Privacy Policy
1. Data Controller
The data controller responsible for the processing of your personal data is:
CYTUR Inc.
Headquarters: Building A, Suite 2801, 97 Centum jungang-ro, Haeundae-gu, Busan, Republic of Korea
Seoul Office: Suites 901–908, Gasan KS Tower, 30 Beotkkot-ro 36-gil, Geumcheon-gu, Seoul, Republic of Korea
Email: info@cytur.net
2. Privacy Contact
For any privacy-related inquiries, requests to exercise your rights, or complaints, please contact our Privacy Contact:
3. Personal Data We Collect
3.1 Information You Provide Directly
- Inquiry form (required): name, company name, job title, email address, phone number
- Inquiry form (optional): any information you voluntarily include in your message
3.2 Information Collected Automatically
- IP address, cookies, access timestamps, service usage logs, browser type, operating system
- Click metadata from CYTUR-issued short URLs (click timestamp, device type, approximate region)
4. Purposes and Lawful Bases of Processing
We process personal data only when we have a valid lawful basis under Article 6 of the GDPR:
| Purpose | Lawful Basis |
|---|---|
| Responding to inquiries and quote requests | Pre-contractual measures (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)) |
| Business partnerships, sales, and recruitment communications | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications (newsletters, white papers, event invitations) | Consent (Art. 6(1)(a)) |
| Website analytics and service improvement | Consent via cookie banner (Art. 6(1)(a)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
Where processing is based on legitimate interests, we have conducted a balancing assessment to ensure that your rights and freedoms do not override those interests. You may request details of this assessment by contacting our Privacy Contact.
5. Recipients and Data Processors
We share personal data only with trusted service providers acting on our behalf under data processing agreements that meet the requirements of Article 28 of the GDPR:
| Processor | Service | Location |
|---|---|---|
| Cafe24 Corp. | Web hosting and server operations | Republic of Korea |
| Tally Collective BV | Online inquiry form processing | Belgium (EU) |
| NumberEight, Inc. (Short.io) | Short URL issuance and click analytics | United States |
We do not sell personal data to third parties. We may disclose personal data when required by law, court order, or to protect our legal rights.
6. International Data Transfers
CYTUR Inc. is established in the Republic of Korea, which has been recognized by the European Commission as providing an adequate level of data protection (Adequacy Decision of 17 December 2021). Accordingly, transfers of personal data from the European Economic Area (EEA) to CYTUR Inc. and to our Korean processors (e.g., Cafe24) do not require additional safeguards.
For transfers to processors located outside the EEA and not covered by an adequacy decision (e.g., NumberEight, Inc. in the United States), we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission, and/or
- Certifications under the EU-U.S. Data Privacy Framework, where applicable
You may request a copy of the safeguards in place by contacting our Privacy Contact.
7. Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law:
| Category | Retention Period |
|---|---|
| Inquiry and quote records | 3 years after completion (statutory consumer protection requirement) |
| Marketing consent records | Until consent is withdrawn, or up to 3 years from collection |
| Automatically collected data (cookies, server logs) | Up to 1 year |
After the applicable retention period, personal data is permanently deleted or irreversibly anonymized.
8. Your Rights Under GDPR
If you are located in the EEA, the United Kingdom, or another jurisdiction with similar data protection laws, you have the following rights:
- Right of access (Art. 15): obtain confirmation of whether we process your personal data and access to that data.
- Right to rectification (Art. 16): request correction of inaccurate or incomplete personal data.
- Right to erasure (Art. 17): request deletion of your personal data, subject to legal exceptions.
- Right to restriction (Art. 18): request limitation of processing in certain circumstances.
- Right to data portability (Art. 20): receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): object to processing based on legitimate interests, including direct marketing.
- Rights regarding automated decision-making (Art. 22): not be subject to a decision based solely on automated processing. CYTUR does not engage in such automated decision-making.
- Right to withdraw consent (Art. 7(3)): withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact our Privacy Contact (Section 2). We will respond within one month of receipt of your request, as required by Article 12(3) of the GDPR. This period may be extended by up to two further months where necessary, taking into account the complexity and number of requests.
9. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority — in particular, in the EU Member State of your habitual residence, place of work, or place of the alleged infringement of the GDPR.
A list of European Data Protection Authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
For UK residents, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.
10. Cookies and Similar Technologies
Our website uses cookies and similar technologies. You can manage your preferences through our cookie consent banner, which appears on your first visit, and at any time via the "Cookie Settings" link in the website footer.
Categories of cookies we use:
- Strictly necessary cookies: required for basic site functionality and security. These do not require your consent.
- Analytics cookies: help us understand how visitors interact with our site so we can improve it. Set only with your consent.
- Marketing cookies: may be used for personalized communications. Set only with your consent.
You may also control cookies through your browser settings. Note that blocking strictly necessary cookies may affect the functionality of our website.
11. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with Article 32 of the GDPR. These measures include:
- Access controls and role-based permissions
- Encryption of personal data in transit and at rest where appropriate
- Regular security training for personnel
- Vendor security assessments and data processing agreements
- Incident response procedures
12. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verified parental consent, we will delete that data promptly. If you believe we may have collected such data, please contact our Privacy Contact.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be notified via our website at least 7 days before they take effect. The "Last Updated" date at the top of this Policy indicates the most recent revision. We encourage you to review this Policy periodically.
14. Contact Us
If you have any questions about this Privacy Policy or our data processing practices, please contact:
Mr. Younghwan Yoon, Director
Email: yhyoon@cytur.net
Phone: +82-2-2025-2308
Mailing address: Suites 901–908, Gasan KS Tower, 30 Beotkkot-ro 36-gil, Geumcheon-gu, Seoul, Republic of Korea