General Data Protection Policy
Ossvis(“The Company”) deeply committed to safeguarding the personal information, and our privacy principles guide all of our global business operations. These principles ensure that we protect users’ privacy consistently across all regions. Our approach to privacy complies with the laws of each respective country, and it is fundamentally shaped by the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
This Privacy Policy governs the information provided or collected through the applications of the Company available on the website platform where this policy is posted.
It delineates our policies and procedures concerning the collection, use, and disclosure of users’ information when utilizing our services. Additionally, it informs users of privacy rights and the protections afforded to users by law.
For the purpose of data protection of its users, the Company maintains a record of processing activities (Article 30 of GDPR), designates a Data Protection Officer (DPO) to operate its business in accordance with GDPR (Article 37 of GDPR), implements Data Protection Impact Assessment (DPIA) under the supervision of the DPO and trains its employees for data protection (Article 39 of GDPR).
The Company formulates legal framework to process personal data including sensitive data (Articles 6 and 9 of GDPR) and has the explicit consent of the data subject to the processing of his or her personal data (Article 7 of GDPR). It has the explicit consent of a data subject in case of automated individual decision-making, including profiling (Article 22 of GDPR), and has the consent of the holder of parental responsibility over a child for the child’s data processing, in which case it makes reasonable efforts to verify if such consent is given or authorized by the lawful person, taking into consideration available technology (Article 8 of GDPR). Additionally, in case of transfer of personal data to third countries, the company has the explicit consent of a data subject (Article 49 of GDPR).
The Company allows a data subject to exercise his or her rights guaranteed by GDPR as follows: the right to receipt of his or her data (Articles 13 and 14 of GDPR), the right to access (Article 15 of GDPR), the right to rectification (Article 16 of GDPR), the right to erasure (Article 17 of GDPR), the right to restriction of processing (Article 18 of GDPR), the right to data portability (Article 20 of GDPR), the right to object (Article 21 of GDPR) and the right not to be subject to an automated individual decision-making, including profiling (Article 22 of GDPR).
The Company is in compliance with the obligations of data protection by design and by default (Article 25 of GDPR) and implements technical and operational measures reasonably necessary to prevent the data from leakage and breach (Article 32 of GDPR). It notifies a personal data breach to the supervisory authority within 72 hours after having become aware of it (Article 33 of GDPR) and communicates a personal data breach to a data subject without undue delay if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons (Article 34 of GDPR).
This Privacy Policy may be used as proof that the Company complies with the requirements of GDPR.
This policy will take effect on October.31, 2025. Any subsequent revisions will be communicated through announcements on our website (or via individual notifications, such as emails).
1. Information Collected and Methods of Collection
(1) Personal Information Provided Directly by Users and Its Purpose
The Company utilizes your personal data to provide and enhance our website services. By using our services, you consent to the collection and use of information in accordance with this Privacy Policy.
| Service Name | Collection Method | Collected Personal Information | Purpose of Use |
| Website | By submitting inquiries | * Required: Category, Job, First Name, Last Name, Email, Phone, Country | To respond to product inquiries |
| * Optional: City, Company Name, Areas of Interest, Contents | To provide content and customized services |
※ The Company processes users' personal information lawfully in accordance with applicable laws only under the following circumstances:
-
When the user has expressly consented to the processing of their personal information
- When processing is necessary for the performance of a contract to which the user is a party, or in order to take actions at the user's request prior to entering into a contract
- This includes, but is not limited to, member management and identity verification -
When processing is mandated for compliance with a legal obligation to which the Company is subject
- This encompasses adherence to relevant laws, regulations, legal procedures, and government requests -
When processing is deemed necessary to protect the vital interests of the user or another natural person
When processing is required for the execution of a task carried out in the public interest or in the exercise of official authority vested in the Company - When processing is necessary for the legitimate interests pursued by the Company or a third party (provided that such interests do not override the interests or fundamental rights and freedoms of the user—particularly in instances where the user is a minor and heightened privacy protections are warranted).
(2) Automatically Collected Information
In the course of utilizing the website, the Company may collect the following personal information, strictly adhering to relevant laws and maintaining a respect for user rights:
| Service Name | Collection Method | Collected Personal Information | Purpose of Use |
| Website | Cookies deployed upon access to the website |
- Computer operating system, internet browser, and device specifications - IP address - User access pathways and website activity data (including viewed pages, search terms, and the frequency of visits to the website) |
To enhance and optimize personalized services |
※ Reason for Using Cookies
- Strictly Necessary (Functional) Cookies: These cookies are essential to enable users to navigate the website and use its core functionalities.
- No Other Cookies Collected: We do not collect other types of cookies such as Marketing, Measurement (Analytics), Preferences (for enhanced user experience), Other, or Social media cookies.
You may disable cookies through your browser's help or settings menu. However, please be aware that disabling cookies may limit your ability to use certain features of the website or affect its overall functionality. For instructions on how to disable cookies, please refer to the [Appendix]
2. Use of Personal Information
The personal information of users collected through the website shall be utilized for the following purposes. If information is used for purposes other than those specified in this Privacy Policy, the Company will seek the user's consent.
(1) Inquiries and responses regarding services (products)
‒ Addressing product inquiries submitted by users via the website
‒ Responding to user requests for information regarding areas of interest
(2) Provision of customized services
- Delivering customized services related to products through local operators in the EU and other jurisdictions
(3) Profiling
We may process users' personal information for the purpose of profiling. Profiling encompasses the identification, analysis, and prediction of users' interests and preferences, thereby facilitating the automatic provision of tailored content and commercial information that aligns with specific interests and requirements.
Such information will be utilized exclusively to establish customer profiles and preferences, thereby ensuring the delivery of more pertinent content. The Company may integrate the data provided by all its websites and applications with the users’ personal data provided by the Company. The processing of personal data for profiling is carried out in line with the guarantees and measures specified in applicable law (Article 22 of GDPR).
(4) Compliance with legal obligations
Users' personal information may be utilized for the following purposes:
- Compliance with requests from governmental authorities, the judiciary, and law enforcement agencies, or the enforcement of court judgments
- Adherence to integrated terms and conditions as well as the privacy policy
- Safeguarding our rights and managing resultant consequences in the event of damages
- Prevention of unlawful activities, including but not limited to fraud
3. Retention Period of Personal Information
(1) The Company retains personal information for the duration stipulated by applicable laws or within the retention period agreed upon at the time of collecting personal information from the user.
(2) The specific retention period of personal information is as follows:
| Category | Collected Personal Information | Retention Period |
| Inquiring about products | * Required: Category, Job, First Name, Last Name, Email, Phone, Country | Upon request for deletion or withdrawal of consent |
| * Optional: City, Company Name, Areas of Interest, Contents | ||
| Providing to third parties | * First Name, Last Name, Email, Country, Areas of Interest |
※ Users have the right to request the deletion of their personal information.
The Company will promptly undertake corrective and deletion measures upon such requests within the stipulated retention periods. However, personal information may be retained in accordance with applicable laws in cases of legal disputes or other permitted reasons.
4. Outsourcing of Personal Information Handling
The company outsources certain services to the following companies. In accordance with applicable laws, essential terms and conditions are stipulated in contract with the entrusted companies to safeguard your personal information
| Company Name | Relocated Countries | Entrusted Services |
| GoDaddy | Republic of Korea | Cloud infrastructure operation (no personal information processing) |
| Huvitz Layer7 | Republic of Korea | Website operation, Data Backup Management |
5. Sharing and Provision of Personal Information
The Company may provide users' personal information to third parties, including but not limited to:
(1) With Service Providers or business partners: We may share users’ personal information with Service Providers or business partners to monitor, to analyze the use of our Service, to offer users certain products, services or promotions. For inquiries regarding partner companies, please contact alexpark@ossvis.com
(2) For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
(3) With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
(4) With Your consent: We may disclose Your personal information for any other purpose with Your consent
(5) For Compliance with Law or Regulatory Action or Requests: We may disclose your information, including Personal Information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary to.
(6) We will not sell, rent, or lease your Personal Information to any third party unless disclosed to you at the time of your submission of such information.
6. Rights of EU Users
(1) Right to provide information regarding the processing of personal data, as well as the rights to access, rectify, erasure, or restrict such processing.
You have the right to request access to, modification of, rectification of, or deletion of the personal data we have collected about you. However, we reserve the right to refuse deletion if we can demonstrate a compelling legitimate basis for retaining your information.
(2) Right to restrict the processing of your personal data under the following circumstances:
- In the event that you contest the accuracy of your personal data
- If the processing is deemed unlawful, yet you oppose the deletion of your personal data and instead request its processing to be restricted
- When your personal data is no longer necessary for the purposes for which it was collected, but you require it for the establishment, exercise, or defense of legal claims
- In circumstances where the processing is essential for the performance of a task carried out in the public interest or for the purposes of legitimate interests, and the controller is engaged in assessing whether the legitimate grounds of the organization supersede those of the individual
(3) Right to data portability
The Company acknowledges your right to data portability, which grants you the ability to transfer your personal data to another system for your convenience, provided that such transfer does not adversely affect the rights and freedoms of other individuals.
(4) Right to object
‒ For direct marketing purposes, should your personal data be processed for the promotion of goods or services
‒ Profiling: In situations where an individual's behavior, interests, and preferences are analyzed to predict specific characteristics or behaviors.
‒ For processing carried out in the public interest: You may exercise the right to object, even when your personal data is utilized for scientific research or statistical purposes, based on your specific circumstances.
(5) Right to withdraw prior consent
You are granted the right to withdraw your consent (if present) to the processing of your personal data at any time. This encompasses the right to revoke consent concerning automated decision-making and profiling.
(6) Rights related to automated individual decision-making, including profiling
You have the right to refrain from being subjected to decisions that rely solely on automated processing, particularly in cases where such decisions significantly impact you and are predicated exclusively on automated means.
To exercise any of the rights described above, please email us at it@ossvis.com.
7. Rights of California Residents
The CCPA provides Consumers (California residents) with specific rights regarding their Personal Information. For more detailed information on your CCPA rights and how to exercise those rights, see Guide to CCPA Consumer Privacy Rights [here]
We do not share your personal information with third parties for direct marketing purposes, except as permitted by law. We may share personal data with third parties for marketing purposes in relation to our product inquiry services. Should our policy change, we will make the necessary adjustments in accordance with applicable laws and notify you in advance.
(1) Access: You may request that we disclose certain information regarding our use of your personal information over the past twelve (12) months. You may only make such requests twice per twelve (12) months.
Upon verifying your request (see below), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- The specific pieces of personal information we collected about you.
- Our business purpose for collecting that personal information.
- The categories of third parties with whom we share personal information.
(2) Deletion: You may request that we delete any of the personal information collected from you and retained by us, subject to certain exceptions. Once your request is verified (see below) and we have determined that we are required to delete that information in accordance with applicable law, we will delete and direct our service providers to delete your personal information from our records. Your request to delete your personal information may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the CCPA. Please note that a record of your deletion request may be kept pursuant to our legal obligations.
(3) Opt-out of Sales: You have the right to opt-out of the sale of your personal information. Within the last twelve (12) months, none of your personal information has been sold to a third party, but in such case, we will promptly provide a “Do not sell my Personal Information” banner through which you may submit your request to opt-out of the sale of your personal information.
(4) Non-Discrimination: California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
(5) The right to correct inaccurate personal information that a business has about them
(6) The right to limit the use and disclosure of sensitive personal information collected about them.
To exercise any of the rights described above, please or email us at it@ossvis.com
8. Contact Information for Exercising Privacy Rights
The Company has appointed a Data Protection Officer to oversee and protect personal data. As a user of our services, you have the right to exercise your rights regarding personal data, including the rights to provide information, access your data, make modifications, request deletion, or impose restrictions. If you have any questions about our privacy practices, please feel free to contact the Data Protection Department using the details provided below.
-
Privacy Officer
- Department: Hopeful Office Part
- Name : Kim Young-rock
- Phone Number: 82-31-428-9016
- Email: it@ossvis.com -
Data Protection Officer (DPO)
- Name: Alex Park
- Phone Number: 469-587-1414
- Email: alexpark@ossvis.com
9. Cross-border Transfer of Personal Information
We undertake the transfer of personal data to third countries strictly in accordance with the appropriate protective measures stipulated in this Privacy Policy. In this regard, South Korea is recognized as a country that has received an adequacy assessment approval. The Company may transfer users’ personal data to the third countries after obtaining explicit consent for transfer of personal data to third countries (Article 49 Paragraph 1 (a) of GDPR). Consequently, the personal data of users is afforded protection under the provisions of the South Korean Personal Information Protection Act.
| Data Processor (Recipient) |
Transfer Country | Transfer Method | Personal Data Being Transferred | Purpose of International Transfer | Period of Retention and Usage |
| GoDaddy it@huvitz.com |
South of Korea | Transmitted upon registration of inquiries via the website | Name, Contact Number, Email, Affiliation, Country, Mobile Number, Areas of Interest | Storing and Managing Collected Information | Upon deletion request and withdrawal |
|
Huvitz Layer7 it@ossvis.com |
South of Korea | Data backup on the Salesforce platform | Name, Contact Number, Email, Affiliation, Country, Mobile Number, Areas of Interest | Data Backup Management | Upon deletion request and withdrawal |
| Google General | USA | Transmission through the network at the time of service use | Timestamp. IP, time/date, language, click path | Collecting customer activity information, analyzing service use and behavior, collecting statistics | Until deletion request and withdrawal |
| Google Analytics | USA | Transmission through the network at the time of service use | Timestamp, IP, time/date, user device/user location tracking, visitor behavior | Collecting customer activity information, analyzing service use and behavior, collecting statistics | Until deletion request and withdrawal |
| Google Maps | USA | Transmission through the network at the time of service use | Timestamp, IP, time/date, user device/user location tracking, visitor behavior | Collecting customer activity information, analyzing service use and behavior, collecting statistics | Until deletion request and withdrawal |
| Google Tag Manager | USA | Transmission through the network at the time of service | Timestamp, IP, time/date, user device/user location tracking, visitor behavior | Collecting customer activity information, analyzing | Until deletion request and withdrawal |
| Google Ads | USA | Transmission through the network at the time of service | Timestamp, IP, time/date, user device/user location tracking, visitor behavior | Collecting customer activity information, analyzing | Until deletion request and withdrawal |
| Facebook (Meta) | USA | Transmission through the network at the time of service | Timestamp, IP, time/date, user device/user location tracking, visitor behavior | Collecting customer activity information, analyzing | Until deletion request and withdrawal |
| Consentmanagers | USA | Transmission through the network at the time of service | Timestamp, IP, time/date, user device/user location tracking, visitor behavior | CMP, Consent Management Platform, analyzing service use and behavior, collecting statistics | Until deletion request and withdrawal |
※ How to Refuse International Transfer.
If you wish to refuse the international transfer of personal information, you can do so by the methods specified in "8. Contact for Exercising Personal Information Protection Rights (it@ossvis.com)" of the Privacy Policy. However, in this case, the use of Ossvis services that involve the international transfer of personal information may be limited.
10. Protection of Personal Information
(1) Data Security
The Company is committed to taking reasonable and appropriate measures to ensure that your personal information is accurate, complete, up-to-date, secure, and reliable for its intended purposes. We have instituted both procedural and technical security measures designed to safeguard your personal information against loss, unauthorized access, disclosure, alteration, or destruction.
(2) Data Retention
The Company shall retain your personal information for a duration that is reasonably necessary to fulfill legitimate business purposes or as mandated by applicable law. The specific duration of personal data retention is detailed in our data retention policy. Consequently, when your personal information is no longer required, we will undertake the necessary actions to ensure its deletion.
(3) Data Transfer
Personal data may be transferred to service providers or systems located in countries that do not provide a level of data protection equivalent to that of your country. In such cases, the Company will ensure compliance with the cross-border data transfer and export control laws of the countries in which it operates.
When transferring personal data outside the European Union (“EU”) or the European Economic Area (“EEA”), we will adhere to the requirements governing such transfers. Additionally, in accordance with the California Consumer Privacy Act (CCPA), we will disclose the fact of such transfers to users and obtain their consent to ensure the protection of their rights.
(4) Policy on the Protection of Children’s Personal Information
Our website is designed for use by adults or businesses, and we do not knowingly collect personal information from children under the age of 13. The Company does not intentionally collect personal information from children and has no intention of doing so. If you believe that we may possess specific information about a child, please contact us at it@ossvis.com.
11. Links To Third Party Sites
This App and any Services may provide links to other websites on the Internet that are operated and maintained by third parties. These websites operate independently from The Company and are not under our control or responsibility. The existence of such links to other websites does not constitute an endorsement by The Company of those other websites, the content displayed therein, the programs, products, or services thereon, or the persons or entities associated therewith. When you visit any such third-party websites, you will exit our App and not be using the Services, and The Company accepts no responsibility or liability with respect to any such website or any other website that is not under our control. We encourage you to review the privacy policies and terms of use of those third-party websites. You accept sole responsibility for and assume all risk arising from your use of any such websites.
12. Revisions to the Privacy Policy
This Privacy Policy may be amended, supplemented, or modified in response to changes in laws, policies, or security technologies. Any such changes will be communicated to users via our website or through email notifications, and you agree to check the website regularly for updates. Such changes or modifications shall be effective immediately upon being posted on the website. Continuing to access and/or use the Services after we post a revised Privacy Policy constitutes your acceptance of those revisions and all terms of the then effective Privacy Policy.
INQUIRE