LEGAL & COMPLIANCE

Privacy Policy

Updated: January 20, 2023

MOCA System Inc. (hereinafter referred to as “the Company”) is making the utmost effort to comply with the Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc., the Personal Information Protection Act, and GDPR, and intends to establish and publish the following Privacy Policy in order to protect users’ personal information and handle their grievances quickly and smoothly.

Article 1. Items of Personal Information to be Collected

Article 2. Purpose of Collection and Use of Personal Information

Article 3. Retention and Use Period of Personal Information

Article 4. Provision of Personal Information to Third Parties

Article 5. Outsourcing Personal Information Processing and Cross-Border Transfer

Article 6. Rights and Obligations of Information Subjects

Article 7. Installation, Operation and Rejection of the Automated Personal Information Collection System

Article 8. Procedures and Methods of Destruction of Personal Information

Article 9. Measures to Ensure the Safety of Personal Information

Article 10. Collection, Use, and Refusal of Behavioral Information

Article 11. Duty of Modification and Disclosure of the Privacy Policy

Article 1. Items of Personal Information to be Collected

1) Items to be collected
The Company shall collect the following personal information.

Information to be Collected on the Website

Classification

Items to be collected

Making Inquiries

Required Items: Name, Email, Company Name, I need help with, Country, Message
Optional Items: Phone number, How did you learn about us?

Information to be Collected on the Airfob Pro & Airfob Portal

Classification

Items to be collected

Membership Registration

Required Items: Email, nickname, and password

 
Information to be Collected on the Airfob Space App

Classification

Items to be collected

Error Analysis

Optional Items: OS version, device name
(Collected when users send a separate bug report.)

Information to be Used on the Airfob Space App

Information to be used on the app shall be neither collected nor used by the Company. It shall be used only within the app and deleted when the app is deleted.

Classification

Items to be collected

Card Information

Required Items: Name, and mobile card information
Optional Items: Information registered by users
(department and corporate name)

Device Information

Optional Items: Device ID and model

2) Methods of Collection
The Company shall collect personal information in the following ways.

  • Users entering information via the website
  • Transmissions when an error occurs while the app is in use or when any bug is reported
  • Users registering information on the app (only within the app)

Article 2. Purpose of Collection and Use of Personal Information

The Company shall collect and use personal information for the following purposes. The collected personal information shall not be used for any purposes other than the following, and if the purposes of use are changed, the Company shall take legally necessary measures such as asking for prior consent.

Classification

Purpose

Making Inquiries

Handling inquiries, delivering information and guidance

Membership Registration

Managing member information and providing services

Error Analysis

Handling app errors and improving service

Information to be Used on the App

Classification

Purpose

Card Information

Providing app services and card verification

Device Information

Providing device verification services

Article 3. Period of Retention and Use of Personal Information

The Company will promptly discard the User’s personal information once it achieves the purpose for which the information was collected and used, unless the relevant laws require it to retain the information.

If the User consents at the time of collecting the personal information, the Company retains the information for the agreed period.

In accordance with the Personal Information Protection Act and the Enforcement Decree of the same Act, in the event that the User does not use the services for a consecutive year, the Company may terminate the contract with the User and take necessary measures including the discarding of the User’s personal information. In such cases, the Company will notify the User of its intention to take the necessary measures, along with the end date of the retention period and the items of personal information retained, by 30 days before the date when the Company takes the measures.

If you wish to withdraw your consent, you can do so at the Company website or by contacting the Company’s privacy department (privacy@mocainc.com), in which case the Company will promptly process your request after verifying your identity.

However, if required under Article 30 (1) 3-2 of the Personal Information Protection Act, the Company will retain the following information for the periods prescribed in the relevant laws.

Items to retain

Legal basis

Retention period

Users’ log records
Users’ access point tracking data

Article 41, Enforcement Decree of the Protection of Communications Secrets Act

3 months

Other communication confirmation data

12 months


Records related to displays and advertisements

Article 6, Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce

6 months

Records related to contracts or withdrawal from contracts

5 years


Records related to payment, provision of goods, etc.

Records related to consumer complaints or dispute resolution

3 years

Article 4. Provision of Personal Information to Third Parties

The Company shall not use users’ personal information or provide it to a third party under any circumstances, except in cases where the user has consented to such a provision or where it is required by applicable laws and regulations.

Article 5. Outsourcing Personal Information Processing and Cross-Border Transfer

The Company shall use the following cloud service in order to smoothly provide information, stable service and the latest technologies, etc. The technical and administrative protection measures of the cloud service shall comply with the entrustee’s policy. The entrustee shall only perform physical management and shall not access users’ data.

Airfob Portal

Entrustee

Contact

Purpose of transfer
(entrusting)

Countries to which
the information
is transferred

Date and methods of transfer

Items to be transferred
(entrusted)

Retention period and use of
personal information

Amazon Web Services Inc.

aws-korea-privacy
@amazon.com

Provision of services and
storage of personal information

Republic of Korea

Transmitting through networks when users enter
personal information on the website,
Transmitting through networks after users provide
personal information off-line

Making Inquiries

Membership Registration

Error Analysis

Deletion after storing for 6 months

Deletion if it is not used for 2 years
Immediate deletion in the case of withdrawal

Immediate deletion after analysis

Airfob Pro

The Company shall manage and supervise the entrustee to ensure that it does not process personal information other than for the intended purposes, that it complies with technical and administrative protection measures, and that it does not violate other laws and regulations related to personal information.

If the details of the entrusted work or the entrustee are changed, users will be notified via the Privacy Policy without delay.

Entrustee

Contact

Purpose of transfer
(entrusting)

Countries to which
the information
is transferred

Date and methods of transfer

Items to be transferred
(entrusted)

Retention period and use of
personal information

Amazon Web Services Inc.

aws-korea-privacy
@amazon.com

Provision of services and
storage of personal information

Republic of Korea

Transmitting through networks when users enter
personal information on the website,
Transmitting through networks after users provide
personal information off-line

Making Inquiries

Membership Registration

Error Analysis

Deletion after storing for 6 months

Deletion if it is not used for 2 years
Immediate deletion in the case of withdrawal

Immediate deletion after analysis

Amazon Web Services Inc.

aws-korea-privacy
@amazon.com

Provision of services and
storage of personal information

European Access: Paris / Other Access: Seoul

Transmitting through networks when users enter
personal information on the website,
Transmitting through networks after users provide
personal information off-line

Making Inquiries

Membership Registration

Error Analysis

Deletion after storing for 6 months

Deletion if it is not used for 2 years
Immediate deletion in the case of withdrawal

Immediate deletion after analysis

Article 6. Rights and Obligations of Information Subjects

  1. An information subject may exercise its rights against the Company at any time, including the right to demand the Company to provide access to, delete, or discontinue the processing of, his/her personal information.

※ If the information subject is under 14, such demand should be made by his/her statutory representative. If the information subject is 14 or older but still a minor, the information subject may exercise his/her rights on his/her own or through his/her statutory representative.

  1. Pursuant to Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, an information subject may exercise his/her rights against the Company in writing via email or fax. The Company will process the demand without delay.
  2. An information subject may also exercise his/her rights through his/her statutory representative, or a representative authorized by the subject. In such cases, the representative should provide a power of attorney prepared using Attached Form No. 11 of the Public Notice on the Processing of Personal Information (No. 2020-7).
  3. An information subject’s right to demand access to or discontinuation of the processing of, his/her personal information may be restricted under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
  4. An information subject may not demand the Company to correct or delete his/her personal information of which collection is required by other laws.
  5. Upon receiving a demand for access to, deletion of, or discontinuation of processing of, personal information, the Company will verify whether the demand was made by the information subject or a due representative.
  6. Membership Termination Menu -> My Information > Terminate Membership
  7. Withdrawal of Consent Menu -> Settings -> Authorization

 

Article 7. Installation, Operation and Rejection of the Automated Personal Information Collection System

The Company shall use session and local storage technologies, which are technologies similar to cookies. The storage technology is a small text file stored on a user’s PC when they log in. This text file stores any information that the website can read for when the website is re-visited.

The Company shall use the session and local storage technology as follows:

  • To maintain the users’ session when they use the services
  • To provide improved usability when users use the services

Any information stored in session and local storage is as follows:

  • Any token information to maintain the session
  • Service language chose by users
  • User ID for simple log-in, if chosen by the user

By continuing to use the services, users consent to use by the Company of technologies similar to cookies in accordance with the Privacy Policy

1. The Company shall use cookies when the website is accessed in order to provide a more adequate and useful service to users.

2. A cookie refers to a text file automatically transmitted to a user’s computer when theCompany’s website is accessed.

① Any member may choose whether to use cookies.

② Methods to reject cookies

 
※ How to Change Cookie Settings
  1. Internet Explorer 11 for Windows 10: Confirm and delete the region of use
    • Run Internet Explorer, click the Tools button, and select Internet Options.
    • Go to the Personal Information tab, select Advanced in Settings, and block or allow cookies
  1. Microsoft Edge
    • Run Edge, click ‘…’ on the top right corner, and click Settings.
    • Click ‘Personal Information, Search, and Services’ on the left side of the Settings page, and go to the ‘Tracking Prevention’ section to choose whether to use tracking prevention and set the prevention level.
    • Choose whether to ‘Always Use “Strict” Tracking prevention when browsing In Private.’
    • Go to the Personal Information section below to choose whether to ‘Send a ‘Do Not Track Request.’
  1. Chrome
    • Run Chrome, click the ‘⋮’ mark on the top right corner (Chrome Customization and Control), and set the Settings icon.
    • Click ‘Show Advanced Settings’ at the bottom of the Settings page, go to the Personal Information section, and click Content Settings.
    • In the Cookie section, check the box for ‘Block Other Companies’ Cookies and Website Data.’
  1. Safari
    • Run the Safari app for Mac, go to Settings, and click Personal Information Protection.
    • Click Website Data Management
    • Choose one or more websites and click Remove or Remove All.
 
[Guidance on Google Analytics]

1. The Company aims to analyze and evaluate how customers use its service, identify customer needs, improve and customize its service and goods, and provide an effective service by using a web analytics service, Google Analytics (hereinafter referred to as “Google”) provided by Google, Inc. for the purpose of providing a better service to its customers.

2. Google Analytics analyzes how users use the website using a text file (cookie) stored on the user’s computer.

3. Any information collected through the cookie shall be transmitted to and stored inthe Google server located in the United States.

4. Google may provide this information to any third party as required by law, or to any third party which handles the information on behalf of Google.

5. Google shall not associate customer IP addresses with any data retained by Google.

6. Unless the user rejects usage of cookies, they consent to usage of all information created through the Google cookie or Google Analytics by using the Company’s service.

7. You may check the details of Google’s personal information protection here.

8. If you wish to check methods to reject the usage of Google Analytics, you may restrict or reject storage of all information through the Google website. However, if you reject storage of the cookie, it may restrict parts of the service requiring log-in. In such cases, users should be mindful that they bear the sole responsibility for this.

Article 8. Procedures and Methods of Destruction of Personal Information

In principle, once the Company has achieved the intended purpose of processing personal information, it shall delete said personal information without delay. This deletion shall be subject to the following procedures, schedule and methods:

1) Procedures for Deletion

Information entered by a user shall be transferred to a separate database (or a separate document if provided in hardcopy) once the intended purpose has been achieved, and stored for a certain period in accordance with internal policies and other related laws. Otherwise, it will be immediately deleted. At this time, the personal information transferred to the database shall not be used for any other purpose, except as required by law.

2) Methods for Deletion

Any information in the form of electronic files shall be deleted through a technical method that makes the records unrecoverable. Personal information printed in hard copy shall be shredded or incinerated.

Article 9. Measures to Ensure the Safety of Personal Information

The Company shall take all technical, administrative and physical measures necessary to ensure safety, as follows:

1) Administrative Measures
Establishment of, compliance with, inspection of, and education regarding information-security-related regulations and guidelines, and internal management plans, etc.

2) Technical Measures
Access authority management/verification of personal information processing system, etc., installation/operation of an access control system and security program, encryption of personal information, encryption transmission, etc.

3) Physical Measures
Establishment/operation of regulations on computer room access control, etc.

Article 10. Collection, Use, and Refusal of Behavioral Information

(1) The Company collects and uses behavioral information to provide the information subject with optimized and customized services and benefits, personalized online advertisements, etc.

(2) The Company collects behavioral information as follows.

(3) The Company allows providers of online personalized advertisement to collect and process behavioral information as follows.

  •   Behavioral information collected and processed by: MOCA System
  •   Method of collecting behavioral information: automatically collected and transmitted when the User visits the Company’s website or runs the application
  •   Items of behavioral information to collect and process: the User’s visit history to the website or application, search history, and purchase history
  •   Period of retention and use: 1 year

(4) The Company collects the minimum behavioral information required for personalized online advertisement, etc., and does not collect sensitive behavioral information that may clearly infringe on the User’s personal rights, interests, or life, including the information on the User’s thoughts, beliefs, family, relatives, academic history, medical history, and other social activities.

(5) The Company does not collect behavioral information for personalized advertisement from children that the Company knows to be under 14 or online services of which the main user pool consists of children under 14. The Company does not provide personalized advertisements to children that the Company knows to be under 14.

(6) The Company collects and uses advertisement identifiers for personalized online advertisement on the mobile application. The information subject may block or allow personalized advertisements on the application by changing the settings of his/her mobile device.

‣ How to Block/Allow Advertisement Identifiers on a Smart Phone
1) (Android) ① Settings → ② Personal Information Protection → ③ Advertisements → ④ Reset or Delete Advertisement ID
2) (iPhone) ① Settings → ② Personal Information Protection → ③ Tracking → ④ Toggle ‘Allow App to Request Tracking’ off

  ※The menu items and methods may vary depending on the mobile OS version.

(7) The information subject may block or allow all personalized online advertisements by changing the cookie settings and other options on the web browser. However, changing cookie settings may affect the use of some services including auto-login.

‣ How to Block/Allow Personalized Advertisements through Web Browser (omitted)

(8) The information subject may ask questions about behavioral information, exercise his/her right to refusal, or file a damage report by contacting us using the following information.

‣ Privacy Department
Department name: Strategic Marketing Office
Contact point: Head of Strategic Marketing Office
Contact information: support@mocainc.com

Article 11. Chief Privacy Officer and ContactInformation

In order to protect user personal informationand deal with related complaints, the personal information manager and relateddepartments shall be designated by the Company as follows, and the ChiefPrivacy Officer shall serve as the Data Protection Officer (DPO).

1) Chief Privacy Officer
– Name : KIM DONG HYON / MOCA System Inc.
– Position : Representative Director
– Contact : +82-31-710-4958 / support@mocainc.com

2) Department in Charge of PersonalInformation Protection
– Department : MOCA System
– Contact for Inquiries: support@mocainc.com

If you have any questions about personalinformation protection, complaints, damage relief, etc., while using theCompany’s services (or business), please contact the CPO and the departments incharge. As the information subject, your questions will be answered and handledby the Company at any time, without delay. If you need to report or consult on any otherinfringement of your personal information, please contact the authorities usingthe details below.

– Personal Information Infringement Report Center (privacy.kisa.or.kr / (without an     area code) 118)
– Cybercrime Investigation Division of Supreme Prosecutors’ Office Republic of Korea (www.spo.go.kr / (without an area code) 1301)
– Korean National Police Agency Cyber Bureau (www.police.go.kr / (without an area code) 182)
-Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)

Article 12. Duty of Modification and Disclosure of the Privacy Policy

If there are any additions, deletions, or modifications to the Privacy Policy, you will be notified of this by a notice on the website at least 7 days prior to the revision in question.

You will be notified at least 30 days in advance of any significant changes to user rights, such as the collection and use of personal information, provision to a third party, etc.

1) Notification Date : January 13, 2023
2) Enforcement Date : January 20, 2023

Previous Version