Effective Date: Sep 8, 2025
Last Updated: Sep 8, 2025
Company: Michelo Robotics Inc. (“the Company”)

This Privacy Policy describes how Michelo Robotics Inc. (“the Company”) collects, uses, and protects personal information of users (“Users”) in connection with the Company’s website and related services (“Services”).
Users must review and agree to this Privacy Policy before using the Services.

Article 1 (Purpose of Collecting and Processing Personal Information)

The Company collects and processes personal information for the following purposes. The collected personal data will not be used for purposes other than those stated below. If the purpose of use changes, the Company will obtain separate consent in accordance with Article 18 of the Personal Information Protection Act of the Republic of Korea.

1. Membership Registration and Management
   To verify membership intent, confirm identity for paid services, prevent unauthorized or fraudulent use, verify legal guardians, handle complaints and disputes, and send important notifications.
   
   
2. Execution of Service Agreements and Billing
   To process financial transactions, confirm user identity for payments, deliver products or invoices, provide services and content, verify age, and handle billing or collection.
   
   
3. Customer Support and Complaints Handling
   To verify identity, confirm the details of inquiries, communicate results, and notify users of outcomes.
   
   
4. Service Improvement, Marketing, and Advertising
   To develop new services, offer customized content, analyze service usage, verify service effectiveness, and display targeted advertisements.
   
   
5. Methods of Collecting Personal Information

   The Company collects personal information through:
   Website, written forms, fax, phone, online inquiry forms, email, event applications, and delivery requests
   Partner companies
   Automated data collection tools (e.g., cookies, analytics systems.

1.  

Article 2 (Categories, Processing, and Retention of Personal Information)

1. Processing and Categories of Personal Information
The Company processes personal information provided with consent or as permitted by law. Information collected upon registration includes:

• For Warehouse Members:
  Business registration number, company name, address, phone number, business email, warehouse details, contact person’s name and phone number (for foreign users, alien registration or passport number, and legal representative information may be included)
• For Shippers:
  Business registration number, company name, address, phone number, business email, contact person’s name and phone number
• Automatically Collected Information:
  IP address, cookies, access logs, usage history, payment records, transport performance data, and records of restricted use
• Additional Service or Event Participation:
  Information collected only with separate consent during service-specific or promotional events.
• Payment Information (for paid services):
  
  • Credit card payments: card company name, card number, etc.
  • Mobile payments: phone number, carrier, approval number, etc.
  • Bank transfer: bank name, account number, etc.

2. Retention and Use Period
Personal information will be destroyed once its collection and use purpose is fulfilled. However, data may be retained under the following conditions:

(1) Retention by Company Policy

• Abnormal Usage Records
  
  • Purpose: Prevent fraudulent use
  • Retention Period: 5 years

(2) Retention under Applicable Laws

Type	Retained Information	Legal Basis	Retention Period
Contract or withdrawal records	Registration forms, agreements	Act on Consumer Protection in Electronic Commerce	5 years
Consumer complaints/disputes	Complaint records, emails	Information and Communications Network Act	3 years
Transaction records	Trade, payment, and tax-related records	Commercial Act, Electronic Financial Transactions Act, Tax Law	5 years
Survey and statistical data	Research materials with personal info	Customer satisfaction and system improvement	5 years
Website access logs	Access history	Protection of Communications Secrets Act	3 months

Article 3 (Provision of Personal Information to Third Parties)
The Company does not provide personal information to third parties without the User’s consent, except in the following cases:

• With prior consent of the User
• When required by law
• When necessary to protect life, body, or property of the User or others in emergencies
• When used for statistical or academic research in anonymized form
• When legally authorized after review by the Personal Information Protection Commission
• For compliance with treaties or international agreements
• For criminal investigations, prosecutions, or court orders
• For enforcement of judicial or protective measures

Article 4 (Entrustment of Personal Information Processing)
The Company currently does not entrust personal information processing to any external parties.
If outsourcing becomes necessary, the Company will establish a written agreement including:

• Prohibition on processing beyond delegated scope
• Administrative and technical protection measures
• Safety and supervision responsibilities
• Indemnification obligations for breaches

The Company will disclose details of entrusted parties and processing purposes on its website in such cases.

Article 5 (Rights of Data Subjects and Exercise Methods)

1. Access to Personal Information
   Users may request access to their personal data held by the Company under Article 35 of the Personal Information Protection Act.
   Access may be restricted in cases prescribed by law (e.g., harm to others’ rights, national investigations, or tax audits).
   
   
2. Correction or Deletion
   Users may request correction or deletion of their data under Article 36, except where retention is legally required.
   
   
3. Suspension of Processing
   Users may request suspension of processing under Article 37. However, suspension may be denied if:
   
   • Required by law
   • Necessary to protect life, body, or property of others
   • Required for legal obligations or service performance where contract termination is not requested

Article 6 (Destruction of Personal Information)
The Company destroys personal information without delay once the processing purpose is achieved.

• Procedure:
  Data is transferred to a separate database (or physical storage for paper documents) and destroyed after the retention period expires.
• Methods:
  
  • Electronic data is permanently deleted using technical methods.
  • Paper documents are shredded or incinerated.

Article 7 (Measures for Ensuring Security of Personal Information)
The Company implements the following administrative and technical measures:

• Restriction and training of authorized personnel
• Access control and monitoring using firewalls and secure databases
• Secure physical storage of personal data
• Log retention and tamper prevention (minimum 6 months)
• Encryption of sensitive data such as passwords and resident registration numbers
• Regular updates and inspection of security programs
• Physical access control for data centers and server rooms
• Regular internal and external audits
• Establishment of internal management plans

The Company is not liable for damages caused by user negligence or incidents beyond its control.

Article 8 (Cookies and Automated Data Collection)
The Company uses cookies to provide personalized services to registered members.

• Purpose of Cookies:
  To maintain login sessions, remember preferences, and enhance user experience.
• How to Manage Cookies:
  Users can allow, block, or delete cookies through their web browser settings.
  Example (Internet Explorer):
  
  1. Go to Tools → Internet Options → Privacy Tab
  2. Adjust cookie handling settings

Please note that disabling cookies may limit website functionality.

Article 9 (Personal Information Protection Officer)
The Company designates the following individual as the Data Protection Officer (DPO):

Data Protection Officer:

• Name: Jangjun Park, CEO, Michelo Robotics Inc.
• Email: contact@michelorobotics.com

For further inquiries or complaints, Users may contact the following institutions:

• Personal Information Infringement Report Center: privacy.kisa.or.kr / ☎ 118
• Supreme Prosecutors’ Office Cybercrime Unit: www.spo.go.kr / ☎ 02-3480-3571
• National Police Agency Cyber Bureau: www.ctrc.go.kr / ☎ 182

Article 10 (Other Provisions)
This Privacy Policy does not apply to third-party websites linked within the Company’s Services.
The Company is not responsible for personal data collected independently by such external sites.

Article 11 (Notification of Revisions)
If there are additions, deletions, or modifications due to changes in operation or security technology, the Company will notify users at least seven (7) days prior via website or app notices.