SpaceONE Privacy Policy

Announcement date: 2022-08-19

Effective date: 2022-08-26

The translation below is provided for your convenience only. If there is any discrepancy between the translation in English and the original Korean text (including due to the delay in translation), the original Korean text takes precedence.

MEGAZONE CLOUD Corp.(hereinafter the ”Company”) collects and uses personal information for providing the SpaceONE service based on the consent of users. The Company complies with all relevant Korea laws and privacy protection regulations that apply to telecommunications service providers and establishes its own privacy protection policies in accordance with the relevant laws to better protect the rights and interests of users.

Article 1 (Purposes of Processing of Personal Information)

The Company shall use collected personal information for the following purposes. Purposes for collecting and using Personal Information and shall not exceed the following scope. If the purpose of collection and use is changed, separate consent is required in accordance with Article 18 of the Personal Information Protection Act.

1. Purpose of Collecting and Using Personal Information
TypePurpose of Collection and Use
User ManagementSign up, membership management and user identity verification
Demo request and sales inquiriesProviding demo and handling customer inquiries such as product introduction and sales request consultations
Announcements and NoticesSending service related announcements and notices based on the collected contact information
Notification ServiceProviding incident alert notification service based on the collected contact information
Marketing and AdvertisingIntroducing new products and events(via email, phone call or SMS). Sending newsletters and managing subscriptions. Confirming event participation and announcing event winners.

Article 2 (Personal Information to be Collected)

The Company collects and processes the following personal information. The Company will always notify the user and obtain his or her consent before collecting a user’s personal information.

1. Personal information collected in SpaceONE service portal website(spaceone.megazone.io)
PurposeInformation collectedCollected timeCollection methods
User Management[Required] Email
[Optional] Name
When the service use request is submitted and the domain is created⋅ Collected in the user’s service request and contract process, including domain creation and root account creation
⋅ Collects user information entered by the user account in the console
Demo request and sales inquiries[Required] Name, Email, Mobile Phone Number, Company, Job Title, Job Function, CountrySubmits demo request in the service portal⋅ Collects customer information submitted in demo request
Marketing and Advertising[Required] Email, Mobile Phone NumberSubmits demo request in the service portal or event registration survey⋅ Collects customer information submitted in demo request only if the customer consents to the collection and use of personal information for the marketing and advertising purposes
⋅ Collects customer information submitted in event registration survey
2. Personal information collected in SpaceONE service console
PurposeInformation collectedCollected timeCollection methods
Announcements and Notices[Required] Email
[Optional] Phone Number
When user’s information is entered
or revised in the console
⋅ Collects user information entered by the user account in the console
Notification Service[Optional] Email
[Optional] Phone Number
When user’s information is entered or revised in the console⋅ Collects user information entered by the user account in the console
3. Information automatically collected during service use
TypeInformation collectedCollected timeCollection methods
Automatically generated informationIP address, cookies, service usage records, access records, records of illegal use, etc.Created automatically during service useCollected by automatic collecting device
4. The Company does not collect the personal information of the children under the age of 14 who require the consent of a legal representative.

Article 3 (Retention and Usage Period of Personal Information)

In principle, users' personal information is retained until three months after the contract ends. However, when it is necessary to retain it for the following reasons, the personal information is kept for a certain period set below.

1. Reasons for personal information retention due to service internal policies
Retained InformationRetention PeriodReason for Retention
Records of illegal use1 year after collectionPrevention of illegal use
Records of demo request, sales inquiries, and consultations1 year after collectionCustomer consultation processing
Personal information collected for the purpose of marketing and advertising1 year after collectionIntroducing new products and events
2. Reasons for personal information retention due to applicable laws and regulations
Retained InformationConservation GroundsRetention Period
Contract or subscription withdrawal recordsAct on the Consumer Protection in Electronic Commerce, Etc.5 years
Records on payment or supply of goods and others5 years
Customer complaints or dispute handling records3 years
Display/advertisement records6 months
Ledgers and evidentiary documents of all transactions under the tax lawsFramework Act on National Taxes, Corporate Tax Act5 years
Electronic transaction historyElectronic Financial Transactions Act5 years
Access recordsProtection of Communications Secrets Act3 months

Article 4 (Consignment and Overseas Transfer of Personal Information Processing)

1. Domestic consignment for personal information processing The Company entrusts the following entities with processing customers' personal information as needed to deliver or improve services. The Company also enacts provisions to keep personal information secure when entering into agreements with these organizations, in accordance with applicable laws and regulations.
Consigned CompanyConsigned TasksPeriod of Personal Information Retention and Use
MEGAZONEProviding notification service based on the product “MEGAZONE Message”Until the contract ends or the consignment agreement is terminated
Amazon Web Services, Inc.Data storage and infrastructure management
MongoDB, Inc.Data storage and infrastructure management
StibeeSending newsletters and managing subscriptionsUntil the subscription is withdrawn or the consignment agreement is terminated
2. Overseas consignment for personal information processing The Company entrusts the following overseas entities with processing customers' personal information as needed to deliver or improve services. Some personal information may be transferred to and retained by the overseas entities via an internet network protected with security protocol(SSL). The Company also enacts provisions to keep personal information secure when entering into agreements with these organizations, in accordance with applicable laws and regulations.
Consigned companyContact informationPurposeInformation transferred for consignmentCountryTiming and method of transferPeriod of Retention and Use
Google LLC.googlekrsupport@google.comEvent registration, Website user activity analysisEmail, Mobile Phone Number, Cookies, device/browser-related data, IP address, site/app activity information (personally identifiable information not included)United States of AmericaTransmitted via electronic network upon visitors’ use of the service portal website or users’ submission of event registration surveyUntil the consignment agreement is terminated
3. Pursuant to Article 25 of the Personal Information Protection Act, the Company states the following responsibilities in documents, such as contracts, and monitors if the consigned company processes personal information in a safe manner: prevention of personal information processing for other purposes than the consigned purpose; technical and managerial safeguards; limitation to secondary consignment; management and supervision for the consigned company; compensation of damage, etc.

4. Changes in the consigned task or outsourced company will be immediately disclosed through the Privacy Policy.

Article 5 (Provision of Personal Information to third-party)

The Company processes the personal information of data subjects only for the purposes stipulated in Article 1 (Purposes of Processing of Personal Information), and provides personal information to a third party only when applicable to Article 17 and 18 of the Personal Information Protection Act, such as where the consent is obtained from the data subjects, where special provisions exist, etc.

Article 6 (Personal Information Destruction)

In principle, the Company will destroy, without delay, users’ personal information once the purpose for its collection and use has been satisfied.

1. In cases where the Company is required by a relevant law or regulation to retain personal information past the retention period consented by the information subject or the purpose of processing has been achieved, the Company retains the personal information by transferring it to a separate database or changing the storage location.

2. The following describes the procedures and methods used by the Company to destroy personal information.
1) Destruction Procedures : The Company selects the personal information to be destroyed and destroys the personal information after obtaining approval from the personal information protection manager.
2) Destruction Methods : The Company destroys personal information recorded and stored in electronic files by deleting the files beyond restoration, and personal information recorded and stored in paper documents by shredding or incinerating the documents.

Article 7 (Rights and Obligations of Data Subjects and Legal Representatives and Exercising thereof)

1. Data subjects may exercise their rights against the Company at any time.
  • 1) Request for access to personal information
  • 2) Request for correction of errors, if any
  • 3) Request for deletion
  • 4) Request for suspension of processing

2. Data subjects may exercise their rights stipulated in Paragraph 1 by submitting a writing, e-mail, FAX, etc. to the Company pursuant to Article 41-1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action immediately.

3. In case of a request for the correction or deletion of personal information from an information subject, the Company does not use or disclose the relevant personal information until the correction or deletion is complete.

4. The rights stipulated in Paragraph 1 may also be exercised by the legal representatives of data subjects, those delegated by the data subjects, or other representatives. In such case, a power of attorney shall be submitted in the form of Attachment No. 11 of the Public Notice on Processing of Personal Information.

5. The rights of data subjects to have access to the personal information or request the suspension of processing may be restricted pursuant to Article 35-4 and Article 37-2 of the Personal Information Protection Act.

6. As for the edit or deletion of personal information, deletion cannot be performed if the piece of personal information is stated as an item to be collected in other laws.

7. In case of a request to have access to, edit, delete, or suspend the processing of personal information based on the rights of data subjects, the Company identifies if the requester is a data subject or a legitimate representative.

Article 8 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information.

1. Managerial measures : establishment and implementation of internal management plans, regular employee training, etc.

2. Technical measures : control on the access to the personal information processing system, etc., installation of an access prohibition system, encryption of personally identifiable information and installation of antivirus software

3. Physical measures : prohibition on the access to the computer room, data storage room, etc.

Article 9 (Installation, Operation, and Rejection of Automatic Collecting Device of Personal Information)

The Company uses ”cookies” that save and frequently retrieve Customer information to provide personalized and customized services.

2. Cookies are small text files sent to the Customer's browser by the server(http) that hosts the Company website, and they are stored in the hard disk of the Customer's computer.
  • 1) Purpose of Cookies : The cookies are used to provide optimized information to users by identifying patterns in relation to their use of the website and its services, use of secure connections, etc.
  • 2) Installation/operation and rejection of cookies : Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
  • 3) Users who reject enabling cookies may have difficulties using tailored services.
  • 4) How to specify whether or not to accept cookies
        i. Chrome : Settings menu at the top right side of the web browser > Show Advanced Settings at the bottom of the screen > Content Settings in Privacy > Cookies
        ii. Safari : choose Safari > Preferences, click Privacy, then manage cookies and website data
        iii. Edge : Click on the More actions button in the top right corner and select Settings > Click Site permissions

3. The Company utilizes Google Analytics, a service provided by Google LLC. (“Google”), to analyze visitors’ use of the website. Information generated via Google Analytics is subject to the privacy policy of Google, and is transferred to and retained in Google’s servers located in the US. Google, on behalf of the Company, processes the information to evaluate user activity within the website. It generates reports on such activity and provides other services in relation to use of the Internet. While users may reject the collection of cookies for the aforementioned purpose by changing their browser settings, in such a case, they may not be able to fully utilize the functions provided by the website. Users may opt-out of having information on their site activity (such as IP addresses) collected and processed by installing the following browser add-on from tools.google.com/dlpage/gaoptout. For more information on Google’s privacy policy, please visit www.google.com/analytics/learn/privacy.html.

Article 10 (Personal Information Protection Manager)

The Company has a designated personal information protection manager as below to undertake tasks related to processing personal information, address complaints related to personal information of data subjects, provide damage remedies, etc.

1. Contact Information of the Personal information protection manager or the responsible department
Personal information protection managerPersonal information protection department
Name : Joowan Lee
Position : CEO
Contact number : 1644-2243
Department name : IRM
Contact number : 1644-2243
E-mail : irm@mz.co.kr
2. Inquiries related to personal information protection, complaint handling, damage relief, etc., arising from using the service provided by the Company can be inquired to the personal information protection manager and the responsible department. The Company will put in every effort to swiftly respond to the inquiries.

Article 11 (Request for Access to Personal Information)

Pursuant to Article 35 of the Personal Information Protection Act, data subjects may request to have an access to personal information to the appropriate designated department depending on the category of the inquiry as stated in Article 10. The Company will put in every effort to swiftly respond to the request for access to personal information.
Department in charge of personal information access request
Department Name : SpaceONE service team
Contact number : 1644-2243
E-mail : spaceone-support@megazone.com

Article 12 (Remedial Procedure for Infringement of Rights)

Data subjects may inquire at the following institutions about damage remedies, consultation, etc. for the breach of personal information.

Data subjects may contact the institutions below, which are separate from the Company, if they are not satisfied with the result of the Company’s processing of complaints regarding personal information or damage remedies, or need further support.
Personal Information Infringement Report Center
(operated by the Korea Internet & Security Agency)
Contact forReport on the breach of personal information and request for consultation
Websiteprivacy.kisa.or.kr
Phone118 without area code
Address(58324) 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do
Personal Information Dispute Mediation Committee
(operated by the Personal Information Protection Commission)
Contact forApplication for dispute mediation and collective dispute mediation (civil mediation)
Websitewww.kopico.go.kr
Phone1833-6972 without area code
Address(03171) 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul
Cyber Investigation Bureau of the Supreme Public Prosecutor's Office1301 without area code | www.spo.go.kr
Cyber Safety Bureau of the National Policy Agency182 without area code | http://cyberbureau.police.go.kr

Article 13 (Links to Third Party Sites)

The Services may include links that direct users to other websites or services whose privacy practices may differ from the Company. Since the Company does not have any control over the third party sites, the Company cannot be held responsible for and cannot guarantee the usefulness of the services provided by them. If users submit information to any of those third party sites, the information is governed by their privacy policies, not this one. The Company encourages users to carefully read the privacy policy of any website you visit.

Article 14 (Obligation to Notify Prior to Amendment)

If any details are added, deleted, or modified in the privacy policy, then the Company will notify the Customers at least seven days in advance. Changes will be notified by being marked in the previous privacy policy with a strikethrough line or underline. However, the Company will notify Customers at least thirty days in advance if there is an important change in the Customers' rights, and the Company can obtain the Customers' consent again if necessary.

This Privacy Policy takes effect from 2022.08.26.

View previous privacy policy v.1.0 (2022.07.01).
View previous privacy policy v.2.0 (2022.07.25).