MiriCanvas Help Center

1. Cases where the data subject's consent is not obtained

MIRI D.I.H processes the following personal information items without the data subject's consent.

2. Cases where the data subject's consent is obtained

MIRI D.I.H processes the following personal information items after obtaining the data subject's consent.

Article 2. Personal Information of Children Under 14 Years of Age

① When consent is required to process the personal information of a child under 14 years of age, MIRI D.I.H obtains consent from the child's legal representative.

② MIRI D.I.H obtains the consent of a legal representative through mobile phone identity verification in order to process the personal information of a child under the age of 14, and additionally collects the legal representative’s information (name, date of birth, and mobile phone number) in this process. 

Article 3. Period of Processing and Retention of Personal Information

① MIRI D.I.H processes and retains personal information within the period of retention and use of personal information stipulated by law or agreed upon by the data subject at the time of collection.

② The specific processing and retention periods for each type of personal information are as follows:

1. Website Membership Registration and Management: Until membership withdrawal. However, in the following cases, until the reason for retention ceases to exist:

   1) If an investigation or inquiry is underway due to a violation of relevant laws, until the said investigation or inquiry is concluded.

   2) If any claims or debts remain from the use of the website, until the settlement of said claims or debts.

2. Provision of Goods or Services: Until the supply of goods/services is complete and payment/settlement is finalized. However, in the following cases, until the specified period ends:
   • Records on contracts or withdrawal of offers: 5 years (「Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc.」 Article 6, Paragraph 1, Subparagraph 2)
   • Records on payment and supply of goods: 5 years (「Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc.」 Article 6, Paragraph 1, Subparagraph 3)
   • Records on consumer complaints or dispute resolution: 3 years (「Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc.」 Article 6, Paragraph 1, Subparagraph 4)
   • Records on display and advertising: 6 months (「Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc.」 Article 6, Paragraph 1, Subparagraph 1)
3. Retention of communication confirmation data in accordance with Article 15-2, Paragraph 2 of the 「Protection of Communications Secrets Act」
   • Computer communication, internet log records, access point tracking data: 3 months

Article 4. Procedure and Method of Personal Information Destruction

① MIRI D.I.H will destroy the relevant personal information without delay when it becomes unnecessary, such as upon the expiration of the retention period or the achievement of the processing purpose.

② If personal information must be retained in accordance with other laws, even after the retention period agreed upon by the data subject has expired or the processing purpose has been achieved, the said personal information will be transferred to a separate database (DB) or stored in a different location.

※ The items of personal information to be retained and the legal basis for retention can be found in 'Article 3. Period of Processing and Retention of Personal Information'.

③ The procedure and method of personal information destruction are as follows:

1. Destruction Procedure

MIRI D.I.H selects the personal information for which a reason for destruction has occurred and destroys it with the approval of MIRI D.I.H 's Chief Privacy Officer.

2. Destruction Method

MIRI D.I.H destroys personal information recorded and stored in electronic file format in a way that the records cannot be reproduced. Personal information recorded and stored in paper documents is shredded with a shredder or incinerated.

Article 5. Provision of Personal Information to Third Parties

MIRI D.I.H processes the personal information of data subjects only within the scope specified in the purpose of processing personal information. Personal information is provided to third parties only in cases falling under Articles 17 and 18 of the 「Personal Information Protection Act」, such as with the consent of the data subject or special provisions of the law. Otherwise, the data subject's personal information is not provided to third parties.

Article 6. Entrustment of Personal Information Processing

① For the processing of personal information, MIRI D.I.H entrusts the following personal information processing tasks:

 ② When concluding an entrustment agreement, in accordance with Article 26 of the 「Personal Information Protection Act」, MIRI D.I.H specifies in documents such as the contract matters concerning the prohibition of processing personal information for purposes other than performing the entrusted task, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages, and supervises whether the trustee processes personal information securely.

③ In accordance with Article 26, Paragraph 6 of the 「Personal Information Protection Act」, if the trustee re-entrusts MIRI D.I.H’s personal information processing tasks, they must obtain MIRI D.I.H 's consent, and MIRI D.I.H disclose the re-trustee and the content of the re-entrusted tasks through this Privacy Policy.

④ If the content of the entrusted task or the trustee changes, MIRI D.I.H will disclose it through this Privacy Policy without delay.

Article 7. Cross-Border Transfer of Personal Information

MIRI D.I.H transfers personal information collected from data subjects overseas as set forth below, and hereby provides the following notice regarding cross-border transfers in accordance with Article 28-8, Paragraph 2 of the 「Personal Information Protection Act」. If you refuse cross-border transfers, you will not be able to use the services. If you do not wish to have your personal information transferred overseas, you may withdraw your membership through the website (top right: Member Name – My Information – Delete Account) or the mobile application (My – Member Name – Delete Account), or request membership withdrawal by contacting the Mican Customer Satisfaction Team (☎ 1800-7848).

Article 8. Measures to Ensure the Security of Personal Information

MIRI D.I.H takes the following measures to ensure the security of personal information:

1. Administrative Measures: Establishment and implementation of an internal management plan, regular employee training, operation of a dedicated organization.
2. Technical Measures: Management of access rights to the personal information processing system, installation of an access control system and other related protective measures, internet network blocking measures, encryption of personal information, storage and inspection of access records, installation and updating of security programs, inspection and supplementation of vulnerabilities in the personal information processing system.
3. Physical Measures: Access control for computer rooms, data storage rooms, etc., storage of documents and auxiliary storage media in a secure location with a locking device, safety measures against disasters and calamities, control of the entry and exit of auxiliary storage media.

Article 9. Matters Concerning the Installation, Operation, and Opting out of Automatic Collection Devices for Behavioral Information

(1) Cookies

① To provide personalized services and convenience to data subjects, MIRI D.I.H uses 'cookies' that store and frequently retrieve usage information.

② A cookie is a small amount of information that the server (http) used to operate the website sends to the data subject's browser. It is stored on the data subject's computer or mobile device and is automatically transmitted to the server from the data subject's browser when accessing the website.

③ Data subjects can configure their browser options to allow or block cookies. Data subjects may refuse the use of cookies through browser settings, and the methods for blocking cookies may vary depending on the type of web browser.

▶ Cookie Settings by Web Browser

･ Chrome Web Browser (View)

･ Edge Web Browser (View)

･ Safari Web Browser (View)

･ Firefox Web Browser (View)

(2) Web Log Analysis

① MIRI D.I.H may use a web log analysis tool (Google Analytics) to analyze users’ service usage information (such as navigation, clicks, and conversions).

② If you wish to discontinue web log analysis, you may block it by following the instructions provided on the page below.

· Google Analytics Opt-out Browser Add-on (View)

Article 10. Processing and Opting out of Behavioral Information

① During the service use process, MIRI D.I.H processes behavioral information in a non-identifying manner using automatic collection devices such as cookies to provide optimized personalized services, benefits, and online customized advertisements to data subjects.

② MIRI D.I.H collects behavioral information on the websites it operates as follows: 

<Regarding the Provision of Behavioral Information to Third Parties (Advertisers, etc.)>

③ MIRI D.I.H provides behavioral information to third parties as follows:

④ MIRI D.I.H collects only the minimum behavioral information necessary for optimized personalized services, benefits, and online customized advertisements, and does not collect sensitive behavioral information that could infringe on an individual's rights, interests, or privacy, such as thoughts, beliefs, or medical history.

⑤ Data subjects can collectively block or allow customized advertising by changing their web browser's cookie settings. However, changing cookie settings may restrict the use of some services, such as automatic website login.

▶ Blocking/Allowing Customized Advertising via Web Browser 

(1) Chrome 

❶ How to delete cookies stored in the web browser

• In Chrome, click the '⋮' icon at the top right, then click 'Settings'.
• On the left side of the settings page, click 'Privacy and security', then click 'Clear browsing data' and choose whether to clear browsing data. 

❷ How to block third-party cookies in the web browser

• In Chrome, click the '⋮' icon at the top right, then click 'Settings'.
• On the left side of the settings page, click 'Privacy and security', then click 'Third-party cookies' and choose whether to 'Block third-party cookies'. 

❸ How to block all cookies from being saved in the web browser

• Additionally, in Chrome, click the '⋮' icon at the top right, then click 'New Incognito window'. This will switch to Incognito mode, where your browsing history, cookies, site data, and information entered in forms will not be saved on your device.

(2) Edge 

❶ How to delete cookies stored in the web browser

• In Edge, click the '...' icon at the top right, then click 'Settings'.
• On the left side of the settings page, click 'Cookies and site permissions', then click 'Manage and delete cookies and site data' and choose whether to clear all cookies and site data. 

❷ How to block third-party cookies in the web browser

• In Edge, click the '...' icon at the top right, then click 'Settings'.
• On the left side of the settings page, click 'Privacy, search, and services', and in the 'Tracking prevention' section, select whether to enable 'Tracking prevention' and the level (Balanced or Strict).
• Alternatively, on the left side of the settings page, click 'Cookies and site permissions', then click 'Manage and delete cookies and site data' and select 'Block third-party cookies'. 

❸ How to block all cookies from being saved in the web browser

• In Edge, click the '...' icon at the top right, then click ‘New InPrivate window’. This will switch to InPrivate mode, where your browsing history, cookies, site data, and information entered in forms will not be saved on your device.

⑥ MIRI D.I.H collects and uses advertising identifiers for customized advertising on its app. Data subjects can block or allow customized ads on the app by changing their mobile device settings.

▶ Blocking/Allowing Advertising Identifiers on a Smartphone 

(1) (Android) ① Settings → ② Security and privacy → ③ Privacy → ④ Other privacy settings → ⑤ Ads → ⑥ Reset advertising ID or Delete advertising ID 

(2) (iPhone) ① Settings → ② Privacy & Security → ③ Tracking → ④ Turn off "Allow Apps to Request to Track" 

※ Menus and methods may vary slightly depending on the mobile OS version.

⑦ Data subjects can inquire about matters related to behavioral information, exercise their right to refusal, and report damages by contacting the following department.

 ▶ Department in charge of Personal Information Protection

• Department Name: Mican Customer Satisfaction Team

Contact: <1800-7848>, miricanvas@miricanvas.com 

Article 11. Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them

① Data subjects can, at any time, exercise the right to request access, portability, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information (hereinafter referred to as "the exercise of rights").

※ For individuals under the age of 14, a legal representative must directly exercise these rights. For minors 14 and older, the data subject can either exercise their rights personally or through their legal representative.

② The exercise of rights can be done in writing, by phone, email, fax (FAX), or online to MIRI D.I.H in accordance with Article 41, Paragraph 1 of the 「Enforcement Decree of the Personal Information Protection Act」, and MIRI D.I.H will take action without delay.

• Data subjects may, at any time, directly view, correct, delete, suspend the processing of, or withdraw consent for their personal information through “Member Name > My Information” located at the upper right corner of the website, or may request access through the “Contact Us” page.

• Requests for the exercise of rights may be submitted to the department listed below, and MIRIDI will respond within 10 days from the date the request is received (or without delay in the case of a request for data transmission).

  ▶ Department Responsible for Receiving and Processing Requests for the Exercise of Personal Information Rights

  • Department Name: Mican Customer Satisfaction Team
  • Address: 8F, 13F, 14F, 17F, Room 1004, TP Tower, 12 Digital-ro 31-gil, Guro-gu, Seoul, Republic of Korea
  • Contact: 1800-7848 / miricanvas@miricanvas.com

③ The exercise of rights can also be done through an agent, such as the data subject's legal representative or a person who has been delegated authority. In this case, you must submit a power of attorney according to the [Form 11] of the "Notice on How to Process Personal Information".

④ The data subject's right to request access to and suspension of processing of personal information may be restricted by Article 35, Paragraph 4 and Article 37, Paragraph 2 of the 「Personal Information Protection Act」.

⑤ The data subject cannot request the deletion of personal information if it is specified as an object of collection in other laws.

⑥ MIRI D.I.H verifies whether the person exercising the rights is the data subject themselves or a legitimate agent.

Article 12. Chief Privacy Officer & Responsible Personnel

① MIRI D.I.H has designated the following persons as the Chief Privacy Officer and Personal Information Manager to remain responsible for responding to Data subjects' inquiries regarding personal information and resolving any related complaints.

▶ Chief Privacy Officer

• Name: Heo Yeong Min
• Position: COO
• Contacts: <1800-7848>, miricanvas@miricanvas.com

▶ Personal Information Protection Department

• Department Name: Mican Customer Satisfaction Team
• Contact: <1800-7848>, miricanvas@miricanvas.com

② For any privacy-related questions, complaints, or concerns that arise while using MIRI D.I.H 's services, data subjects can contact the Chief Privacy Officer and the Privacy Department. MIRI D.I.H will respond promptly to all inquiries.

Article 13. Remedies for Infringement of Rights

Data subjects may seek remedies and consultations for personal information infringement at the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, etc. For other reports and consultations on personal information infringement, please contact the institutions below.

• Personal Information Dispute Mediation Committee: (no area code) 1833-6972 (www.kopico.go.kr)
• Personal Information Infringement Report Center: (no area code) 118 (privacy.kisa.or.kr)
• National Police Agency: (no area code) 182 (ecrm.police.go.kr)

Article 14. Changes to the Personal Information Processing Policy

① This Privacy Policy will take effect on February 14, 2026.

② Previous versions of the Privacy Policy can be found below.

• MiriCanvas Privacy Policy (Effective Date: September 16, 2025)
• MiriCanvas Privacy Policy (Effective Date: May 26, 2024)
• MiriCanvas Privacy Policy (Effective Date: December 8, 2023)
• MiriCanvas Privacy Policy (Effective Date: February 9, 2023)

Supplementary Terms

The following additional terms apply respectively to users having residence in or nationality of certain countries. In the event of any conflict between the following additional terms and the provisions of the main body of this Policy, the following terms shall prevail. The Company shall try to comply with any legal regulation of countries which may be applied to the User and the Company.

1. For Users Having Usual Residence in European Union

• The purpose and basis of personal information processing
  
  The Company uses the collected personal information only for the purposes stated in Article 3, gives the User advance notice of this fact, and seeks the User's consent. Also, in accordance with the GDPR etc., the Company may process the User's personal information if any one of the following applies:
  (1) The data subject consented;
  (2) It is for the conclusion and performance of a contract with the data subject;
  (3) It is to comply with legal requirements;
  (4) Processing is necessary for the crucial interest of the data subject; or
  (5) It is for the pursuit of the Company's legitimate interests (the foregoing does not apply where the data subject's interests, rights, or freedoms are more important than the interests pursued by the Company).
• The guarantee of the rights of the User who uses the Company's services within the European Union (EU)
  
  According to the GDPR etc., the User may request the Company to transfer their personal information to a different manager, and may also refuse the processing of their personal information. Furthermore, the User retains the right to bring grievances on the processing of their personal information before the personal information protection authorities.
  
  Meanwhile, the Company may use personal information to provide marketing such as events or advertisement to the User and seeks the User's consent in relation to the foregoing; the User may at any time withdraw their consent if such marketing is not desired.
  
  The User may request the foregoing requests by means such as telephone, email, documents etc.; the Company will act on such request without delay once it is filed.
  
  If modification or correction is requested for errors in the User's personal information, the Company will not use or provide such personal information of the User until such matter is modified or corrected.  
• Personal Information of Children
  
  For the Users having usual residence in EU (including UK, Switzerland), the Company’s services is designed for a general audience and is not directed towards children. In connection with the Company’s service, the Company does not knowingly collect or maintain personal information from anyone under the age of sixteen (16) or knowingly allow such persons to use the Company’s service. If you are under sixteen (16), please do not attempt to register for the Company’s service or provide the Company with any personal information. If the Company learns that a person under the age of sixteen (16) has provided the Company with any personal information, the Company shall promptly delete such personal information. If you believe that a child under age sixteen (16) may have provided the Company with personal information, please contact the Company using the information specified in the Policy. 

2. For Users Having Usual Residence in California, and Virginia, United States 

If the Users reside in California and Virginia, certain rights may be given. The Company shall prepare preventive measures necessary for protecting personal information of Users so that the Company may comply with California Privacy Rights Act of 2020 (hereinafter referred to as “CPRA”) and Virginia Consumer Data Protection Act (hereinafter referred to as “VCDPA”) when necessary.

3. For Users Having Usual Residence in Japan 

• Use of Personal Information of Users
  
  The Company process the User’s personal information when this is necessary under the Company’s agreement with the User, to provide Users with the Company’s service, and specific features users select when using the Company’s service, which may require personalizing the content of the Company’s service mainly regulated in Article 3 of this Policy.

• Provision and Outsourcing of Personal Information of Users
  
  Article 7 and 8 of this Policy shall be applied on the provision and outsourcing of personal information of Users