Shopify, Magento, Ycart, Wordpress, WooCommerce, PrestaShop

Last modified: January 1, 2025

Bres Communications Co., Ltd. (hereinafter referred to as the "Company") establishes and discloses this Privacy Policy to protect users' personal information in accordance with the Personal Information Protection Act and other relevant laws and regulations, and to promptly address any related grievances.

Article 1 (Items of Personal Information Collected)

The company collects the following personal information to provide its services.

• Inquiry/Consultation Request: Company Name, Contact Person, Phone Number, Email Address
• Consultation Service Application: Company Name, Contact Person, Phone Number, Email Address, Industry, Current System Information
• Request for Introduction Letter: Company Name, Contact Person, Email
• Automatically collected: IP address, cookies, visit date and time, service usage history

Article 2 (Purpose of Collection and Use of Personal Information)

• Service offerings: Counseling, consultation, consulting, solution implementation, etc.
• Customer Management: Identity Verification, Inquiry Handling, Notice Delivery
• Marketing Use: New service announcements, event information (with consent)
• Service Improvement: Service Usage Statistics Analysis, Quality Enhancement

Article 3 (Retention and Use Period of Personal Information)

The company destroys personal information without delay once the purpose of its collection and use has been achieved. However, if retention is required under relevant laws and regulations, the information is stored for the specified period.

• Records related to contracts or withdrawal of subscription: 5 years (Electronic Commerce Act)
• Records concerning payment settlements and the supply of goods, etc.: 5 years (Electronic Commerce Act)
• Records concerning consumer complaints or dispute resolution: 3 years (Electronic Commerce Act)
• Website visit records: 3 months (Communications Secrecy Protection Act)

Article 4 (Provision of Personal Information to Third Parties)

The company does not provide users' personal information to third parties as a general rule. However, exceptions apply when the user has given prior consent, when required by law, or when investigative agencies request such information in accordance with the procedures and methods stipulated by law for investigative purposes.

Article 5 (Entrustment of Personal Information Processing)

• Amazon Web Services (AWS): Cloud server operation and data storage
• HubSpot: Customer Inquiry Management and Marketing Automation
• Channel.io: Customer Support Service

Article 6 (Rights of the Data Subject)

Users may request access to, correction of, deletion of, or suspension of processing of their personal information. Requests to exercise these rights may be made via email (hello@b-works.link) or phone (0507-1325-3472), and the company will take action without delay.

Article 7 (Measures to Ensure the Security of Personal Information)

• Administrative Measures: Establish and implement internal management plans, conduct regular employee training
• Technical Measures: Encryption of personal information, access rights management, installation of security programs
• Physical Measures: Access control for computer rooms, data storage rooms, etc.

Article 8 (Personal Information Protection Officer)

For reporting or consulting regarding other personal information violations:

• Personal Information Infringement Reporting Center (privacy.kisa.or.kr / 118)
• Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
• Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301)
• National Police Agency Cyber Safety Bureau (ecrm.police.go.kr / 182)

This Privacy Policy will take effect on January 1, 2025.

Last modified: January 1, 2025

Article 1 (Purpose)

These Terms and Conditions are intended to define the rights, obligations, and responsibilities between the Company and users regarding the use of the website and related services provided by Breath Communications Co., Ltd. (hereinafter referred to as the "Company").

Article 2 (Definitions)

• "Services": Enterprise solutions provided by the company, including B2B e-commerce, ERP, SCM, WMS, OMS, and related consulting services.
• "User": A customer who accesses the Company's website and uses the service in accordance with these Terms and Conditions.
• "Member": A corporation or individual who has entered into a service usage agreement with the company

Article 3 (Effectiveness and Amendment of Terms)

• These Terms and Conditions take effect upon posting on the website.
• The company may amend these Terms and Conditions within the scope permitted by applicable laws and regulations.
• We will post notices on our website starting 7 days prior to the effective date of any terms and conditions revisions.

Article 4 (Provision of Services)

• B2B/B2C E-commerce Platform Development and Operation
• Implementation of enterprise solutions such as ERP, SCM, WMS, and OMS
• System Consultation and Consulting Services
• Cloud infrastructure setup and maintenance

Article 5 (User Obligations)

Users shall not engage in any of the following acts.

• Registration of false information
• Identity theft
• Unauthorized alteration of information posted by the company
• Infringement of intellectual property rights, including copyrights, of the company and third parties
• Acts damaging the reputation of the company or third parties, or acts interfering with their business operations
• Other illegal or improper acts

Article 6 (Obligations of the Company)

• We strive to provide continuous and stable service.
• We implement security systems to protect users' personal information.
• We handle users' legitimate opinions or complaints appropriately.

Article 7 (Service Usage Hours)

Service availability operates 24 hours a day, 365 days a year as a general rule. However, service may be temporarily suspended due to system maintenance, malfunctions, or other unforeseen circumstances.

Article 8 (Intellectual Property Rights)

• Copyright in works created by the company shall vest in the company.
• Users may not use information obtained through the service for commercial purposes or provide it to third parties without the company's prior consent.

Article 9 (Compensation for Damages)

• The company shall not be liable for any damages arising from the use of the free service.
• For paid services, a separate service agreement applies.

Article 10 (Dispute Resolution)

• Disputes between the Company and users shall be governed by the laws of the Republic of Korea.
• Any litigation concerning disputes shall be subject to the jurisdiction of the Seoul Central District Court as the court of first instance.

Article 11 (Inquiries)

These Terms of Use shall apply from January 1, 2025.

Last modified: January 1, 2025

Bres Communications Co., Ltd. operates a top-tier security system to safely protect our customers' valuable information and business data.

1. Security Principles

• Confidentiality: Only authorized users may access the information.
• Integrity: Ensuring the accuracy and completeness of information
• Availability: Accessible whenever needed
• Accountability: All activity logs and audits

2. Technical Security Measures

Data Encryption

• Transport Layer Encryption: Using the TLS 1.3 Protocol
• Stored Data Encryption: AES-256 Encryption Algorithm
• Database Encryption: Encrypt all databases containing customer information

Access Control

• Principle of Least Privilege: Grant only the minimum privileges necessary to perform the task.
• Multi-factor authentication (MFA): Implement multi-factor authentication for system access
• IP Restriction: Administrator access is only permitted from approved IP addresses.
• Session Management: Automatic Termination of Inactive Sessions

Network Security

• Firewall: Multi-layer firewall for network protection
• Intrusion Detection/Prevention: Real-time threat detection with IDS/IPS systems
• DDoS Defense: Protecting Against DDoS Attacks with AWS Shield

3. Administrative Security Measures

• Designation of Chief Information Security Officer (CISO)
• Dedicated security personnel operations
• Conducting regular security training for all employees
• Establishment and Implementation of Information Security Policies

4. Cloud Security

• AWS Region: Use of the Seoul Region (ap-northeast-2) ensures data is stored domestically.
• AWS IAM: Granular Access Permissions Management
• AWS CloudTrail: Records and audits all API calls
• AWS GuardDuty: Utilizing the Threat Detection Service

5. Backup and Disaster Recovery

• Regular Backup: Automatic backup performed at least once daily
• Multi-Region Backup: Disaster Recovery Backup Storage in Other Regions
• Recovery Testing: Conduct regular recovery tests
• RTO/RPO: Recovery Time Objective 4 hours, Recovery Point Objective within 1 hour

6. Security Incident Response

1. Detection: Anomaly detection through 24-hour monitoring
2. Analysis: Cause of the Accident and Scope of Impact Analysis
3. Response: Emergency measures to minimize damage
4. Recovery: System and Data Recovery
5. Improvement: Establish and implement measures to prevent recurrence

7. Customer Security Recommendations

• Use strong passwords (combination of letters, numbers, and special characters, 8 characters or more)
• Regular Password Change (Recommended every 90 days)
• After logging in on a public computer, be sure to log out.
• Beware of clicking on suspicious emails and links

8. Security Inquiries

This security policy will take effect on January 1, 2025.