MiriCanvas DesignHub Personal Information Processing Policy
To protect the freedom and rights of data subjects, MIRI D.I.H Design Hub (hereinafter " MIRI D.I.H ") complies with the provisions of the 「Personal Information Protection Act」 and related laws and regulations, lawfully processing and securely managing personal information. In accordance with Article 30 of the 「Personal Information Protection Act」, MIRI D.I.H hereby establish and disclose the following Privacy Policy to inform data subjects of the procedures and standards for the processing and protection of personal information and to handle related problems promptly and smoothly.
Article 1. Purpose of Processing, Items Processed, and Retention and Use Period of Personal Information
In accordance with the 「Personal Information Protection Act」, MIRI D.I.H collects and uses the minimum scope of personal information necessary to provide its services.
Cases where the data subject's consent is not obtained
MIRI D.I.H processes the following personal information items without the data subject's consent.
Legal Basis |
Category |
Purpose of Processing |
Items Processed |
Processing and Retention Period |
|---|---|---|---|---|
「Personal Information Protection Act」 Article 15, Paragraph 1, Subparagraph 4 ('Conclusion and Performance of a Contract') |
Customer Support Services |
Provision of 1:1 inquiry services |
Name, email address, inquiry details |
3 years after the inquiry is processed |
「Personal Information Protection Act」 Article 15, Paragraph 1, Subparagraph 4 ('Conclusion and Performance of a Contract') |
Settlement Service (Individual) |
Payment of design royalties |
Residency status in Korea, name, phone number, address
|
5 years after settlement |
Identity verification |
Name, date of birth, mobile phone number, DI |
|||
|
「Personal Information Protection Act」 Article 15, Paragraph 1, Subparagraph 2 ('Compliance with Legal Obligations') 「Income Tax Act」 Article 164, Paragraphs 1 and 2 「Income Tax Act」 Article 119 ('Withholding Tax for Non-residents') 「Tax Treaty」 Articles 156 and 156-2 |
Tax withholding processing |
For residents of Korea: resident registration number |
||
|
For residents outside Korea: identification number (copy of ID) or passport number (copy of passport), (for reduced tax rate application) passport number, copy of passport, reduced tax rate application form, certificate of residence | ||||
「Personal Information Protection Act」 Article 15, Paragraph 1, Subparagraph 4 ('Conclusion and Performance of a Contract') |
Settlement Service (Business) |
Payment of design royalties |
Residency status in Korea, business name (corporate name), phone number, business address, business registration certificate
|
5 years after settlement |
|
「Personal Information Protection Act」 Article 15, Paragraph 1, Subparagraph 2 ('Compliance with Legal Obligations') 「Value-Added Tax Act」 Article 32 ('Obligation to Issue Tax Invoices') 「Tax Treaty」 Articles 156 and 156-2 |
Tax filing |
For residents of Korea: business registration number |
||
Tax withholding processing |
For residents outside Korea: business registration number, (for reduced tax rate application) business registration certificate, reduced tax rate application form, certificate of residence |
Cases when Consent from the data subject is obtained MIRI D.I.H processes the following personal information items after obtaining the data subject's consent.
Legal Basis |
Category |
Purpose of Processing |
Items Processed |
Processing and Retention Period |
|---|---|---|---|---|
「Personal Information Protection Act」 Article 15, Paragraph 1, Subparagraph 1 ('Consent') |
Membership Service Operation |
Identity verification and personal identification for membership-based services, prevention of misuse by malicious members and unauthorized use, confirmation of intent to register, management of registration and limits on the number of registrations, record retention for dispute resolution, handling complaints, delivering notices |
Name, email address, password, mobile phone number |
Until membership withdrawal |
Article 2. Personal Information of Children Under 14 Years of Age
MIRI D.I.H does not collect or process personal information of children under the age of 14 for the provision of its services.
Article 3. Period of Processing and Retention of Personal Information
① MIRI D.I.H processes and retains personal information within the period of retention and use of personal information stipulated by law or agreed upon by the data subject at the time of collection.
② The specific processing and retention periods for each type of personal information are as follows:
1. Website Membership Registration and Management: Until membership withdrawal. However, in the following cases, until the reason for retention ceases to exist:
1) If an investigation or inquiry is underway due to a violation of relevant laws, until the said investigation or inquiry is concluded.
2) If any claims or debts remain from the use of the website, until the settlement of said claims or debts.
2. Provision of Goods or Services: Until the supply of goods/services is complete and payment/settlement is finalized. However, in the following cases, until the specified period ends:
- Records on contracts or withdrawal of offers: 5 years (「Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc.」 Article 6, Paragraph 1, Subparagraph 2)
- Records on payment and supply of goods: 5 years (「Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc.」 Article 6, Paragraph 1, Subparagraph 3)
- Records on consumer complaints or dispute resolution: 3 years (「Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc.」 Article 6, Paragraph 1, Subparagraph 4)
- Records on display and advertising: 6 months (「Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc.」 Article 6, Paragraph 1, Subparagraph 1)
3. Retention of communication confirmation data in accordance with Article 15-2, Paragraph 2 of the 「Protection of Communications Secrets Act」
- Computer communication, internet log records, access point tracking data: 3 months
Article 4. Procedure and Method of Personal Information Destruction
① MIRI D.I.H will destroy the relevant personal information without delay when it becomes unnecessary, such as upon the expiration of the retention period or the achievement of the processing purpose.
② If personal information must be retained in accordance with other laws, even after the retention period agreed upon by the data subject has expired or the processing purpose has been achieved, the said personal information will be transferred to a separate database (DB) or stored in a different location.
※ The items of personal information to be retained and the legal basis for retention can be found in 'Article 3. Period of Processing and Retention of Personal Information'.
③ The procedure and method of personal information destruction are as follows:
1. Destruction Procedure
MIRI D.I.H selects the personal information for which a reason for destruction has occurred and destroys it with the approval of MIRI D.I.H 's Chief Privacy Officer.
2. Destruction Method
MIRI D.I.H destroys personal information recorded and stored in electronic file format in a way that the records cannot be reproduced. Personal information recorded and stored in paper documents is shredded with a shredder or incinerated.
Article 5. Provision of Personal Information to Third Parties
MIRI D.I.H processes the personal information of data subjects only within the scope specified in the purpose of processing personal information. Personal information is provided to third parties only in cases falling under Articles 17 and 18 of the 「Personal Information Protection Act」, such as with the consent of the data subject or special provisions of the law. Otherwise, the data subject's personal information is not provided to third parties.
Article 6. Entrustment of Personal Information Processing
① For the processing of personal information, MIRI D.I.H entrusts the following personal information processing tasks, and provides this notice in accordance with Article 26, Paragraph 2 of the「Personal Information Protection Act」:
Entrusted Party (Trustee) |
Entrusted Task |
Sub-Entrustment Status |
|---|---|---|
NICE Information Service Co., Ltd. |
Account holder verification, mobile phone authentication, bank account real-name verification, and resident registration number validity check |
– |
② When concluding an entrustment agreement, in accordance with Article 26 of the 「Personal Information Protection Act」, MIRI D.I.H specifies in documents such as the contract matters concerning the prohibition of processing personal information for purposes other than performing the entrusted task, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages, and supervises whether the trustee processes personal information securely.
③ In accordance with Article 26, Paragraph 6 of the 「Personal Information Protection Act」, if the trustee re-entrusts MIRI D.I.H’s personal information processing tasks, they must obtain MIRI D.I.H 's consent, and MIRI D.I.H disclose the re-trustee and the content of the re-entrusted tasks through this Privacy Policy.
④ If the content of the entrusted task or the trustee changes, MIRI D.I.H will disclose it through this Privacy Policy without delay.
Article 7. Measures to Ensure the Security of Personal Information
MIRI D.I.H transfers personal information collected from data subjects overseas as set forth below, and hereby provides the following notice regarding cross-border transfers in accordance with Article 28-8, Paragraph 2 of the 「Personal Information Protection Act」. If you refuse cross-border transfers, you will not be able to use the services. If you do not wish to have your personal information transferred overseas, you may withdraw your membership through the website (top right: Member Name – My Information – Delete Account) or the mobile application (My – Member Name – Delete Account), or request membership withdrawal by contacting the Design Request Team (☎ 070-4355-4884).
Legal Basis |
Category |
Details |
「Personal Information Protection Act」 Article 28-8, Paragraph 1, Subparagraph 3 ('Entrusted processing∙Storage of Personal Information') |
Recipient |
Zendesk |
Destination Country of Transfer |
Japan |
|
Timing and Method of Transfer |
Immediately upon use of the “Contact Us” service, transmitted in encrypted form via the Internet |
|
Personal Information Transferred |
Name, email address, inquiry details |
|
Purpose of Use |
To provide customer inquiry services and manage inquiry records |
|
Retention and Use Period |
3 years from the date the inquiry is received |
|
Contact Information |
Article 8. Measures to Ensure the Security of Personal Information
MIRI D.I.H takes the following measures to ensure the security of personal information:
Administrative Measures: Establishment and implementation of an internal management plan, regular employee training, operation of a dedicated organization.
Technical Measures: Management of access rights to the personal information processing system, installation of an access control system and other related protective measures, internet network blocking measures, encryption of personal information, storage and inspection of access records, installation and updating of security programs, inspection and supplementation of vulnerabilities in the personal information processing system.
Physical Measures: Access control for computer rooms, data storage rooms, etc., storage of documents and auxiliary storage media in a secure location with a locking device, safety measures against disasters and calamities, control of the entry and exit of auxiliary storage media.
Article 9. Matters Concerning the Installation, Operation, and Opting out of Automatic Collection Devices for Behavioral Information
(1) Cookies
① To provide personalized services and convenience to data subjects, MIRI D.I.H uses 'cookies' that store and frequently retrieve usage information.
② A cookie is a small amount of information that the server (http) used to operate the website sends to the data subject's browser. It is stored on the data subject's computer or mobile device and is automatically transmitted to the server from the data subject's browser when accessing the website.
③ Data subjects can configure their browser options to allow or block cookies. Data subjects may refuse the use of cookies through browser settings, and the methods for blocking cookies may vary depending on the type of web browser.
▶ Cookie Settings by Web Browser
・ Chrome Web Browser (View)
・ Edge Web Browser (View)
・ Safari Web Browser (View)
・ Firefox Web Browser (View)
(2) Web Log Analysis
① MIRI D.I.H may use a web log analysis tool (Google Analytics) to analyze users’ service usage information (such as navigation, clicks, and conversions).
② If you wish to discontinue web log analysis, you may block it by following the instructions provided on the page below.
・ Google Analytics Opt-out Browser Add-on (View)
Article 10. Processing and Opting out of Behavioral Information
① During the service use process, MIRI D.I.H processes behavioral information in a non-identifying manner using automatic collection devices such as cookies to provide optimized personalized services, benefits, and online customized advertisements to data subjects.
② MIRI D.I.H collects behavioral information on the websites it operates as follows:
Items Collected |
Collection Method |
Purpose of Collection |
Retention and Use Period |
Access and usage history of MIRI D.I.H’s app |
Automatic collection when accessing and using the web/app |
Analysis of service usage patterns, and service improvement |
Destroyed 14 months from the date of collection |
③ MIRI D.I.H provides behavioral information to third parties as follows:
Recipient |
Items Provided |
Recipient's Purpose of Use |
Recipient's Retention and Use Period |
|
Microsoft Clarity (Microsoft Corporation) Google Analytics (Google LLC) |
Usage history of MIRI D.I.H’s web/app |
Analysis of service usage patterns and service improvement |
Destroyed 14 months from the date of provision |
④ MIRI D.I.H collects only the minimum behavioral information necessary for optimized personalized services and benefits, and does not collect sensitive behavioral information that could infringe on an individual's rights, interests, or privacy, such as thoughts, beliefs, or medical history.
⑤ Data subjects can collectively block or allow customized advertising by changing their web browser's cookie settings. However, changing cookie settings may restrict the use of some services, such as automatic website login.
▶ Blocking/Allowing Customized Advertising via Web Browser
(1) Chrome
❶ How to delete cookies stored in the web browser
In Chrome, click the '⋮' icon at the top right, then click 'Settings'.
On the left side of the settings page, click 'Privacy and security', then click 'Clear browsing data' and choose whether to clear browsing data.
❷ How to block third-party cookies in the web browser
In Chrome, click the '⋮' icon at the top right, then click 'Settings'.
On the left side of the settings page, click 'Privacy and security', then click 'Third-party cookies' and choose whether to 'Block third-party cookies'.
❸ How to block all cookies from being saved in the web browser
Additionally, in Chrome, click the '⋮' icon at the top right, then click 'New Incognito window'. This will switch to Incognito mode, where your browsing history, cookies, site data, and information entered in forms will not be saved on your device.
(2) Edge
❶ How to delete cookies stored in the web browser
In Edge, click the '...' icon at the top right, then click 'Settings'.
On the left side of the settings page, click 'Cookies and site permissions', then click 'Manage and delete cookies and site data' and choose whether to clear all cookies and site data.
❷ How to block third-party cookies in the web browser
In Edge, click the '...' icon at the top right, then click 'Settings'.
On the left side of the settings page, click 'Privacy, search, and services', and in the 'Tracking prevention' section, select whether to enable 'Tracking prevention' and the level (Balanced or Strict).
Alternatively, on the left side of the settings page, click 'Cookies and site permissions', then click 'Manage and delete cookies and site data' and select 'Block third-party cookies'.
❸ How to block all cookies from being saved in the web browser
In Edge, click the '...' icon at the top right, then click ‘New InPrivate window’. This will switch to InPrivate mode, where your browsing history, cookies, site data, and information entered in forms will not be saved on your device.
⑥ Data subjects can inquire about matters related to behavioral information, exercise their right to refusal, and report damages by contacting the following department.
▶ Department in charge of Personal Information Protection
Department Name: Design Request Team
Contact: <070-4355-4884>, creative@miridih.com
Article 11. Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them
① Data subjects can, at any time, exercise the right to request access, portability, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information (hereinafter referred to as "the exercise of rights").
② The exercise of rights can be done in writing, by phone, email, fax (FAX), or online to MIRI D.I.H in accordance with Article 41, Paragraph 1 of the 「Enforcement Decree of the Personal Information Protection Act」, and MIRI D.I.H will take action without delay.
Data subjects can directly view, correct, delete, suspend processing, or withdraw consent for their personal information at any time on the website by navigating to 'Member Name > My Information' at the top right, or request access through 'Contact Us'.
Data subjects may exercise their rights by contacting the department below. The Company will respond within 10 days from the date of receiving the request for exercising rights (immediately in the case of requests for data transfer).
▶ Department for Receiving and Handling Requests to Exercise Personal Information Rights
Department: Design Request Team
Address: TP Tower, 8F, 13F, 14F, 17F, #1004, 12 Digital-ro 31-gil, Guro-gu, Seoul, Republic of Korea
Contact: <070-4355-4884>, creative@miridih.com
③ The exercise of rights can also be done through an agent, such as the data subject's legal representative or a person who has been delegated authority. In this case, you must submit a power of attorney according to the [Form 11] of the "Notice on How to Process Personal Information".
④ The data subject's right to request access to and suspension of processing of personal information may be restricted by Article 35, Paragraph 4 and Article 37, Paragraph 2 of the 「Personal Information Protection Act」.
⑤ The data subject cannot request the deletion of personal information if it is specified as an object of collection in other laws.
⑥ MIRI D.I.H verifies whether the person exercising the rights is the data subject themselves or a legitimate agent.
Article 12. Chief Privacy Officer & Responsible PersonnelNotice of Changes to the Personal Information Processing Policy
① MIRI D.I.H has designated the following persons as the Chief Privacy Officer and Personal Information Manager to remain responsible for responding to Data subjects' inquiries regarding personal information and resolving any related complaints.
▶ Chief Privacy Officer
Name: Heo Young-min
Position: COO
Contacts: <070-4355-4884>, creative@miridih.com
▶ Personal Information Protection Department
Department Name: Design Request Team
Contacts: <070-4355-4884>, creative@miridih.com
② For any privacy-related questions, complaints, or concerns that arise while using MIRI D.I.H 's services, data subjects can contact the Chief Privacy Officer and the Privacy Department. MIRI D.I.H will respond promptly to all inquiries.
Article 13. Remedies for Infringement of Rights
Data subjects may seek remedies and consultations for personal information infringement at the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, etc. For other reports and consultations on personal information infringement, please contact the institutions below.
Personal Information Dispute Mediation Committee: (no area code) 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: (no area code) 118 (privacy.kisa.or.kr)
National Police Agency: (no area code) 182 (http://ecrm.police.go.kr )
Article 14. Changes to the Personal Information Processing Policy
① This Privacy Policy will take effect on February 24, 2026.
② Previous versions of the Privacy Policy can be found below.
Effective period: October 15, 2025 – February 23, 2026 (View more)
Effective period: February 8, 2024 – October 14, 2025 (View more)
Effective period: December 22, 2022 – February 7, 2024 (View more)
Supplementary Terms
The following additional terms apply respectively to users having residence in or nationality of certain countries. In the event of any conflict between the following additional terms and the provisions of the main body of this Policy, the following terms shall prevail. The Company shall try to comply with any legal regulation of countries which may be applied to the User and the Company.
1. For Users Having Usual Residence in European Union
The purpose and basis of personal information processing
The Company uses the collected personal information only for the purposes stated in Article 3, gives the User advance notice of this fact, and seeks the User's consent. Also, in accordance with the GDPR etc., the Company may process the User's personal information if any one of the following applies:
(1) The data subject consented;
(2) It is for the conclusion and performance of a contract with the data subject;
(3) It is to comply with legal requirements;
(4) Processing is necessary for the crucial interest of the data subject; or
(5) It is for the pursuit of the Company's legitimate interests (the foregoing does not apply where the data subject's interests, rights, or freedoms are more important than the interests pursued by the Company).
The guarantee of the rights of the User who uses the Company's services within the European Union (EU)
According to the GDPR etc., the User may request the Company to transfer their personal information to a different manager, and may also refuse the processing of their personal information. Furthermore, the User retains the right to bring grievances on the processing of their personal information before the personal information protection authorities.
Meanwhile, the Company may use personal information to provide marketing such as events or advertisement to the User and seeks the User's consent in relation to the foregoing; the User may at any time withdraw their consent if such marketing is not desired.
The User may request the foregoing requests by means such as telephone, email, documents etc.; the Company will act on such request without delay once it is filed.
If modification or correction is requested for errors in the User's personal information, the Company will not use or provide such personal information of the User until such matter is modified or corrected.
Personal Information of Children
For the Users having usual residence in EU (including UK, Switzerland), the Company’s services is designed for a general audience and is not directed towards children. In connection with the Company’s service, the Company does not knowingly collect or maintain personal information from anyone under the age of sixteen (16) or knowingly allow such persons to use the Company’s service. If you are under sixteen (16), please do not attempt to register for the Company’s service or provide the Company with any personal information. If the Company learns that a person under the age of sixteen (16) has provided the Company with any personal information, the Company shall promptly delete such personal information. If you believe that a child under age sixteen (16) may have provided the Company with personal information, please contact the Company using the information specified in the Policy.
2. For Users Having Usual Residence in California, and Virginia, United States
If the Users reside in California and Virginia, certain rights may be given. The Company shall prepare preventive measures necessary for protecting personal information of Users so that the Company may comply with California Privacy Rights Act of 2020 (hereinafter referred to as “CPRA”) and Virginia Consumer Data Protection Act (hereinafter referred to as “VCDPA”) when necessary.
3. For Users Having Usual Residence in Japan
Use of Personal Information of Users
The Company process the User’s personal information when this is necessary under the Company’s agreement with the User, to provide Users with the Company’s service, and specific features users select when using the Company’s service, which may require personalizing the content of the Company’s service mainly regulated in Article 3 of this Policy.
Provision and Outsourcing of Personal Information of Users
Article 7 and 8 of this Policy shall be applied on the provision and outsourcing of personal information of Users