OpenTrade Co., Ltd. (together with our affiliates, “OpenTrade”, “we”, “our” or “us”) places great importance on protecting your Personal Data, and takes all reasonable measures to safeguard the Personal Data provided by you in order to use CNBNews.ai (“Service”).

We strives to protect your personal information in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, and other applicable laws and regulations. The collection, use, and protection of personal information shall be governed by the relevant laws and our Privacy Policy. However, the Company’s Privacy Policy does not apply to linked websites or pages other than those created and operated by our Services.

1. How we use Personal Data

We processes personal data relating to you(“Personal Data”) for the following purposes. Personal Data processed will not be used for purposes other than those described below:

If the purpose of processing changes, the Company will obtain separate consent or take other necessary measures in accordance with Article 18 of the Personal Information Protection Act (or applicable laws).

• Registration and Member Management: To confirm your intent to join, identify and authenticate your identity for membership-based services, maintain and manage membership status, prevent fraudulent use of services, verify whether a legal representative’s consent is obtained for Personal Data processing of children under 13, issue various notices and communications, and address complaints.
• Provision of Goods or Services: To provide existing/new services of us, deliver personalized services, and for identity verification.
• Handling Inquiries & Improving Service Quality: To verify the identity of the person making an inquiry, confirm details of the inquiry, communicate/notify for fact-finding, convey results of processing, collect usage logs and access frequency to analyze service usage, generate statistics on members’ use of the service, construct service environments considering privacy protection, and improve services.
• Marketing and Advertising Uses: To develop new services (or products) and provide personalized services, to provide event and promotional information and opportunities to participate, to deliver services and advertisements according to demographic characteristics, to verify the effectiveness of services, to analyze access frequency, and to run statistics on members’ service use.

2. Personal Data we collect

We collects only the minimum Personal Data required to provide the Service, and processes the following kinds of Personal Data:

Personal Data You Provide

• Identity and Contact Data: Google profile data (email, profile picture, nickname), name, phone number, primary securities firm, preferred trading region, gender, age group, address, occupation
• Payment Information: We shall collect your payment information if you choose to purchase access to Service.
• Usage Data: We collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.

Personal Data We Receive Automatically from Your Use of the Services

• Web / mobile app: device information (OS, device ID, UUID, carrier), IP address, service usage history, visit logs, connection logs, cookies.

3. Retention

We processes and retains Personal Data within the period required by law or within the retention/use period agreed when collecting the data from the data subject. The retention period for Personal Data is as follows:

• Until the you withdraws consent or cancels membership
• However, if an investigation or legal process is underway under applicable laws, the data will be retained until the conclusion of such investigation or process

4. Disclosure of Personal Data

We processes and retains Personal Data within the retention/use period permitted under law or consent given by the data subject. We does not provide Personal Data to third parties.

5. Children

Our Services are not directed to, or intended for, children under 13. We do not knowingly collect Personal Data from children under 13.

6. Destruction of Personal Data

Once the purpose of data collection or use is fulfilled, we will promptly destroy the relevant information. Also, when you requests cancellation or revokes consent, immediate destruction will occur.

However, if the law requires retention of certain data, it will be stored for the legally required period before disposal. The separately stored data will not be used for other purposes unless required by law.

For electronic files, the data will be permanently deleted using technical methods to prevent recovery or reproduction. Other records (printouts, written documents, etc.) will be shredded or incinerated.

7. Your rights

You may at any time exercise rights to access, correct, delete, or suspend processing of Personal Data held by OpenTrade. However, such rights may be limited under relevant laws (e.g. Articles 35-4, 36-1, 37-2 of the Personal Information Protection Act).

You may exercise their rights via written request, email, or fax under Article 41-1 of the Enforcement Decree of the Personal Information Protection Act, and we will act without delay.

You may exercise these rights through their legal representative or an authorized agent. In such cases, a power of attorney on the prescribed form (Form 11 in the Notification on Methods of Processing Personal Data) must be submitted.

If other laws explicitly require that certain Personal Data be collected, you cannot demand deletion of those data.

Upon request for access, correction, deletion, or suspension of processing, we will verify that the requester is the data subject or a legitimate agent before granting the request.

8. Security

In accordance with Article 29 of the Personal Information Protection Act, we takes the following administrative, technical, and physical measures to ensure data security:

Administrative Measures

• We formulates and implements an internal management plan to safeguard processed Personal Data.
• Minimizing and educating Personal Data handlers: We restricts Personal Data handlers to the minimum necessary and conducts training to raise awareness of privacy protection.

Technical Measures

• Access control to your Personal Data processing systems: We grants, modifies, or revokes system access rights to control access to your Personal Data. It uses intrusion prevention systems to block unauthorized external access.
• Encryption of Personal Data: Sensitive identifiers and Personal Data are stored and managed using secure encryption algorithms.
• Technical countermeasures against hacking and viruses: We backs up data, uses up-to-date antivirus software, and uses encrypted communications to ensure safe transmission of data.

Physical Measures

• We locates systems in areas with controlled access to prevent unauthorized exposure or damage to Personal Data, and operates access control procedures.

9. Cookies & Similar Technologies

We and our service providers use cookies, scripts, or similar technologies (“Cookies”) to manage the Services and to collect information about you and your use of the Services.

Cookies are small pieces of data that a web server sends to a user’s browser, which the browser may store on the user’s hard drive.

Cookies help us to recognize you, customize or personalize your experience, market additional products or services to you, and analyze the use of our Services to make them safer and more useful to you.

You have the choice to refuse cookies.

How to refuse cookie settings:

• Internet Explorer: Tools > Internet Options > Privacy tab > Advanced privacy settings > cookie levels
• Chrome: Settings > Privacy & Security > Cookies and other site data > adjust cookie settings
• Safari: Preferences > Privacy tab > set cookie and website data level

Refusing cookies may make personalized services difficult to use.

10. Data Transfers

When you access our website or Services, your Personal Data may be transferred to our servers in South Korea, or to other countries outside the European Economic Area (“EEA”) and the UK. This may be a direct provision of your personal data to us, or a transfer that we or a third party make.

Where information is transferred outside the EEA or the UK, we ensure it benefits from an adequate level of data protection by relying on:

• Adequacy decisions. These are decisions from the European Commission under Article 45 GDPR (or equivalent decisions under other laws) where they recognise that a country outside of the EEA offers an adequate level of data protection. We transfer your information as described in “Collection of Personal Data” to some countries with adequacy decisions, such as the countries listed here; or
• Standard contractual clauses. The European Commission has approved contractual clauses under Article 46 GDPR that allows companies in the EEA to transfer data outside the EEA. These (and their approved equivalent for the UK and Switzerland) are called standard contractual clauses. We rely on standard contractual clauses to transfer information as described in “Collection of Personal Data” to certain affiliates and third parties in countries without an adequacy decision.

In certain situations, we rely on derogations provided for under applicable data protection law to transfer information to a third country.

11. Person Responsible and Department

To protect Personal Data and address related complaints, we designates the following person and department:

• Personal Data Protection Officer
• Name: Byeongseok Woo
• Position: Personal Data Protection Officer
• Department: Development Team (Corporate Research Institute)
  Phone: 1599-3970 (Customer Center)
• Email: support@cnbnews.ai

Any privacy‐related complaints arising from use of our service may be directed to the above officer or relevant department. We will respond and handle your inquiries.

12. Contact Information

If you believe your Personal Data rights have been infringed, you may consult the following:

South Korea

• Personal Information Dispute Mediation Committee
  Website: www.kopico.go.kr
  Phone: 1833-6972
• Personal Data Infringement Reporting Center (operated by KISA)
  Website: privacy.kisa.or.kr
  Phone: 118
• Cybercrime Investigation Division, Supreme Prosecutors’ Office
  Website: www.spo.go.kr
  Phone: 1301
• Cyber Investigation Bureau, National Police Agency
  Website: cyberbureau.police.go.kr
  Phone: 182

European Economic Area, United Kingdom, and Switzerland

• If you live in the European Economic Area (EEA), UK or Switzerland (the “European Region”), the data controller responsible for your Personal Data is OpenTrade. If you live outside the European Region, the data controller responsible for your Personal Data is OpenTrade.
• If you have any questions about this Privacy Policy, or have any questions, complaints or requests regarding your Personal Data, you can email us at support@cnbnews.ai
• Please note that under many countries' laws, you have the right to lodge a complaint with the supervisory authority in the place in which you live or work. A full list of EU supervisory authorities’ contact details is available here. If you live or work in the UK, you have the right to lodge a complaint with the UK Information Commissioner’s Office. If you live in Brazil, you have the right to lodge a complaint with the Brazilian Data Protection Authority (ANPD).If you live in Australia, you have the right to lodge a complaint with the Office of the Australian Information Commissioner.

Other Area

• You can email us at support@cnbnews.ai if you have any questions or concerns not already addressed in this Privacy Policy.

We should make its best effort to provide a continuous and stable service under these terms.

We should exercise technical safety measures and comprehensive management of Personal Data, including credit information, to protect your Personal Data.

If your opinions or complaints are deemed just, we shall process them promptly; if difficult, we shall inform the user of reasons and processing schedule.

In procedures related to service contracts (formation, change, termination, etc.), we shall endeavor to provide convenience to you.

We shall operate fairly and soundly, conduct ongoing R&D, provide quality services, and thereby maximize customer satisfaction and contribute to the development of internet business.

13. Changes to this Privacy Policy

This policy may be revised to reflect changes in relevant laws or internal operational policies. If we changes this privacy policy, it will continuously disclose the timing of enforcement and the changed contents, and will publish the changes in a way that allows you to easily compare the before and after versions.