Privacy Policy
Last Updated: April 17, 2026
DeepSales Co., Ltd. ("Company") complies with the Personal Information Protection Act and related laws in providing the DeepSales website (DeepSales: B2B contacts based on Sales AI, "Site") and AI-based buyer discovery solution services ("Service"). Pursuant to Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following Privacy Policy to guide Site members on the procedures and standards for personal information processing and to handle related grievances promptly and smoothly.
Article 1 (Purposes and Items of Personal Information Processing)
(1) The Company collects the minimum personal information necessary for service performance as follows:
| Purpose | Items Collected | Legal Basis |
|---|---|---|
| Member registration & management, service provision & management, opinion collection, complaint/dispute handling, fraud prevention, information reliability verification, discovery of new service elements & improvement | [Required] Name, Email, Nationality | PIPA Article 15(1)1, 4 |
| Service provision & management, customer support | [Optional] Phone, landline, LinkedIn URL, company, department, position, title | PIPA Article 15(1)1, 4 |
| Billing/payment for paid services, in-service information purchase & payment | [Required] Name, email, phone number, credit card info, bank account info (bank name, account details, account holder name) | PIPA Article 15(1)1, 4 |
| Member registration & management, service provision & management, opinion collection, complaint/dispute handling, fraud prevention, information reliability verification | [Optional] Name, phone number, email address | PIPA Article 15(1)1 |
(2) IP addresses, cookies, and usage records may be generated and collected during service use for behavioral analysis and error handling purposes. Such collected information may or may not constitute personal information depending on its linkage with other personal data.
(3) Members have the right to refuse cookie storage through browser settings. Refusing cookies may cause difficulties in using services that require login.
Article 2 (Retention and Use Period of Personal Information)
(1) The Company retains personal information collected during the member's use of the service; when personal information becomes unnecessary due to service termination or membership withdrawal, it shall be destroyed without delay. However, the following information shall be retained for up to 5 years after withdrawal:
- Purpose: Prevention of fraudulent use and information reliability verification
- Items: Minimum identifying information
(2) Notwithstanding Paragraph (1), the following personal information retention periods apply, and information shall be destroyed without delay upon expiry of the relevant cause or achievement of purpose:
| Items | Legal Basis | Retention Period |
|---|---|---|
| Books and supporting documents for all transactions regulated by tax law | Framework Act on National Taxes | 5 years |
| Records of contracts or withdrawal of subscription; records of payment and supply of goods | Act on Consumer Protection in Electronic Commerce | 5 years |
| Records of consumer complaints or dispute resolution | Act on Consumer Protection in Electronic Commerce | 3 years |
| Records of labeling and advertising | Act on Consumer Protection in Electronic Commerce | 6 months |
| Service access records (log records, access tracking data) | Protection of Communications Secrets Act | 3 months |
| Telecommunications confirmation data (date/time, originating/receiving numbers, etc.) | Protection of Communications Secrets Act | 12 months |
Article 3 (Provision of Personal Information to Third Parties)
(1) The Company processes personal information only within the scope specified in the processing purposes and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as with the member's consent or under special legal provisions.
(2) The Company may provide personal information to the following parties for smooth service performance, with the member's consent and only to the minimum extent necessary:
- Recipient: Service Members
- Purpose: Improving sales performance through provision of potential customer information
- Items: Name, title, position, department, communication language, current workplace address, nationality, phone, landline, fax, email, work history, education information
- Retention Period: Until withdrawal of consent
(3) The Company may provide personal information to relevant authorities without member consent in emergency situations such as disasters, epidemics, events/accidents causing imminent risk to life or body, or imminent property loss.
Article 4 (Entrustment of Personal Information Processing)
The Company entrusts certain tasks to external companies as follows for smooth service performance. If a member does not use services related to the entrusted tasks, their personal information will not be provided to the trustee.
| Trustee | Entrusted Tasks |
|---|---|
| Toss Payments Co., Ltd. | Payment processing via credit cards, bank transfers, and identity verification |
| Stripe, Inc. | Global credit card payment processing and fraud prevention |
| Twilio Inc. | Phone-based user identity verification |
| Intercom, Inc. | Operation of customer support system (Intercom) |
Article 5 (Overseas Transfer of Personal Information)
(1) The Company does not transfer personal information overseas without the member's prior consent in principle.
(2) Where the Company has obtained separate consent for overseas transfer, personal information is transferred with technical protective measures applied:
- Items transferred: Name, current workplace address, title, position, department, communication language, nationality, phone, landline, fax, email, work history, education information
- Destination countries: United States, United Kingdom, China, and other countries where the Company provides services
- Timing and method: At the time of information lookup by overseas members via the Company's site
- Recipients: Service members located in overseas countries
- Purpose: Sales customer lookup and contact
- Retention period: Until withdrawal of consent (same as Article 3(2))
(3) Members may withdraw from the service or request refusal of overseas transfer. However, services that necessarily involve overseas transfer of personal information may be restricted in such cases.
Article 6 (Procedures and Methods for Destroying Personal Information)
(1) The Company destroys personal information promptly and safely when the consented retention period expires or the collection and processing purpose is achieved.
(2) Notwithstanding Paragraph (1), if personal information must continue to be retained under other laws, it shall be moved to a separate database or stored separately.
(3) Personal information stored in electronic file format is deleted using technical methods that prevent reproduction of records, and personal information printed on paper is destroyed by shredding or incineration.
Article 7 (Processing of Pseudonymized Information)
(1) The Company pseudonymizes personal information for statistical compilation, scientific research, and public records preservation so that specific individuals cannot be identified:
- Purpose: Research for service improvement and management, statistical compilation
- Items: Service usage records, business sector
- Retention period: Until processing purpose is achieved
(2) The Company applies the same safety measures as Article 9 to pseudonymized information pursuant to Article 28-4 of the Personal Information Protection Act.
Article 8 (Rights and Obligations of Members and Legal Representatives)
(1) Members may exercise their rights to access, correct, delete, or suspend processing of personal information against the Company at any time.
(2) Rights may be exercised through written request, email, or fax pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will investigate without delay.
(3) Rights may also be exercised through the member's legal representative or authorized agent. A power of attorney per Annex Form No. 11 of the "Notice on Methods for Processing Personal Information (No. 2020-7)" must be submitted.
(4) Rights to access and suspend processing may be restricted pursuant to Articles 35(4) and 37(2) of the Personal Information Protection Act.
(5) Members may request suspension of personal information processing. The Company will review the request within 10 days of receipt and notify the member of the result.
(6) Where personal information is explicitly designated as a collection target by other laws, deletion cannot be requested for such information.
(7) The Company verifies that the requester is the member or a legitimate representative when processing access, correction/deletion, or processing suspension requests.
(8) The Company does not collect or use personal information of children under 14 years of age in connection with service operation.
Article 9 (Measures to Ensure Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information:
- Administrative measures: Establishment and implementation of internal management plans, employee training
- Technical measures: Access control management for personal information processing systems, installation of security programs
- Physical measures: Access control for paper documents, etc.
Article 10 (Additional Use)
(1) The Company may use personal information additionally without member consent pursuant to Article 15(3) of the Personal Information Protection Act for smooth service performance.
(2) The Company considers the following factors when additionally using personal information:
- Whether it is related to the original collection purpose
- Whether additional use is predictable based on the circumstances of collection or processing practices
- Whether the interests of the data subject are unduly infringed
- Whether necessary safety measures such as pseudonymization or encryption have been taken
Article 11 (Personal Information Protection Officer and Department)
The Company designates a Personal Information Protection Officer to handle access requests, complaints, and remedies related to personal information. For inquiries, please contact:
- Personal Information Protection Officer: Jinseong Kim
- Department Contact: Operations Team / Tel: 070-4417-5507 / Email: help@deepsales.com
Article 12 (Remedies for Rights Infringement)
Members may inquire with the following organizations for remedies and consultations regarding personal information infringement. These organizations are independent of the Company. If you are unsatisfied with the Company's complaint handling or need further assistance, please contact:
- Personal Information Infringement Report Center (operated by KISA): 118 (no area code) / privacy.kisa.or.kr
- Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr
- Supreme Prosecutors' Office Cyber Investigation Division: 1301 (no area code) / www.spo.go.kr
- National Police Agency Cyber Investigation Bureau: 182 (no area code) / Cyber Crime Reporting System (ECRM)
Article 13 (Changes to the Privacy Policy)
(1) This Privacy Policy shall apply from the effective date.
(2) In the event of additions, deletions, or corrections pursuant to laws and the Company's policies, the Company will notify members of the changes at least 7 days prior to their effective date. For significant changes to member rights, at least 30 days' prior notice shall be given, and re-consent may be obtained if necessary.
Announced: April 17, 2026
Effective: April 27, 2026