This privacy policy applies to internet-related services provided by individual business owner Chally (챌리) (hereinafter "Chally") through the application "Chally". In accordance with Article 30 of the "Personal Information Protection Act", we establish and disclose the following privacy policy to protect the personal information of data subjects and handle related grievances promptly and smoothly.
Effective from May 29, 2026
Article 1 (Purpose of Processing Personal Information)
Chally processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the "Personal Information Protection Act".
- Verification of registration and withdrawal intentions, member identification, and member management
- Storage and provision of challenges for each user
- Maintenance and improvement of operating systems to prevent illegal activities and violations of community guidelines
Article 2 (Processing and Retention Period of Personal Information)
Chally will continuously manage and store members' personal information in accordance with the privacy policy and related laws while providing services. When the purpose of collecting and using personal information is achieved, such as withdrawal, the collected personal information will be immediately destroyed.
Article 3 (Items of Personal Information Being Processed)
Chally processes the following personal information items:
Personal Information Collected During Registration
- Required items: Nickname
- Optional items: Email, Password, SNS Identification ID, Device identifier (Android SSAID / iOS Keychain UUID)
Note: Service usage records for service management purposes, such as service misuse records and log records (IP address, access time, device identifier), may be collected during the service use process.
Article 4 (Outsourcing of Personal Information Processing)
Chally outsources personal information processing tasks as follows for smooth personal information business processing:
- Commissioned Party (Processor): Amazon Web Services, Inc.
- Content of Commissioned Tasks: Service system provision, data management and storage
- Commission Period: Immediate destruction upon withdrawal
When concluding outsourcing contracts, Chally specifies matters such as prohibition of personal information processing outside the purpose of performing commissioned tasks, technical and administrative protection measures, restrictions on re-outsourcing, management and supervision of processors, and liability for damages in documents such as contracts in accordance with Article 26 of the "Personal Information Protection Act", and supervises whether the processor safely processes personal information.
If the content of commissioned tasks or the processor changes, we will promptly disclose it through this privacy policy.
Article 5 (Procedures and Methods for Destruction of Personal Information)
Chally destroys the relevant personal information without delay when it becomes unnecessary, such as the expiration of the personal information retention period or achievement of the processing purpose.
If personal information must continue to be preserved in accordance with other laws despite the expiration of the agreed retention period or achievement of the processing purpose, the personal information will be moved to a separate database (DB) or stored in a different location.
The procedures and methods for destroying personal information are as follows:
- Destruction procedure: Chally selects personal information for which destruction reasons have occurred and destroys it with the approval of Chally's personal information protection officer.
- Log records: Access logs (IP address, device identifier, access time) are retained for 3 months from the time of access in accordance with Article 41 of the Enforcement Decree of the Protection of Communications Secrets Act, after which they are automatically deleted.
Article 6 (Rights and Obligations of Data Subjects and Legal Representatives and Their Exercise)
Data subjects may exercise rights such as viewing, correcting, deleting, or suspending the processing of personal information against Chally at any time.
The exercise of rights under Paragraph 1 may be made to Chally in writing, email, fax, etc., in accordance with Article 41(1) of the Enforcement Decree of the "Personal Information Protection Act", and Chally will take action without delay.
The exercise of rights under Paragraph 1 may be done through a legal representative or delegate of the data subject. In this case, you must submit a power of attorney according to Form No. 11 of the "Notice on Personal Information Processing Methods (No. 2020-7)".
Requests for viewing and suspending the processing of personal information may be restricted by Article 35(4) and Article 37(2) of the "Personal Information Protection Act".
Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
Chally verifies whether the person requesting viewing, correction/deletion, or processing suspension is the subject themselves or a legitimate representative.
Article 7 (Measures to Ensure the Safety of Personal Information)
Chally takes the following measures to ensure the safety of personal information:
Restriction of access to personal information
- Taking necessary measures to control access to personal information by granting, changing, and revoking access rights to database systems that process personal information
- Controlling unauthorized access from outside using intrusion prevention system
Encryption of personal information
- Users' passwords are encrypted for storage and management, so only the user knows them
Article 8 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
Chally uses 'cookies' that store and periodically retrieve usage information to provide individualized customized services to users.
Cookies are small pieces of information sent by the server (http) operating the website to users' computer browsers and may be stored on users' PC hard drives.
- Purpose of using cookies: Used to provide optimized information to users by understanding visit and usage patterns, popular search terms, secure access status, etc.
- Installation, operation, and rejection of cookies: You can reject cookie storage through option settings in the Tools > Internet Options > Privacy menu at the top of your web browser.
- If you reject cookie storage, you may have difficulty using customized services.
Article 9 (Personal Information Protection Officer)
Chally has designated the following personal information protection officer to be responsible for overall personal information processing tasks and handle complaints and damage relief related to personal information processing:
Data subjects can inquire about all personal information protection-related matters, complaints, and damage relief that occur while using Chally's services (or business) to the personal information protection officer. Chally will respond to and handle inquiries from data subjects without delay.
Article 10 (Department Receiving and Processing Personal Information Access Requests)
Data subjects can request access to personal information under Article 35 of the "Personal Information Protection Act" from the following officer. Chally will strive to process personal information access requests from data subjects promptly.
Article 11 (Changes to Privacy Policy)
This privacy policy was revised on May 22, 2026 and takes effect from May 29, 2026.