LEGAL & COMPLIANCE
Privacy Policy
Updated: May 03, 2022
MOCA System Inc. (hereinafter referred to as “the Company”) is making the utmost effort to comply with the Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc., the Personal Information Protection Act, and GDPR, and intends to establish and publish the following Privacy Policy in order to protect users’ personal information and handle their grievances quickly and smoothly.
Article 1. Items of Personal Information to be Collected
Article 2. Purpose of Collection and Use of Personal Information
Article 3. Retention and Use Period of Personal Information
Article 4. Provision of Personal Information to Third Parties
Article 5. Outsourcing Personal Information Processing and Cross-Border Transfer
Article 6. Rights and Obligations of Information Subjects
Article 7. Installation, Operation and Rejection of the Automated Personal Information Collection System
Article 8. Procedures and Methods of Destruction of Personal Information
Article 9. Measures to Ensure the Safety of Personal Information
Article 10. Collection, Use, and Refusal of Behavioral Information
Article 11. Duty of Modification and Disclosure of the Privacy Policy
Article 1. Items of Personal Information to be Collected
1) Items to be collected
The Company shall collect the following personal information.
Information to be Collected on the Website
Classification
Items to be collected
Making Inquiries
Required Items: Name, Email, Company Name, I need help with, Country, Message
Optional Items: Phone number, How did you learn about us?
Classification | Items to be collected |
Making Inquiries | Required Items: Name, Email, Company Name, I need help with, Country, Message |
Information to be Collected on the Airfob Pro & Airfob Portal
Classification
Items to be collected
Membership Registration
Required Items: Email, nickname, and password
Classification | Items to be collected |
Membership Registration | Required Items: Email, nickname, and password |
Information to be Collected on the Airfob Space App
Classification
Items to be collected
Error Analysis
Optional Items: OS version, device name
(Collected when users send a separate bug report.)
Classification | Items to be collected |
Error Analysis | Optional Items: OS version, device name |
Information to be Used on the Airfob Space App
Information to be used on the app shall be neither collected nor used by the Company. It shall be used only within the app and deleted when the app is deleted.
Classification | Items to be collected |
Card Information | Required Items: Name, and mobile card information |
Device Information | Optional Items: Device ID and model |
2) Methods of Collection
The Company shall collect personal information in the following ways.
- Users entering information via the website
- Transmissions when an error occurs while the app is in use or when any bug is reported
- Users registering information on the app (only within the app)
Article 2. Purpose of Collection and Use of Personal Information
The Company shall collect and use personal information for the following purposes. The collected personal information shall not be used for any purposes other than the following, and if the purposes of use are changed, the Company shall take legally necessary measures such as asking for prior consent.
Classification | Purpose |
Making Inquiries | Handling inquiries, delivering information and guidance |
Membership Registration | Managing member information and providing services |
Error Analysis | Handling app errors and improving service |
Information to be Used on the App
Classification
Purpose
Card Information
Providing app services and card verification
Device Information
Providing device verification services
Classification | Purpose |
Card Information | Providing app services and card verification |
Device Information | Providing device verification services |
Article 3. Period of Retention and Use of Personal Information
The Company will promptly discard the User’s personal information once it achieves the purpose for which the information was collected and used, unless the relevant laws require it to retain the information.
If the User consents at the time of collecting the personal information, the Company retains the information for the agreed period.
In accordance with the Personal Information Protection Act and the Enforcement Decree of the same Act, in the event that the User does not use the services for a consecutive year, the Company may terminate the contract with the User and take necessary measures including the discarding of the User’s personal information. In such cases, the Company will notify the User of its intention to take the necessary measures, along with the end date of the retention period and the items of personal information retained, by 30 days before the date when the Company takes the measures.
If you wish to withdraw your consent, you can do so at the Company website or by contacting the Company’s privacy department (privacy@mocainc.com), in which case the Company will promptly process your request after verifying your identity.
However, if required under Article 30 (1) 3-2 of the Personal Information Protection Act, the Company will retain the following information for the periods prescribed in the relevant laws.
Items to retain | Legal basis | Retention period |
Users’ log records | Article 41, Enforcement Decree of the Protection of Communications Secrets Act | 3 months |
Other communication confirmation data | 12 months | |
Records related to displays and advertisements | Article 6, Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce | 6 months |
Records related to contracts or withdrawal from contracts | 5 years | |
Records related to payment, provision of goods, etc. | ||
Records related to consumer complaints or dispute resolution | 3 years |
Article 4. Provision of Personal Information to Third Parties
The Company shall not use users’ personal information or provide it to a third party under any circumstances, except in cases where the user has consented to such a provision or where it is required by applicable laws and regulations.
Article 5. Outsourcing Personal Information Processing and Cross-Border Transfer
The Company shall use the following cloud service in order to smoothly provide information, stable service and the latest technologies, etc. The technical and administrative protection measures of the cloud service shall comply with the entrustee’s policy. The entrustee shall only perform physical management and shall not access users’ data.
Airfob Portal
Entrustee
Contact
Purpose of transfer
(entrusting)
Countries to which
the information
is transferred
Date and methods of transfer
Items to be transferred
(entrusted)
Retention period and use of
personal information
Amazon Web Services Inc.
aws-korea-privacy
@amazon.com
Provision of services and
storage of personal information
Republic of Korea
Transmitting through networks when users enter
personal information on the website,
Transmitting through networks after users provide
personal information off-line
Making Inquiries
Membership Registration
Error Analysis
Deletion after storing for 6 months
Deletion if it is not used for 2 years
Immediate deletion in the case of withdrawal
Immediate deletion after analysis
Entrustee | Contact | Purpose of transfer | Countries to which | Date and methods of transfer | Items to be transferred | Retention period and use of |
Amazon Web Services Inc. | aws-korea-privacy | Provision of services and | Republic of Korea | Transmitting through networks when users enter | Making Inquiries Membership Registration Error Analysis | Deletion after storing for 6 months Deletion if it is not used for 2 years Immediate deletion after analysis |
Article 6. Rights and Obligations of Information Subjects
- An information subject may exercise its rights against the Company at any time, including the right to demand the Company to provide access to, delete, or discontinue the processing of, his/her personal information.
※ If the information subject is under 14, such demand should be made by his/her statutory representative. If the information subject is 14 or older but still a minor, the information subject may exercise his/her rights on his/her own or through his/her statutory representative.
- Pursuant to Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, an information subject may exercise his/her rights against the Company in writing via email or fax. The Company will process the demand without delay.
- An information subject may also exercise his/her rights through his/her statutory representative, or a representative authorized by the subject. In such cases, the representative should provide a power of attorney prepared using Attached Form No. 11 of the Public Notice on the Processing of Personal Information (No. 2020-7).
- An information subject’s right to demand access to or discontinuation of the processing of, his/her personal information may be restricted under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
- An information subject may not demand the Company to correct or delete his/her personal information of which collection is required by other laws.
- Upon receiving a demand for access to, deletion of, or discontinuation of processing of, personal information, the Company will verify whether the demand was made by the information subject or a due representative.
- Membership Termination Menu -> My Information > Terminate Membership
- Withdrawal of Consent Menu -> Settings -> Authorization
Article 7. Installation, Operation and Rejection of the Automated Personal Information Collection System
The Company shall use session and local storage technologies, which are technologies similar to cookies. The storage technology is a small text file stored on a user’s PC when they log in. This text file stores any information that the website can read for when the website is re-visited.
The Company shall use the session and local storage technology as follows:
- To maintain the users’ session when they use the services
- To provide improved usability when users use the services
Any information stored in session and local storage is as follows:
- Any token information to maintain the session
- Service language chose by users
- User ID for simple log-in, if chosen by the user
By continuing to use the services, users consent to use by the Company of technologies similar to cookies in accordance with the Privacy Policy
1. The Company shall use cookies when the website is accessed in order to provide a more adequate and useful service to users.
2. A cookie refers to a text file automatically transmitted to a user’s computer when theCompany’s website is accessed.
① Any member may choose whether to use cookies.
② Methods to reject cookies
※ How to Change Cookie Settings
- Internet Explorer 11 for Windows 10: Confirm and delete the region of use
- Run Internet Explorer, click the Tools button, and select Internet Options.
- Go to the Personal Information tab, select Advanced in Settings, and block or allow cookies
- Microsoft Edge
- Run Edge, click ‘…’ on the top right corner, and click Settings.
- Click ‘Personal Information, Search, and Services’ on the left side of the Settings page, and go to the ‘Tracking Prevention’ section to choose whether to use tracking prevention and set the prevention level.
- Choose whether to ‘Always Use “Strict” Tracking prevention when browsing In Private.’
- Go to the Personal Information section below to choose whether to ‘Send a ‘Do Not Track Request.’
- Chrome
- Run Chrome, click the ‘⋮’ mark on the top right corner (Chrome Customization and Control), and set the Settings icon.
- Click ‘Show Advanced Settings’ at the bottom of the Settings page, go to the Personal Information section, and click Content Settings.
- In the Cookie section, check the box for ‘Block Other Companies’ Cookies and Website Data.’
- Safari
- Run the Safari app for Mac, go to Settings, and click Personal Information Protection.
- Click Website Data Management
- Choose one or more websites and click Remove or Remove All.
[Guidance on Google Analytics]
1. The Company aims to analyze and evaluate how customers use its service, identify customer needs, improve and customize its service and goods, and provide an effective service by using a web analytics service, Google Analytics (hereinafter referred to as “Google”) provided by Google, Inc. for the purpose of providing a better service to its customers.
2. Google Analytics analyzes how users use the website using a text file (cookie) stored on the user’s computer.
3. Any information collected through the cookie shall be transmitted to and stored inthe Google server located in the United States.
4. Google may provide this information to any third party as required by law, or to any third party which handles the information on behalf of Google.
5. Google shall not associate customer IP addresses with any data retained by Google.
6. Unless the user rejects usage of cookies, they consent to usage of all information created through the Google cookie or Google Analytics by using the Company’s service.
7. You may check the details of Google’s personal information protection here.
8. If you wish to check methods to reject the usage of Google Analytics, you may restrict or reject storage of all information through the Google website. However, if you reject storage of the cookie, it may restrict parts of the service requiring log-in. In such cases, users should be mindful that they bear the sole responsibility for this.
Article 8. Procedures and Methods of Destruction of Personal Information
In principle, once the Company has achieved the intended purpose of processing personal information, it shall delete said personal information without delay. This deletion shall be subject to the following procedures, schedule and methods:
1) Procedures for Deletion
Information entered by a user shall be transferred to a separate database (or a separate document if provided in hardcopy) once the intended purpose has been achieved, and stored for a certain period in accordance with internal policies and other related laws. Otherwise, it will be immediately deleted. At this time, the personal information transferred to the database shall not be used for any other purpose, except as required by law.
2) Methods for Deletion
Any information in the form of electronic files shall be deleted through a technical method that makes the records unrecoverable. Personal information printed in hard copy shall be shredded or incinerated.
Article 9. Measures to Ensure the Safety of Personal Information
The Company shall take all technical, administrative and physical measures necessary to ensure safety, as follows:
1) Administrative Measures
Establishment of, compliance with, inspection of, and education regarding information-security-related regulations and guidelines, and internal management plans, etc.
2) Technical Measures
Access authority management/verification of personal information processing system, etc., installation/operation of an access control system and security program, encryption of personal information, encryption transmission, etc.
3) Physical Measures
Establishment/operation of regulations on computer room access control, etc.
Article 10. Collection, Use, and Refusal of Behavioral Information
(1) The Company collects and uses behavioral information to provide the information subject with optimized and customized services and benefits, personalized online advertisements, etc.
(2) The Company collects behavioral information as follows.
(3) The Company allows providers of online personalized advertisement to collect and process behavioral information as follows.
- Behavioral information collected and processed by: MOCA System
- Method of collecting behavioral information: automatically collected and transmitted when the User visits the Company’s website or runs the application
- Items of behavioral information to collect and process: the User’s visit history to the website or application, search history, and purchase history
- Period of retention and use: 1 year
(4) The Company collects the minimum behavioral information required for personalized online advertisement, etc., and does not collect sensitive behavioral information that may clearly infringe on the User’s personal rights, interests, or life, including the information on the User’s thoughts, beliefs, family, relatives, academic history, medical history, and other social activities.
(5) The Company does not collect behavioral information for personalized advertisement from children that the Company knows to be under 14 or online services of which the main user pool consists of children under 14. The Company does not provide personalized advertisements to children that the Company knows to be under 14.
(6) The Company collects and uses advertisement identifiers for personalized online advertisement on the mobile application. The information subject may block or allow personalized advertisements on the application by changing the settings of his/her mobile device.
‣ How to Block/Allow Advertisement Identifiers on a Smart Phone
1) (Android) ① Settings → ② Personal Information Protection → ③ Advertisements → ④ Reset or Delete Advertisement ID
2) (iPhone) ① Settings → ② Personal Information Protection → ③ Tracking → ④ Toggle ‘Allow App to Request Tracking’ off
※The menu items and methods may vary depending on the mobile OS version.
(7) The information subject may block or allow all personalized online advertisements by changing the cookie settings and other options on the web browser. However, changing cookie settings may affect the use of some services including auto-login.
‣ How to Block/Allow Personalized Advertisements through Web Browser (omitted)
(8) The information subject may ask questions about behavioral information, exercise his/her right to refusal, or file a damage report by contacting us using the following information.
‣ Privacy Department
Department name: Strategic Marketing Office
Contact point: Head of Strategic Marketing Office
Contact information: support@mocainc.com
Article 11. Chief Privacy Officer and ContactInformation
In order to protect user personal informationand deal with related complaints, the personal information manager and relateddepartments shall be designated by the Company as follows, and the ChiefPrivacy Officer shall serve as the Data Protection Officer (DPO).
1) Chief Privacy Officer
– Name : KIM DONG HYON / MOCA System Inc.
– Position : Representative Director
– Contact : +82-31-710-4917 / support@mocainc.com
2) Department in Charge of PersonalInformation Protection
– Department : MOCA System
– Contact for Inquiries: support@mocainc.com
If you have any questions about personalinformation protection, complaints, damage relief, etc., while using theCompany’s services (or business), please contact the CPO and the departments incharge. As the information subject, your questions will be answered and handledby the Company at any time, without delay. If you need to report or consult on any otherinfringement of your personal information, please contact the authorities usingthe details below.
– Personal Information Infringement Report Center (privacy.kisa.or.kr / (without an area code) 118)
– Cybercrime Investigation Division of Supreme Prosecutors’ Office Republic of Korea (www.spo.go.kr / (without an area code) 1301)
– Korean National Police Agency Cyber Bureau (www.police.go.kr / (without an area code) 182)
-Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
Article 12. Duty of Modification and Disclosure of the Privacy Policy
If there are any additions, deletions, or modifications to the Privacy Policy, you will be notified of this by a notice on the website at least 7 days prior to the revision in question.
You will be notified at least 30 days in advance of any significant changes to user rights, such as the collection and use of personal information, provision to a third party, etc.
1) Notification Date: April 26, 2022
2) Enforcement Date: May 03, 2022