Privacy Policy
Effective Date: November 19, 2024
Fast Ads Manager, operated by Lusio Labs Co., Ltd, is committed to protecting your personal information and ensuring compliance with South Korea’s Personal Information Protection Act (PIPA), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, share, store, and protect your personal information, as well as your rights regarding your data.
1. Purpose of Collecting and Using Personal Information
We collect and use personal information for the following purposes:
Purpose
Category
Profile Image, Email, Name
None
Authentication
None
Payment through Lemon Squeezy
None
Campaign Management
Meta Business Account ID, Google Ads Account ID
None
Inquiry Handling
Name, Email
None
Email Address
None
2. Retention and Usage Periods for Personal Information
A. Retention Periods
South Korea (PIPA):
Fast Ads Manager complies with the following retention periods in accordance with Korean law:
Legal Basis
Records related to contracts or withdrawal
Act on the Consumer Protection in Electronic Commerce Transactions
Records of payments and supply of goods
Same as above
Records of consumer complaints or disputes
Records of Electronic Document Distribution via Certified Electronic Addresses
The Framework Act on Electronic Documents and Electronic Transactions
Protection of Communications Secrets Act
Additionally, Fast Ads Manager complies with the following laws governing information and communication service providers in Korea:
Act on Promotion of Information and Communications Network Utilization and Information Protection
Personal Information Protection Act
Protection of Communications Secrets Act
Telecommunications Business Act
European Union (GDPR):
Account Data: Retained until the user requests deletion or terminates their account.
Payment Data: Retained for 6 years to comply with EU tax and financial regulations.
Behavioral Data for Analytics: Retained for a maximum of 24 months unless users withdraw consent earlier.
California (CCPA):
Account Data: Retained until the user requests deletion.
Payment Data: Retained for 4 years to comply with California tax regulations.
Behavioral Data for Advertising: Retained for a maximum of 24 months unless opted out.
B. Data Disposal
Once the purpose of collecting and using personal information is achieved, the information is immediately destroyed unless required by law or with the user's consent.
Retention Period
Grounds for retention: Protection of Communications Secrets Act
Website visit logs, access information: 3 months
Grounds for retention: Act on Promotion of Information and Communications Network Utilization and Information Protection
Identity verification records: 6 months
Information Collected and Used in Accordance with Internal Company Policies
If a member withdraws, the information collected for service provision will be retained for 30 days from the withdrawal date for purposes such as resolving consumer complaints and disputes. After this period, the information will be deleted.
Records of fraudulent use will be retained for 30 days from the withdrawal date to prevent fraudulent registrations and usage. After this period, the records will be deleted.
Disposal Process Personal information for which the purpose of collection and use has been fulfilled will be promptly destroyed. However, if user consent has been obtained or if the personal information must be retained in accordance with relevant laws, the information will be securely stored in a separate database (DB) following internal policies and applicable regulations. Once the designated retention period ends, the information will be promptly destroyed. Personal information transferred to a separate DB will not be used for purposes exceeding the user's consent or beyond the scope allowed by law. The company will identify personal information subject to destruction and proceed with disposal upon approval from the Data Protection Officer (DPO) as outlined in Article 10.
Disposal Method Personal information in electronic file formats is deleted using technical methods to ensure it cannot be recovered, while printed personal information is destroyed by shredding.
Physical data: Shredding or incineration
Digital data: Secure deletion methods to ensure permanent erasure
3. Delegation of Personal Information Processing
Fast Ads Manager delegates personal information processing tasks to trusted third-party providers:
Contact
Google Firestore
Onesignal
Email and Notification Service
We ensure compliance with applicable laws and monitor these service providers regularly.
4. Cross-Border Data Transfers
Fast Ads Manager transfers personal information outside the user’s jurisdiction in compliance with applicable privacy laws:
Category
Processor & Country
Transfer Method
Retention Period
Onesignal (USA)
Transferred via network
Until account termination
User Data
Advertising Campaigns
Google (USA), Meta (USA)
Transferred via network
Same as above
User Data
Data storage and management
Google (USA)
Transferred via network
Same as above
Payment Information
Payment Processing
Lemon Squeezy (USA)
Transferred via network
Same as above
Legal Frameworks for Transfers:
GDPR: Transfers outside the EEA comply with Standard Contractual Clauses (SCCs) or adequacy decisions.
PIPA (South Korea): Transfers require explicit user consent, specifying the recipient country, purpose, and retention period.
CCPA: Transparency and user opt-out options ensure compliance with state laws.
5. User Rights and How to Exercise Them
We ensure compliance with applicable laws and monitor these service providers regularly.
Right
Access and Correction
Deletion and Suspension
Request deletion or restriction of personal data if no longer necessary.
Withdrawal of Consent
Withdraw consent for data processing at any time.
Contact: Submit requests via operation@lusiolabs.com.
6. Rights and Obligations of Users and Legal Guardians
South Korea (PIPA):
To collect, use, or share personal information of children under the age of 14 with third parties, consent from a legal guardian is required. The methods for obtaining consent include:
Sending consent requests and related documents to legal guardians via telephone, fax, or mail.
Receiving consent forms via email.
Providing consent request links (hyperlinks) on the website or other reasonable methods to notify the legal guardian.
Users or legal guardians of children under 14 may exercise the following rights:
Request for Access and Correction: Users can review their personal information through the "Settings" menu on the Fast Ads Manager service and submit access or correction requests.
Request for Deletion: By selecting "Service Withdrawal" within the "Profile" section of the "Settings" menu, users can delete their account and related personal information.
Request for Suspension: Users may request a suspension of personal information processing. The company promptly reviews and acts upon such requests.
Fast Ads Manager does not permit the use of its services by children under 14. If personal data of such users is identified, it will be deleted immediately.
For inquiries regarding these rights, contact operation@lusiolabs.com, and the company will respond promptly per applicable laws.
European Union (GDPR):
Under GDPR Article 8, processing personal data of children under 16 requires consent from a parent or legal guardian. Specific EU member states may adjust the consent age to 13.
Verification and Consent Methods:
Verify the user's age during service registration.
Obtain legal guardian consent through the following methods:
Sending consent requests via email or mail.
Receiving completed consent forms via email or other digital methods.
Verifying the identity and consent of legal guardians through phone calls or other appropriate methods.
Clear Information Provision All terms and privacy notifications are written in concise and easy-to-understand language to ensure that minors can accurately assess whether to provide their personal information.
Data Minimization: Only the minimum necessary personal information, such as name, age, and email, will be collected.
Request for Data Access, Modification, and Deletion Minors or their legal guardians have the following rights:
Access to Personal Information: Personal information can be accessed through the "Settings" menu.
Request for Modification or Deletion: Upon receiving a request for the modification or deletion of personal data, the company will review and promptly process the request.
Request to Cease Data Processing: Legal guardians may request the cessation of personal data processing at any time, and the company will address the request without delay.
Additional Safeguards
In compliance with GDPR Article 5(1)(f), minors' personal data is safeguarded with additional security measures.
Data is stored in an encrypted format, with access restricted to authorized personnel only.
Data Deletion and Processing Review
When a minor reaches the age of 16, previously granted consent will be reviewed, and new consent will be requested if necessary.
If improper collection or processing of minor data is identified, the company will immediately delete the data and take legal measures.
Fast Ads Manager does not permit the use of its services by children under the age of 13. If data from users in this age group is discovered, it will be deleted immediately.
California (CCPA):
Under CCPA, collecting, using, or selling personal information of children under 13 requires consent from a parent or legal guardian. Children aged 13 to 16 may provide their consent directly.
Consent Requirement: To collect, use, or share personal information of children under the age of 13, parental or legal guardian consent must be obtained. Users aged between 13 and 16 may provide consent for data processing on their own.
Opt-Out Rights: Children under 16 or their parents/legal guardians may request the opt-out of data sales or sharing.
Deletion Requests: Parents or legal guardians can request the deletion of their child’s personal information, and such requests will be processed immediately upon receipt.
Fast Ads Manager does not permit service use by children under the age of 13. If data belonging to users within this age group is discovered, it will be promptly deleted.
7. Collection, Use, and Rejection of Behavioral Information
Category
South Korea (PIPA)
California (CCPA)
Collected Items
IP address, browsing history, Cookies, visit logs, activity logs, search history
IP address, browsing history, Cookies, visit logs, activity logs, search history
IP address, browsing history, Cookies, visit logs, activity logs, search history
Google Analytics, Onesignal
Google Analytics, Onesignal
Google Analytics, Onesignal
Usage Purposes
Improving User Experience, Analyzing Service Usage Patterns, Providing Personalized Services and Tailored Advertising, Developing New Services, Enhancing Quality and Statistical Analysis, Responding to User Requests
Improving User Experience, Analyzing Service Usage Patterns, Providing Personalized Services and Tailored Advertising, Developing New Services, Enhancing Quality and Statistical Analysis, Responding to User Requests
Improving User Experience, Analyzing Service Usage Patterns, Providing Personalized Services and Tailored Advertising, Developing New Services, Enhancing Quality and Statistical Analysis, Responding to User Requests
Retention Period
Data retained for one year before deletion
Data retained for the duration of use or upon user request
Data deleted upon user request or retained for one year
Special Notes
Fast Ads Manager does not collect or use behavioral data of users under 14
- Does not collect sensitive information such as health data
- Fast Ads Manager does not collect or use behavioral data of users under 13
Fast Ads Manager does not collect or use behavioral data of users under 13
Rejection and Inquiry
- Manage cookies via settings menu.
- For inquiries: operation@lusiolabs.com
- Use cookie settings or opt-out options to withdraw consent.
- For inquiries: operation@lusiolabs.com
- Use cookie settings or opt-out options to withdraw consent.
- For inquiries: operation@lusiolabs.com
8. Automated Collection Devices and Rejection Methods
Category
Details Purpose of Cookies
Control Options
Users can block or delete cookies through browser settings
Tools Used
Google Analytics and other tools for real-time optimization
Limitations
Rejection of cookies may limit certain customized services
For more details, refer to our Cookie Policy.
9. Remedies for Infringement of Rights
South Korea (PIPA):
For privacy-related violations, users can contact:
KISA Personal Information Infringement Report Center: 118, privacy.kisa.or.kr
Personal Information Dispute Mediation Committee: 1833-6972, kopico.go.kr
Supreme Prosecutors’ Office Cybercrime Unit: 1301, spo.go.kr
National Police Agency Cyber Bureau: 182, cyber.go.kr
European Union (GDPR):
Users may file complaints with their local Data Protection Authority (DPA).
California (CCPA):
California Attorney General’s Office: (800) 952-5225, oag.ca.gov/privacy/ccpa
10. Personal Information Protection Officer (DPO)
We have designated a Data Protection Officer (DPO) to oversee compliance:
Name: Doohaeng Lee
Email: operation@lusiolabs.com
11. Duty to Notify
The company will notify users in the event of changes to the Privacy Policy or significant matters related to personal data through the following procedures:
General Changes
Users will be informed of the changes at least 7 days prior to implementation through announcements or emails.
Changes with Significant Impact on User Rights
Notices will be provided at least 30 days in advance, and user consent may be requested again if necessary.
Legal Obligations for Notification
GDPR (European Union): In the event of a data breach, users will be notified within 72 hours of the incident.
CCPA (California): For data breaches or significant changes to personal information, notifications will be provided at least 7 days in advance.
Emergency Situations
In case of emergencies such as data breaches, users will be notified immediately in compliance with applicable laws, and appropriate measures will be taken.
12. Security Measures
We implement robust security measures, including:
Encryption: Applied during data transmission and storage.
Access Control: Restricted to authorized personnel.
Contact Information
For questions about this Privacy Policy, please contact:
Company: Lusio Labs Co., Ltd
Email: operation@lusiolabs.com
