Privacy Policy

Introduction

WEMADE Co., Ltd.("we", "us", "our") prioritizes the protection of personal data ("personal data"). Please read this privacy policy (henceforth referred to as the "Policy") to learn how we handle and safeguard your data, as well as your rights under relevant data protection and privacy laws, including the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act of 2018 ("CCPA").

Our Roles Regarding Your Personal Data

WEMADE serves as a data controller or "business" for the personal data we handle within the parameters of this policy. This implies that we decide how and why to gather and additionally process personal data.

Legal Bases for Personal Data Processing

A valid reason is required for us to use your personal data, which some laws refer to as the "legal bases for processing" or the "lawful basis for processing." We may process your personal data for the following purposes:

●     User Consent: If you have given your express consent, we may use your personal data. This includes situations such as consenting to receive marketing emails or taking part in beta tests of services.

●     Legal Obligation: In order to abide by our legal obligations, we may need to process your personal data.

●     Our Legitimate Interests: We may process your personal data if it is required for our legitimate business interests, provided that it does not conflict with your rights and interests. This generally includes the following cases:

○     Product Improvement: We use data to improve the features and functionality of the service, making it more practical and user-friendly.

○     Customer Engagement: We provide updates, new features, and information about content that may be of interest to users and subscribers.

○     Research and Development: We analyze user behavior and trends using anonymized, aggregated data to improve the service.

○     Marketing and Promotion: We use user data to provide personalized suggestions and promote our services to a wider audience.

○     Security and Fraud Prevention: We guard against fraud, abuse, and security threats to the service and its users.

○     Legal Compliance: We guarantee adherence to all relevant laws and regulations, including those that are outside your country.

○     Business Operations: We oversee day-to-day work and guarantee the sustainability and expansion of the app.

You can contact us to find out more about why we decided to use your personal data in a way that serves our legitimate interests. You can use the contact information listed below in this policy. provided to get in touch with us at any time.

If we use your personal data with your consent (agreement), you have the right to withdraw your consent at any time. However, withdrawal of consent does not affect the data that has been processed before the withdrawal. Additionally, data processing carried out on legal basis is unaffected.

What Personal Data We Process and How We Collect It

In this Policy, "personal data" refers to any information pertaining to an identified or identifiable individual. The type of personal data we gather is determined by your interactions with us or our services. The categories of your personal data that we have collected over the last 12 months are listed in the table below.

Without this information, we may not be able to provide all of the services you request, and the services we offer may differ based on the information you provide. Additionally, we do not collect personal data from different categories without notifying you first.

What Do We Use Your Personal Data For?

We may process your personal data for the following purposes:

●     Collecting your email address to send newsletters.

●     Providing you with services. We use your personal information to create and manage your account, facilitate the functionality of our services, and deliver personalized services (if applicable).

●     Improving service quality. We use your personal information for service maintenance, improvement, and management, including troubleshooting, data analysis, and testing.

●     Ensuring the safety of services and its users. This involves detecting misuse by users and prevent and respond to fraud, abuse, security risks, and technical issues.

●     Providing support related to service inquiries.

●     Inviting you to an event, organizing the event, and facilitating communications with you around the event and future events.

●     Managing your preferences in relation to the use of cookies and other tracking technologies, ensuring our services function properly when the information is collected through essential cookies.

●     Complying with relevant laws and regulations. This includes using your information to ensure compliance with our legal obligations (such as recordkeeping obligations and transparency obligations).

●     Resolving disputes, enforcing our contractual agreements, enforcing our company policies (such as the operational policy), and establishing, exercising, or defending legal claims.

●     Facilitating your purchases and transactions.

Retention Period of Your Personal Data

●     We retain your personal data only for the period required for us to fulfill the purposes specified above, including legal, accounting, and reporting purposes.

●     The main criteria used to decide on a specific retention period is determined based on the obligation to retain records, prospective litigation, and the necessity to exercise rights or sustain services in accordance with relevant laws.

●     Information collected for specific purposes, such as newsletters or event participation, will be retained for the period specified at the time of collection.

Sharing Personal Data with Third Parties

We may share your personal data with third parties under the following circumstances:

●     Disclosure to affiliates: We may share your personal data with our affiliates.

●     Disclosure to service providers: We may utilize third-party vendors and service providers (or "data processors") to process your personal data for the purposes outlined above. Our data processors operate only in accordance with our guidelines based on this Policy and must meet confidentiality and security standards. Our data processors include our cloud service provider, Microsoft.

●     Disclosure to external managers: We may share and process your personal data with external managers for their own purposes. Refer to the privacy policies of these third-party managers to learn why and how they process your personal data.

●     Disclosure for business transfers: We may exchange personal data during major corporate transactions including liquidations, mergers, consolidations, asset sales, IPOs, or bankruptcies.

●     Disclosure for legal purposes or to obtain professional advice: We may transfer your personal data to law enforcement agencies, government authorities, legal advisors, and external consultants in compliance with applicable data protection laws.

●     Disclosure with your consent: Lastly, we may share your information with third parties with your consent.

While using our services, you may upload and share messages and various content with other users. If you decide to participate in the service's public activities, you should be aware that any information you share in that area may be read, collected, and used by other users. You should always use caution and attention when disclosing information in such areas. We are not responsible for any information you choose to submit in these public areas.

International Transfer of Personal Data

We are a multinational company headquartered in South Korea. Our service providers and third-party partners with whom we share personal data operate on a global scale.

International Transfer of Personal Data: Europe

If your personal data is protected under the European Union (EU), the United Kingdom (UK) General Data Protection Regulation, or Swiss data protection laws, one of the following is performed before it is transferred to a party in the European Economic Area ("EEA"), the UK, or Switzerland.

●     Obtain your consent; or

●     Require protection and security of personal information: We ensure that third parties adhere to the same levels of privacy and security as we do.

In certain situations, national authorities may conclude that the laws of another country, territory, or subdivision provide a level of protection comparable to domestic laws. Here is a list of nations, including South Korea, territories, and particular subdivisions, that the European Commission recognizes as providing a sufficient degree of personal data protection. Here is a list for the UK, and here is a list for Switzerland.

We are responsible for ensuring that your personal data is protected when transferred to others. We transfer data to countries, regions, or subdivisions that are recognized to provide the same level of personal data protection as the country of origin. We either use protective measures such as the Data Privacy Framework approved by the European Commission under GDPR Article 46.2 (see definition below), Binding Corporate Rules, or Standard Contractual Clauses ("SCCs"), or we make the necessary adjustments for transfers in the UK or Switzerland, or we use specific transfer tools such as the UK International Data Transfer Agreement.

Other Disclosures of Your Personal Data

Within the bounds required by law, or if we sincerely believe that disclosure is required to comply with an official investigation or legal process (whether by a government/law enforcement agency or a private party), we may disclose your personal data. We cannot ensure that government or law enforcement agencies will protect the privacy and security of your personal data if we are required to provide it to them.

Furthermore, we may share your personal data as part of a corporate reorganization or in conjunction with the transfer of all or a portion of our assets, business interests, or both. Lastly, as mentioned in the section above, we may only share your personal data with our affiliates or subsidiaries when required for business purposes.

We retain the right to use, transfer, and share aggregated anonymized data for any lawful purpose. Personal data is not included in this data. Such purposes may include analyzing usage trends or identifying suitable sponsors, advertisers, and clients.

What Rights Do You Have Regarding Data Privacy?

You have specific rights over the personal data we gather and process about you. In our capacity as a data manager or "business" under the CCPA, you may exercise these rights with regard to the personal data we process about you. To exercise your rights regarding information processed on behalf of a customer, please refer to the customer's privacy policy:

The Right to Know How Your Personal Data is Processed

This is known as the right to know. It means you have the right to request from us all information on the processing of your (or your child's) personal data, such as how we collect and use it, how long we retain it, and with whom we share it.

This Policy informs you about how we process your personal data.

The Right to Know About the Personal Data WEMADE Holds About You

This is known as the right of access. This right entitles you to: (1) request confirmation that we are processing personal data about you, (2) request specific details and information about the personal data we hold about you, and (3) obtain or access a copy of your personal data.

You have the right to receive confirmation of whether we process personal data about you, as well as a copy or access to your personal data and particular relevant information, if appropriate.

Once we receive and validate your request or that of an authorized representative, we will provide you with the following information:

●     Categories of your personal data we process;

●     Categories of sources of your personal data;

●     Purposes of processing your personal data;

●     Retention period for your personal data, or where not possible, the criteria used to determine the retention period;

●     Categories of third parties that share your personal data;

●     If we use automated decision-making, including profiling, the relevant logic, significance, and meaningful information about the likely consequences of such processing for you;

●     Specific pieces of personal data we process in a form readily accessible to you;

●     If we have disclosed your personal data for business purposes, the categories of personal data disclosed and the categories of recipients;

●     If we rely on legitimate interests as a legal basis for processing your personal data, the specific legitimate interests; and

●     Where applicable, the appropriate safeguards used for transferring personal data from the EEA or the UK to a third country.

We may deny your request for access in specific circumstances. In these situations, we will inform you of the reason for the denial.

We are unable to share certain sensitive information for security and legal reasons, such as social security numbers, driver's license numbers, bank account numbers, health insurance or medical IDs, passwords, or security questions and answers. However, we may notify you if such information is held without sharing specifics.

The Right to Change Personal Data

This is known as the right of correction. It enables you to request the immediate correction of any erroneous personal data we hold about you (or your child) or the supplementing of incomplete personal data.

If you are unable to edit your personal data through your account settings, please contact us and we will do our best to assist you in changing your personal data.

The Right to Delete Personal Data

This is known as the right to delete, the right to request deletion, or the right to be forgotten. This implies you have the right to request that your personal data be deleted.

We may be able to delete your information at times, but this may not be possible due to technical or legal reasons. In such circumstances, we will review the data for restricted use and inform you of the reason for denying the deletion request.

The Right to Restrict Processing of Your Personal Data

This is known as the right to restrict processing. It grants you the right to request that your personal data be used or stored solely for certain purposes, such as when you believe the data is incorrect or the processing activity is illegal.

The Right to Request for the Discontinuation of the Use of Your Personal Data

This is known as the right to object. It implies you have the right to request that the use of your personal data be discontinued. You may exercise this right when your personal data is processed in our (or a third party's) legitimate interest. Furthermore, you may object at any time to the processing of your personal data for direct marketing purposes.

If we receive a request to stop processing your personal data, we will comply except in cases where: (i) there is a compelling legitimate reason that outweighs your interests, rights, or freedom, or (ii) continued processing of personal data is required to establish, exercise, or defend legal claims.

The Right to Data Portability

This is known as the right to data portability. It enables you to request and obtain a transferable copy of the personal data you have submitted or that is generated by our services. This allows you to:

●     Transfer;

●     Copy;

●     Store for yourself;

●     Transfer to another organization;

We will provide your personal information in a structured, commonly used, and machine-readable format. If you request this information electronically, we will send you a copy in electronic format.

The Right to Withdraw Consent

If we ask for your consent with a legal basis to process your personal data, you may withdraw it at any time. Even if you withdraw your consent, any personal data processed prior to your withdrawal will remain lawful.

If you agreed to share your personal data with a third party and want to withdraw your consent, please contact the third party in question and amend your preferences.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights. Except as permitted by applicable data protection laws, we will not:

●     Deny you products or services;

●     Charge you varying prices or rates, including discounts, benefits, and penalties;

●     Offer you with a different degree or quality of goods or services;

●     Charge a different price or rate for services or suggest that you may receive a different level or quality of services

How Do You Exercise Your Privacy Rights?

To exercise the rights described above, please contact privacy@wemade.com (Privacy Team)

Verifying Your Identity

To appropriately react to your request to exercise your privacy rights, we must verify your identity. As a result, we may need further information to ensure that you are the person making the request.

The personal data you submit will be used only to validate your identity or authority to make the request.

Verifying Authority

If you are acting on someone else's behalf, you must provide documentation that you are permitted to do so. When contacting us, please include a valid power of attorney, proof of parental responsibility, or legal guardianship that indicates you have the authority to make this request. Alternatively, the individual may contact us directly to confirm their identification and that you are authorized to submit a request.

Response Time and Format

We will confirm receipt of your request within 10 business days and notify you of the identity verification process (if applicable) and approximate response time. If we have previously granted or declined your request, you will not receive additional confirmation.

We strive to answer within a month of receiving your request. If we need extra time (up to 90 days), we will notify you in writing of the reason and the extended timeline.

If we are unable to process your request, we will provide an explanation. For requests for data portability rights, we will offer your personal data in a format that can be easily transferred to another organization.

There are no additional fees for processing or responding to your request. However, if your request is excessive, recurrent, or obviously baseless, we may charge a fee. In such cases, we will explain why and provide a cost estimate before processing the request.

Data Integrity and Security

We are fully devoted to protecting your personal data. We implement and maintain technical, administrative, and physical measures designed to secure your personal data from unauthorized processing. Unauthorized processing encompasses unauthorized access, information leakage, theft, disclosure, alteration, or destruction. These measures include encryption and private processing, which are supported by a dedicated team in charge of information security and personal information protection.

Right to File a Complaint With a Supervisory Authority

If your personal information is subject to the EU or UK General Data Protection Regulation (GDPR), you have the right to file a complaint with a supervisory authority if you are dissatisfied with how we process your personal data.

Specifically, you may file a complaint with a supervisory authority in the EU member state where you live, work, or where the alleged GDPR violation occurred. In the UK, you may file a complaint with the UK Information Commissioner's Office.

Changes to This Policy

If there are significant changes to this Policy, we will post the amended policy on this webpage and update the "Effective" date. Your continued use of our services after the amended policy is posted implies that you consent to the changes.

Contact Us

If you have any questions or issues about this Policy or your personal data, please contact us at privacy@wemade.com.

The response may take up to four weeks.

[European Union Representative]

We have selected VeraSafe as our data protection representative in the EU. You may also contact us; however, for matters involving personal data processing, please contact VeraSafe. To contact VeraSafe, please use the following form:

[United Kingdom Representative]

We have appointed VeraSafe as our data protection representative in the United Kingdom. You may also contact us; however, for matters involving personal data processing, please contact VeraSafe. To contact VeraSafe, please use the following form: