Privacy Policy

Effective Date: March 15, 2024

1. Introduction and Scope

MyCrimson LLC ("MyCrimson," "we," "our," or "us"), a company registered in Delaware, United States, with operational presence in South Korea, is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy ("Policy") is designed to help you understand how we collect, use, disclose, and safeguard your personal information in compliance with applicable laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and South Korean Personal Information Protection Act (PIPA).

This Policy applies to all services provided through our website, mobile applications, and related platforms (collectively, the "Services"), including our college admissions consulting services, educational guidance, and digital platforms.

2. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Performance of our contract with you when providing our Services
  • Your explicit consent, which you may withdraw at any time
  • Our legitimate business interests, which do not override your fundamental rights and freedoms
  • Compliance with legal obligations under applicable laws and regulations

3. Information Collection and Processing

3.1 Categories of Personal Information

We collect and process the following categories of personal information:

  • Identification Information: Full name, date of birth, government-issued identification numbers (when required), email address, phone number, postal address
  • Educational Information: Academic records, standardized test scores (SAT, ACT, AP, IB), school transcripts, academic achievements, educational history
  • Extracurricular Information: Activities, leadership positions, awards, volunteer work, internships, special achievements
  • Financial Information: Payment details, billing information, financial aid documentation (when applicable)
  • Family Information: Parent/guardian contact details, family educational history, household information
  • Preference Information: College preferences, career goals, academic interests, geographical preferences

3.2 Technical and Usage Information

We automatically collect certain technical and usage information, including:

  • Device Information: Operating system, device identifiers, browser type and version, screen resolution
  • Usage Data: IP addresses, access times, pages viewed, session duration, interaction patterns
  • Location Data: Approximate location based on IP address, precise location (with consent)
  • Communication Data: Email correspondence, chat messages, call recordings (with notice)

4. Use of Personal Information

We use your personal information for the following purposes:

4.1 Core Service Provision

  • Delivering personalized college admissions consulting services
  • Analyzing academic profiles and creating customized strategy reports
  • Providing educational guidance and recommendations
  • Managing your account and maintaining service records

4.2 Service Improvement and Development

  • Analyzing service usage patterns and user behavior
  • Improving our algorithms and recommendation systems
  • Developing new features and services
  • Conducting research and statistical analysis

4.3 Communication and Support

  • Sending service-related notifications and updates
  • Providing customer support and technical assistance
  • Responding to your inquiries and requests
  • Sending promotional communications (with consent)

5. Data Protection and Security Measures

We implement comprehensive technical and organizational security measures that meet or exceed industry standards, including:

  • Encryption: Advanced encryption protocols for data in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control, multi-factor authentication, regular access reviews
  • Infrastructure Security: Firewalls, intrusion detection systems, regular security patching
  • Data Backup: Regular automated backups with encryption, disaster recovery procedures
  • Security Monitoring: 24/7 system monitoring, automated threat detection, incident response procedures
  • Employee Controls: Background checks, security training, confidentiality agreements

6. International Data Transfers

As a US-based company with operations in South Korea, we may transfer your personal information between these jurisdictions and to other countries where we have service providers. We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with service providers
  • Privacy Shield certification (where applicable)
  • Binding Corporate Rules for intra-group transfers

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right to access and receive a copy of your personal information
  • Right to correct or update inaccurate or incomplete information
  • Right to request deletion of your personal information
  • Right to restrict or object to certain processing activities
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact our Data Protection Officer at mycrimsonseoul@gmail.com. We will respond to your request within the timeframe required by applicable law.

8. Data Retention and Deletion

We retain your personal information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention period depends on:

  • The type of information and its purpose
  • Legal and regulatory requirements
  • Statute of limitations for potential claims
  • Your continued use of our Services

9. Children's Privacy

Our Services are intended for users who are 13 years of age or older. For users under 18, we require parental consent in accordance with applicable laws, including the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes through our Services or via email, and obtain your consent where required by applicable law.

11. Contact Information

For questions, concerns, or requests related to this Privacy Policy or our privacy practices, please contact:

Data Protection Officer

MyCrimson LLC

Email: mycrimsonseoul@gmail.com

This Privacy Policy was last updated on March 15, 2024. Your continued use of our Services after any changes to this Policy constitutes your acceptance of the updated Policy.