This Privacy Policy (the "Policy") explains the way of treatment of the information which is provided or collected in the websites on which this Policy is posted. In addition the Policy also explains the information which is provided or collected in the course of using the applications of the Company which exist in the websites or platforms of other company.

Through this Policy, the Company regards personal information of the users as important and inform them of the purpose and method of Company's using the personal information provided by the users and the measures taken by the Company for protection of those personal information.

This Policy will be effective on 1st Jul, 2023 and, in case of modification thereof, the Company will make public notice of it through posting it on the bulletin board of Company's website or individual notice through sending mails, fax or e-mails).

Information to be collected and method of collection

Personal information items to be collected by the Company are as follows:

• Personal Data (or Data): The Company may collect the information directly provided by the users.

1. Collected information

– Name, address, telephone number, and email address
– Payment information including account number and card number
– Information of bid, purchase and sales
– Method of collection: mobile application

• Information collected while the users use services: Besides of information directly provided by the users, the Company may collect information in the course that the users use the service provided by the Company.

3. Equipment information

– Equipment identifier, operation system, hardware version, equipment set-up and telephone number
– Method of collection: mobile application

4. Log information

– Log data, use time, search word input by users, internet protocol address, cookie and web beacon
– Method of collection: mobile application

The Company agrees that it will obtain consent from the users, if the Company desires to use the information other than those expressly stated in this Policy.

Use of collected information

The Company uses the collected information of users for the following purposes:

• Managing support and contact requests and Analytics
• Performance of contract and service fee settlement regarding provision of services demanded by the users
• To detect and deter unauthorized or fraudulent use of or abuse of the Service
• Improvement of existing services and development of new services

The Company agrees that it will obtain consent from the users, if the Company desires to use the information other than those expressly stated in this Policy.

Sharing collected information

Except for the following cases, the Company will not share personal information with a 3rd party:

• When the Company shares the information with its affiliates, partners and service providers;
• When the sharing is required by the laws

– If required to be disclosed by the laws and regulations; or
– If required to be disclosed by the investigative agencies for detecting crimes in accordance with the procedure and method as prescribed in the laws and regulations

Period for retention and use of personal information

In principle, the Company destructs personal information of users without delay when: the purpose of its collection and use has been achieved; the legal or management needs are satisfied; or users request: Provided that, if it is required to retain the information by relevant laws and regulations, the Company will retain member information for certain period as designated by relevant laws and regulations.

• Record regarding contract or withdrawal of subscription: 5 years (The Act on Consumer Protection in Electronic Commerce)
• Record on payment and supply of goods: 5 years (The Act on Consumer Protection in Electronic Commerce)
• Record on consumer complaint or dispute treatment: 3 years (The Act on Consumer Protection in Electronic Commerce)
• Record on collection/process, and use of credit information: 3 years (The Act on Use and Protection of Credit Information)
• Record on sign/advertisement: 6 months(The Act on Consumer Protection in Electronic Commerce) ∘ Log record of users such as internet/data detecting the place of user connection: 3 months(The Protection of Communications Secrets Act)
• Other data for checking communication facts: 12 months (The Protection of Communications Secrets Act)

Procedure and method of destruction of personal information

In principle, the Company destructs the information immediately after the purposes of its collection and use have been achieved without delay: Provided that, if any information is to be retained as required by relevant laws and regulations, the Company retain it for the period as required by those laws and regulations before destruction and, in such event, the personal information which is stored and managed separately will never be used for other purposes. The Company destructs: hard copies of personal information by shredding with a pulverizer or incinerating it; and delete personal information stored in the form of electric file by using technological method making that information not restored.

Cookies and Similar Technologies

The Company and its service providers may use first and third party Cookies and Other Tracking Technologies, including web beacons, to manage our Sites and our services and collect analytics about how you use them. The Company and its service providers may collect information about whether you open or click any links in the knowledge, research or event communications that we send to you. The information provided throughout this Privacy Policy about cookies also applies to these other tracking technologies. Please refer to our Cookie Policy for more details regarding our use of Cookies and Other Tracking Technologies.

The users have an option for cookie installation. So, they may either allow all cookies by setting option in web browser, make each cookie checked whenever it is saved, or refuses all cookies to be saved: Provided that, if the user rejects the installation of cookies, it may be difficult for that user to use the parts of services provided by the Company.

Users' right to access and option

The users or their legal representatives, as main agents of the information, may exercise the following options regarding the collection, use and sharing of personal information by the Company:

• Exercise right to access to personal information;
• Make corrections or deletion;
• Make temporary suspension of treatment of personal information; or • request the withdrawal of their consent provided before

If, in order to exercise the above options, you, as an user, use the menu of 'amendment of member information of webpage or contact the Company by using representative telephone or sending a document or e-mails, or using telephone to the responsible department (or person in charge of management of personal information), the Company will take measures without delay: Provided that the Company may reject the request of you only to the extent that there exists either proper cause as prescribed in the laws or equivalent cause.

Security

The Company regards the security of personal information of uses as very important. The Company constructs the following security measures to protect the users' personal information from any unauthorized access, release, use or modification by the Personal Information protection Act.

• Establish and implement an internal privacy management plan. Establish an internal personal information management plan, containing matters in relation to the composition and operation of the privacy organization, such as the designation of privacy personnel, and inspect whether the internal management plan is implemented effectively each year. Provide education and training for staffs treating personal information.
• Actions are undertaken to control access to and restrict the right to access personal information. In order to prevent illegal access to personal information, The Company has established the standards for granting, modifying, and canceling access rights to the personal information processing system, and runs an intrusion prevention system and intrusion detection system. Employees that handle personal information are kept to a minimum, thereby reducing the risk of personal information leakage.
• Actions are taken to store personal information access records and prevent any forgery and tampering. The personal information handler stores and manages access records for the personal information processing system, periodically inspects access records to prevent any misuse, abuse, loss, forgery, and tampering of personal information, and safely stores the relevant access records so that they are not forged, stolen, or lost. Utilize security servers for transmitting encryption of personal information. Take measures of encryption for confidential information.
• The Company installs and renews security programs for personal information. The Company frequently backs up data to offset risk of any damage to personal information, and uses the latest antivirus software to prevent leakage or damage of users' personal information.
• The Company enforces physical actions to keep personal information safe. In order to prevent leakage or damage of members' personal information caused by hacking or computer viruses, The Company installs systems in areas with restricted access from the outside, and establishes and operates access control procedures.

Protection of personal information of children

In principle, the Company does not collect any information from the children under 13 or equivalent minimum age as prescribed in the laws in relevant jurisdiction. The website, products and services of the Company are the ones to be provided to ordinary people, in principle. The website or application of the Company has function to do age limit so that children cannot use it and the Company does not intentionally collect any personal information from children through that function.

Definitions and legal references

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User

The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.

This Application

The means by which the Personal Data of the User is collected and processed.

Service

The service provided by this Application as described in the relative terms (if available) and on this site/application.

Cookies

Small piece of data stored in the User's device.

Mobile Application Privacy Policy

What information does the Application obtain and how is it used?

The Application does not provide an option to create an account therefore, the Company do not store nor have access to your entries and data. Your data are stored only locally on your device and all calculations are done on your device as well. You can optionally backup your data to Google Drive (Android) or to Apple iCloud (iOS). Your backups are stored in your private cloud space and the Company don’t have access to your backup files.

The Company obtain your email address when you request support via email or customer support contact form. The Company use your email only to contact you to provide support, feedback or important information.

Backup

The Company advise our users to regularly backup their data. Our users can choose to manually export the backup file and store it wherever they want or they can optionally make cloud backups. The cloud backups are kept in users' private cloud space where the Company have no access.

Android Google Drive Backups Android users can optionally backup their data using Google Drive. Their backups are stored in their private Google Drive space and count against their quota. The Company use a secure connection to your Google Account and data is safely stored in a folder where the Company nor other apps have access. View Google Privacy Policy at https://www.google.com/policies/privacy/

The email and name permissions within the Android are requested in order to display the account details within the app to inform users about the account which is being used for the backups. The app does not keep email addresses and names within the app. The app asks Google Sign In for a connected account and displays the account info only when accessing the Backup section. Even if the user agreed to anonymous analytics data collection your email address or name is never sent with the analytics data.

iOS iCloud Backups iOS users can optionally backup their data using iCloud Drive. Their backups are stored in their private iCloud Drive space and count against their quota. iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information. You can find out more about iCloud security and privacy overview at https://support.apple.com/en-us/HT202303

Analytics

The application does NOT collect any usage or crash reporting data without your consent.

If you’ve agreed to data collection, the application collects some usage data that are essential for us to deliver our services, to understand your needs, and to improve our services. Such as app launches, taps, clicks, scrolling information, in-app purchases, screen visits, session durations, or other information about how you interact with our app. These data are anonymized and aggregated from all users who gave us collection consent. If you've agreed to data collection, the application also collects crashes and performance reports so the Company can improve the stability and performance of our app.

The application does NOT collect any user-generated content. Such as your name, surname, email, or anything you type within the app.

Photos

You can optionally attach a photo to your entry. Your photos are stored locally on your phone in our app's storage. If you choose to make a cloud backup (Google Drive or iCloud) your photos are transferred to your private cloud storage. They are counted against your storage quota. If you choose to manually export a backup file, the photos are included in the exported backup file alongside your entries. The Company have no access to your photos. Even if the user agreed to anonymous analytics data collection your photos are never sent with the analytics data.

Android

The Company use the following third-party services for our Android app:

Google Analytics for Firebase (Google Inc.)

• This service helps us to collect and analyze usage data in order to understand usage patterns and to improve our Android app.
• Data collected: various usage and device data such as cookies, unique device identifiers, Android Advertising ID, Firebase installation IDs, Analytics App Instance IDs, usage data, anonymized IP addresses, session durations, device models, operating systems, geography, in-app purchases, first launches, app opens, app updates
• Data retention: 2 months

Firebase Crashlytics (Google Inc.)

• This service helps us to identify crashes and errors in our app. It helps us to improve the reliability and stability of our Android app.
• Data collected: Crashlytics Installation UUIDs, crash traces, device models, geography, operating systems
• Data retention: 90 days

iOS

The Company use the following third-party services for our iOS app:

Google Analytics for Firebase (Google Inc.)

• This service helps us to collect and analyze usage data in order to understand usage patterns and to improve our iOS app.
• Data collected: various usage data, Firebase installation IDs, Analytics App Instance IDs, anonymized IP addresses, session durations, device models, operating systems, geography, in-app purchases, first launches, app opens, app updates
• Data retention: 2 months

Firebase Crashlytics (Google Inc.)

• This service helps us to identify crashes and errors in our app. It helps us to improve the reliability and stability of our iOS app.
• Data collected: Crashlytics Installation UUIDs, crash traces, device models, geography, operating systems
• Data retention: 90 days

Advertising

Advertising helps us to keep our app free. The premium version of our app does not serve any ads. The premium version also does not initialize or call any AdMob method.

The ad's content is NOT based on your entries or notes. The Company don’t share your data with the ads providers.

The iOS version of our app doesn't show third party ads. The free version of our Android app uses the following service:

AdMob (AdMob Google Inc.)
The Company use AdMob to display ad banners and other advertisements possibly based on your interests. AdMob uses cookies to identify users and they may use the behavioral retargeting technique, i.e. displaying ads tailored to your interests and behavior, including those detected outside our app. For example, if you've previously visited e-shop selling shoes you might see more ads promoting shoes or shoe shops.

Google's advertising requirements can be summed up by Google's Advertising Principles https://www.google.com/policies/privacy/partners/. They are put in place to provide a positive experience for users.

Personal data collected: Cookies, Google Advertiser ID

If you don’t want to see personalized ads based on your interests you might opt-out by using this link. Please note that you will see the same amount of ads but the ads will be less relevant to you.

Feedback

The Company use the following third-party service for our Android / iOS app:

Slack (Slack Technologies LLC.)

• This service helps us to collect feedbacks to improve our Android / iOS application
• Data collected: device models, geography, operating systems, sent message
• Data retention: by the end of operation of our Android / iOS application

Modification of Privacy Protection Policy

The Company reserve the right, at our sole discretion, to modify or replace this Policy at any time. Any changes the Company may make to our privacy policy in the future will be posted on this page. You should check this page from time to time and take note of any changes.

Responsible department of Company

The Company designates the following department and person in charge of personal information in order to protect personal information of customers and deal with complaints from customers:

• Owner and Data Controller responsible for privacy protection and customer service: Amoeba Company Limited
Address: F20, AP Tower, 518B Dien Bien Phu Street, Ward 21, Binh Thanh District, Ho Chi Minh City
E-mail: contact@amoeba.group

Legal information

This privacy statement has been prepared based on provisions of multiple legislations. This privacy policy relates solely to this Application, if not stated otherwise within this document.