Megazone PoPs Privacy Policy

Megazone Cloud Co., Ltd. (hereinafter referred to as the “Company”) collects, uses, and provides personal information based on the consent of the address owner for the Megazone PoPs service, and actively guarantees the rights of the address owner (the right to self-determination of personal information). The Company complies with relevant laws and regulations of the Republic of Korea, personal information protection regulations, and guidelines that information and communication service providers must comply with.

Article 1 (Purpose of processing personal information)

The company processes users' personal information for the following purposes. Personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Purpose of processing personal information

Article 2 (Items of personal information collected)

The company collects the following personal information during the contract process when using the Megazone PoPs service. When collecting personal information of the address owner, we will notify the address owner of the fact in advance and obtain consent.

1. Personal information items collected to provide services

2. Information automatically collected while using the service

3. The company does not collect personal information of children under the age of 14.

Article 3 (Processing and retention period of personal information)

The company processes and retains personal information within the retention and use period of personal information stipulated by law or within the retention and use period of personal information agreed upon by the information subject (user) at the time of collection of personal information.

1. Personal information retention and use period for providing Megazone PoPs service

※ In cases where preservation is necessary according to the provisions of relevant laws and regulations, the information will be used and stored for the relevant period.

2. Preservation according to law in accordance with the provision of goods or services

Article 4 (Entrustment and overseas transfer of personal information)

1. Details of domestic entrustment of personal information
The company entrusts personal information to external companies to perform some of the tasks that are absolutely necessary for providing services. In addition, the company manages and supervises the entrusted companies to ensure that they do not violate relevant laws and regulations.

2. Details of overseas transfer of personal information
The company transfers users' personal information overseas to provide smooth service and process users' inquiries, and the information is transmitted using an Internet network that has been processed with a secure protocol (SSL).

3. When concluding a consignment contract, the company states in a contract or other document matters related to responsibilities such as prohibition of processing personal information for purposes other than the performance of the consigned work, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and compensation for damages in accordance with Article 25 of the Personal Information Protection Act, and supervises whether the consignee safely processes personal information.

4. If the content of the entrusted work or the trustee changes, we will disclose it without delay through this personal information processing policy.

Article 5 (Provision of personal information to third parties)

The company processes the personal information of the data subject (user) only within the scope specified in “Article 1 (Purpose of Processing Personal Information)” and provides personal information to third parties only in cases corresponding to Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or special provisions of the law.

Article 6 (Destruction of personal information)

The company destroys personal information without delay when the personal information becomes unnecessary, such as when the retention period for personal information expires or the processing purpose is achieved.

1. In cases where the retention period for personal information agreed upon by the data subject has expired or the purpose of processing has been achieved, but personal information must be retained in accordance with other laws and regulations, the personal information is transferred to a separate database (DB) or stored in a different location.

2. The procedures and methods for destroying personal information are as follows.

1) Destruction Procedure: The company selects personal information for which a reason for destruction has arisen and destroys the personal information with the approval of the company’s personal information protection officer.
2) Destruction method: Personal information recorded and stored in electronic file formats is destroyed so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.

Article 7 (Rights, obligations and exercise methods of data subjects)

1. The data subject (address owner) may exercise the following personal information protection rights against the company at any time.
1) Request to view personal information
2) Request for correction in case of errors, etc.
3) Request for deletion
4) Request for suspension of processing
‍
2. The exercise of rights under Paragraph 1 may be made against the Company in writing, by phone, e-mail, facsimile transmission (FAX), etc. in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
‍
3. If the data subject requests correction or deletion of personal information due to errors, etc., the company will not use or provide the personal information until correction or deletion is completed.
‍
4. The rights under Paragraph 1 may be exercised through a proxy, such as the data subject's legal representative or an authorized person. In this case, a power of attorney in the format of Appendix 11 of the Enforcement Regulations of the Personal Information Protection Act must be submitted.
‍
5. Requests to view or suspend processing of personal information may restrict the rights of the data subject pursuant to Article 35, Paragraph 5 and Article 37, Paragraph 2 of the Personal Information Protection Act.
‍
6. Requests for correction or deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
‍
7. When requesting access, correction/deletion, or suspension of processing in accordance with the information subject's rights, the company verifies whether the person making the request is the information subject or a legitimate agent.

Article 8 (Measures to ensure the safety of personal information)

The company is taking the following measures to ensure the security of personal information.

1. Management measures: Establishment and implementation of internal management plan, regular employee training, etc.
2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, etc.
3. Physical measures: Access control to computer rooms, archives, etc.

Article 9 (Matters concerning installation, operation and refusal of automatic personal information collection devices)

1. The company uses ‘cookies’ to store and periodically retrieve usage information in order to provide personalized services to users.

2. Cookies are small pieces of information that the server (http) used to operate the website sends to the user's computer browser and are also stored on the hard disk of the user's PC computer.

1) Purpose of cookie use: Cookies are used to provide optimized information to users by identifying the visit and usage patterns, popular search terms, and whether or not the access is secure for each service and website visited by the user.
2) Cookie installation/operation and rejection: You can reject cookie storage by setting options in the Tools > Internet Options > Privacy menu at the top of the web browser.
3) If you refuse to store cookies, you may experience difficulties using customized services.
4) How to reject cookie settings
ⅰ) Internet Explorer: Select Tools menu > Select Internet Options > Click Privacy tab > Advanced Privacy Settings > Set Cookie Level
ⅱ) Chrome: Select the Settings menu > Select Show advanced settings > Select Privacy and security > Content settings > Set cookie level
ⅲ) Safari: Select Preferences menu > Select Privacy tab > Set Cookies and website data level

Article 10 (Personal Information Protection Manager)

The company is responsible for the overall management of personal information processing, and has designated a personal information protection officer as follows to handle complaints and provide remedies for damages from data subjects related to personal information processing. The following measures are being taken to ensure the safety of personal information.

1. Personal information protection manager and department in charge

2. The information subject may inquire about all personal information protection-related matters, such as complaints, damage relief, etc. that arise while using the company's services (or business) to the personal information protection officer and the department in charge. The company will respond to and process the information subject's inquiries without delay.

Article 11 (Request to view personal information)

The data subject may request access to personal information in accordance with Article 35 of the Personal Information Protection Act to the department below. The company will endeavor to ensure that the data subject's request for access to personal information is processed promptly.

Article 12 (Methods of Redress for Infringement of Rights)

Data subjects may inquire about remedies for damages caused by personal information infringement or for consultation to the following organizations.
The organizations below are separate from the company. If you are not satisfied with the company's own personal information complaint handling or damage relief results or need more detailed assistance, please contact them.

Article 13 (Responsibility and scope of application for linked sites)

The Company may provide the address owner with links to other companies' websites or materials. In this case, the Company has no control over external sites and materials, and therefore cannot be held responsible for or guarantee the usefulness, truthfulness, or legality of the services or materials provided from them. If you click on a link included in the Company and move to a page of another site, the privacy policy of that site is unrelated to the Company, so please check the policy of the newly visited site.
In addition, this 'Personal Information Processing Policy' is only applicable to 'Address Owners' who have entered into a service agreement with the company, and does not apply to 'Users' who have been granted authority over Megazone PoPs under the management of 'Address Owners'. The personal information processing policy applicable to 'Users' must be confirmed through the information protection officer (or personal information protection officer) of each company (organization).

Article 14 (Changes to Personal Information Processing Policy)

In the event of additions, deletions, or modifications to the current personal information processing policy, notice will be given at least 7 days prior to the revision. However, in the event of significant changes to the rights of the addressee, such as collection and use of personal information, or provision to third parties, notice will be given at least 30 days prior to the revision.

This privacy policy applies from 2021.03.25.