Privacy Policy

Effective Date: 2025.08.11 · Last Updated: 2025.08.08

AB180 Inc. (referred to as "AB180" or "the Company") complies with the "Personal Information Protection Act" and related laws to protect data subject freedom and rights, process personal information lawfully, and manage it securely. Per Article 30 of the "Personal Information Protection Act," AB180 establishes and discloses this privacy policy.

1. Purpose of Processing Personal Information

AB180 processes personal information for specific purposes and does not use it for other purposes without prior consent.

Service	Purpose of Processing	Legal Basis
Airbridge Membership Registration	Confirmation of registration intent, identification and authentication, membership status maintenance, misuse prevention	Required: Personal Information Protection Act, Article 15; Optional: Consent
Provision of Airbridge Services	Client identification and management, service notifications, fee payment and settlement	Required: Personal Information Protection Act, Article 15
Library Download	Handbook and guide distribution	Required: Personal Information Protection Act, Article 15
Newsletter Subscription	Service promotion and information dissemination	Required: Personal Information Protection Act, Article 15
Book a Demo	Demo service application and inquiry responses	Required: Personal Information Protection Act, Article 15
Service Inquiries and Complaint Handling	Responding to inquiries, notifications, grievance handling, dispute resolution	Required: Personal Information Protection Act, Article 15
Request to Help Center	Responding to dashboard inquiries	Required: Personal Information Protection Act, Article 15
Share Feedback	Feedback provision on guides	Optional: Consent
ETC	Tax record retention	Basic Tax Law Article 85-3; Commercial Act Article 266

2. Collecting, Processing, Use, and Retention Periods of Personal Information

AB180 destroys personal information promptly once its purpose is achieved. Information retention complies with relevant laws including the Commercial Act.

Service	Type	Item	Retention Period
Airbridge Membership Registration	Required	Name, Email, Password, Company Name, Country	Contract customers: 1 year from termination; Others: 1 year from last login
Airbridge Membership Registration	Optional	Phone Number, Job Title	Contract customers: 1 year from termination; Others: 1 year from last login
Provision of Airbridge Services	Required	Name, Company Name, Job Title, Email, Phone Number	Until contract termination
Library Download	Required	Name, Company Name, Job Title, Email, Country	Until newsletter unsubscribe or service termination
Newsletter Subscription	Required	Email	Until newsletter unsubscribe or service termination
Book a Demo	Required	Name, Company Name, Job Title, Email, Phone Number, Country	1 year from demo request end
Service Inquiries and Complaint Handling	Required	Email, Name, Company Name, Phone Number	3 years from inquiry date or contract termination
Request to Help Center	Required	Name, Company Name, Email, Country	Paid plan: 3 years from termination; Others: 3 years from completion
Share Feedback	Optional	Email	3 years from feedback sharing date
ETC	Required	Tax basis documents (all transaction records and supporting documents)	5 years

3. Outsourcing of Personal Information Processing (Matters Regarding the Transfer of Personal Information Overseas)

1) Overseas Data Transfers

Transferred Item	Countries	Recipient	Purpose	Retention Period
Name, Email, Password, Company Name, Country, Phone Number, Job Title	Japan	Amazon Web Services, Inc. (aws-korea-privacy@amazon.com)	Amazon Cloud Service usage	Until membership withdrawal or contract termination
Name, Email, Company Name, Phone Number	USA	Intercom, Inc. (compliance@intercom.com)	Membership management and civil affairs	Until membership withdrawal or contract termination
Email	USA	The Rocket Science Group LLC d/b/a Mailchimp (privacy@mailchimp.com)	Email sending to customers	Until newsletter unsubscribe or service termination
Email	USA	Twilio (Sendgrid) (privacy@twilio.com)	Email sending to users	Until membership withdrawal or contract termination
Email	USA	Mixmax, Inc. (privacy@mixmax.com)	Business and performance management	Until membership withdrawal or contract termination
Name, Company Name, Job Title, Email, Phone Number, Country	USA	Salesforce, Inc. (privacy@salesforce.com)	Customer and contract management	Until membership withdrawal or contract termination
Name, Company Name, Job Title, Email, Phone Number, Country	USA	ZenLeads Inc. (privacy@apollo.io)	B2B marketing intelligence platforms	Until membership withdrawal or contract termination
Name, Email	UK	Plain (security@plain.com)	Customer and partner inquiry handling	3 years from contract end
Card number, Expiration date, CVC, Country, Email	USA	Stripe (privacy@stripe.com)	Post-payment processing	Until membership withdrawal or contract termination

All transfers are conducted via security protocols (encryption) through the website at the time of service use.

2) Outsourcing Contract Standards

AB180 specifies contractual protections including: prohibition of secondary processing, technical and administrative safeguards, subcontract restrictions, supervisory oversight, and damage indemnification per Article 26 of the Personal Information Protection Act.

3) Outsourcing Changes

AB180 promptly discloses changes to outsourced tasks or service providers through updated Privacy Policy.

4) Third-Party Data Sharing

AB180 does not provide personal information to third parties without user consent, except when:

Users directly consent to external service provider information sharing
Company is obligated by law to submit information to competent authorities
Urgent need exists to protect user life or safety

5) Overseas Transfer Refusal

Users may refuse overseas data transfer by contacting the Privacy Protection Department, though refusal may limit service functionality.

4. Rights and Duties of Data Subject and Legal Representative and Methods of Exercising Them

Data Subject Rights

Users may exercise the following rights at any time:

Right to access, correct, or delete personal information
Right to request discontinuance of personal information processing

Exercise Methods

Users exercise rights via documents, email, fax, or other methods per Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act. AB180 responds without delay.

Legal Representative Rights

Data subjects may exercise rights through legal representatives, trustees, or authorized agents by submitting a power of attorney per Annex 11 of the Enforcement Rules of the Personal Information Protection Act.

Right Limitations

Data subject rights to request suspension may be limited per Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.

Correction or deletion requests may be denied if information is required to be collected under other laws or regulations.

Verification Process

AB180 verifies requester identity before granting access, correction, deletion, or processing suspension requests.

Contact Method

Users exercise rights through the Privacy Protection Department at compliance@ab180.co.

5. Destruction of Personal Information

1) Destruction Procedure

User information transfers to separate databases (or separate documents for paper records) after purpose achievement and stores according to internal policy and relevant statutes. Transferred personal information is not used for other purposes.

2) Destruction Timeline

Personal information is destroyed within five days after retention period end or when processing is no longer necessary due to purpose fulfillment, service discontinuation, or business closure.

3) Destruction Method

Electronic files are destroyed unrecoverably; paper documents are shredded or incinerated.

6. Matters Concerning Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

Cookie Use

AB180 uses cookies to store and retrieve automatically generated or collected information to provide stable services and personalized experiences.

Information Collected

Automatically collected information may include: IP address, device information, browser type, access time, service usage history, and cookies used for website operation, statistical analysis, and personalized service delivery.

Cookie Definition

Cookies are small data pieces sent by website servers (HTTP) to user browsers, stored on computers or mobile devices, and automatically transmitted to servers upon website access.

User Control

Users configure browser settings to allow or block cookies. Refusing cookies may limit personalized service usage.

Cookie Configuration Instructions

Web Browser:

Chrome: Settings > Privacy and Security > Clear Browsing Data
Edge: Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data

Mobile Browser:

Chrome: Settings > Privacy and Security > Clear Browsing Data
Safari: Device Settings > Safari > Advanced > Block All Cookies
Samsung Internet: Settings > Tabs > Turn on Secret Mode > Start

7. Behavioral Information Collection, Use, Provision, and Rejection

The company collects and uses online behavioral information for site usage analysis, product and service development, and customer analysis. Behavioral information refers to activity data revealing interests, preferences, and tendencies (website visit history, app usage history, purchase and search history).

The company collects minimum necessary behavioral information and excludes sensitive information (political beliefs, religious views, medical history) that may infringe rights, interests, or privacy.

1) Behavioral Information Collection on Airbridge Website

Category	Details
Items Collected	Users' service visit records, activity logs, search history, advertising identifiers
Collection Method	Cookie installation; automatic information generation and transmission via web/app visits; automatic transmission upon app execution
Collection Tools	Airbridge, Amplitude, Google Analytics
Collection Purpose	Analyzing usage patterns for service recommendations (including advertisements); utilizing behavioral analysis for new service development and service improvement
Retention Period	Maximum 2 years from collection date, then destroyed

2) User Control Over Behavioral Information

Users block or allow behavioral information collection by adjusting cookie and device settings on web/app. Cookie setting changes may restrict automatic login and other services.

3) Cookie Refusal Methods

Web Browser:

Chrome: Settings > Privacy and Security > Clear Browsing Data
Edge: Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data

Mobile Browser:

Chrome: Settings > Privacy and Security > Clear Browsing Data
Safari: Device Settings > Safari > Advanced > Block All Cookies
Samsung Internet: Settings > Tabs > Turn on Secret Mode > Start

8. Privacy Protection Department

1) Operational Structure

AB180 operates a Privacy Protection Department handling personal data processing and addressing complaints or remedy issues related to personal data processing.

2) Contact and Response

Users contact the Privacy Protection Department regarding inquiries, access requests, complaints, or remedy issues related to personal data protection from AB180 Inc. service usage. AB180 Inc. responds and addresses inquiries without delay.

Department	Security & Privacy Team
Email	compliance@ab180.co

9. Measures to Ensure Safety of Personal Information

AB180 ensures safety measures per Article 29 of the Personal Information Protection Act through technical, managerial, and physical measures.

1) Periodic Self-Audit

The Company conducts annual self-audits ensuring safe personal information handling.

2) Personnel Minimization and Training

The Company designates specific personnel for personal information handling, minimizing personnel size by limiting assignments to managers.

3) Internal Management Plan

The Company establishes and implements internal plans for safe personal information handling.

4) Technical Measures Against Hacking

To prevent leaks or damage from hacking and computer viruses, the Company: installs security programs, performs periodic updates and inspections, restricts external access system placement, and performs technical and physical monitoring and blocking.

5) Personal Information Encryption

User passwords are encrypted and stored so only users know them. Important data (files and transmitted data) use separate security functions and file locking.

6) Access Records and Prevention of Forgery

The Company maintains personal information processing system access records for minimum 2 years and uses security functions preventing forgery, falsification, theft, and loss.

7) Access Restriction

The Company controls personal information access through database system access rights (granting, modifying, canceling) and blocks unauthorized external access using intrusion prevention systems.

8) Unauthorized Access Blocking

The Company maintains separate physical storage for personal information with established access control procedures.

10. Remedies for Infringement on Rights of Data Subjects

The following separate organizations handle privacy complaints:

1) Personal Information Infringement Report Center

Services: Personal information infringement reporting and consultation

Website: privacy.kisa.or.kr

Phone: (without area code) 118

2) Personal Information Dispute Mediation Committee

Services: Personal information dispute mediation and collective disputes (civil resolution)

Website: kopico.go.kr

Phone: (without area code) 1833-6972

3) Prosecutor's Office Cyber Investigation Division

Phone: (without area code) 1301

Website: spo.go.kr

4) National Police Agency Cyber Investigation Unit

Phone: (without area code) 182

Website: ecrm.police.go.kr

11. Change in Privacy Policy

1) Effective Date

This policy is effective from August 8, 2025.

2) Previous Versions

3) Policy Announcements

AB180 announces any revisions to the privacy policy.

Representative (GDPR)

The GDPR requires EU-designated representative designation by non-EU controllers or processors. AB180 Inc.'s EU service provider contact information:

GDPR-Rep.eu

Maetzler Rechtsanwalts GmbH & Co KG

Attorneys at Law

c/o AB180 Inc.

Schellinggasse 3/10, 1010 Vienna, Austria

Subject line for all correspondence:

GDPR-REP ID: 12799064

Company Name: (주) 에이비일팔공

Address: 서울특별시 서초구 강남대로 61길 17, 3층, 4층 (서초동)

Business Registration Number: 550-88-00196

Representative: 남성필

Privacy Policy

Effective Date: 2025.08.11 · Last Updated: 2025.08.08

1. Purpose of Processing Personal Information

AB180 processes personal information for specific purposes and does not use it for other purposes without prior consent.

Service	Purpose of Processing	Legal Basis
Airbridge Membership Registration	Confirmation of registration intent, identification and authentication, membership status maintenance, misuse prevention	Required: Personal Information Protection Act, Article 15; Optional: Consent
Provision of Airbridge Services	Client identification and management, service notifications, fee payment and settlement	Required: Personal Information Protection Act, Article 15
Library Download	Handbook and guide distribution	Required: Personal Information Protection Act, Article 15
Newsletter Subscription	Service promotion and information dissemination	Required: Personal Information Protection Act, Article 15
Book a Demo	Demo service application and inquiry responses	Required: Personal Information Protection Act, Article 15
Service Inquiries and Complaint Handling	Responding to inquiries, notifications, grievance handling, dispute resolution	Required: Personal Information Protection Act, Article 15
Request to Help Center	Responding to dashboard inquiries	Required: Personal Information Protection Act, Article 15
Share Feedback	Feedback provision on guides	Optional: Consent
ETC	Tax record retention	Basic Tax Law Article 85-3; Commercial Act Article 266

2. Collecting, Processing, Use, and Retention Periods of Personal Information

AB180 destroys personal information promptly once its purpose is achieved. Information retention complies with relevant laws including the Commercial Act.

Service	Type	Item	Retention Period
Airbridge Membership Registration	Required	Name, Email, Password, Company Name, Country	Contract customers: 1 year from termination; Others: 1 year from last login
Airbridge Membership Registration	Optional	Phone Number, Job Title	Contract customers: 1 year from termination; Others: 1 year from last login
Provision of Airbridge Services	Required	Name, Company Name, Job Title, Email, Phone Number	Until contract termination
Library Download	Required	Name, Company Name, Job Title, Email, Country	Until newsletter unsubscribe or service termination
Newsletter Subscription	Required	Email	Until newsletter unsubscribe or service termination
Book a Demo	Required	Name, Company Name, Job Title, Email, Phone Number, Country	1 year from demo request end
Service Inquiries and Complaint Handling	Required	Email, Name, Company Name, Phone Number	3 years from inquiry date or contract termination
Request to Help Center	Required	Name, Company Name, Email, Country	Paid plan: 3 years from termination; Others: 3 years from completion
Share Feedback	Optional	Email	3 years from feedback sharing date
ETC	Required	Tax basis documents (all transaction records and supporting documents)	5 years

3. Outsourcing of Personal Information Processing (Matters Regarding the Transfer of Personal Information Overseas)

1) Overseas Data Transfers

Transferred Item	Countries	Recipient	Purpose	Retention Period
Name, Email, Password, Company Name, Country, Phone Number, Job Title	Japan	Amazon Web Services, Inc. (aws-korea-privacy@amazon.com)	Amazon Cloud Service usage	Until membership withdrawal or contract termination
Name, Email, Company Name, Phone Number	USA	Intercom, Inc. (compliance@intercom.com)	Membership management and civil affairs	Until membership withdrawal or contract termination
Email	USA	The Rocket Science Group LLC d/b/a Mailchimp (privacy@mailchimp.com)	Email sending to customers	Until newsletter unsubscribe or service termination
Email	USA	Twilio (Sendgrid) (privacy@twilio.com)	Email sending to users	Until membership withdrawal or contract termination
Email	USA	Mixmax, Inc. (privacy@mixmax.com)	Business and performance management	Until membership withdrawal or contract termination
Name, Company Name, Job Title, Email, Phone Number, Country	USA	Salesforce, Inc. (privacy@salesforce.com)	Customer and contract management	Until membership withdrawal or contract termination
Name, Company Name, Job Title, Email, Phone Number, Country	USA	ZenLeads Inc. (privacy@apollo.io)	B2B marketing intelligence platforms	Until membership withdrawal or contract termination
Name, Email	UK	Plain (security@plain.com)	Customer and partner inquiry handling	3 years from contract end
Card number, Expiration date, CVC, Country, Email	USA	Stripe (privacy@stripe.com)	Post-payment processing	Until membership withdrawal or contract termination

All transfers are conducted via security protocols (encryption) through the website at the time of service use.

2) Outsourcing Contract Standards

3) Outsourcing Changes

AB180 promptly discloses changes to outsourced tasks or service providers through updated Privacy Policy.

4) Third-Party Data Sharing

AB180 does not provide personal information to third parties without user consent, except when:

Users directly consent to external service provider information sharing
Company is obligated by law to submit information to competent authorities
Urgent need exists to protect user life or safety

5) Overseas Transfer Refusal

Users may refuse overseas data transfer by contacting the Privacy Protection Department, though refusal may limit service functionality.

4. Rights and Duties of Data Subject and Legal Representative and Methods of Exercising Them

Data Subject Rights

Users may exercise the following rights at any time:

Right to access, correct, or delete personal information
Right to request discontinuance of personal information processing

Exercise Methods

Users exercise rights via documents, email, fax, or other methods per Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act. AB180 responds without delay.

Legal Representative Rights

Right Limitations

Data subject rights to request suspension may be limited per Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.

Correction or deletion requests may be denied if information is required to be collected under other laws or regulations.

Verification Process

AB180 verifies requester identity before granting access, correction, deletion, or processing suspension requests.

Contact Method

Users exercise rights through the Privacy Protection Department at compliance@ab180.co.

5. Destruction of Personal Information

1) Destruction Procedure

2) Destruction Timeline

Personal information is destroyed within five days after retention period end or when processing is no longer necessary due to purpose fulfillment, service discontinuation, or business closure.

3) Destruction Method

Electronic files are destroyed unrecoverably; paper documents are shredded or incinerated.

6. Matters Concerning Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

Cookie Use

AB180 uses cookies to store and retrieve automatically generated or collected information to provide stable services and personalized experiences.

Information Collected

Cookie Definition

Cookies are small data pieces sent by website servers (HTTP) to user browsers, stored on computers or mobile devices, and automatically transmitted to servers upon website access.

User Control

Users configure browser settings to allow or block cookies. Refusing cookies may limit personalized service usage.

Cookie Configuration Instructions

Web Browser:

Chrome: Settings > Privacy and Security > Clear Browsing Data
Edge: Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data

Mobile Browser:

Chrome: Settings > Privacy and Security > Clear Browsing Data
Safari: Device Settings > Safari > Advanced > Block All Cookies
Samsung Internet: Settings > Tabs > Turn on Secret Mode > Start

7. Behavioral Information Collection, Use, Provision, and Rejection

The company collects minimum necessary behavioral information and excludes sensitive information (political beliefs, religious views, medical history) that may infringe rights, interests, or privacy.

1) Behavioral Information Collection on Airbridge Website

Category	Details
Items Collected	Users' service visit records, activity logs, search history, advertising identifiers
Collection Method	Cookie installation; automatic information generation and transmission via web/app visits; automatic transmission upon app execution
Collection Tools	Airbridge, Amplitude, Google Analytics
Collection Purpose	Analyzing usage patterns for service recommendations (including advertisements); utilizing behavioral analysis for new service development and service improvement
Retention Period	Maximum 2 years from collection date, then destroyed

2) User Control Over Behavioral Information

Users block or allow behavioral information collection by adjusting cookie and device settings on web/app. Cookie setting changes may restrict automatic login and other services.

3) Cookie Refusal Methods

Web Browser:

Chrome: Settings > Privacy and Security > Clear Browsing Data
Edge: Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data

Mobile Browser:

Chrome: Settings > Privacy and Security > Clear Browsing Data
Safari: Device Settings > Safari > Advanced > Block All Cookies
Samsung Internet: Settings > Tabs > Turn on Secret Mode > Start

8. Privacy Protection Department

1) Operational Structure

AB180 operates a Privacy Protection Department handling personal data processing and addressing complaints or remedy issues related to personal data processing.

2) Contact and Response

Department	Security & Privacy Team
Email	compliance@ab180.co

9. Measures to Ensure Safety of Personal Information

AB180 ensures safety measures per Article 29 of the Personal Information Protection Act through technical, managerial, and physical measures.

1) Periodic Self-Audit

The Company conducts annual self-audits ensuring safe personal information handling.

2) Personnel Minimization and Training

The Company designates specific personnel for personal information handling, minimizing personnel size by limiting assignments to managers.

3) Internal Management Plan

The Company establishes and implements internal plans for safe personal information handling.

4) Technical Measures Against Hacking

5) Personal Information Encryption

User passwords are encrypted and stored so only users know them. Important data (files and transmitted data) use separate security functions and file locking.

6) Access Records and Prevention of Forgery

The Company maintains personal information processing system access records for minimum 2 years and uses security functions preventing forgery, falsification, theft, and loss.

7) Access Restriction

The Company controls personal information access through database system access rights (granting, modifying, canceling) and blocks unauthorized external access using intrusion prevention systems.

8) Unauthorized Access Blocking

The Company maintains separate physical storage for personal information with established access control procedures.

10. Remedies for Infringement on Rights of Data Subjects

The following separate organizations handle privacy complaints:

1) Personal Information Infringement Report Center

Services: Personal information infringement reporting and consultation

Website: privacy.kisa.or.kr

Phone: (without area code) 118

2) Personal Information Dispute Mediation Committee

Services: Personal information dispute mediation and collective disputes (civil resolution)

Website: kopico.go.kr

Phone: (without area code) 1833-6972

3) Prosecutor's Office Cyber Investigation Division

Phone: (without area code) 1301

Website: spo.go.kr

4) National Police Agency Cyber Investigation Unit

Phone: (without area code) 182

Website: ecrm.police.go.kr

11. Change in Privacy Policy

1) Effective Date

This policy is effective from August 8, 2025.

2) Previous Versions

3) Policy Announcements

AB180 announces any revisions to the privacy policy.

Representative (GDPR)

The GDPR requires EU-designated representative designation by non-EU controllers or processors. AB180 Inc.'s EU service provider contact information:

GDPR-Rep.eu

Maetzler Rechtsanwalts GmbH & Co KG

Attorneys at Law

c/o AB180 Inc.

Schellinggasse 3/10, 1010 Vienna, Austria

Subject line for all correspondence:

GDPR-REP ID: 12799064

Company Name: (주) 에이비일팔공

Address: 서울특별시 서초구 강남대로 61길 17, 3층, 4층 (서초동)

Business Registration Number: 550-88-00196

Representative: 남성필