Privacy

Privacy Policy

UNIPIA ("us", "we", "our", or “Company”) operates UNIPIA (hereinafter referred to as the "Service(s)"). This page informs you of our policies regarding the collection, use and disclosure of personal information when you use our Service and the choices you have associated with that information. We use your information to provide and improve the Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms of Service.

1. PURPOSES OF COLLECTION AND USE OF PERSONAL INFORMATION
We may collect and process personal information about you for the following purposes. We do not otherwise share your personal information with third parties or use your personal information for any other purposes unless otherwise expressly provided herein. Please note, this Privacy Policy does not apply to any personal information collected by other applications that you may access through the links provided on our services.
1.1 Response to User Request
We may use your personal information in connection with responding to your inquiries and grievances. That is, we may process personal information about you to confirm your identity, to review your questions or complaints and to communicate to you with our responses.
1.2 Provision of Goods or Services
We may process your personal information to develop new services or provide more personalized and streamlined services based on demographic information or information about your interest and also to monitor statistics for your use of our services.
1.3 Marketing or Promotion
We may use or process personal information about you to invite you to our special promotional events from time to time.
1.4 user Management
We may collect and use personal information about you as our user (as defined in our Terms of Service) to verify your identity and status, to prevent unauthorized use or intrusion to our services, to confirm your consent to join our services, to verify registration status and prevent you from creating multiple accounts and also for our record keeping purposes in connection with dispute resolution and customer services.

2. COLLECTION, USE AND DISCLOSURE OF PERSONAL AND NON-PERSONAL INFORMATION
We may collect personal information about you in connection with providing the Services through the following methods.

2.1. Collection Methods
We may use the following methods to collect personal information about you
2.1.1 through our application, on paper forms, via facsimile and phone, or Q&A board on our application or by your entrance to our promotional events;
2.1.2 through our agents and third party partners; or
2.1.3 via information collecting tools.

2.2. Collection Policy
The following information about you may be collected on our application and we only use such information for the purposes set forth under “Section 1. Purposes of Collection and Use of Personal Information“
2.2.1. Information collected during provision of Service:
Email address
2.2.2. Information collected during User Management and Response to Service Inquiry::
Cookie, IP address, usage history, visiting history, and device information (model number, operating system and unique identifiers of the device)
* Device information, visiting history, usages history may be automatically collected during the use of Service.
2.2.3. Information collected during Service Inquiry:
Name and email address, contact number, affiliated institution, ID

2.3. Use Policy
2.3.1. Change of Control Notice
In the event that we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your personal information may be sold or transferred as part of such transaction. This Privacy Policy will apply to your personal information as transferred to the new entity.
2.3.2. Your Right to Review and Update Information on the Application.
You may access and review your personal information that you provided when you created your user account on the Application so that you can update your information from time to time. If you wish to cancel and delete your account, you may login and follow the instructions contained on our Application.
Unless we have a legal basis to store your personal information to comply with tax or accounting rules and regulations, we will delete or de-identify the personal information we have collected about you upon your request to delete or cancel your account.
2.3.3. Withdrawal of Consent
You may reject cookies or delete them at any time by change settings on your mobile or PC browser. However, you may not be able to use a certain portion of the Services if you reject our use of cookies
After the user enabled the respective settings on the device as provided above, we will no longer collect, use, share, or otherwise process personal information from that device for personalized advertising experience.
Unless we have another legal basis for keeping the user’s personal information, we will also delete or de-identify the personal information we have collected about such user within 30 days from the date on which the user applied one of the above methods to withdraw consent.
2.3.4. Where Legally Required
We will process personal information as necessary to comply with applicable laws. For example, we will collect from the users of IP addresses to identify a country location so that we know whether such users are located in the European Economic Area other than the United Kingdom, but we will not share the users’ full IP addresses or retain the same internally.

3. DISCLOSURE OR OURSOURCING THE PROCESSING OF PERSONAL INFORMATION
We use personal information about our users only to the extent provided under “Section 2. Collection and Use of Personal Information.” Except for the following circumstances, Company will not disclose, provide nor outsource the processing of personal information.
- when user consented in advance
- when the government agency requests in accordance with procedures and methods pursuant to the applicable law for the purpose of investigation.

4. RETENTION AND USE OF PERSONAL INFORMATION
We will promptly delete or de-identify the personal information we have stored about our users once we have accomplished the purposes for collecting and storing the personal information as provided above with exception of the following reasons (and no other reasons) in which cases, we may store the personal information for the duration set forth below.
Storing Personal Information Pursuant to applicable laws
To the extent required under applicable laws, we may store personal information about you for certain period of time. We store such information only to be in compliance with applicable laws and only for the time period set forth below. In no case we use the information stored hereunder for any other purpose.

4.1. User Sign In and Management: Until user’s withdrawal, except the following cases:
1) If an investigation is in progress due to violation of applicable laws, until the end of investigation.
2) If any claims remain in relation to the usage of Service, until the claims are settled.

4.2. Provision of Service: Until the completion of provision of Service, or until the settlement of service fees, except the following cases:
- Records on advertising and display: 6 months
- Records on entering into or withdrawing from contractual relationship; payment made; Service provided: 5 years,
- Records on Customer Complaints or Disputes: 3 years
- Records on Collection and/or Processing of Credit Information: 3 years

4.3. Service Inquiries: 2 years after responding the Service inquiries

5. DESTRUCTION OF PERSONAL INFORMATION
We will promptly destroy personal information that is no longer required to fulfil the identified purposes stated above. We apply the following procedures in destroying such personal information.

5.1. Destruction Procedures
We will move such personal information that is no longer required to fulfil the identified purposes to a separate DB (separate files in case of information in hard copies) and maintain it for set duration of time or promptly destroy as required by applicable laws. We will not use the personal information that is maintained in separate DB for any reasons except to comply with applicable laws.

5.2. Disposal Method
- Personal information stored in electronic format will be deleted by using a technical approach to prevent it from being restored.
- Information on paper form will be shredded or incinerated.

6. YOUR RIGHTS AND HOW CONSENT WORKS (UK GDPR)
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:
6.1. Right to be informed – you have the right to be told how your personal information will be used. This Policy and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
6.2. Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 30 days to comply.
6.3. Right of erasure –you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you, rather than delete it.
6.4. Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
6.5. Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
6.6. Right to data portability – to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.

To exercise these rights, please send a description of the personal information in question using the contact details below. We also have specific pages to unsubscribe from our email list.
Where we consider that the information with which you have provided us does not enable us to identify the personal information in question, we may ask you for (i) personal identification and/or (ii) further information.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance.
You are further entitled to make a complaint about us or the way we have processed your data to the Information Commissioner’s Office (“ICO”). For further information on how to exercise this right, please see this guidance and ICO's contact details.

7. How We Protect Your Personal Information
We strive to safeguard personal information of our users by utilizing technology and management system as follows.

7.1. Encryption of Personal Information
Sensitive and critical information such as your password is encrypted and only you can check and modify such information.

7.2. Protection from Security Threats
We are doing our best to safeguard personal information of our users from being leaked or damaged by hacking or computer viruses. In order to prevent the loss of personal information, we back up our data on a regular basis, use the latest anti-virus program, and use encryption technology to securely transmit personal information on our network. In addition, we use firewall to block unauthorized access from the outside, and we try to equip all possible technical devices to secure our system.

7.3. Limiting Access to Your Personal Information
To reduce the risk of security breach, we are limiting access to personal information of our users to only those employees who are specifically trained for handling of such information. We also change the password to the access periodically and place emphasis on the importance of safeguarding the personal information and compliance with applicable laws and policies by training our employees on a regular basis.

7.4. Special Force Dedicated for Protection of Personal Information
We have a special task force dedicated solely for protection of personal information of our users. We continuously monitor our compliance with applicable laws and regulations, and we strive to correct any breach or problem immediately upon notice.

8. INTERNATIONAL TRANSFER
Your information, including personal information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. This is because we work with trusted suppliers, for example our website provider, who are a US company.
If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the information, including personal information, to United Kingdom or other countries and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

9. RESPONSIBLE PERSONNEL
We have designated the following person as Data Protection Manager of personal information that we collect and process. You many direct your inquiries or complaints on our processing of your personal information to Privacy Officer. You may contact the below named Privacy Officer with all your inquiries on personal information. We will attempt to respond to your inquiries in a timely manner.

9.1. Data Protection Manager
- Name: Minha Choi
- Department: Data Protection Department
- Contact: marketing@unipia.business

10. NOTIFICATION OF CHANGES TO THIS PRIVACY POLICY
10.1 We will provide at least 7 days prior notice, either on the notice tab on our Application or via E-mail, for any planned changes or modifications to this Privacy Policy. Any changes will be effective as of the effective date on the notice. If, however, we make any changes to signification provisions such as the purposes for collecting and using personal information about you and the circumstances on which we share such information with third parties, then we will provide at least 30 days prior notice for such signification changes.
10.2 If any changes require your prior consent under applicable laws, then we will request your consent prior to making any such changes.
10.3 This Privacy Policy is effective as of August [*], 2024.

11. YOUR DATA PROTECTION RIGHTS UNDER GDPR
We make the following efforts to comply with the EU GDPR.
- GDPR awareness raising activities
- Perform data protection impact assessment
- Ensuring User Rights
- Report and Notification of Personal Data breach

11.1. GDPR Awareness Raising Activities
We are committed to companywide efforts and attention to complying with the GDPR. We identify the impact GDPR will have on our organization and are committed to complying with GDPR on a job-by-job basis by:
- Participating Department: Customer Management, Human Resources, Finance, Marketing, System Development, etc.
- Surveys of employees on privacy knowledge levels
- Official declaration of management's commitment to comply with GDPR
- Encourage participation in GDPR conferences and seminars
- Manage check list of departmental performance items

11.2. Data Protection Impact Assessment
We conduct a data protection impact assessment if the following situations are likely to pose a high risk to the rights and freedoms of natural persons as provided by GDPR.
- Rating or grading
- Automated decision making with legal or similarly important effects
- Monitoring using the system
- Sensitive Information

11.3. User Rights Guarantee
We are committed to ensuring the following user rights as defined by GDPR.
- RIGHT TO DELETE (RIGHT TO BE FORGOTTEN)
- RIGHT TO MOVE PERSONAL INFORMATION

11.3.1 Right to Delete (Right to Be Forgotten)
You have the right (delete right) to request the deletion of personal data related to him.
- When personal information is no longer needed for the purpose of collection or processing
- When you withdraw consent for the processing of personal information and there is no legal basis for processing the personal information
- When you oppose the processing of personal information pursuant to Article 21 (Right to object), Paragraph 1 of GDPR, and there is no justifiable reason to override the processing of related personal data, or the data subject opposes to direct marketing pursuant to Article 21, Paragraph 2 of GDPR
- When personal information is illegally processed
- When personal information needs to be deleted to comply with EU or EU member state legislation
- When personal information has been collected in connection with the provision of information and social services to children

However, we can reject a delete request if one of the following is true:
- For the exercise of the right to freedom of expression and information
- To comply with legal obligations of the EU or EU Member States, to perform public affairs, or to exercise public authority granted to us
- For public health purposes
- For public record keeping and scientific or historical research and statistical purposes
- For the purpose of demonstrating, exercising or defending a legal claim

11.3.2 Right to move personal information
In accordance with Article 20 of the GDPR, Company will provide the personal information collected from you in a “systematically structured, generally widely used and machine-readable format.”. You may directly receive the personal information from the Company. Alternatively, if technically feasible, you may apply to provide it directly to another personal information processor.

11.4. Report and Notification of Personal Data Breach
We will report to the supervisory authority within 72 hours of becoming aware of a breach if any of the following infringements occur that could pose a risk to an individual's rights and freedoms:
- Discrimination
- Reputation damage
- Financial loss
- Secret leakage
- Other significant economic and social disadvantage risks

When there is a high risk of the freedom and rights of the data subject, the data subject is notified without delay.

12. YOUR DATA PROTECTION RIGHTS UNDER CPRA
If you are a California of USA resident, this Section shall apply only to the extent and when Company is regulated under the California Privacy Rights Act (the “CPRA”), as a business (as defined in the CPRA). [note: Company may not be eligible as a business under CPRA until it satisfies some thresholds.]

12.1 Consumer Information Collected
We may collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with particular California residents, devices or households ("consumer information").

12.2 Use of Consumer Information
We may use consumer information for the business or commercial purposes and in the manner described in this Privacy Policy with respect to Personal Information.

12.3 Disclosures of Consumer Information for a Business Purpose
We may disclose your consumer information described above to a third party for a business purpose, as described in this Privacy Policy with respect to Personal Information of the following categories of consumer information under CPRA:
- identifiers.
- personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
- internet or other similar network activity.

12.4 Sales of Consumer Information
In the preceding twelve (12) months, Company has not sold, and Company does not and will not sell, consumer information that is subject to this Privacy Policy.

12.5 California Residents’ Rights and Choices
The CPRA provides California residents with specific rights regarding their consumer information. This Section 12.5 describes your CPRA rights (to the extent applicable to you) and explains how to exercise those rights.
12.5.1 Access to Specific Information and Data Portability Rights
You may have the right to request that Company disclose certain information to you about our collection and use of your consumer information over the past 12 months. Once we receive and confirm your verifiable consumer request (in the manner described in Section 12.6 below), to the extent required by the CPRA, we will disclose to you.
12.5.2 Deletion, Correction Request Rights
You have the right to request that Company delete or correct any of your consumer information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable request from you (if you are a California resident) in the manner described in Section 12.6 below (“verifiable consumer request”), we will delete or correct (and direct our service providers to delete) your consumer information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for our or our service provider(s)’ legitimate business purposes.

12.6 Exercising Access, Data Portability, and Deletion Rights
12.6.1 Exercise of Rights
To exercise the access, data portability, and deletion rights described in Section 12.5 above, please submit a verifiable consumer request to us by either: (1) calling us at the number notified in this Privacy Policy (2) visiting our application; or (3) contacting us. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your consumer information.
12.6.2 Company’s Response to Consumer Request
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing.

12.7 Non-Discrimination
We will not discriminate against you for exercising any of your CPRA rights, including, unless permitted by the CPRA, by:
- denying you goods or services.
- charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- providing you a different level or quality of goods or services.
- suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.