PeopleHero Co., Ltd. | Effective Date: June 1, 2026 PeopleHero Co., Ltd. ("PeopleHero," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information about users of our products and services. This Privacy Policy applies to users located in Australia, Canada, Hong Kong, New Zealand, Singapore, and the United States, and is designed to comply with the data protection and privacy laws of those jurisdictions, including: Australia: Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws Hong Kong: Personal Data (Privacy) Ordinance (Cap. 486) (PDPO) New Zealand: Privacy Act 2020 and the Information Privacy Principles (IPPs) Singapore: Personal Data Protection Act 2012 (PDPA) United States: Applicable state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other state laws (e.g., Virginia, Colorado, Connecticut, Utah, Texas) Where local law provides specific additional rights or obligations, those will apply in addition to this Privacy Policy. By using our services, you acknowledge that you have read and understood this Privacy Policy.
Company: PeopleHero Co., Ltd. Representative: Nam Dong-hyun (CEO) Address: Republic of Korea Contact: +82-53-853-8420 | bigpos8420@naver.com PeopleHero is the entity responsible for the personal information collected and processed under this Privacy Policy.
We collect only the personal information that is reasonably necessary to provide our services. The categories of personal information we may collect include: 2.1 Information you provide directly - Required: name, mobile phone number - Optional: email address - Account credentials and profile information - Payment information (processed by our payment service providers) - Communications with our customer support team 2.2 Information collected automatically - Device information (device type, operating system, browser type) - Log data (IP address, access times, pages viewed, referring URLs) - Cookies and similar tracking technologies (see Section 8) 2.3 Information from third parties If you sign up or log in using a third-party service (such as a social login provider), we receive information from that service in accordance with your privacy settings on that platform.
We use personal information for the following purposes: - Service provision: to create and manage your account, verify your identity, and deliver the services you request. - Payment and fulfillment: to process payments, deliver goods or services, and handle related logistics. - Customer support: to respond to inquiries and resolve complaints. - Legal compliance: to comply with tax, accounting, anti-fraud, and other applicable legal obligations. - Security: to detect, prevent, and address security incidents, fraud, and unauthorized activity. - Service improvement: to analyze usage patterns and improve our products and services. - Marketing: to send promotional communications where permitted by law, subject to your right to opt out. We collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances, or as otherwise permitted or required by applicable law.
We rely on the following grounds for collecting and processing personal information, as applicable under local law: - Consent: you have given consent to the processing for one or more specific purposes. - Contract performance: processing is necessary to provide the services you have requested. - Legal obligation: processing is necessary to comply with a legal obligation to which we are subject. - Legitimate business interests: processing is necessary for our legitimate business purposes, such as security and service improvement, balanced against your privacy interests. Where local law requires consent (for example, under Singapore's PDPA or for marketing communications in Australia, Canada, and New Zealand), we will obtain your consent before collecting or using your personal information for the relevant purpose. You may withdraw consent at any time by contacting us.
We do not sell your personal information. We may share personal information with the following categories of recipients: - Service providers: trusted third parties who perform services on our behalf, such as hosting, payment processing, analytics, and customer support, under written contracts that require them to protect personal information. - Legal and regulatory authorities: when required by law, court order, subpoena, or other valid legal process, or to protect our rights, property, or safety, or that of others. - Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality protections. - With your consent: with any other third party where you have given consent. 5.1 Notice to California Residents Under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), California residents have specific rights regarding their personal information. In the preceding 12 months, we have not sold or shared personal information as those terms are defined under the CCPA/CPRA. California residents have the right to know, delete, correct, and limit the use of sensitive personal information, and to opt out of sale or sharing. To exercise these rights, please contact us using the details in Section 12. We do not use or disclose sensitive personal information for purposes that require an opt-out right under the CCPA/CPRA.
To deliver our services effectively, we engage trusted third-party service providers to handle personal information on our behalf. When we do so: - We select service providers that can provide appropriate safeguards for personal information. - We enter into written contracts that limit how providers may use personal information. - We require providers to implement appropriate security measures. - We restrict sub-processing to authorized parties. - We remain responsible for the personal information handled by our service providers.
PeopleHero is headquartered in the Republic of Korea, and personal information we collect may be transferred to, stored in, and processed in Korea or other countries where our service providers operate. These countries may have data protection laws different from those of your country of residence. When we transfer personal information across borders, we take reasonable steps to ensure that it receives a level of protection consistent with this Privacy Policy and applicable law, including: - Australia (APP 8): we take reasonable steps to ensure overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles. - Canada (PIPEDA): we use contractual measures to provide a comparable level of protection while information is being processed by a third party. - Hong Kong (PDPO): we take practicable steps to ensure that personal data transferred outside Hong Kong is protected to a standard comparable to the PDPO. - New Zealand (IPP 12): we transfer personal information overseas only where the recipient is subject to comparable safeguards or where you have authorized the transfer. - Singapore (PDPA): we transfer personal data outside Singapore only where the recipient is bound by legally enforceable obligations that provide a standard of protection comparable to the PDPA. - United States: we apply contractual and organizational safeguards consistent with applicable state laws.
We use cookies and similar tracking technologies to provide a personalized experience, analyze usage, and deliver relevant content. 8.1 Purposes - Analyzing access frequency and session duration - Understanding user preferences and interests - Tracking participation in events and promotional campaigns - Providing personalized services and relevant marketing 8.2 Managing cookies You can configure your browser settings to accept, reject, or be notified when cookies are sent. Note that disabling cookies may limit certain features that require login or personalization. To manage cookie settings in common browsers: - Microsoft Edge: Menu > Settings > Cookies and site permissions - Google Chrome: Menu > Settings > Privacy and security > Cookies and other site data - Safari: Preferences > Privacy - Firefox: Menu > Settings > Privacy & Security
Depending on your jurisdiction, you may have the following rights regarding your personal information: - Access: Request confirmation of whether we hold your personal data and obtain a copy of it. - Correction: Request correction of personal data that is inaccurate, incomplete, or out of date. - Deletion: Request deletion of your personal data, subject to legal exceptions and retention obligations. - Withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing. - Opt out of marketing: Opt out of receiving direct marketing communications at any time. - Opt out of sale or sharing: Where applicable (e.g., California), opt out of the sale or sharing of personal information. We do not sell personal data. - Data portability: Where applicable, request your personal data in a structured, commonly used format. - Non-discrimination: Exercise your rights without receiving discriminatory treatment in the services we provide. - Lodge a complaint: File a complaint with your local data protection authority (see Section 12). To exercise any of these rights, please contact us using the details in Section 12. We will verify your identity before responding and will reply within the timeframes required by applicable law. We will not discriminate against you for exercising your rights. 9.1 Children's privacy Our services are not directed to children, and we do not knowingly collect personal information from minors below the age of consent applicable in their jurisdiction. If you believe a minor has provided personal information to us without appropriate consent, please contact us, and we will take steps to delete it.
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. 10.1 Retention principles - Account data is retained while your account is active and for a reasonable period thereafter. - Transaction and payment records are retained as required by applicable tax, accounting, and consumer protection laws. - Marketing data is retained until you opt out or withdraw consent. - Log data is retained for limited periods for security and analytics purposes. 10.2 Deletion methods - Personal information printed on paper is destroyed by shredding or incineration. - Personal information stored in electronic form is deleted using methods that prevent recovery. - When the retention period expires or the processing purpose is achieved, we delete or anonymize the personal information without undue delay.
We implement appropriate technical, organizational, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, loss, or destruction. 11.1 Administrative measures - Establishment and implementation of an internal information protection plan - Regular training of personnel handling personal information - Access on a need-to-know basis 11.2 Technical measures - Access controls, including password protection of systems that process personal information - Encryption of stored personal information and data in transit where appropriate - Installation and regular updating of antivirus and security software - Logging and monitoring of access to personal information 11.3 Physical measures - Secure storage of records containing personal information - Access controls to facilities where personal information is stored While we take reasonable steps to safeguard personal information, no security system is impenetrable, and we cannot guarantee absolute security. 11.4 Data breach notification If a data breach occurs that is likely to result in serious harm or meets other notification thresholds under applicable law (such as the Notifiable Data Breaches scheme in Australia, PIPEDA in Canada, the Privacy Act 2020 in New Zealand, or the PDPA in Singapore), we will notify affected individuals and the relevant regulator as required.
If you have questions, requests, or complaints regarding this Privacy Policy or our handling of your personal information, please contact our Data Protection Officer: Name: Nam Dong-hyun Title: Chief Executive Officer Phone: +82-53-853-8420 Email: bigpos8420@naver.com We will acknowledge your inquiry and respond within the timeframes required by applicable law. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant authority in your jurisdiction: - Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au - Canada: Office of the Privacy Commissioner of Canada (OPC) — www.priv.gc.ca - Hong Kong: Office of the Privacy Commissioner for Personal Data (PCPD) — www.pcpd.org.hk - New Zealand: Office of the Privacy Commissioner — www.privacy.org.nz - Singapore: Personal Data Protection Commission (PDPC) — www.pdpc.gov.sg - United States: Federal Trade Commission (FTC) — www.ftc.gov; California Privacy Protection Agency (CPPA) — www.cppa.ca.gov; applicable state attorneys general
Our Data Protection Officer ensures that personnel who handle personal information receive regular training on privacy and data protection obligations. 13.1 Recipients and frequency - Data protection managers: at least once per year - Personnel handling personal information: at least once per year - Other personnel designated by the Data Protection Officer: at least once per year 13.2 Topics covered - The importance of personal information protection - Compliance with the internal information protection plan - How to report data protection breaches - Prohibited activities for personnel handling personal information - Procedures for compliance with applicable privacy laws
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will notify you by posting the updated policy on our website and, where required by law, by other appropriate means such as email. This Privacy Policy is effective as of June 1, 2026.
