Privacy Policy

VIRNECT Co., Ltd. — Websites (Shopify-Hosted) | Global | EU/EEA Edition

Last updated: March 2026  |  Effective for EU/EEA visitors per GDPR

Scope of This Policy

This Privacy Policy applies to the Shopify-hosted informational websites operated by VIRNECT Co., Ltd. ("Company", “we”, “us”, “our”, etc.), including: xr.virnect.com, robotics.virnect.com, remotehome.virnect.com, makeview.virnect.com, scout.virnect.com, and visionx.virnect.com.

Depending on your region of residence, different privacy laws apply:

•        EU/EEA Customers: Processing is subject to the General Data Protection Regulation (GDPR) and any implementing legislation related thereto, as applicable in a relevant EU (or EEA) Member State, such as, for Austria, the Austrian Data Protection Act (DSG).

•        US/KR/Other Customers: Processing is subject to the Korean Personal Information Protection Act (PIPA), the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other applicable local privacy laws.

Data Controllers & EU Representative

Joint Controllers (Art. 26 GDPR)

For the Website, VIRNECT Co., Ltd. and VIRNECT USA, Inc. jointly determine the purposes and means of processing and therefore act as joint controllers under Art. 26 GDPR.

Korea HQ	VIRNECT Co., Ltd. 10-15, Hangang-daero 7-gil, Yongsan-gu, Seoul, 04379, Republic of Korea Personal Information Manager: Ha Tae-jin  │  ha@virnect.com
US Affiliate	VIRNECT USA, Inc. 3003 N 1st Street, San Jose, CA 95134, USA support@virnect.com

EU Representative (Art. 27 GDPR)

In accordance with Article 27 GDPR, VIRNECT has designated its Austrian subsidiary as its EU Representative and point of contact for EU/EEA data subjects and supervisory authorities:

Entity	Virnect Europe GmbH
Address	Jakov-Lind-Straße 2/Stiege 1/5 OG, 1020 Vienna, Austria
Contact	privacy.eu@virnect.com

About Our Website

The websites covered by this Policy (xr.virnect.com, robotics.virnect.com, remotehome.virnect.com, makeview.virnect.com, scout.virnect.com, and visionx.virnect.com) are informational (brochure-style) websites that provide visitors with information about VIRNECT's solutions and services. These websites are powered by Shopify as the hosting and infrastructure platform. For further information on our relationship with Shopify, please see the section “Relationship with Shopify” below.

Important: Our Shopify-powered brochure websites currently do not offer user account registration, login, e-commerce transactions, cart/wishlist functionality, or any inquiry/contact form. Accordingly, we do not directly collect any personal information that you submit through these sites. Visitors wishing to contact us are directed to the contact form on our main corporate website at virnect.com, where personal information is processed in accordance with the separate privacy policy applicable to that site.

Personal Information We Collect or Process

When we use the term "personal information," we refer to information that identifies or can reasonably be linked to you or another person. Information that is collected anonymously or fully de-identified is not considered personal information.

We collect only the following categories of personal information, depending on how you interact with the website and as permitted or required by applicable law:

A. Information Collected Automatically (incl. SNS Inflow Tracking Identifiers)

When you visit the website, the following technical data is collected automatically by Shopify and/or analytics tools:

•        Device information: device type, browser type and version, operating system

•        Network information: IP address, and other unique identifiers

•        Usage information: pages visited, time spent, navigation paths, referring URL

When a visitor arrives at the inquiry page via a link shared on an SNS (social media) channel, the URL contains a unique identifier value (e.g., a UTM parameter or campaign-specific token) appended to the link. This is used solely to identify which SNS post or channel the visitor originated from, for the purpose of measuring communication effectiveness. This identifier does not constitute personal information by itself and is not used for profiling or advertising purposes.

Personal Information Sources

We may collect personal information from the following sources:

•        Automatically through the website: from your device when you visit our website, through cookies and similar technologies (such as SNS post links with inflow tracking identifiers).

•        From our service providers: when they collect or process personal information on our behalf (e.g., Shopify, analytics providers).

How We Use Your Personal Information (with GDPR Legal Basis)

The table below sets out each purpose for which we use personal information, together with the applicable legal basis under GDPR Article 6, and the retention period.

Purpose	Legal Basis (GDPR Art. 6)	Retention
Website analytics and performance monitoring (including measurement of SNS communication effectiveness)	Consent (Art. 6(1)(a)) and Legitimate Interests (Art. 6(1)(f)): improving website performance and user experience	Up to 26 months (standard analytics retention)
Security and fraud prevention; protecting the integrity of the website	Legitimate Interests (Art. 6(1)(f)): maintaining secure and reliable services	Duration of the security review, then deleted
Compliance with legal obligations (e.g., regulatory requests, audits)	Legal Obligation (Art. 6(1)(c))	As required by applicable law
Marketing and promotional communications (only with your consent or where permitted by law)	Consent (Art. 6(1)(a)) or Legitimate Interests (Art. 6(1)(f)), where applicable: promotion of our products and services	Until opt-out or withdrawal of consent

User Obligations

Users are responsible for complying with applicable laws related to their use of the website.

•        Users must observe applicable laws related to personal information when interacting with our website.

•        Users should not attempt to access, modify, or interfere with the website or its underlying infrastructure in a manner not authorised by us.

How We Disclose Personal Information

We may disclose your personal information to third parties only in the following circumstances, and always subject to appropriate safeguards:

•        With Shopify and other service providers who perform services on our behalf (e.g., IT management, data analytics, cloud storage). These parties act as data processors under GDPR Art. 28 and are bound by data processing agreements. For further information as to how your data may be shared with Shopify, please see below (“Relationship with Shopify”).

•        With business and marketing partners, only where legally permitted and with appropriate disclosure to you, on the basis of our legitimate interest(s).

•        When you direct or consent to the disclosure of your information to a third party.

•        With our affiliates or within our corporate group (VIRNECT Co., Ltd., VIRNECT USA, Inc., Virnect Europe GmbH).

•        In connection with a business transaction (e.g., merger, acquisition), to the extent permitted by law, on the basis of our legitimate interest to facilitate such transaction(s).

•        To comply with applicable legal obligations, respond to legal process, or enforce our terms and policies, on the basis of our legitimate interest(s) to fulfill our obligations and protect respectively defend our rights.

We do not sell, rent, or share your personal data with third parties for their own independent marketing purposes.

Third-Party Data Processors

The following third parties process personal data on our behalf under GDPR Art. 28 Data Processing Agreements:

Processor	Role	Data Processed	Location / Transfer Basis
Shopify Inc.	Website hosting & infrastructure platform	IP address, browsing behaviour, device info	Canada/USA — Adequacy decision (Canada) / SCCs (USA)
Analytics Provider (e.g. Google Analytics)	Website analytics	Pseudonymised device & usage data	USA — SCCs apply; IP anonymisation enabled

Relationship with Shopify

The websites covered by this Policy (xr.virnect.com, robotics.virnect.com, remotehome.virnect.com, makeview.virnect.com, scout.virnect.com, visionx.virnect.com) are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve them. Information you submit may be transmitted to and shared with Shopify.

In relation to such data, Shopify may act as an independent data controller for its own purposes (e.g., Shopify's enhanced features and cross-merchant analytics). In these circumstances, Shopify is responsible for the processing (including any onward transfers to other third parties which may be located in countries other than where you reside) and for responding to your data rights requests. For more information, visit the Shopify Consumer Privacy Policy and the Shopify Privacy Portal.

International Data Transfers

We may transfer, store, and process your personal information outside the country in which you reside. If we transfer personal information out of the European Economic Area (EEA) or the United Kingdom, we rely on one of the following safeguards:

•        Standard Contractual Clauses (SCCs) approved by the European Commission

•        An adequacy decision issued by the European Commission (e.g., Republic of Korea, Canada)

•        Any equivalent contracts issued by the relevant competent authority of the UK

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. Where required by law (including under the EU ePrivacy Directive), we will obtain your consent before placing non-essential cookies.

Cookie Type	Examples	Legal Basis (GDPR Art. 6)	Opt-out
Strictly Necessary	Shopify session, security tokens	Legitimate Interests / Legal Obligation — cannot be disabled	N/A
Analytics / Performance	Google Analytics, Shopify Analytics	Consent (Art. 6(1)(a)) — requires your explicit consent	Via cookie consent banner or browser settings
Functional	Language/region preferences	Legitimate Interests — no personal identification	Via browser settings

You can manage or withdraw cookie consent at any time via our cookie consent banner or by adjusting your browser settings. Note that disabling cookies may affect the functionality of the website.

Children's Data

The Services are not intended for use by children under the age of majority in your jurisdiction (16 years for EU/EEA purposes under GDPR). We do not knowingly collect personal information from children. If you are the parent or guardian of a child who has provided us with their personal information, please contact us and we will delete it promptly.

As of the effective date of this Privacy Policy, we do not knowingly sell or share personal information of individuals under 16 years of age.

Security and Retention of Your Information

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction, including SSL/TLS encryption, access controls, and contractual safeguards with all data processors.

No security system is impenetrable. We recommend you do not use unsecured channels to communicate sensitive information to us.

We retain personal information only as long as necessary for the purposes described in this policy, or as required by applicable law. Key retention periods are set out in the table in the 'How We Use Your Personal Information' section above. When data is no longer required, it is securely deleted or anonymised.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below. Rights are not absolute and may be subject to exceptions under applicable law.

Right	Description
Right to Access	Request a copy of the personal data we hold about you.
Right to Rectification	Request correction of inaccurate or incomplete personal data.
Right to Erasure	Request deletion of your personal data ('right to be forgotten') under certain conditions.
Right to Restriction	Request that we limit processing of your data in certain circumstances.
Right to Data Portability	Receive your data in a structured, machine-readable format and transfer it to another controller.
Right to Object	Object to processing based on legitimate interests. We will cease unless we can demonstrate compelling legitimate grounds.
Right to Withdraw Consent	Where processing is based on consent, withdraw it at any time. Withdrawal does not affect prior lawful processing.
Right to Opt-out of Sale / Targeted Advertising	Depending on where you reside, opt out of 'sale' or 'sharing' of personal data or targeted advertising. Exercise here: [link].
Right to Lodge a Complaint	Lodge a complaint with your local data protection supervisory authority. For EEA authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en

To exercise any of the above rights, please contact us at privacy.eu@virnect.com (EU/EEA) or support@virnect.com (all regions). We will respond within 30 days as required under applicable law. We may need to verify your identity before processing your request.

We will not discriminate against you for exercising these rights. You may also designate an authorised agent to make requests on your behalf, subject to proof of authorisation.

Additional Rights for EU/EEA and UK Residents

If you reside in the EU/EEA or the UK, in addition to the rights above you may also exercise:

•        Objection to Processing and Restriction of Processing: You may ask us to stop or restrict our processing of personal information for certain purposes.

•        Withdrawal of Consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Global Privacy Control (GPC)

If you visit our website with the Global Privacy Control opt-out preference signal enabled, we will automatically treat this as a request to opt-out of data sharing for the relevant device and browser. To learn more about GPC, visit https://globalprivacycontrol.org/. We do not recognise other 'Do Not Track' signals.

Managing Communication Preferences

We may send promotional emails where you have consented or where otherwise permitted by law. You may opt out at any time using the unsubscribe link in our emails. If you opt out, we may still send non-promotional emails related to any ongoing communications (e.g., replies to your inquiry).

Complaints

If you have complaints about how we process your personal information, please contact us using the details below. You may also have the right to appeal our decision or lodge a complaint with your local data protection authority.

•        EEA: supervisory authority list at https://edpb.europa.eu/about-edpb/about-edpb/members_en

•        Austria (Virnect Europe GmbH's lead authority): Österreichische Datenschutzbehörde (Austrian Data Protection Authority) — https://www.dsb.gv.at/

Third-Party Websites and Links

The website may include links to third-party websites or platforms. We are not responsible for the privacy practices, security, or content of those sites. We recommend you review their privacy policies independently. Information you share on public or third-party platforms may be visible to others without limitation as to use by us or third parties.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will post the revised Policy on this website, update the 'Last updated' date, and provide notice as required by applicable law.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of your rights, please contact us:

EU/EEA inquiries	Virnect Europe GmbH, privacy.eu@virnect.com, Jakov-Lind-Straße 2/Stiege 1/5 OG, 1020 Vienna, Austria
General / Global inquiries	VIRNECT Co., Ltd., support@virnect.com, 10-15, Hangang-daero 7-gil, Yongsan-gu, Seoul, 04379, Republic of Korea
Personal Information Manager (Korea)	Ha Tae-jin, ha@virnect.com

Shopify Brochure Sites Edition — March 2026  |  Based on original Privacy Policy (Sep 23 2025)  |  Revised for GDPR compliance by EU operations team review