Table of Contents
(1) Data Controller
(2) Purpose of Personal Data Processing
(3) Items of Personal Data Collected
(4) How Personal Data is Collected
(5) Personal Data Processing and Retention Period
(6) Provision of Personal Data to Third Parties
(7) Consignment of Personal Data Processing
(8) International Data Transfer for EU Residents
(9) Rights as a Data Subject
(10) Automated Decision-Making Technology
(11) Destruction of Personal Data
(12) Technical/Managerial Measures regarding Personal Data Protection
(13) Protecting the Privacy of Children
(15) The Chief Privacy Officer and Staff Responsible for Privacy Inquiries
(16) Complaint to the Data Protection Authority
1. Data Controller
The Company is the data controller of personal data processed in relation to the Service rendered through PeriFlow. You may contact the Company through the following contact information:
World Headquarters: 5F, AMC Tower, 222 Bongeunsa-ro, Gangnam-gu, Seoul, 06135, Korea
Branch: Rm. 514 Bldg. 138, 1 Gwanak-ro, Gwanak-gu, Seoul, 08826, Korea
Phone Number: 82-2-889-8020
Email Address: firstname.lastname@example.org
The Company collects personal data for the below purposes, among others:
Providing PeriFlow Service: Confirmation of user’s intent to use the Service, identification of individual user of administrator of corporate user such as and Owner of Organization, provision of requests and response logs generated by the Service when requested by the users, prevention of illegal use of the Service, provision of various notices/notifications, payment of service fees, update of necessary information, etc.
Member Management: Confirmation of member’s intent to register, identification according to the provision of membership Service, maintenance and management of membership status, provision of various notices/notifications, management of questions or feedback, update of necessary information, etc.
(b)Development of Services and Statistical Analysis: Development of new Services and provision of customized Services, provision of Services and advertisements according to statistical characteristics, confirmation of validity of the Service, provision of event information and opportunities to participate, identifying frequency of user’s access, internal analysis of user’s Service use, etc.
(c)Complaint Management: Identifying complainant, receipt of and response to complaints, contact/notification for fact-finding, notification of complaint review results, etc.
Any and all personal data collected hereunder will not be used for any purpose other than those specified in Subparagraph 2.1 above, and if the purpose of personal data processing is modified in the future for any reason, the Company will, if necessary, obtain each user’s consent pursuant to the relevant Data Protection Laws.
3. Items of Personal Data Collected
The Company collects the below personal data:
(a)Providing PeriFlow Service and Member Management:
1)Required information for regular members: email address, nickname, name, country, associated organizations (schools or companies), name and user ID of other third-party platforms or social media sites (Google, Github, etc.) that regular members have allowed access to, profile values provided by other third-party platforms or social media sites, gender, age.
2)Required information for social members: name and user ID of other social media site accounts that social members have allowed access to, profile values provided by other social media sites.
3)Required information related to artificial intelligence ("AI") training and inference: authorization tokens for accessing docker image repository, authentication tokens for access to cloud repository, requests made to inference servers and responses generated by AI models (only if the user has activated the function for inference request log collection).
1)Required Information: ID, email address, name, phone number, inquiry details, etc.
(c)Payment of Service Fees:
1)Required information for payment with credit card: name of card company, cardholder’s name, card number, expiration date, the first two digits of the credit card’s password, CVC(4DBC), billing address, etc.
(d)Information that may be automatically created and collected in the process of your use of our PeriFlow Service:
1)Log data (including IP information, browser type, visited domain, mobile device and application ID, search term, etc.) and links, cookie data, Service usage history, bad usage history, etc.
A user has the right not to give its consent to the collection or use of its personal data. However, if the user withholds such consent at the time of its registration(sign-up), such user may be restricted in its use of our PeriFlow Service and/or receipt of user benefits thereunder.
4. How Personal Data is Collected
The Company collects the below personal data:
(a)In the process of membership registration and Service use, the user agrees to the collection of personal data and enters it directly.
(b)Personal data is collected when information is generated through log analysis program and information collected by ‘cookie’.
(c)Personal data is collected when authentication token is used to access Docker image repository and cloud repository for the use of PeriFlow Service.
(d)If the function for request log collection is enabled when the user runs PeriFlow Service (specifically, AI inference service), PeriFlow’s inference server directly collects inference requests and responses.
5. Personal Data Processing and Retention Period
User information (email, nickname, name and user ID of the social media account that regular member has allowed access to, profile value provided by social media, gender, age): retained until five (5) days after withdrawal from regular and/or social membership.
Information such as log data (including IP information, browser type, visited domain, visited page, mobile device and application ID, search term, etc.), links, cookie data, Service usage history, bad usage record, etc .: retained until five (5) days after withdrawal from regular and/or social membership.
AI training and inference information : retained for up to one (1) day after the organizations and projects had been deleted.
Notwithstanding the above, the Company may use and retain user’s personal data until the end of the relevant retention period in the below cases:
|Investigation is necessary to find out the reason for termination in case the Company terminates the relevant service agreement due to a reason attributable to user||Three (3) years from the date of termination|
|Investigation in progress due to violation of any applicable laws and regulations||Until the completion of the investigation|
|Existence of claims and/or obligations||Until the settlement of the claims and/or obligations|
|Records of user’s complaint or settlement of a dispute||Three (3) years|
|Records related to payment for and supply of goods||Five (5) years|
Notwithstanding Subparagraphs 5.1 and 5.2 above, if the applicable laws and regulations require the Company to retain any personal data collected hereunder, the Company will have the right to retain any user’s personal data for such duration as prescribed thereby.
6. Provision of Personal Data to Third Parties
Without your specific consent, the Company will not provide your personal data to any third party for such third party’s own use.
7. Consignment of Personal Data Processing
To provide Service seamlessly, the Company provides users’ personal data to a third-party service provider (the “Consignee”) to the minimum extent, under which such Consignees are strictly prohibited from using your personal data for any purpose without our specific instruction.
Please refer to the following with regard to the consignment of processing personal data of Korean residents:
(a)Consignment of personal data processed within Korea:
|Data Management||Amazon Web Services Inc.||Processing per data in the cloud infrastructure|
|Payment of service fees and settlement of charges||PayPal Holdings, Inc. Korea PortOne Co.,Ltd. Stripe, Inc.||Electronic payment processing|
(b)Consignment of personal data processed overseas:
|Consignee||Destination Country||Time and Method of Transfer||Personal Data||Purpose of Use||Period of Retention and Processing|
|Functional Software, Inc. (dba “Sentry”) (email@example.com)||U.S.||Transferred through server when errors occur during Service use||Service usage history||Monitoring system error logs||Until member’s membership withdrawal; or until the consignment agreement is terminated|
|New Relic, Inc. (firstname.lastname@example.org)||U.S.||Transferred through server when logs occur during Service use||Service usage history||Monitoring backend system logs||Until member’s membership withdrawal; or until the consignment agreement is terminated|
|Google LLC (email@example.com)||U.S.||Transferred through server when Service usage history occurs||Service usage history||Analysis of usage patterns||Until member’s membership withdrawal; or until the consignment agreement is terminated|
|Twilio Inc. (firstname.lastname@example.org)||U.S.||Transferred through server when sending emails||Email address||Sending email||Until member’s membership withdrawal; or until the consignment agreement is terminated|
8. International Data Transfer for EU Residents
If you are an EU resident, please note that your personal data may be transferred outside the European Economic Area (“EEA”). Whenever the Company transfers an EU resident’s personal data outside of the EEA, the Company will implement at least one of the below safeguards to ensure that your personal data is given the same level of protection as given in Europe:
(a)The Company will only transfer the personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; and
(b)Where the Company uses certain service providers, the Company will use specific contracts approved by the European Commission.
9. Rights as a Data Subject
Under certain circumstances, you have rights under the Data Protection Laws in relation to your personal data as below:
(a)You have the right to access your personal data. This allows you to request a copy of the personal data we have in our possession and to confirm that we are processing it properly;
(b)You can ask us to rectify any inaccuracies in your personal data;
(c)You have the right to request the erasure of your personal data unless processing is necessary for (i) compliance with any laws and regulations, (ii) reasons of public interest, or (iii) the establishment, exercise or defense of legal claims;
(d)You may object to our processing of your personal data (i) if such processing has an impact on your fundamental rights or (ii) if we are processing your personal data for direct marketing purpose. Please note that in some cases, however, we may have compelling legitimate grounds to process your information that override your fundamental rights;
(e)You may have the right to restrict our processing of your personal data (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to delete it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
(f)You may have the right to request us to transfer your personal data to another data controller. Please note that this right only applies to automated information that you initially provided your consent for us to use or where we used the information to perform a contract entered into with you;
(g)Where you have provided your consent to the processing of your personal data for any purpose, you have the right to withdraw such consent at any time by notifying us. Please note, however, that if you withdraw your consent, we may not be able to provide Service to you.
The exercise of the above rights is generally free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitiveness, we may charge an appropriate service fee in accordance with the applicable statutory regulations or refuse to process such request.
10. Automated Individual Decision-Making Technology
The Company will not make any automated individual decisions, such as profiling, that would significantly affect your use of our Service.
11. Destruction of Personal Data
When the purpose of collection and use of personal data is finally achieved, the Company will destroy the personal data without delay after a predetermined period in line with its internal policy and applicable laws and regulations, unless the personal data must be retained in accordance with the relevant laws and regulations.
In the event the personal data needs to be retained by law, such personal data will be segregated, moved to a separate database and safely stored in a different location.
The process and method of personal data destruction are as follows:
(a)Destroying Procedure: The Company will determine the personal data to be destroyed, and such personal data will be destroyed with an approval of the Company's Chief Privacy Officer.
(b)Destroying Method: Hard copy printouts of personal data are shredded or burned, whereas electronic files of personal data are destroyed through a technical or physical means to ensure that the relevant data cannot be recovered.
12. Technical/Managerial Measures regarding Personal Data Protection
The Company protects your personal data through below technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access and unauthorized disclosure and alteration:
(a)Administrative measures: establishment and implementation of internal management plans, regular employee training, and operation of the organization dedicated to personal data protection.
(b)Technical measures: management of access rights to personal data processing systems, installation of access control systems, encryption of unique identification information, password and credit card number, and installation of security programs.
(c)Physical measures: Control of access to computer rooms, data storage rooms, etc.
13. Protecting the Privacy of Children
The Company does not collect or manage personal data of children or allow children to use our Service. If we learn that we have collected personal data of a child without the consent of the child’s parent or guardian, we will delete such data. We encourage parents with concerns to contact us.
A cookie is a small file that our web server places on a user’s computer hard drive and contains a unique identifier. Cookies enable the Company to track usage patterns and provide personalized content. The Company has no access to data stored by cookies.
(b)Installation, operation and rejection of cookies: Cookies may be installed automatically when using the PeriFlow website. However, the users can disable cookies by altering the settings on their device or browser (Web: Tools > Internet Options > Privacy menus at the top of the browser). If users do not accept our essential cookies, the users may experience some inconvenience in the use of our Service. Examples of essential cookies include secured login details and other settings.
(c)Please click the below links for the instruction to change the cookie settings:
15. The Chief Privacy Officer and Staff Responsible for Privacy Inquiries
The Chief Privacy Officer and the department responsible for handling privacy inquiries are designated as below to oversee all matters related to customer privacy and handle complaints, as well as to address any damage from privacy-related issues. For the avoidance of doubt, the Chief Privacy Officer is not the Data Protection Officer under the European General Data Protection Regulation (GDPR):
|Chief Privacy Officer||Staff Responsible for Privacy Inquiries|
|Name: Chan Jean Lee Title: Director||Department: Legal Phone number: +82-2-889-8020 Email address: email@example.com Contact Person: Sujin Oh|
The users may contact the above department and staff for all personal data protection inquiries, complaint handling, damage relief, etc., that occurred while using the Company's Service. The Company will endeavor to respond and process any inquiry promptly.
16. Complaint to the Data Protection Authority
You may submit a complaint to your local or other regulatory authorities in the country of your residence if you believe that the data processing described here violates any applicable Data Protection Laws.
A Korean resident may submit a complaint to the below institutions:
(a)Personal Data Breach Reporting Center: 118(https://privacy.kisa.or.kr);
(b)Personal Data Dispute Mediation Committee: 1833-6972(https://www.kopico.go.kr);
(c)Cybercrime Investigation Division at the Supreme Prosecutors’ Office: 02-3480-3573(https://www.spo.go.kr);
(d)Cybercrime Investigation Bureau at the National Police Agency: 182(https://cyberbureau.police.go.kr).
Privacy notice takes effect from its effective date. Should there be any ground for a material change to the users’ right to data privacy, the Company will notify the users at least thirty (30) days before such change is implemented. Other changes will be notified to the users at least seven (7) days prior to their implementation.