Privacy Policy - VIVIPICK (ARMADO Workcation)

This Privacy Policy applies to the VIVIPICK app (Google Play Package Name: armado.vivipick.app), operated by ARMADO Workcation.

ARMADO Workcation (hereinafter referred to as the 'Company') establishes and discloses the following personal information processing guidelines in order to protect the personal information of data subjects and to handle related grievances promptly and smoothly in accordance with Article 30 of the Personal Information Protection Act.

Service and Operator Information

App Name: VIVIPICK
Developer (Company): ARMADO Workcation
Contact: armado@armado.org / 070-4012-3350
Google Play Package Name: armado.vivipick.app
Business Address: 837, Seogot-ro, Seo-gu, 5F (Dangha-dong), Incheon, 22675, Republic of Korea

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent will be implemented in accordance with Article 18 of the Personal Information Protection Act.

A) Website Membership Registration and Management

Personal information is processed for the purposes of confirming the intention to join as a member, identification and authentication according to the provision of membership services, maintenance and management of membership eligibility, identity verification according to the implementation of the limited identity verification system, prevention of fraudulent use of services, various notices and notifications, and grievance handling.

B) Grievance Handling

Personal information is processed for the purposes of verifying the identity of the complainant, confirming the details of the complaint, contacting and notifying for fact-finding investigations, and notifying the results of processing.

Article 2 (Processing and Retention Period of Personal Information)

a) a) The Company processes and retains personal information within the period of personal information retention and use agreed upon when collecting personal information from the data subject or within the period of personal information retention and use in accordance with laws and regulations.

b) b) Specific personal information processing and retention periods are as follows:

☞ Please refer to the examples below and enter the personal information processing and retention period of the business or service related to personal information processing.

Customer registration and management: Until withdrawal from service use or membership, or until the end of the agreement, etc. However, if debts and liabilities remain, until the settlement of such debts and liabilities is completed, and if there is an obligation to retain according to the provisions of relevant laws and regulations, until the expiration of the period stipulated in the relevant laws and regulations.
Records of website visit: 3 months

Article 3 (Rights of Data Subjects and Legal Representatives and Methods of Exercising Them)

a) a) Data subjects may exercise the following rights related to personal information protection at any time against the Company:

1. Request to view personal information
2. Request for correction if there are errors
3. Request for deletion
4. Request to stop processing

b) b) The exercise of rights pursuant to Paragraph (a) may be made to the Company in writing, by email, by facsimile (FAX), etc., in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.

c) c) The exercise of rights pursuant to Paragraph (a) may be made through an agent such as a legal representative of the data subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with the format of Annex No. 11 of the Notice on the Processing Methods of Personal Information (No. 2020-7).

d) d) Requests for viewing and suspension of processing of personal information may restrict the rights of data subjects in accordance with Article 35(4) and Article 37(2) of the Personal Information Protection Act.

e) e) Requests for correction and deletion of personal information cannot be requested for deletion if the personal information is specified as a subject of collection in other laws and regulations.

Article 4 (Account Deletion and Data Processing)

Users may delete their account at any time. Upon account deletion, related data will be processed as follows.

A) How to Delete Your Account

1. Open the VIVIPICK app and log in.
2. Tap 'My' in the bottom-right corner of the navigation bar.
3. Tap the settings icon in the top-right corner.
4. Scroll to the bottom of the settings screen and select 'Delete Account'.
5. Review the instructions, then type 'delete' to confirm deletion.
6. Account deletion is complete.

Alternatively, you may request account deletion by emailing armado@armado.org.

B) Data Processing Upon Account Deletion

Data deleted immediately:

Profile information (nickname, profile photo), in-app activity records, matching data, cookies and session information

Data retained for a period before deletion:

Personal identification information (name, email, phone number, etc.): Destroyed 30 days after the deletion request (for dispute/refund processing purposes)
Service usage logs: Retained for 3 months and then destroyed in accordance with relevant laws (Protection of Communications Secrets Act)
Transaction/payment records: Retained for 5 years and then destroyed in accordance with the Act on Consumer Protection in Electronic Commerce

Article 5 (Items of Personal Information to be Processed)

The Company is processing the following personal information items:

A) Website membership registration and management

Required items: Email, password, login ID, name, gender, date of birth, landline phone number, mobile phone number, nationality

B) Grievance handling

Required items: Email, mobile phone number

Article 6 (Destruction of Personal Information)

a) a) The Company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the processing purpose.

b) b) If the personal information retention period agreed upon by the data subject has elapsed or the processing purpose has been achieved, but the personal information must be preserved in accordance with other laws and regulations, the personal information is transferred to a separate database (DB) or stored in a different storage location.

c) c) The procedures and methods of destroying personal information are as follows:

1. Destruction procedure

The Company selects personal information for which reasons for destruction have occurred and destroys the personal information with the approval of the Company's personal information protection officer.

2. Destruction method

The Company destroys personal information recorded and stored in the form of electronic files so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding with a shredder or through incineration.

Article 7 (Measures to Ensure the Safety of Personal Information)

The Company is taking the following measures to ensure the safety of personal information:

a) a) Establishment and implementation of an internal management plan: An internal management plan for the safe processing of personal information has been established and implemented.
b) b) Regular self-audits: Regular self-audits (once a quarter) are conducted to ensure the safety of personal information handling.
c) c) Encryption of personal information: User personal information is encrypted, stored and managed, and only the individual knows important data. Separate security functions such as encrypting files and transmission data or using file lock functions are used.

Article 8 (Matters Concerning the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

a) a) The Company uses 'cookies' that store and retrieve usage information from time to time to provide individually customized services.

b) b) Cookies are small amounts of information that the server (http) used to run the website sends to the user's computer browser and are sometimes stored on the hard disk of the user's PC computer.

1. Purpose of using cookies: Used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by users, popular search terms, secure access, etc.
2. Installation, operation, and rejection of cookies: Users can refuse to save cookies by setting options in the Tools > Internet Options > Personal Information menu at the top of the web browser.
3. Refusing to save cookies may cause difficulties in using customized services.

Article 9 (Personal Information Protection Officer)

a) a) The Company is responsible for overall personal information processing tasks and has designated the following personal information protection officer to handle complaints and remedy damages of data subjects related to personal information processing:

▶ Personal Information Protection Officer

Name: Jung Sung-ho
Position: Director
Email: armado@armado.org
Contact: 070-4012-3350

※ Connected to the department in charge of personal information protection.

▶ Personal Information Protection Department

Department Name: Management Support Team
Person in Charge: Management Support Team Manager
Email: armado@armado.org
Contact: 070-4012-3350

b) b) Data subjects may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc., arising from using the Company's services (or business) to the personal information protection officer and the department in charge. The Company will respond to and process inquiries from data subjects without delay.

Article 10 (Request for Access to Personal Information)

Data subjects may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following department. The Company will endeavor to promptly process requests for access to personal information by data subjects.

▶ Personal Information Access Request Reception and Processing Department

Department Name: Management Support Team
Person in Charge: Management Support Team Manager
Contact: armado@armado.org
Phone: 070-4012-3350

Article 11 (Method of Remedy for Infringement of Rights and Interests of Data Subjects)

Data subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc., to receive relief from personal information infringement. In addition, for other reports and consultations regarding personal information infringement, please contact the following organizations:

1. Personal Information Dispute Mediation Committee

Phone: (without area code) 1833-6972
Address: (03171) 4th Floor, Government Complex Seoul, 209, Sejong-daero, Jongno-gu, Seoul
Email: kopico@kopico.go.kr
Website: www.kopico.go.kr

2. Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)

Phone: (without area code) 118
Address: (58324) 9, Jinheung-gil, Naju-si, Jeollanam-do (3rd-2nd Floor, Bitgaram-dong)
Email: privacy@kisa.or.kr
Website: privacy.kisa.or.kr

3. Supreme Prosecutors' Office Cyber Investigation Division

Phone: 02-3480-3573
Website: www.spo.go.kr

4. National Police Agency Cyber Safety Bureau

Phone: (without area code) 182
Website: cyberbureau.police.go.kr

Article 12 (Changes to Privacy Policy)

This Privacy Policy is effective from April 03, 2026.

VIVIPICK Platform Privacy Policy