maintaining security of their email addresses, passwords, etc., and cannot transfer or lend them to third parties.

Article 19 (Measures for Personal Information Leakage)

When the Company becomes aware of loss, theft, or leakage of personal information, it shall notify the relevant user without delay of all of the following matters and report to the Korea Communications Commission or Korea Internet & Security Agency:

  1. Items of personal information that were leaked
  2. Time when leakage occurred
  3. Measures users can take
  4. Response measures by the information and communications service provider
  5. Department and contact information where users can receive consultation

Article 20 (Exceptions to Leakage Measures)

Notwithstanding the preceding article, when there are legitimate reasons such as inability to know users' contact information, the Company may take measures to substitute the notification in the preceding article by posting it on the Company's website for 30 days or more.

Article 21 (Automatic Collection Device Installation)

  1. The Company uses automatic personal information collection devices (cookies) that store and retrieve usage information to provide personalized services to users.
  2. Users have the option to accept cookies. Therefore, users can allow all cookies, check each time a cookie is stored, or reject all cookie storage by setting options in their web browser.
  3. However, if cookie storage is rejected, some Company services requiring login may be difficult to use.

Article 22 (Cookie Settings Guide)

Cookie acceptance and blocking can be set through web browser option settings.

  • Edge: Settings menu in top right of web browser > Cookies and site permissions > Manage and delete cookies and site data
  • Chrome: Settings menu in top right of web browser > Privacy and security > Cookies and other site data
  • Whale: Settings menu in top right of web browser > Privacy protection > Cookies and other site data

Article 23 (Privacy Officer Designation)

The Company designates relevant departments and privacy officers as follows to protect users' personal information and handle complaints related to personal information.

Privacy Officer

  • Name: Haesung Jeon
  • Position: CEO
  • Phone: 010-2143-0850
  • Email: oceancode0321@gmail.com

Article 24 (Remedies for Rights Infringement)

Data subjects can apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive remedies for personal information infringement.

  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
  • Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
  • Korean National Police Agency: 182 (ecrm.cyber.go.kr)

Those who have suffered infringement of rights or interests due to actions or inactions by heads of public institutions in response to requests under Articles 35 (Access to Personal Information), 36 (Correction and Deletion of Personal Information), and 37 (Suspension of Personal Information Processing) of the Personal Information Protection Act may file for administrative appeals in accordance with the Administrative Appeals Act.

  • Central Administrative Appeals Commission: 110 (www.simpan.go.kr)

Addendum

This Policy shall be effective from November 21, 2025.