SpaceONE Privacy Policy
Announcement date: 2022-12-23
Effective date: 2022-12-30
The translation below is provided for your convenience only. If there is any discrepancy between the translation in English and the original Korean text (including due to the delay in translation), the original Korean text takes precedence.
MEGAZONE CLOUD Corp.(hereinafter the ”Company”) collects and uses personal information for providing the SpaceONE service based on the consent of users. The Company complies with all relevant Korea laws and privacy protection regulations that apply to telecommunications service providers and establishes its own privacy protection policies in accordance with the relevant laws to better protect the rights and interests of users.
Article 1 (Purposes of Processing of Personal Information)
The Company shall use collected personal information for the following purposes. Purposes for collecting and using Personal Information and shall not exceed the following scope. If the purpose of collection and use is changed, separate consent is required in accordance with Article 18 of the Personal Information Protection Act.1. Purpose of Collecting and Using Personal Information
| Type | Purpose of Collection and Use |
|---|---|
| User Management | Sign up, membership management and user identity verification |
| Demo request and sales inquiries | Providing demo and handling customer inquiries such as product introduction and sales request consultations |
| Announcements and Notices | Sending service related announcements and notices based on the collected contact information |
| Notification Service | Providing incident alert notification service based on the collected contact information |
| Marketing and Advertising | Introducing new products and events(via email, phone call or SMS). Sending newsletters and managing subscriptions. Confirming event participation and announcing event winners. |
Article 2 (Personal Information to be Collected)
The Company collects and processes the following personal information. The Company will always notify the user and obtain his or her consent before collecting a user’s personal information.1. Personal information collected in SpaceONE service portal website(spaceone.megazone.io)
| Purpose | Information collected | Collected time | Collection methods |
|---|---|---|---|
| User Management | [Required] Email [Optional] Name | When the service use request is submitted and the domain is created | ⋅ Collected in the user’s service request and contract process, including domain creation and root account creation ⋅ Collects user information entered by the user account in the console |
| Demo request and sales inquiries | [Required] Name, Email, Mobile Phone Number, Company, Job Title, Job Function, Country | Submits demo request in the service portal | ⋅ Collects customer information submitted in demo request |
| Marketing and Advertising | [Required] Email, Mobile Phone Number | Submits demo request in the service portal or event registration survey | ⋅ Collects customer information submitted in demo request only if the customer consents to the collection and use of personal information for the marketing and advertising purposes ⋅ Collects customer information submitted in event registration survey |
| Purpose | Information collected | Collected time | Collection methods |
|---|---|---|---|
| Announcements and Notices | [Required] Email [Optional] Phone Number | When user’s information is entered or revised in the console | ⋅ Collects user information entered by the user account in the console |
| Notification Service | [Optional] Email [Optional] Phone Number | When user’s information is entered or revised in the console | ⋅ Collects user information entered by the user account in the console |
| Type | Information collected | Collected time | Collection methods |
|---|---|---|---|
| Automatically generated information | IP address, cookies, service usage records, access records, records of illegal use, etc. | Created automatically during service use | Collected by automatic collecting device |
Article 3 (Retention and Usage Period of Personal Information)
In principle, users' personal information is retained until three months after the contract ends. However, when it is necessary to retain it for the following reasons, the personal information is kept for a certain period set below.1. Reasons for personal information retention due to service internal policies
| Retained Information | Retention Period | Reason for Retention |
|---|---|---|
| Records of illegal use | 1 year after collection | Prevention of illegal use |
| Records of demo request, sales inquiries, and consultations | 1 year after collection | Customer consultation processing |
| Personal information collected for the purpose of marketing and advertising | 1 year after collection | Introducing new products and events |
| Retained Information | Conservation Grounds | Retention Period |
|---|---|---|
| Contract or subscription withdrawal records | Act on the Consumer Protection in Electronic Commerce, Etc. | 5 years |
| Records on payment or supply of goods and others | 5 years | |
| Customer complaints or dispute handling records | 3 years | |
| Display/advertisement records | 6 months | |
| Ledgers and evidentiary documents of all transactions under the tax laws | Framework Act on National Taxes, Corporate Tax Act | 5 years |
| Electronic transaction history | Electronic Financial Transactions Act | 5 years |
| Access records | Protection of Communications Secrets Act | 3 months |
Article 4 (Consignment and Overseas Transfer of Personal Information Processing)
1. Domestic consignment for personal information processing The Company entrusts the following entities with processing customers' personal information as needed to deliver or improve services. The Company also enacts provisions to keep personal information secure when entering into agreements with these organizations, in accordance with applicable laws and regulations.| Consigned Company | Consigned Tasks | Period of Personal Information Retention and Use |
|---|---|---|
| MEGAZONE | Providing notification service based on the product “MEGAZONE Message” | Until the contract ends or the consignment agreement is terminated |
| Amazon Web Services, Inc. | Data storage and infrastructure management | |
| MongoDB, Inc. | Data storage and infrastructure management | |
| Stibee | Sending newsletters and managing subscriptions | Until the subscription is withdrawn or the consignment agreement is terminated |
| Consigned company | Contact information | Purpose | Information transferred for consignment | Country | Timing and method of transfer | Period of Retention and Use |
|---|---|---|---|---|---|---|
| Google LLC. | googlekrsupport@google.com | Event registration, Website user activity analysis | Email, Mobile Phone Number, Cookies, device/browser-related data, IP address, site/app activity information (personally identifiable information not included) | United States of America | Transmitted via electronic network upon visitors’ use of the service portal website or users’ submission of event registration survey | Until the consignment agreement is terminated |
4. Changes in the consigned task or outsourced company will be immediately disclosed through the Privacy Policy.
Article 5 (Provision of Personal Information to third-party)
The Company processes the personal information of data subjects only for the purposes stipulated in Article 1 (Purposes of Processing of Personal Information), and provides personal information to a third party only when applicable to Article 17 and 18 of the Personal Information Protection Act, such as where the consent is obtained from the data subjects, where special provisions exist, etc.Article 6 (Personal Information Destruction)
In principle, the Company will destroy, without delay, users’ personal information once the purpose for its collection and use has been satisfied.1. In cases where the Company is required by a relevant law or regulation to retain personal information past the retention period consented by the information subject or the purpose of processing has been achieved, the Company retains the personal information by transferring it to a separate database or changing the storage location.
2. The following describes the procedures and methods used by the Company to destroy personal information.
1) Destruction Procedures : The Company selects the personal information to be destroyed and destroys the personal information after obtaining approval from the personal information protection manager.
2) Destruction Methods : The Company destroys personal information recorded and stored in electronic files by deleting the files beyond restoration, and personal information recorded and stored in paper documents by shredding or incinerating the documents.
Article 7 (Rights and Obligations of Data Subjects and Legal Representatives and Exercising thereof)
1. Data subjects may exercise their rights against the Company at any time.- 1) Request for access to personal information
- 2) Request for correction of errors, if any
- 3) Request for deletion
- 4) Request for suspension of processing
2. Data subjects may exercise their rights stipulated in Paragraph 1 by submitting a writing, e-mail, FAX, etc. to the Company pursuant to Article 41-1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action immediately.
3. In case of a request for the correction or deletion of personal information from an information subject, the Company does not use or disclose the relevant personal information until the correction or deletion is complete.
4. The rights stipulated in Paragraph 1 may also be exercised by the legal representatives of data subjects, those delegated by the data subjects, or other representatives. In such case, a power of attorney shall be submitted in the form of Attachment No. 11 of the Public Notice on Processing of Personal Information.
5. The rights of data subjects to have access to the personal information or request the suspension of processing may be restricted pursuant to Article 35-4 and Article 37-2 of the Personal Information Protection Act.
6. As for the edit or deletion of personal information, deletion cannot be performed if the piece of personal information is stated as an item to be collected in other laws.
7. In case of a request to have access to, edit, delete, or suspend the processing of personal information based on the rights of data subjects, the Company identifies if the requester is a data subject or a legitimate representative.
Article 8 (Measures to Ensure Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information.1. Managerial measures : establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures : control on the access to the personal information processing system, etc., safety measures for archiving access records and preventing forgery and alteration, installation of an access prohibition system, encryption of personally identifiable information and installation of antivirus software
3. Physical measures : prohibition on the access to the computer room, data storage room, etc.
Article 9 (Installation, Operation, and Rejection of Automatic Collecting Device of Personal Information)
The Company uses ”cookies” that save and frequently retrieve Customer information to provide personalized and customized services.2. Cookies are small text files sent to the Customer's browser by the server(http) that hosts the Company website, and they are stored in the hard disk of the Customer's computer.
- 1) Purpose of Cookies : The cookies are used to provide optimized information to users by identifying patterns in relation to their use of the website and its services, use of secure connections, etc.
- 2) Installation/operation and rejection of cookies : Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
- 3) Users who reject enabling cookies may have difficulties using tailored services.
- 4) How to specify whether or not to accept cookies
i. Chrome : Settings menu at the top right side of the web browser > Show Advanced Settings at the bottom of the screen > Content Settings in Privacy > Cookies
ii. Safari : choose Safari > Preferences, click Privacy, then manage cookies and website data
iii. Edge : Click on the More actions button in the top right corner and select Settings > Click Site permissions
ⅳ. Microsoft Edge : Settings menu > Click Site permissions > Cookies and site data
3. The Company utilizes Google Analytics, a service provided by Google LLC. (“Google”), to analyze visitors’ use of the website. Information generated via Google Analytics is subject to the privacy policy of Google, and is transferred to and retained in Google’s servers located in the US. Google, on behalf of the Company, processes the information to evaluate user activity within the website. It generates reports on such activity and provides other services in relation to use of the Internet. While users may reject the collection of cookies for the aforementioned purpose by changing their browser settings, in such a case, they may not be able to fully utilize the functions provided by the website. Users may opt-out of having information on their site activity (such as IP addresses) collected and processed by installing the following browser add-on from tools.google.com/dlpage/gaoptout. For more information on Google’s privacy policy, please visit www.google.com/analytics/learn/privacy.html.
Article 10 (Personal Information Protection Manager)
The Company has a designated personal information protection manager as below to undertake tasks related to processing personal information, address complaints related to personal information of data subjects, provide damage remedies, etc.1. Contact Information of the Personal information protection manager or the responsible department
| Personal information protection manager | Personal information protection department |
|---|---|
| Name : Joowan Lee Position : CEO Contact number : 1644-2243 | Department name : IRM Contact number : 1644-2243 E-mail : irm@mz.co.kr |
Article 11 ( Guarantee of Personal Information Rights )
Pursuant to Article 35, 36 and 37 of the Personal Information Protection Act, data subjects may request to have correction᛫deletion, suspension of processing, etc. to personal information to the appropriate designated department depending on the category of the inquiry as stated in Article 10. The Company will put in every effort to swiftly respond to the rights of the information.| Department in charge of access request |
|---|
| Department Name : SpaceONE service team Contact number : 1644-2243 E-mail : spaceone-support@megazone.com |
Article 12 (Remedial Procedure for Infringement of Rights)
Data subjects may inquire at the following institutions about damage remedies, consultation, etc. for the breach of personal information.Data subjects may contact the institutions below, which are separate from the Company, if they are not satisfied with the result of the Company’s processing of complaints regarding personal information or damage remedies, or need further support.
| Personal Information Infringement Report Center (operated by the Korea Internet & Security Agency) | Contact for | Report on the breach of personal information and request for consultation |
|---|---|---|
| Website | privacy.kisa.or.kr | |
| Phone | 118 without area code | |
| Address | (58324) 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do | |
| Personal Information Dispute Mediation Committee (operated by the Personal Information Protection Commission) | Contact for | Application for dispute mediation and collective dispute mediation (civil mediation) |
| Website | www.kopico.go.kr | |
| Phone | 1833-6972 without area code | |
| Address | (03171) 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul | |
| Cyber Investigation Bureau of the Supreme Public Prosecutor's Office | 1301 without area code | www.spo.go.kr | |
| Cyber Bureau of Investigation, National Police Agency | 182 without area code | http://ecrm.cyber.go.kr | |
Article 13 (Links to Third Party Sites)
The Services may include links that direct users to other websites or services whose privacy practices may differ from the Company. Since the Company does not have any control over the third party sites, the Company cannot be held responsible for and cannot guarantee the usefulness of the services provided by them. If users submit information to any of those third party sites, the information is governed by their privacy policies, not this one. The Company encourages users to carefully read the privacy policy of any website you visit.Article 14 (Obligation to Notify Prior to Amendment)
If any details are added, deleted, or modified in the privacy policy, then the Company will notify the Customers at least seven days in advance. Changes will be notified by being marked in the previous privacy policy with a strikethrough line or underline. However, the Company will notify Customers at least thirty days in advance if there is an important change in the Customers' rights, and the Company can obtain the Customers' consent again if necessary.This Privacy Policy takes effect from 2022.12.30.
View previous privacy policy v.1.0 (2022.07.01).
View previous privacy policy v.2.0 (2022.07.25).
View previous privacy policy v.3.0 (2022.08.26).