LEGAL & COMPLIANCE

Privacy Policy

Updated: January 22, 2024

MOCA System Inc. (hereinafter referred to as “the Company”) is making the utmost effort to comply with the Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc., the Personal Information Protection Act, and GDPR, and intends to establish and publish the following Privacy Policy in order to protect users’ personal information and handle their grievances quickly and smoothly.

Article 1. Items of Personal Information to be Collected

1) The Company collects only the personal information that is necessary to provide the service. If personal information is required, necessary measures will be taken under the law, such as seeking separate prior consent in accordance with Article 18 of the Personal Information Protection Act.

2) The Company collects and processes the minimum amount of personal information necessary to provide its services.

Division

Items to be collected

Administrator (member) management

Sign up (site administrator)

[Airfob portal]

Required: Email address, nickname, password

[Airfob partners]

Required: Email, Password

[Airfob pro]

Email address, nickname, new password

User (employee) management

Site registration (admin page)

[Airfob portal]

Required: ID

Optional: name, title, department, user photo

[Airfob pro]

Required: ID, username, email address

Selection: Job title, department, mobile phone number, user photo

Smartphone app registration

Required: Name, Email

Selection: ID, title, department, whether to use a public account

Customer consultation

Contact Us (Online)

Required: Name, email, address, company name, inquiry details

Optional: phone number, question type, how you learned about it

Article 2. Collection Methods of Personal Information

The Company collects personal information in the following ways:

  • For portals and homepages, personal information is collected through user input.
  • For the APP, card information issued by the portal is stored on the user’s device, and attendance records are delivered and stored on the homepage through the device.

Article 3. Purpose of Use of Personal Information

The Company collects and uses personal information for the following purposes. The collected personal information will not be used for any other purposes besides the following. If the purpose of use changes, the company will take necessary measures under the law, such as to obtain prior consent.

Division

Purpose of use

Related references

Administrator (member) management

Administrator (member) inquiry and change

Mobile credential issuance and installation,

Site and user management

Information subject consent/

Article 15 of the Personal Information Protection Act

User (employee) management

View and change users (employees)

Management of affiliated employees (cards)

Information subject consent/

Article 15 of the Personal Information Protection Act

Customer consultation

Contact Us (Online)

Online inquiry processing

Information subject consent/

Article 15 of the Personal Information Protection Act

Purpose of processing personal location information

  • The company may collect and use personal location information with the separate consent of users, within the scope of the purpose specified in the terms and conditions for location-based services.

Article 4. Retention and Use Period of Personal Information

1) The Company will promptly discard the User’s personal information once it achieves the purpose for which the information was collected and used, unless the relevant laws require it to retain the information. But, If the User consents at the time of collecting the personal information, the Company retains the information for the agreed period.

2) In accordance with the Personal Information Protection Act and the Enforcement Decree of the same Act, in the event that the User does not use the services for a consecutive year, the Company may terminate the contract with the User and take necessary measures including the discarding of the User’s personal information. In such cases, the Company will notify the User of its intention to take the necessary measures, along with the end date of the retention period and the items of personal information retained, by 30 days before the date when the Company takes the measures

3) The retention period for personal information processed by the company is as follows.

Division

Item to be collected

Retention period

Administrator (member) management

Administrator (member) withdrawal

[Airfob portal]

Required: Email address, nickname, password

[Airfob partners]

Required: Email, Password

[Airfob pro]

Email address, nickname, new password

Until membership (service) withdrawal

User (employee) management

Delete user (employee)

[Airfob portal]

Required: ID

Optional: name, title, department, user photo

[Airfob pro]

Required: ID, username, email address

Selection: Job title, department, mobile phone number, user photo

The site administrator allows users (employees) to

As soon as you delete it

Customer consultation

Contact Us (Online)

Required: Name, email, address, company name, inquiry details

Optional: phone number, question type, how you learned about it

3 years (records of consumer complaints or dispute resolution)

4) The company will retain personal information for a certain period of time for transaction-related management, duty relationship checks, and other reasons, even if it goes against the principle of immediate destruction for privacy protection. The company will comply with relevant legal regulations and internal policies in such cases. The retention periods for different types of personal information are as follows:

  • Personal information related to service use: 3 months, in accordance with the Information Subject Consent and Protection of Communications Secrets Act.
  • Records of indications and advertisements: 6 months, in accordance with the Consumer Protection Act for e-commerce, etc.
  • Records of contract or withdrawal: 5 years, in accordance with the Consumer Protection Act for e-commerce, etc.
  • Records of payment and supply of goods, etc.: 5 years, in accordance with the Consumer Protection Act for e-commerce, etc.
  • Records of consumer complaints or dispute handling: 3 years, in accordance with the Consumer Protection Act for e-commerce, etc

‍* Personal location information retention period

Location information collected by the Company for the purpose of providing location-based services will be retained for a minim period until customers (members) and APP users withdraw their membership or consent to the collection and use of their personal location information.

Retention basis and retention period of personal location information collection, use, and provision confirmation data

The Company automatically records and preserves the data on the use of personal location information and the confirmation of the provider’s office in accordance with Article 16, Paragraph 2 of the Act on the Protection and Use of Location Information, and retains the data for at least 6 months.

Article 5. Provision of Personal Information to Third Parties

1) The Company shall not use users’ personal information or provide it to a third party under any circumstances, except in cases where the user has consented to such a provision or where it is required by applicable laws and regulations.

2) However, the following cases may allow for the provision of personal information without the consent of the individual concerned:

  • When it is necessary to settle charges according to service provision.
  • In cases where personal information is necessary for statistical or academic research, or market research, and is processed in a manner that cannot identify a specific individual and is provided to research groups, surveys, research institutions, etc.
  • Cases where the provision of personal information is required by law, such as the Personal Information Protection Act, the Act on Promotion of Information and Communication Network Utilization and Information Protection, the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Real Name Financial Transactions and Confidentiality, the Act on Use and Protection of Credit Information, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Criminal Procedure Act, and others.

Provision of Personal Location Information to Third Parties and Notice Requirements

  • When the company provides personal location information to a third party designated by the user, the company shall immediately notify the user of the recipient, the date and time of provision, and the purpose of providing such information, using the communication terminal device that collected the personal location information. However, if the communication terminal device that collected the personal location information does not have a function to receive text, voice, or video, the company shall notify the user using the communication terminal device specified and designated in advance by the user, email address, or online posting.

Article 6. Consignment of Personal Information Processing and Overseas Transfer

1) The Company shall use the following cloud service in order to smoothly provide information, stable service, and the latest technologies, etc. The technical and administrative protection measures of the cloud service shall comply with the entrustee’s policy. The entrustee shall only perform physical management and shall not access users’ data.

<Consignment of personal information processing>

Consignee (consignee)

Consignment work

Retention and use period

Amazon Web Services Inc.

Provide cloud service

(Data domestic storage)

Opt-out of service; or

Until information deletion is requested

<Overseas transfer (storage)>

Items of personal information to be transferred

Country to be transferred to

Prior Period and Method

Transferee

Corporate Name

Contact

Privacy purpose of use

Retention and Use period

Retention and Use period

Germany (Frankfurt)

The user enters personal information on the website.

Transmission through the network after the user provides personal information offline

Amazon Web Services Inc.

AWS - Korea -privacy

@amazon.com

Cloud service (data storage outside the country)

-Delete after 6 months of storage

-Destroy if unused for 2 years/ Immediate destruction upon withdrawal- Destroy immediately after analysis

※ “You have the right to refuse the transfer of your personal information by contacting the person in charge of personal information protection or the relevant department. However, if you refuse to transfer your personal information, you may be restricted from using MOCA System’s service.

2) The Company shall manage and supervise the entrustee to ensure that it does not process personal information other than for the intended purposes, that it complies with technical and administrative protection measures, and that it does not violate other laws and regulations related to personal information.

3) If the details of the entrusted work or the entrustee are changed, users will be notified via the Privacy Policy without delay.

Article 7. Rights and Obligations of Data Subjects and Exercise Method

1) An information subject may exercise its rights against the Company at any time, including the right to demand the Company to provide access to, delete, or discontinue the processing of, his/her personal information.

2) An information subject may exercise his/her rights against the Company in writing via email or fax. The Company will process the demand without delay.

3) An information subject may also exercise his/her rights through his/her statutory representative, or a representative authorized by the subject. In such cases, the representative should provide a power of attorney prepared.

4) If the information subject is under 14, such demand should be made by his/her statutory representative. If the information subject is 14 or older but still a minor, the information subject may exercise his/her rights on his/her own or through his/her statutory representative.

5) An information subject’s right to demand access to or discontinuation of the processing of his/her personal information may be restricted under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.

6) An information subject may not demand the Company to correct or delete his/her personal information of which collection is required by other laws.

7) Upon receiving a demand for access to, deletion of, or discontinuation of processing of, personal information, the Company will verify whether the demand was made by the information subject or a due representative.

8) How to view and change member information, unsubscribe, and withdraw consent is as follows.

Divison

Methods

Airfob Portal

View and Change

Home - > Login -> My Info menu -> Password, Timeout can be set

Withdrawal and withdrawal of consent

Home -> Log in -> My Information Menu -> Membership can be withdrawn

Airfob Partner

View and change

Home - > Login -> My Info menu -> Password, Timeout can be set

Withdrawal and withdrawal of consent

Home -> Log in -> My Information Menu -> Membership can be withdrawn

Airfob Developer

View and Change

Home - > Login -> My Info menu -> Password, Timeout can be set

Withdrawal and withdrawal of consent

Home -> Log in -> My Information Menu -> Membership can be withdrawn

Airfob Space

Inquiry and change; Withdrawal and withdrawal of consent

Home -> Select Access Card -> Contact Admin -> View and change, Application for withdrawal and withdrawal of consent

Airfob Pro 

View and change

Airfob Partner 2.0 WEB Home - > Login -> My Information menu -> Password, Timeout can be set

Withdrawal and withdrawal of consent

Airfob Partner 2.0 WEB Home -> Login -> My Information Menu -> Membership can be withdrawn

* Rights and obligations of children under the age of 8 and how to exercise them

※ The Company shall be deemed to have the consent of a person (hereinafter referred to as the “protection obligee”) falling under Article 26-2 of the Act on the Protection and Use of Location Information of Persons (hereinafter referred to as “children under 8 years of age, etc.”) in the following cases, if the person (hereinafter referred to as the “protection obligee”) consents to the use or provision of personal location information for the protection of the life or body of a child under 8 years of age, etc.

Article 8. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

1) The Company shall use session and local storage technologies, which are technologies similar to cookies. The storage technology is a small text file stored on a user’s PC when they log in. This text file stores any information that the website can read for when the website is re-visited.

2) The Company shall use the session and local storage technology as follows.

  • To maintain the users’ session when they use the services.
  • To provide improved usability when users use the services.

3) Any information stored in session and local storage is as follows.

  • Any token information to maintain the session
  • Service language chosen by users
  • User ID for simple log-in, if chosen by the user

4) By continuing to use the services, users consent to use by the Company of technologies similar to cookies in accordance with the Privacy Policy.

  • The Company shall use cookies when the website is accessed in order to provide a more adequate and useful service to users.
  • A cookie is a text file that is automatically sent to a Member’s computer when they access the Company’s Site, and the Member can choose to accept or decline cookies.

[How to Change Cookie Settings]

1) Internet Explorer 11 for Windows 10: Confirm and delete the region of use

  • Run Internet Explorer, click the Tools button, and select Internet Options.
  • Go to the Personal Information tab, select Advanced in Settings, and block or allow cookies

2) Microsoft Edge

  • Run Edge, click ‘…’ on the top right corner, and click Settings.
  • Click ‘Personal Information, Search, and Services’ on the left side of the Settings page, and go to the ‘Tracking Prevention’ section to choose whether to use tracking prevention and set the prevention level.
  • Choose whether to ‘Always Use “Strict” Tracking prevention when browsing In Private.’
  • Go to the Personal Information section below to choose whether to ‘Send a ‘Do Not Track Request.’

3) Chrome

  • Run Chrome, click the ‘⋮’ mark on the top right corner (Chrome Customization and Control) and set the Settings icon.
  • Click ‘Show Advanced Settings’ at the bottom of the Settings page, go to the Personal Information section, and click Content Settings.
  • In the Cookie section, check the box for ‘Block Other Companies’ Cookies and Website Data.’

4) Safari

  • Run the Safari app for Mac, go to Settings, and click Personal Information Protection.
  • Click Website Data Management
  • Choose one or more websites and click Remove or Remove All.

5) Most Internet browsers allow users to choose whether to allow cookies. However, if you disable cookies or set them to restrict their functionality, you may be restricted from using the convenient features of the website.

[Guidance on Google Analytics]

1) The Company aims to analyze and evaluate how customers use its service, identify customer needs, improve, and customize its service and goods, and provide an effective service by using a web analytics service, Google Analytics (hereinafter referred to as “Google”) provided by Google, Inc. for the purpose of providing a better service to its customers.

2) Google Analytics analyzes how users use the website using a text file (cookie) stored on the user’s computer.

3) Any information collected through the cookie shall be transmitted to and stored in the Google server located in the United States.

4) Google may provide this information to any third party as required by law, or to any third party which handles the information on behalf of Google.

5) Google shall not associate customer IP addresses with any data retained by Google.

6) Unless the user rejects the usage of cookies, they consent to the usage of all information created through Google cookie or Google Analytics by using the Company’s service.

7) You may check the details of Google’s personal information protection here.

8) If you wish to check methods to reject the usage of Google Analytics, you may restrict or reject the storage of all information through the Google website. However, if you reject the storage of the cookie, it may restrict parts of the service requiring log-in. In such cases, users should be mindful that they bear the sole responsibility for this.‍

Article 9. Procedures and Methods of Destruction of Personal Information

In principle, once the Company has achieved the intended purpose of processing personal information, it shall delete said personal information without delay. This deletion shall be subject to the following procedures, schedule and methods:

1) Procedures for Deletion

Information entered by a user shall be transferred to a separate database (or a separate document if provided in hardcopy) once the intended purpose has been achieved, and stored for a certain period in accordance with internal policies and other related laws. Otherwise, it will be immediately deleted. At this time, the personal information transferred to the database shall not be used for any other purpose, except as required by law.

2) Methods for Deletion

Any information in the form of electronic files shall be deleted through a technical method that makes the records unrecoverable. Personal information printed in hard copy shall be shredded or incinerated.

* Procedure and Methods of Destroying Personal Location Information

‍ ※ If a user requests to delete his/her personal (location) information or withdraw from membership, the Company will take action without delay, and the deleted information will be completely deleted from the disk by a method that cannot recover or reproduce the record, and it will not be possible to view or use it in the future.

Article 10. Measures to Ensure the Safety of Personal Information

The Company shall take all technical, administrative, and physical measures necessary to ensure safety, as follows:

1) Administrative Measures

Establishment of, compliance with, inspection of, and education regarding information-security-related regulations and guidelines, and internal management plans, etc.

2) Technical Measures

Access authority management/verification of personal information processing system, etc., installation/operation of an access control system and security program, encryption of personal information, encryption transmission, etc.

3) Physical Measures

Establishment/operation of regulations on computer room access control, etc.

Article 11. Collection, Use, and Refusal of Behavioral Information

1) The Company collects and uses behavioral information to provide the information subject with optimized and customized services and benefits, personalized online advertisements, etc.

2) The Company allows providers of online personalized advertisement to collect and process behavioral information as follows.

Behavioral information collected and processed by: MOCA System
Method of collecting behavioral information: automatically collected and transmitted when the User visits the Company’s website or runs the application
Items of behavioral information to collect and process: the User’s visit history to the website or application, search history, and purchase history
Period of retention and use: 1 year

3) The Company collects the minimum behavioral information required for personalized online advertisement, etc., and does not collect sensitive behavioral information that may clearly infringe on the User’s personal rights, interests, or life, including the information on the User’s thoughts, beliefs, family, relatives, academic history, medical history, and other social activities.

4) The Company does not collect behavioral information for personalized advertisement from children that the Company knows to be under 14 or online services of which the main user pool consists of children under 14. The Company does not provide personalized advertisements to children that the Company knows to be under 14.

5) The Company collects and uses advertisement identifiers for personalized online advertisement on the mobile application. The information subject may block or allow personalized advertisements on the application by changing the settings of his/her mobile device.

‣ How to Block/Allow Advertisement Identifiers on a Smart Phone
1) (Android) ① Settings → ② Personal Information Protection → ③ Advertisements → ④ Reset or Delete Advertisement ID
2) (iPhone) ① Settings → ② Personal Information Protection → ③ Tracking → ④ Toggle ‘Allow App to Request Tracking’ off

※The menu items and methods may vary depending on the mobile OS version.

6) The information subject may block or allow all personalized online advertisements by changing the cookie settings and other options on the web browser. However, changing cookie settings may affect the use of some services including auto-login.

‣ How to Block/Allow Personalized Advertisements through Web Browser (omitted)

7) The information subject may ask questions about behavioral information, exercise his/her right to refusal, or file a damage report by contacting us using the following information.

‣ Privacy Department
Department name: Strategic Marketing Office
Contact point: Head of Strategic Marketing Office
Contact information: support@mocainc.com

Article 12. Personal Information Protection Manager and Contact Information

1) In order to protect user personal information and deal with related complaints, the personal information manager and related departments shall be designated by the Company as follows, the Chief Privacy Officer serves as both the DPO (Data Protection Officer) and Location Information Management officer.

Division

Chief Privacy Officer

Department in Charge of Personal Information Protection

Name

KIM DONG HYON

Core development team

Contact

031-710-4958 / support@mocainc.com

support@mocainc.com

Address

17F, 248, Jeongjail-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea

2) If you have any questions about personal information protection, complaints, damage relief, etc., while using the Company’s services (or business), please contact the CPO and the departments in charge. As the information subject, your questions will be answered and handled by the Company at any time, without delay.

3) If you need to report or consult on any other infringement of your personal information, please contact the authorities using the details below.

Personal Information Infringement Report Center

Personal Information Dispute Mediation Committee

Korean National Police Agency Cyber Bureau

Cybercrime Investigation Division of Supreme Prosecutors' Office Republic of Korea

(without an area code)118

privacy.kisa.or.kr

1833-6972

www.kopico.go.kr

(without an area code)182

ecrm.police.go.kr

(without an area code)1301

www.spo.go.kr

Article 13. Privacy Policy of Other Sites

This website may contain links to other websites. This privacy policy applies only to Airfob services. If you click on a link to another website, you should read that website’s privacy policy‍.

Article 14. Privacy Policy Changes and Notice Obligations

If there are any additions, deletions, or modifications to the Privacy Policy, you will be notified of this by a notice on the website at least 7 days prior to the revision in question.

You will be notified at least 30 days in advance of any significant changes to user rights, such as the collection and use of personal information, provision to a third party, etc.

1) Notification Date: January 15, 2024
2) Enforcement Date: January 22, 2024

Previous Version