Ver.2.0 (Updated : 2024.01.12)
Privacy Policy
Qroad Inc. (hereinafter referred to as the "Company") collects, retains, and processes personal information based on the domestic laws of the company's location to provide the Rebots Pro service (hereinafter referred to as the "Service"). Accordingly, the Company provides the following information to the data subject regarding the collection, use, and processing of personal information in accordance with relevant laws.
Article 1 (Definitions)
1.
"Service" refers to the cloud-based operational support services and all related services provided by the Company.
2.
"User" denotes both members and non-members who receive services provided by the Company in accordance with these terms and conditions.
3.
"Member" means an individual or corporation that is granted the right to use the services by the Company, according to these terms and conditions.
Article 2 (Purpose of Collecting Personal Information)
The Company collects and processes members' personal information for the following purposes. The personal information handled by the Company will not be used for any purposes other than those listed below, and if the purpose of use is changed, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act:
•
Membership registration and service provision: Personal information is collected to confirm and validate the intention to join of non-members, and to provide services and handle inquiries for members.
•
Billing for services provided: Personal information is collected for the purpose of billing for services used by members.
•
Service improvement, development of new services, and use in marketing and advertising: Personal information is collected for improving and enhancing the services currently in use, analyzing service usage, developing new services, providing customized services, and offering event participation and promotional information.
Article 3 (Processing and Retention Period of Personal Information)
The personal information of members will be processed and stored within the period of retention and use specified by law or agreed upon by the members. The types of personal information processed and stored by the Company and their retention periods are as follows:
1.
Data collected and stored by the Company for the purpose of providing services:
Stored Data | Purpose of Processing | Retention Period |
Member Information | Service Provision | Until membership withdrawal |
Payment Methods and Information | Service Provision | Until payment cancellation |
Service Subscription and Cancellation History | Service Provision | Until membership withdrawal |
Service Usage Records and IP Addresses | Service Security and Support for Member's Use | Until membership withdrawal |
Inquiry Records | Consultation Processing and Service Improvement | Until membership withdrawal |
2.
Data Collected and Retained in Accordance with Relevant Laws
Data | Relevant Law | Duration |
Records related to contracts, subscription withdrawals, etc. | Act on Consumer Protection in Electronic Commerce, etc. | 5 years |
Records of payment, supply of goods, etc. | Act on Consumer Protection in Electronic Commerce, etc. | 5 years |
Records of consumer complaints and dispute resolution | Act on Consumer Protection in Electronic Commerce, etc. | 3 years |
Records of collection, processing, and utilization of credit information | Act on the Use and Protection of Credit Information | 3 years |
Records related to identity verification | Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. | 6 months |
Visit records and logs | Telecommunications Privacy Act | 3 months |
Article 4 (Types of Information Collected and Collection Methods)
1.
Minimization of Personal Information Collection
•
Member Registration and Management
◦
Administrator-Level Member Registration: Name, Email, Company Name
◦
Non-Administrator Member Registration: Name, Email
•
Payment Method and Fee Settlement
◦
Credit Card: Credit Card Number, Expiry Date, Business Registration Number (For individuals, Date of Birth)
◦
Bank Transfer (For South Korean Business Members): Bank Name, Business Registration Number (For individuals, Date of Birth), Account Number
•
General Inquiries: Name, Email Address, Company (Group) Name, Project Name
•
Business Inquiries: Name, Email Address, Contact Number, Affiliation
2.
During the process of using the service or providing the service, the following information may be automatically generated or additionally collected: IP Address, Cookies, Device Information, Access Logs, Visit Timestamps, Service Usage Records, Malicious Usage Records, Payment Records, etc.
3.
The company collects personal information through various channels such as homepage inquiries, webpages for service inquiries, emails, sales representatives, information collection tools, and offline collection through participation in events or promotions.
Article 5 (Protection and Management of Personal Information)
1.
The company strives to protect members' personal information in accordance with relevant laws and regulations.
2.
The protection and use of users' personal information are subject to the Personal Information Protection Act and the company's Privacy Policy.
3.
The company may not use or provide the user's personal information for purposes other than those agreed upon by the user or provide it to a third party without the user's consent. In accordance with Article 28-2, Paragraph 1 of the Personal Information Protection Act, the company may use or provide the information if it has been processed to a level where individual identification is impossible for purposes of statistical production, scientific research, or the preservation of public records.
4.
The company assumes no responsibility for any information, including but not limited to the user's ID and password, exposed due to the member's fault.
5.
The company may take necessary measures such as temporary measures, usage policies, or account information deletion to protect and efficiently operate member information in cases where there is a risk of damage due to objective account information theft or if a member has not logged in for more than one year.
Article 6 (Outsourcing of Personal Information)
The company adheres to the principle of performing tasks such as processing and managing collected personal information on its own. However, it may delegate all or part of the necessary tasks to third parties selected by the company, and the outsourcing of members' personal information is subject to the company's Privacy Policy. If a user does not use services related to tasks outsourced by the company to subcontractors, their personal information will not be provided to subcontractors.
Subcontractor | Outsourced Tasks | Retention Period |
Microsoft Azure | ||
(Seoul Region) | Server operation for service provision and maintenance | Until the member withdraws, the company's service is terminated, or the outsourcing contract is terminated |
Article 7 (Provision of Personal Information to Third Parties)
Except with separate consent from the member or as provided by law, the company does not provide members' personal information to third parties.
Article 8 (Overseas Transfer and Storage of Personal Information)
The company does not provide personal information of members located in South Korea to business entities overseas. However, for the performance of service contracts and enhancement of user convenience, the company outsources personal information processing tasks overseas as follows. If a user does not use services related to tasks outsourced by the company to subcontractors, their personal information will not be provided to subcontractors.
Subcontractor | Outsourced Tasks | Country | Method | Retention Period |
Google Analytics | Cookie information | United States | Transferred over the network when using the service | Until the member withdraws, the company's service is terminated, or the outsourcing contract is terminated |
Article 9 (Procedure and Method for Personal Information Destruction)
1.
Personal information that is no longer necessary due to the expiration of the retention period or achievement of the processing purpose is promptly destroyed.
2.
Personal information stored in electronic file formats is deleted using technical methods that prevent the reproduction of records to prevent damage resulting from the leakage of personal information of members and users. Personal information printed on paper is destroyed using a shredder.
Article 10 (Installation, Operation, and Rejection of Cookies)
Cookies are small text files that the server operating the website sends to the user's browser, automatically storing the user's website settings, visit history, and usage patterns to facilitate fast and convenient website usage. While cookies do not store information that identifies individuals such as names or phone numbers, users can choose whether to automatically accept cookies.
1.
Methods for Rejecting Cookie Collection:
•
Internet Explorer: [Tools > Internet Options > Privacy > Settings]
•
Chrome: [Settings > Advanced Settings at the bottom of the screen > Content Settings button under Privacy > Cookies]
•
Microsoft Edge: [Settings > Cookie and site permissions in the left menu > Manage and delete cookies and site data]
•
Private browsing mode in each browser: *Internet Explorer, Microsoft Edge, Chrome, Firefox, Safari, etc.: Most modern browsers offer private browsing modes. Cookies generated in private browsing mode are deleted when all private windows are closed.
Article 11 (Administrative and Technical Security Measures for Personal Information Protection)
The company implements the following technical, administrative, and physical measures necessary to ensure safety under Article 29 of the Personal Information Protection Act:
1.
Technical Measures:
•
The company encrypts and stores the personal information of members and users according to the standards required by law, and takes separate security measures, such as encrypting files and transmitted data, for important data.
•
Access control to databases processing personal information is implemented by granting, changing, and revoking access permissions, to control access to personal information.
•
The company uses antivirus and security programs and controls unauthorized access from external sources through intrusion prevention systems.
2.
Administrative Measures:
•
The company minimizes and restricts the personnel who can access the personal information of members and users, and grants and controls access permissions, conducting regular education for responsible personnel.
•
Personnel who can access the personal information of members and users include those who directly engage in marketing activities with members, handle complaints, inquiries, or errors, personnel responsible for personal information management, and those who handle personal information unavoidably for business purposes.
Article 12 (Personal Information Protection Officer and Department in Charge)
The company designates a department and officer responsible for collecting opinions and handling complaints regarding personal protection. If you have any complaints related to personal information protection while using the service, you can report them to the contact below, and we will promptly respond.
[Personal Information Protection Officer]
Name:
Department:
Position:
Email:
Article 13 (Others)
1.
Reporting and Consultation Agencies for Personal Information Breaches
If you need to report or consult on other personal information breaches, please contact the following agencies:
Cyber Investigation Department of the Prosecutor's Office (http://www.spo.go.kr, 1301 without area code)
1.
Non-Application of Privacy Policy: Please note that this privacy policy does not apply to goods or services provided by members using the company's services.
2.
Notification Obligation: In case of any additions, deletions, or amendments to this privacy policy in accordance with laws and policies, we will notify you through the announcement section 7 days before the changes take effect. However, if there are significant changes in the rights of users, such as changes in the items of collected personal information or purposes of use, we will notify you at least 30 days in advance and may seek your consent again if necessary.