top of page
zkvoting_logo_gradient.png

zkVoting Privacy Policy

Article 1 (Purpose)

zkrypto Co., Ltd. (hereinafter referred to as “the Company”) has established this Privacy Policy (hereinafter referred to as “the Policy”) to protect the personal information (hereinafter referred to as “Personal Information”) of individuals (hereinafter referred to as “User” or “Individual”) who use the services (hereinafter referred to as “Service”) provided by the Company. The Policy ensures compliance with relevant laws, such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as “Information and Communications Network Act”) and enables Users’ privacy-related inquiries to be addressed promptly and effectively.

Article 2 (Principles of Personal Information Processing)

In accordance with relevant laws and this Policy, the Company may collect Users’ Personal Information, which may only be shared with third parties with the User’s consent. However, if legally mandated, the Company may provide collected Personal Information to third parties without prior consent.

Article 3 (Public Disclosure of this Policy)

  1. This Policy is publicly available and accessible on the first page of the Company’s website or through a link to ensure Users can easily locate it.

  2. The Company uses font size, colors, and other visual elements to ensure this Policy is easily visible and readable for Users.

Article 4 (Changes to this Policy)

  1. This Policy may be amended in accordance with changes in laws, government directives, or changes to Company policies or Service content.

  2. If amended, the Company will announce the changes through one or more of the following methods:

    • By posting on the notice board or a separate window on the homepage

    • By sending notices through written letters, fax, email, or similar methods

  3. Notices of amendments to this Policy will be posted at least seven days before the effective date, and if significant changes affect User rights, the notice period will be at least 30 days.

Article 5 (Information Collected)

The Company collects the following information to provide its Services:

  1. Member Information: ID, password, name, position, contact details (landline and mobile), email address, institution name, representative’s name, business registration number, and office address

  2. Voter Information: Voter’s name, contact details, affiliation, and identity verification information (date of birth, resident registration number, student number, employee number, etc.)

  3. Candidate Information: Information necessary for voting, including candidate’s experience, education, age, and photo

  4. Administrator Information: Name, contact details (landline and mobile)

Article 6 (Information for Service Use and Misuse Detection)

The Company collects the following information to analyze and detect service use and misuse (e.g., repeated membership withdrawals and re-registrations, purchase and cancellation of products to exploit coupons or promotional benefits, or other prohibited activities).

  1. Essential Collection Information: Service usage records, cookies, access location, and device information

 

Article 7 (Methods of Collecting Personal Information)

The Company collects Users’ Personal Information through the following methods:

  1. Information entered directly by Users on the Company’s website

  2. Information entered by Users on applications or other Company-provided platforms

  3. Information provided by Users during interactions with customer service, activities on message boards, etc.

Article 8 (Use of Personal Information)

The Company uses Personal Information for the following purposes:

  1. Notifications and announcements necessary for Company operations

  2. Responding to inquiries and complaints to improve Services

  3. Providing the Company’s Services

  4. Taking restrictive measures against members who violate laws or Company policies

  5. Developing new services

  6. Marketing activities, including event and promotional notifications

  7. Analyzing demographic information and Service visit and usage records

 

Article 9 (Provision of Personal Information with Prior Consent)

  1. The Company may provide Personal Information to third parties with User consent, notwithstanding the prohibition on third-party provision. In such cases, only the minimum necessary information will be provided in accordance with relevant laws.

  2. If any changes occur in the third-party provision or the provision relationship ends, the Company will notify Users and obtain consent again.

 

Article 10 (Delegation of Personal Information Processing)

The Company may delegate Personal Information processing to third parties for efficient service provision and business operations as follows.

 

Article 11 (Retention and Usage Period of Personal Information)

  1. The Company retains and uses Personal Information only for the period necessary to achieve the purpose of collection and use.

    • Administrator and voter information: Up to 30 days after the election concludes

    • Member information: Until membership withdrawal upon request

  2. Notwithstanding the preceding clause, the Company retains records of fraudulent service use for up to one year to prevent fraudulent membership and misuse.

 

Article 12 (Retention and Usage Period of Personal Information According to Law)

The Company retains and uses Personal Information according to the following legal requirements:

  1. Records related to contracts or withdrawal of offers: 5 years

  2. Records related to payment and goods provision: 5 years

  3. Records related to customer complaints or dispute resolution: 3 years

  4. Records related to advertising: 6 months

  5. Web log records according to the Communications Privacy Act: 3 months

  6. Records related to electronic financial transactions according to the Electronic Financial Transactions Act: 5 years

  7. Records related to personal location information according to the Protection and Use of Location Information Act: 6 months

 

Article 13 (Principle of Personal Information Disposal)

The Company will promptly dispose of Personal Information that is no longer needed due to the fulfillment of its purpose or expiration of the retention period.

 

Article 14 (Procedure for Disposal of Personal Information)

  1. Information provided during registration or membership is moved to a separate database (or stored separately in the case of paper records) and retained for a specific period as per internal policies or relevant laws before disposal.

  2. Personal Information subject to disposal is disposed of with the approval of the Company’s Chief Privacy Officer.

 

Article 15 (Method of Personal Information Disposal)

Personal Information stored electronically is deleted using methods that prevent recovery, and information printed on paper is destroyed through shredding or incineration.

 

Article 16 (Transmission of Advertising Information)

  1. The Company will obtain explicit prior consent before sending promotional information via electronic communication channels. However, prior consent is not required in the following cases:

    • When the Company has directly obtained the contact information from the recipient through a transaction, and the promotion is for similar products or services within six months of the transaction.

    • When a telephone solicitation informs the recipient of the source of the personal information under the Door-to-Door Sales Act.

  2. If a recipient indicates they no longer wish to receive such information or withdraws prior consent, the Company will no longer send promotional information.

  3. The Company will obtain separate consent before sending promotional information between 9 p.m. and 8 a.m.

  4. Promotional information sent via electronic transmission will clearly indicate the Company’s name, contact information, and options for refusal or consent withdrawal.

  5. The Company will not take any actions to hinder or bypass refusal or consent withdrawal.

 

Article 17 (Protection of Children’s Personal Information)

  1. Membership registration is only available to individuals aged 14 or older.

  2. If a User under 14 wishes to use the Service, the Company will obtain the consent of their legal guardian.

  3. In such cases, the Company will collect the legal guardian’s name, date of birth, gender, ID for duplicate membership verification, and mobile phone number.

 

Article 18 (Access to and Withdrawal of Personal Information)

  1. Users and legal guardians may view or modify their registered Personal Information or withdraw consent for its collection.

  2. To withdraw consent for collection, Users or legal guardians may contact the Chief Privacy Officer in writing, by phone, or email, and the Company will act promptly.

 

Article 19 (Request for Information Correction)

  1. Users may request correction of inaccuracies in their Personal Information.

  2. Until the correction is complete, the Company will not use or disclose the information, and if it has already been shared with third parties, the Company will promptly notify them to make corrections.

 

Article 20 (User Obligations)

  1. Users are responsible for keeping their Personal Information up-to-date, and any issues arising from inaccurate information are the User’s responsibility.

  2. Misuse of others' Personal Information during registration may result in loss of User status or legal penalties.

  3. Users are responsible for maintaining the security of their email address, password, etc., and cannot transfer or lease them to third parties.

 

Article 21 (Company’s Privacy Management)

The Company implements technical and managerial safeguards to protect Personal Information from loss, theft, leakage, tampering, or damage.

 

Article 22 (Processing of Deleted Information)

The Company processes deleted Personal Information according to its “Retention and Usage Period of Personal Information” and prevents its viewing or use for other purposes.

 

Article 23 (Encryption of Passwords)

User passwords are stored and managed through one-way encryption, and only the individual who knows the password can access and modify their Personal Information.

 

Article 24 (Countermeasures Against Hacking)

  1. The Company takes all necessary measures to prevent unauthorized access, including hacking and viruses, from compromising User information.

  2. To prevent data leaks and damage, the Company uses the latest antivirus programs.

  3. To maximize security, the Company uses an intrusion prevention system and encrypted communications for sensitive Personal Information.

 

Article 25 (Minimization and Education of Personal Information Processing)

The Company limits access to Personal Information to the minimum number of employees and provides regular training to ensure compliance with laws and policies.

 

Article 26 (Actions in Case of Personal Information Breach)

If Personal Information is lost, stolen, or leaked (hereinafter referred to as “Leakage”), the Company will notify the affected User without delay and report to the Korea Communications Commission or Korea Internet & Security Agency (KISA), including:

  1. Details of the leaked information

  2. When the Leakage occurred

  3. Actions Users can take

  4. Company response measures

  5. Department handling consultations and contact information

 

Article 27 (Exception to Notifications in Case of Personal Information Breach)

If the Company cannot contact the User due to valid reasons, it may replace direct notification with a notice posted on the Company’s website for at least 30 days.

 

Article 28 (Protection of Personal Information Transferred Abroad)

  1. The Company does not enter international agreements in violation of the Personal Information Protection Act.

  2. The Company does not transfer Users' Personal Information overseas without lawful processing.

 

Article 29 (Installation and Use of Automatic Information Collection Devices)

  1. To provide customized services, the Company uses cookies, small pieces of data sent by the server to the User’s browser and stored on the User’s storage.

  2. Users can control cookie settings in their browsers, allowing for permission, denial, or selective acceptance.

  3. Denying cookies may limit access to certain Services requiring login.

 

Article 30 (Cookie Permission Settings)

Cookie settings can be controlled in browser options:

  1. Edge: Menu > Cookies and Site Permissions > Manage and delete cookies and site data

  2. Chrome: Menu > Privacy and Security > Cookies and other site data

  3. Whale: Menu > Privacy > Cookies and other site data

 

Article 31 (Designation of the Chief Privacy Officer)

  1. The Company has designated the following individual as the Chief Privacy Officer to protect Users’ Personal Information and handle related complaints:

    • Chief Privacy Officer: Kim Doo-yeon

    • Position: COO

    • Phone: 02-2293-5423

    • Email: dykim@zkrypto.com

 

Article 32 (Remedies for Rights Infringement)

Users may seek remedies for personal information infringement by contacting the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency (KISA) Privacy Infringement Report Center. Further inquiries about infringement or consultation can be directed to:

  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

  • Privacy Infringement Report Center: 118 (privacy.kisa.or.kr)

  • Supreme Prosecutors' Office: 1301 (www.spo.go.kr)

  • National Police Agency: 182 (ecrm.cyber.go.kr)

Additional Provisions This Policy is effective as of November 1, 2024.

bottom of page