Privacy Policy

INNIT Entertainment Co., Ltd. (hereinafter referred to as the “Company”) places utmost importance on the protection of the personal information of audition applicants (hereinafter referred to as “Applicants”) and their parents (hereinafter collectively referred to as “Applicants, etc.”) and strictly complies with the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.

Through this Privacy Policy, the Company provides detailed explanations regarding the purposes and methods of use of personal information submitted by Applicants, etc., as well as the measures being taken to protect such personal information. In the event of any amendments to this Privacy Policy, the Company will disclose such changes through website notice (or through individual notifications).

- This policy shall come into effect as of January 1, 2025.

1. Categories of Personal Information Collected

The Company, pursuant to Article 15(1)(1) and Article 23(1)(1) of the Personal Information Protection Act, collects the following categories of personal information with the consent of Applicants, etc.

- First Audition :

Name, audition category, profile photo, audition performance videos and audio recorded by the Company, videos/audio submitted by Applicants for the audition, personal information included in career history and self-introduction, gender, date of birth, mobile phone number, current residential address, email address, social media channels, and messenger IDs (if provided in the application form), height, weight, nationality, school name, enrollment status, service usage records, access logs, cookies, and access IP information (for online applications).

- Second Audition :

[Required] Name, audition category, gender, date of birth, mobile phone number, current residential address, email address, height, weight, nationality, school name, SNS addresses, and messenger IDs (if provided in the application form), additional health and notable conditions, and audition videos/audio/photos recorded by the Company.

[Optional] Special skills, related activities, awards, and audition experience.

2. Purpose of Collecting and Using Personal Information

The Company uses the collected personal information for the following purposes.

- To identify Applicants, evaluate and notify selection results, and provide announcements and promotional materials regarding INNIT audition updates (schedule and location).

- To use as reference during the Applicant evaluation process.

- To facilitate training-related tasks.

3. Retention and Usage Period of Personal Information

The personal information collected from applicants and other individuals by the Company will be retained for a period of three years from the submission date of the audition application, or will be promptly destroyed once the purpose for which the information was collected and used has been fulfilled. However, if applicable laws and regulations mandate the retention of personal information for a specified period even after the purpose of use has been completed, the Company will retain such information for the duration prescribed by those laws and regulations, as detailed below.

- Internet log records or access location tracking information of Applicants, etc.: 3 months (Article 15-2 of the Protection of Communications Secrets Act).

- Other data verifying communications facts: 12 months (Article 15-2 of the Protection of Communications Secrets Act).

4. Procedures and Methods of Destruction of Personal Information

As a general principle, the Company promptly destroys personal information once the purposes of its collection and use have been achieved. The information provided by Applicants, etc., for auditions will, once its intended purpose has been achieved, be transferred to a separate database (or stored in separate file storage for paper-based materials) and retained for a certain period in accordance with internal policies and applicable legal provisions regarding information protection (refer to the retention and usage period) before being destroyed. Personal information transferred to a separate database will not be used for purposes other than storage, except as required by law.

The procedures and methods for destruction are as follows:

- Destruction Procedure : The Company identifies personal information for which destruction criteria have been met and proceeds with its destruction [after obtaining approval from the Chief Privacy Officer].

- Destruction Method : Personal information stored in electronic file formats is deleted using technical methods that render any records irretrievable. Personal information in paper form is shredded with a shredder or incinerated.

5. Provision of Personal Information

As a rule, the Company does not disclose users’ personal information to external parties. However, exceptions may apply in the following circumstances.
- When Applicants, etc., have given prior consent.
- When required by provisions of laws and regulations.

At present, the Company does not share the personal information of Applicants, etc., with third parties. In the event that such disclosure becomes necessary, the Company will adhere to the lawful procedures outlined by applicable laws and regulations.

6. Rights of Applicants and Legal Representatives and Methods of Exercising Such Rights

- Applicants and their legal representatives may, at any time, exercise their right to request access to, correction of, deletion of, suspension of processing of, withdrawal of consent for, objection to automated decision-making, or clarification regarding their personal information.

- Such rights may be exercised with the Company by submitting a written request, email, facsimile (FAX), or other methods pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will promptly address the request without undue delay.

- The rights may also be exercised through a legal representative of the Applicant or an authorized agent of the applicant. In such cases, a power of attorney must be submitted using the prescribed Form No. 11 from the Guidelines on How Personal Information is Processed.

- The data subject’s right to request access to or suspension of processing of personal information may be restricted in accordance with Articles 35(4) and 37(2) of the Personal Information Protection Act.

- If the personal information is explicitly specified to be collected pursuant to other laws or regulations, a request for its deletion may not be made.

- The Company will verify the identity of the individual exercising these rights to ensure they are the data subject or a duly authorized representative.

7. Installation, Operation, and Refusal of Automated Personal Information Collection Devices

The Company utilizes “cookies” and other similar technologies to continuously collect and store information. A cookie is a small text file sent by a website’s server to your browser, which is then stored on your computer’s hard drive. The purpose of cookies is to facilitate the operation of the website. The Company employs cookies for the following purposes.

1) Purpose of Using Cookies and Similar Technologies

- To analyze the frequency of site access, track user visit patterns, identify preferences and interests, monitor user behavior, and deliver targeted marketing and personalized services based on participation levels in various events and visit counts.
You have the option to configure your browser settings regarding cookie installation. You can choose to accept all cookies, be prompted for confirmation each time a cookie is stored, or block the storage of all cookies by adjusting the relevant settings in your web browser.

2) How to Refuse Cookie Settings

- e.g.: To refuse the installation of cookies, you may adjust the settings of your web browser to allow all cookies, prompt for confirmation each time a cookie is saved, or block all cookies.

- How to change settings (for Internet Explorer): Go to Tools at the top of the web browser > Select Internet Options > Privacy tab

- Please note that if you refuse to install cookies, you may experience difficulties using our service.

8. Other Guidelines on the Processing of Personal Information

1) Security Measures for Protecting Personal Information

The company takes the following technical, administrative, and physical measures to ensure the security of applicants’ personal information and prevent its loss, theft, breach, alteration, or damage.

- Establishment and Implementation of Internal Management Plans

• The Company has established and is actively executing an internal management plan to ensure the safe processing of personal information.
• The Company monitors the implementation of personal information protection measures and the compliance of responsible personnel through a dedicated in-house privacy management team, promptly taking corrective actions when issues are identified.

- Installation and Operation of Access Control Devices

• The Company utilizes intrusion prevention systems to block unauthorized external access and employs all available technical measures to ensure system security.

- Measures to Prevent Tampering or Alteration of Access Records

• The Company retains and manages records of access to personal information processing systems, incorporating security features to prevent tampering or alteration of such access records.

- Encryption of Personal Information

• Applicants’ personal information is protected by passwords, and files and transmission data are encrypted or stored with file-locking features. Critical data is further protected through additional security measures.

- Measures Against Hacking and Other Security Threats

• The Company deploys antivirus programs to prevent damage from computer viruses. These antivirus programs are updated regularly, and immediate action is taken to address sudden virus outbreaks by applying available antivirus solutions to prevent breaches of personal information.
• The Company has adopted secure encryption algorithms and implements security mechanisms (SSL) to safely transmit personal information over networks.
• The Company ensures robust security measures by employing intrusion prevention systems and vulnerability analysis systems on each server to guard against hacking and other external intrusions.
• We store personal information and general data separately on different servers

- Minimization of Access and Training of Handling Staff

• The Company limits access to Applicants’ personal information to personnel directly engaged in marketing activities with Applicants, the privacy officer, managers, and other personnel whose duties necessitate access to such information.
• Regular internal or outsourced training is provided to personnel handling personal information to ensure proficiency in latest security technologies and compliance with privacy protection obligations.
• Upon hiring, all staff sign a security pledge to preemptively prevent data breaches, and internal procedures are in place to audit the implementation of privacy protection policies and employee compliance.
• When transitioning duties involving personal information, secure handover procedures are conducted, with clear accountability established for personal information incidents occurring during or after employment.
• Data centers and document storage rooms are designated as restricted access areas to ensure controlled entry.

2) Policy Against Unauthorized Collection of Email Addresses

The Company prohibits the unauthorized collection of email addresses through email harvesting programs or other technical devices. Individuals found in violation of this policy may be subject to penalties under the “Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.”

3) Transmission of Advertising Information

The Company does not transmit profit-oriented advertising information without obtaining prior consent from Applicants.

9. Privacy Officer and Personal Information Management Department

To protect customers' personal information and address privacy-related complaints, the Company has designated the following department and privacy officer.

- Personal Information Protection Department : Marketing Team
- Phone Number : 070-4116-6435
- Email : innit@innitent.com

- Privacy Officer: CEO Yoon Jae-ho

- Phone Number : 070-4116-6435

- Email : innit@innitent.com

Applicants may report any privacy-related complaints arising during the audition application process to the Personal Information Protection Officer or the designated department. The Company will provide prompt and satisfactory responses for all inquiries and reports filed by users.

For any concerns or reports related to personal information breaches, please contact the following organizations.

- Personal Information Dispute Mediation Committee: (dial without area code) 1833-6972 (www.kopico.go.kr)

- Personal Information Infringement Report Center: (dial without area code) 118 (privacy.kisa.or.kr)

- Supreme Prosecutors’ Office: (dial without area code) 1301 (www.spo.go.kr)

- National Police Agency: (dial without area code) 182 (ecrm.cyber.go.kr)

This Privacy Policy is effective as of January 1, 2025.