Nara space logo

Personal Information Protection Act

Corporate Website Privacy Policy

A privacy policy refers to guidelines a company must comply with in order to ensure that users can use its services with confidence.

Nara Space Technology ("Company") adheres to statutory laws and personal data protection regulations of the Republic of Korea applicable to data controllers, and provides a privacy policy in compliance therewith.

The Company collects, uses and provides a user’s personal information based on the user’s agreement, and actively guarantees the user’s right (right to make a decision over one’s own personal information).

This Privacy Policy is applicable to users who wish to use  NaraSpaceTechnology’s recruitment process, partner proposal, and  NaraSpaceTechnology website (“User”).

1. Personal Information Collection

The Company collects the minimum amount of personal information necessary to provide services.
The minimum information required to provide the service is required, and if additional collection is necessary depending on the nature of the service, consent is obtained as an optional item. Even if you do not consent to the optional items, there are no restrictions on the use of the service.

  1. ① Recruitment (Applicant Registration and Registration in Talent Pool)
    1. 1) Applicant registration
        • Required
        • - name, mobile phone no, email, resume, portfolio link, Job experience
  2. 2) Application Writing and Job Posting Response
      • Required
      • name, mobile phone no, email, resume, Job experience
      • Optional
      • - portfolio link
  3. ② Partnership proposal
      • Required
      • - First Name, Last Name, email, Affiliation, mobile phone no.
  4. ③ In addition, the following information may be created and collected automatically while you use our services.
    • Service use history (IP Address, date of visit), cookie, device information (the user's browser and OS).
  5. ④ The Company collects personal information using the following means.
    • The Company collects personal information entered by a user after agreeing to the collection of personal information in the course of sign-up process and service use.
    • In some cases, personal information may be collected in paper format or via email.

2. Use of Personal Information

The Company uses a user's personal information within the scope of the purposes for which consent has been granted.

  1. ① Applicant management
    • Applicant identification, confirmation of the intention to apply, recruitment process, notification, smooth communication with applicants, reference for ongoing recruitment
    • (Upon recruitment) Salary determination, employee identification, HR management, employment contract signing and implementation (placement, welfare, training, salary, etc), employee directory, payroll, etc.
  2. ② Management of partnership proposal
    • Filing of partnership proposal, return of processing result

3. Provision of Personal Information

The Company does not provide your personal information to third parties, unless you have given a separate consent or as it is prescribed by law.

4. Destruction of Personal Information

  1. ① A user's personal information is to be destroyed immediately once the purpose of its collection and use is fulfilled. The procedure and method of destruction are as follows:
    • The method of destroying personal information that has to be destroyed because the purpose of its collection and use has been achieved, or because the user has unsubscribed from the service, will be determined depending on the format of the personal information. Personal information stored in electronic file formats is to be deleted using technical means which make the information unrecoverable. Personal information printed on paper records, printed matters and documents is to be destroyed through shredding or incineration.
  2. ② Any information that is destroyed after being stored for a certain period under the internal policies is as follows:
    1. 1) A partnership proposal is to be kept for 3 months after review and destroyed without delay.
    2. 2) The application history of an applicant will be stored for one year from the date of withdrawal and then destroyed to confirm the application history and limit re-application of those who did not pass the interview. (However, at this time, it is safely converted so that the original value cannot be checked, and is used only in the form of a comparison value.)
    3. 3) Among the information of final successful applicants, information permitted to be retained by relevant laws will be stored for the period specified by law. (However, if a consent is obtained, personal information may be processed and retained within the agreed purpose and retention period of personal information.)
        1. a) Issuance of employment certificate such as a career certificate for a leaver.
          1. i) Ground for retention: Labor Standards Act
          2. ii) Retention period: 3 years
        1. b) Processing of year-end tax adjustment
          1. i) Ground for retention: Income Tax Act, Framework Act on National Taxes
          2. ii) Retention period: 5 years

5. Rights of Users & Legal Representatives and Exercising Those Rights

Users may possess the following rights regarding the handling of their personal information:

  1. 1) The right to request access to (or view) personal information;
  2. 2) The right to request rectification of personal information;
  3. 3) The right to request suspension of personal information processing; and
  4. 4) The right to request deletion of personal information and to withdraw consent or terminate membership.

To ensure a smooth recruitment process, an applicant may not edit or delete the application form which has already been submitted to the Company. If the applicant wants to delete personal information, he or she must contact the person in charge of recruitment.

  • Talent Recruitment Officer : career@naraspace.com

When processing the personal information of a child under 14, obtaining consent from his/her legal guardian is mandatory.The legal guardian holds the authority to access, modify, delete, suspend processing, and withdraw consent on behalf of the child.

To secure a legal guardian's consent, minimal information such as the legal guardian's name and contact details might be solicited from the child, and the legal guardian's consent is confirmed using the following means.

  1. 1) Verifying the legal guardian's identity via their mobile phone authentication
  2. 2) Providing a written consent form to the legal guardian for endorsement and submission; and\
  3. 3) Furthermore, equivalent means to those mentioned above might be employed to communicate the specifics of the consent to the legal guardian and ascertain their intention to provide consent.

6. Measures to Ensure the Security of Personal Information

The company has established and rigorously adheres to the following measures to ensure the security of users' personal information, preventing its loss, theft, leakage, alteration, or damage. 

The company complies with regulations regarding the protection of personal information, including the 'Personal Information Protection Act' and the 'Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.'

However, in cases where the company has fulfilled its obligation to protect personal information but issues arise due to insufficient security management of the user's PC or the user's own negligence resulting in the leakage of passwords, important information, or personal information, the company assumes no responsibility.

  1. ① Technical Measures
    1. 1) The company encrypts communication channels internally and externally to protect personal information during transmission over the network.
    2. 2) To prepare for unforeseen circumstances, the company regularly backs up personal information and takes necessary security measures, including the use of antivirus programs, to prevent unauthorized leakage or tampering of user's personal information due to hacking, viruses, or other threats.
    3. 3) We employ intrusion prevention systems to control unauthorized access from external sources, and we continuously review and improve our personal information protection compliance program in line with changes in the social and business IT environment.
  2. ② Administrative Measures
    1. 1) The company restricts access rights and personnel for personal information to a minimum, and limits the personnel who can process personal information to the following categories:
    2. 2) Personnel who directly handle tasks related to addressing complaints, grievances, inquiries, and responses with users
    3. 3) Personnel who oversee, manage, or supervise tasks related to personal information.
    4. 4) Individuals responsible for managing events, promotions, or marketing-related tasks.
    5. 5) Individuals responsible for developing, maintaining, and operating the personal information processing system.
    6. 6) Individuals for whom the processing of personal information is unavoidable during the course of their duties.
    7. 7) The company conducts regular annual privacy protection training for individuals involved in processing personal information and subcontractors.
    8. 8) The company ensures compliance with its privacy policy and the protection of personal information by using internal (individual) information protection departments or similar entities. In case any issues are identified, the company takes immediate corrective measures to address and rectify them.
  3. ③ Physical Security Measures
    1. 1) The company stores documents and removable storage media containing personal information in secure locations with locking mechanisms.
    2. 2) The company implements physical access controls for personal information processing systems and has established and follows procedures.

The company complies with the General Data Protection Regulation (GDPR) of the European Union and the laws of EU member states.

If the company provides services to users within the European Union, the following may apply

  1. ① Purpose and Legal Basis for Processing Personal Information

    The company only uses collected personal information for the purposes stated in '3. Use of Personal Information' and obtains prior consent from users after informing them of this fact.

      • 1) Under the GDPR and similar regulations, The company may process user's personal information in the following circumstances
        • Consent of the data subject
        • In order to enter into and fulfill a contract with the data subject
        • For compliance with legal obligations
        • For the vital interests of the data subject
        • For the legitimate interests pursued by the company

      ※ Except when the interests and rights or freedoms of the data subject outweigh those legitimate interests.

  2. ② Ensuring the Rights of Users within the European Union

    Under GDPR and similar regulations, users have the right to request the transfer of their personal information to another controller and can also request the refusal of their information processing. Users also have the right to file complaints with data protection authorities.

    The company may use personal information for marketing purposes, such as events and advertising, with the user's prior consent. Users can withdraw their consent at any time if they do not wish to receive such communications.

    Requests related to the above can be made by contacting our customer support via mail, phone, or email, and we will take the necessary actions. If you request a correction to your personal information, we will not use or provide it until the correction is completed.

7. Information on the Installation, Operation, and Rejection of Personal Information Automatic Collection Devices

  1. ① The company uses "cookies" for the purpose of providing users with customized services and enhancing the convenience of the website environment. Users have the option to refuse cookies.
    1. 1) What are Cookies?
      • Cookies are very small text files sent by the server operating a website to the user's browser, which are stored on the user's computer hard drive. When users use the company's services, the server reads the contents of the cookies stored on the user's computer to verify the user's information.
    2. 2) Purpose of Using Cookies
      • The company uses cookies to analyze factors such as user service access frequency, visit times, and visit counts. Additionally, it aims to understand user preferences, interests, and other related information. These insights are used to provide personalized services to users.
    3. 3) Installation and Operation of Cookies
      • Users have the voluntary right to allow or disallow cookies by changing the options in their web browser.
      • If you do not allow the use of cookies, you may encounter difficulties in using certain services provided by the company.
    4. 4) Cookie Settings and Rejection Methods
      • Users can autonomously change their web browser's options to prevent the collection of cookies.
      • For Internet Edge: [Tools] → [Internet Options] → [Privacy] → [Advanced]
      • For Chrome: [ ⋮ ] (upper right corner of the web browser) → [Settings] → [Privacy and Security] → [Cookies and other site data]
      • ※ For other web browsers, the settings may vary according to each browser's specific methods.
  2. ② The Company may use various external web analytics tools to track, evaluate, and improve website visits and email marketing. Users have the right to opt-out of the use of their data. The opt-out methods will adhere to the specific procedures for each analytics tool.
    CookieNameProviderPurpose
    HubSpotHubSpot
    We use user data to provide, maintain, and improve our services, to offer support, and to prevent or address technical or security issues. HubSpot's privacy policy can be viewed here.
    Google AnalyticsGoogle
    Content reports help identify the best-performing areas of the website and the most popular pages to create a better experience for customers. Google's privacy policy can be viewed here.

8. The Data Protection Officer (DPO) and Complaints Handling Department for Personal Information Protection

The company has designated a Data Protection Officer (DPO) and a Complaints Handling Department for inquiries and complaints related to user's personal information.

  1. ① Users can report complaints regarding personal information related to the company's services to the Complaints Handling Department or Data Protection Officer of the company. The company will provide a prompt response as soon as the report is received. 

    Privacy Protection Officer and Responsible Department

    • Personal Information Protection Manager: Jaepil Park (CEO)
    • Personal Information Protection Officer: Dongmin Lee (Team Leader)
    • Contact: +82) 02-3667-0331
    • 이메일 : support@naraspace.com
  2. ② If you require assistance with any other matters related to personal information, you can seek help from the following organizations.
    • KISA Report Center for Personal Information Breach : privacy.kisa.or.kr / (Toll free)118
    • Cyber Crime Investigation, Supreme Prosecutors' Office : cid@spo.go.kr / (Toll free)1301
    • National Police Agency Cyber Bureau : ecrm.cyber.go.kr / (Toll free)182

9. Information on notification of amendment prior notification obligation

We may modify the Privacy Policy for purposes such as reflecting changes in laws or services. In the event of any changes to the Privacy Policy, we will provide advance notice at least 7 days prior to the changes.

For significant changes, such as modifications to the types of personal information collected or the purposes of use, we will provide notice at least 30 days in advance.

At The company, we value your information and are committed to ensuring that you can use our services with confidence. We will make our best efforts to provide you with a secure and reliable experience.

Addendum

  • Notification Date : July 16, 2025
  • Enforcement Date : July 23, 2025
Previous Privacy Policies List