Privacy Policy

ICEBOT ("Company") processes personal information for the following purposes. Personal information being processed will not be used for purposes other than those stated below, and if the purpose of use changes, the Company will implement necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Membership Registration and Management

- Verification of membership registration intent, identification and authentication of individuals for member services, maintenance and management of membership, prevention of fraudulent use of services, various notices and notifications

2. Service Provision

- Provision of automated trading bot services, exchange API connection, transaction history inquiry, customized service provision, identity verification

3. Complaint Handling

- Verification of complainant identity, confirmation of complaints, contact and notification for fact-finding, notification of processing results

The Company processes the following categories of personal information:

1. Required Items

- Membership registration: Email address, password, name

- OAuth login: Social login provider unique ID, email, profile information

- Service usage: IP address, cookies, service usage logs, access logs

2. Optional Items

- Exchange connection: Exchange API keys (encrypted storage)

- Notification settings: Notification consent status

3. Automatically Collected Items

- Information automatically generated and collected during service use: Access IP, cookies, service usage logs, device information

1. The Company processes and retains personal information within the period of retention and use of personal information under relevant laws or consented to by information subjects when collecting personal information.

2. Each personal information processing and retention period is as follows:

- Membership registration and management: Until membership withdrawal (except during ongoing investigations or inquiries for violations of relevant laws, until completion of such investigations or inquiries)

- Exchange API keys: Until user deletion request or membership withdrawal

- Service usage logs: 3 months after membership withdrawal

3. Information retention based on relevant laws

- Records on contracts or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce)

- Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce)

- Records on consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce)

- Records on access: 3 months (Protection of Communications Secrets Act)

1. The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only when there is consent from information subjects, special provisions of laws, or other cases specified in Article 17 of the Personal Information Protection Act.

2. The Company does not currently provide personal information to third parties.

1. The Company entrusts personal information processing tasks as follows for smooth personal information processing:

Current personal information processing contractors: None

2. When concluding entrustment contracts, the Company specifies in documents such as contracts matters regarding prohibition of processing personal information for purposes other than entrustment tasks, technical and managerial protection measures, restrictions on re-entrustment, management and supervision of contractors, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether contractors safely process personal information.

1. Information subjects may exercise the following rights related to personal information protection against the Company at any time:

- Request for access to personal information

- Request for correction in case of errors

- Request for deletion

- Request for suspension of processing

2. Rights under Paragraph 1 may be exercised against the Company through written requests, telephone, email, fax, etc., and the Company will take action without delay.

3. If information subjects request correction or deletion of errors in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.

4. Rights under Paragraph 1 may be exercised through legal representatives of information subjects or agents who have been delegated. In this case, a power of attorney in accordance with Annex Form 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.

1. The Company destroys personal information without delay when it becomes unnecessary, such as when the personal information retention period expires or processing purposes are achieved.

2. If personal information must continue to be preserved in accordance with other laws despite the expiration of the retention period consented to by information subjects or achievement of processing purposes, the personal information is moved to a separate database (DB) or stored in a different storage location.

3. Procedures and methods for destroying personal information are as follows:

- Destruction procedure: Unnecessary personal information and personal information files are destroyed according to internal policy procedures under the responsibility of the personal information protection officer.

- Destruction method: Information in electronic file form is deleted using technical methods that make records irreproducible, and personal information printed on paper is destroyed by shredding or incineration.

The Company is taking the following measures to ensure the safety of personal information:

1. Administrative Measures

- Establishment and implementation of internal management plan

- Regular employee training

2. Technical Measures

- Management of access rights to personal information processing systems

- Installation of access control systems

- Encryption of unique identification information and API keys

- Installation and periodic update/inspection of security programs

3. Physical Measures

- Access control to computer rooms, data storage rooms, etc.

1. The Company uses "cookies" that store and retrieve usage information from time to time to provide individualized customized services to users.

2. Cookies are small pieces of information sent by servers (http) used to operate websites to users' computer browsers and are sometimes stored on users' PC hard disks.

3. Purpose of using cookies

- Maintaining user login status

- Saving language preference information

- Improving service usability

4. Installation, operation, and rejection of cookies

- Cookie storage can be rejected through option settings in Tools > Internet Options > Privacy menu at the top of web browsers.

- Rejecting cookie storage may cause difficulties in using customized services.

1. The Company designates a personal information protection officer as follows to take overall responsibility for personal information processing tasks and to handle complaints and remedy damages of information subjects related to personal information processing.

Personal Information Protection Officer

- Name: [Officer Name]

- Position: [Position]

- Contact: [Email Address]

2. Information subjects may contact the personal information protection officer regarding all personal information protection-related inquiries, complaint handling, damage remedies, etc. arising from using the Company's services. The Company will respond to and process information subject inquiries without delay.

Information subjects may make requests for access to personal information in accordance with Article 35 of the Personal Information Protection Act to the department below. The Company will strive to process information subjects' requests for access to personal information promptly.

Personal Information Access Request Reception and Processing Department

- Department: Customer Support Team

- Person in charge: [Officer Name]

- Contact: [Email Address]

Information subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive remedies for personal information infringement.

- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

- Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

- Supreme Prosecutors' Office: 1301 (www.spo.go.kr)

- National Police Agency: 182 (ecrm.cyber.go.kr)

1. This Privacy Policy is effective from January 1, 2025.

2. Previous Privacy Policies can be found below.

- N/A (Initial establishment)