Skip to main content
Menu

🇬🇧 Privacy Policy

  • Updated

Privacy policy

Enkowithus Co., Ltd. (“the Company”, “Enkowithus”, or “we”), accessible at ‘https://stay.enko.kr/’, establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect users’ personal information and to ensure prompt and smooth handling of related grievances.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Processed personal information will not be used for purposes other than the following, and if the purposes are changed, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

  1. Membership Registration and Management: Verification of membership intent, identity authentication for member-only services, maintenance and management of membership status, prevention of fraudulent use of services, verification of legal guardian’s consent for processing of personal information of members aged 14 or older but under legal adulthood, provision of notices and announcements.
  2. Provision of Goods or Services: Service provision, issuance of contracts and invoices, provision of content, provision of customized services, payment and settlement of fees, management of overdue payments and defaults.
  3. Marketing and Advertising: Development of new services (products) and provision of customized services, provision of event and promotional information and opportunities to participate, provision of services and advertisements based on demographic characteristics, verification of service validity, analysis of service usage frequency or statistics on member service usage.

Article 2 (Processing and Retention Period of Personal Information)

The Company processes and retains personal information within the retention and usage period prescribed by law or within the period agreed to by the data subject at the time of collection.

  1. Membership Registration and Management: Until membership withdrawal. However, in cases where investigations are in progress due to violation of laws, until such investigations are concluded; and in cases of outstanding claims or obligations, until such settlement is completed.
  2. Records of Payment and Settlement: 5 years, in accordance with Article 6(1) of the Act on the Consumer Protection in Electronic Commerce (including settlement data and payment transaction records with payment gateways such as Toss Payments and Stripe).
  3. Records of Consumer Complaints and Dispute Resolution: 3 years, in accordance with Article 6(1) of the Act on the Consumer Protection in Electronic Commerce.
  4. Web/App Service Usage Logs and Access Tracking Data (e.g., IP address): 1 year, in accordance with Article 15-2 of the Protection of Communications Secrets Act.
  5. Customer Service and Grievance Records: 3 years, for dispute resolution purposes.

Article 3 (Items of Personal Information Processed)

The Company processes personal information depending on the type of membership (Tenant or Host) as follows:

  1. Membership Registration and Management
    • Tenant: Required (email, password, nationality, name) / Optional (mobile phone number, date of birth, gender)
    • Host: Required (email, password, name, mobile phone number) / Optional (gender)
  2. Provision of Goods or Services
    • Tenant: Required (email, credit card information, payment records, name, contract information) / Optional (gender)
    • Host: Required (email, name) / Optional (mobile phone number, business registration number or copy of ID, settlement account information)
  3. Information Automatically Collected During Service Use (Common): IP address, cookies, visit records, service usage history, misuse records, device information, location information, information generated during payment services, information generated during customer service interactions.
  4. Marketing and Advertising (Common): Optional (email, mobile phone number).

Article 4 (Provision of Personal Information to Third Parties)

  1. The Company processes personal information only within the scope stated in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only when consent is obtained from the data subject or when permitted by special provisions of the law under Articles 17 and 18 of the Personal Information Protection Act, and only to the minimum necessary extent.
  2. Current status of provision to third parties is as follows:
    • 4-1. Tenant Information Provided to Host: Purpose = identity verification of tenant, preparation and execution of contract, grievance handling, customer support, fulfillment of e-commerce (telemarketing) contract / Items provided = name, email, purpose of visit, mobile phone number (optional), passport copy (if necessary) / Retention = 1 year after contract termination and service completion.
    • 4-2. Host Information Provided to Tenant: Purpose = identity verification of host, preparation and execution of contract, grievance handling, customer support, fulfillment of e-commerce (telemarketing) contract / Items provided = name, email, mobile phone number (optional), business registration information or copy of ID (if necessary) / Retention = 1 year after contract termination and service completion.
  3. The data subject may refuse consent to provision to third parties; however, certain services may be restricted in such cases.

Article 5 (Entrustment of Personal Information Processing)

For service improvement, the Company entrusts certain tasks involving personal information to third parties, and includes necessary provisions in outsourcing contracts to ensure secure management of personal information in accordance with applicable laws.

  • Entrusted Party: Stripe, Toss Payments / Task: Payment processing
  • Entrusted Party: Amplitude, Google Analytics 4, Clarity / Task: Collection and analysis of behavioral data generated during service usage
  • Entrusted Party: Zendesk / Task: Customer support (chat and inquiry content)
  • Entrusted Party: Sendgrid, Mailchimp / Task: Customer management and marketing (email/SMS delivery, customer account management)

Article 6 (Procedures and Methods of Personal Information Destruction)

  1. The Company promptly destroys personal information when the retention period has expired or the purpose has been fulfilled.
  2. When retention is required by law, such data will be stored separately in a different database.
  3. Destruction methods: electronic files—irreversible deletion; paper documents—shredding or incineration.

Article 7 (Rights and Obligations of Data Subjects and Legal Representatives, and Method of Exercise)

  1. Data subjects may exercise their rights with respect to personal information held by the Company at any time, including requests for access, correction, deletion, or suspension of processing.
  2. These rights may be exercised by submitting a written request, email, or fax in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will promptly take measures.
  3. Data subjects may also directly view, modify, or delete their information through ‘My Account’ on the website, or request access through ‘Contact Us’.
  4. Rights may also be exercised through legal representatives or delegated agents. In such cases, a power of attorney in accordance with Form No. 11 of the “Guidelines on Personal Information Processing Methods (No. 2020-7)” must be submitted.
  5. Requests for access or suspension of processing may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.
  6. Requests for correction or deletion may not be granted if the data is designated for collection under other laws.
  7. When data subjects request access, correction, deletion, or suspension, the Company verifies whether the requestor is the data subject or a legitimate representative.

▶ Department for Receiving and Handling Personal Information Requests

Article 8 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, operation of dedicated departments, regular staff training.
  2. Technical Measures: Access control to personal information processing systems, installation of access control systems, encryption of personal information, installation and updates of security programs.
  3. Physical Measures: Access control to computer rooms and document storage facilities.

Article 9 (Cookies: Installation, Operation, and Refusal)

The Company uses the following technologies on its website and mobile app to provide customized services and convenience:

  1. Web Browser Cookies
    • The Company may collect and store cookies to record website visit history, maintain login sessions, and provide customized services.
    • Data subjects may allow or block cookie storage through browser settings.
    • Refusal to allow cookies may limit some customized services.
  2. Mobile App Data Collection
    • In mobile apps, instead of cookies, the Company may collect unique device identifiers (Device ID), advertising identifiers (e.g., IDFA, GAID), and app usage logs via SDK.
    • This data is used for app performance improvement, fraud prevention, customized service, and advertising.
    • Data subjects may limit collection through device settings (e.g., restricting ad tracking or disabling app permissions).
  3. Settings Guide
    • iOS: Settings > Privacy > Tracking
    • Android: Settings > Google > Ads > Opt out of Ads Personalization
    • Web Browsers: Chrome, Edge, Safari support cookie blocking and deletion.

Article 10 (Collection, Use, Provision, and Refusal of Behavioral Information)

  1. The Company collects and uses behavioral information during service use to provide optimized personalized services, benefits, and online advertisements.
  2. Behavioral information is collected as follows:
    • Items: Website/app visit history, search history, click logs, page navigation records, service usage pathways, funnel and event data, service usage frequency, device information (browser/OS/device ID), in-app behavioral data.
    • Methods: Automatic collection during website visits, automatic collection via SDKs and analytics tools (Amplitude, Google Analytics 4, Clarity).
    • Purpose: Provision of personalized services and advertisements based on user interests and tendencies, service improvement and error monitoring, funnel optimization, fraud prevention and security enhancement.
    • Retention: Retained up to 1 year from collection and destroyed without delay thereafter, unless longer retention is legally required.

Article 11 (Criteria for Additional Use or Provision)

In accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act and Article 14-2 of the Enforcement Decree of the Act, the Company may additionally use or provide personal information without consent of the data subject if the following criteria are considered:

  • Whether the additional use/provision is related to the original collection purpose.
  • Whether the additional use/provision was foreseeable given the circumstances of collection or processing practices.
  • Whether the additional use/provision unjustly infringes on the interests of the data subject.
  • Whether necessary security measures, such as pseudonymization or encryption, have been implemented.

Article 12 (Chief Privacy Officer)

The Company designates the following Chief Privacy Officer (CPO) and department in charge to oversee and take responsibility for personal information processing, handle user complaints, and remedy damages related to personal information:

▶ Chief Privacy Officer (CPO)

Personal Information Management Department

  • Department: Development Team
  • Contact: +82-70-8803-1160, dev@enko.kr

Data subjects may contact the above officer or department for all inquiries, complaints, and requests for remedies related to personal information arising from use of the Company’s services. The Company will respond promptly.

Article 13 (Remedies for Rights Infringement)

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency (KISA), or other relevant organizations if they suffer personal information infringements.

  1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  2. Personal Information Infringement Report Center (KISA): 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)
  4. Korean National Police Agency: 182 (ecrm.cyber.go.kr)

In addition, under the Administrative Appeals Act, data subjects whose rights or interests are infringed by the actions or inactions of a public authority with respect to requests under Articles 35, 36, and 37 of the Personal Information Protection Act may file an administrative appeal.

※ For details on administrative appeals, refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).

Effective Date

This Privacy Policy will take effect as of August 29, 2025.

Alien Registration Card Issuance Agency Service

In accordance with Article 30 of the Personal Information Protection Act, enkowithus, Inc. has established and publicly disclosed the following privacy policy to protect the personal information of data subjects and to handle related grievances promptly and efficiently.

Article 1 (Purpose of Processing Personal Information)

enkowithus, Inc. processes personal information for the following purposes. The personal information processed will not be used for any purpose other than those listed below, and if there is a change in the purposes of use, necessary measures such as obtaining separate consent under Article 18 of the Personal Information Protection Act will be implemented.

  1. Membership Registration and Management
    • Confirming the intention to sign up for membership, providing membership services, identifying and authenticating users, maintaining and managing membership, preventing misuse of services, verifying the consent of a legal representative when processing personal information of children under 14, and using personal information for communication notices.
  2. Provision of Goods or Services
    • Delivering services, sending contracts and bills, providing content, providing customized services, payment and billing, and debt collection.
  3. ARC Foreigner Registration Services
    • Verifying member identity, checking on complaints, contacting and notifying for fact-finding purposes, and notifying of processing results.
  4. Marketing and Advertising
    • Developing new services (products) and providing customized services, offering opportunities for participation in events and promotional information, providing services and advertising based on demographic characteristics, verifying the effectiveness of services, and collecting statistics on service usage frequency and user behavior.

Article 2 (Period of Processing and Retaining Personal Information)

  1. enkowithus, Inc. processes and retains personal information within the period of retention and use of personal information agreed upon by the data subject at the time of collection or as prescribed by law.
  2. The respective personal information processing and retention period is as follows:
    • Website membership registration and management: Until the member/customer withdraws from the website, with exceptions for the following:
      • If an investigation or inspection according to the violation of laws is ongoing, then until the end of such investigation.
      • If related to any remaining debts or credits from the use of the website, then until the settlement of those debts or credits.
    • Records of supply of goods or services: Until the member/customer withdraws from the website (in accordance with Article 6 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce).
    • Records related to consumer complaints or dispute resolution: Until the member/customer withdraws from the website (in accordance with Article 6 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce).
    • Computer and internet log data, access tracking data: 1 year.
    • Consultation and complaint handling: 1 year.

Article 3 (Items of Personal Information Processed)

enkowithus, Inc. processes the following items of personal information:

  1. Membership registration and management
    • Mandatory items: email, password
    • Optional items: mobile phone number, gender, date of birth, name, nationality
  2. Provision of goods or services
    • Mandatory items: email, name, email address, credit card information, payment records
    • Optional items: mobile phone number, address
  3. ARC foreigner registration services
    • Mandatory items: email, name, address, email address, credit card information, payment records, passport information, submitted documents, visa information, date of birth, educational background
    • Optional items: mobile phone number, KakaoTalk ID
  4. Automatically collected/generated information during service use
    • IP address, cookies, visit date and time, service use records, bad use records, device information, location information
    • Information generated during the use of payment services
    • Information generated during customer consultations
  5. Marketing and advertising use
    • Optional items: email, name

Article 4 (Provision of Personal Information to Third Parties)

  1. enkowithus, Inc. processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases where the data subject consents or under special provisions of the law, according to Articles 17 and 18 of the Personal Information Protection Act.
  2. enkowithus, Inc. provides personal information to third parties under the following circumstances:
    • Personal information recipient: Global Education & Services, universities
    • Purpose of the third party's use of personal information: Application and monitoring of immigration office foreigner registration (ARC) on behalf of the member
    • Items of personal information provided: Passport information, date of birth, name, mobile phone number, email, educational background, documents required for service use
    • Period of retention and use by the recipient: Destroyed within 1 year after completion of the foreigner registration application (service termination)
  3. Data subjects have the right to refuse consent to the provision of personal information to third parties. However, refusing consent may restrict the use of the ARC application service.

Article 5 (Procedure and Method of Destroying Personal Information)

  1. enkowithus, Inc. will promptly destroy personal information when it is no longer necessary, such as after the retention period has expired or the purposes have been achieved.
  2. If personal information must continue to be stored after the retention period has expired or the purposes have been achieved due to other legal requirements, such personal information will be transferred to a separate database (DB) or stored in a different storage location.
  3. The procedure and method of destroying personal information are as follows:
    • Destruction Procedure
      • enkowithus, Inc. selects personal information that has become unnecessary and destroys the information upon approval by enkowithus, Inc.'s personal information protection officer.
    • Destruction Method
      • Personal information stored in electronic file formats is deleted using methods that prevent the records from being restored or reproduced. Personal information recorded on paper is destroyed by shredding or incineration.

Article 6 (Rights and Obligations of Data Subjects and Methods of Exercising Those Rights)

  1. Data subjects have the right to request access, correction, deletion, or suspension of processing of their personal information at any time.
  2. The rights mentioned in the preceding paragraph can be exercised through written, email, or FAX communication in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act.
  3. Data subjects can directly access, correct, delete, or request access to personal information stored about them via the website's 'My Account' or by contacting us through the 'Contact Us' option.
  4. Rights exercises can also be performed by a legal representative or an authorized representative of the data subject. In such cases, a power of attorney according to Annex 11 of the Notification of Personal Information Processing Policy (No.2020-7) must be submitted.
  5. Requests for access to personal information and suspension of processing may be restricted in accordance with Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act.
  6. Requests for correction and deletion of personal information are subject to legal restrictions if the personal information is collected under other laws.
  7. enkowithus, Inc. will verify whether the person making the request to view, correct, or delete personal information is the person in question or their legitimate representative.

Personal Information Inquiry and Processing Department

Article 7 (Measures for Ensuring the Security of Personal Information)

enkowithus, Inc. takes the following measures to ensure the security of personal information:

  1. Administrative measures: Establishing and implementing an internal management plan, operating dedicated organizations, regular training for employees
  2. Technical measures: Managing access rights to personal information processing systems, installing access control systems, encrypting personal information, installing and updating security programs
  3. Physical measures: Controlling access to computer rooms and data storage rooms

Article 8 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

  1. enkowithus, Inc. uses 'cookies' to provide individualized services and conveniences to users by storing and retrieving their usage information.
  2. Cookies are small pieces of information sent by the server (http) used to operate the website to the user's computer browser and are sometimes stored on the hard disk of the user's PC computer.
  3. Data subjects can manage the settings for allowing or blocking cookies through the options setting on their web browser. However, if cookie storage is denied, difficulties may occur in using customized services.

How to Allow/Block Cookies in Web Browsers

  • Chrome: Web browser settings > Privacy and security > Clear browsing data
  • Edge: Web browser settings > Cookies and site permissions > Manage and delete cookies and site data

How to Allow/Block Cookies in Mobile Browsers

  • Chrome: Mobile browser settings > Privacy and security > Clear browsing data
  • Safari: Mobile device settings > Safari > Advanced > Block all cookies
  • Samsung Internet: Mobile browser settings > Internet usage history > Delete internet usage history

Article 9 (Collection, Use, Provision, and Refusal of Behavioral Information)

  1. enkowithus, Inc. collects and uses behavioral information to provide optimized personalized services and benefits to data subjects during the service use process, including online personalized advertising.
  2. enkowithus, Inc. collects the following behavioral information:
    • Collected behavioral information items: User's website visit history, search history
    • Method of collecting behavioral information: Automatically collected when the user visits the website
    • Purpose of collecting behavioral information: To provide personalized product recommendation services (including advertising) based on the user's interests and tendencies
    • Retention, use period, and subsequent information processing method: Destroyed one year from the date of collection

Article 10 (Criteria for Additional Use/Provision)

enkowithus, Inc. may use or provide personal information additionally without the consent of the data subject according to Articles 15, Paragraph 3, and 17, Paragraph 4 of the Personal Information Protection Act, and in consideration of the criteria under Article 14-2 of the Enforcement Decree of the Personal Information Protection Act.

In this regard, enkowithus, Inc. has considered the following factors before using or providing additional personal information without the consent of the data subject:

  • Whether the purpose of the additional use/provision of personal information is related to the original collection purpose
  • Whether there is a possibility of additional use/provision considering the circumstances under which the personal information was collected or the processing practices
  • Whether the additional use/provision of personal information unfairly infringes on the interests of the data subject
  • Whether necessary measures such as pseudonymization or encryption have been taken to ensure security

※ The criteria for considering additional use/provision are determined and disclosed autonomously by the business/entity.

Article 11 (Details Regarding the Personal Information Protection Officer)

  1. enkowithus, Inc. designates the following person as the personal information protection officer, who is responsible for the overall task of processing personal information, handling complaints and damage relief related to personal information processing.

Personal Information Protection Officer

Personal Information Protection Department

  1. Data subjects may contact the personal information protection officer and the department responsible for handling inquiries related to the protection of personal information, complaints, and damage relief arising from using the services (or business) of enkowithus, Inc. enkowithus, Inc. will respond to inquiries from data subjects without delay.

Article 12 (Remedies for Infringement of Rights and Interests of Data Subjects)

Data subjects can request dispute resolution or counseling, etc., if they suffer from infringement of personal information rights. Other than that, for other personal information infringement complaints or counseling, please contact the following institutions:

  1. Personal Information Dispute Mediation Committee: (toll-free) 1833-6972 (www.kopico.go.kr)
  2. Personal Information Infringement Report Center: (toll-free) 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors' Office: (toll-free) 1301 (www.spo.go.kr)
  4. Police Agency: (toll-free) 182 (ecrm.cyber.go.kr)

For complaints regarding the exercise of rights under Articles 35 (Access to Personal Information), 36 (Correction and Deletion of Personal Information), and 37 (Restriction of Processing of Personal Information) of the Personal Information Protection Act, those whose rights or interests have been infringed due to the disposition or inaction of the head of a public agency may file an administrative appeal according to the Administrative Appeals Act.

※ For more information about administrative appeals, please refer to the Central Administrative Appeals Commission website (www.simpan.go.kr).

○ This personal information processing policy will be applied starting from July 1, 2024.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Powered by Zendesk