Tiko Pay (Sooho) Privacy Policy
Tiko Pay (Sooho) Privacy Policy
Sooho Co., Ltd. (hereinafter referred to as the "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the 「Personal Information Protection Act」 to protect the personal information of data subjects and to promptly and smoothly handle any related grievances.
Sooho Co., Ltd. (hereinafter referred to as the "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the 「Personal Information Protection Act」 to protect the personal information of data subjects and to promptly and smoothly handle any related grievances.
Article 1 (Purpose of Processing Personal Information)
1. Membership Registration and Management
Confirmation of intent to join membership
Identification and authentication for providing membership services
Maintenance and management of membership status
Prevention of unauthorized use of services
Various notices and notifications
Handling of grievances
Preservation of records for dispute adjustment
2. Provision of Goods or Services
Service provision
Content provision
Provision of customized services
Identity authentication
Payment and settlement of fees
Debt collection
3. Know Your Customer (KYC) and Anti-Money Laundering (AML)
Customer verification (KYC) in accordance with the 「Act on Reporting and Using Specified Financial Transaction Information」
Prevention of money laundering and terrorist financing
Monitoring and reporting of suspicious transactions
Verification of sanctioned individuals
Identification of beneficial owners
4. Utilization for Marketing and Advertising
Development of new services and provision of customized services
Provision of event and promotional information and opportunities for participation
Provision of services and placement of advertisements based on demographic characteristics
Confirmation of service validity
Monitoring of access frequency
Statistics on members' service use
5. Performance of Legal Obligations
Retention of transaction records in accordance with the 「Electronic Financial Transactions Act」
Fulfillment of reporting obligations in accordance with the 「Foreign Exchange Transactions Act」
Retention of transaction records in accordance with the 「Act on the Consumer Protection in Electronic Commerce」
1. Membership Registration and Management
Confirmation of intent to join membership
Identification and authentication for providing membership services
Maintenance and management of membership status
Prevention of unauthorized use of services
Various notices and notifications
Handling of grievances
Preservation of records for dispute adjustment
2. Provision of Goods or Services
Service provision
Content provision
Provision of customized services
Identity authentication
Payment and settlement of fees
Debt collection
3. Know Your Customer (KYC) and Anti-Money Laundering (AML)
Customer verification (KYC) in accordance with the 「Act on Reporting and Using Specified Financial Transaction Information」
Prevention of money laundering and terrorist financing
Monitoring and reporting of suspicious transactions
Verification of sanctioned individuals
Identification of beneficial owners
4. Utilization for Marketing and Advertising
Development of new services and provision of customized services
Provision of event and promotional information and opportunities for participation
Provision of services and placement of advertisements based on demographic characteristics
Confirmation of service validity
Monitoring of access frequency
Statistics on members' service use
5. Performance of Legal Obligations
Retention of transaction records in accordance with the 「Electronic Financial Transactions Act」
Fulfillment of reporting obligations in accordance with the 「Foreign Exchange Transactions Act」
Retention of transaction records in accordance with the 「Act on the Consumer Protection in Electronic Commerce」
Article 2 (Processing and Retention Period of Personal Information)
The Company processes and retains personal information within the period of retention and use of personal information in accordance with relevant laws or within the period agreed upon when collecting personal information from the data subject.
The processing and retention periods for each type of personal information are as follows:
A. Membership Registration and Management
Retention Period: Until withdrawal of membership
However, in the following cases, until the termination of the relevant reason:
If an investigation or inquiry is underway due to a violation of relevant laws: Until the end of the investigation or inquiry.
If there is a remaining debt/credit relationship resulting from the use of services: Until the settlement of the relevant debt/credit relationship.
B. Provision of Goods or Services
Retention Period: Until the completion of the supply of goods/services and completion of fee payment/settlement.
However, in the following cases, until the end of the relevant period:
Records regarding transactions such as labels/advertisements, contract contents, and execution under the 「Act on the Consumer Protection in Electronic Commerce」:
Records on labels/advertisements: 6 months
Records on contracts or withdrawal of subscription, payment, and supply of goods: 5 years
Records on consumer complaints or dispute handling: 3 years
Retention of communication fact confirmation data under the 「Protection of Communications Secrets Act」:
Date/time of telecommunications, start/end time, counterpart number, frequency of use, location data of base station: 1 year
Computer communication, internet log records, access location tracking data: 3 months
C. Know Your Customer (KYC) and Anti-Money Laundering (AML)
Retention Period: 5 years after the termination of the transaction
Legal Basis: Article 5-2 of the 「Act on Reporting and Using Specified Financial Transaction Information」
D. Electronic Financial Transaction Records
Retention Period: 5 years
Legal Basis: Article 22 of the 「Electronic Financial Transactions Act」
E. Foreign Exchange Transaction Records
Retention Period: 5 years
Legal Basis: Article 18 of the 「Foreign Exchange Transactions Act」
The Company processes and retains personal information within the period of retention and use of personal information in accordance with relevant laws or within the period agreed upon when collecting personal information from the data subject.
The processing and retention periods for each type of personal information are as follows:
A. Membership Registration and Management
Retention Period: Until withdrawal of membership
However, in the following cases, until the termination of the relevant reason:
If an investigation or inquiry is underway due to a violation of relevant laws: Until the end of the investigation or inquiry.
If there is a remaining debt/credit relationship resulting from the use of services: Until the settlement of the relevant debt/credit relationship.
B. Provision of Goods or Services
Retention Period: Until the completion of the supply of goods/services and completion of fee payment/settlement.
However, in the following cases, until the end of the relevant period:
Records regarding transactions such as labels/advertisements, contract contents, and execution under the 「Act on the Consumer Protection in Electronic Commerce」:
Records on labels/advertisements: 6 months
Records on contracts or withdrawal of subscription, payment, and supply of goods: 5 years
Records on consumer complaints or dispute handling: 3 years
Retention of communication fact confirmation data under the 「Protection of Communications Secrets Act」:
Date/time of telecommunications, start/end time, counterpart number, frequency of use, location data of base station: 1 year
Computer communication, internet log records, access location tracking data: 3 months
C. Know Your Customer (KYC) and Anti-Money Laundering (AML)
Retention Period: 5 years after the termination of the transaction
Legal Basis: Article 5-2 of the 「Act on Reporting and Using Specified Financial Transaction Information」
D. Electronic Financial Transaction Records
Retention Period: 5 years
Legal Basis: Article 22 of the 「Electronic Financial Transactions Act」
E. Foreign Exchange Transaction Records
Retention Period: 5 years
Legal Basis: Article 18 of the 「Foreign Exchange Transactions Act」
Article 3 (Provision of Personal Information to Third Parties)
The Company processes the personal information of the data subject only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases falling under Articles 17 and 18 of the 「Personal Information Protection Act」, such as the data subject's consent or special provisions of the law.
The Company provides personal information to third parties as follows:
A. Korea Financial Intelligence Unit (KoFIU)
Recipient: Korea Financial Intelligence Unit
Purpose: Reporting of suspicious transactions
Items provided: Name, date of birth, address, transaction details
Retention and Use Period: Retention period in accordance with laws
B. Financial Supervisory Service (FSS)
Recipient: Financial Supervisory Service
Purpose: Financial supervision and inspection
Items provided: Name, date of birth, address, transaction details
Retention and Use Period: Retention period in accordance with laws
C. Investigative Agencies
Recipient: Prosecution, Police, and other investigative agencies
Purpose: Cooperation with investigations
Items provided: Items requested by the investigative agency
Retention and Use Period: Until the purpose of the investigation is achieved
The Company does not provide personal information to third parties without the consent of the data subject, except in the following cases:
Where there are special provisions in the law or it is inevitable to comply with legal obligations.
Where it is inevitable for a public institution to perform its duties as prescribed by laws.
Where the data subject or his/her legal representative is unable to express his/her intention or prior consent cannot be obtained due to unknown address, etc., and it is clearly recognized as necessary for the urgent interests of the life, body, or property of the data subject or a third party.
The Company processes the personal information of the data subject only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases falling under Articles 17 and 18 of the 「Personal Information Protection Act」, such as the data subject's consent or special provisions of the law.
The Company provides personal information to third parties as follows:
A. Korea Financial Intelligence Unit (KoFIU)
Recipient: Korea Financial Intelligence Unit
Purpose: Reporting of suspicious transactions
Items provided: Name, date of birth, address, transaction details
Retention and Use Period: Retention period in accordance with laws
B. Financial Supervisory Service (FSS)
Recipient: Financial Supervisory Service
Purpose: Financial supervision and inspection
Items provided: Name, date of birth, address, transaction details
Retention and Use Period: Retention period in accordance with laws
C. Investigative Agencies
Recipient: Prosecution, Police, and other investigative agencies
Purpose: Cooperation with investigations
Items provided: Items requested by the investigative agency
Retention and Use Period: Until the purpose of the investigation is achieved
The Company does not provide personal information to third parties without the consent of the data subject, except in the following cases:
Where there are special provisions in the law or it is inevitable to comply with legal obligations.
Where it is inevitable for a public institution to perform its duties as prescribed by laws.
Where the data subject or his/her legal representative is unable to express his/her intention or prior consent cannot be obtained due to unknown address, etc., and it is clearly recognized as necessary for the urgent interests of the life, body, or property of the data subject or a third party.
Article 4 (Rights and Obligations of Data Subjects and How to Exercise Them)
Data subjects may exercise the following rights related to personal information protection against the Company at any time:
Request to view personal information
Request for correction if there are errors, etc.
Request for deletion
Request to suspend processing
Rights under Paragraph 1 may be exercised through writing, e-mail, facsimile (FAX), etc., in accordance with Form 8 of the Enforcement Rules of the 「Personal Information Protection Act」, and the Company will take action without delay.
If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
Rights under Paragraph 1 may be exercised through an agent, such as a legal representative or a person delegated by the data subject. In this case, a power of attorney in accordance with Form 11 of the "Notification on Personal Information Processing Methods (No. 2020-7)" must be submitted.
Data subjects must not infringe on the personal information and privacy of themselves or others processed by the Company in violation of relevant laws such as the 「Personal Information Protection Act」.
Data subjects may exercise the following rights related to personal information protection against the Company at any time:
Request to view personal information
Request for correction if there are errors, etc.
Request for deletion
Request to suspend processing
Rights under Paragraph 1 may be exercised through writing, e-mail, facsimile (FAX), etc., in accordance with Form 8 of the Enforcement Rules of the 「Personal Information Protection Act」, and the Company will take action without delay.
If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
Rights under Paragraph 1 may be exercised through an agent, such as a legal representative or a person delegated by the data subject. In this case, a power of attorney in accordance with Form 11 of the "Notification on Personal Information Processing Methods (No. 2020-7)" must be submitted.
Data subjects must not infringe on the personal information and privacy of themselves or others processed by the Company in violation of relevant laws such as the 「Personal Information Protection Act」.
Article 5 (Items of Personal Information to be Processed)
The Company processes the following personal information items:
1. Membership Registration and Management
Required: Name, date of birth, ID, password, mobile phone number, email address
Optional: Address, occupation
2. Merchant Membership Registration
Required: Corporate name (or business name), business registration number, representative name, representative date of birth, business address, type of business, status of business, mobile phone number, email address, settlement account information
Optional: Contact person information
3. Foreign Tourist Membership Registration
Required: Name (in English), date of birth, nationality, passport number, mobile phone number, email address
Optional: Address of stay
4. Provision of Goods or Services
Required: Transaction details, transaction amount, transaction date/time, transaction location
Optional: None
5. Digital Voucher Issuance and Exchange
Required: Issued amount, issuance date/time, exchange amount, exchange date/time, exchange account information
Optional: None
6. Know Your Customer (KYC)
Required: Copy of ID, copy of business registration certificate (for merchants), purpose of transaction, source of funds, beneficial owner information (for corporations)
Optional: Financial statements (for corporations)
7. In the process of using internet services, the following personal information items may be automatically generated and collected:
IP address, cookies, MAC address, service use records, visit records, bad use records, etc.
The Company processes the following personal information items:
1. Membership Registration and Management
Required: Name, date of birth, ID, password, mobile phone number, email address
Optional: Address, occupation
2. Merchant Membership Registration
Required: Corporate name (or business name), business registration number, representative name, representative date of birth, business address, type of business, status of business, mobile phone number, email address, settlement account information
Optional: Contact person information
3. Foreign Tourist Membership Registration
Required: Name (in English), date of birth, nationality, passport number, mobile phone number, email address
Optional: Address of stay
4. Provision of Goods or Services
Required: Transaction details, transaction amount, transaction date/time, transaction location
Optional: None
5. Digital Voucher Issuance and Exchange
Required: Issued amount, issuance date/time, exchange amount, exchange date/time, exchange account information
Optional: None
6. Know Your Customer (KYC)
Required: Copy of ID, copy of business registration certificate (for merchants), purpose of transaction, source of funds, beneficial owner information (for corporations)
Optional: Financial statements (for corporations)
7. In the process of using internet services, the following personal information items may be automatically generated and collected:
IP address, cookies, MAC address, service use records, visit records, bad use records, etc.
Article 5 (Items of Personal Information to be Processed)
The Company processes the following personal information items:
1. Membership Registration and Management
Required: Name, date of birth, ID, password, mobile phone number, email address
Optional: Address, occupation
2. Merchant Membership Registration
Required: Corporate name (or business name), business registration number, representative name, representative date of birth, business address, type of business, status of business, mobile phone number, email address, settlement account information
Optional: Contact person information
3. Foreign Tourist Membership Registration
Required: Name (in English), date of birth, nationality, passport number, mobile phone number, email address
Optional: Address of stay
4. Provision of Goods or Services
Required: Transaction details, transaction amount, transaction date/time, transaction location
Optional: None
5. Digital Voucher Issuance and Exchange
Required: Issued amount, issuance date/time, exchange amount, exchange date/time, exchange account information
Optional: None
6. Know Your Customer (KYC)
Required: Copy of ID, copy of business registration certificate (for merchants), purpose of transaction, source of funds, beneficial owner information (for corporations)
Optional: Financial statements (for corporations)
7. In the process of using internet services, the following personal information items may be automatically generated and collected:
IP address, cookies, MAC address, service use records, visit records, bad use records, etc.
The Company processes the following personal information items:
1. Membership Registration and Management
Required: Name, date of birth, ID, password, mobile phone number, email address
Optional: Address, occupation
2. Merchant Membership Registration
Required: Corporate name (or business name), business registration number, representative name, representative date of birth, business address, type of business, status of business, mobile phone number, email address, settlement account information
Optional: Contact person information
3. Foreign Tourist Membership Registration
Required: Name (in English), date of birth, nationality, passport number, mobile phone number, email address
Optional: Address of stay
4. Provision of Goods or Services
Required: Transaction details, transaction amount, transaction date/time, transaction location
Optional: None
5. Digital Voucher Issuance and Exchange
Required: Issued amount, issuance date/time, exchange amount, exchange date/time, exchange account information
Optional: None
6. Know Your Customer (KYC)
Required: Copy of ID, copy of business registration certificate (for merchants), purpose of transaction, source of funds, beneficial owner information (for corporations)
Optional: Financial statements (for corporations)
7. In the process of using internet services, the following personal information items may be automatically generated and collected:
IP address, cookies, MAC address, service use records, visit records, bad use records, etc.
Article 5 (Items of Personal Information to be Processed)
The Company processes the following personal information items:
1. Membership Registration and Management
Required: Name, date of birth, ID, password, mobile phone number, email address
Optional: Address, occupation
2. Merchant Membership Registration
Required: Corporate name (or business name), business registration number, representative name, representative date of birth, business address, type of business, status of business, mobile phone number, email address, settlement account information
Optional: Contact person information
3. Foreign Tourist Membership Registration
Required: Name (in English), date of birth, nationality, passport number, mobile phone number, email address
Optional: Address of stay
4. Provision of Goods or Services
Required: Transaction details, transaction amount, transaction date/time, transaction location
Optional: None
5. Digital Voucher Issuance and Exchange
Required: Issued amount, issuance date/time, exchange amount, exchange date/time, exchange account information
Optional: None
6. Know Your Customer (KYC)
Required: Copy of ID, copy of business registration certificate (for merchants), purpose of transaction, source of funds, beneficial owner information (for corporations)
Optional: Financial statements (for corporations)
7. In the process of using internet services, the following personal information items may be automatically generated and collected:
IP address, cookies, MAC address, service use records, visit records, bad use records, etc.
The Company processes the following personal information items:
1. Membership Registration and Management
Required: Name, date of birth, ID, password, mobile phone number, email address
Optional: Address, occupation
2. Merchant Membership Registration
Required: Corporate name (or business name), business registration number, representative name, representative date of birth, business address, type of business, status of business, mobile phone number, email address, settlement account information
Optional: Contact person information
3. Foreign Tourist Membership Registration
Required: Name (in English), date of birth, nationality, passport number, mobile phone number, email address
Optional: Address of stay
4. Provision of Goods or Services
Required: Transaction details, transaction amount, transaction date/time, transaction location
Optional: None
5. Digital Voucher Issuance and Exchange
Required: Issued amount, issuance date/time, exchange amount, exchange date/time, exchange account information
Optional: None
6. Know Your Customer (KYC)
Required: Copy of ID, copy of business registration certificate (for merchants), purpose of transaction, source of funds, beneficial owner information (for corporations)
Optional: Financial statements (for corporations)
7. In the process of using internet services, the following personal information items may be automatically generated and collected:
IP address, cookies, MAC address, service use records, visit records, bad use records, etc.
Article 6 (Destruction of Personal Information)
The Company destroys personal information without delay when the personal information becomes unnecessary, such as the expiration of the retention period or achievement of the processing purpose.
If personal information must continue to be preserved in accordance with other laws despite the expiration of the retention period agreed upon by the data subject or the achievement of the processing purpose, the personal information will be moved to a separate database (DB) or preserved in a different storage location.
The procedure and method of destruction of personal information are as follows:
Destruction Procedure: The Company selects the personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the Company's Privacy Officer.
Destruction Method: The Company destroys personal information recorded and stored in the form of electronic files using methods such as Low Level Format so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding with a shredder or incinerating.
The Company destroys personal information without delay when the personal information becomes unnecessary, such as the expiration of the retention period or achievement of the processing purpose.
If personal information must continue to be preserved in accordance with other laws despite the expiration of the retention period agreed upon by the data subject or the achievement of the processing purpose, the personal information will be moved to a separate database (DB) or preserved in a different storage location.
The procedure and method of destruction of personal information are as follows:
Destruction Procedure: The Company selects the personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the Company's Privacy Officer.
Destruction Method: The Company destroys personal information recorded and stored in the form of electronic files using methods such as Low Level Format so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding with a shredder or incinerating.
Article 7 (Measures to Ensure the Safety of Personal Information)
The Company is taking the following measures to ensure the safety of personal information:
Administrative Measures: Establishment and implementation of an internal management plan, minimization and training of employees handling personal information, and regular self-audits.
Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and periodic update/inspection of security programs, and technical countermeasures against hacking, etc.
Physical Measures: Access control to the computer room and data storage room, and use of locking devices for documents and auxiliary storage media containing personal information.
Encryption of Personal Information: The user's password is stored and managed in an encrypted form so that only the user knows it, and important data uses separate security functions such as encrypting files and transmission data or using a file lock function.
Technical Countermeasures against Hacking: The Company installs security programs and periodically updates and inspects them to prevent personal information leakage and damage caused by hacking or computer viruses. Systems are installed in areas where access from the outside is controlled, and monitored and blocked technically and physically.
Limitation of Access to Personal Information: Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and unauthorized access from the outside is controlled using an intrusion blocking system.
Retention of Access Records and Prevention of Forgery: Access records to the personal information processing system are stored and managed for at least one year, and security functions are used to prevent forgery, theft, or loss of access records.
The Company is taking the following measures to ensure the safety of personal information:
Administrative Measures: Establishment and implementation of an internal management plan, minimization and training of employees handling personal information, and regular self-audits.
Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and periodic update/inspection of security programs, and technical countermeasures against hacking, etc.
Physical Measures: Access control to the computer room and data storage room, and use of locking devices for documents and auxiliary storage media containing personal information.
Encryption of Personal Information: The user's password is stored and managed in an encrypted form so that only the user knows it, and important data uses separate security functions such as encrypting files and transmission data or using a file lock function.
Technical Countermeasures against Hacking: The Company installs security programs and periodically updates and inspects them to prevent personal information leakage and damage caused by hacking or computer viruses. Systems are installed in areas where access from the outside is controlled, and monitored and blocked technically and physically.
Limitation of Access to Personal Information: Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and unauthorized access from the outside is controlled using an intrusion blocking system.
Retention of Access Records and Prevention of Forgery: Access records to the personal information processing system are stored and managed for at least one year, and security functions are used to prevent forgery, theft, or loss of access records.
Article 8 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
The Company uses 'cookies' that store and frequently retrieve user information to provide individual customized services.
Cookies are small amounts of information sent by the server (http) used to operate the website to the user's computer browser and may be stored on the hard disk within the user's PC computer.
Purpose of use of cookies: Used to provide optimized information to users by identifying the patterns of visits and use of each service and website visited by the user, popular search terms, whether secure access is used, etc.
Installation, operation, and refusal of cookies: Users can refuse to store cookies through the option setting in the Tools > Internet Options > Privacy menu at the top of the web browser.
If you refuse to store cookies, you may experience difficulties in using customized services.
The Company uses 'cookies' that store and frequently retrieve user information to provide individual customized services.
Cookies are small amounts of information sent by the server (http) used to operate the website to the user's computer browser and may be stored on the hard disk within the user's PC computer.
Purpose of use of cookies: Used to provide optimized information to users by identifying the patterns of visits and use of each service and website visited by the user, popular search terms, whether secure access is used, etc.
Installation, operation, and refusal of cookies: Users can refuse to store cookies through the option setting in the Tools > Internet Options > Privacy menu at the top of the web browser.
If you refuse to store cookies, you may experience difficulties in using customized services.
Article 9 (Changes to the Privacy Policy)
This Privacy Policy shall be applied from December, 29, 2025.
This Privacy Policy shall be applied from December, 29, 2025.
SOOHO.IO Inc.
CEO : 박지수
사업자등록번호 : 238-88-01053
전화번호 : 070-4121-8936
팩스번호 : 02-6971-9109
이메일 : contact@sooho.io
사업소재지 : 서울특별시 강남구 테헤란로 126 B1
수호아이오
Ⓒ2026. SOOHO.IO Inc. All Rights Reserved.
SOOHO.IO Inc.
CEO : 박지수
사업자등록번호 : 238-88-01053
전화번호 : 070-4121-8936
팩스번호 : 02-6971-9109
이메일 : contact@sooho.io
사업소재지 : 서울특별시 강남구 테헤란로 126 B1
수호아이오
Ⓒ2026. SOOHO.IO Inc. All Rights Reserved.
SOOHO.IO Inc.
CEO : 박지수
사업자등록번호 : 238-88-01053
전화번호 : 070-4121-8936
팩스번호 : 02-6971-9109
이메일 : contact@sooho.io
사업소재지 : 서울특별시 강남구 테헤란로 126 B1
수호아이오
Ⓒ2026. SOOHO.IO Inc. All Rights Reserved.