Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Privacy Policy
Virtual Petals – Enabling your cloud journey
In this Privacy Policy (“Policy”), VIRTUAL PETALS IT SOLUTIONS & CONSULTANCY – SOLE PROPRIETORSHIP L.L.C is referred to as “Virtual Petals”, “we” or “us” (and the term “our” shall be interpreted accordingly).

We have adopted this Policy to safeguard the personal information (“Personal Data”) of the users of our website (“User” and as further defined below), to protect their rights and interests and to address User complaints related to Personal Data in accordance with Applicable Law.

Definitions
“Applicable Law” means the laws of any jurisdiction which may apply to the processing of a User’s Personal Data and any other regulations, governmental or regulatory policies, conditions of regulatory approval, authorizations, licences or codes which from time to time apply to our processing of such Personal Data in the performance or provision of our services.

“Personal Data” means any information/data about an individual User from which that person can be identified, including; identity data, contact data, financial data, transaction data, technical data, profile data, usage data and marketing and communications data (as defined below). (It does not include data where a User’s identity has been removed (anonymous data).

Table of Contents
Definitions
Purpose of Personal Data Processing (“Purpose”)
Handling and Retention Period of Collected Personal Data
Consignment of Personal Data Processing
Rights and Obligations of Data Subject and its Exercise Method
Virtual Petals collection of Personal Data and Cookie use
Personal Data Destruction
Measures to Ensure the Safety of Personal Data
Chief Privacy Officer
Change of Privacy Policy and Users’ duty to inform Virtual Petals of changes
User Legal Rights
Amendments
History of Amendment
Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from a User and other details of products and services a User has purchased from us.
Technical Data includes internet protocol (IP) address, User login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices a User may use to access a Virtual Petals website.
Profile Data includes usernames and passwords, purchases or orders placed, interests, preferences, feedback and survey responses.
Usage Data includes information about how a User accesses or uses our website, products and services
Marketing and Communications Data includes preferences in receiving marketing from us and our third parties and User communication preferences.
User includes any person accessing our websites as a designated user on behalf of a customer of Virtual Petals which shall include an End User permitted to access the websites in accordance with the terms of use under any Virtual Petals service agreement (including the “OpsNow Service”).
End User means any individual or entity that: (a) accesses or uses a User’s content; or (b) accesses or uses the “OpsNow Service” site under a User’s account.

Purpose of Personal Data Processing (“Purpose”)
We handle and collect (‘process’) Personal Data of a User (being a “Data Subject”) for the lawful Purpose(s) set out below. The processed Personal Data will not be used for any reason other than the Purpose(s) and prior consent will be obtained in the event of any proposed change(s) to the Purpose.

We will only process a User’s Personal Data when the Applicable Law allows us to. Most commonly, we will use Personal Data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into.
Where it is necessary for our legitimate interests (or those of a third party) and a User’s interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
We have set out below, in a table format, a description of all the ways we may use a User’s Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process personal data for more than one lawful ground depending on the specific purpose for which we are using the data.

Purpose/Activity
Type of data
Lawful basis for processing including basis of legitimate interest
To register a User as a new customer (a) Identity
(b) Contact Performance of our contract with a User
To process and deliver an order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us (a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications (a) Performance of a contract with a User
(b) Necessary for our legitimate interests
(to recover debts due to us)
To manage our relationship with a User which will include:
(a) Notification(s) about changes to our terms or privacy policy
(b) Asking a User to leave a review or take a survey (a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications (a) Performance of a contract with a User
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content to Users and measure or understand the effectiveness of the content provided (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical
(b) Usage Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to Users about goods or services that may be of interest (a) Identity
(b) Contact (c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications Necessary for our legitimate interests (to develop our products/services and grow our business)
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from Personal Data but is not considered ‘personal data’ as a matter of law as this data will not directly or indirectly reveal a User’s identity. For example, the Company may aggregate Usage Data to calculate the percentage/number of Users accessing a specific website feature.

We do not collect any Special Categories of Personal Data about Users (this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Handling and Retention Period of Collected Personal Data
We shall process and retain Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain such data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation or a dispute in connection with our relationship with a User.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of Personal Data, the purposes for which we process such data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements (including any prescribed retention periods within the jurisdiction where such data is processed).

We shall retain the Personal Data provided by Users as long as they use our services. However, subject to any continuing legal or regulatory obligations (above) to retain Personal Data, we shall destroy Users’ Personal Data from our systems when a User wishes to unregister or is disqualified and, therefore, subject to deregistration according to our prevailing “Terms and Conditions of Business” from time to time in force.

If the retention of any Personal Data is required under Applicable Law, the Company will retain the information for a such period (“Retention Period”) as required or permitted in compliance with such Applicable Law, notwithstanding any request by a User to delete or destroy such data.

Consignment of Personal Data Processing
Save as specified below, we do not provide, share or otherwise or disclose any of the collected Personal Data to third parties including for-profit and non-profit enterprises; however, it may disclose Personal Data to a specified third party after obtaining prior consent from a User by letter, email, phone, or the website. We may provide Personal Data without prior consent of a User to relevant third parties if it is legally required to do so (including, but not limited to, the purpose of settling legal dispute(s) between users or between the relevant User and us).

We consign the following work involving data handling to the following overseas partners (“Outsourcing Company”).

Outsourcing company
Outsourced Work
Relocating Country
NICE Information Service Inc. User authentication Republic of Korea
ZENDESK Managing customer inquiries and information United States
LG U Inc. Electronic payment Republic of Korea
HYOSUNG FMS INC. Electronic payment Republic of Korea
Koryo Credit Information Co.Ltd Credit collection Republic of Korea
In accordance with Applicable Law, upon entering into a relevant consignment agreement, we shall specify matters such as the limits of the authority of the Outsourcing Company, prohibition against processing of Personal Data for purposes other than the consigned work, technical and managerial protection measures, restriction of re-consignment, management and supervision of Outsourcing Company, and liability including damages in contract documents, etc. We supervise the manner in which the Outsourcing Company handles Personal Data securely and consistently with the standards which Virtual Petals adopts within this Policy.

Third-party links
The Virtual Petals website (including subsites relating to its services) may include links to third-party websites, plug-ins and applications. Users clicking on those links or enabling those connections may allow third parties to collect or share a User’s data. We do not control these third-party websites and are not responsible for their privacy statements or policies. When a User leaves a Virtual Petals website, it is strongly advised to read the privacy policy of every website then accessed.

Rights and Obligations of Data Subject and its Exercise Method
A User may exercise the following rights as a Data Subject with us at any time:

(1) Access to Personal Data;
(2) Request for correction if there is an error;
(3) Request for deletion;
(4) Request for suspension of processing.

The exercise of the rights pursuant to Paragraph 1 above may be made to Virtual Petals in writing, email (personally or via a duly authorised, delegated legal representative or agent of the Data Subject) and we shall take such actions as are required without delay and in any event in accordance with Applicable Law.

If a User requests correction or deletion of an error in his/her Personal Data, we will not use or otherwise process the data until the correction or deletion is completed.

Virtual Petals collection of Personal Data and Cookie use
We collect Personal Data when:

Users, who have agreed to the “Terms and Conditions”, complete the required fields upon registration (note: “Users” of Virtual Petals services are required to insert information about (for example) email, name, and (where relevant) company upon registration).
Users provide name and email information mandatorily in order to use a ‘Contact Us’ service.
Users provide the name, company name, department name, and email information to use a Virtual Petals service, and we optionally collect account transfer information and credit card information to process payment of service usage fee. Such Personal Data will include the required provision of name, email, mobile phone number, phone number, address, and zip code. Such collected Personal Data will not be used for any other purpose than for provision of relevant services or pre-set purposes.
We utilize cookies that store and retrieve User information. Cookies are a small piece of information transferred to a User’s browser by websites. Cookies do not distinguish a User’s computer or the end user customer individually. Furthermore, Users have options on cookies. Users may allow all cookies by changing the settings of the web browser, set cookie alerts whenever installed, or refuse all cookies. Users may set their browser to refuse all or some browser cookies, or to alert Users when the Virtual Petals website(s) set or access cookies. If a User disables or refuses cookies, please note that some parts of the Virtual Petals website(s) may become inaccessible or not function properly.

Personal Data Destruction
Virtual Petals, in principle, immediately destroys the data after the Purpose of processing has been achieved (subject to obligations of retention under Applicable Law). The procedures, period, and methods of destruction are as follows:

Destruction procedure: After the Purpose has been accomplished, the Personal Data entered by the User is transferred to a separate database (in the case of paper, separate documents), and destroyed after being stored for a certain period of time or immediately in accordance with the internal policy and Applicable Laws. Personal Data transferred to the database will not be used for any other purposes unless otherwise required by Applicable Laws.
Destruction: Upon expiry of a relevant Retention Period, the User’s Personal Data shall be destroyed within five (5) days from the end of the Retention Period. In case the retention of the Personal Data becomes unnecessary, such as after the achievement of the Purpose, the revocation of the service or the termination of the business, the Personal Data shall be destroyed within five (5) days from the day when it is recognized as unnecessary to continue to process such data.
Destruction method: Personal Data in electronic files is deleted using technical methods that prevent it from being regenerated. Personal Information printed on paper is shredded by a shredder or destroyed by incineration.
Measures to Ensure the Safety of Personal Data
We carry out the following technical, managerial, and physical measures to ensure safety.

Performance of regular self-audits
We regularly conduct self-audits to ensure the secure processing of Personal Data.
Minimization and training of employees that handle Personal Data
We implement measures to manage Personal Data by limiting and designating employees that handle Personal Data only to the extent necessary.
Establishment and implementation of an internal management plan
We have established and implemented an internal management plan for the secure handling of Personal Data.
Technical measures against hacking, etc.
We operate a security program, which is subject to regular updates and maintenance, in an external-access-controlled-area, technically and physically monitored to prevent leakage and damage of Personal Data by external sources (e.g. hacking, malware, computer virus, etc.)
Encryption of Personal Data
The Personal Data of the User and passwords are stored and managed after encryption, such that they are only known to the User. Separate security features such as the file and transmission data encryption or use of file lock function may be used for some data.
Retention and prevention of forgery and alternation of access logs
We maintain the logs of access to the Personal Data processing system for at least one year with a security function to prevent forgery, alteration, theft and loss of access logs.
Restriction on access to Personal Data
We take necessary measures to control access to Personal Data through granting, modifying, and deleting access rights to the database system that handles Personal Data. We also control unauthorized external access by using a firewall system.
Use of locks for document security
Documents and supplementary storage media containing Personal Data are kept in a safe place with a lock subject to access control procedures.
Chief Privacy Officer
We have designated the Chief Privacy Officer below to take responsibility for all matters related to the processing of Personal Data including complaints by Data Subjects related to such processing and related remedies.

Chief Privacy Officer
Name Jongho KangPrivacy Policy
Virtual Petals – Enabling your cloud journey
In this Privacy Policy (“Policy”), Virtual Petals MEA FZCO (a subsidiary of Virtual Petals Inc.) is referred to as “Virtual Petals”, “we” or “us” (and the term “our” shall be interpreted accordingly).

We have adopted this Policy to safeguard the personal information (“Personal Data”) of the users of our website (“User” and as further defined below), to protect their rights and interests and to address User complaints related to Personal Data in accordance with Applicable Law.

Definitions
“Applicable Law” means the laws of any jurisdiction which may apply to the processing of a User’s Personal Data and any other regulations, governmental or regulatory policies, conditions of regulatory approval, authorizations, licences or codes which from time to time apply to our processing of such Personal Data in the performance or provision of our services.

“Personal Data” means any information/data about an individual User from which that person can be identified, including; identity data, contact data, financial data, transaction data, technical data, profile data, usage data and marketing and communications data (as defined below). (It does not include data where a User’s identity has been removed (anonymous data).

Table of Contents
Definitions
Purpose of Personal Data Processing (“Purpose”)
Handling and Retention Period of Collected Personal Data
Consignment of Personal Data Processing
Rights and Obligations of Data Subject and its Exercise Method
Virtual Petals collection of Personal Data and Cookie use
Personal Data Destruction
Measures to Ensure the Safety of Personal Data
Chief Privacy Officer
Change of Privacy Policy and Users’ duty to inform Virtual Petals of changes
User Legal Rights
Amendments
History of Amendment
Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from a User and other details of products and services a User has purchased from us.
Technical Data includes internet protocol (IP) address, User login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices a User may use to access a Virtual Petals website.
Profile Data includes usernames and passwords, purchases or orders placed, interests, preferences, feedback and survey responses.
Usage Data includes information about how a User accesses or uses our website, products and services
Marketing and Communications Data includes preferences in receiving marketing from us and our third parties and User communication preferences.
User includes any person accessing our websites as a designated user on behalf of a customer of Virtual Petals which shall include an End User permitted to access the websites in accordance with the terms of use under any Virtual Petals service agreement (including the “OpsNow Service”).
End User means any individual or entity that: (a) accesses or uses a User’s content; or (b) accesses or uses the “OpsNow Service” site under a User’s account.

Purpose of Personal Data Processing (“Purpose”)
We handle and collect (‘process’) Personal Data of a User (being a “Data Subject”) for the lawful Purpose(s) set out below. The processed Personal Data will not be used for any reason other than the Purpose(s) and prior consent will be obtained in the event of any proposed change(s) to the Purpose.

We will only process a User’s Personal Data when the Applicable Law allows us to. Most commonly, we will use Personal Data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into.
Where it is necessary for our legitimate interests (or those of a third party) and a User’s interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
We have set out below, in a table format, a description of all the ways we may use a User’s Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process personal data for more than one lawful ground depending on the specific purpose for which we are using the data.

Purpose/Activity
Type of data
Lawful basis for processing including basis of legitimate interest
To register a User as a new customer (a) Identity
(b) Contact Performance of our contract with a User
To process and deliver an order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us (a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications (a) Performance of a contract with a User
(b) Necessary for our legitimate interests
(to recover debts due to us)
To manage our relationship with a User which will include:
(a) Notification(s) about changes to our terms or privacy policy
(b) Asking a User to leave a review or take a survey (a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications (a) Performance of a contract with a User
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content to Users and measure or understand the effectiveness of the content provided (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical
(b) Usage Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to Users about goods or services that may be of interest (a) Identity
(b) Contact (c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications Necessary for our legitimate interests (to develop our products/services and grow our business)
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from Personal Data but is not considered ‘personal data’ as a matter of law as this data will not directly or indirectly reveal a User’s identity. For example, the Company may aggregate Usage Data to calculate the percentage/number of Users accessing a specific website feature.

We do not collect any Special Categories of Personal Data about Users (this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Handling and Retention Period of Collected Personal Data
We shall process and retain Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain such data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation or a dispute in connection with our relationship with a User.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of Personal Data, the purposes for which we process such data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements (including any prescribed retention periods within the jurisdiction where such data is processed).

We shall retain the Personal Data provided by Users as long as they use our services. However, subject to any continuing legal or regulatory obligations (above) to retain Personal Data, we shall destroy Users’ Personal Data from our systems when a User wishes to unregister or is disqualified and, therefore, subject to deregistration according to our prevailing “Terms and Conditions of Business” from time to time in force.

If the retention of any Personal Data is required under Applicable Law, the Company will retain the information for a such period (“Retention Period”) as required or permitted in compliance with such Applicable Law, notwithstanding any request by a User to delete or destroy such data.

Consignment of Personal Data Processing
Save as specified below, we do not provide, share or otherwise or disclose any of the collected Personal Data to third parties including for-profit and non-profit enterprises; however, it may disclose Personal Data to a specified third party after obtaining prior consent from a User by letter, email, phone, or the website. We may provide Personal Data without prior consent of a User to relevant third parties if it is legally required to do so (including, but not limited to, the purpose of settling legal dispute(s) between users or between the relevant User and us).

We consign the following work involving data handling to the following overseas partners (“Outsourcing Company”).

Outsourcing company
Outsourced Work
Relocating Country
NICE Information Service Inc. User authentication Republic of Korea
ZENDESK Managing customer inquiries and information United States
LG U Inc. Electronic payment Republic of Korea
HYOSUNG FMS INC. Electronic payment Republic of Korea
Koryo Credit Information Co.Ltd Credit collection Republic of Korea
In accordance with Applicable Law, upon entering into a relevant consignment agreement, we shall specify matters such as the limits of the authority of the Outsourcing Company, prohibition against processing of Personal Data for purposes other than the consigned work, technical and managerial protection measures, restriction of re-consignment, management and supervision of Outsourcing Company, and liability including damages in contract documents, etc. We supervise the manner in which the Outsourcing Company handles Personal Data securely and consistently with the standards which Virtual Petals adopts within this Policy.

Third-party links
The Virtual Petals website (including subsites relating to its services) may include links to third-party websites, plug-ins and applications. Users clicking on those links or enabling those connections may allow third parties to collect or share a User’s data. We do not control these third-party websites and are not responsible for their privacy statements or policies. When a User leaves a Virtual Petals website, it is strongly advised to read the privacy policy of every website then accessed.

Rights and Obligations of Data Subject and its Exercise Method
A User may exercise the following rights as a Data Subject with us at any time:

(1) Access to Personal Data;
(2) Request for correction if there is an error;
(3) Request for deletion;
(4) Request for suspension of processing.

The exercise of the rights pursuant to Paragraph 1 above may be made to Virtual Petals in writing, email (personally or via a duly authorised, delegated legal representative or agent of the Data Subject) and we shall take such actions as are required without delay and in any event in accordance with Applicable Law.

If a User requests correction or deletion of an error in his/her Personal Data, we will not use or otherwise process the data until the correction or deletion is completed.

Virtual Petals collection of Personal Data and Cookie use
We collect Personal Data when:

Users, who have agreed to the “Terms and Conditions”, complete the required fields upon registration (note: “Users” of Virtual Petals services are required to insert information about (for example) email, name, and (where relevant) company upon registration).
Users provide name and email information mandatorily in order to use a ‘Contact Us’ service.
Users provide the name, company name, department name, and email information to use a Virtual Petals service, and we optionally collect account transfer information and credit card information to process payment of service usage fee. Such Personal Data will include the required provision of name, email, mobile phone number, phone number, address, and zip code. Such collected Personal Data will not be used for any other purpose than for provision of relevant services or pre-set purposes.
We utilize cookies that store and retrieve User information. Cookies are a small piece of information transferred to a User’s browser by websites. Cookies do not distinguish a User’s computer or the end user customer individually. Furthermore, Users have options on cookies. Users may allow all cookies by changing the settings of the web browser, set cookie alerts whenever installed, or refuse all cookies. Users may set their browser to refuse all or some browser cookies, or to alert Users when the Virtual Petals website(s) set or access cookies. If a User disables or refuses cookies, please note that some parts of the Virtual Petals website(s) may become inaccessible or not function properly.

Personal Data Destruction
Virtual Petals, in principle, immediately destroys the data after the Purpose of processing has been achieved (subject to obligations of retention under Applicable Law). The procedures, period, and methods of destruction are as follows:

Destruction procedure: After the Purpose has been accomplished, the Personal Data entered by the User is transferred to a separate database (in the case of paper, separate documents), and destroyed after being stored for a certain period of time or immediately in accordance with the internal policy and Applicable Laws. Personal Data transferred to the database will not be used for any other purposes unless otherwise required by Applicable Laws.
Destruction: Upon expiry of a relevant Retention Period, the User’s Personal Data shall be destroyed within five (5) days from the end of the Retention Period. In case the retention of the Personal Data becomes unnecessary, such as after the achievement of the Purpose, the revocation of the service or the termination of the business, the Personal Data shall be destroyed within five (5) days from the day when it is recognized as unnecessary to continue to process such data.
Destruction method: Personal Data in electronic files is deleted using technical methods that prevent it from being regenerated. Personal Information printed on paper is shredded by a shredder or destroyed by incineration.
Measures to Ensure the Safety of Personal Data
We carry out the following technical, managerial, and physical measures to ensure safety.

Performance of regular self-audits
We regularly conduct self-audits to ensure the secure processing of Personal Data.
Minimization and training of employees that handle Personal Data
We implement measures to manage Personal Data by limiting and designating employees that handle Personal Data only to the extent necessary.
Establishment and implementation of an internal management plan
We have established and implemented an internal management plan for the secure handling of Personal Data.
Technical measures against hacking, etc.
We operate a security program, which is subject to regular updates and maintenance, in an external-access-controlled-area, technically and physically monitored to prevent leakage and damage of Personal Data by external sources (e.g. hacking, malware, computer virus, etc.)
Encryption of Personal Data
The Personal Data of the User and passwords are stored and managed after encryption, such that they are only known to the User. Separate security features such as the file and transmission data encryption or use of file lock function may be used for some data.
Retention and prevention of forgery and alternation of access logs
We maintain the logs of access to the Personal Data processing system for at least one year with a security function to prevent forgery, alteration, theft and loss of access logs.
Restriction on access to Personal Data
We take necessary measures to control access to Personal Data through granting, modifying, and deleting access rights to the database system that handles Personal Data. We also control unauthorized external access by using a firewall system.
Use of locks for document security
Documents and supplementary storage media containing Personal Data are kept in a safe place with a lock subject to access control procedures.
Chief Privacy Officer
We have designated the Chief Privacy Officer below to take responsibility for all matters related to the processing of Personal Data including complaints by Data Subjects related to such processing and related remedies.

Chief Privacy Officer
Email info@virtualpetals.com
▶ Privacy Protection Department
Email info@virtualpetals.com
※ Users will be connected to the Personal Information department.
Users may contact the Chief Privacy Officer regarding any data privacy inquiries, complaints handling, damages remedies, etc. arising from the use of Virtual Petals services.

Change of Privacy Policy and Users’ duty to inform Virtual Petals of changes
The Company will inform Users promptly of any addition, deletion, or amendment made to this Privacy Policy in accordance with Applicable Law by posting a “notification” at least 7 days prior to the implementation of the changes.
It is important that the Personal Data which the Company holds about each individual User is accurate and current. Users are responsible for keeping the Company informed of any changes to their personal data during their period of membership.

This Privacy Policy is kept under regular review. [This version was last updated on [2022/03/08].

User Legal Rights
Users have the right to:

Request access to their Personal Data (i.e. to receive a copy of the Personal Data the Company holds about the User and to check that it is being lawfully processed).
Request correction of the Personal Data we hold (i.e. to have any incomplete or inaccurate data corrected, subject to verification of the accuracy of the new data provided).
Request erasure of Personal Data we hold (i.e. to request the deletion or removal of such data where there is no good reason for Virtual Petals continuing to process it). Note, however, that it may not always be possible to comply with a request of erasure for specific legal reasons (which will be notified, if applicable, at the time of the request).
Object to processing of Personal Data where we rely on a legitimate interest (or those of a third party) and the User objects to such processing on the ground that it impacts upon the User’s fundamental rights and freedoms. Users also have the right to object to the processing of Personal Data for direct marketing purposes. In some cases, there may be compelling legitimate grounds to process Personal Data which override a User’s rights and freedoms.
Request restriction of processing of Personal Data. This enables a User to request the suspension of processing of data in the following scenarios:
If the User wants us to establish the data’s accuracy.
Where use of the data is unlawful, but the User does not want us to erase it.
Where a User needs us to preserve the data even if it is no longer required for the provision of services related to the User’s membership but the User requires the data to establish, exercise or defend legal claims.
Where the User has objected to use of data but requires us to demonstrate overriding legitimate ground(s) to use it.
A User may withdraw consent at any time where we rely upon consent to process Personal Data. However, this will not affect the lawfulness of any processing carried out before the withdrawal of consent. In the event of withdrawal of consent, Virtual Petals may not be able to provide certain products or services to such User and will advise if this is the case at the time of withdrawal of consent.

Amendments
Any amendments to the Policy will be published via our notice board on the website (or at our discretion, individually to each User).

History of Amendment
This policy will be effective from January, 2023.

※ Users will be connected to the Personal Information department.
Users may contact the Chief Privacy Officer regarding any data privacy inquiries, complaints handling, damages remedies, etc. arising from the use of Virtual Petals services.

Change of Privacy Policy and Users’ duty to inform Virtual Petals of changes
The Company will inform Users promptly of any addition, deletion, or amendment made to this Privacy Policy in accordance with Applicable Law by posting a “notification” at least 7 days prior to the implementation of the changes.
It is important that the Personal Data which the Company holds about each individual User is accurate and current. Users are responsible for keeping the Company informed of any changes to their personal data during their period of membership.

This Privacy Policy is kept under regular review. [This version was last updated on [2022/03/08].

User Legal Rights
Users have the right to:

Request access to their Personal Data (i.e. to receive a copy of the Personal Data the Company holds about the User and to check that it is being lawfully processed).
Request correction of the Personal Data we hold (i.e. to have any incomplete or inaccurate data corrected, subject to verification of the accuracy of the new data provided).
Request erasure of Personal Data we hold (i.e. to request the deletion or removal of such data where there is no good reason for Virtual Petals continuing to process it). Note, however, that it may not always be possible to comply with a request of erasure for specific legal reasons (which will be notified, if applicable, at the time of the request).
Object to processing of Personal Data where we rely on a legitimate interest (or those of a third party) and the User objects to such processing on the ground that it impacts upon the User’s fundamental rights and freedoms. Users also have the right to object to the processing of Personal Data for direct marketing purposes. In some cases, there may be compelling legitimate grounds to process Personal Data which override a User’s rights and freedoms.
Request restriction of processing of Personal Data. This enables a User to request the suspension of processing of data in the following scenarios:
If the User wants us to establish the data’s accuracy.
Where use of the data is unlawful, but the User does not want us to erase it.
Where a User needs us to preserve the data even if it is no longer required for the provision of services related to the User’s membership but the User requires the data to establish, exercise or defend legal claims.
Where the User has objected to use of data but requires us to demonstrate overriding legitimate ground(s) to use it.
A User may withdraw consent at any time where we rely upon consent to process Personal Data. However, this will not affect the lawfulness of any processing carried out before the withdrawal of consent. In the event of withdrawal of consent, Virtual Petals may not be able to provide certain products or services to such User and will advise if this is the case at the time of withdrawal of consent.

Amendments
Any amendments to the Policy will be published via our notice board on the website (or at our discretion, individually to each User).