HEXA LABS by CROCUS

Policy

Privacy Policy

CROCUS Co., Ltd. (“we”, “us”) processes personal information lawfully and securely in accordance with applicable privacy laws and regulations. This Privacy Policy explains our procedures and standards for handling personal information and how to contact us with related concerns.

Privacy and this Policy

  1. We collect, use, and provide personal information based on user consent and actively protect users’ rights (including the right to control their personal information).
  2. This Privacy Policy applies to services operated by us and is governed and interpreted under the laws of the Republic of Korea.

Items and Methods of Processing

All users may use our services. When doing so, we collect personal information under the principles described below.

We collect the minimum personal information necessary to provide our services.

Items collected

Category When collected Items Purpose Retention period
Required When submitting an inquiry Name, Email User identification 3 years from collection
Optional When submitting an inquiry Phone number Inquiry response 3 years from collection

How we collect

  1. We collect personal information when you submit an inquiry on our website.
  2. We do not collect sensitive information.
    • We do not collect sensitive information that may infringe fundamental rights (e.g., religion, place of origin, race, ideology/beliefs, political views, criminal records, medical information). If we must collect such information to comply with legal obligations, we will obtain prior consent.
    • If we collect additional personal information after initial consent, we will notify you in advance and obtain separate consent.

Purpose of Processing

We do not use personal information for purposes other than those listed below. If the purpose changes, we will obtain separate consent in accordance with applicable law.

  1. To identify users (where applicable) and prevent fraudulent use.
  2. To respond to inquiries and handle complaints.

Retention and Processing Period

We use personal information only for the period necessary to provide services. In addition, we retain certain information for the periods required by applicable laws, as described below.

Records of consumer complaints and dispute resolution

  • Legal basis: Act on the Consumer Protection in Electronic Commerce, etc. and its Enforcement Decree
  • Retention: 3 years

Destruction Procedures and Methods

We destroy personal information without delay when: you request deletion, you withdraw consent, the purpose is achieved, or the retention period expires. The procedures and methods are as follows.

Procedure

We select the personal information to be destroyed and destroy it with approval from the person in charge of personal information protection.

Method

  1. Electronic records are destroyed using technical methods that prevent recovery.
  2. Printed personal information is destroyed by shredding or incineration.

Rights of Users and Legal Representatives

  1. You may exercise rights such as access, correction, deletion, and suspension of processing at any time, and withdraw consent for providing personal information. However, some or all services may become unavailable in such cases.
  2. You may exercise your rights via writing, email, or fax as permitted by applicable law, and we will respond without delay.
  3. You may exercise rights through a legal representative or authorized agent. In such cases, a power of attorney may be required.
  4. Your rights to access or suspend processing may be limited under applicable law.
  5. Requests to correct or delete personal information may be denied where other laws require retention.
  6. We verify that the requester is the data subject or a duly authorized representative.
You are responsible for issues arising from inaccurate information you provide. If you enter false information (including using others’ information), you may face loss of eligibility and potential liability for business interference.

Security Measures

We take the following measures to ensure the security of personal information.

  1. Administrative: establish and implement internal management plans; regular employee training
  2. Technical: access control and permissions management; security programs; access control systems
  3. Physical: restrict access to server rooms and related facilities

Privacy Contact

Person in charge of personal information protection

  • Responsible person: Tae-Kyung Kim
  • Department: Management Administration Division
  • Phone: 02-6951-2493
  • Email: [email protected]

Department handling privacy requests

  • Phone: 02-6951-2493
  • Hours: 09:00–18:00 (Mon–Fri, excluding public holidays)
  • Email: [email protected]

Remedies for Privacy Infringement

If you believe your privacy rights have been infringed, you may seek dispute resolution or consultation through the organizations below.

Changes to this Policy

If we add, remove, or modify any content above, we will notify users through announcements on our services. If changes materially affect your rights or obligations, we will provide prompt notice.

  • Notice date: March 20, 2026
  • Effective date: March 20, 2026 (new)