Loading...
42dot Inc. (hereinafter the "Company") establishes and discloses the following Privacy Policy in accordance with Article 30 of the 「Personal Information Protection Act」 to protect the personal information of data subjects and to handle related complaints promptly and smoothly.
The scope of the Privacy Policy includes the Pleos App Market (hereinafter "App Market"), App Market Console, and Pleos Playground.
Due to amendments to the aforementioned Act eliminating the requirement for mandatory consent, please note that details regarding the processing of personal information necessary for membership registration and service provision may be notified in this Privacy Policy without obtaining separate consent.
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those specified below. If the purpose of use is changed, necessary measures will be taken such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
(1) Items of Personal Information Collected and Purpose of Use
| Service | Time of Collection | Category | Items Collected | Purpose of Use |
|---|---|---|---|---|
| App Market | Upon Membership Registration | Required | Account identification information, name, email address, and date of birth | Membership management and operation |
| App Market Console | Upon Membership Registration | Required | Account identification information, name, and email address | Membership management and operation |
| Pleos Playground | Upon Membership Registration | Required | Account identification information, name, and email address | Membership management and operation |
To ensure service security, provide a safe service, and restrict acts that violate laws or the terms of service, information may be automatically generated or collected during service use.
(2) Methods of Collecting Personal Information
The Company collects personal information through the following methods:
1. When a user consents to the collection of personal information during the membership registration or service use and directly provides the information
2. When information is naturally generated or collected during service use, such as through the mobile app, website, written forms, fax, telephone, customer service board, email, event participation, etc.
3. When provided by affiliated or partnered companies
The Company processes and retains personal information within the period agreed upon by the data subject at the time of collection or as prescribed by law. Each processing and retention period of personal information is as follows:
(1) When retention is necessary for reasons such as membership registration and management or dispute resolution
| Category | Retained Items | Retention Period |
|---|---|---|
| Membership registration, identity verification, and service use | Account identification information, name, email address, contact information (mobile number), date of birth | To be destroyed within three (3) months of contract termination; provided, however, that if the Company is legally obligated to retain the information, it will be preserved until the end of the applicable retention period |
| When there is an ongoing dispute between the Company and the member | Name, email address, contact information (mobile number) | Until the dispute is resolved |
| When there is an ongoing investigation or inquiry due to a violation of related laws and regulations | Name, email address, contact information (mobile number) | Until the investigation or inquiry is completed |
| When there are outstanding claims or debts arising from service use or supply of goods | Name, email address, contact information (mobile number) | Until the relevant claims or debts are settled |
(2) When retention is necessary under related laws and regulations (not limited to the laws below)
| Purpose/Category | Legal Basis for Retention | Retained Items | Retention Period |
|---|---|---|---|
| Records on the withdrawal of contracts or offers, payment, and supply of goods | Article 6 of the Act on the Consumer Protection in Electronic Commerce and Article 6 of the Enforcement Decree thereof | Developer information (representative's name and email address), contact information of personnel assigned to settlement (name, mobile number, and email address), and settlement account information (bank name, account number, and account holder's name) Member information (name and email address) | 5 years |
| Records of electronic financial transactions | Article 22 of the Electronic Financial Transactions Act | Payment history | 5 years |
| Records of consumer complaints or dispute resolution | Article 6 of the Act on the Consumer Protection in Electronic Commerce and Article 6 of the Enforcement Decree thereof | Account identification information, name, email address, mobile number, and customer consultation records | 3 years |
| Records on labeling/advertising | Article 6 of the Act on the Consumer Protection in Electronic Commerce and Article 6 of the Enforcement Decree thereof | Not applicable (to be specified when such items occur) | 6 months |
| Login records for services | Article 15-2 of the Protection of Communications Secrets Act | Website visit records, IP address | 3 months |
The Company does not currently provide personal information to third parties. In the event that personal information is provided to third parties in the future, such processing will be conducted after obtaining consent in accordance with the Personal Information Protection Act and will be clearly disclosed in this Article.
The Company consigns personal information processing tasks as follows to ensure smooth processing.
(1) Status of Domestic Consignment of Personal Information
| Category | Consigned Party (Consignee) | Details of Consigned Work |
|---|---|---|
| Customer data storage/management | Amazon Web Services Inc. | Data storage and infrastructure operation for the provision of the Service |
| Customer support and inquiry handling | Transcosmos Korea Inc. | Account identification information, name, email address, and date of birth |
(2) Status of Overseas consignment of Personal Information
The Company does not currently consign personal information processing overseas for the provision of the App Market, App Market Console, or Pleos Playground services. However, if a consignment agreement is executed in the future, the Company will specify in writing, in accordance with Article 26 of the Personal Information Protection Act, matters such as the prohibition of personal information processing beyond the scope of the consigned tasks, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and indemnification of damages. The Company will also monitor whether the consignee handles personal information securely and will disclose the details of the consignment without delay through this Privacy Policy.
| Category | Consigned Party (Consignee) | Details of Consigned Work |
|---|---|---|
| API access approval | Kia Connect GmbH | Managing customer representative contact information for API access approval |
| API access approval | Hyundai Connected Mobility GmbH | Managing customer representative contact information for API access approval |
(1) Data subjects may exercise their rights to request access to, correction of, deletion of, or suspension of processing of their personal information at any time with the Company. Membership information can be accessed through the HMG Integrated Account. If you wish to access personal information that cannot be viewed through the service, please contact the Customer Center stipulated in Article 10. Unless there is a special reason, the Company will take action within ten (10) business days. However, if there is a delay or an inability to provide access, you will be promptly notified.
(2) The rights stated in Paragraph 1 may be exercised by submitting a request via the email stipulated in Article 10, using the format provided in the Personal Information Protection Guidelines by the Personal Information Protection Commission [Annex 1] "Request for Access, Correction, Deletion, or Suspension of Personal Information Processing", and the Company will take a prompt measure accordingly. To verify identity, the Company may request minimal additional information, and if necessary, request that the data subject present an identification document such as a resident registration card, passport, or driver's license.
(3) The rights stated in Paragraph 1 may also be exercised through the data subject's legal representative or entrusted person. In such cases, a power of attorney must be submitted in accordance with the format [Annex 2] "Power of Attorney" provided in Personal Information Protection Commission's Personal Information Protection Guidelines. In this case, the Company may request additional documentation such as the seal certificate of the customer and identification of the representative to verify the authenticity of representation.
(4) Data subjects' rights on requests for access to or suspension of personal information processing may be restricted in accordance with related laws and regulations, including Articles 35(4) and 37(2) of the Personal Information Protection Act.
(5)Correction or deletion cannot be requested if the personal information is designated for collection or retention under other laws.
(6) If a data subject requests correction or deletion of erroneous personal information, the Company will not use or provide the relevant personal information until the correction or deletion has been completed
(1) The Company will destroy personal information without delay when personal information is no longer necessary in such cases as the expiration of the retention period, the fulfillment of the purpose of processing, the rescission of the Service, or the closure of business.
(2) If the retention period agreed upon by the data subject has expired or the purpose of processing has been achieved but the personal information must be retained under related laws and regulations, it will be stored separately in a different database (DB) or storage location.
(3) Procedures and methods of personal information destruction are as follows:
1. Destruction Procedure
The Company selects the personal information to be destroyed, obtains approval from the personal information protection manager, and proceeds with destruction.
2. Destruction Method
In accordance with related laws and regulations, the Company will destroy personal information recorded or stored in electronic files in a manner that renders the data irrecoverable, and shred or incinerate personal information if recorded or stored on paper.
In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, administrative, and physical measures to ensure the security of personal information:
1. Transmitting users' personal information through encrypted channels and storing sensitive information such as passwords in encrypted form,
2. Installing systems capable of detecting and blocking intrusions such as hacking attempts for 24-hour monitoring, and using antivirus programs to prevent infections from the latest malware or viruses,
3. Continuously researching and applying new hacking and security technologies to services,
4. Minimizing the number of officers and employees authorized to handle personal information,
5. Establishing systematic standards for the creation and modification of passwords and access permissions for systems that store or process personal information, and conducting regular audits, and
6. Providing regular training on personal information protection and security obligations to all employees handling personal information.
The Company may use or provide personal information additionally without the data subject's consent in accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act, taking into account the matters prescribed in Article 14-2 of the Enforcement Decree of the same Act. Accordingly, to use or provide personal information additionally without the data subject's consent, the Company considers the following:
1. Whether the purpose of additional use or provision of personal information is related to the original purpose of collection,
2. Whether the data subject can reasonably anticipate such additional use or provision based on the context of collection or processing practices for personal information,
3. Whether the additional use or provision of personal information unduly infringes on the interests of the data subject, and
4. Whether necessary measures have been taken to ensure safety, such as pseudonymization or encryption.
(1) The Company uses "cookies" that store and retrieve user information from time to time to provide personalized services to users.
(2) Cookies are small pieces of data sent from a server (http) used to operate a website, which are sent to the user's device browser and may be stored on the user's device.
1. Purpose of using cookies: When a user visits the website, the web server reads the contents of cookies stored on the user's device to maintain the user's settings and provide customized services. Cookies help users access the website as configured and use it to their convenience. They are also used to provide tailored information, such as optimized advertisements, based on the user's website visit history and usage patterns.
2. Installation, operation, and refusal of cookies: Cookies do not automatically or actively collect personally identifiable information, and users have the option to allow or refuse cookie installation. Accordingly, users can allow all cookies, receive a confirmation prompt whenever a cookie is stored, or refuse to store all cookies by setting the appropriate options in their web browser.
3. However, refusing to install cookies may cause inconvenience in website use and may limit access to some services that require login.
The Company designates the following person as the Personal Information Protection Manager to take overall responsibility for personal information processing and to handle complaints and remedies related to such processing from data subjects.
| Category | Name | Position | Contact |
|---|---|---|---|
| Personal Information Protection Manager | Chang-Hyeon Song | Representative Director | privacy@pleos.ai |
Data subjects may file complaints or request access related to personal information pursuant to Article 35 of the Personal Information Protection Act, through the department listed below. The Company will make its best effort to process such requests from data subjects promptly.
1. Department in charge of personal information complaints/requests
a. Department Name: App Market / App Market Console / Pleos Playground Team
b. Contact: privacy@pleos.ai
Data subjects may contact the institutions below for remedies or consultation regarding personal information infringements. These institutions are separate from the Company. If you are not satisfied with the Company's internal handling of complaints and remedies regarding personal information or need more detailed assistance, please contact the relevant organization below:
1. Personal Information Infringement Report Center: 118 (no area code) https://privacy.kisa.or.kr
2. Personal Information Dispute Mediation Committee: 1833-6972 (no area code) https://www.kopico.go.kr
3. Supreme Prosecutors' Office: 1301 (no area code) https://www.spo.go.kr
4. Cyber Bureau of the National Police Agency: 182 (no area code) https://ecrm.police.go.kr
If there are additions, deletions, or amendments to this Privacy Policy, the Company will notify users through the website's Notices section at least seven (7) days prior to the effective date.