XIO ("Company") establishes and discloses the following privacy policy to protect users' personal information and handle related complaints promptly and efficiently in accordance with Article 30 of the "Personal Information Protection Act."
The Company processes personal information for the following purposes. The collected personal information will not be used for purposes other than those stated below. If the purpose of use changes, the Company will obtain prior consent.
| Category | Purpose of Use |
|---|---|
| Membership Registration & Management | Identity verification, member service provision and maintenance, integrated ID management, prevention of fraudulent use, inquiry response |
| Identity Authentication | User identification and verification |
| Automatically Generated Information | Consumer protection, legal compliance, service analysis |
| Mileage Store | Mileage accumulation and usage management |
| Event Store | Event-based mileage usage management |
The Company retains and uses personal information within the retention period required by law or agreed upon by the user.
| Law | Item | Retention Period |
|---|---|---|
| Electronic Commerce Act | Contract and withdrawal records | 5 years |
| Electronic Commerce Act | Payment and supply of goods records | 5 years |
| Electronic Commerce Act | Consumer complaints and dispute resolution records | 3 years |
| Protection of Communications Secrets Act | Website visit records | 3 months |
The Company collects and processes the following types of personal information.
| Category | Collected Items | Retention & Usage Period |
|---|---|---|
| Membership Registration & Management | Email (ID), password, nickname | Until membership withdrawal (Stored for 1 year for fraud prevention) |
| Identity Authentication | Name, date of birth, mobile phone number | Until consent is withdrawn or membership is terminated |
| Automatically Generated Information | IP address, cookies, visit date, service usage records, device information | Until membership withdrawal |
| Mileage Store | Name, mobile phone number | Retained for 5 years |
| Event Store | Name, mobile phone number | Retained for 5 years |
The Company restricts membership registration for children under the age of 14 to protect their personal information.
The Company may entrust the processing of personal information to third parties for seamless service provision.
| Entrusted Company | Entrusted Task |
|---|---|
| To be determined | Identity and real-name verification |
The Company does not provide personal information to third parties without the user's prior consent, except as required by law.
The Company will promptly dispose of personal information once the retention period has expired or the processing purpose has been achieved.
Users may request to view, correct, delete, or stop processing their personal information at any time.
The Company takes the following measures to secure personal information:
The personal information protection officer is as follows:
This privacy policy takes effect from the implementation date. Any changes will be announced at least seven days before implementation.