Lablup Privacy Policy
Lablup Inc. (the “Company”) complies with the data privacy regulations under the Act on Promotion of Information and Communications Network Utilization and Information Protection, Personal Information Protection Act, Protection of Communications Secrets Act, Telecommunications Business Act, and relevant laws and regulations that apply to information and communications service providers. The Company is committed to protecting the interests of its users by establishing this Privacy Policy in accordance with relevant laws and regulations. This Privacy Policy applies to users of the services provided by the Company that reside outside of the Republic of Korea according to the terms below.
Article 1 Items of Personal Information Collected and Methods of Collection
Section 1 (Items of Personal Information Collected)
- The Company collects the following minimal information necessary for the purposes of membership registration, efficient user consultation, and the provision of various other services.
- Membership registration
- Name, Email, Password
- Registration of payment method
- Phone number, address, employer, date of birth (in the case of a legal entity, business registration number), credit card number and expiration date
- Membership registration
- The following information may be automatically generated or collected during your use of the services or the provision of the services to you.
- IP Address, Cookies, access log, date and time of visits, service use records and service use materials (program code, etc.), misuse records, and payment records
Section 2 (Methods of Collection)
- The Company collects user personal information according to the following methods.
- Collection through the homepage
- Collection through generated information collection tools
- Collection of personal information from third parties that the user has consented to be disclosed (however, this is limited to logging into the homepage through the third-party service)
Article 2 Purpose of Collection and Use of Personal Information
Section 3 (Performance of Contracts to Provide Services and Settlement of Payment for Services)
The Company collects user personal information for the purpose of providing contents; providing customized services; delivery of products, invoices or other materials; identification and authentication; settlement of purchases and payments; collection of payments; and other services.
Section 4 (Member Management)
The Company also collects user personal information for the purposes of membership management, including identification and authentication of users for the use of membership services and its authentication system, prevention of misuse by bad members and unauthorized persons, confirmation of membership, identification and authentication of legal representative, retention of records for dispute resolution, processing of complaints, and delivery of notices.
Section 5 (Development of New Services and Use for Marketing and Advertising)
The Company also collects user personal information for the purposes of development of new and customized services and for marketing and advertising, including providing new services and customized services, provision of services according to statistical characteristics and publication of advertisements, confirmation of service availability, provision of information regarding events and advertisements, determining access frequency, and statistics regarding members’ use of the services.
Article 3 Personal Information Provision and Entrustment of Processing
Section 6 (Provision of Personal Information)
The Company will use personal information within the scope set forth in Article 2 and will, in principal, not use or disclose to third parties such personal information outside of such scope without the prior consent of the user, except in any of the following cases.
- If the user gives prior consent
- If use or disclosure is required by law or requested by an investigative agency pursuant to the applicable legal procedures for the purposes of investigations
Section 7 (Entrustment of Personal Information Processing)
- To improve its services, the Company entrusts the processing of personal information as follows and the contract for such entrustment includes the necessary terms for the secure management of personal information.
- Below are the details of the entities entrusted with the processing of personal information and the processing work entrusted to such entities.
| Entrusted Entities | Entrusted Work | Use and Retention Period |
|---|---|---|
| PayPal | Payment processing | Until termination of membership or the termination of the entrustment agreement |
Article 4 Personal Information Retention and Use Period
In principle, personal information is destroyed without delay when the purpose of collecting and using personal information is achieved. However, certain personal information may be retained for the retention period stated below under the following circumstances.
Section 8 (Company Policy for Retention Personal Information)
| Information Retained | Reason for Retention | Retention Period |
|---|---|---|
| Record of misuse | Prevention of misuse | 1 year |
| Contents of questions/cooperation (if separate consent of user is obtained) | Processing of user consultation | 6 months |
Section 9 (Laws Requiring Information Retention)
Member information is retained if required to be retained under the Commercial Act, the Act on the Consumer Protection in Electronic Commerce, etc., or other relevant laws. The following are examples where relevant laws require the retention of information.
| Information Retained | Relevant Laws | Retention Period |
|---|---|---|
| Records regarding contracts or subscription withdrawal | Act on the Consumer Protection in Electronic Commerce, Etc. | 5 years |
| Records regarding payment and supply of goods and services | Act on the Consumer Protection in Electronic Commerce, Etc. | 5 years |
| Records regarding consumer complaints or dispute resolution | Act on the Consumer Protection in Electronic Commerce, Etc. | 3 years |
| Records regarding labeling and advertising | Act on the Consumer Protection in Electronic Commerce, Etc. | 6 months |
| Books and records for transactions as required by tax laws | Framework Act on National Taxes, Corporate Tax Act | 5 years |
| Records regarding electronic financial transactions | Electronic Financial Transactions Act | 5 years |
| Log-in records | Protection of Communications Secrets Act | 3 months |
Article 5 Destruction of Personal Information
In principle, personal information is destroyed without delay when the purpose of collecting and using personal information is achieved. The destruction procedure are methods are as follows.
Section 10 (Destruction Procedure)
- Once the purpose of retaining the user’s information is achieved, the information is transferred to a separate database (if on paper, then a separate filing cabinet) and will be retained for the period of time pursuant to Company policy and applicable law (see Article 4 Personal Information Retention and Use Period) and afterwards will be deleted.
- Unless otherwise required by applicable law, the personal information will not be used for any purpose other than the purpose such information is retained.
Section 11 (Destruction Method)
- Personal information recorded and stored on paper will be destroyed by shredding.
- Personal information stored in electronic file format will be destroyed by using technical methods so that such information cannot be restored.
Article 6 Rights of Users and Legal Representatives
Section 12 (Rights and Exercising of Rights)
- A user and its legal representative may request to view or edit his/her registered personal information or withdraw his/her membership at any time.
- A user can view or edit his/her registered personal information or withdraw his/her subscription (or consent) after undergoing the authentication procedures in the Company homepage.
- A user may exercise his/her rights by contacting the Company’s Chief Privacy Officer or Personal Information Manager through mail, phone, or email.
- If a user requests that erroneous personal information be corrected, the Company will not use or provide such information to third parties until such information is corrected. If incorrect personal information has already been provided to third parties, the Company will contact the third party immediately to correct such information.
- Processing membership termination or deletion of personal information as requested by a user or his/her legal representative will be done in accordance with Article 4 and will not be accessed or used for any other purpose.
Article 7 Installation/Operation and Refusal of Operation of Automatic Personal Information Collection Tools
Section 13 (Cookies)
- The Company uses cookies in order to provide customized services to its users.
- Cookies are small text files utilized by the website server which are sent to a user’s web browser when using the mobile Service, which is stored on a user’s computer hard drive. Afterwards, when a user visits the website, the server reads the cookies stored on his/her hard drive to maintain the user’s settings and are utilized to provide customized services to the user.
- Cookies are not personally identifiable information that is automatically/actively stored, and the user may at any time refuse the installation of cookies or delete such cookies.
Article 14 (Purpose of Cookies)
Cookies are used to determine visits and uses of the services and the website, popular search words, and the scale of users to provide users with optimized and customized information, including advertisements.
Article 15 (Installation/Operation of Cookies and Refusing Cookies)
- Users have the option to accept or reject the installation of cookies. Users can access the settings in their browser regarding the installation of cookies to accept all cookies, to obtain user confirmation each time a cookie is saved, or reject all cookies.
- However, the Company’s provision of services requiring the user to login may be limited if the user opts to reject cookies.
Article 8 Technical and Managerial Measures to Protect Personal Information
The Company takes strong technical and managerial measures to secure user personal information and prevent such information from being lost, stolen, leaked, falsified, or damaged, as follows.
Section 16 (Planning and Implementation of Internal Management)
The Company established and implements a plan for the internal management of personal information for the secure processing of personal information.
Section 17 (Password Encryption)
Member passwords are encrypted, stored and maintained and only members that know their password can confirm or modify their personal information.
Section 18 (Hacking Prevention)
The Company uses best efforts to prevent the leakage or loss of its members’ personal information due to hacking or computer viruses. In case of loss of personal information, the Company stores back up data and uses the latest vaccine programs to prevent the leakage or loss of personal information. The Company also utilizes encrypted communication channels for the secure transfer of personal information. The Company also utilizes firewalls that will prevent unauthorized access and is committed to using all technological equipment possible for the security of its systems.
Section 19 (Retention of Access Records and Other Countermeasures to Infringement)
The Company uses best efforts to prevent infringement of personal information. In order to prevent infringement of personal information, the Company stores and manages access records for a period of at least 6 months that includes technical measures to make the record immutable and to prevent fraudulent entries.
Section 20 (Minimizing and Training Employees Handling Personal Information)
The Company keeps employees that handle personal information to a minimum and provides them with separate passwords that are renewed on a regular basis. The Company continuously emphasizes compliance with the Privacy Policy in its regular training of such employees.
Section 21 (Operation of a Personal Information Protection)
The Company operates a Personal Information Protection Department that checks whether the Company and its employees are in compliance with this Privacy Policy and upon discovering any issues seeks to resolve such issues immediately. However, if the Company fulfilled all its personal information protection obligations, the Company shall not be liable for any losses arising from a user’s negligence, incidents not under the Company’s control, or any other event not resulting from the Company’s fault.
Article 9 Miscellaneous
Section 22 (Chief Privacy Officer and Personal Information Manager)
You can refer any questions, complaints, or requests for relief regarding personal information to the Chief Privacy Officer or Personal Information Protection Department. The Company will use best efforts to swiftly provide a satisfactory response.
| Title | Chief Privacy Officer | Title | Personal Information Manager |
|---|---|---|---|
| Name | Jeongkyu Shin | Name | Jungseung Yang |
| Company | Lablup Inc. | Company | Lablup Inc. |
| Phone | (82) 070-8200-2587 | Phone | (82) 070-8200-2587 |
| contact@lablup.com | jsyang@lablup.com |
Section 23 (Exceptions)
Please note that this Privacy Policy does not apply to the collection of personal information by websites with their links provided in the Company’s internet service.
Section 24 (Notice Obligation)
Any additions, deletions, or revisions to this Privacy Policy will be notified to users at least 7 days in advance on the Company’s homepage. However, any changes that substantially affect user rights under this Privacy Policy, such as the use and collection of personal information or provision of personal information to third parties, will be notified to users at least 30 days in advance.
Addendum
This Privacy Policy will be effective as of AUG. 16th, 2019.
