1. Collected Information
The Company collects and processes information divided into “Member Information” (B2B customers) and “End-User Information” (users of the Publisher’s app/web).1.1. Member Information (B2B Customers)
Information collected directly when a corporate customer creates an account or enters into a service agreement.| Category | Items |
|---|---|
| Mandatory Items | Email address (ID), Password, Name (or Nickname), Company Name (Organization) |
| Automatically Collected | IP Address, Cookies, Access Logs, Service Usage Records, Device Information (OS, Browser, etc.) |
| Payment & Settlement | Bank Name, Account Number, Account Holder Name, Business Registration Certificate, Credit Card Information (processed via third-party payment gateways) |
1.2. End-User Information (End-User Data)
Non-personally identifiable behavioral data collected indirectly through the Publisher’s App/Web using the Service.| Category | Items |
|---|---|
| Advertising Identifiers | ADID (Android), IDFA (iOS), etc. |
| Device & Network Information | Device Model, OS Version, Language Settings, Timezone, IP Address, Carrier Information |
| Ad Interaction Data | Ad Requests, Impressions, Clicks, Completed Views, Skips, and other interaction metrics |
2. Purpose of Use
The Company uses the collected information solely for the following purposes:2.1. Service Operation and Management
Management of A.drop integrated accounts, distribution of advertising platforms, revenue settlement, tax processing, and customer support (CS).2.2. Ad Optimization and Reporting
Advertising performance analysis (Attribution), Fraud detection and prevention, Contextual targeting, and delivery of personalized ads.2.3. Service Improvement
Analysis of access frequency, statistical analysis for feature improvements, and ensuring system stability.3. Retention, Usage Period, and Destruction
In principle, the Company destroys personal information without delay once the purpose of collection and use has been achieved.3.1. Retention and Usage Period
1) Retention per Company Policy| Condition | Retention Period |
|---|---|
| Upon Member Withdrawal | Retained for 3 months to prevent fraudulent use and respond to disputes, then destroyed |
| Service Usage Logs | Retained for 3 months in accordance with the Protection of Communications Secrets Act |
| Record Type | Retention Period | Legal Basis |
|---|---|---|
| Records on Contracts or Withdrawal of Subscription | 5 years | Act on Consumer Protection in Electronic Commerce |
| Records on Payment and Supply of Goods | 5 years | Act on Consumer Protection in Electronic Commerce |
| Records on Consumer Complaints or Dispute Settlement | 3 years | Act on Consumer Protection in Electronic Commerce |
3.2. Destruction Procedures and Methods
Information for which the retention period has expired is destroyed in a way that makes it unrecoverable.- Electronic Files: Permanently deleted using technical methods (e.g., Low-Level Format) that make recovery impossible.
- Paper Documents: Destroyed by shredding or incineration.
4. Third-Party and International Transfer
The Company delegates certain personal information processing tasks to external professional vendors. Due to the global nature of the Service, some data may be stored on cloud servers located abroad.4.1. Vendors and Purpose
| Vendor | Purpose of Delegation |
|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure operation and data storage |
| Brevo | Email delivery (Authentication, Notifications) and CRM management |
4.2. International Transfer of Personal Information
| Recipient | Country | Items Transferred | Date & Method | Purpose & Retention |
|---|---|---|---|---|
| AWS | USA, Korea, etc. | All Service Data | Transmitted via network during service usage | Infra operation / Until contract ends |
| Brevo | France (EU) | Email, Name | Transmitted upon email request | Email delivery / Until contract ends |
Right to Refuse International Transfer: Users may refuse the international transfer of their personal information by contacting the Privacy Department (support@adrop.io). However, as this transfer is essential for service provision, refusal may result in restricted use of the Service.
5. End-User Data and Global Compliance
Since the Service processes End-User data through the Publisher’s App/Web, the Company acts as a “Data Processor.”5.1. Status as a Data Processor
- GDPR / CCPA Roles: The Publisher is the “Data Controller” (or “Business”) who determines the purpose and means of data collection. The Company is the “Data Processor” (or “Service Provider”) who processes data on behalf of the Publisher.
- Responsibility for Consent: The Publisher is solely responsible for obtaining lawful consent from End-Users regarding data collection and use (e.g., for personalized ads). The Company processes only the data transmitted by the Publisher through lawful procedures.
5.2. Exercise of End-User Rights
- End-Users must primarily contact the Publisher (App/Web Service) to exercise their rights to access, correct, delete, or restrict the processing of their personal information.
- If the Company receives a request for data deletion (Right to Erasure) or restriction of processing from the Publisher, the Company will technically support and comply with such requests.
5.3. International Transfer and No Sale of Data
- Security Measures: Data may be transferred to and stored in global cloud servers (e.g., AWS) for service provision. The Company implements security measures, such as encryption, during transfer.
- No Sale of Data: The Company does not sell data entrusted by the Publisher to third parties. Data is used exclusively for the purpose of providing the contracted services.
6. Management of Cookies and Advertising Identifiers
The Company uses cookies and advertising identifiers to improve user convenience and provide personalized services. Users can refuse this through their device settings.6.1. How to Opt-Out
| Platform | How to Opt-Out |
|---|---|
| Web | Browser Settings > Privacy & Security > Block Cookies |
| App (iOS) | Settings > Privacy > Tracking > Allow Apps to Request to Track (Turn Off) |
| App (Android) | Settings > Google > Ads > Delete Advertising ID or Opt out of Ads Personalization |
7. Security Measures for Personal Information
The Company takes the following technical, administrative, and physical measures to prevent loss, theft, leakage, forgery, or damage of personal information.7.1. Administrative Measures
Establishment and implementation of internal management plans and regular employee training on information security.7.2. Technical Measures
Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information during transmission and storage, and installation/update of security programs.7.3. Physical Measures
Control of physical access to data centers and server rooms. (The Company complies with AWS’s physical security policies).8. Privacy Officer and Contact Information
The Company operates a dedicated department to protect user privacy and handle related inquiries promptly.8.1. Department and Contact
- Department: A.drop Privacy Team
- Email: support@adrop.io
8.2. Remedies for Rights Infringement
If you need to report or consult on personal information infringement in South Korea, you may contact the following organizations:| Organization | Contact |
|---|---|
| KISA Privacy Infringement Report Center | privacy.kisa.or.kr / 118 |
| Supreme Prosecutors’ Office Cyber Investigation Division | spo.go.kr / 1301 |
| Korean National Police Agency Cyber Investigation Bureau | ecrm.cyber.go.kr / 182 |
Announcement Date: December 16, 2024 Effective Date: December 16, 2024