Privacy Policy - jp | Cloud-Based Platform AIONCLOUD

AIONCLOUD Privacy Policy

Article 1 (Purpose of Processing Personal Information)
Article 2 (Categories of Personal Information Collected)
Article 3 (Methods of Collecting Personal Information)
Article 4 (Processing and Retention Period of Personal Information)
Article 5 (Provision of Personal Information)
Article 6 (Entrustment of Personal Information)
Article 7 (Procedures and Methods for Destroying Personal Information)
Article 8 (Rights and Obligations of Users and Legal Representatives and Their Exercise Methods)
Article 9 (Measures to Ensure the Security of Personal Information)
Article 10 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
Article 11 (Personal Information Protection Manager and Department in Charge)
Article 12 (Personal Information Access Requests and Related Handling Departments)
Article 13 (Remedies for Infringement of Information Subject’s Rights)
Article 14 (Notice of Changes to the Privacy Policy)
Article 15 (Application to Public Cloud Use)

MONITORAPP (hereinafter referred to as the “Company”) processes personal information lawfully and manages them safely while complying with the “Personal Information Protection Act,” “Cloud Computing Act,” and “Information and Communications Network Act,” along with related laws and regulations to safeguard the freedom and rights of information subjects. Under Article 30 of the “Personal Information Protection Act,” the Company establishes and discloses the following privacy policy to inform data subjects of the procedures and standards for handling and protecting personal information and to address complaints promptly and effectively.

Article 1 (Purpose of Processing Personal Information)

Under Article 15 of the “Personal Information Protection Act,” the Company processes personal information for the following purposes. Personal information will not be used for purposes other than the following. In case there are changes, the Company will take necessary actions, such as obtaining separate consent under Articles 18 and 22 of the “Personal Information Protection Act.”

Category Details
Member Registration and Management Verification for membership services, identity verification under the limited identification system, personal identification, prevention of unauthorized use, confirmation of registration intention, limiting membership registration and withdrawal, verifying the identity of legal representatives in the future, preservation of records for dispute resolution, complaints handling, delivery of notices, membership withdrawal confirmation.
Development of New Services and Use in Marketing and Advertising Development of new services and provision of customized services, statistical analysis for targeted services and advertisements, validation of service effectiveness, provision of event and promotional information and participation opportunities, tracking service usage and access frequency.

Article 2 (Categories of Personal Information Collected)

① To provide membership registration, smooth customer consultation, and various services, the Company collects the following minimum personal information:

Category Collected Information Retention Period
Member Identification and Membership Services Name, email, password, company name, country Until membership withdrawal
Customer Consultation, After-sales Service, and Notice of Service Changes Name, email, phone number, company name 3 years
(In accordance with the “E-Commerce Act” Article 6)

② With the consent of the information subject, the Company processes the following personal information under Article 15, Paragraph 1, Subparagraph 1 and Article 22, Paragraph 1, Subparagraph 7 of the “Personal Information Protection Act.”

Category Collected Information Retention Period
Sales Inquiries Name, email, phone number, company name Until membership withdrawal or consent withdrawal
Service Promotion and Events Name, email, company name Until membership withdrawal or consent withdrawal
Newsletters and White Papers Subscription Name, email, company name Until membership withdrawal or consent withdrawal

③ The following information may be automatically generated or additionally collected during service use or service processing:

Category Collected Information
Auto-generated Information IP address, cookies, access logs, visit times, service usage records, misuse records, browser language settings

Article 3 (Personal Information Collection Method)

The Company collects personal information using the following methods:

  • 1. Website collection, written forms, fax, telephone, inquiry boards, email, offline collection (e.g., event participation, seminar attendance).
  • 2. Information provided by partner companies.
  • 3. Generation information collection tool

Article 4 (Processing and Retention Period of Personal Information)

① The Company processes and retains personal information within the period agreed upon by the data subject or as stipulated by law.
② Legal retention periods for mandatory record-keeping are as follows:

Category Relevant Laws Retention Period
Records related to contracts or cancellation of subscription Act on Consumer Protection in E-Commerce, etc. 5 years
Records of payment and supply of goods 5 years
Records of consumer complaints or dispute resolution 3 years
Records of display advertising 6 months
Records of identity verification Act on Promotion of Information Communications Network Utilization, Information Protection, etc. 6 months
Records of visits Communications Secrets Protection Act 3 months
All transaction records specified by tax laws (books and supporting documents) National Tax Basic Act, Corporate Tax Act 5 years
Records of electronic financial transactions Electronic Financial Transactions Act 5 years

Article 5 (Provision of Personal Information)

① The Company processes personal information within the scope specified in Article 1 (Purpose of Processing Personal Information). Personal information will only be provided to third parties with the information subject's consent or under special legal provisions, such as Articles 17 and 18 of the “Personal Information Protection Act.” It will not be disclosed to third parties outside these conditions.
② The Company provides personal information to third parties as follows:

Recipient Purpose Information Provided Retention and Usage Period
:
Distributors and Partners
Inquiries for quotes, product sales, and orders Required: Name, email, company phone number
Optional: mobile phone number
3 months after request

Article 6 (Entrustment of Personal Information Processing)

① The Company entrusts the processing of personal information to improve its services.
② Details of the entrusted agency and its processing tasks are as follows:

Agency Entrusted Task Retention and Usage Period
ADVANTAPP CRM system operation for user management Until membership withdrawal or service termination

③ When entering into an entrustment agreement, the Company ensures compliance with Article 26 of the “Personal Information Protection Act,” which includes prohibiting the use of personal information for purposes other than the entrustment purpose, technical and managerial protection measures, restrictions on re-entrustment, supervision, liability of the trustee, and compensate for damages. The Company also supervises the trustee's personal information handling process.
④ Under Article 26(6) of the “Personal Information Protection Act,” if the trustee subcontracts the entrusted work, the Company’s consent must be obtained.
⑤ In case there are changes to the entrusted work or the trustee, the updated information will be disclosed promptly through this Privacy Policy.

Article 7 (Procedures and Methods for Destroying Personal Information)

① The Company destroys personal information without delay when the retention expires or the purpose of processing is achieved.
② If the retention period agreed by the information subject has expired or the purpose of processing has been achieved but retention is required under other laws, the information will be moved to a separate database (DB) or stored in a different location.
③ The procedures and methods for destroying personal information are as follows:

  • 1. Destruction Procedure: The Company selects personal information to be destroyed and obtains approval from the Personal Information Protection Manager before destruction.
  • 2. Destruction Methods: Personal information under electronic files will be destroyed using technical methods that prevent recovery. Personal information under printed files will be shredded or incinerated.

Article 8 (Rights and Obligations of Users and Legal Representatives and Their Exercise Methods)

① Information subjects may exercise the following rights related to personal information protection at any time:

  • 1. Request access to the subject’s personal information
  • 2. Request correction of errors
  • 3. Request deletion
  • 4. Request suspension of processing

② Rights under Paragraph 1 may be exercised via written request, phone, or email following Article 31-2(1) of the “Personal Information Protection Act Enforcement Decree,” and the Company will act without delay.
③ If the information subject requests corrections or deletions due to errors, the Company will not use and disclose the information until the necessary actions are completed.
④ Rights under Paragraph 1 may be exercised by the information subject’s legal representative or an authorized agent. A power of attorney must be submitted following Form 11 of the “Personal Information Processing Method Notice (No. 2020-7).”
⑤ Requests for access, transmission, and suspension of processing may be restricted under Articles 35(4), 35-2(6), and 37(2) of the “Personal Information Protection Act.”
⑥ Requests for correction and deletion cannot be made if the personal information is specified as a collection target under other laws.
⑦ The Company confirms the identity of the individual or legal representative requesting access, correction, deletion, or suspension of processing.
⑧ After completing the correction, deletion, or suspension of personal information as requested, the Company will notify the information subject of the results.
⑨ If deletion is impossible because the personal information requested by the information subject is specified as a collection target by law, the Company will notify the subject accordingly.

Article 9 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security of personal information:

  • 1. Regular Self-Audits
    The Company conducts regular self-audits to ensure the safety of personal information handling.
  • 2. Minimization and Training Personal Information Handling Staff
    The Company designates employees to handle personal information and limits processing to the designated personnel while implementing countermeasures to manage personal information.
  • 3. Establishment and Implementation of Internal Management Plans
    The Company establishes and implements internal management plans to ensure safe personal information handling.
  • 4. Technical Countermeasures Against Hacking
    To prevent the leakage and damage of personal information due to hacking or computer viruses, the Company installs security programs, conducts regular updates and inspections, and establishes a system in restricted-access areas for technical and physical monitoring and blocking.
  • 5. Encryption of Personal Information
    Users’ personal information is stored and managed in an encrypted format, ensuring that only the user knows the password. Critical data is encrypted or locked for additional security during storage or transmission.
  • 6. Storage of Access Logs and Prevention of Tampering
    Access logs to personal information processing systems are stored and managed for at least one year. In the case of adding personal information or processing unique identification information or sensitive information for more than 50,000 information subjects, the Company stores and manages personal information for at least 2 years. Access logs are protected from tampering, theft, or loss through security functions.
  • 7. Personal Information Access Restriction
    The Company implements necessary measures to control access to personal information by granting, changing, and deleting access rights to the database system and uses an intrusion prevention system to block unauthorized external access.
  • 8. Use of Locking Devices for Document Security
    Documents and supplementary storage devices containing personal information are stored in a safe location with locking devices.
  • 9. Access Restriction for Unauthorized Personnel
    Physical storage locations containing personal information are separate, and access control procedures are established and operated.

Article 10 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

① The Company uses cookies to provide individually tailored services. Details of cookies are as follows:

  • 1. Definition of Cookies
    Cookies are small data files sent by a server to a user’s web browser and stored on the user’s computer hard drive.
  • 2. Purpose of Cookies
    Cookies identify service and website visit/use patterns, popular search terms, and secure connections to optimize information for users.
  • 3. Installation, Operation, and Refusal of Cookies
    • A. Internet Explorer: Tools → Internet Options → Privacy → Advanced Settings → Cookies Settings
    • B. Chrome: Settings → Privacy and Security → Clear Browsing Data → Cookie Settings
    • C. Safari: Preferences → Privacy Tab → Cookie and Website Data Settings
    • D. Microsoft Edge: Settings → Cookies and Site Permissions → Manage and Delete Cookies

② The Company uses “Google Analytics,” a web analytics service provided by Google, to enhance service quality. Details are as follows:

  • 1. Definition of Google Analytics
    Google Analytics analyzes and evaluates how customers use the Company’s services, aiding in users’ demand assessment.
  • 2. Purpose of Google Analytics
    To improve services and products and deliver efficient services.
  • 3. Use of Google Analytics
    The Company does not collect personally identifiable information through Google Analytics or combine collected data with other identifiable information. Data collection is subject to the “Google Privacy Policy” and “Google Analytics Terms of Service.”

  • 4. Opt-Out of Google Analytics
    Users can refuse data collection via Google Analytics
    https://tools.google.com/dlpage/gaoptout

Article 11 (Personal Information Protection Manager and Responsible Department)

① The Company appoints a Personal Information Protection Manager and a responsible department to oversee the overall handling of personal information, address data subjects’ complaints, and provide remedies for damages as follows:

Data Protection Manager Personal Information Protection Department
- Name: Seungwon Yoon
- Position: Executive Director, Strategic Planning Office
- Email: swyoon@monitorapp.com
- Phone: (+82)2-749-0799
- Name: Seungho Na
- Department: Marketing Department
- Email: seungho.na@monitorapp.com
- Phone: (+82)2-749-0799

② Information subjects can direct all inquiries, complaints, and requests for remedies related to personal information to the above manager and department for prompt response.

Article 12 (Personal Information Access Requests and Related Handling Department)

Information subjects may request access, transfer, correction, deletion, or suspension of processing of their personal information under Articles 35, 35-2, 36, and 37 of the “Personal Information Protection Act” through the following department. The Company strives to handle such requests promptly.

Reception/Processing Department
- Department: Marketing Department/Communication Team
- PIC: Seungho Na
- Email: seungho.na@monitorapp.com
- Phone: (+82)2-749-0799

Article 13 (Remedies for Infringement of Information Subject’s Rights)

Under Articles 35, 36, and 37 of the “Personal Information Protection Act,” if an information subject’s rights or interests are violated due to actions or inactions by a public institution, the information subject may file an administrative appeal under the “Administrative Appeals Act.”

Article 14 (Notice of Changes to the Privacy Policy)

The Privacy Policy will be updated promptly through the Company’s website to reflect any additions, deletions, or modifications due to changes in related laws or policies.

Article 15 (Application to Public Cloud Use)

① For customers using public cloud services, Articles from 1 to 14 will be applied, excluding Article 2.
② Article 2 is replaced as follows: The Company collects the minimum required personal information to identify users and provide membership services, customer consultations, notifications, promotions, and event participation opportunities as follows.

Category Collected Information
Member Identification and Use of Membership Services Name, Email, Company Name, Country, Password, Time Zone
Customer Consultation and After-Sales Service, Notice of Service Changes Name, Email, Company Name
Service Promotion and Events Name, Email, Company Name

 

The Privacy Policy is effective as of November 29, 2024.

Previous versions can be reviewed below.


Scroll Up