SpaceONE Service Privacy Policy

MEGAZONE CLOUD Corp.(hereinafter the "company") collects and uses personal information for providing the SpaceONE service based on the consent of users. The Company complies with all relevant Korea laws and privacy protection regulations that apply to telecommunications service providers and establishes its own privacy protection policies in accordance with the relevant laws to better protect the rights and interests of users.

Article 1 (Purpose of Processing of Personal Information)

The Company shall use collected personal information for the following purposes.  Purposes for collecting and using Personal Information and shall not exceed the following scope. If the purpose of collection and use is changed, separate consent is required in accordance with Article 18 of the Personal Information Protection Act.

1. Purpose of Collecting and Using Personal Information

Article 2 (Personal Information to be Collected)

The Company collects and processes the following personal information. The Company will always notify the user and obtain his or her consent before collecting a user’s personal information.

1. Personal information collected in SpaceONE service portal website(spaceone.megazone.io)

2. Personal information collected in SpaceONE service console

3. Information automatically collected during service use

4. The Company does not collect the personal information of the children under the age of 14 who require the consent of a legal representative.

Article 3 (Retention and Usage Period of Personal Information)

In principle, users' personal information is retained until three months after the contract ends. However, when it is necessary to retain it for the following reasons, the personal information is kept for a certain period set below.

1. Reasons for personal information retention due to service internal policies

2. Reasons for personal information retention due to applicable laws and regulations

Article 4 (Consignment and Overseas Transfer of Personal Information Processing)

1. Domestic consignment for personal information processing
The Company entrusts the following entities with processing customers' personal information as needed to deliver or improve services. The Company also enacts provisions to keep personal information secure when entering into agreements with these organizations, in accordance with applicable laws and regulations.

2. Overseas consignment for personal information processing
The Company entrusts the following overseas entities with processing customers' personal information as needed to deliver or improve services. Some personal information may be transferred to and retained by the overseas entities via an internet network protected with security protocol(SSL). The Company also enacts provisions to keep personal information secure when entering into agreements with these organizations, in accordance with applicable laws and regulations.

3. Pursuant to Article 25 of the Personal Information Protection Act, the Company states the following responsibilities in documents, such as contracts, and monitors if the consigned company processes personal information in a safe manner: prevention of personal information processing for other purposes than the consigned purpose; technical and managerial safeguards; limitation to secondary consignment; management and supervision for the consigned company; compensation of damage, etc.
4. Changes in the consigned task or outsourced company will be immediately disclosed through the Privacy Policy.

Article 5 (Provision of Personal Information to third-party)

The Company processes the personal information of data subjects only for the purposes stipulated in Article 1 (Purposes of Processing of Personal Information), and provides personal information to a third party only when applicable to Article 17 and 18 of the Personal Information Protection Act, such as where the consent is obtained from the data subjects, where special provisions exist, etc.

Article 6 (Personal Information Destruction)

In principle, the Company will destroy, without delay, users’ personal information once the purpose for its collection and use has been satisfied. 
1.  In cases where the Company is required by a relevant law or regulation to retain personal information past the retention period consented by the information subject or the purpose of processing has been achieved, the Company retains the personal information by transferring it to a separate database or changing the storage location.
2. The following describes the procedures and methods used by the Company to destroy personal information.
1) Destruction Procedures : The Company selects the personal information to be destroyed and destroys the personal information after obtaining approval from the personal information protection manager.
2) Destruction Methods : The Company destroys personal information recorded and stored in electronic files by deleting the files beyond restoration, and personal information recorded and stored in paper documents by shredding or incinerating the documents.

Article 7 (Rights and Obligations of Data Subjects and Legal Representatives and Exercising thereof)

1. Data subjects may exercise their rights against the Company at any time.
1) Request for access to personal information
2) Request for correction of errors, if any
3) Request for deletion
4) Request for suspension of processing
2. Data subjects may exercise their rights stipulated in Paragraph 1 by submitting a writing, e-mail, FAX, etc. to the Company pursuant to Article 41-1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action immediately. 
3. In case of a request for the correction or deletion of personal information from an information subject, the Company does not use or disclose the relevant personal information until the correction or deletion is complete.
4. The rights stipulated in Paragraph 1 may also be exercised by the legal representatives of data subjects, those delegated by the data subjects, or other representatives. In such case, a power of attorney shall be submitted in the form of Attachment No. 11 of the Public Notice on Processing of Personal Information.
5. The rights of data subjects to have access to the personal information or request the suspension of processing may be restricted pursuant to Article 35-4 and Article 37-2 of the Personal Information Protection Act.
6. As for the edit or deletion of personal information, deletion cannot be performed if the piece of personal information is stated as an item to be collected in other laws.
7. In case of a request to have access to, edit, delete, or suspend the processing of personal information based on the rights of data subjects, the Company identifies if the requester is a data subject or a legitimate representative.

Article 8 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information.
1. Managerial measures : establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures : control on the access to the personal information processing system, etc., installation of an access prohibition system, encryption of personally identifiable information and installation of antivirus software 
3. Physical measures : prohibition on the access to the computer room, data storage room, etc.

Article 9 (Installation, Operation, and Rejection of Automatic Collecting Device of Personal Information)

1. The Company uses "cookies" that save and frequently retrieve Customer information to provide personalized and customized services.
2. Cookies are small text files sent to the Customer's browser by the server(http) that hosts the Company website, and they are stored in the hard disk of the Customer's computer.
1) Purpose of Cookies : The cookies are used to provide optimized information to users by identifying patterns in relation to their use of the website and its services, use of secure connections, etc.
2) Installation/operation and rejection of cookies : Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
3) Users who reject enabling cookies may have difficulties using tailored services.
4) How to specify whether or not to accept cookies
    i. Chrome: Settings menu at the top right side of the web browser > Show Advanced Settings at the bottom of the screen > Content Settings in Privacy > Cookies
    ii. Safari: Safari : choose Safari > Preferences, click Privacy, then manage cookies and website data
    iii. Edge: choose Safari > Preferences, click Privacy, then manage cookies and website data
3. The Company utilizes Google Analytics, a service provided by Google LLC. (“Google”), to analyze visitors’ use of the website. Information generated via Google Analytics is subject to the privacy policy of Google, and is transferred to and retained in Google’s servers located in the US. Google, on behalf of the Company, processes the information to evaluate user activity within the website. It generates reports on such activity and provides other services in relation to use of the Internet. While users may reject the collection of cookies for the aforementioned purpose by changing their browser settings, in such a case, they may not be able to fully utilize the functions provided by the website. Users may opt-out of having information on their site activity (such as IP addresses) collected and processed by installing the following browser add-on from tools.google.com/dlpage/gaoptout. For more information on Google’s privacy policy, please visit www.google.com/analytics/learn/privacy.html.

Article 10 (Personal Information Protection Manager)

The Company has a designated personal information protection manager as below to undertake tasks related to processing personal information, address complaints related to personal information of data subjects, provide damage remedies, etc.

1. Contact Information of the Personal information protection manager or the responsible department

2. Inquiries related to personal information protection, complaint handling, damage relief, etc., arising from using the service provided by the Company can be inquired to the personal information protection manager and the responsible department. The Company will put in every effort to swiftly respond to the inquiries.

Article 11 (Request for Access to Personal Information)

Pursuant to Article 35 of the Personal Information Protection Act, data subjects may request to have an access to personal information to the appropriate designated department depending on the category of the inquiry as stated in Article 10. The Company will put in every effort to swiftly respond to the request for access to personal information.

Article 12 (Remedial Procedure for Infringement of Rights)

Data subjects may inquire at the following institutions about damage remedies, consultation, etc. for the breach of personal information. 
Data subjects may contact the institutions below, which are separate from the Company, if they are not satisfied with the result of the Company’s processing of complaints regarding personal information or damage remedies, or need further support.

Article 13 (Links to Third Party Site)

The Services may include links that direct users to other websites or services whose privacy practices may differ from the Company. Since the Company does not have any control over the third party sites, the Company cannot be held responsible for and cannot guarantee the usefulness of the services provided by them. If users submit information to any of those third party sites, the information is governed by their privacy policies, not this one. The Company encourages users to carefully read the privacy policy of any website you visit.

Article 14 (Changes to the Personal Information Processing Policy)

If any details are added, deleted, or modified in the privacy policy, then the Company will notify the Customers at least seven days in advance. Changes will be notified by being marked in the previous privacy policy with a strikethrough line or underline. However, the Company will notify Customers at least thirty days in advance if there is an important change in the Customers' rights, and the Company can obtain the Customers' consent again if necessary.

This Privacy Policy takes effect from 2022.07.25.

View previous personal information processing policy v.1.0 (2022.07.01).