Privacy Policy

NEST SOFT (the "Company") protects User's personal information pursuant to relevant laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. ("Information and Communications Network Act") and Personal Information Protection Act ("PIPA") and establishes the following Privacy Policy to swiftly and efficiently fulfill such requirements.

This Privacy Policy is set forth on the home page of the Service to be easily accessible to Users, and is subject to change based on amendments to relevant laws, guidelines, notices, or the Company's Service policies.

1. Personal Information Collection and Use

The Company collects the following personal information of its Users. The Company does not use such information outside of the purposes set forth below without the User's consent. If the Company wishes to use such information outside of such purposes, it will obtain the separate consent of the User as required under PIPA.

(1) The purpose of use and collection, type of information, and retention period of User information is as follows.

Collection Method Purpose of Collection and Use Types of Information Retention/Use Period
Information Provided (Required) Voluntarily provided through the User registration process and use of the Service (application, website) User management, and provision and improvement of Service Profile picture, nickname, phone number, and other contact information stored in smartphones or other devices Upon fulfilling the purpose of collection and use (e.g., a User withdraws its membership), the information will be destroyed without delay (except for information retained as required by law or the Company's internal policies)
Know-your-customer (KYC) procedures and Over-the-counter (OTC) transactions Confirm real name of party to the token transaction, confirm identity, and provision of OTC services Email address, name, nationality, country of residence, date of birth, gender, picture, copy of ID (ID card, driver's license, passport, etc.) (excluding personally identifiable information such as national resident number, driver's license number, and passport number), and EGG token wallet address Upon fulfilling the purpose of collection and use (e.g., a User withdraws its membership), the information will be destroyed without delay (except for information retained as required by law or the Company's internal policies)

(2) User information collected and used by the Company is retained for the following purposes pursuant to applicable law

Law Purpose of Collection and Use Types of Information Retention/Use Period
Protection of Communications Secrets Act Provide communication confirmation data Login history, login location, etc. 3 months
Keep record of advertising and labeling Advertising and labeling records 6 months
Act on the Consumer Protection in Electronic Commerce, Etc. Keep record of payments and supply of goods Payment and supply of goods records 5 years
Keep records regarding contracts or withdrawal of membership Customer identification information regarding contracts and withdrawals of membership 5 years
Keep records regarding processing customer complaints or disputes Customer identification information regarding processing customer complaints or disputes 3 years

(3) Notwithstanding paragraphs (1) and (2) above, in order to prevent disputes regarding the Service, the Company transfers information related to User registration and maintenance to a separate database (in the case of data stored on physical documents to a separate document) according to its internal policies and stores such information only for the following purposes for the following periods of time:

① If a User is subject to investigation due to a violation of applicable law: until the investigation is complete

② If a creditor-debtor relationship exists between the Company and the User: until the debt is settled

2. Destruction of Personal Information

(1) If the retention period of User personal information lapses or the purpose of processing such information is fulfilled, which results in the Company no longer needing the personal information, the Company generally destroys such personal information without delay.

(2) However, even if the retention period of User personal information lapses or the purpose of processing such information is fulfilled, the Company may transfer such personal information to a separate database or store such personal information in a distinguishable area according to applicable laws.

(3) The Company's procedure and method of destroying personal information is as follows:

① Destruction procedure

When personal information is to be destroyed, the Company obtains the approval of the Chief Privacy Officer prior to destroying such information.

② Destruction method

The Company uses technical or physical means to destroy personal information stored in electronic file format to prevent it from being restored and shreds or incinerates written information on physical documents.

3. Rights of Users & Legal Representatives and Exercising Those Rights

(1) Users and their legal representatives may request to access or update their personal information or withdraw their membership at any time.

(2) Users and their legal representatives may make such requests to the Chief Privacy Officer or manager through writing, phone, email, fax, or otherwise, and the Company will process such request without delay.

- Email: [email protected]

(3) If a User requests to correct his/her personal information, the Company does not use or provide such information until the correction is made. If the wrong information was already provided to a third party, the Company will notify such third party of the update without delay and ensure that such information is corrected.

(4) The User is responsible for ensuring that his/her personal information is up to date and is responsible for any issues arising from his/her failure to input the correct information.

(5) If a User misappropriates the personal information of another person to register as a member, such User may lose his/her User rights or be subject to penalties under applicable law.

(6) The User is responsible for maintaining the security of his/her email, password, and other information, and may not transfer or lease such information to a third party.

(7) Data subjects may exercise their rights in paragraph 1 above through a legal representative. In such case, the legal representative must submit a power of attorney in the form of Annex 11 of the PIPA Enforcement Rules.

4. Installation/Operation and Refusal of Operation of Automatic Personal Information Collection Tools

The Company uses cookies in order to provide customized services to its Users. Cookies are small text files sent by a User's web browser when using the mobile Service, which can also be stored on a User's computer or hard drive.

(1) Purpose of Use of Cookies

Cookies are used to determine visits and uses of the Services and the website, popular search words, whether access is secured, and other information to provide Users with optimized information.

(2) Refusal of Installation of Cookies

① Users have the option to accept or reject the installation of cookies. The User can access the settings in his/her browser regarding the installation of cookies to accept all cookies, to obtain User confirmation each time a cookie is saved, or reject all cookies. However, the Company's provision of Services requiring the User to login may be limited if the User opts to reject cookies.

② Please refer to the following in order to modify your cookie settings:

5. Technical and Managerial Measures to Protect Personal Information

The Company takes strong technical and managerial measures to secure User personal information and prevent such information from being lost, stolen, leaked, falsified, or damaged, as follows.

(1) Password Encryption

User passwords are stored and maintained through a one-way encryption and only Users that know their password can confirm or modify their personal information.

(2) Hacking Protection

In order to prevent personal information from being leaked or lost by hacking, computer viruses, or otherwise, the Company has installed a security program, conducts regular security checks, installed its systems in a restricted area that is monitored and blocked off.

(3) Minimizing personal information collection; Training

The Company keeps employees that handle personal information to a minimum and emphasizes compliance with law and internal policies in its training of employees handling personal information.

(4) Operation of Personal Information Protection Department

The Company operates a Personal Information Protection Department that checks whether the Company is in compliance with this Privacy Policy and upon discovering any issues uses best efforts to immediately resolve them.

6. Personal Information Management Personnel

(1) The Company has a designated Chief Privacy Officer and Personal Information Protection Department responsible for handling personal information processing and customer complaints regarding personal information processing.

(2) Users may refer any questions, complaints, or requests for relief regarding personal information to the Personal Information Protection Department. The Company will respond and process such correspondence without delay.

7. Report and Consultation regarding Personal Information Infringement

Users may contact the following institutions regarding to request consultations or relief regarding personal information infringement. As the following are government institutions, Users may contact these institutions if they have any complaints regarding the Company's personal information processing or are unsatisfied with the Company's provision of relief.

8. Dispute Resolution

Any dispute, controversy or claim arising out of or in connection with this Privacy Policy will be finally settled by binding arbitration administered by the Singapore International Arbitration Centre ("SIAC") in accordance with the rules of the SIAC. The number of arbitrators will be three, and the seat, or legal place, of arbitral proceedings will be Singapore. The language to be used in the arbitral proceedings will be English.

9. Amendments to Privacy Policy

(1) This Privacy Policy may be amended as required by law, government policy, or internal policies. Any additions, deletions, or revisions to the Privacy Policy will be notified in advance in the "Notifications" on the website or mobile application. Any substantial changes to User rights under the Privacy Policy will be notified 30 days in advance.

(2) This Privacy Policy will be effective as of the effective date below. Prior versions of the Privacy Policy are available in the notifications.

- Notification Date: 2019.05.31

- Effective Date: 2019.05.31