S Lab Asia Co., Ltd.
S Lab Asia Co., Ltd. (hereinafter referred to as the “Company”) places great importance on the personal information of users of the TTL app and TTL cloud service (hereinafter referred to as “Service”) provided by the company, and under the Protection of Communications Secrets Act, Telecommunications Business Act, Promotion of Information and Communications Network Utilization and Information Comply with the personal information protection regulations of the relevant laws and regulations that information communication service providers must comply with, such as the Act on Protection of Personal Information, the Personal Information Protection Act and the personal information protection guidelines enacted by the government, and establish a personal information handling policy in accordance with the relevant laws We are doing our best to protect your rights and interests.
Article 1 (Items of personal information collected and method of collection)
- The company collects the following personal information to provide various services.
Purpose of collection and use Collection items Storing and usage period Confirmation of intention to sign up for membership, provision of account when signing up for membership, handling of consultations and inquiries ID, password, contact information (name, mobile phone number, email) Last date of use of service or 1 year after membership withdrawal or retention period according to laws and regulations
- The following information may be automatically generated and collected in the process of using the
company's service.
Purpose of collection and use Collection items Access management such as checking illegal use of services, provision of environment for each user, identification of activity information, provision and management of customized services for members Cookies, service use history, device information, device browser information
- The company collects only the minimum amount of personal information necessary to provide the service, and does not collect sensitive information (race, religion, ideology, place of origin, domicile, political orientation, criminal record, health status, etc.) that may violate the basic human rights of users. not. However, exceptions are made when the user agrees to the collection.
- How we collect personal information
The company collects personal information in the following legal and fair ways.
- Homepage, mobile application, wired consultation and consultation board, e-mail
- Provided by partner companies
- Collection through generated information collection tools
Article 2 (Consent to Collection and Use of Personal Information)
- When a customer accesses and uses the service, it is deemed to have agreed to the collection and use of personal information.
- Customers have the right to refuse consent to the collection and use of personal information. However, if you refuse, you may not be able to use the service or there may be restrictions on the provision of services according to the purpose of using the service.
Article 3 (Provision of Personal Information to Third Parties)
- The company obtains the user's prior consent and provides the member's personal
information to a third party within the scope notified for the purpose of collection and use of
personal information in Article 1. Doesn't provide. However, with the exception of the
following cases.
- If the member has given written consent
- In case the obligation to submit the member's personal information to the company arises in accordance with the provisions of the law
Article 4 (Consignment of personal information processing)
The company entrusts the following personal information processing tasks for smooth personal information processing.
Fiduciary | Consignment purpose |
Amazon Web Services, Inc. | Cloud infrastructure management/operation |
Naver Cloud, Inc. | Cloud infrastructure management/operation |
Article 5 (Retention and Use Period of Personal Information)
The company retains and uses the user's personal information while the user uses the service as a member, and when the user requests withdrawal from membership, the purpose of collection and use of personal information is achieved, the retention and use period ends, or the business is closed, etc. In the event of a cause, the information will be destroyed without delay. However, the following information is retained for the specified period for the following reasons.
- Reasons for retaining information according to company internal policy
(1) fraudulent use record
- Reason for preservation: prevention of illegal use
- Retention period: 1 year
- Reasons for retaining information according to relevant laws and regulations
If it is necessary to preserve it in accordance with the provisions of related laws, such as the Commercial Act and the Consumer Protection Act in Electronic Commerce, etc., the company retains member information for a certain period of time as determined by the relevant laws and regulations.
In this case, the company uses the information it keeps only for the purpose of keeping it, and the retention period is as follows.
(1) Records on contract or subscription withdrawal, etc.
- Reason for preservation: Act on Consumer Protection in Electronic Commerce, etc.
- Retention period: 5 years
(2) Records on consumer complaints or dispute handling
- Reason for preservation: Act on Consumer Protection in Electronic Commerce, etc.
- Retention period: 3 years
(3) Records on identity verification
- Reason for retention: Act on Promotion of Information and Communication Utilization and Information Protection, etc.
- Retention period: 6 months
(4) Records of visits
- Reason for retention: Protection of Communications Secrets Act
- Retention period: 3 years
Article 6 (Personal information destruction procedure and method)
The company destroys without delay when the purpose of collecting and using the collected user's personal information is achieved, or when the user requests membership withdrawal, unless it is necessary to preserve personal information in accordance with other laws. We treat it as unavailable. The company's personal information destruction procedures and methods are as follows.
- Destruction procedure: The information entered by the user for membership registration, etc., is transferred to a separate DB after the purpose is achieved (separate filing cabinet in case of paper), and in accordance with internal policies and other reasons for information protection pursuant to relevant laws (5. Retention and use period) After being stored for a certain period of time, it is destroyed. This personal information will not be used for any purpose other than being retained unless otherwise required by law.
- Destruction method
- In the case of electronic files: deleted in a technical way that cannot be recovered or reproduced
- In the case of printouts or other recording media: crushing or incineration
Article 7 (Separate Storage of Personal Information)
In the case of long-term non-users, personal information is separately stored or destroyed according to the following items.
- In accordance with the 『Act on Promotion of Information and Communications Network Utilization and Information Protection』, the company separates the member's ID and personal information to protect the personal information of members who have not used the service, such as not logging in for one year. It is transferred to the DB (in the case of paper, a separate filing cabinet) and stored or destroyed separately.
- The company notifies users of the expiration date of the period, the fact that personal information is stored or destroyed separately, and the relevant personal information item by any one of e-mail, written, facsimile transmission, telephone, or similar method, up to 30 days before the expiration of the above validity period.
Article 8 (User rights and how to exercise them)
Users can view or modify their registered personal information at any time, and may request cancellation of membership (withdrawal of consent). In order to view or modify the user's personal information, contact the person in charge of personal information management in writing, by phone or e-mail, and action will be taken without delay. If a user requests correction of an error in personal information, the personal information will not be used or provided until the correction is completed. In addition, if wrong personal information has already been provided to a third party, the result of the correction will be notified to the third party without delay so that the correction can be made. The company handles personal information that has been canceled or deleted at the request of users or legal representatives as specified in "5. Period of Retention and Use of Personal Information" and prevents it from being viewed or used for any other purpose.
Article 9 (Matters Regarding Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
- The company uses sessions to frequently store and find personal information.
- Session: means that the server used to operate the service stores personal information on the server during the member's access time.
- Session helps convenient use by maintaining the environment set by the member, and provides optimized and customized service by providing information on visit records and usage patterns, and is used as a measure of service improvement.
- Members do not have the option to install a session, and a session is automatically created on the server when using a service that requires login.
- If the company does not want the company to access the photo album, camera and microphone of the smartphone or tablet PC, the company provides technical means to block access by the member himself.
Article 10 (Technical/Administrative Protection Measures for Personal Information)
In handling personal information of users, the company is taking the following technical/managerial measures to ensure safety so that personal information is not lost, stolen, leaked, falsified or damaged.
- Personal information encryption
The user's main personal information is encrypted and stored, and files and transmission data are encrypted to ensure that the user's personal information is not leaked even in the event of an accident that may occur.
- Countermeasures against hacking, etc.
The company is doing its best to prevent leakage or damage of users' personal information due to hacking or computer viruses.
In preparation for damage to personal information, data is backed up from time to time, the latest vaccine program is used to prevent leakage or damage of personal information or data of users, and personal information is safely transmitted over the network through encrypted communication. In addition, we use a 24-hour intrusion prevention system to control unauthorized access from outside, and we strive to equip all possible technical devices to ensure systemic security.
- Minimization and training of handling staff
The company's staff handling personal information is limited to the person in charge, and a separate password for this is assigned and regularly updated, and compliance with the personal information handling policy is always emphasized through regular training for the person in charge. In addition, before executives and employees handle personal information of users, internal procedures are implemented to prevent leakage of personal information of users through a security pledge in advance, prepare related situation regulations, and monitor implementation and compliance. are preparing.
- Operation of an exclusive organization for personal information protection
Through the in-house personal information protection organization, etc., we check the implementation of the personal information handling policy and compliance with the person in charge, and if a problem is found, we strive to correct it immediately.
However, fundamentally, the user's own efforts are also important for the security management of personal information. In online services, only the person who knows the ID and password has the right to access personal information, and the person is also responsible for maintaining and managing the password. You must configure your password with information that only you can know, and you must avoid using passwords that can be easily stolen by others, such as part of your social security number or phone number. In addition, if you access the company's service from a PC you use in common and move to another site while logged in, or if you have terminated the use of the service, be sure to close the browser. Otherwise, there is a risk that the user's personal information, including ID, password, and resident registration number, may be easily leaked to others through the browser. The company does not take any responsibility for problems caused by leakage of personal information such as ID, password, and resident registration number due to the user's negligence or problems on the Internet.
Article 11 (Person in charge of personal information protection)
The company is responsible for overall handling of personal information, and has designated the person in charge of personal information protection as follows to handle complaints and damage relief of information subjects related to personal information processing. You can report all complaints related to personal information protection that occur while using the company's services to the person in charge of personal information management or the department in charge. The company will provide prompt and sufficient answers to users' reports.
- Personal information protection department | S Lab Asia
Customer Center : +82-70-4755-9958
Email address: info@slabglobal.com
Inquiries: Weekdays 10:00 am - 6:00 pm (Lunch time 12:30 - 13:30, closed on Saturdays, Sundays and holidays)
- Personal Information Manager | Dave Han
Email address: security@slabglobal.com
If you need to report or consult about other personal information infringement, please contact the organizations below.
- Personal Information Infringement Reporting Center
(without area code)118
privacy.kisa.or.kr
- Personal Information Dispute Mediation Committee
(without area code) 1833-6972
www.kopico.go.kr
- Supreme Prosecutor's Office Cyber Investigation Division
(without area code)1301
cid@spo.go.kr
www.spo.go.kr
- National Police Agency Cyber Security Bureau
(without area code)182
cyberbureau.police.go.kr
Article 12 (Duty to notify)
If there is any addition, deletion, or modification of the contents of the current Privacy Policy, the reason for and contents of the change will be notified through a notice at least 7 days prior to the revision. The contents of this Privacy Policy may be changed from time to time, so please check it each time you visit the service.
- Effective Date: May 7, 2022