Minerva Edu (hereinafter referred to as the “Company”) establishes and discloses the following personal information processing policy in order to protect the personal information of data subjects and to handle related complaints promptly and smoothly in accordance with Article 30 of the Personal Information Protection Act.

1. The Company processes personal information for the following purposes. Processed personal information will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures such as obtaining separate consent will be taken in accordance with Article 18 of the Personal Information Protection Act.
Website Membership and Management	Verification of membership intent, identity authentication for member services, maintenance and management of membership, verification under the limited identity verification system, prevention of service misuse, confirmation of consent of legal guardians when processing information of children under 14, notifications, and handling complaints.
Provision of Goods or Services	Delivery of goods, service provision, sending of contracts and invoices, content provision, personalized services, identity verification, age verification, payment and settlement, and debt collection.
Handling Complaints and Grievances	Verification of complainant’s identity, confirmation of complaints, communication for fact-checking, and notification of processing results.

1. ① The Company processes and retains personal information within the retention and use period agreed upon at the time of collection or as prescribed by law.
2. ② The processing and retention period for each type of personal information is as follows.
1. 1. Website Membership and Management: Until withdrawal from the business/organization website, except where the following apply:
2. 1) In case of ongoing investigation due to legal violation, until the investigation is completed
3. 2) In case of remaining debt/credit relationship due to website use, until settlement is completed
4. Access rights to the database system handling personal information are granted, changed, or revoked to control access, and unauthorized external access is blocked using a firewall system.

1. 2. Provision of Goods or Services: Until goods/services are supplied and payment/settlement is completed, except where the following apply:
1. Records of transactions under the “Act on Consumer Protection in Electronic Commerce”
2. - Records of advertising and display: 6 months
3. - Records of contracts, payments, and supply of goods: 5 years
4. - Records of consumer complaints and dispute resolution: 3 years


5. Retention of communication confirmation data under the “Protection of Communications Secrets Act”
6. - Subscriber communication date/time, start/end time, counterpart number, usage, base station location: 1 year
7. - Internet log data and access trace data: 3 months

1. ① The Company provides personal information to third parties only within the scope specified in Article 1 (Purpose of Processing Personal Information), with consent, or in cases permitted by law under Article 17 of the Personal Information Protection Act.

1. ① When concluding a contract for entrusted processing, the Company specifies in documents matters such as prohibition of processing for purposes other than entrusted tasks, technical and administrative safeguards, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages, in accordance with Article 25 of the Personal Information Protection Act, and supervises the trustee’s safe handling of information.
2. ② If the details of entrusted tasks or trustee change, it will be promptly disclosed through this Privacy Policy.

1. ① Data subjects may exercise the following rights regarding personal information at any time.
1. 1. Request access
2. 2. Request correction of errors
3. 3. Request deletion
4. 4. Request suspension of processing
2. ② Rights may be exercised through writing, phone, email, fax, etc., and the Company will act without delay.
3. ③ If a correction or deletion is requested, the Company will not use or provide the personal information until completed.
4. ④ Rights may be exercised by legal representatives or authorized agents with a power of attorney as per the Enforcement Rules of the Personal Information Protection Act.
5. ⑤ Data subjects must not infringe on their own or others’ privacy or rights by violating the law.

1. The Company processes the following items of personal information.
2. 1. Website Membership and Management
   Required: Name, Date of Birth, ID, Password, Address, Phone Number, Gender, Email, i-PIN number
   Optional: Marital status, Interests
3. 2. Provision of Goods or Services
   Required: Name, Date of Birth, ID, Password, Address, Phone Number, Email, i-PIN number, Credit Card number, Bank account information, etc.
   Optional: Interests, Purchase history
4. 3. Automatically Collected Items During Internet Service Use
   IP Address, Cookies, MAC Address, Service usage records, Visit records, Misuse records

1. ① The Company will destroy personal information without delay when retention expires or the purpose of processing is achieved.
2. ② If personal information must be preserved under other laws despite expiration or purpose achievement, it will be stored separately in a different DB or storage location.
3. ③ Destruction procedures and methods are as follows.
1. 1. Procedure
   The Company selects information to be destroyed and obtains approval from the person in charge of personal information protection.
2. 2. Method
   Electronic files are permanently deleted using low-level formatting, and paper records are shredded or incinerated.

1. The Company implements the following measures to ensure safety of personal information.
1. 1. Administrative Measures
   Establishing and implementing internal management plans, regular staff training
2. 2. Technical Measures
   Access control, installation of security systems, encryption of unique identifiers, installation of security programs
3. 3. Physical Measures
   Access control for server rooms and archives

1. ① The Company uses “cookies” to provide personalized services.
2. ② A cookie is a small amount of information sent by the server to the browser and may be stored on the user’s computer.
1. 1. Purpose of Use
   To identify visits, usage patterns, popular searches, secure access, and provide optimized services.
2. 2. Refusal
   Cookies can be refused through browser settings under Tools > Internet Options > Privacy.
3. Refusal may result in service limitations.

1. ① The Company designates the following personal information protection officer.
1. ▶ Personal Information Protection Officer
2. Name: Choo Cheolmin
3. Position: CEO
4. Phone: 010-4388-2203
5. Email: minerva0203@naver.com
6. Fax: 0504-204-2203


7. ※ Connected to the Personal Information Department.
1. ▶ Personal Information Department
2. Department: Management Team
3. Manager: Hwang Hyejin
4. Phone: 010-4388-2203
5. Email: minerva0203@naver.com
6. Fax: 0504-204-2203
2. ② Data subjects can contact the above for any personal information inquiries, complaints, or remedies. The Company will respond without delay.

1. Data subjects may request access under Article 35 of the Personal Information Protection Act at the following department. The Company will handle such requests promptly.
1. ▶ Department for Access Requests
2. Department: Management Team
3. Manager: Hwang Hyejin
4. Phone: 010-4388-2203
5. Email: minerva0203@naver.com
6. Fax: 0504-204-2203

Data subjects may contact the following agencies for consultation or remedies regarding privacy violations.

1. ▶ Personal Information Infringement Report Center (KISA)
2. - Task: Reporting and consultation of infringements
3. - Website: privacy.kisa.or.kr
4. - Phone: 118
5. - Address: 9 Jinheung-gil, Naju-si, Jeollanam-do, 3rd floor, Privacy Center

1. ▶ Personal Information Dispute Mediation Committee
2. - Task: Dispute mediation
3. - Website: www.kopico.go.kr
4. - Phone: 1833-6972
5. - Address: 4th floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul

1. ▶ Supreme Prosecutors’ Office Cybercrime Division
2. 02-3480-3573 (www.spo.go.kr)

1. ▶ National Police Agency Cyber Bureau
2. 182 (http://cyberbureau.police.go.kr)

Article 13 (CCTV Installation and Operation)

1. ① Minerva Edu operates CCTV systems as follows.

1. 1. Purpose
2. Facility safety and fire prevention

1. 2. Installation
2. Installed in lobbies, exhibition halls, and other major facilities, covering entire spaces

1. 3. Management
2. Management Team, Manager Hwang Hyejin

1. 4. Recording
2. - Time: 24 hours
3. - Retention: 30 days
4. - Storage: Controlled by the Management Team CCTV room

1. 5. Access
2. Request to the person in charge (Management Team)

1. 6. Access by Data Subjects
2. Permitted only with a request form if the subject appears in the footage or if necessary to protect life, body, or property

1. 7. Protection Measures
2. Internal management plans, access control, secure storage and transmission, record keeping, tamper prevention, and physical locks

Article 14 (Changes to Privacy Policy)

1. ① This Privacy Policy applies from June 1, 2021.