※ This policy is effective from October 26, 2021.
1. Purpose of Processing Personal Information
AB180 processes personal information for the following purposes. The Company does not use processed personal information for any other purpose than the following, and if a purpose of use is to be changed, it shall seek prior consent.
- Website membership registration and management
The Company processes personal information for the purposes of confirming intention to register as a member, performing identification to provide membership services, maintaining and managing membership, preventing fraudulent use of the services, making various notices, handling grievances, and maintaining records for dispute settlement.
- Handling civil affairs
The Company processes personal information for the purposes of verifying the identity of complainants, verifying complaints, making contacts and notifications for fact investigation, and notifying the processing results.
- Providing goods or services
The Company processes personal information for the purposes of providing services, contents, and customized services and settling fee payment accounts.
2. Collecting, Processing, Use, and Retention Periods of Personal Information
- Personal information items
Email, password, company name, phone number, name (if entered), job/title (if entered), access country/city (if entered), access time zone (if disclosed), language used in browser (if disclosed), browser type/version (if disclosed), OS type/version of PC (if disclosed)
- Collection method
AB180 website: Information directly entered by users on the websites is collected.
Information is collected using access IP addresses and user agent of the browser.
- AB180 destroys personal information immediately when it fully serves its purpose. If it is necessary to retain personal information in accordance with the related laws and regulations, such information is retained for a certain period of time. The processing, use, and retention periods of personal information are as follows.
- When signing an outsourcing contract, AB180 specifies matters such as prohibition of personal information processing for other purposes than conducting the outsourced duties, technical and administrative protection measures, restriction on subcontract, management and supervision of the outsourcee, indemnification for damages and other liabilities, etc. in accordance with Article 26 of the Personal Information Protection Act and supervises the outsourcee for safe handling of personal information.
4. Rights and Duties of Information Subject and Legal Representative and Methods of Exercising Them
As a personal information subject, the user can exercise the following rights.
- The information subject may at any time exercise the right to access, correct, or delete his/her personal information or request discontinuance of personal information processing to AB180.
- The user can exercise the rights under Paragraph 1 by documents, email, fax, etc. according to Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and AB180 shall take actions accordingly without delay.
- The information subject may exercise the rights under Paragraph 1 through his/her legal representative, trustee, or other authorized agents. In this case, the user shall submit a power of attorney produced on the form in Annex 11 of the Enforcement Rules of the Personal Information Protection Act.
- The information subject’s right to request suspension of personal information access or processing may be limited pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
- Correction or deletion of personal information may not be requested if such personal information is specified to be subject to collection in other laws or regulations.
- AB180 performs verification of whether the requester of viewing, correcting or deleting personal information or suspending processing of such information is the information subject or his/her rightful agent.
5. Destruction of Personal Information
In principle, ABS180 shall destroy personal information without delay when the purpose of processing the personal information is achieved. The procedure, time, and method of destruction are as follows.
- Procedure of destruction
The information entered by the user is transferred to a separate DB (separate documents in the case of data on paper) after achieving the purpose and is stored for a certain period of time or immediately destroyed according to the internal policy and other related statutes. Here, the personal information transferred to the DB shall not be used for any other purpose than what is required by the laws.
- Time of destruction
Personal information of the user shall be destroyed within five days after the end date of the retention period or within five days after the date on which it is acknowledged that processing of such personal information is no longer necessary due to reasons such as fulfillment of the purpose of personal information processing, discontinuation of the service, closing of the business, etc.
- Method of destruction
Information in the form of electronic files shall be destroyed by using a technical method that renders it impossible to reproduce the information.
6. Matters Concerning Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
- AB180 uses “cookies” to save and retrieve the usage information to provide the individually customized service.
- Cookies are a small amount of information that the server (http) used to run a website sends to the user's computer browser and are sometimes stored in the hard disk of the user's computer.
1) Purpose of using cookies: Cookies are used to provide optimized information to the user by identifying visits, usage types, search terms, and secure access status, etc. regarding the services and websites used by the user.
2) Installation, operation, and rejection of cookies: The user can refuse to save cookies through the web browser option setting.
3) If the user refuses to save cookies, he/she may experience difficulties in using customized services.
7. Privacy Officers
- AB180 designates privacy officers to be in charge of handling personal information, dealing with complaints of the information subject related to personal information processing, and providing damage relief.
- The information subject can make inquiries to the privacy officers or the departments in charge regarding personal information protection, complaint handling, damage relief in using the service (or regarding business) of AB180. AB180 shall respond to and handle inquiries from the information subject without delay.
9. Measures to Ensure Safety of Personal Information
- Periodic self-audit
In order to ensure safety in handling personal information, the Company conducts self-audit on a regular basis (once a year).
- Minimization and training of personnel handling personal information
The Company designates persons who handle personal information and minimizes such personnel size by limiting assignment of such tasks to managers only.
- Establishment and implementation of internal management plan
The Company establishes and implements internal management plans for safe handling of personal information.
- Technical measures against hacking, etc.
To prevent personal information leak or damage caused by hacking, computer viruses, etc. the Company installs security programs, performs periodic updates and inspections, installs systems in areas where access from outside is restricted, and performs technical and physical monitoring and blocking.
- Encryption of personal information
The User's password encrypted and stored and managed so that only the user can know, and uses separate security functions for handling important data such as encrypting files and transmitted data and using file locking.
- Storage of access records and prevention of forgery and falsification
The Company keeps and manages the access records in the personal information processing system for at least 2 years and uses security functions to prevent forgery, falsification, theft, and loss of the access records.
- Restriction on access to personal information
The Company controls access to personal information by granting, modifying, and canceling access rights to the database system that processes personal information and blocks unauthorized access from outside using an intrusion prevention system.
- Blocking of unauthorized access
The Company has a separate physical storage area for personal information and has an established access control procedure in operation for the area.
10. Request for Viewing Personal Information
- The information subject may request viewing of personal information pursuant to Article 35 of the Personal Information Protection Act to the following department. AB180 shall promptly process such a request for viewing personal information by the information subject.
- Department: Security & Privacy Division
- Person in charge: Wonkyung Lyu
- Contact: firstname.lastname@example.org
11. Remedies for Infringement on Rights of Information Subjects
The following are separate organizations from AB180, and if you are not satisfied with AB180's handling of privacy complaints, damage relief results, etc. or need further assistance, you can contact these organizations.
Personal Information Infringement Report Center (operated by the Korea Internet and Security Agency)
1) Services: Personal information infringement report, consultation (through application)
2) Website: privacy.kisa.or.kr
3) Phone: 118 (without area code)
4) Address: 58324) Personal Information Infringement Report Center, 3F, 9, Jinheung-gil, Naju-si, Jeollanam-do, Republic of Korea
Personal Information Dispute Mediation Committee
1) Services: Mediation of personal information disputes (through application) and collective disputes (civil resolution)
2) Website: www.kopico.go.kr
3) Phone: (without area code) 1833-6972
4) Address: (03171) 12F, Central Government Complex, 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea
Cyber Crime Investigation Team of the Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)
National Police Agency Cyber Bureau: (without area code) 182 (http://cyberbureau.police.go.kr)
Notice for users of applications and websites with built-in SDK
AB180 provides a wide range of services under the Airbridge brand to its customer companies. AB180’s various services can be provided through SDK or server-to-server communication. Customer companies can selectively use the variety of services provided by AB180, and such selection right is entirely reserved by each customer company. Customer companies can collect various data to analyze the use status of various users who use their services.
In this process, the customer companies can store via Airbridge’s service part of non-personal information among the collected user data such as reversibly encrypted GAID, IDFA, etc. that are transmitted; unique device identification values legally defined as non-personal information and reversibly encrypted information of areas, languages, device names, network environments, OS versions, service use history of the user, etc. that is transmitted and use it for information mapping or deliver it for the purpose of matching unspecified anonymous users and information for identifying individuals.
In this process, AB180 provides information to customer companies for the sole purpose of their identifying anonymous users with personal information and does not use received or entrusted personal information of customers for any other purpose than the above-mentioned and statistical purpose.