Megazone PoPs Privacy Policy

MegaZone Cloud Co., Ltd. (hereinafter referred to as the “Company”) collects, uses and provides personal information based on the consent of “address owners” and “members” for MegaZone account services, and actively guarantees the rights (right to self-determination of personal information) of “address owners” and “members.” The Company complies with relevant laws and regulations of the Republic of Korea, personal information protection regulations and guidelines that information and communication service providers must comply with.

Article 1 (Purpose of processing personal information)

The company collects personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Purpose of processing personal information

division
Purpose of processing
Member Management
Megazone Group Company Service Integrated Member Service Provision and Operation of Megazone Account Service for Member Management
Statistics on access frequency and service usage, used to improve Megazone account services
Register your inquiry
Handling user consultation tasks

Article 2 (Items of personal information collected)

The company collects the following personal information during the contract process and during the member registration process when the address owner uses the Megazone account service. When collecting personal information of the address owner and member, we will notify the address owner and member of the fact in advance and obtain their consent.

1. Personal information items collected to provide services

division
Collection items
Collection point
Member Management
Megazone account
[Required] Email, Name
(Member) When registering as a member
(Address owner) When applying for a Megazone account service address owner account
[Required] Password
(Member) When registering as a member
(Address owner) When setting a password during the first login
Link your Google account
[Required] Email, Name
(Address owner, member) When linking a Google account for the first time
Member Information Management
Selection information
[Optional] Department, Mobile Number
When entering optional information (address owner, member)
Register your inquiry
[Required] Member information (name, email)
[Optional] Reference Email
When registering an inquiry at the customer center

※ Address holder: refers to a person who has entered into a service agreement with the company in accordance with the ‘Megazone Account Terms of Use’ and uses the Megazone account provided by the company, and is assigned the duty of personal information processor to directly manage users within the organization by using the service Admin console provided by the company.
※ Member: refers to a person who registers as a member by providing personal or corporate information to the company and then receives services provided by the company.

2. Information automatically collected while using the service

division
Collection items
Collection point
Collection method
Auto-generated information
IP address, cookies, service usage history, visit history, bad usage history, etc.
Automatically generated while using the service
Collection through automatic collection devices

3. The company does not collect personal information of children under the age of 14.

Article 3 (Processing and retention period of personal information)

The company processes and retains personal information within the retention and use period of personal information stipulated by law or within the retention and use period of personal information agreed upon by the information subject (address owner and member) when collecting personal information.

1. Personal information retention and use period for providing Megazone account services

division
Retention and Use Period
Member Management
(Address owner) Until the contract is terminated or the purpose of use is achieved
(Member) Destroy without delay after withdrawal of membership
Statistics on access frequency and service usage
Until the contract is terminated or the purpose of use is achieved
Handling user consultation tasks
3 years

※ The verification period for email verification is 7 days, and if verification is not completed within the period, the information entered will be deleted.
※ In cases where preservation is necessary according to the provisions of relevant laws and regulations, the information will be used and stored for the relevant period.

2. Preservation according to law in accordance with the provision of goods or services

division
Related laws
Period of Use (Retention Period)
Records of contracts or cancellations of subscriptions, etc.
Act on Consumer Protection in Electronic Commerce, etc.
5 years
Records of payment and supply of goods, etc.
5 years
Records of consumer complaints or dispute resolution
3 years
Records of display and advertising
6 months
Books and supporting documents for all transactions prescribed by tax laws
National Tax Basic Act
5 years
Records of electronic financial transactions
Electronic Financial Transactions Act
5 years
Records of visits
Communications Secrets Protection Act
3 months

Article 4 (Entrustment and overseas transfer of personal information)

1. Details of domestic entrustment of personal information
The company entrusts personal information to external companies to perform some of the tasks that are absolutely necessary for providing services. In addition, the company manages and supervises the entrusted companies to ensure that they do not violate relevant laws and regulations.

Trustee
Purpose of provision (contents of consignment work)
Retention and Use Period
Amazon Web Services, Inc
Data storage and infrastructure management
Until membership withdrawal or termination of consignment contract

2. Details of overseas consignment of personal information
In order to provide smooth service and to process inquiries from address owners and members, the company transfers personal information of address owners and members overseas, and the information is transmitted using an Internet network processed with a secure protocol (SSL).

Previous company
Administrator and contact information
Previous purpose
Items being transferred
The country being transferred
Previous date and method
Personal information usage period
Google LCC.
Gerhard Eschelbeck
googlekrsupport@google.com
Management of account application history of address holder during personal information retention period
Email, Name
USA, Taiwan, Japan, Sydney, Singapore, EU
Transfer through the network each time you apply for an address owner account
Until the contract is terminated or the purpose of use is achieved
Zendesk, Inc.
Hasani Caraway
privacy@zendesk.com
Use of CS/Operational Solutions (Customer Consultation Information Management)
Name, Email, Profile Image
USA
Transmission via network when using the customer center
3 years or until the end of the consignment contract

3. When concluding a consignment contract, the company states in a contract or other document matters related to responsibilities such as prohibition of processing personal information for purposes other than the performance of the consigned work, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and compensation for damages in accordance with Article 25 of the Personal Information Protection Act, and supervises whether the consignee safely processes personal information.

4. If the content of the entrusted work or the trustee changes, we will disclose it without delay through this personal information processing policy.

Article 5 (Provision of personal information to third parties)

The company processes the personal information of the data subject (address owner and member) only within the scope specified in “Article 1 (Purpose of Processing Personal Information)” and provides personal information to third parties only in cases corresponding to Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or special provisions of the law.

1. Provision of personal information to third parties (provision for login function through Megazone account)c

Recipient
Items provided
Purpose of provision
Retention and Use Period
Megazone Co., Ltd.
Email, name, profile image, mobile phone number
Provides Hostingkr integrated authentication service, operates consultation service through Hostingkr and Support Portal (GCP, Alibaba, Oracle, Azure)
Until membership withdrawal (connection termination) or achievement of purpose of use (however, in case preservation is required by relevant laws, until the relevant period)
Cloud Noah Co., Ltd.
Email, Name
Hyper Billing membership management and integrated authentication service provided
Until withdrawal of membership or termination of connection (however, in cases where preservation is required by relevant laws, until the relevant period)

Article 6 (Destruction of personal information)

The company destroys personal information without delay when the personal information becomes unnecessary, such as when the retention period for personal information expires or the processing purpose is achieved.

1. In cases where the retention period for personal information agreed upon by the data subject has expired or the purpose of processing has been achieved, but personal information must be retained in accordance with other laws and regulations, the personal information will be transferred to a separate database (DB) or stored in a different location.

2. The procedures and methods for destroying personal information are as follows.

1) Destruction Procedure: The company selects personal information for which a reason for destruction has arisen and destroys the personal information with the approval of the company’s personal information protection officer.
2) Destruction method: Personal information recorded and stored in electronic file formats is destroyed so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.

Article 7 (Rights, obligations and exercise methods of data subjects)

1. The data subject (address owner and member) may exercise the following personal information protection rights against the company at any time.
1) Request to view personal information
2) Request for correction in case of errors, etc.
3) Request for deletion
4) Request for suspension of processing

2. The exercise of rights under Paragraph 1 may be made against the Company in writing, by phone, e-mail, facsimile transmission (FAX), etc. in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.

3. If the data subject requests correction or deletion of personal information due to errors, etc., the company will not use or provide the personal information until correction or deletion is completed.

4. The rights under Paragraph 1 may be exercised through a proxy, such as the data subject's legal representative or an authorized person. In this case, a power of attorney in the format of Appendix 11 of the Notice on Personal Information Processing Methods (No. 2020-7) must be submitted.

5. Requests to view or suspend processing of personal information may restrict the rights of the data subject pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.

6. Requests for correction or deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.

7. When requesting access, correction/deletion, or suspension of processing in accordance with the information subject's rights, the company verifies whether the person making the request is the information subject or a legitimate agent.

Article 8 (Measures to ensure the safety of personal information)

The company is taking the following measures to ensure the security of personal information.

1. Management measures: Establishment and implementation of internal management plan, regular employee training, etc.
2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, etc.
3. Physical measures: Access control to computer rooms, archives, etc.

Article 9 (Matters concerning installation, operation and refusal of automatic personal information collection devices)

1. The company uses 'cookies' to store and periodically retrieve usage information in order to provide personalized services to address holders and members.

2. Cookies are small pieces of information that the server (http) used to operate the website sends to the user's computer browser and are also stored on the hard disk of the user's PC computer.

1) Purpose of cookie use: Cookies are used to provide optimized information to address owners and members by identifying the visit and usage patterns, popular search terms, and whether or not the access is secure for each service and website visited by the address owner and members.
2) Cookie installation/operation and rejection: You can reject cookie storage by setting options in the Tools > Internet Options > Privacy menu at the top of the web browser.
3) If you refuse to store cookies, you may experience difficulties using customized services.
4) How to reject cookie settings
ⅰ) Internet Explorer: Select Tools menu > Select Internet Options > Click Privacy tab > Advanced Privacy Settings > Set Cookie Level
ⅱ) Chrome: Select the Settings menu > Select Show advanced settings > Select Privacy and security > Content settings > Set cookie level
ⅲ) Safari: Select Preferences menu > Select Privacy tab > Set Cookies and website data level

Article 10 (Personal Information Protection Manager)

The company is responsible for the overall management of personal information processing, and has designated a personal information protection officer as follows to handle complaints and provide remedies for damages from information subjects related to personal information processing. The following measures are being taken to ensure the safety of personal information.

1. Personal information protection manager and department in charge

Data Protection Officer
Personal Information Protection Department
Name: Lee Ju-wan
Position: CEO
Phone number: 1644-7378
Department Name: IRM
Phone number: 1644-7378
Email: irm@mz.co.kr

2. The information subject may inquire about all personal information protection-related matters, such as complaints, damage relief, etc. that arise while using the company's services (or business) to the personal information protection officer and the department in charge. The company will respond to and process the information subject's inquiries without delay.

Article 11 (Request to view personal information)

The data subject may request access to personal information in accordance with Article 35 of the Personal Information Protection Act to the department below. The company will endeavor to ensure that the data subject's request for access to personal information is processed promptly.

Department in charge of receiving and processing personal information access requests
Department Name: Core Service 1 Team
Email: accounts@mz.co.kr

Article 12 (Methods of Redress for Infringement of Rights)

Data subjects may inquire about remedies for damages caused by personal information infringement or for consultation to the following organizations.
The following organizations are separate from the company. If you are not satisfied with the company's own personal information complaint handling or damage relief results or need more detailed assistance, please contact them.

Personal Information Infringement Report Center
(Operated by Korea Internet & Security Agency)
Business in charge
Report personal information infringement, request consultation
Website
privacy.kisa.or.kr
phone call
(without area code) 118
address
(58324) Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong)
Personal Information Dispute Mediation Committee
(Operation of Personal Information Protection Committee)
Business in charge
Personal information dispute mediation application, collective dispute mediation (civil resolution)
Website
www.kopico.go.kr
phone call
(without area code) 1833-6972
address
(03171) 12th floor, Government Seoul Building, 209 Sejong-daero, Jongno-gu, Seoul
Supreme Prosecutors' Office Cybercrime Investigation Division
(without area code) 1301 | www.spo.go.kr
Cyber Investigation Department, National Police Agency
(without area code) 182 | http://cyberbureau.police.go.kr

Article 13 (Responsibility and scope of application for linked sites)

The Company may provide its address holders and members with links to other companies' websites or materials. In this case, the Company has no control over external sites and materials, and therefore cannot be held responsible for or guarantee the usefulness, truthfulness, or legality of the services or materials provided therefrom. If you click on a link included in the Company and move to a page on another site, the privacy policy of that site is unrelated to the Company, so please check the policy of the newly visited site.
In addition, this 'Personal Information Processing Policy' is only applicable to 'Address Owners' who have entered into a service agreement with the company, and does not apply to 'Users' who have been granted a Megazone account under the management of 'Address Owners'. The personal information processing policy applicable to 'Users' must be confirmed through the information protection officer (or personal information protection officer) of each company (organization).

Article 14 (Changes to Personal Information Processing Policy)

In the event of additions, deletions, or modifications to the current personal information processing policy, notice will be given at least 7 days prior to the revision. However, in the event of significant changes to the rights of address holders and members, such as collection and use of personal information or provision to third parties, notice will be given at least 30 days prior to the revision.

This privacy policy applies from 2021.07.29.

You can check the previous privacy policy below.

V1.0 (applied from March 25, 2021 to May 20, 2021) V1.1 (Applied from May 21, 2021 to June 28, 2021) V1.2 (Applied from 2021. 6. 29 to 2021. 7. 28)

Realize SaaS cost optimization

Gain visibility into SaaS usage with centralized management to see your rising costs.
Request a Demo
Response within 3 business days
Demonstrating SaaS integration and management within an organization