Privacy Policy

MOCA System Inc. (hereinafter referred to as "the Company") is making the utmost effort to comply with the Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc., the Personal Information Protection Act, and GDPR, and intends to establish and publish the following Privacy Policy in order to protect users' personal information and handle their grievances quickly and smoothly.

Article 1. Items of Personal Information to be Collected and Methods of Collection

Article 2. Purpose of Collection and Use of Personal Information

Article 3. Period of Retention and Use of Personal Information

Article 4. Provision of Personal Information to Third Parties

Article 5. Outsourcing Personal Information Processing and Cross-Border Transfer

Article 6. Rights and Obligations of Information Subjects, and How They Are Exercised

Article 7. Installation, Operation and Rejection of the Automated Personal Information Collection System

Article 8. Procedures and Methods of Destruction of Personal Information

Article 9. Measures to Ensure the Safety of Personal Information

Article 10. Chief Privacy Officer and Contact Information

Article 11. Duty of Modification and Disclosure of the Privacy Policy

Article 1. Items of Personal Information to be Collected

1) Items to be collected

The Company shall collect the following personal information.

<Information to be Collected on the Website>

Classification Items to be collected
Making Inquiries Required Item: Email
Optional Items: Corporate name, name, phone number and country
Membership Registration Required Items: Email, nickname and password

<Information to be Collected on the App>

Classification Items to be collected
Error Analysis Optional Items: OS version, device name
(Collected when users send a separate bug report.)

<Information to be Used on the App>

Information to be used on the app shall be neither collected nor used by the Company. It shall be used only within the app and deleted when the app is deleted.

Classification Items to be collected
Card Information Required Items: Name, and mobile card information
Optional Items: Information registered by users
(department and corporate name)
Device Information Optional Items: Device ID and model

2) Methods of Collection

The Company shall collect personal information in the following ways.

- Users entering information via the website

- Transmissions when an error occurs while the app is in use or when any bug is reported

- Users registering information on the app (only within the app)

Article 2. Purpose of Collection and Use of Personal Information

The Company shall collect and use personal information for the following purposes. The collected personal information shall not be used for any purposes other than the following, and if the purposes of use are changed, the Company shall take legally necessary measures such as asking for prior consent.

Classification Purpose
Making Inquiries Handling inquiries, delivering information and guidance
Membership Registration Managing member information and providing services
Error Analysis Handling app errors and improving service

<Information to be Used on the App>

Classification Purpose
Card Information Providing app services and card verification
Device Information Providing device verification services

Article 3. Period of Retention and Use of Personal Information

Unless it is required by applicable laws and regulations to retain personal information, in principle, the Company shall destroy personal information without delay after the purpose of collecting and using said personal information has been achieved.

If informed consent is obtained directly from the user when collecting personal information, it shall be retained for the agreed period.

If you wish to withdraw consent, you can unregister from the website or send a request to the department in charge of personal information protection ( Your request will be handled immediately after your identity is confirmed.

Classification Period for Retention of Personal Information
Making Inquiries Deletion after storing for 6 months
Membership Registration Deletion if it is not used for 2 years
Immediate deletion in the case of withdrawal
*Transitions to an inactive account if not used for 1 year
Error Analysis Immediate deletion after analysis
Card Information Immediate deletion if the app is deleted
(Any of this information stored only within the app shall be deleted)
Device Information Immediate deletion if the app is deleted
(Any of this information stored only within the app shall be deleted)

However, if it is necessary to retain the member's information under the applicable laws and regulations, the Company shall keep it for a certain period of time as stipulated by the relevant laws and regulations, as follows:

Period for Retention of Personal Information Applicable laws
1) User Internet logs, etc., access tracking record/any other
data to prove communication facts : 3 months/12 months
Protection of Communications Secrets Act
2) Records related to signs/advertisement: 6 months Act on Consumer Protection in Electronic Commerce,
3) Records related to agreement or withdrawal, etc.: 5 years
4) Records related to payment and supply of goods, etc.: 5 years
5) Records related to responding to customer inquiries/claims
or handling disputes : Deletion after archiving

Article 4. Provision of Personal Information to Third Parties

The Company shall not use users' personal information or provide it to a third party under any circumstances, except in cases where the user has consented to such a provision or where it is required by applicable laws and regulations.

Article 5. Outsourcing Personal Information Processing and Cross-Border Transfer

The Company shall use the following cloud service in order to smoothly provide information, stable service and the latest technologies, etc. The technical and administrative protection measures of the cloud service shall comply with the entrustee's policy. The entrustee shall only perform physical management and shall not access users' data.

Entrustee Contact Purpose of transfer
Countries to which
the information
is transferred
Date and methods of transfer Items to be transferred
Retention period and use of
personal information
Amazon Web Services Inc. aws-korea-privacy
Provision of services and
storage of personal information
Seoul Transmitting through networks when users enter
personal information on the website,
Transmitting through networks after users provide
personal information off-line
Making Inquiries

Membership Registration

Error Analysis
Deletion after storing for 6 months

Deletion if it is not used for 2 years
Immediate deletion in the case of withdrawal

Immediate deletion after analysis

The Company shall manage and supervise theentrustee to ensure that it does not process personal information other thanfor the intended purposes, that it complies with technical and administrativeprotection measures, and that it does not violate other laws and regulationsrelated to personal information.
If the details of the entrusted work or the entrustee are changed, users willbe notified via the Privacy Policy without delay.

Article 6. Rights and Obligations ofInformation Subjects, and How They Are Exercised

1) A user may exercise the following rightsrelated to the protection of personal information specified against the Companyat any time.

  • Request for access to personal information
  • Request for correction in case of errors, etc.
  • Request for deletion
  • Request to stop processing
  • Right to object

2) The exercise of the rights under Paragraph1 against the Company may be done in writing, by phone, email, fax, etc., andthe Company will take proper actions without further delay once your identityhas been confirmed.

3) In principle, the Company shall notcollect personal information about subjects under the age of 16.

Article 7. Installation, Operation andRejection of the Automated Personal Information Collection System

The Companyshall use session and local storage technologies, which are technologiessimilar to cookies. The storage technology is a small text file stored on auser's PC when they log in. This text file stores any information that thewebsite can read for when the website is re-visited.

The Companyshall use the session and local storage technology as follows:

• To maintainthe users' session when they use the services

• To provide improved usability when usersuse the services

Anyinformation stored in session and local storage is as follows:

• Any tokeninformation to maintain the session

• Servicelanguage chose by users

• User ID for simple log-in, if chosen by theuser

By continuingto use the services, users consent to use by the Company of technologiessimilar to cookies in accordance with the Privacy Policy

1. The Companyshall use cookies when the website is accessed in order to provide a moreadequate and useful service to users.

2. A cookierefers to a text file automatically transmitted to a user's computer when theCompany's website is accessed.

① Any membermay choose whether to use cookies.

② Methods toreject cookies

※ Examples ofcookie settings

1. InternetExplorer: At the top of the web browser, Tools → Internet options → Privacy →Advanced

2. Chrome: On the right of the web browser,Settings menu → Advanced (at the bottom of the screen) → Content Settings ofPersonal Information → Cookies

In mostInternet browsers, users may choose whether to accept cookies. However, ifusers choose not to use cookies or to restrict functions of cookies, they willnot be able to use convenient functions of the website, which may restricttheir entire user experience.

Guidance onGoogle Analytics

1. The Companyaims to analyze and evaluate how customers use its service, identify customerneeds, improve and customize its service and goods, and provide an effectiveservice by using a web analytics service, Google Analytics (hereinafterreferred to as "Google") provided by Google, Inc. for the purpose ofproviding a better service to its customers.

2. GoogleAnalytics analyzes how users use the website using a text file (cookie) storedon the user's computer.

3. Anyinformation collected through the cookie shall be transmitted to and stored inthe Google server located in the United States.

4. Google mayprovide this information to any third party as required by law, or to any thirdparty which handles the information on behalf of Google.

5. Googleshall not associate customer IP addresses with any data retained by Google.

6. Unless theuser rejects usage of cookies, they consent to usage of all information createdthrough the Google cookie or Google Analytics by using the Company's service.

7. You maycheck the details of Google’s personal information protection here.

8. If you wishto check methods to reject the usage of Google Analytics, you may restrict orreject storage of all information through the Google website. However, ifyou reject storage of the cookie, it may restrict parts of the servicerequiring log-in. In such cases, users should be mindful that they bear thesole responsibility for this.

Article 8. Procedures and Methods ofDestruction of Personal Information

In principle, once the Company has achievedthe intended purpose of processing personal information, it shall delete saidpersonal information without delay. This deletion shall be subject to thefollowing procedures, schedule and methods:

1) Procedures for Deletion

Information entered by a user shall betransferred to a separate database (or a separate document if provided in hardcopy) once the intended purpose has been achieved, and stored for a certainperiod in accordance with internal policies and other related laws. Otherwise,it will be immediately deleted. At this time, the personal informationtransferred to the database shall not be used for any other purpose, except asrequired by law.

2) Methods for Deletion

Any information in the form of electronicfiles shall be deleted through a technical method that makes the recordsunrecoverable. Personal information printed in hard copy shall be shredded orincinerated.

Article 9. Measures to Ensure the Safety ofPersonal Information

The Company shall take all technical,administrative and physical measures necessary to ensure safety, as follows:

1) Administrative Measures

Establishment of, compliance with, inspectionof, and education regarding information-security-related regulations andguidelines, and internal management plans, etc.

2) Technical Measures

Access authority management/verification ofpersonal information processing system, etc., installation/operation of anaccess control system and security program, encryption of personal information,encryption transmission, etc.

3) Physical Measures

Establishment/operation of regulations oncomputer room access control, etc.

Article 10. Chief Privacy Officer and ContactInformation

In order to protect user personal informationand deal with related complaints, the personal information manager and relateddepartments shall be designated by the Company as follows, and the ChiefPrivacy Officer shall serve as the Data Protection Officer (DPO).

1) Chief Privacy Officer

  • Name : KIM DONG HYON / MOCA System Inc.
  • Position : Representative Director
  • Contact : +82-31-710-4917 /

2) Department in Charge of PersonalInformation Protection

  • Department : MOCA System
  • Contact for Inquiries:
  • : If you have any questions about personalinformation protection, complaints, damage relief, etc., while using theCompany's services (or business), please contact the CPO and the departments incharge. As the information subject, your questions will be answered and handledby the Company at any time, without delay. If you need to report or consult on any otherinfringement of your personal information, please contact the authorities usingthe details below.
  • Personal Information Infringement Report Center ( / (without an     area code) 118)
  • Cybercrime Investigation Division of Supreme Prosecutors' Office Republic of Korea ( / (without an area code) 1301)
  • Korean National Police Agency Cyber Bureau ( / (without an area code) 182)
  • Personal Information Dispute Mediation Committee ( / 1833-6972)

Article 11. Duty of Modification andDisclosure of the Privacy Policy

If there are any additions, deletions, ormodifications to the Privacy Policy, you will be notified of this by a noticeon the website at least 7 days prior to the revision in question.
You will be notified at least 30 days in advance of any significant changes touser rights, such as collection and use of personal information, provision to athird party, etc.

1) Notification Date: 04/26/2022

2) Enforcement Date: 05/03/2022

Link to the former Privacy Policy

Previous Date of the Privacy Policy (06/01/2019)

Previous Date of the Privacy Policy (03/04/2021)