Privacy Policy

This is SMBIT's personal information processing policy.

Enactment 2021.07.01.

General Rules

SMBIT (hereinafter referred to as "company") in order to protect users' personal information and to quickly and smoothly handle related grievances, we establish and disclose personal information processing policies as follows.
1. Purpose of processing personal information
2. Items of personal information to be collected
3. Processing and retention period of personal information
4. Consignment of personal information processing
5. Matters concerning the installation, operation, and refusal of automatic personal information collection devices.
6. Destruction of personal information, procedures and methods
7. Measures to ensure the safety of personal information
8. User's rights (reading, correction, deletion, etc.) and exercise method
9. Remedies for Infringement of Rights
10. Change privacy policy

1. Purpose of processing personal information.

The Company will process personal information for the following purposes, and will not use it for any other purpose, and if the purpose of use is changed, it will implement necessary measures such as obtaining separate consent is obtained in accordance with the 「Personal Information Protection Act」 (hereinafter referred to as the "Act").
① Member management
• We process personal information for the purpose of confirming membership, maintaining and maintaining membership status according to membership service provision, preventing fraudulent use of service, notifying and grievance.
② Service provided
• We process personal information for the purpose of providing exchange services such as depositing, withdrawing, purchasing, selling, etc. of cryptocurrencies.

2. Items of personal information to be collected

The company collects user's personal information items as follows for smooth business processing according to the user's purpose of use.
① When you sign up
• Required items: name, mobile phone number, e-mail
② 2-step verification
• Required item: Bank name, Account number.
③ 3-step verification
• Required items: consent form (need to check personal information items), personal photo with ID card,
Copy of ID (Choose 1 from ID card or passport)
④ When consulting with the customer center
• Required items: name, mobile phone number, e-mail
⑤ Information collected automatically during the use of the service
• IP address, cookie, service usage record, device information.
⑥ When signing up for membership under the age of 14 • Those under the age of 14 cannot use the service regardless of the consent of their legal representative.

3. Processing and retention period of personal information.

The company processes and holds personal information within the scope of consent to collect personal information from users or the period of use under laws and regulations, and the period of retention is as follows.
• To prevent duplicate membership registration, retain mobile phone number and email for up to 1 year after withdrawal
• If preservation is necessary under other laws and regulations, hold it until the relevant period.
However, in the case of the following reasons, personal information is retained until the end of the relevant reason.
1. Records of contract or withdrawal of subscription: 5 years
2. Record of supply such as payment and goods: 5 years
3. Records of consumer complaints or disputes: 3 years

4. Consignment of personal information processings

In order to handle personal information smoothly, the Company entrusts personal information processing business domestically and internationally as follows.
① Overseas processing consignment status

Trustee	Nationality and Contact Information	Consignment work	Items to be consigned
Sendgrid	USA / [email protected]	Send mail	E-mail Address
BasisID	Estonia / [email protected]	KYC authentication	Name, gender, date of birth, ID, nationality, and facial authentication.
Coolsms	Korea / [email protected]	SMS Send	Mobile Phone Number

• Previous date and method: Transmission through a network every time a service is used.
• Period of retention and use of personal information: Until the purpose is achieved or the contract expires

5. Matters concerning the installation, operation, and refusal of automatic personal information collection devices.

The company uses 'cookies' to store and retrieve users' information from time to time. A cookie is a small amount of information that the server (HTTP) used to operate the website sends to the user's computer browser, and is also stored on the hard disk of the user's PC computer.
The purpose of using cookies is to provide optimized information to users by identifying the types of visits and use of each service and website of the company visited by users, popular search terms, secure access status, news editing, and the size of users, etc.
Users have the option to install cookies, such as allowing or rejecting cookie settings. Therefore, the user can accept all cookies by setting options in the web browser, check each time a cookie is saved, or refuse to save all cookies.
To refuse to set up cookies, you can allow all cookies by selecting the option of the web browser you use, go through confirmation every time you save them, or refuse to save all cookies.

6. Destroying personal information, procedures, and methods.

If personal information becomes unnecessary, such as the lapse of the period of personal information retention or the achievement of the purpose of processing, the company will destroy the personal information without delay.
① Personal information destruction procedure: The information entered by the user for customer inquiries will be transferred to a separate DB after the purpose is achieved, and will be destroyed after being stored for a certain period of time (see retention and usage period) according to internal policies and other reasons for information protection. This personal information is not used for purposes other than holding it unless it is in accordance with the law.
② Destruction Method: Personal information printed on paper is crushed with a shredder or destroyed through incineration. Personal information stored in the form of an electronic file is deleted using a technical method that cannot reproduce the records.

7. Measures to ensure the safety of personal information

The company is taking the following measures to ensure the safety of personal information in accordance with laws and regulations.
① Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
② Technical measures: management of access rights to personal information processing systems, encryption of personal information, storage of access records, and prevention of forgery and alteration, etc.
③ Physical Measures: Office and Server Room Access Control
The company is not responsible for the user's personal mistakes or for any incidents that occur due to basic Internet risks. In order to protect personal information, the user must properly manage his/her ID and password and take responsibility for it.

8. User's rights (view, correction, deletion) and method of exercise

① Users can exercise the right to view, correct, delete, and suspend processing of personal information at any time with respect to the company.
② The exercise of rights under paragraph 1 can be made in writing, by phone, or by e-mail to the person in charge of personal information protection, and the person in charge of personal information protection will take action without delay.
③ The exercise of rights pursuant to Paragraph 1 may be done through the user's legal representative or an agent such as a person who has been delegated.
④ Requests for viewing and processing personal information may be restricted or rejected by relevant laws and regulations.
⑤ The request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
⑥ When the company requests the suspension of viewing, correction, deletion, or processing of personal information according to the user's right, it checks whether the person who made the request is himself or a legitimate agent.

9. Matters concerning the change of personal information processing policy.

If there is any addition, deletion, or modification of the current personal information processing policy, it will be notified through the "Notice" on the website at least 7 days before the revision.
– Announcement Date: July 01, 2021
– Enforcement date: July 01, 2021