Privacy Policy (2022. 03. 03)

In order to protect the personal information of the service users, AB180 Inc. (hereinafter referred to as “AB180” or the “Company”) complies with the privacy protection regulations under the relevant laws, such as the “Personal Information Protection Act”, and has the following Privacy Policy. When there is any revision to the Privacy Policy, AB180 shall make relevant notification via email.

※ This policy is effective from March 3, 2022.

1. Purpose of Processing Personal Information

AB180 processes personal information for the following purposes. The Company does not use processed personal information for any other purpose than the following, and if a purpose of use is to be changed, it shall seek prior consent.

  1. Website membership registration and management
    The Company processes personal information for the purposes of confirming intention to register as a member, performing identification to provide membership services, maintaining and managing membership, preventing fraudulent use of the services, making various notices, handling grievances, and maintaining records for dispute settlement.
  2. Handling civil affairs
    The Company processes personal information for the purposes of verifying the identity of complainants, verifying complaints, making contacts and notifications for fact investigation, and notifying the processing results.
  3. Providing goods or services
    The Company processes personal information for the purposes of providing services, contents, and customized services and settling fee payment accounts.

2. Collecting, Processing, Use, and Retention Periods of Personal Information

  1. Personal information items
    Email, password, company name, phone number, name (if entered), job/title (if entered), access country/city (if entered), access time zone (if disclosed), language used in browser (if disclosed), browser type/version (if disclosed), OS type/version of PC (if disclosed)
  2. Collection method
    AB180 website: Information directly entered by users on the websites is collected.
    Information is collected using access IP addresses and user agent of the browser.
  3. AB180 destroys personal information immediately when it fully serves its purpose. If it is necessary to retain personal information in accordance with the related laws and regulations, such information is retained for a certain period of time. The processing, use, and retention periods of personal information are as follows.
Personal Information Collected and Retained
Related Statute
Retention Period
Website visit records
Protection of Communications Secrets Act
3 months
Records of consumer complaints and dispute handling
Protection of Communications Secrets Act
3 years
Records of contracts, subscription withdrawal, etc.
Act on the Consumer Protection in Electronic Commerce, etc.
5 years
Records of payment, supply of goods, etc.
Act on the Consumer Protection in Electronic Commerce, etc.
5 years
Records of tax payment
Framework Act on National Taxes
5 years
Personal Information Collected and Retained
Website visit records
Related Statute
Protection of Communications Secrets Act
Retention Period
3 months
Personal Information Collected and Retained
Records of consumer complaints and dispute handling
Related Statute
Protection of Communications Secrets Act
Retention Period
3 years
Personal Information Collected and Retained
Records of contracts, subscription withdrawal, etc.
Related Statute
Act on the Consumer Protection in Electronic Commerce, etc.
Retention Period
5 years
Personal Information Collected and Retained
Records of payment, supply of goods, etc.
Related Statute
Act on the Consumer Protection in Electronic Commerce, etc.
Retention Period
5 years
Personal Information Collected and Retained
Records of tax payment
Related Statute
Framework Act on National Taxes
Retention Period
5 years

3. Outsourcing of Personal Information Processing

  1. In order to facilitate the handling of personal information, AB180 outsources personal information processing tasks as follows. The entrusted work processed by an overseas corporation among entrustment is as follows.
Transferred Item
Collected personal information
Countries
USA, Japan
Transfer Method
Online transfer using security protocol (encryption)
Recipient (Information Manager)
Amazon Web Services, Inc. (Stephen Schmidt, CISO, 1-206-266-1000)
Purpose
For using Amazon Cloud Service
Retention and Use Period
Until membership withdrawal or contract termination(However, if the laws and regulations impose duties to retain information for a certain period, personal information may be stored during the designated period)
Transferred Item
Collected personal information
Countries
USA
Transfer Method
Online transfer using security protocol (encryption)
Recipient (Information Manager)
Intercom, Inc. (Legal Department, compliance@inter.com)
Purpose
For membership management and handling of civil affairs
Retention and Use Period
Until membership withdrawal or contract termination(However, if the laws and regulations impose duties to retain information for a certain period, personal information may be stored during the designated period)
Transferred Item
Collected personal information
Countries
USA
Transfer Method
Online transfer using security protocol (encryption)
Recipient (Information Manager)
Zendesk, Inc.(Privacy, privacy@zendesk.com)
Purpose
For handling customers and partners inquiries
Retention and Use Period
2 years from the last use of the service
Transferred Item
Collected personal information
Countries
USA
Transfer Method
Online transfer using security protocol (encryption)
Recipient (Information Manager)
The Rocket Science Group LLC d/b/a Mailchimp (Privacy, privacy@mailchimp.com)
Purpose
For sending email to customers
Retention and Use Period
Until membership withdrawal or contract termination(However, if the laws and regulations impose duties to retain information for a certain period, personal information may be stored during the designated period)
Transferred Item
Collected personal information
Countries
USA
Transfer Method
Online transfer using security protocol (encryption)
Recipient (Information Manager)
Amplitude, Inc. (Privacy, privacy@amplitude.com)
Purpose
For system improvement through analysis of customer behavior data
Retention and Use Period
Until membership withdrawal or contract termination(However, if the laws and regulations impose duties to retain information for a certain period, personal information may be stored during the designated period)
Transferred Item
Collected personal information
Countries
Japan
Transfer Method
Online transfer using security protocol (encryption)
Recipient (Information Manager)
Snowflake (Privacy, privacy@snowflake.com)
Purpose
For using Snowflake Data Warehouse(Outsourcing physical operating environment)
Retention and Use Period
Until membership withdrawal or contract termination(However, if the laws and regulations impose duties to retain information for a certain period, personal information may be stored during the designated period)
Transferred Item
Collected personal information
Countries
USA
Transfer Method
Online transfer using security protocol (encryption)
Recipient (Information Manager)
Newrelic (Privacy, privacy@newrelic.com)
Purpose
For monitoring log of backend system
Retention and Use Period
Until membership withdrawal or contract termination(However, if the laws and regulations impose duties to retain information for a certain period, personal information may be stored during the designated period)
Transferred Item
Collected personal information
Countries
USA
Transfer Method
Online transfer using security protocol (encryption)
Recipient (Information Manager)
LogRocket (Privacy, privacy@logrocket.com)
Purpose
For monitoring customer session of frontend
Retention and Use Period
Until membership withdrawal or contract termination(However, if the laws and regulations impose duties to retain information for a certain period, personal information may be stored during the designated period)
Transferred Item
Collected personal information
Countries
USA
Transfer Method
Online transfer using security protocol (encryption)
Recipient (Information Manager)
Sentry (Privacy, security@sentry.io)
Purpose
For monitoring log and error log of frontend system
Retention and Use Period
Until membership withdrawal or contract termination(However, if the laws and regulations impose duties to retain information for a certain period, personal information may be stored during the designated period)
Transferred Item
Collected personal information
Countries
USA
Transfer Method
Online transfer using security protocol (encryption)
Recipient (Information Manager)
Twilo(Sendgrid) (Privacy, privacy@twilio.com)
Purpose
For sending email to user
Retention and Use Period
Until membership withdrawal or contract termination(However, if the laws and regulations impose duties to retain information for a certain period, personal information may be stored during the designated period)
  1. When signing an outsourcing contract, AB180 specifies matters such as prohibition of personal information processing for other purposes than conducting the outsourced duties, technical and administrative protection measures, restriction on subcontract, management and supervision of the outsourcee, indemnification for damages and other liabilities, etc. in accordance with Article 26 of the Personal Information Protection Act and supervises the outsourcee for safe handling of personal information.
  2. In case of any change in the contents of the outsourced tasks or the outsourcee, the Company shall without delay disclose such change through this Privacy Policy

4. Rights and Duties of Information Subject and Legal Representative and Methods of Exercising Them

As a personal information subject, the user can exercise the following rights.

  1. The information subject may at any time exercise the right to access, correct, or delete his/her personal information or request discontinuance of personal information processing to AB180.
  2. The user can exercise the rights under Paragraph 1 by documents, email, fax, etc. according to Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and AB180 shall take actions accordingly without delay.
  3. The information subject may exercise the rights under Paragraph 1 through his/her legal representative, trustee, or other authorized agents. In this case, the user shall submit a power of attorney produced on the form in Annex 11 of the Enforcement Rules of the Personal Information Protection Act.
  4. The information subject’s right to request suspension of personal information access or processing may be limited pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
  5. Correction or deletion of personal information may not be requested if such personal information is specified to be subject to collection in other laws or regulations.
  6. AB180 performs verification of whether the requester of viewing, correcting or deleting personal information or suspending processing of such information is the information subject or his/her rightful agent.

5. Destruction of Personal Information

In principle, ABS180 shall destroy personal information without delay when the purpose of processing the personal information is achieved. The procedure, time, and method of destruction are as follows.

  1. Procedure of destruction
    The information entered by the user is transferred to a separate DB (separate documents in the case of data on paper) after achieving the purpose and is stored for a certain period of time or immediately destroyed according to the internal policy and other related statutes. Here, the personal information transferred to the DB shall not be used for any other purpose than what is required by the laws.
  2. Time of destruction
    Personal information of the user shall be destroyed within five days after the end date of the retention period or within five days after the date on which it is acknowledged that processing of such personal information is no longer necessary due to reasons such as fulfillment of the purpose of personal information processing, discontinuation of the service, closing of the business, etc.
  3. Method of destruction
    Information in the form of electronic files shall be destroyed by using a technical method that renders it impossible to reproduce the information.

6. Matters Concerning Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

  1. AB180 uses “cookies” to save and retrieve the usage information to provide the individually customized service.
  2. Cookies are a small amount of information that the server (http) used to run a website sends to the user's computer browser and are sometimes stored in the hard disk of the user's computer.
    1)  Purpose of using cookies: Cookies are used to provide optimized information to the user by identifying visits, usage types, search terms, and secure access status, etc. regarding the services and websites used by the user.
    2)  Installation, operation, and rejection of cookies: The user can refuse to save cookies through the web browser option setting.
    3)  If the user refuses to save cookies, he/she may experience difficulties in using customized services.

7. Privacy Officers

  1. AB180 designates privacy officers to be in charge of handling personal information, dealing with complaints of the information subject related to personal information processing, and providing damage relief.
  2. The information subject can make inquiries to the privacy officers or the departments in charge regarding personal information protection, complaint handling, damage relief in using the service (or regarding business) of AB180. AB180 shall respond to and handle inquiries from the information subject without delay.
Classification
Chief Information Security Officer / Data Protection Officer
Name
Wonkyung Lyu
Relevant Department
Security & Privacy Division
Email
compliance@ab180.co

8. Change in Privacy Policy

This Privacy Policy shall start to be effective on the enforcement date, and in case there is any addition, deletion, or correction of provisions in accordance with the relevant statutes and policies, the Company shall notify the details seven days before implementation of the change.

9. Measures to Ensure Safety of Personal Information

  1. Periodic self-audit
    In order to ensure safety in handling personal information, the Company conducts self-audit on a regular basis (once a year).
  2. Minimization and training of personnel handling personal information
    The Company designates persons who handle personal information and minimizes such personnel size by limiting assignment of such tasks to managers only.
  3. Establishment and implementation of internal management plan
    The Company establishes and implements internal management plans for safe handling of personal information.
  4. Technical measures against hacking, etc.
    To prevent personal information leak or damage caused by hacking, computer viruses, etc. the Company installs security programs, performs periodic updates and inspections, installs systems in areas where access from outside is restricted, and performs technical and physical monitoring and blocking.
  5. Encryption of personal information
    The User's password encrypted and stored and managed so that only the user can know, and uses separate security functions for handling important data such as encrypting files and transmitted data and using file locking.
  6. Storage of access records and prevention of forgery and falsification
    The Company keeps and manages the access records in the personal information processing system for at least 2 years and uses security functions to prevent forgery, falsification, theft, and loss of the access records.
  7. Restriction on access to personal information
    The Company controls access to personal information by granting, modifying, and canceling access rights to the database system that processes personal information and blocks unauthorized access from outside using an intrusion prevention system.
  8. Blocking of unauthorized access
    The Company has a separate physical storage area for personal information and has an established access control procedure in operation for the area.

10. Request for Viewing Personal Information

  1. The information subject may request viewing of personal information pursuant to Article 35 of the Personal Information Protection Act to the following department. AB180 shall promptly process such a request for viewing personal information by the information subject.

    - Department: Security & Privacy Division
    - Person in charge: Wonkyung Lyu
    - Contact: compliance@ab180.co

11. Remedies for Infringement on Rights of Information Subjects

The following are separate organizations from AB180, and if you are not satisfied with AB180's handling of privacy complaints, damage relief results, etc. or need further assistance, you can contact these organizations.

Personal Information Infringement Report Center (operated by the Korea Internet and Security Agency)
1)  Services: Personal information infringement report, consultation (through application)
2)  Website: privacy.kisa.or.kr
3)  Phone: 118 (without area code)
4)  Address: 58324) Personal Information Infringement Report Center, 3F, 9, Jinheung-gil, Naju-si, Jeollanam-do, Republic of Korea

Personal Information Dispute Mediation Committee
1)  Services: Mediation of personal information disputes (through application) and collective disputes (civil resolution)
2)  Website: www.kopico.go.kr
3)  Phone: (without area code) 1833-6972
4)  Address: (03171) 12F, Central Government Complex, 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea

Cyber Crime Investigation Team of the Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)
National Police Agency Cyber Bureau: (without area code) 182 (http://cyberbureau.police.go.kr)

Notice for users of applications and websites with built-in SDK

AB180 provides a wide range of services under the Airbridge brand to its customer companies. AB180’s various services can be provided through SDK or server-to-server communication.  Customer companies can selectively use the variety of services provided by AB180, and such selection right is entirely reserved by each customer company.  Customer companies can collect various data to analyze the use status of various users who use their services.

In this process, the customer companies can store via Airbridge’s service part of non-personal information among the collected user data such as reversibly encrypted GAID, IDFA, etc. that are transmitted; unique device identification values legally defined as non-personal information and reversibly encrypted information of areas, languages, device names, network environments, OS versions, service use history of the user, etc. that is transmitted and use it for information mapping or deliver it for the purpose of matching unspecified anonymous users and information for identifying individuals.

In this process, AB180 provides information to customer companies for the sole purpose of their identifying anonymous users with personal information and does not use received or entrusted personal information of customers for any other purpose than the above-mentioned and statistical purpose.