Privacy Policy.

1. Introduction

DAEIL SYSTEMS CO., LTD. ("DAEIL SYSTEMS", "we", "us", or "our") operates https://www.daeilsys.com (the "Service"). We are committed to protecting your privacy and handling your data transparently.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your personal data. It applies to all visitors, customers, and partners who interact with our Service.

By using our Service, you agree to the collection and use of information as described in this Policy.

2. Definitions

Personal Data — information that identifies or can reasonably identify a natural person.

Usage Data — technical information collected automatically (IP address, browser type, pages visited, etc.).

Cookies — small files stored on your device to remember your preferences and activity.

Data Controller — the party that determines how and why personal data is processed. For this Service, DAEIL SYSTEMS is the Data Controller.

Data Processor — a third party that processes data on our behalf (e.g. hosting, analytics).

Data Subject — the individual whose personal data is being processed.

3. Information We Collect

3.1 Personal Data You Provide

When you contact us, request a quote, subscribe to updates, or otherwise interact with our Service, we may collect: full name, business email, phone number, company name and job title, business address, message content, and any information you voluntarily submit.

Legal bases: consent, contractual necessity, and legitimate business interest.

3.2 Usage Data

Automatically collected: IP address, approximate location, browser type and version, device type, OS, pages visited, referring URL, date/time of access, clickstream behavior.

3.3 Cookies

We use Strictly Necessary cookies (session, security, language) for up to 12 months, Analytics cookies (Google Analytics 4, Vercel Analytics) for up to 14 months, and Preference cookies for up to 12 months.

We do NOT use advertising or cross-site tracking cookies.

3.4 Information We Do NOT Collect

We do not collect passport numbers, social security numbers, racial or ethnic origin, religious beliefs, health information, biometric data, or information about minors. Do not submit such information through our Service.

4. How We Use Your Information

We process personal data only to: respond to inquiries; provide and maintain the Service; process orders and fulfill contracts; send service communications; improve the Service via aggregated analytics; send marketing (with consent only, unsubscribe anytime); comply with legal obligations; protect our rights.

We do NOT engage in automated decision-making or profiling that produces legal or similarly significant effects on you.

5. Data Retention

Contact inquiry data: 3 years from last interaction.

Customer contract and transaction records: 5 years (Korean Commercial Act).

Tax and accounting records: 5 years (Korean tax law).

Marketing consent records: until withdrawn + 1 year for audit trail.

Website usage logs: 12 months, then anonymized or deleted.

Analytics data: 14 months (aggregated beyond that).

After the retention period, data is securely deleted or anonymized.

6. Legal Bases for Processing (GDPR)

Where GDPR applies, we rely on: Consent (Art. 6(1)(a)) for marketing and optional cookies; Contract (Art. 6(1)(b)) to fulfill orders and service agreements; Legitimate interest (Art. 6(1)(f)) to respond to inquiries and improve the Service; Legal obligation (Art. 6(1)(c)) for tax, accounting, and export compliance.

7. How We Share Your Information

7.1 Service Providers (Data Processors)

Hosting & Infrastructure: Vercel Inc. (United States). Website Analytics: Google Analytics 4 (United States), Vercel Analytics. Email Delivery: our business email provider. Payment Processing (where applicable): our banking partners.

All processors are bound by data processing agreements that meet GDPR and PIPA standards.

7.2 Legal Requirements

We may disclose data if required by law, court order, or regulatory request, or to protect our rights, safety, or property.

7.3 Business Transfers

In a merger, acquisition, or sale of assets, personal data may be transferred. We will notify affected users via email and/or prominent website notice.

7.4 With Your Consent

For any other purpose, only with your explicit consent. We never sell your personal data.

8. International Data Transfers

DAEIL SYSTEMS is headquartered in the Republic of Korea. Your information may be transferred to Korea and countries where our service providers operate (including the United States).

For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and adequacy decisions (Korea has an EU adequacy decision as of December 2021).

9. Your Rights

9.1 GDPR Rights (EEA, UK, Switzerland)

Access, rectification, erasure, restriction, data portability, object, withdraw consent, lodge a complaint with a Data Protection Authority.

9.2 CCPA/CPRA Rights (California)

Know, delete, correct, opt-out of sale or sharing, limit use of sensitive personal information, non-discrimination.

9.3 PIPA Rights (Korean Residents)

Right to access, correct, delete, suspend processing, and receive compensation for damages. You may file a complaint with the Personal Information Protection Commission (privacy.go.kr).

9.4 How to Exercise Your Rights

Email sales@daeilsys.com with subject "Privacy Request." We respond within 30 days (GDPR), 45 days (CCPA), or 10 days (PIPA). Identity verification may be required.

10. Data Security

TLS/SSL encryption in transit, AES-256 encryption at rest, access controls on a need-to-know basis, regular security audits, employee training, documented incident response procedures. No method of transmission is 100% secure; while we strive to protect your data, we cannot guarantee absolute security.

11. Data Breach Notification

In the event of a breach likely to risk your rights and freedoms: we notify the relevant authority within 72 hours (GDPR) or 24 hours (PIPA), notify affected individuals without undue delay, and provide information on the nature, consequences, and mitigation measures.

12. Children's Privacy

Our Service is designed for business (B2B) use and is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact sales@daeilsys.com immediately.

13. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.

14. Do Not Track Signals

Because there is no consistent industry standard for DNT, our Service does not currently respond to DNT signals. We honor your cookie preferences set through our cookie banner and browser settings.

15. Changes to This Privacy Policy

We may update this Policy from time to time. For material changes, we will notify you via email (if we have your address) and/or a prominent notice at least 30 days before the change takes effect. Your continued use after the effective date constitutes acceptance.

16. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data: