Privacy Policy
2026. 5. 19.
Effective Date: 2026.5.19
Company: Sellking (Maedowang Co., Ltd.)
Service: Momocall
Article 1. Purpose
Maedowang Co., Ltd. (the “Company”) establishes and publishes this Privacy Policy (the “Policy”) in order to protect the information (“Personal Information”) of individuals (“Users” or “Individuals”) who use the services provided by the Company, namely Momocall (the “Company Service”), in compliance with applicable laws and regulations, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (the “Information and Communications Network Act”), and to promptly and smoothly handle grievances related to the protection of Users’ Personal Information.
This Policy includes matters concerning Personal Information additionally processed for the operation of the reward points service, identity verification, prevention of fraudulent use, and keyword-based personalized advertising recommendations, which are provided in addition to Momocall’s call and message data analysis functions.
Article 2. Personal Information Items Processed by Purpose and Retention/Use Period
The Personal Information processed by the Company, the purposes of processing, and the retention/use periods are as follows.
Category | Personal Information Items | Purpose of Processing | Retention and Use Period |
|---|---|---|---|
Membership Registration and Management (Required) | Email address ID, login account identifier such as social account ID, name or nickname, password hashed value, service usage history including registration date, withdrawal date, and login records, smartphone device information including device model, OS version, app version, and device identifier, access IP address, access date and time, service usage logs, failure and error logs, and history of improper use | User identification and verification, account creation and management, prevention of fraudulent use and abnormal activities, management of service usage history, delivery of notices, alerts, and important announcements, response to customer inquiries and complaints | Until termination of the service agreement and membership withdrawal. However, where retention is required under applicable laws, the relevant information will be separately retained for the period prescribed by such laws. See the separate table below. |
Customer Inquiries and Complaint Handling (Required) | Email address, inquiry details, conversation records generated during inquiries and consultations such as email and chat records, account information including ID and service usage history, contact information | Receipt and handling of member inquiries, consultations, and complaints, response to service failures and errors, handling and response in the event of disputes, management of consultation history | Retained for 3 years after completion of inquiry or complaint handling, pursuant to the obligation to retain records of consumer complaints and dispute handling under the Act on the Consumer Protection in Electronic Commerce, etc. Thereafter, the information will be destroyed without delay. |
Marketing and Event Notifications (Optional) | Mobile phone number, email address or social account ID, app push token for device identification, service usage records such as general usage type and frequency, event participation history | Provision of service-related news, notifications of feature or pricing plan changes, event and promotion notices, personalized notices, and marketing communications to expand service use | Until withdrawal of optional consent or membership withdrawal, provided that where retention is required under applicable laws, the information will be retained for the applicable statutory period. |
Fee Settlement, Payment, and Refunds (Required) | Paid service usage records, purchased product information, payment amount, payment date and time, payment approval/cancellation history, refund history, marketplace payment identifiers such as Google Play or Apple App Store payment ID | Billing and payment processing for paid services such as subscriptions and passes, refund and cancellation processing, settlement of overpayments or unpaid amounts, response to payment-related complaints | Until termination of the service agreement and membership withdrawal |
Point Service Operation (Required) | Point accrual and redemption history, reward activity history such as ad viewing and call event participation records, statistics on call duration and number of calls, excluding original call contents or voice files, point store product exchange history | Provision of reward point accrual and settlement services and point store product exchange services, delivery of exchanged products such as mobile gift certificates | Until membership withdrawal or expiration of points. Items subject to retention obligations under the Act on the Consumer Protection in Electronic Commerce, etc. will be separately retained for the applicable statutory period. |
Identity Verification and Product Delivery (Required, upon point exchange) | Name, date of birth, gender, domestic/foreign resident status, mobile phone number, Connecting Information (CI), Duplication Information (DI), carrier information | Verification of the one-person-one-account principle, mobile phone identity verification, delivery of exchanged products such as mobile gift certificates | Destroyed immediately upon achievement of the identity verification purpose. However, identifying information related to fraudulent use, such as CI/DI, will be separately retained in accordance with the “Prevention of Fraudulent Use” item in this table and the proviso of Article 2. |
Prevention of Fraudulent Use (Required) | Device identifiers such as ADID/IDFA, device unique ID, device model, OS version, app version, access IP, service access logs, point accrual and redemption logs, fraudulent accrual history, and CI/DI of members confirmed to have engaged in fraudulent use | Verification of multiple accounts using the same device, detection and blocking of abnormal accrual activities such as macros, verification of compliance with the one-person-one-account principle, restriction of re-registration by members who engaged in fraudulent use | General logs are retained until membership withdrawal. Fraudulent use history and related device identifiers and CI/DI are separately retained in a separate database for 1 year from the date fraudulent use is confirmed, and then destroyed. The retention reason and period may be adjusted in accordance with the Company’s operational policies, and any changes will be notified in advance. |
Keyword-Based Personalized Advertising Recommendations (Optional, separate consent) | Keywords extracted by the Company from call contents, processed in a de-identified form separated from member identifiers, consent and withdrawal records and timestamps | Extraction of advertising matching keywords based on the member’s separate consent, and transfer of de-identified keywords to advertising providers | Destroyed immediately upon withdrawal of consent or membership withdrawal. Consent and withdrawal records are separately retained for 3 years from the termination of consent for dispute-response purposes. |
Personal Information being processed will not be used for any purpose other than those stated above. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act.
The Company processes and retains Personal Information within the retention and use period prescribed by law or within the retention and use period consented to by the data subject at the time of collection.
Information Retained and Retention Periods Under Applicable Laws
Applicable Law | Retained Information | Retention Period |
|---|---|---|
Act on the Consumer Protection in Electronic Commerce, etc. | Records concerning contracts or withdrawal of offers | 5 years |
Act on the Consumer Protection in Electronic Commerce, etc. | Records concerning payment and supply of goods, etc. | 5 years |
Act on the Consumer Protection in Electronic Commerce, etc. | Records concerning consumer complaints or dispute handling | 3 years |
Act on the Consumer Protection in Electronic Commerce, etc. | Records concerning labeling and advertising | 6 months |
Protection of Communications Secrets Act | Website log records | 3 months |
Electronic Financial Transactions Act | Records concerning electronic financial transactions | 5 years |
Act on the Protection and Use of Location Information | Records concerning personal location information | 6 months |
Article 3. Provision of Personal Information to Third Parties
The Company processes Personal Information of data subjects only within the scope specified for the purposes of processing Personal Information, and provides Personal Information to third parties only where permitted under Articles 17 and 18 of the Personal Information Protection Act, such as where the data subject has given consent or where there is a special provision under law. Otherwise, the Company does not provide Personal Information of data subjects to third parties.
Notice Regarding Keyword-Based Personalized Advertising Recommendations Optional Feature: Where a member has given separate consent, the Company transfers de-identified keywords extracted from the member’s call contents to advertising providers for advertising matching. Such keywords are processed so that the member cannot be directly or indirectly identified. The Company does not provide advertising providers with any information that may identify an individual, including the member’s name, mobile phone number, email address, CI/DI, ADID/IDFA, original call text or audio, or advertising preference information. Accordingly, the transfer of such keywords does not constitute the provision of Personal Information to a third party under Article 17 of the Personal Information Protection Act. However, the Company provides this notice in this Article to enhance transparency. Members may withdraw consent at any time through the app settings or customer center.
Article 4. Entrustment of Personal Information Processing
The Company entrusts Personal Information processing tasks as follows for the smooth provision of services and handling of Personal Information-related affairs.
Entrusted Party | Entrusted Task | Retention and Use Period of Personal Information |
|---|---|---|
Mixpanel | Statistical analysis of media source and logs introduced at app installation | Until termination of the entrustment agreement |
Google Cloud Platform | Data storage and service operation | Until membership withdrawal or termination of the entrustment agreement |
Danal Co., Ltd. | Mobile phone identity verification and CI/DI extraction for identity verification upon point exchange | Until termination of the entrustment agreement or immediately upon achievement of the identity verification purpose |
Giftishow, Bizcon | Delivery of point store exchange products such as mobile gift certificates | Until termination of the entrustment agreement or, after completion of delivery, until the expiration of the applicable statutory retention period |
When entering into an entrustment agreement, the Company specifies in documents such as contracts matters concerning prohibition of Personal Information processing for purposes other than the entrusted task, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of the entrusted party, and liability for damages, in accordance with Article 26 of the Personal Information Protection Act. The Company also supervises whether the entrusted party processes Personal Information safely.
If the details of the entrusted tasks or the entrusted parties change, the Company will disclose such changes through this Policy without delay.
Article 4-2. Overseas Transfer of Personal Information
In order to provide services to Users, the Company entrusts Personal Information processing tasks to entrusted parties located overseas as follows, and Personal Information may be transferred overseas in this process.
Entrusted Party (Country) | Personal Information Transferred | Time and Method of Transfer | Purpose of Transfer | Retention and Use Period |
|---|---|---|---|---|
Mixpanel, Inc. (United States) | Event logs collected during service use such as button clicks and screen transitions, app installation/execution information and inflow media information, device information including device identifier, OS/app version, IP address and access region information such as country/city derived from the IP address, and, where collected optionally, account identification information such as email address | Transferred to Mixpanel’s servers via the internet network when the User installs or runs the app or uses the service | Analysis of service usage behavior, generation of statistics, improvement of service quality and user experience | Until termination of the entrustment agreement or membership withdrawal, provided that where retention is required under applicable laws, the information will be retained for the applicable period |
Google Cloud Platform (United States and Asia regions) | All Personal Information processed by the Company, including membership registration information, call and message data, AI processing results, and point accrual and redemption logs | Transferred to GCP servers via the internet network when the member uses the service through the app | Data storage, analysis, and provision of service operation infrastructure | Until membership withdrawal or termination of the entrustment agreement |
Article 5. Destruction of Personal Information
The Company destroys Personal Information without delay when the Personal Information becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.
Where Personal Information must continue to be retained under other laws despite the expiration of the retention period consented to by the data subject or achievement of the processing purpose, the Company moves such Personal Information to a separate database or stores it in a separate location.
The procedures and methods for destruction of Personal Information are as follows.
Destruction Procedure: The Company selects Personal Information for which a reason for destruction has arisen and destroys the Personal Information with the approval of the Company’s Chief Privacy Officer.
Destruction Method: Personal Information recorded and stored in electronic file format is destroyed in a manner that prevents restoration or reproduction, and Personal Information recorded and stored in paper documents is shredded or incinerated.
Identifying information and device information separately retained for the purpose of preventing fraudulent use will be destroyed immediately after the period specified in the “Prevention of Fraudulent Use” item in the Article 2 table has elapsed.
Article 6. Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them
Data subjects may exercise rights against the Company at any time, including requests to access, correct, delete, or suspend the processing of Personal Information. To view or modify their Personal Information, data subjects may use “Change Personal Information” or “Edit Member Information,” and to withdraw membership or consent, they may use “Membership Withdrawal” after completing identity verification procedures.
The Company does not provide services to Users under the age of 14 and therefore does not process Personal Information of data subjects under the age of 14.
Users may exercise their rights against the Company in writing, by email, by fax, or through other means pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
Rights may also be exercised through a legal representative of the data subject or an authorized agent. In such cases, a power of attorney must be submitted in accordance with the form prescribed in the Notification on the Methods for Processing Personal Information.
Requests to access or suspend processing of Personal Information may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act.
Where other laws specify that certain Personal Information must be collected, the data subject may not request deletion of such Personal Information.
The Company is obligated to verify whether the person making a request for access, correction, deletion, or suspension of processing under the rights of the data subject is the data subject themself or a legitimate representative.
Consent to keyword-based personalized advertising recommendations optional may be withdrawn at any time through the app settings or customer center, and withdrawal will not affect the member’s use of the basic service.
Article 7. Measures to Ensure the Security of Personal Information
The Company takes the following measures to ensure the security of Personal Information.
Administrative Measures: Regular employee training, establishment and implementation of an internal management plan, minimization of Personal Information handlers, and management of access privileges.
Technical Measures: Encryption of unique identification information such as CI/DI and passwords, installation and updating of security programs, management of access privileges to Personal Information processing systems, installation of access control systems, and measures to retain and prevent forgery or alteration of access records.
Physical Measures: Access control for systems storing Personal Information, including servers, and entry control.
Article 8. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
The Company uses cookies, which are automatic Personal Information collection devices that store and retrieve usage information from time to time, in order to provide individualized customized services to Users. Cookies are small amounts of information sent by the server HTTP used to operate a website to the User’s web browser, including PC and mobile browsers, and may be stored in the User’s storage space.
Users have the right to choose whether to allow the installation of cookies. Accordingly, Users may configure options in their web browser to allow all cookies, confirm each time a cookie is stored, or refuse the storage of all cookies.
However, if cookies are refused, use of some Company services that require login may be difficult.
In mobile apps, advertising identifiers ADID/IDFA are collected for the purpose of preventing fraudulent use, and members may reset advertising identifiers or select tracking restrictions in the mobile OS settings.
Article 9. How to Configure Cookie Permissions
Cookie permissions, cookie blocking, and other settings may be configured through web browser options.
Edge: Settings menu in the upper-right corner of the browser > Cookies and site permissions > Manage and delete cookies and site data
Chrome: Settings menu in the upper-right corner of the browser > Privacy and security > Cookies and other site data
Whale: Settings menu in the upper-right corner of the browser > Privacy protection > Cookies and other site data
Safari: Browser settings menu > Privacy > Manage website data > Select this website and click Remove
Mobile OS advertising identifier settings:
iOS: Settings > Privacy & Security > Apple Advertising / Tracking
Android: Settings > Google > Ads > Delete or reset advertising ID
Article 10. Designation of the Company’s Chief Privacy Officer
The Company designates the following department and Chief Privacy Officer to protect Users’ Personal Information and handle complaints related to Personal Information.
Chief Privacy Officer
Name: Jusung Lim
Position: CTO
Email: jusung@sellking.kr
Article 11. Remedies for Infringement of Rights
Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, and other institutions in order to seek remedies for Personal Information infringement. For other reports or consultations regarding Personal Information infringement, please contact the following institutions.
Personal Information Dispute Mediation Committee: 1833-6972 without area code (www.kopico.go.kr)
Personal Information Infringement Report Center: 118 without area code (privacy.kisa.or.kr)
Supreme Prosecutors’ Office: 1301 without area code (www.spo.go.kr)
Korean National Police Agency: 182 without area code (ecrm.cyber.go.kr)
The Company endeavors to guarantee data subjects’ right to self-determination regarding Personal Information and to provide consultation and remedies for damages caused by Personal Information infringement. If a report or consultation is needed, please contact the department specified in Article 10.
A person whose rights or interests have been infringed due to a disposition or omission by the head of a public institution in response to a request under Article 35 Access to Personal Information, Article 36 Correction or Deletion of Personal Information, or Article 37 Suspension of Processing, etc. of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.
Central Administrative Appeals Commission: 110 without area code (www.simpan.go.kr)
Addendum
This Policy shall take effect on 2026.5.19.
The previous privacy policy effective before this Policy, namely the Privacy Policy dated 2025.12.22, shall cease to be effective upon the effective date of this Policy.
With respect to Personal Information collected and processed prior to the effective date of this Policy, items newly added under this Policy, including matters related to point service operation, identity verification, prevention of fraudulent use, and keyword-based personalized advertising recommendations, shall be governed by this Policy only for collection and processing occurring on or after the effective date of this Policy.
