AirKitchen Co., Ltd. (hereinafter referred to as the “Company”) establishes this Privacy Policy in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, and other relevant laws to protect users’ personal information and to handle any related complaints promptly and smoothly. The Privacy Policy is made available through the Service’s main screen so that users can easily review it at any time, and may be subject to change in accordance with relevant laws, guidelines, notices, or changes to the Company’s service policies.
1. Collection and Use of Personal Information
The Company collects users’ personal information as follows. The personal information processed by the Company will not be used for purposes other than those specified below. Should the purpose of collection or use change, the Company will obtain separate consent in accordance with the Personal Information Protection Act and take the necessary steps.
1) The purposes of collection and use of member information, items collected, and retention period are as follows:
| Category | Purpose of Collection and Use | Items Collected | Retention and Use Period |
|---|---|---|---|
| Member Management | Member identification, provision of membership services, consultation management, mobile phone verification, prevention of illegal or fraudulent use | Nickname, name, mobile phone number, date of birth, gender, email address, (optional) profile image | Destroyed without delay after the purpose is achieved (e.g., upon membership withdrawal) (However, information required to be retained under relevant laws or company policies may be stored separately.) |
| Member Identification via Third-Party Accounts | Member identification, membership service provision, consultation management, mobile phone verification, prevention of illegal or fraudulent use | *Personal information collected: mobile phone number, nickname, name, date of birth, (optional) profile image *Personal information provided by third parties: - Kakao: Kakao ID, name, (optional) gender, age group, birthday, birth year - Naver: Naver ID, name, nickname, mobile phone number, (optional) gender, age group, birthday, birth year, email address - Apple ID: email address, Apple ID code - Google: email address, user ID, name | Destroyed without delay after the purpose is achieved |
| Service Use | Notifications regarding service progress, contract execution, and policy updates | Mobile phone number | Destroyed without delay after the purpose is achieved (except where retention is required by law) |
| Service Use | (Mobile phone authentication) User identification for service provision, identity verification, prevention of illegal or fraudulent use | Personal information provided by third parties: mobile phone number, CI, DI, date of birth, gender, domestic/foreign status | Destroyed without delay after the purpose is achieved |
| Service Use | Member management, prevention of illegal or fraudulent use, statistical analysis of service usage, service improvement, development of new services | IP address, cookies, service usage records, device information (device ID, OS version, model name, manufacturer information, etc.), advertising ID, communication logs | Destroyed without delay after the purpose is achieved |
| Reservation Orders | Processing of reservation orders, delivery of real-time waiting and order status, customer management, service and store evaluation | Name, mobile phone number, AirKitchen usage history | Stored for up to 6 months after the reservation date. However, reservation records are kept for the duration of the user’s membership for access to ‘Usage History’. |
| Inquiries | Inquiries (member support, partnership inquiries), member surveys | Email address, mobile phone number, name | Stored for 3 years in accordance with the Act on Consumer Protection in Electronic Commerce |
2) The purposes of collection and use of user information, items collected, and retention period are as follows:
| Category | Purpose of Collection and Use | Items Collected | Retention and Use Period |
|---|---|---|---|
| Optional Service Use [AirKitchen Web] | SMS delivery (app installation link) and prevention of fraudulent use | Mobile phone number | Destroyed 1 day after the purpose is achieved |
| Optional Service Use [History Sync] | Syncing of store visit history | Mobile phone number, store name visited, visit date/time, number of visitors | Destroyed upon termination of service linkage |
| Optional Service Use [Personalized Services] | Providing customized content and services based on user interests, preferences, and tendencies | Nickname, name, phone number, date of birth, gender, membership information, store usage and search history, cookies and service usage records | Destroyed upon termination of service linkage |
| Optional Service Use [SNS Account Linking] | Display of SNS profile link in AirKitchen profile and related services | SNS type and profile URL | Destroyed upon termination of service linkage |
3) User information collected and used under internal company policies is as follows:
| Category | Purpose of Collection and Use | Items Collected | Retention and Use Period |
|---|---|---|---|
| Internal Policy | Prevention and verification of abusive sign-ups (fraud), fraudulent service use (fake reviews, abuse of promotions, etc.) | Mobile phone number, email address, device information, CI/DI, reviews | Stored for 3 years after membership withdrawal |
4) During service usage, the following automatically generated information may be collected, stored, combined, and analyzed: - IP address, cookies, service usage records, device information (device ID, OS version, model name, manufacturer information, etc.), advertising ID, communication logs 5) The Company may use all collected personal information and automatically collected data for member management, prevention of illegal or fraudulent use, statistical analysis of service usage, service improvement, and development of new services. 6) Users may refuse consent; however, since this information is essential for providing the AirKitchen service, refusal may limit service availability.
2. Outsourcing of Personal Information Processing
① The Company may outsource personal information processing tasks to third-party companies to provide smoother and enhanced services. When outsourcing such tasks, the Company supervises the contracted parties to ensure the safe processing of personal information and restricts any processing beyond the commissioned purpose.
② The Company outsources personal information processing tasks as follows:
| Trustee | Outsourced Tasks |
|---|---|
| Daou Technology Inc. | Kakao notification messages, mobile SMS/LMS/App push delivery |
| NICE Payments Co., Ltd. | Electronic payment processing |
3. Procedure and Method of Destroying Personal Information
① The Company destroys the user’s personal information without delay once the retention period has expired, the processing purpose has been achieved, or the information becomes unnecessary due to termination of the service agreement.
② If personal information must continue to be preserved under other laws despite expiration of the consented retention period or achievement of the processing purpose, the information will be moved to a separate database (DB) or stored in a different location. - Cases where personal information must be retained under other laws:
| Law | Items | Retention Period |
|---|---|---|
| Act on Consumer Protection in Electronic Commerce | Records of contracts or subscription withdrawals | 5 years |
| Act on Consumer Protection in Electronic Commerce | Records of payment and supply of goods/services | 5 years |
| Act on Consumer Protection in Electronic Commerce | Records of customer complaints or dispute resolution | 3 years |
| Electronic Financial Transactions Act | Electronic financial transaction records | 5 years |
| Protection of Communications Secrets Act | Service usage logs | 3 months |
③ The Company may destroy or separately store personal information of users who have not used the service for 1 year. - In such cases, the Company may notify users 30 days prior via public notice or email regarding the scheduled destruction or separation, the expiration date of the inactivity period, and the personal information items subject to such measures. Users must maintain accurate contact information for this purpose. ④ Methods of destruction: - Procedure: Personal information subject to destruction is approved by the Personal Information Protection Officer before being destroyed. - Method: Electronic files are destroyed through technical or physical methods to prevent recovery. Printed documents are shredded or incinerated.
4. Rights of Users and Legal Representatives and How to Exercise Them
① Users may directly view, modify, and delete their personal information, and the Company provides features for such actions. ② Users and legal representatives may request access, modification, or deletion of personal information, and the Company will verify identity and take appropriate action. ③ If a user requests correction of errors in personal information, the information will not be used or provided until correction is completed. ④ Users must keep their personal information up to date, and are responsible for consequences arising from inaccurate information. ⑤ If a user signs up using someone else's personal information, membership may be revoked and penalties may apply under relevant laws. ⑥ Users are responsible for maintaining the security of their email accounts, passwords, and other credentials, and must not transfer or lend them to third parties.
5. Installation, Operation, and Refusal of Automatic Personal Information Collection Tools
① Online Behavioral Advertising (1) Online behavioral advertising uses user visit history, activity logs, and search history (hereinafter 'behavioral information') to provide useful advertising. (2) The Company allows online advertising providers to collect advertising identifiers (advertising ID) and behavioral information. - Advertising identifiers are IDs issued by mobile operating systems (OS) used for personalized ads (e.g., ADID, IDFA). - Behavioral information includes app usage history, purchase history, search history, etc. (3) Information is automatically collected when the user visits the website or uses the app. The advertising provider is: - Google
(4) For personalized advertising, the Company provides the following information. The Company does not identify individuals using advertising IDs and does not provide other personal information together with them.
| Advertising Provider | Items of Behavioral Information Collected | Collection Method |
|---|---|---|
| Advertising ID (ADID) | Advertising and content delivery |
(5) How to manage personalized ads ① Users may disable personalized ads at any time, in which case personalized ads will no longer appear. ② Personalized ads can be disabled through the following OS settings if users do not wish to receive interest-based ads in mobile apps. (6) Protection of Behavioral Information ① AirKitchen values user information and does not collect sensitive information that may clearly infringe on user rights or privacy. The Company does not combine behavioral information collected via advertising identifiers with personally identifiable information without user consent. ② Behavioral information collected via advertising identifiers is retained for up to 1 year for providing demographic-based targeted advertisements and content, after which it is destroyed using non-recoverable methods. ③ AirKitchen does not knowingly collect behavioral information from children under 14, nor does it provide personalized advertising to users known to be under 14.
6. Technical and Administrative Measures to Protect Personal Information
The Company implements the following technical and administrative measures to prevent loss, theft, leakage, alteration, or damage of personal information while processing users’ personal data. ① Password Encryption User passwords are stored and managed using one-way encryption and can only be checked or modified by the user who knows the password. ② Protection Against Hacking (1) The Company does its best to prevent leakage or damage of personal information due to hacking, computer viruses, or network intrusion. (2) Intrusion prevention systems are used to ensure maximum security. (3) Sensitive personal information is transmitted securely over networks through encrypted communication. ③ Minimization and Training of Personal Information Handlers The Company limits the number of employees handling personal information and provides training to ensure compliance with laws and internal policies. ④ Operation of a Dedicated Personal Information Protection Department The Company operates a dedicated department responsible for personal information protection and ensures that compliance with this policy is monitored and any issues are addressed promptly.
7. Personal Information Protection Officer and Complaint Handling Department
① The Company appoints a Personal Information Protection Officer and related staff responsible for overseeing personal information processing and handling user complaints and inquiries. ② Users may contact the Personal Information Protection Officer or related staff regarding any inquiries, complaints, or damage relief related to personal information while using the Company’s services. The Company will respond promptly.
⑴ Personal Information Protection Officer
| Name | Position | Contact (Email / Phone) |
|---|---|---|
| Lee Hyukjin | Personal Information Protection Manager | help@airkitchen.com / 02-3443-7586 |
⑵ Complaint Handling Department
| Department | Contact (Email / Phone) |
|---|---|
| Operations Team | help@airkitchen.com / 02-3443-7586 |
8. Reporting and Consulting Regarding Personal Information Infringement
Users may contact the institutions below for reporting or consulting regarding personal information infringement. These institutions are independent from the Company, and users may seek assistance from them if they are not satisfied with the Company’s internal complaint handling or investigation results.
| Institution | Contact | Website |
|---|---|---|
| Personal Information Infringement Report Center | 118 | privacy.kisa.or.kr |
| Supreme Prosecutors’ Office Cybercrime Investigation Division | 1301 | www.spo.go.kr |
| National Police Agency Cyber Bureau | 182 | www.cyber.go.kr |
| E-Commerce Dispute Mediation Committee | 1661-5714 | https://www.ecmc.or.kr |
9. Duty of Notification
① This Privacy Policy may be modified in accordance with laws, government policies, or internal company policies. Any additions, deletions, or revisions will be announced through the website’s ‘Notice’ section. ② This Privacy Policy takes effect on August 6, 2025, and previous versions may be found in the Notice section. - Announcement Date: September 19, 2025 - Effective Date: September 19, 2025