Guideline for Processing Personal Information

Article 1 (Purpose of use and processing of personal information)

Visang Education Co., Ltd. (hereinafter referred to as the “Company”) values and is committed to protecting Users’ personal information. The Company complies with statutory sources relating to personal information protection such as Personal Information Protection Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and General Data Protection Regulation (GDPR), a set of international regulations, as well as the Guideline for Handling Personal Information that the Company enacted based on the authority of relevant laws and regulations, which is disclosed on the Internet Site and mobile application so that Users can easily access and view at any time.

Users may refuse to give consent to collection, use and provision of personal information if they do not wish to do so. However, we advise that the whole or part of the Service will not be available to Users who refuse to consent.

The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than set forth in the following, and if the purpose of use is changed, we will take the necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act:

1. Providing Service;

2. Member management and identification, confirmation of intention to subscribe membership, confirmation of User identity and age, prevention of unlawful use;

3. Developing new Services, providing various Services, processing of inquiries or complaints/disputes, and communicating notices;

4. Information delivery, marketing, and advertising at various events;

5. Preparing statistics on service usage records, access frequency and Service use, providing customized Service, and improving Services;

6. Preventing from and sanctioning against acts that impinges on the smooth operation of the Service, including unlawful use, and prevention of account misappropriation and fraudulent transactions.

Article 2 (Definition of Terms)

The following terms used herein are defined as follows:

1. “Member” refers to a person who has subscribed Membership to the AllviA Edu Site ( by providing personal information and thereby can use the classes and Services provided by the AllviA Edu’s Website (

2. “Service” refers to the service available on AllviA Edu’s Website ( which Users can use regardless of the implementing terminal (including various wired and wireless devices such as PC, mobile, tablet PC).

3. “ID” refers to a combination of letters and numbers formulated by a Member and approved by the Company for the purpose of the Member’s identification and Service use, including the ID formulated by the Member.

4. “Password” refers to any English letters, numbers, etc., formulated by the Member and approved by the Company to confirm identity and protect information of the Member.

5. “Service for Charge” refers to various online digital contents and other Services provided by the Company that can be used by Members for certain fee through the AllviA Edu Website (, including without limitation the information and advertisement posting services.

6. “IMEI (Intel Management Engine Interface)” refers to a 15-digit number embedded in a portable mobile terminal representing the unique serial number of the terminal. (It is encrypted and protected safely.)

7. “Unlawful Use” refers to copyright infringement and identity misappropriation or any other act prohibited by the Service User Agreement of the AllviA Edu Website ( provided by the Company, or any wrongful act prescribed by a statute.

Article 3 (Collection and Use of Personal Information)

The Company collects, uses, provides, and destroys personal information in the following manner depending on the type of Service used. Furthermore, the Company invariably obtains the User's consent when collecting personal information that can personally identify the User. When the personal information processing policy is changed, such change is always notified to the User and posted publicly so that Users may check it from time to time.

1. Pursuant to the GDPR, if a Member resides in the European Economic Area (“EEA”), we rely on one of the following legal grounds for processing information about the Member.

① The Member has consented to the User Agreement;

② There is a legitimate interest; or

③ Processing of it is necessary to fulfill the Agreement with the Company,

obligations under law or regulations

2. The items of personal information to be processed by the Company and the period of retention and use are as set forth in the following table:

Classification Phone Items Collected/Used Purpose of Collection and Use Period of Retention and Use
Required All Members Names and e-mail addresses Membership subscription, checking double registration, Service provision and consultation, prevention of unlawful use, satisfaction survey. To be deleted immediately upon
Membership withdrawal; provided, it will be retained for a statutory period if specified in relevant statues and internal policies such as the Act on Consumer Protection in
Electronic Commerce, etc., and the
Protection of Communication Secrets Act.
Partner Company name, representative’s name, contact information, address, business registration number, language used, country, bank account number (account holder name), billing and payment records. Prevention of unlawful use, identification for Service provision, payment,
cancellation, and information necessary for processing refund, information on
payment method authentication and prevention of payment misappropriation, account creation and management.
School School name, contact number, address, language used, country, bank account number (account holder name), billing and payment records,* information on School teachers, students and parents. Information on processing payment, cancellation, and refund, information on payment method authentication and prevention of payment misappropriation
Optional Optional information
when using Services
Information on learning purpose, preference (class time, tuition) Purpose of product recommendation Until the Service provision is achieved; provided, it will be retained for a statutory period if specified in relevant statues and internal policies.
Nationality, contact information, date of birth, standard time, currency unit, codified identification information (CI), Service provision
Other automatically collected information 1) Device information: Platform access device type, operating system and version, mobile
network information, access country, URL, system activity area
2) Software information: information on the version and information on updated software being used. 3) Platform use information: information on using platform, browser, preferred language, connected time, page, Member activity, Internet protocol address, etc. 4) Activity app data via firebase.
Purpose of providing various Services

4. Period retention and use under the statutes and under the internal policies will be as follows:

1) Records on Membership subscription and management

- Retention period: Until Membership withdrawal (or until the following events come to an end, if applicable)

- If an investigation/inspection is in progress due to a violation of applicable laws, until such investigation/inspection is completed.

- Until settlement of receivables/payables arising from the Service use

2) Records on the provision of goods/Services: Until the completion of the supply of goods/Services and the completion of payment/settlement (however, in the case of the following items, until the end of the relevant item)

- Records on contract or withdrawal from subscription: 5 years

- Records on displayed advertisements: 6 months after the end of advertisement posting

- Records on payment and supply of goods: 5 years

- Records on consumer complaints or dispute resolution: 3 years

3) Retention of communication history confirmation data in accordance with Article 15-2 of the Communication Secrets Protection Act

- Computer communication, Internet log record, connection point tracking: 3 months

4) Company’s internal policy

- Records of unlawful use, etc.: 10 years

6. To guarantee the rights of Users, the Company may contact Users using User information for the purpose of Service advisory.

7. The information collected by the Company under this Article may be used for statistics and analysis as a consequence of using the Service.

Article 4 (Utilization of Cookies)

1. While using Internet Services, access IP addresses, cookies, Service use records, etc. may be created and collected.

2. The Company collects cookie information and uses it to check whether Users are having access to each Service they have visited previously, and to confirm and answer User inquiries.

3. Users have the right to elect to accept cookies. Accordingly, you can permit all cookies by setting options in the web browser, or check each time a cookie is saved, or refuse to save any cookies. However, if you refuse to save cookies, you may have some difficulties in using certain part of Services that require login.

* How to set cookies (example)

① Internet Explorer: Tools at the top of the web browser → Internet Options → Privacy → Advanced

② Chrome: Settings menu on the right side of the web browser → Advanced settings at the bottom of the screen → Contents setting button for personal information → Cookies

Article 5 (Method to Collect Personal Information)

Mobile application, web page, online consultation through customer center, event participation, etc.

Article 6 (Limitation on Minor’s Use of Services)

The Company does not collect any personal information from a minor under the age of 14, and if such personal information is somehow collected, we may take reasonable steps to delete it from our personal information records.

Article 7 (Provision of Personal Information to Third Parties)

1. The Company processes Users' personal information within the scope specified in this Guideline for Processing Personal Information, and will neither use it beyond the purpose of collection nor provide it to a third party without the User's prior consent. However, in the case of providing Members’ personal information to a third party, such as a partner company in the following manner to ensure the quality of our Service, we will notify the Member in advance of the third party’s name, personal information items to be provided, purpose of provision, retention period, etc. and seek to obtain individual consents of Members. Without consent, no information will be provided, and we will notify and seek Members’ consents even when such partner company is changed.

2. The Company will not provide the User's personal information to a third party without the User's consent. However, in this case, the Service use may be restricted. We would like to advise that this is a necessary part for providing quality Service and smooth use of the Service.

3. In any of the following cases, the Company may provide personal information to a third party without the User's consent:

1) If it is information necessary for preparing statistics, scientific research, preservation of public record, etc. in pseudonymous form containing no information that can be used to identify a specific individual;

2) If there is an inevitable reason required by the statutory provisions or law;

3) If it is requested by an investigation agency for the purpose of investigation in compliance with the procedures and methods prescribed by laws and regulations;

4) If it falls under Article 17 or 18 of the Personal Information Protection Act.

Article 8 (Entrustment of Personal Information Processing)

1. In its endeavor to provide enhanced Services, the Company may entrust the processing of personal information to a third party. The Company has established rules on necessary matters in compliance with applicable laws to ensure that personal information can be safely managed when entering into an entrustment contract. In addition, when entrusting the processing of personal information, the Company discloses the details of the entrusted subjects and the person who handles by such entrustment (hereinafter referred to as the 'Trustee’) so that Users can readily view them at any time. The same will apply when the contents of the entrusted work are updated or the Trustee is changed.

2. The details of entrusted work for personal information processing and domestic Trustees are as set forth below:

Details of entrustment
Retention and use period of personal information

Paymentwall, Inc.

Payment for Service for Charge

Amazon Web Service Inc

Provision of infrastructure

Until Member’s withdrawal or expiry of entrustment contract

3. The Company transfers personal information overseas with a view to imparting to Users the stability of Service provision and the latest technology, and stores personal information acquired or created from Users in the database held by AWS (Amazon Web Services Inc.) (Singapore is the location for physical storage). AWS only conducts physical management of the server and cannot access the User's personal information.

Items transferred
Recipient country
Date, time and method of
Recipient’s purpose of
using the information
Period of retention and
use of personal information
Amazon Web Services Inc.
Service use record or personal
information collected
To be transmitted through
the network at the time of usingthe
operating data storage
and Service to provide
AllviA Edu’s Service, etc.
Until Service changes
(Until changes in the use of
cloud Services currently
used by the Company)

Article 9 (Retention and Destruction of Personal Information)

1. Once the period of retention and use of personal information has elapsed, the Company destroys Users' personal information without delay.

2. Information that must be retained in accordance with the following related laws and regulations will be retained for the period specified in the statutes before being destroyed.

Relevant Statutes Items Retained Retention Period
Article 6 of the Act on Consumer Protection
in Electronic Commerce, etc.
Records on withdrawal from contract or subscription, etc. 5 years
Records on payment and supply of goods, etc. 5 years
Records of consumer complaints or dispute resolution 3 years
records related to representations and advertisements 6 months
Communication Secret Protection Act Internet log record, access point tracking record 3 months

3. If a Member does not have a record of activities to use the Service for one year, the Company treats him/her as a dormant Member and, after serving a notification to the Member, immediately destroys his/her personal information in compliance with Article 39-6 of the Personal Information Protection Act.

4. The Company destroys personal information in the following methods to assure protection of personal information and prevention of damage caused by personal information leakage.

1) Personal information printed on paper is destroyed through shredding or incineration.

2) Personal information stored in the form of an electronic file is deleted using a technical method that does not allow reproduction of the record.

Article 10 (Rights of Users and Legal Representatives and How to Exercise them)

1. Every User has right to view and/or modify his/her registered personal information at any time and to request for cancellation (withdrawal) of his/her Membership if he/she is a Member. However, the Company may refuse the request for viewing, modification, or cancellation of Membership subscription if there is a legitimate public interest to do so, as exemplified below. In case of refusal, the Company will within 10 days send e-mail notification to the information owner explaining the reason for such refusal as well as advising on how to appeal.

- If viewing is prohibited or restricted by law

2. Once a User requests correction of errors in his/her personal information, that personal information will not be used or provided until the correction is completed. If the incorrect personal information has already been provided to a third party, the result of the correction will be notified to the third party.

3. The Company handles the personal information that has been canceled or deleted at the request of the User in accordance with this Guideline for Processing Personal Information and ensures that such personal information will not be viewed or used for any other purpose.

Article 11 (Measures to Ensure the Safety of Personal Information)

Acknowledging the value of Users' personal information, the Company makes the following endeavors in handling personal information.

① Establishment of internal management plan

- The Company has established and implemented an internal management plan as a set of standards for safe processing of personal information.

② Minimize the personal information staff

- The Company minimizes the number of employees who process personal information, and the PCs of the employees are so systemized that external Internet network is separated from its intranet to reduce the chance of personal information leakage. In addition, the Company has systematically established access control criteria for databases and personal information processing systems, which are under its continuous monitoring and due diligence.

③ Periodic Education

-We provide periodic education for personal information processors and emphasize the value of personal information by disseminating personal information issues to all employees company-wide.

④ Protection from Hacking or Viruses

- The system is installed in an area where access is controlled from outside to protect personal information from leakage or damage. Furthermore, periodic backups are conducted in preparation for loss of personal information, vaccine programs are used to prevent data leakage and damage.

⑤ Encryption of Personal Information

- An encrypted communication segment is used for transmitting Users’ personal information, and critical information such as password is encrypted using a secure encryption algorithm.

⑥ Physical Control

-Systems related to personal information processing are located in the off-limit area where access is controlled. Documents and auxiliary storage media containing personal information are stored in a secure place where locking devices are installed.

Article 12 (Appointment of Personal Information Protection Officer and Manager)

1. The personal information protection officer is the one tasked with protecting Users' personal information and preventing information leakage, who helps Users to use the Services provided by the Company with confidence, and bears responsibility for any deviation from the Company’s advisory to Users in protecting the personal information; except for damage or loss of information arising due to unexpected accidents such as natural disasters notwithstanding the Company having taken measures to secure the safety adequately, as well as various disputes caused by information provided by Users to the Company.

2. The Company hereby appoints personal information protection officer in accordance with the Personal Information Protection Act, as follows:

[Personal Information Protection Officer and Department in Charge]

A. Visang Education Co.,Ltd. appoints a personal information protection officer and operates a department in charge to take the general responsibility for handling Users’ personal information as well as resolving Users' inquiries and complaints.

Personal Information Protection Officer (CPO)
Affiliation: IT Strategy Core
Name: Jung-woo Lee
Department in charge of Personal Information

Information Security Cell


Phone: 1544-0554


B. Users may direct all inquiries related to personal information protection, complaint, and claim for damage, etc. that arise while using Visang Education’s Service to the personal information protection officer and the department in charge.

3. In relation to infringement of personal information, the information owner may inquire about remedies from damage and consulting to the following authorities. <The following authorities are independent units from the Company, so contact us if more information is needed.>

Personal Information Infringement Report Center
(operated by Korea Internet & Security Agency)
(no area code) 118
Personal Information Dispute Mediation Board
(no area code)
Supreme Prosecutor's Office Cyber Crime Investigatory Team
(no area code) 1301
National Police Agency Cyber Security Bureau
(no area code) 182

For EEA members, contact information for data protection authorities can be found at the link below


Article 13 (Obligation to Notify)

Any addition, deletion or modification of the contents of this Privacy Policy will be notified through the Service notification at least seven days in advance, or immediately if any prior notice is difficult.

<Addendum> Effective Date

This Guideline for Processing Personal Information comes into force on October 15, 2021 and onward.