The scope of Users includes you and employees of your organization, and user information(the “Information”) includes personal information and customer inquiry information of customers you manage, as well as personal information of employees affiliated with your organization and generated in the course of work.
1. Information to be collected and method, purpose of collection
- The Company may collect and use the following information for the purpose of providing, improving and protecting the Services.
- Information provided on the website
The Company collects personal information, company and organization information which Users entered directly on the website as follows:
|Personal information||first name, last name, Contact, region/country information, email address, phone number|
|Company and organization information||company (organization) name, telephone number, domain of use, industry classification, representative contact point, etc.|
|Other information||Whether to receive email/newsletter subscriptions, products of interest, consent to collect personal information, and other inquiries|
|Main purpose of the collection||1. Management of the Service|
Personal information will be processed for identification and certification of Users, registration process for executing purchase contracts and implementation of pre-contract measures, prevention of improper use of Services, preservation of documents for dispute mediation, and various notices.2. Management of complaints
Personal information will be processed for the purpose of identification of civil petitioners, confirmation of civil petitions, contact and notification for fact-finding, and notification of processing results.3. Marketing activities
Personal information may be processed for marketing purposes, such as providing information for events.
Information may be collected for the purpose of management of the Service, management of complaints, and marketing activities.
- Rejection and deletion
Users may request deletion of Information by sending mail to Company’s email address (email@example.com).
|Device information||Collects information about devices and applications used to access the Services, such as IP addresses, operating systems, browser IDs, and other information about systems and connections.|
|Log data||Web server collects a log file which records data each time a device accesses the server, including the original IP address. The Company may also access metadata and other information related to the files which Users upload to the Service.|
|Product data||The Company collects data whenever Users use the Service and such data may include the date and time, browsing activities (e.g., the portion of the Service, etc.). The Company may also collect information related to the performance of the Service, including measurements related to the deliverability of email and other communications methods sent through the Service.|
|Main purpose of the collection||1. Convenience for Users|
e.g. to determine the language of the Service through location information
2. Improvement of Service
3. Providing event and advertising information
4. Determination of illegal access
① Select [Internet Option] in the [Tools] menu
② Click [Privacy] tab
③ Set [Privacy Process Level]
If Users apply for a newsletter subscription of the Company’s website, the following information may be collected:
|Necessary information||Language information(Korean/English), registration date and time|
|Optional information||First name, last name, contact, region/country information, company, position, preference|
Information listed above is collected for the purpose of preventing theft of newsletter services or email addresses used and for the use of identifying Users if he/she voluntarily provides his/her position, first name or last name.
- Retention period
E-mail addresses will be stored while the newsletter subscription function is active, and other information will be kept for 5 years and may be used for the Company’s marketing activities.
- Rejection and deletion opportunities
Users may unsubscribe to the newsletter at any time, and unsubscribe to the newsletter is considered a withdrawal of consent to save User’s personal information.
- Newsletter tracking
Subscription of the newsletter is considered as consent to include Web Beacon or tracking pixels to identify Users’ subscription habits. For evaluation of user behavior, the Company may link Web Beacon with the information collected in Article 1.1.3. to the User’s email address and individual ID (number).
Information collected by tracking newsletters is collected for the purpose of identifying Users’ common subscription habits to customize content to all Users or to transfer various content according to their interests.
- Rejection and deletion opportunities
Users may use the link provided in the newsletter to withdraw his/her consent.
If the User has disabled displaying images in the email application by using standard settings, such tracking may not work. In this case, Users will not be able to view the entire newsletter and may not be able to access all of its functions. On the other hand, allowing the image to be visible enables a newsletter tracking function.
1.2. Collected information may be used for personal notices, handling inquiries or disputes arising from Users’ use of the Service, transmission of content related to payment services, or payment process. In addition, such information can be used to provide statistical analysis for new customized services, to provide event and advertising information, to comply with obligations required for relevant laws and regulations, and to prevent inappropriate use of information. In case when the Company processes the User’s information for other purposes, the Company will request consent from the Users.
2. Disclosure of collected information to the third party
2.1. The Company shall process personal information only within the scope specified in the aforementioned purposes in Article 1, and shall not use it beyond the scope without the Users’ consent or, in principle, disclose the Information.
2.2. The company may share Information with the third party listed below, but shall not sell it to advertisers or the other third parties.
- Legal and public interest
The Company may disclose user information to third parties (a) to comply with applicable laws, regulations, legal procedures or appropriate government requests, (b) to protect from death or severe injury, (c) to protect fraud or abuse of the Company or Users, (d) to protect the Company’s rights, property, safety or interests, (e) to take care of proper public interest.
4. Period of retention and use of personal information
4.1. In principle, Users’ personal information shall be deleted without delay when the purpose of collecting and using personal information is achieved.
4.2. Personal information, including personally identifiable information, will be deleted when the retention period expires.
4.3. The retention period stated in Article 4.2. means 10 years from the acquisition date. However, if it is necessary to preserve it under the provisions of the relevant laws, such as the Commercial Act, etc. The company shall store the personal information for a certain period prescribed by the relevant laws.
|Documents||Relevant laws||Retention period|
|Records on marketing and advertising||Act on the consumer protection in electronic commerce, etc.||6 months|
|Records on contracts and withdrawal of subscriptions||Act on the consumer protection in electronic commerce, etc.||5 years|
|Records of payment, supply of goods||Act on the consumer protection in electronic commerce, etc.||5 years|
|Records of consumer complaints or disputes||Act on the consumer protection in electronic commerce, etc.||3 years|
|Records on electronic financial transactions||Electronic financial transactions act||5 years|
|Every documents required to be preserved by tax laws||Framework act on national taxes||5 years|
|Login information and location information||Protection of communications secrets act||3 months|
5. Procedure and method of destruction of personal information
5.1. In principle, the Company destructs the information immediately after the purposes of its collection and use have been achieved without delay.
- Destruction procedures
• Information collected for membership will be transferred to a separate DB (in case of paper, separate document box) and destructed after a certain period according to the relevant laws.
• Personal information shall not be used for any purpose other than being held under the relevant laws.
• Destruction method
• Hardcopy of personal information will be shredded or destroyed by incineration.
• Personal information stored in electronic file form will be deleted using irreversible technologies.
6. Right and obligations of Users and legal representatives
6.1. Users may exercise his/her rights to the Company at any time, such as perusal, correction, deletion, suspension of processing of personal information. These rights may be exercised through the legal representative or the delegated agent. The Company may confirm whether the person who made the request for perusal, correction or deletion, or suspension of processing personal information is the User himself/herself or his/her legal representative.
6.2. The Users’ rights may be restricted under Article 35 (4) and Article 37 (2) of the Personal Information Protection Act. In addition, requests for correction and deletion of personal information may be restricted if the personal information is specified to be collected under relevant laws.
7.2. Such information includes, but not limited to changes in new or existing goods or services, and voluntary opinion(the “Feedback and Voluntary Information”).
7.3. All Feedback and Voluntary Information are considered non-confidential, and the Company is allowed to store, reproduce, use, alter, distribute, exhibit, create and commercialize Feedback and Voluntary Information.
9.1. The company is taking the following measures to ensure the safety of personal information.
• Management measures: establishment and implementation of internal management plans, regular employee training, etc.
• Technical measures: management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, and installation of security programs
• Physical measures: controlling access to computer rooms, data storage rooms, etc.
9.2. When transmitting and receiving information with other companies, the Company maintains securities by using industry-standard technologies.
9.3. The Company takes security measures to protect information from the accidental or illegal risks.
10. Privacy Officer
10.1. As a privacy officer, The CEO of the Company is responsible for handling the personal information of customers and shall strive to manage VoC (Voice of the Customer) and compensation for the damage.
- Privacy officer: Sung Ju Park
11. Compliance with the general data protection regulations of the European Union
11.1 Legal Title
For the purpose of providing Services, the Company is considered a “controller” as defined by the GDPR, and for processing customers’ personal information, the Company is considered a “processor”.
11.2. Legal Basis
|SECTION 1.1: USE OF SERVICES AND MEMBERSHIP MANAGEMENT||Necessary for fulfillment of the Agreement|
|SECTION 1.1: Managing VoC (Voice of Customer)||Necessary for fulfillment of the Agreement|
|SECTION 1.1: Statistical analysis of new customized services||Necessary for the legitimate profit generation of The Company|
|SECTION 1.1: Notification of events and advertisement information||Necessary for the legitimate profit generation of The Company|
|SECTION 1.1: Compliance with applicable legal and regulatory obligations||Necessary for the legitimate profit generation of The Company|
|SECTION 1.2: Transfer of payment-related content or payment process||Necessary for fulfillment of the Agreement|
11.3 Underage user
The Company does not provide the Services to users under the age of 16. If Users find out that a minor is using the Service, Users may ask the Company to delete the personal information.
11.4 International data transfer
If Users wish to file a complaint regarding the Company’s handling of personal information, Users may contact the Company. If the Company does not resolve the complaint properly, the User may complain it to the EU Information Protection Agency. The Company has designated an information protection agency located in the Netherlands(https://autoriteitpersoonsgegevens.nl/en).
12.1. Collected information and the purpose of data processing
The Company’s website uses HubSpot services from HubSpot Inc. for the purpose of marketing and sales. HubSpot collects anonymous usage data using cookies, which are text files stored on the User’s web browser. HubSpot also uses web beacons (invisible graphics, hereinafter “Beacon” or “Web Beacon”, depending on the context). These Beacons allow the Company to evaluate information such as visitor traffic to web pages on the website. The information that cookies and Beacons generate about the usage of the website and the advertising format is only permitted to be shared between HubSpot and the HubSpot’s contractual partners. The Company may customize its website to the customers’ interests and needs by using HubSpot’s advertising and tracking tools.
12.2. Data retention period
HubSpot retains information derived from cookies and other tracking technologies for a reasonable period of time from the date the information was created. Changing the setting of the browser can prevent cookies from being installed. However, this may limit access to some features on the website. Users can also exercise the right to reject, adjust, delete or limit the processing of the data, or the right to transfer the data at any time,
HubSpot, Inc. 25 First Street, 2nd Floor Cambridge, MA 02141 USA