Privacy Policy-Previous Version-20210304

MOCA System Mobile Credential (hereinafter referred to as "the Service") of MOCA System Inc. (hereinafter referred to as "the Company") has the following policy to protect the personal information and the rights and interests of the Company's customers in accordance with the Personal Information Protection Act and smoothly deal with user's complaints related to personal information.

The Company's multi-tenant architecture is designed to allow site administrators to create mobile credentials for use by individual companies or organizations and pass them on to users, allowing users to use it via mobile apps.

1. Items of Personal Information to Collect and Collecting Method

2. Purpose of Collection and Use of Personal Information

3. Sharing and Providing Personal Information

4. Consignment of Personal Information Processing

5. Personal Information Retention and Use Period

6. Procedures and Methods of Personal Information Destruction

7. Children’s Privacy Policy

8. Technological and Administrative Measures for Protection of Personal Information

9. Matters regarding installation/operation and rejection of automatic collection of personal information

10. Contact Details of Personal Information Manager and Contact Person

11. Obligation of Notice

1. Items of Personal Information to Collect and Collecting Method

1) Items personal information collected

Mobile Credential Portal & App

- Personal information items :

Essential: User email or mobile phone number, authentication log upon use of Airfob Space

Selectable: Site administrator’s additional input items such as user name, user department, etc.

Additional: Model name, OS version, error log of installed mobile device

*The location information agreement within the app is for the mobile credential to have OS access rights within the mobile device in order to use Bluetooth. We do not collect personal location information or transmit it outside the mobile device.

* The following information may be generated and collected in the process of using the service. (Access log, cookie, IP address, service usage record)

* The following information may be generated and collected in the process of using the service. (Access log, cookie, IP address, service usage record)

Collection way:

-User input directly through the website

-Collection through creation information collection tool (for access log, cookies, etc.)

Website contact us

– Personal information items:

Essential: email

Selectable: company name, name, phone number

*The company collects the above personal information for inquiry response, technical support, promotion, etc.

2) Personal information collecting method

Mobile Credential Portal & App

- Manual input by site administrator or input through CSV file

- Automatic input from other system databases set by site administrator

- Update of device information at the end of an app crash and the error log

*Site administrator has a responsibility of collecting and getting consent on mobile credential users’personal information of the site.

Website contact us

- Manual input by website visitors

2. Purpose of Collection and Use of Personal Information

Use of information for service provision: issuance and installation of mobile credentials, processing of inquiries, information delivery and guidance, content provision, event reservation information, access history management

3. Sharing and Providing Personal Information

In principle, the company does not disclose users' personal information to the outside. However, for smooth information provision, marketing, stability of service provision and provision of the latest technology, the company outsource the following, and personal information is stored in the outsourced company system. The outsourced company performs only physical management and does not access the user's personal information

Utsourced Company AWS
Point of Contact aws-korea-privacy@amazon.com
Outsourcing Purpose Service provision and storage of personal information
Categories of Transfer Name, family name, email, id, password, company name, country
Country of Transfer Country of Transfer Republic of Korea
Period and Means of Transfer Data transmission through the network upon the moment
the user enters personal information on the website,
and data transmission through the network after
the user provides personal information offline.
Period of Storage and Use of Personal Information Until the user requests to withdraw the membership or to delete user information

4. Consignment of Personal Information Processing

The company does not entrust personal information to any other companies in the provision of the Services.

5. Personal Information Retention and Use Period

1) The Company's Services will not be stored when the personal information is deleted by the administrator. In the mobile device, the Customer may remove this application by deleting the app.

2) If the Customer withdraws their membership or withdraws their consent to the collection and use of their personal information, their personal information will be permanently deleted instantly.

3) In accordance with the related Act on the Promotion of Information and Communication Network Utilization and Information Protection, and the enforcement ordinance of the Act, the Company may terminate the contract and take necessary measures such as destruction of personal information to protect the personal information of Customers who have not used the Services continuously for one year. In this case, the Customer will be notified up to 30 days before the date of the action of the necessary measures being taken, the expiration date of personal information, and personal information items.

4) Notwithstanding the preceding paragraph, if there is reason for information retention by internal policy or other related laws or if it is necessary to preserve the user information pursuant to the provisions of the Commercial Act, the Company may keep the Customer's information for a certain period as stipulated by the relevant laws and regulations, even in the event that the purpose of information collection or provision has been accomplished. In this case, the company uses the information it keeps only for the purpose of retaining it, and the retention period is as follows.

① Personal information about the use of the Services

Retention grounds: Protection of Communications Secrets Act,Retention period: 3 months

② Record of display/ad

Retention grounds: Act on the Protection of Consumers in Electronic Commerce, etc.,Retention period: 6 months

③ Record of contract or withdrawal

Retention grounds: Act on the Protection of Consumers in Electronic Commerce, etc.,Retention period: 5 years

④ Record of payment and supply of goods

Retention grounds: Act on the Protection of Consumers in Electronic Commerce, etc.,Retention period: 5 years

⑤ Records of consumer inquiries, claims handling or dispute handling

Retention grounds: Act on the Protection of Consumers in Electronic Commerce, etc.,Retention period: 3 years

⑥ Record of personal identity verification

Retention grounds: Act on Information Network Promotion and Information Protection, etc.,Retention period: 6 months

6. Procedures and Methods of Personal Information Destruction

In case of withdrawal or when an administrator deletes a user, in principle, these Services of the Company will destroy any personal information so as to render it technically inaccessible.

7. Children’s Privacy Policy

The Service is intended for a general audience and is not directed at or intended to be used by minors under the age of 13 (under the age of 16 in Europe) (“Children”).

Members and their legal representatives may contact the person in charge of personal information protection under Paragraph 10 through email or mail to view their personal information, use their personal information, or request details provided to a third party, and request correction of personal information if false information is found. In this case, the company may collect contact information or use the collected contact information in order to confirm whether the person is the member or the legal representative.

8. Technological and Administrative Measures for Protection of Personal Information

The Company’s Services provide the following technical and administrative measures to ensure the safety of personal information and in order to prevent users' personal information being lost, stolen, leaked, altered or damaged during processing.

1) Technical measures

(1) Personal information data which can be selectively entered with minimum data fields (such as unique ID and card ID) are encrypted in the server.

(2) Personal information is securely transmitted over the network through encrypted communication.

(3) We do our best to prevent personal information from being leaked or damaged by hacking or computer virus.

(4) We are making efforts to enhance security through measures such as access control, rights management, and vulnerability checks on the system.

2) Administrative measures

(1) Only a minimum number of people have access to the site administrator and the personal information of the user. The minimum number of persons is as follows.

- A server developer from the Company who needs to carry out work such as database updates.

- A person in charge who performs personal information management such as personal information protection.

- Those who are required in order to process personal information in business.

(2) Personal information is securely transmitted over the network through encrypted communication.

(3) We do our best to prevent personal information from being leaked or damaged by hacking or computer virus.

9. Matters regarding installation/operation and rejection of automatic collection of personal information

The company uses sessions and local storage technologies that are similar to cookies. These are small text files that are stored on your PC when you log in to that storage. These text files save information that the website can read when you visit the site again.

The company uses sessions and local storage for the following purposes.

• To maintain the Customer's session when the Customer uses the Services

• To provide enhanced convenience when you use the Services

The following information is stored in the session and local storage.

• Token information for session maintenance

• Your chosen service language

• User ID for easy login if selected by the Customer

By continuing to use the Services, the Customer agrees that the Company will use cookie-like technology in accordance with this Privacy Policy.

1. The Company uses cookies at the same time as accessing the website to provide more appropriate and useful services to users.

2. Cookies are text files that are automatically sent to your computer when users visit our website.

① Users can choose whether or not to use cookies.

② How to refuse cookie setting

※ Example of setting cookie

1. Internet Explorer: Tools → Internet Options → Privacy → Advanced at the top of the web browser

2. Chrome: Settings menu on the right side of the web browser → Show advanced settings at the bottom of the screen → Content settings button of personal information → Cookies

Most Internet browsers allow users to choose whether to accept cookies themselves. However, if you disable cookies or restrict cookie functionality, you may not be able to use the website's convenient features. In addition, you may limit your overall user experience.

Google Analytics Guide

1. The Company uses Google, Inc. to provide a better service to its customers. The purpose of Google Analytics, a web analytics service provided by Google ("Google"), is to analyze and evaluate how customers use our services, to understand their needs, to improve and customize our services and products, and to provide efficient services.

2. Google Analytics uses a "cookie," a text file stored on your computer, to analyze how users use our website.

3. Google transfers and stores this information collected through cookies to Google servers in the United States.

4. Google may provide this information to third parties where required by law, or to third parties who process the information on Google's behalf.

5. Google does not associate your IP address with any other data held by Google.

6. User agrees to the use of the Google Cookie and all information generated through Google Analytics by using the Company's Services, unless otherwise refused to use Google Cookie.

7. You can read about Google's privacy here.

8. To find out how to opt out of Google Analytics, you can limit it through our site or opt out of storing all cookies. However, please note that if you refuse to store cookies, you may be restricted from using some services that require you to log in, and you are solely responsible for this.

10. Contact Details of Personal Information Manager and Contact Person

The company designates the person in charge of personal information management and related departments as follows to protect users' personal information and handle complaints related to personal information, and the person in charge of personal information protection plays the role of DPO (Data Protection Officer).

Personal information manager

Name: Changsoon Park

Email: 031-710-2450/cspark@suprema.co.kr

Data Protection Department

Department: Department of Information Security

Contact Point: privacy@suprema.co.kr

Users can contact the person in charge of personal information protection and the department in charge of all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's service (or business). The company will respond and handle inquiries from the information subject without delay.

If you need to report or consult about other personal information infringement, please contact the following organizations.* Personal Information Infringement Report Center (privacy.kisa.or.kr / (without area code) 118)* Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr/ (without area code) 1301)* National Police Agency Cyber Security Bureau (police.go.kr / (without area code)182)* Personal Information Dispute Mediation Committee (www.kopico.go.kr/ 1833-6972)

11. Obligation of Notice

If there is any addition, deletion, or modification of the contents according to changes in laws/policies or security technology, the company will notify the reason and contents of the change through the homepage popup at least 7 days before the enforcement of the changed personal information processing policy.

In the event of significant changes in user rights, such as collection and use of personal information, provision to a third party, etc., the company will notify user at least 30 days in advance.

1) Date of announcement: February 24, 2021

2) Date of enforcement: March 04, 2021

See Privacy Policy of June 1st, 2019.

For inquiries, please contact Suprema Information Security Department (privacy@suprema.co.kr).