SUITDIO PRIVACY POLICY
Effective Date: December 1, 2024
SuitdiO ("the Company") operates an online digital whiteboard service called "SuitdiO." In accordance with Article 30 of the Personal Information Protection Act, the Company has established and operates the following Personal Information Processing Policy to protect users' personal information and rights and to promptly address related inquiries and difficulties.
Article 1 (Information on Collection and Use of Personal Information)
To use "SuitdiO," certain personal information must be collected. The details are as follows:
1. Personal Information Collected
The Company collects personal information after obtaining user consent for each purpose:
| Purpose of Collection | Items Collected | Retention/Use Period |
|---|---|---|
| Membership registration and user identification | Nickname/Name, Email, Password | Until membership withdrawal |
| Social media sign-up | All information permitted by the linked SNS, including user's account information and friend relationship information | Until membership withdrawal |
| Responding to service inquiries | Nickname/Name, Email, Mobile Phone Number | Until membership withdrawal or up to 3 years in accordance with relevant laws |
| Sending information about event operations, benefits, and service updates | Nickname/Name, Email, Mobile Phone Number, Company Name, Position and Department | Until withdrawal of consent |
| Payment card registration, payment, and refund | Payment information transmitted to the contracted PG company | Until membership withdrawal or up to 5 years in accordance with relevant laws |
| Identity verification | Birth date | Until membership withdrawal |
| Accumulating statistical data to improve services | IP information, device/browser information, domains visited, webpages viewed, telecommunications company type, usage history, and bad usage history | Until membership withdrawal |
| Preventing fraudulent use | Up to 30 days after membership withdrawal |
2. Methods of Collection
The Company collects personal information in the following ways:
- Information entered by users during service use (e.g., customer center consultations, bulletin board activity, cash receipt issuance)
- Transmission from linked services such as SNS sign-ups
- Usage statistics collection tools for service improvement and understanding user response
- Cookies, access logs, etc., automatically created and collected during service use
- Offline methods (writing, consent forms at exhibitions, seminars, events, etc.)
For children under 14, additional information from legal representatives may be collected:
- Legal representative (guardian) name, date of birth, gender, nationality, mobile phone number, mobile carrier information, i-PIN information (when i-PIN is verified), personal identification value (CI, DI)
3. Retention and Destruction
Personal information collected by the Company is processed within the retention/use period consented to by the user at the time of collection or within the period stipulated by applicable laws. Once the purpose is fulfilled or the retention/use period expires, the personal information is promptly destroyed in an irreversible and non-reproducible manner.
Article 2 (Matters Regarding Processing of Pseudonymized Information)
The Company processes pseudonymized information with user consent for service improvement, including enhancing model performance and quality, as follows. "Pseudonymized information" refers to information that cannot identify an individual without additional data to restore it to its original state.
- The Company does not use users' pseudonymized information for any purpose other than improving service and model performance.
- The use of pseudonymized information applies while user consent is maintained. If you wish to withdraw consent, you may change your preferences, and your changes will be applied from that time forward.
Items of Pseudonymized Information
| Items | Retention Period |
|---|---|
| Information converted by AI (input/output) | Up to 5 years after pseudonym conversion |
Security Measures for Pseudonymized Information
- The Company enforces security measures for pseudonymized data and any additional information that could re-identify individuals.
- Pseudonymized information and additional information are stored separately; unnecessary data is destroyed.
- Access rights are managed and controlled (minimum necessary privileges, separate permissions for pseudonymized data and additional information, record-keeping of access rights, etc.).
- The Company keeps records of processing activities for pseudonymized information in this Privacy Policy.
- Processing pseudonymized information to identify a specific individual is strictly prohibited.
- If information that can identify an individual is created during pseudonymized information processing, the Company stops processing immediately and destroys such identifiable data without delay.
Article 3 (Installation and Refusal of Automatic Personal Information Collection Devices)
The Company automatically generates and collects the following data during service use:
1. Purpose of Automatically Collected Information
- Compliance with Laws: The Company is obligated to retain access logs (logins) to comply with relevant regulations.
- Web Usability Analysis and Improvement: Visit date/time, service usage history, and Cookie ID are collected and retained for 5 years from the date of collection, and then deleted immediately after the period expires.
2. Guidance on Automatic Collection and How to Refuse
- The Company collects and analyzes behavioral information using the following analysis tools. The likelihood of identifying individuals from this information is low:
- Mixpanel
- Google LLC
- You may refuse or delete the storage of cookies and other automatic data collection tools through your browser or device settings.
Article 4 (Entrustment of Personal Information Processing)
The Company may entrust certain personal information processing activities to third parties to ensure seamless operation. When signing an entrustment contract, the Company supervises the processor to ensure compliance with relevant laws regarding the safe handling of personal data.
| Trustee | Task |
|---|---|
| Canny | Handling user feedback, sending notifications on events and benefits, delivering service updates |
| Tally | Collecting data through forms |
| Stevie Inc. | Sending information about events, benefits, and service updates |
| Google Firebase (FCM) | Membership registration and user identification for service provision |
Article 5 (Provision of Personal Information to Third Parties)
The Company processes the personal information of users only within the scope outlined in Article 1 of this Policy. It does not provide personal information to third parties except where:
- The user has provided separate, prior consent, or
- Special provisions in relevant laws and regulations require it.
Article 6 (Transfer of Personal Information Abroad)
The Company does not provide personal information to overseas businesses except in fulfilling contracts for information and communication services or to enhance user convenience. In such cases, personal information is transferred overseas as follows:
| Purpose | Items | Date/Method | Retention Period | Company/Country |
|---|---|---|---|---|
| Collect data using forms | Name, Mobile Number, Email | Transmitted via encrypted network when providing service | Until contract termination or membership withdrawal, or up to 3 years per relevant laws | Tally / Belgium |
| Collect user feedback | Transmitted via encrypted network when providing service | Until the earlier of contract termination or 5 years from collection | Canny / United States | |
| Web usability analysis | Date/time of visit, usage history, Cookie ID | Transmitted via encrypted network when providing service | Until the earlier of contract termination or 5 years from collection | Mixpanel / United States |
| Membership registration, user identification, web usability analysis, service provision | Date/time of visit, usage history, Cookie ID | Transmitted via encrypted network when providing service | Until the earlier of contract termination or 5 years from collection | Google / United States |
Article 7 (Rights of Users and Legal Representatives, and Exercise Methods)
Users, and in the case of minors under 14, their legal representatives, may view, edit, and delete personal information.
- If a user exercises their rights (e.g., access, correction, deletion, or suspension of processing) through a legal representative or authorized agent, the agent must submit a power of attorney in the format of Appendix 11 of the Enforcement Regulations of the Personal Information Protection Act.
- When users request access, correction, deletion, or suspension of processing, the Company verifies the identity of the requestor or their agent to ensure legitimacy.
Article 8 (Personal Information Protection Officer)
The Company designates the following individual responsible for overseeing personal information processing, addressing user complaints, and resolving damages related to personal information:
- Name: [Name of Person in Charge]
- Department: SuitdiO
- Position: [Title/Role]
- Contact: [Email Address]
Article 9 (Amendments to the Personal Information Processing Policy)
- This Privacy Policy may be amended to provide better service and meet compliance requirements.
- For significant changes, the Company will provide prior notice in an easily understandable format, such as an in-service announcement or email notification.