Privacy Policy

[Important] Notice of Privacy Policy Revision

To enhance user rights protection and comply with global regulations, our Privacy Policy will be revised as outlined below, effective July 21, 2025. You can review both the current policy and the upcoming revised policy.

  • Effective Date: July 21, 2025
  • Key Changes: Further specification of user rights (in accordance with GDPR/CCPA), clarification of the roles of third-party services, enhanced notification for cross-border data transfers, and more.

[Click here to jump to the new policy]

Current Privacy Policy

This policy is effective until July 20, 2025.

[Click to view the full text of the current policy]

Article 1 (General Provisions)

This Privacy Policy applies to all users who visit the website ‘nimfsoft.art’ (the “Site”), operated by Hodong Kim (the “Operator”).

Article 2 (Information We Collect and Purpose)

The Operator does not actively collect personal information from users. However, if you contact us via email, we may collect your email address and the content of your inquiry for the sole purpose of responding to you.

Article 3 (Collection of Behavioral Information via Cookies)

  1. The Operator allows third-party services (e.g., Monetag) that display advertisements on the Site to use cookies to provide optimized ads to users.
  2. Cookies collect behavioral information such as website visit history. Under regulations like the GDPR and CCPA, cookie identifiers may be considered personal data.
  3. You can refuse to store cookies by changing your web browser settings, though this may cause inconvenience when using some services. For users in jurisdictions requiring active consent, a cookie consent banner may be displayed.

Article 4 (Data Retention Period)

Personal information from email inquiries will be deleted without delay after the inquiry is resolved. However, in the event of a legal dispute or as required by applicable law, the relevant information may be retained until the dispute is fully resolved or for the period mandated by law.

Article 5 (Data Processing Consignment and Third-Party Provision)

  1. The Operator does not directly provide your personal information to third parties.

  2. The Site uses the following external services, which may process visitor information according to their own policies:

    • Hosting: GitLab Inc. (for website hosting and maintenance)
    • Advertising: Monetag (for serving personalized advertisements)

    Please review the privacy policies of these services for details on their data processing practices.

Article 6 (Rights of the Data Subject)

You have the right to inquire about your personal information and request its deletion at any time by contacting us. We will promptly process your request.

Article 7 (Protection of Minors)

The Site is not intended for children under the age of 16, and we do not knowingly collect personal information from children of that age.

Article 8 (Data Destruction)

Personal information in electronic format is deleted using technical methods that make the data unrecoverable.

Article 9 (Measures for Securing Safety of Personal Information)

The Operator takes the following measures to protect users’ personal information:

  1. Administrative Measures: Access to personal information is controlled by limiting it to the Operator themself to prevent unnecessary access.
  2. Technical Measures: Personal information is processed using a reliable, external email service with security features, and we comply with the security policies of that service.

Article 10 (Data Protection Officer)

  • Name: Hodong Kim
  • Email: hodong@nimfsoft.art

Article 11 (Policy Updates)

This Privacy Policy is always accessible at the footer of the Site. Any changes will be announced through a website notice.

  • Date of Announcement: July 9, 2025
  • Effective Date: July 9, 2025

Revised Privacy Policy

This policy will become effective on July 21, 2025.

Effective Date: July 21, 2025
Posted Date: July 11, 2025

Article 1: General Provisions and Scope of Application

This Privacy Policy applies to all data subjects (hereinafter “Users”) who visit and use the website ‘nimfsoft.art’ (hereinafter “Site”), operated by Hodong Kim (hereinafter “Operator”). The Operator complies with major international data protection regulations, including the Personal Information Protection Act (PIPA) of the Republic of Korea, the General Data Protection Regulation (GDPR) of the European Union, the Personal Information Protection Law (PIPL) of the People’s Republic of China, and the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA).

This Policy contains important information about how your personal data is collected, used, shared, and protected. Please read it carefully.

Article 2: Personal Data We Process, Purposes, and Legal Bases

The Operator processes the minimum amount of personal data necessary to provide services and enhance user convenience. The items, purposes, and legal bases for processing are as follows.

1. Information Processed Automatically for Essential Service Functions (Required)

  • Data Processed: Device information (IP address, browser type and version, operating system), service usage records (visit date and time, weblogs, referral paths).
  • Purpose of Processing: To ensure the proper operation and security of the website hosting (GitLab) and email (Daum Smart Work) systems, prevent fraudulent use, and respond to technical issues.
  • Legal Basis: Legitimate interests in operating the Site and providing services (GDPR Art. 6(1)(f)); necessary for the performance of a contract.
  • Data Processed: Cookies, advertising identifiers (ADID/IDFA), behavioral data (pages visited, time spent, etc.).
  • Purpose of Processing: To deliver personalized advertisements through a third-party advertising partner (Monetag) and to analyze visit frequency and service usage statistics.
  • Legal Basis: Your explicit prior consent (GDPR Art. 6(1)(a); PIPA Article 15).

3. Information You Provide Directly During Inquiries

  • Data Processed: Name (or nickname), email address, and the content of your inquiry.
  • Purpose of Processing: To receive, identify, and respond to user inquiries.
  • Legal Basis: Your consent and actions necessary to fulfill a contract for handling your inquiry.

Article 3: Processing of Cookies and Behavioral Data & User Control

  1. (Purpose of Cookies) This Site uses Cookies to provide seamless services and to deliver personalized advertising through our third-party ad service provider, Monetag. Cookies may contain behavioral information that does not directly identify you, such as your website visit history and search queries.

  2. (Clear and Freely Given Consent) Upon your first visit to the Site, you will be presented with a notification banner. Through this banner, you can freely choose to accept or reject the collection and use of non-essential cookies for advertising and analytics purposes, based on a clear understanding of their function. The Operator will not install or activate such cookies until you have taken the explicit action to “Accept.” Rejecting these cookies will not result in any disadvantage in using the basic functions of the Site.

  3. (Guaranteed Right to Withdraw and Reset Consent) You may withdraw your prior consent or change your preferences at any time through the ‘Cookie Settings’ menu located at the bottom of the Site. Withdrawing consent is designed to be as easy as giving it. Additionally, you can configure your web browser settings to block all cookies or to alert you when a cookie is being sent.

Article 4: Data Processing and Retention Period

The Operator processes and retains personal data for the period required by law or for the period to which the User consented at the time of collection.

  1. User Inquiry Information: Destroyed without delay after the purpose of collection and use has been achieved, such as upon completion of the response to an email inquiry.

  2. Automatically Collected Information:

    • Web Server Logs (IP address, etc.): Retained according to the internal policy of the hosting service provider (GitLab).
    • Advertising Cookies and Identifiers: Governed by the policy of the advertising service provider (Monetag). Collection ceases if you withdraw your consent or delete the cookies.

  3. Retention for Legal and Dispute Purposes: Notwithstanding the above, if it is necessary to preserve personal data in accordance with the provisions of applicable laws or in the event of a legal dispute, the Operator may retain the relevant personal data for the period specified by law or until the dispute is resolved.

Article 5: Sharing, Entrustment, and International Transfer of Personal Data

To ensure smooth service delivery and user convenience, the Operator entrusts the processing of personal data or provides it to third parties as described below. In this process, your data may be transferred outside your country of residence. The Operator ensures your data is protected in compliance with international data protection standards.

1. Entrustment of Personal Data Processing (Data Processing)

‘Entrustment of Processing’ means that the Operator engages external professional companies to handle personal data for service delivery purposes. These entrusted parties (Data Processors) only process personal data according to the Operator’s instructions and do not use it for their own independent purposes.

Processor Entrusted Task Data Processed Data Storage Location (Country)
GitLab Inc. Website hosting, server operation, data storage Article 2.1 (Essential Automatically Collected Data) United States and other GitLab server locations
Kakao Corp. Operation of nimfsoft.art domain email system Article 2.3 (User-Provided Inquiry Data) Republic of Korea

2. Provision and Sharing of Data with Third Parties

Only with your explicit prior consent, the Operator provides personal data to third parties or allows them to collect it directly for purposes such as providing partnered services like personalized advertising. In this case, the third party acts as a separate and independent Data Controller or a joint controller, processing the data for its own purposes.

Third Party Purpose of Provision Data Provided/Collected Data Processing Location (Country) Retention & Use Period
Monetag Personalized advertising, ad performance analysis Article 2.2 (Optional Automatically Collected Data: Cookies, ad identifiers, behavioral data, etc.) Cyprus and other Monetag server locations As per the third party’s privacy policy.

(※ If you withdraw your consent, further sharing of data through this Site will cease immediately. To exercise your rights, such as deleting data already provided, you must make a request directly to the third party according to their privacy policy.)

※ Under the CCPA/CPRA, the collection of behavioral data by Monetag for personalized advertising may constitute a “Sharing” of personal information. You can Opt-Out of this sharing at any time via the Cookie Settings.

3. International Data Transfers

a. Necessity and Scope of Transfer

For the smooth operation of this Site, your personal data may be transferred to and processed in countries other than the Republic of Korea (such as the United States, Cyprus, etc.) as specified in the tables above.

  • Website Hosting (GitLab): Transfer of data described in Article 2.1 is an essential measure for service provision.
  • Personalized Advertising (Monetag): Transfer of data described in Article 2.2 only occurs if you consent to advertising cookies.

b. Data Security Measures

To ensure your data is protected to a standard equivalent to that guaranteed by the laws of your country of residence, the Operator relies on trusted external services that adhere to international standards. This includes measures such as entering into Standard Contractual Clauses (SCCs) approved by the European Commission, regardless of the data protection level of the destination country.

c. Consent under National Regulations

  • For Residents of Mainland China: Your use of this website and consent to cookies is considered as providing the ‘separate consent’ for cross-border data transfer as required by the PIPL.
  • For All Users: If you do not wish for your data to be transferred internationally, you have the right to reject advertising cookies and to refrain from providing information directly, such as through email inquiries.

※ Please review the latest privacy policies of our partners at the links below:

Article 6: Rights and Obligations of Data Subjects and Their Legal Representatives

As a data subject, you may exercise the following rights. A legal representative may exercise all the rights of a data subject on behalf of a child under the age of 14.

  1. Right of Access: The right to request access to your personal data.
  2. Right to Rectification & Erasure: The right to request correction or deletion of your personal data.
  3. Right to Restriction of Processing: The right to request the suspension of the processing of your personal data.
  4. Right to Withdraw Consent: The right to withdraw your consent for the collection, use, and provision of personal data at any time.
  5. Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format (where GDPR applies).
  6. Rights Related to Automated Decision-Making: The right to object to automated decision-making and to demand an explanation.
  7. Right to Opt-Out of Sale/Sharing (CCPA/CPRA): For California residents, the collection and transmission of behavioral data for Monetag’s advertising services may constitute “Sharing” under the CCPA/CPRA. You can exercise your right to opt-out of this sharing through the ‘Cookie Settings’ menu. This Site does not knowingly sell or share the personal information of users under 16 years of age.
  8. Right to Non-Discrimination (CCPA/CPRA): California residents have the right not to receive discriminatory treatment from the Operator for exercising their privacy rights listed in this Article.
  9. Right to Lodge a Complaint: Users subject to the GDPR have the right to lodge a complaint regarding the processing of their personal data with a supervisory authority in their place of residence or work.

To exercise your rights, please contact the Data Protection Officer listed in Article 10 via email. We will take action without delay in accordance with applicable laws. We may request a process to verify your identity before proceeding with your request.

Article 7: Protection of Children’s Personal Data

This Site is not intended for children under the age of 16 (or the minimum age stipulated by law in the relevant jurisdiction), and we do not knowingly collect personal data from children of that age. If you become aware that a child’s personal data has been collected without valid consent from a legal representative, please contact us using the information in Article 10, and we will take the necessary steps to delete the information immediately.

Article 8: Procedure and Method of Personal Data Destruction

In principle, personal data is destroyed without delay once the purpose for its collection and use has been achieved. Personal data stored in electronic file format is deleted using a technical method that makes the record irreproducible. Data processed by third-party services is destroyed according to the policies of those services.

Article 9: Measures to Ensure the Security of Personal Data

The Operator implements the following technical, administrative, and physical measures to manage your personal data safely.

  1. Administrative Measures: Access to personal data is limited to the Operator. External processors are selected based on their security standards, and privacy-related matters are regularly reviewed.
  2. Technical Measures: Secure Sockets Layer (SSL) certification is applied across the entire Site to encrypt data in transit. We use hosting (GitLab) and external services (Monetag, Kakao) with verified security features and adhere to the security settings they provide.
  3. Physical Measures: The Operator’s personal devices (PC, mobile, etc.) used for data processing are protected with access control measures like passwords and screen locks to prevent unauthorized physical access. We also adhere to security measures such as avoiding the use of unsecured networks (Wi-Fi) externally.

Article 10: Data Protection Officer

For inquiries regarding the processing of personal data, handling complaints, and seeking relief for damages, please contact the Data Protection Officer below. The Operator is personally responsible for handling your concerns.

  • Data Protection Officer & Data Controller
  • Name: Hodong Kim
  • Title: Operator
  • Email: hodong@nimfsoft.art

Article 11: Remedies for Infringement of Rights

If your rights concerning personal data have been infringed, you may apply for dispute resolution or consultation. You have the right to file a complaint with the data protection supervisory authority in your jurisdiction.

Article 12: Posting and Amendment of the Privacy Policy

This Privacy Policy is always accessible at the bottom of the Site. Any additions, deletions, or corrections to this Policy resulting from changes in laws or policies will be announced through a website notice at least 7 days prior to the implementation of the changes.

  • Posted Date: July 11, 2025
  • Effective Date: July 21, 2025
  • [History of Privacy Policy Changes]
    • 2025-07-11: Revised to enhance compliance with global regulations.
    • 2025-07-09: First version established.