zep

ZEP Co., Ltd. Privacy Policy



In order to provide the best service to users, ZEP Co., Ltd. (the “Company”) uses personal data from users to provide some of its services.

With respect to handling personal data of the users, the Company will comply with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., and other relevant laws and regulations including regulations enacted by the relevant authorities. The Company is to enact and apply the following Privacy Policy in order to prevent the misuse of users' valuable personal data and to clarify the purpose, methods, and scope in which personal data is collected and used. This Privacy Policy is subject to change due to amendments to applicable laws and regulations or amendments to the Company's internal policies.


Article 1 [Personal Data Collection and Collection Method]

① The Company will collect and handle the following personal data, and the collected personal data will not be used for purposes other than those specified herein.

  1. Membership registration and management
    (a) General membership
    - Required: email address (member ID)
    (b) Membership registration and management through social network account connection
    - Google: (required) email address
    - Whalespace: (required) email address
  2. Settlement information (limited to creators)
    (a) Individual user
    - Required: full name, nationality, account information (bank name, account number, depositor name), mobile phone number, resident ID number (or for foreigners, data that can confirm their foreign status such as a residence card registration number or Tax ID), email address (member ID), and PayPal information (for foreigners only, PayPal email address, PayPal profile image)
    (b) Individual/corporate business operator
    - Required: business name, representative name, email address (member ID), contact information (name, mobile phone number, email address), account information (bank name, account number, depositor name), representative resident ID number
  3. Identification information (limited to creators)
    - Name, date of birth, gender, domestic/abroad status, mobile phone number, identification value (CI/DI)
  4. Data automatically created and collected while using services
    - IP address, service usage history, browsing history, date and time of membership registration, abuse history, device information, payment and purchase information
  5. Inquiry on service implementation and affiliation
    - Required: name, email address, mobile phone number
  6. Inquiry
    - Required: email address, inquiry content
    - Optional: name
  7. Marketing information
    - Optional: email address

② The Company will collect personal data using the following methods
- Data being directly input by the user on the Company’s website, applications, or within its services
- Data being collected through automatic collection devices
- Data being received through external companies or organizations affiliated with the Company
- Data being collected through the website, e-mail, phone calls, etc. during the consultation process through the customer center


Article 2 [Purpose of Collection and Use of Personal Data]

① The Company may use collected personal data for the following purposes. Personal data which is handled by the Company is not used for other purposes than the following, and in the case of changes to the purpose of use, necessary measures such as consent receipt will be taken according to relevant laws and regulations.

  1. Official website membership registration and user management
    - Confirmation on membership registration, self-identification/verification for provision of services, maintenance/management of membership qualifications, confirmation of valid membership registration records, management of abusers, revealing abusers and restricting their use, fulfillment of the contractual obligations, dispute resolution
  2. Use of services
    - Complaint handling and provision of other customer services, delivery of notices, payment processing of paid products, confirmation and payment of settlement, and tax processing
  3. Service implementation and affiliation
    - Consultations on service implementation and partnership affiliation
  4. Marketing advertisement
    - Provision of event information and advertising information
  5. Use as required by other laws and regulations
    - Fulfillment of obligations prescribed in statutes, etc.

Article 3 [Retention Period of Personal Data and Withdrawal of Users]

① The Company will retain and use the personal data collected from the user while the user's status is maintained. If the purpose for the collection of the data is completely achieved, the data will be deleted immediately regardless of whether the user’s status is maintained. However, the Company will keep and use personal data for the written retention period if the Company has any of the following bases for retention
- Retention basis: consumer satisfaction, dispute settlement, restriction of re-registration of membership, etc., when canceling membership
- Retention period: 30 days
- Retained items: email, access records, use records, nickname

② Notwithstanding the provisions of Paragraph 1 above, if there is reason to hold personal data under relevant laws and regulations, the Company will preserve the data for a period of time prescribed in relevant laws and regulations including the Commercial Act and the Act on the Consumer Protection in Electronic Commerce, Etc. In this case, the Company will separate the data to be preserved, and the preservation periods are as follows

  1. Records concerning display and advertising: 6 months (Act on the Consumer Protection in Electronic Commerce, Etc.)
  2. Record of contract or withdrawal of subscription: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
  3. Record of payment and goods supply: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
  4. Record of complaints or disputes of consumers: 3 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
  5. Books and supporting documents on all transactions as prescribed by tax law: 5 years (Framework Act on National Taxes)
  6. Record on Electronic Financial Transactions: 5 years (Electronic Financial Transactions Act)
  7. Record of access logs, connection IP information, etc. Service use: 3 months (Protection of Communications Secrets Act)

③ Upon inquiry about service implementation or partnership, personal information will be retained for up to 3 years after response to inquiry. If a phone number is provided, personal information will be retained for up to 5 years from the completion of the premium plan or any other paid service period.

④ Your account will be withdrawn immediately upon application for withdrawal. Re-registering as a new member is possible after withdrawal, using the same email address.


Article 4 [Protection of Personal Data]

① The Company will collect and use the personal data of the user within the scope of Article 2 of this Privacy Policy. Personal information will be provided to the minimum extent necessary with the consent of the user in the following cases in order to provide services smoothly.

Recipient of dataPurpose of provisionData itemsRetention period
Hosts who create Spaces on the ZEP serviceTo manage participants and track their status within the SpaceEmail address and access history, chat historyUntil the Space is closed or deleted.

② In cases in which personal data not mentioned in the Terms of Service or Privacy Policy is shared with third parties, the Company will notify the user in advance in order to obtain consent. However, in the following cases, personal data may be shared with third parties without the consent of the user

  1. If there is an unavoidable situation in accordance with special provisions of the law or in order to comply with legal obligations (including cases of a request by an investigating agency or an administrative organ in accordance with the procedure and method prescribed by relevant laws and regulations for the purpose of investigation)
  2. If a business assignment, merger, or etc. is to take place (However, if the user data needs to be transferred due to reasons related to the Company's assignment, etc., the Company will notify users of such fact in advance as per the procedure and method prescribed by applicable laws and provide members with the right to withdraw their consent to the transfer of personal data.)
  3. Members have the right not to consent to the provision of personal data to third parties and may withdraw their consent to the provision of personal data to third parties at any time. Even if they do not consent, services that are not based on provision of personal data to third parties will remain available, while the use or provision of services dependent on the provision of this data to third parties may be limited. Notification will be provided for any other changes to the provision of personal data to third parties through separate notifications.

Article 5 [Handling Consignment of Collected Personal Data]

① The Company consigns personal data as described in Paragraph 2 in order to increase the quality of its services and to perform a certain part of tasks required to provide services and stipulates necessary matters for the personal data to be safely managed as per applicable laws and regulations upon conclusion of the consignment contract. Also, the amount of data to be shared is limited to the minimum amount necessary to achieve the concerned purposes.

② The trustees and entrusted tasks are as below

  1. Trustee: Amazon Web Service Inc.
    Entrusted task: Operation and management of cloud servers located in South Korea where personal information is stored
  2. Trustee: Toss Payments Co.,Ltd
    Entrusted task: Payment and settlement services
  3. Trustee: Payple Co., Ltd
    Entrusted task: Payment and settlement services

③ If the trustee or its task changes, it will be announced through updates to this Privacy Policy.


Article 6 [Procedures and Methods for Destroying Personal Data]

① In principle, when the purpose for collecting and using a user’s personal data is achieved, the Company will destroy the data without delay. The Company’s procedures and methods for personal data destruction are as follows

  1. The data entered by the user for the purpose of membership registration, etc., is transferred to a separate database (or, in the case of paper documents, a separate document box) after the purpose is accomplished as per the internal policy and other relevant laws and regulations; the data is then stored temporarily and then destroyed. Personal data will not be used except for as prescribed by law.
  2. Personal data printed on paper is destroyed by a shredder. Personal data stored in the form of electronic files is deleted using a technical method that prevents it from being restored.

Article 7 [Rights and Obligations of Users and Legal Representatives]

① Users and their legal representatives may view or modify their personal data at any time. However, if the user's personal data is linked with an external platform, such as Google, the user must view or change the personal data according to the method provided by the concerned platform vendor.

  1. Request for personal information access
  2. Request correction if there is an error, etc.
  3. Request for deletion
  4. Request for suspension of processing

② The exercise of rights under Paragraph 1 can be conducted via email or other means of communication. Users can contact the person in charge of personal information protection and the relevant department at hello@zep.us. The Company will take necessary measures without delay upon receiving a request from the user.

③ If a user requests the correction of a personal data error, the Company will not use or share the data until necessary action is taken.

④ Under Paragraph 1, the user may also exercise their rights through a legal representative or an authorized agent. In such cases, a power of attorney in the format specified in Article 11 of the Personal Information Protection Act must be submitted along with the request.

⑤ Users are prohibited from infringing upon the personal information and privacy of themselves or others, as handled by the Company, in violation of related laws such as the Personal Information Protection Act.


Article 8 [Installation and Operation of Automatic Personal Data Collection Tools and Their Refusal]

① The Company installs and operates tools that automatically collect personal data, such as cookies (access information files) that store and retrieve user data from time to time to provide personalized services. A cookie is a small text file sent to the user's device by the server used to run an application and stored in your device's storage. When the user uses the application, the server reads the contents of the cookies stored in the user's device to maintain the user's preferences.

② The Company may use cookies for the following purpose
- To analyze visits to and uses of the website and provide the user with personalized usage environments

③ The storage of cookies is optional. As a result, the user can allow all cookies in the device settings or options, require permission to be given each time a cookie is saved, or refuse to save all cookies. However, if the user refuses to store all cookies, the service may be restricted or unavailable.


Article 9 [Personal Information Protection Safety Measures]

① The Company takes the following technical and administrative measures while handling users’ personal data in order to prevent it from being lost, stolen, leaked, altered, or damaged.

  1. Password encryption
    Users’ passwords are encrypted, stored, and managed. Therefore, even if a user forgets his or her password and confirming said password is impossible, a new password can be issued after a predetermined identification process.
  2. Enhanced network security
    • (a) The Company takes various technical measures to prevent the leakage of users’ personal data due to atypical network access from hacking, computer viruses, etc., and is constantly monitoring the network connection.
    • (b) The Company uses a secure cryptographic communication method for communication between its server and database and makes every effort to secure all systems using all possible technical means.
  3. Minimization and training of handling staff
    • (a) The Company's personal data handling staff is limited to the person in charge. A separate password is assigned to the person in charge and is then updated periodically. The Company continuously reinforces compliance with the Privacy Policy through regular training.
    • (b) The Company has internal procedures for preventing the leakage of data through the implementation of the security contract of the data handler and through the auditing the implementation of the Privacy Policy and the compliance of the employee.
    • (c) Personal data security is handled thoroughly during personnel changes and responsibilities for accidents are clearly defined after both entering and leaving the Company.
  4. Access and storage control
    The area where personal data is handled and stored is set as a secure zone so that only those who have the right to handle personal data can access it. Tangible and electronic records containing personal data are stored securely in areas that are equipped with security devices and require special permissions to access.
  5. Operation of personal data protection team
    Through the in-house personal data protection organization, the Company checks the implementation of the Privacy Policy and the compliance of the person in charge.

② Users are obligated to protect themselves and not to infringe on the data of others. Users should be careful that their personal data, such as their password, is not leaked, and also that the personal data or postings of other users are not negatively affected. The Company will not take any responsibility for personal data issues that occur due to a user's carelessness or mistake.


Article 10 [Personal Data Protection Manager]

① The Company makes its best effort to provide the best service while keeping personal data safe. The personal data protection manager is responsible for the protection of personal data in case of incidents as described above. However, despite technical remedies, the Company has no liability for any damage to data due to unexpected accidents caused by basic network dangers such as hacking, and any disputes over the posts made by visitors.

② You may contact the designated person below to communicate your opinions or complaints about the Company's Privacy Policy. The following person is responsible for the Privacy Policy and will make their best effort to collect your opinions and handle complaints.
- Personal data protection manager
- Name: Shangyup Kim
- Position: Chief Director
- Email address: hello@zep.us

③ If you have any complaints related to the handling of personal information when using the Company's services, you may report them to the person in charge of personal information protection or the customer center (hello@zep.us). The Company will respond promptly to any reports submitted by users.

④ Please contact the following organizations if you need to report or consult about other personal data infringement.

[For South Korea]

- Personal Information Infringement Report Center ( privacy.kisa.or.kr / (Without country code) 118)
- Personal Information Dispute Mediation Committee ( www.kopico.go.kr / (Without country code) 1833-6972)
- Supreme Prosecutor's Office ( www.spo.go.kr / (Without country code) 1301)
- Electronic Cybercrime Report & Management System ( ecrm.police.go.kr / (Without country code) 182)

[For other countries]


Article 11 [Opinion Collection and Complaint Processing]

The Company has opened a window for filing opinions and complaints regarding the protection of personal data. Users who are dissatisfied with the handling of personal data may inquire about such issues to the person in charge of the personal data management of the Company and then will be notified of the result of their inquiries.
- Personal data protection manager email address: hello@zep.us


Article 12 [Notification Obligation]

The Company's Privacy Policy is subject to change due to changes in laws and the internal policies of the Company. In such cases, the Company will notify the user of the changes in a way that users can confirm on the official website or within services.


Article 13 [Jurisdiction Specific Provisions]

General Data Privacy Regulation (“GDPR”): GDPR applies to residents of the European Union and the European Economic Area, granting you specific rights, which include:

- The privilege to access, revise, or erase the information we possess related to you.

- The ability to rectify any incomplete or incorrect data associated with you.

- The right to object to the processing of your data by us.

- The right to request limitations on the processing of your data.

- The right to obtain a copy of your personal data in a machine-readable and commonly-used format.

- The right to withdraw your consent at any time if we rely on your consent for data processing.


To exercise any of the aforementioned rights, kindly forward your request to hello@zep.us. Kindly be aware that we might request identity verification prior to addressing such inquiries.


Moreover, you retain the right to submit a complaint with a Data Protection Authority regarding our collection and utilization of your Personal Data. For more information, please get in touch with your local data protection authority in the European Economic Area.

Supplementary Provision

This privacy policy will take effect on February 6, 2024.
You may view the previous versions below.
- November 30, 2021 to May 25, 2023 (Click)
- May 26, 2023 to August 21, 2023 (Click)
- August 22, 2023 to February 5, 2024 (Click)
- February 6, 2024 to February 28, 2024 (Click)
- February 29, 2024 to May 22, 2024 (Click)