EarthPaper Terms and Privacy Policy

1. EARTHPAPER Privacy Policy
  • Nara Space Technology (hereinafter referred to as 'the Company' or 'the Firm') recognizes the importance of social responsibility in operating the EARTHPAPER (hereinafter referred to as 'the Service') satellite imagery utilization platform service and is committed to making efforts to appropriately manage personal information at all times.
  • In order to protect the valuable personal information of individuals (hereinafter referred to as 'users' or 'members'), the Company strives to enhance personal information protection by voluntarily establishing rules in line with its corporate philosophy and business activities and by complying with the Personal Information Protection Act.
  • The Company's privacy policy may be subject to changes due to amendments in privacy-related laws and guidelines or changes in the Company's internal policies. In case of any revisions to the privacy policy, we will provide notice, so we kindly request that users periodically check for updates on our website.
  • 2. Collection of Personal Information

    The company will collect the following personal information for the provision of this service. Please note that the information below is provided as an example and may not necessarily correspond to the nature of the information collected.

    The company collects the minimum necessary personal information required for providing the service.
    1. ① When signing up for an EARTHPAPER account

      name, address, phone number, email address, ID, country code, company or affiliation, position, etc.

    2. ② When consent is given by a legal guardian

      legal guardian information (name, gender, date of birth, mobile phone number, telecommunications service provider, whether a domestic or foreign resident, etc.)

    3. ③ When using paid services

      When paying with a credit card: Card number (partial), card issuer name, etc.
      When making a bank transfer: Account holder's name, account number, bank name, etc.
      When paying with a mobile phone number: Mobile phone number, payment authorization number, etc.
      *Personal information collected for payment is collected and stored by the payment gateway (PG) company, and the company only receives transaction details provided by the payment gateway company.

    4. ④ When processing refunds

      Bank name, account number, account holder's name, email address
      *Personal information collected for payment is collected and stored by the payment gateway (PG) company, and the company only receives transaction details provided by the payment gateway company.

    5. ⑤ When a cash receipt is generated

      Mobile phone number, cash receipt card number
      *Personal information collected for payment is collected and stored by the payment gateway (PG) company, and the company only receives transaction details provided by the payment gateway company.

    6. ⑥ When providing customer support

      When contacting and consulting with the customer center, additional information may be collected for consultation processing. Depending on the type of inquiry, additional personal information such as a mobile phone number may be required from you.

      • · Phone Customer Service : (+82) 051-404-0331
      • · Web Customer Service : earthpaper@naraspace.com
    The methods of collecting personal information are as follows

    We generally inform users in advance and obtain their consent before collecting personal information. We collect personal information through the following methods

    1. ① When users agree to the collection of personal information and enter it directly during the membership registration and service usage process.
    2. ② When personal information is provided by partner services or organizations.
    3. ③ During the consultation process through the customer center, including webpages, email, fax, and phone.
    4. ④ Participation in events, promotions, or activities conducted online and offline.
    We obtain the consent of the legal guardian when collecting personal information of children under the age of 14.

    We may request a minimum amount of information from the legal guardian, such as their name and contact information, and confirm their consent through the following methods

    1. ① Verifying the identity of the legal guardian through mobile phone authentication.
    2. ② Providing a written consent form to the legal guardian with the consent details, requesting their signature and seal, and submitting it.
    3. ③ Using other methods similar to the above to inform the legal guardian of the consent details and confirm their intention.
    The personal information collected from users during the service usage process includes the following

    In addition to the information provided directly by users, the company may also collect information during the process of users using the company's services.

    List Collected Items
    Device Information Device identifiers, operating system, hardware version, device settings, browser type and settings, usage information for websites and apps, phone number, etc.
    Log Information IP address, log data, usage time, user-entered search terms, internet protocol address, cookies
    Other Information User preferences, advertising preferences, visited pages, etc. in the user's service usage.

    In addition, for the smooth use of the service, the 'company' may request additional information, but it assumes full responsibility for any damage to the user caused by the loss, theft, leakage, unauthorized third-party provision, or alteration of the user's personal information, including credit cards and bank accounts.

    3. Use of Personal Information The company processes the collected personal information for the following purposes, and in case of any change in the purpose, it obtains the user's consent after providing detailed information about the changes.
    1. ① Provision of Services and Contract Performance
      1. To manage members and verify identities.
      2. To process payments for paid services, including payment and refunds.
      3. To handle complaints or inquiries from users.
      4. To improve user services and quality.
      5. To provide notices regarding service disruptions, changes in terms, and personal information usage history.
      6. (For children under the age of 14) To verify the identity and consent of the legal guardian.
    2. ② Developing and providing services that are more suitable for users.
      1. To develop new services or provide specialized services based on demographic characteristics.
      2. To plan and provide various customized content.
      3. To provide additional services directly or indirectly related to the main service.
    3. ③ Improving the service environment.
      1. To create an environment where users can use the service comfortably and safely.
      2. To investigate service errors and various bugs and improve them.
      3. To analyze the service usage environment and provide services considering user characteristics.
      4. To restrict the use of fraudulent registrations or malicious users.
      5. To investigate illegal activities and comply with relevant laws and regulations.
    4. ④ Delivering advertising and promotional information.
      1. To send notifications for events and promotions.
      2. To provide additional services and customized advertising based on demographic characteristics.
      3. To confirm the intention to participate in events or promotions and process information about participants.
    When using and providing additional personal information
  • The purposes for which personal information held by the Company is used are as stated above. The recipient information provided by you and other similar information, excluding personal information belonging to individuals other than you, will be used only for the purposes stated above.
  • When the Company delegates specific functions to outsourcing companies, the Company may transmit your personal information to such outsourcing companies to achieve specific purposes, after taking preventive measures, etc.
  • When the Company transfers personal information to outsourcing companies related to functions or services related to personal information, the Company will create and manage contracts and appropriate regulations that require the protection of personal information.
  • 4. Provision of Personal Information The company does not provide collected personal information to organizations, entities, or partners (hereinafter referred to as "third parties") without the consent of the user.

    However, there are exceptions in the following cases

    1. ① When the user has given prior consent

      If the company determines that it is necessary to provide the user's personal information to a third party, the company will inform the user of who will receive the personal information, what personal information will be provided, and for what reasons before obtaining separate consent. If the user does not agree, the personal information will not be provided to the third party.

    2. ② When necessary for paid services related to service provision.
    3. ③ When required by law or when there is an obligation to submit to investigative agencies according to the procedures and methods specified by law for investigative purposes.
    5. Outsourcing of Personal Information Processing The Company outsources certain personal information processing tasks to enhance convenience in service provision, and it manages the outsourcing contracts to ensure the secure management of personal information in accordance with relevant laws by specifying necessary matters.

    The Company outsources personal information processing tasks to the following subcontractors, and the details of the outsourced tasks are as follows

    The name of the subcontractor The contents of the outsourced tasks are as follows
    StepPay The outsourced tasks include payment processing and the operation of the payment system.
    Amazon Web Services Inc. The outsourced tasks involve the operation and management of cloud servers.
    Mailchimp managing email delivery systems, as well as external email delivery systems.
    Personal information may be provided to overseas recipients with the user's consent for the purpose of using overseas services.

    Users are informed and obtain separate consent regarding the recipients and the countries to which personal information will be transferred overseas.

    Connected Services Recipient Transferred Personal Information Items Transferred Country Transfer Method Transferee Purpose of Use Retention and Use Period
    skywatch skywatch Affiliation Name, Affiliation Field, Address, Information, Name, Email Canada Online Transmission Corporation Name : skywatch
    Contact Information : (+1)833 711-2090
    Purchase of Satellite Images Destroyed within 30 days upon service withdrawal
    6. Retention and Use Period of Personal Information The company retains and uses the user's personal information during the agreed-upon period and follows the principle of disposing of it when the purposes of collecting and using personal information are achieved or when the retention period expires.

    However, in order to minimize damage caused by internal accounting processes, unauthorized use of personal information, unwanted member withdrawals, payment fraud, and similar situations, the company may temporarily retain information for a maximum of 30 days after receiving a withdrawal request. After this period, the information will be permanently destroyed in an irreversible manner.

    Regarding the following information, it will be retained for a specific period based on the stated reasons and will not be used for purposes other than those specified.

    1. ① information regarding the retention periods of personal information based on relevant laws
      1. Consumer Protection in Electronic Commerce Act
        1. · Records related to display and advertisements: 6 months
        2. · Records related to contracts or withdrawal of subscriptions: 5 years
        3. · Records related to payment and supply of goods, etc.: 5 years
        4. · Records related to consumer complaints or dispute resolution: 3 years
      2. Act on the Protection of Communications Secrets
        1. Records of service usage, including logins: 3 months
      3. National Basic Tax Act and Income Tax Act
        1. Ledgers and supporting documents for all transactions as specified by tax laws: 5 years
        2. Information related to withholding tax: 5 years

      In addition, personal information that must be retained for a certain period according to other laws is as follows

      Retained Items Retention Period Legal Basis
      Records related to contracts or withdrawal of subscriptions 5 years Act On The Consumer Protection In Electronic Commerce
      Records related to payment and supply of goods, etc. 5 years Act On The Consumer Protection In Electronic Commerce
      Records related to consumer complaints or dispute resolution 3 years Act On The Consumer Protection In Electronic Commerce
      Records related to the collection, processing, and use of credit information 3 years The Credit Information Use and Protection Act
      Records related to display and advertising 6 months Act On The Consumer Protection In Electronic Commerce
      User's internet and log records / User's connection location tracking data 3 months PROTECTION OF COMMUNICATIONS SECRETS ACT
      Other telecommunications verification records 12 months PROTECTION OF COMMUNICATIONS SECRETS ACT
      Ledgers and supporting documents for all transactions as specified by tax laws 5 years FRAMEWORK ACT ON NATIONAL TAXES
      Records related to electronic financial transactions 5 years Electronic Financial Transactions Act
      Service visit records 3 months PROTECTION OF COMMUNICATIONS SECRETS ACT
      Records related to customer verification and reporting of suspicious transactions 5 years from the date of service withdrawal Law on Reporting and Use of Specific Financial Transaction Information
    2. ② Reasons for Separation and Retention of Personal Information for Inactive (Dormant) Accounts

      The company will permanently destroy the accounts and personal information of users who have not used the service for 2 years following their last login, in accordance with the Personal Information Protection Act and personal information retention expiration. In this case, we will notify users at least 30 days before the expiration date of personal information validity and its transition to dormant status. If you wish to continue using the services provided by the company, we kindly request that you re-use the service within 30 days after your last login.

    3. ③ Reasons for Information Retention According to Company Internal Policy

      The company may retain personal information collected for events or promotions for a maximum of 1 year. However, the specific duration may vary for each individual event or promotion, and the period specified during each individual event or promotion will take precedence.

    7. Personal Information Destruction and Procedure Method The company, as a general rule, destroys the personal information of users after the purposes of collection and use have been achieved or the retention and use period has expired.

    The procedure and method for personal information destruction are as follows

    1. ① Destruction Procedure

      Personal information is destroyed according to the '6. Personal Information Retention and Use Period' after the purposes of personal information use have been achieved.

    2. ② Destruction Method

      For printed materials, they are shredded or incinerated. For electronic files, they are permanently deleted using irretrievable technical methods.

    8. Rights of Users and Legal Guardians and How to Exercise Them Users and legal guardians of children under the age of 14 (hereinafter referred to as "children") have the right to access and correct their personal information at any time, and if users or the legal guardians of children apply for membership withdrawal or processing suspension, the company takes necessary actions.
    1. ① Users and legal guardians of children can exercise the following rights at any time with respect to the company
      1. Right to request access to personal information
      2. Right to request correction of personal information errors
      3. Right to request the suspension of personal information processing
      4. Right to request the deletion of personal information or membership withdrawal processing
    2. ② Users and legal guardians of children cannot exercise the rights specified in paragraph 1 through the company's representative phone, email, or written communication. Instead, they can contact the Personal Information Protection Officer or the Personal Information Complaints Department (earthpaper@naraspace.com). The company will take necessary actions upon receiving requests from users and legal guardians of children regarding the exercise of their rights.
    3. ③ If users and legal guardians of children request corrections, processing suspensions, or deletions of personal information, the company will not use the relevant personal information or provide it to third parties until the necessary actions are completed.
    4. ④ If users and legal guardians of children request the deletion of personal information or membership withdrawal, the company processes the relevant personal information in accordance with the provisions of "6. Personal Information Retention and Use Period" and ensures that it cannot be accessed or used for other purposes. If there are legitimate reasons for the company to refuse access or correction requests for all or part of the personal information, the company will notify the requestor and provide an explanation for such reasons.
    9. Information on the Installation, Operation, and Rejection of Personal Information Automatic Collection Devices
    1. ① The company uses "cookies" for the purpose of providing users with customized services and enhancing the convenience of the website environment. Users have the option to refuse cookies.
      1. What are Cookies?
          Cookies are very small text files sent by the server operating a website to the user's browser, which are stored on the user's computer hard drive. When users use the company's services, the server reads the contents of the cookies stored on the user's computer to verify the user's information.
      2. Purpose of Using Cookies
        1. The company uses cookies to analyze factors such as user service access frequency, visit times, and visit counts. Additionally, it aims to understand user preferences, interests, and other related information. These insights are used to provide personalized services to users.
      3. Installation and Operation of Cookies
        1. Users have the voluntary right to allow or disallow cookies by changing the options in their web browser.
        2. If you do not allow the use of cookies, you may encounter difficulties in using certain services provided by the company.
      4. Cookie Settings and Rejection Methods
        1. Users can autonomously change their web browser's options to prevent the collection of cookies.
        2. For Internet Edge: [Tools] → [Internet Options] → [Privacy] → [Advanced]
        3. For Chrome: [⋮] (upper right corner of the web browser) → [Settings] → [Privacy and Security] → [Cookies and other site data]

        ※ For other web browsers, the settings may vary according to each browser's specific methods.

    2. ② The company may use various external web log analysis tools such as Google Analytics, and users can refuse data usage through Google Analytics via the following path
      1. Blocking Google Analytics : https://tools.google.com/dlpage/gaoptout/
      2. ※ For other web log analysis tools, please follow the respective tools' rejection methods.
    3. ③ The company allows the collection of user behavioral information through Google AdSense ads.
      1. Google AdSense is an advertising service provided by Google. It is a marketing service that analyzes users' online usage patterns, access records, and other data to provide services that take into consideration the characteristics of the users.
      2. Online Customized Advertising Provider: Google
      3. Collected Behavioral Information Items: User website visit history, app usage history, and user search history
      4. Method of Collecting Behavioral Information: Automatically collected when users visit websites or use apps
      5. Purpose of Collecting Behavioral Information: Providing interest-based customized advertising to users
      6. Retention and Use Period of Behavioral Information: Website and app visit information for 2 years
      7. Refusal Method for Collecting Advertising Identifiers: Users can choose whether to receive customized ads, and they can autonomously disable the device option through the following paths
        1. AOS (Android Operating System): [Device Settings] → [Google] → [Ads or Device Settings] → [Privacy] → [Ads]
        2. IOS (Apple Operating System): [Device Settings] → [Privacy] → [Apple Ads]
        3. ※ The disabling path may vary slightly depending on the OS version.
    10. Measures to Ensure the Security of Personal Information The company has established and rigorously adheres to the following measures to ensure the security of users' personal information, preventing its loss, theft, leakage, alteration, or damage.

    The company complies with regulations regarding the protection of personal information, including the 'Personal Information Protection Act' and the 'Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.'

    However, in cases where the company has fulfilled its obligation to protect personal information but issues arise due to insufficient security management of the user's PC or the user's own negligence resulting in the leakage of passwords, important information, or personal information, the company assumes no responsibility.

    1. ① Technical Measures
      1. The company securely stores the password and personal information specified by relevant laws, which users enter during registration, by encrypting them through tokens and SSL certification. The encrypted password can only be known by the user, and the confirmation and modification of personal information can only be performed by the user.
      2. The company encrypts communication channels internally and externally to protect personal information during transmission over the network.
      3. To prepare for unforeseen circumstances, the company regularly backs up personal information and takes necessary security measures, including the use of antivirus programs, to prevent unauthorized leakage or tampering of user's personal information due to hacking, viruses, or other threats.
      4. We employ intrusion prevention systems to control unauthorized access from external sources, and we continuously review and improve our personal information protection compliance program in line with changes in the social and business IT environment.
    2. ② Administrative Measures
      1. The company restricts access rights and personnel for personal information to a minimum, and limits the personnel who can process personal information to the following categories:
      2. Personnel who directly handle tasks related to addressing complaints, grievances, inquiries, and responses with users
      3. Personnel who oversee, manage, or supervise tasks related to personal information.
      4. Individuals responsible for managing events, promotions, or marketing-related tasks.
      5. Individuals responsible for developing, maintaining, and operating the personal information processing system.
      6. Individuals for whom the processing of personal information is unavoidable during the course of their duties.
      7. The company conducts regular annual privacy protection training for individuals involved in processing personal information and subcontractors.
      8. The company ensures compliance with its privacy policy and the protection of personal information by using internal (individual) information protection departments or similar entities. In case any issues are identified, the company takes immediate corrective measures to address and rectify them.
    3. ③ Physical Security Measures
      1. The company stores documents and removable storage media containing personal information in secure locations with locking mechanisms.
      2. The company implements physical access controls for personal information processing systems and has established and follows procedures.
    The company complies with the General Data Protection Regulation (GDPR) of the European Union and the laws of EU member states.

    If the company provides services to users within the European Union, the following may apply

    1. ① Purpose and Legal Basis for Processing Personal Information

      EARTHPAPER only uses collected personal information for the purposes stated in '3. Use of Personal Information' and obtains prior consent from users after informing them of this fact.

      1. Under the GDPR and similar regulations, EARTHPAPER may process user's personal information in the following circumstances
        1. Consent of the data subject
        2. In order to enter into and fulfill a contract with the data subject
        3. For compliance with legal obligations
        4. For the vital interests of the data subject
        5. For the legitimate interests pursued by the company
        ※ Except when the interests and rights or freedoms of the data subject outweigh those legitimate interests.
    2. ② Ensuring the Rights of Users within the European Union

      Under GDPR and similar regulations, users have the right to request the transfer of their personal information to another controller and can also request the refusal of their information processing. Users also have the right to file complaints with data protection authorities.

      EARTHPAPER may use personal information for marketing purposes, such as events and advertising, with the user's prior consent. Users can withdraw their consent at any time if they do not wish to receive such communications.

      Requests related to the above can be made by contacting our customer support via mail, phone, or email, and we will take the necessary actions. If you request a correction to your personal information, we will not use or provide it until the correction is completed.

    11. The Data Protection Officer (DPO) and Complaints Handling Department for Personal Information Protection The company has designated a Data Protection Officer (DPO) and a Complaints Handling Department for inquiries and complaints related to user's personal information.
    1. ① Users can report complaints regarding personal information related to the company's services to the Complaints Handling Department or Data Protection Officer of the company. The company will provide a prompt response as soon as the report is received. Privacy Protection Officer and Responsible Department
      • · Personal Information Protection Manager: Jaepil Park (CEO)
      • · Personal Information Protection Officer: Hyungwook Oh (Team Leader)
      • · Contact: +82) 02-3417-0331
      • · Email: earthpaper@naraspace.com
    2. ② If you require assistance with any other matters related to personal information, you can seek help from the following organizations.
    12. Information on notification of amendment prior notification obligation
  • We may modify the Privacy Policy for purposes such as reflecting changes in laws or services. In the event of any changes to the Privacy Policy, we will provide advance notice at least 7 days prior to the changes.
  • For significant changes, such as modifications to the types of personal information collected or the purposes of use, we will provide notice at least 30 days in advance.
  • At EARTHPAPER, we value your information and are committed to ensuring that you can use our services with confidence. We will make our best efforts to provide you with a secure and reliable experience.
  • Addendum
    • · Notification Date : October 02, 2023
    • · Enforcement Date : October 02, 2023