Privacy Policy

Version: 1.0 Effective Date: 2026-01-11 Last Updated: 2026-01-11

MailPass (hereinafter "Company") establishes and discloses the following Privacy Policy to protect users' personal information and to handle related complaints promptly in accordance with applicable data protection laws.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be implemented, such as obtaining separate consent pursuant to applicable laws.

  1. Member Registration and Management

    Personal information is processed for the purposes of confirming membership registration intent, identification and authentication for member services, maintaining and managing membership, preventing fraudulent use of services, and various notifications.

  2. Service Provision

    Personal information is processed for the purposes of service provision, content provision, customized service provision, and identity verification.

  3. Fee Payment

    Personal information is processed for the purposes of fee payment and settlement for service use.

  4. Grievance Handling

    Personal information is processed for the purposes of verifying the complainant's identity, confirming complaints, contacting and notifying for fact-finding, and notifying the results of processing.

Article 2 (Processing and Retention Period of Personal Information)

  1. The Company processes and retains personal information within the period of retention and use of personal information pursuant to applicable laws or the period agreed upon when collecting personal information from data subjects.
  2. The processing and retention periods for each type of personal information are as follows:
    • Member Registration and Management: Until membership withdrawal. However, until the end of the relevant reason in the following cases:
      • Until the completion of investigation when investigation or inquiry is in progress due to violation of applicable laws
      • Until the settlement of credits and debts when credit and debt relationships remain from service use
    • Service Provision: Until completion of service supply and fee payment/settlement
  3. Information retention pursuant to applicable laws:
    • Records on contracts or withdrawal of subscription: 5 years
    • Records on payment and supply of goods: 5 years
    • Records on consumer complaints or dispute handling: 3 years
    • Website visit records: 3 months

Article 3 (Items of Personal Information Processed)

The Company processes the following personal information items:

  1. Upon Membership Registration
    • Required items: Email address, password, name (or company name)
    • Optional items: Phone number, company name, job title
  2. Information Automatically Collected During Service Use
    • IP address, cookies, service usage records, visit records, bad usage records
  3. Upon Paid Service Use
    • Credit card payment: Card company name, partial card number
    • Bank transfer: Bank name, partial account number

Article 4 (Provision of Personal Information to Third Parties)

  1. The Company processes data subjects' personal information only within the scope specified in Article 1 and provides personal information to third parties only in cases falling under applicable data protection laws, such as consent of the data subject or special provisions of the law.
  2. The Company currently does not provide personal information to third parties.

Article 5 (Entrustment of Personal Information Processing)

  1. The Company entrusts personal information processing as follows for smooth personal information processing:
    Trustee Entrusted Tasks
    Payment Gateway Payment processing and settlement
    Cloud Service Provider Data storage and server operation
  2. When entering into an entrustment contract, the Company specifies matters concerning prohibition of processing personal information other than for the purpose of performing entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of trustees, and liability including compensation for damages in contracts, and supervises whether trustees process personal information safely.

Article 6 (Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercise)

  1. Data subjects may exercise their rights to access, correct, delete, or suspend processing of personal information at any time with respect to the Company.
  2. The exercise of rights pursuant to paragraph 1 may be made to the Company through written notice, email, etc. pursuant to applicable laws, and the Company will take action without delay.
  3. If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
  4. The exercise of rights pursuant to paragraph 1 may be made through a legal representative of the data subject or an authorized agent.

Article 7 (Destruction of Personal Information)

  1. The Company destroys the relevant personal information without delay when personal information becomes unnecessary, such as the expiration of the retention period or achievement of the processing purpose.
  2. The destruction procedure and method are as follows:
    • Destruction Procedure: The Company selects personal information for which grounds for destruction have occurred and destroys personal information with the approval of the Company's personal information protection officer.
    • Destruction Method: Information in electronic file format uses technical methods that cannot reproduce records. Personal information printed on paper is destroyed by shredding or incineration.

Article 8 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, minimization and training of employees handling personal information
  2. Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
  3. Physical Measures: Access control to computer rooms, data storage rooms, etc.

Article 9 (Matters Concerning Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

  1. The Company uses 'cookies' that store and retrieve usage information to provide individual customized services to users.
  2. Cookies are small pieces of information sent by the server (http) used to operate the website to the user's computer browser and may be stored on the hard disk of the user's PC.
  3. Users have the option regarding cookie installation. Therefore, users can allow all cookies, go through confirmation each time cookies are stored, or refuse to store all cookies by setting options in the web browser.

Article 10 (Personal Information Protection Officer)

The Company designates a personal information protection officer as follows to take overall responsibility for personal information processing and to handle complaints and remedy damages of data subjects related to personal information processing.

  • Personal Information Protection Officer
  • Department: Personal Information Protection Team
  • Email: privacy@mailpass.im

Article 11 (Methods for Remedy of Rights Infringement)

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive remedy for personal information infringement.

  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

Article 12 (Changes to Privacy Policy)

This Privacy Policy shall be effective from the enforcement date, and in case of additions, deletions, or corrections of changes pursuant to laws and policies, they will be announced through the notice 7 days before the implementation of changes.

For EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct inaccurate information.
  • Right to Erasure: You have the right to request that we erase your personal data under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data.
  • Right to Data Portability: You have the right to request that we transfer your data to another organization.
  • Right to Object: You have the right to object to our processing of your personal data.

To exercise these rights, please contact us at privacy@mailpass.im.

Publication Date: January 11, 2026

Effective Date: January 11, 2026

Back to Home

Related Documents

Terms of Service

We use cookies

We use cookies to improve your experience. You can choose which cookie categories to allow. Learn more