Article 1 (Purpose of Handling Personal Information)
Moaform (‘www.moaform.com’, hereinafter referred to as the “Service”) which is a service made and provided by Qoom Networks Inc. (Hereinafter referred to as the “Company”) handles personal information for the following purposes and the information shall be used for any other purposes.
- Statistical purposes for data without personal identification such as confirmation of intent to join the membership, personal identification/authentication following service provided to the customer, maintenance/management of member status, payment following provision of item or service,
- Provision/delivery of item or service, etc.
- Purpose of advertisement that the member is a user of Moaform when the member is already using Moaform publicly to conduct or has conducted a survey
Article 2 (Handling and Retention Period of Personal Information)
- The Company shall handle and retain personal information within the retention/usage period of personal information according to retention/usage period of personal information with consent when collecting personal information from source of information or by law.
- In principle, personal information shall be discarded without delay once the purpose of collection and usage of personal information has been achieved. However, the Company may retain member information for a certain period designated by relevant regulations as below when the information needs to be preserved according to regulations of relevant laws.
- Records regarding indication/advertisement: 6 Months (Act on the Consumer Protection in Electronic Commerce, Etc.)
- Records regarding the contract, subscription withdrawal, etc.: 5 Years (Act on the Consumer Protection in Electronic Commerce, Etc.)
- Records regarding payment, provision of goods, etc.: 5 Years (Act on the Consumer Protection in Electronic Commerce, Etc.)
- Records regarding consumer complaint, dispute settlement, etc.: 3 Years (Act on the Consumer Protection in Electronic Commerce, Etc.)
- Records regarding collection/handling and usage of credit information: 3 Years (Act on the Consumer Protection in Electronic Commerce, Etc.)
- Provision of communication confirmation data: 3 Months (Protection of Communications Secrets Act)
Article 3 (Provision of Personal Information to Third Party)
The Company shall not provide personal information to a third party unless it pertains to Article 17 of the Personal Information Protection Act, such as separately given consents from the data subject or special regulations specified in the law, etc.
Article 4 (Consignment of Handling Personal Information)
- The Company has consigned the task of handling personal information as the following for smooth handling of personal information. NICE Information & Telecommunication: Agency for credit card payment authorization and purchases, birthday and corporate registration number for confirmation of payment, email address for contact regarding payment
- The Company has outlined obligations such as prohibition of handling personal information aside from purpose of consigned task, technical/․managerial protective measures, restriction of re-consignment, management/supervision regarding consignee, damage compensation, and others on the agreement and other documentations and is supervising whether the consignee is safely handling the personal information according to Article 25 of the Personal Information Protection Act following the conclusion of the consignment agreement.
- When the details of consigned task or consignee have changed, the Company shall disclose such changes according to its personal information handling policies.
Article 5 (Rights)
Rights, Obligations, and its Exercise as Provider of Information
The user may exercise the following rights as the individual provider of information and the provider of information can exercise the rights related to protection of personal information against Moaform at any time.
- Request for access to personal information
- Request for correction following error, etc.
- Request for deletion
- Request for stoppage of handling
Article 6 (Creation of Items for Personal Information Handled)
The Company is handling the following items of personal information.
- <Membership Registration>
Requirements: Name, email
Optional: Gender, birthday
- <Upon Purchase (Member)>
Requirements: Email, access IP information, service usage record, birthday, corporate registration number, credit card information, name, first 2 digits of credit card pin
- <Complaint Handling>
Article 7 (Matters Pertaining to Installation, Operation of Automatic Collection Device of Personal Information)
The Company may install and operate cookies which stores and regularly finds user data through the service it provides. The Company may use the customer data collected through cookies for the following purposes.
- Providing different information by individual member when creating a survey
- Providing specialized services by determining the fields of interest and taste of user through an analysis of access frequency or visiting time of member and non-member
- Providing individual response service by tracing the responded surveys
- Notifying usage period when using paid services
- Utilizing as criteria for service improvement and such through an analysis of user habits
Article 8 (Disposal of Personal Information)
The Company shall discard the corresponding personal information without delay upon achieving the purpose of handling personal information by principle. The procedure, period, and method of discarding are as below.
- Discarding Procedure
Information entered by user is moved to a separate DB after purpose has been achieved (Separate documentation for paperwork) and stored for a certain period according to internal policies and other relevant laws and then discarded immediately afterwards. At this time, personal information moved to DB is not used for any other purposes aside from legal purposes.
- Discarding Period
Personal information of user is discarded within 5 days from termination date of retention period when retention period for personal information has expired or within 5 days from the date when it is acknowledged that handling of personal information is unnecessary once that personal information has become unnecessary due to purpose achievement, closure of corresponding service, termination of project, etc.
Article 9 (Securing Safety for Personal Information)
The Company is taking technical/managerial and physical measures necessary to secure safety for personal information as below according to Article 29 of the Personal Information Protection Act.
- Minimization and Training of Employees Handling Personal Information
The Company is enforcing the plan to manage personal information by designating employees for handling personal information and limiting the scope to designated employees.
- Execution of Regular Internal Auditing
The Company is conducting an internal audit regularly (Once per quarter) to secure safety regarding handling of personal information.
- Encryption of Personal Information
Personal information and passwords of users are encrypted as they are stored and managed which only the user can know and all critical data utilize separate security functions such as encryption of files and transmitted data and file lock function.
- Technical Countermeasure for Hacking, Etc.
Moaform has installed security programs and conducts regular renewals and inspections to prevent leakage and corruption of personal information from computer virus and hacking and it has installed the system in an area with access restricted from the outside which is being technically/physically monitored and restricted.
- Restriction of Access to Personal Information
All necessary measures for controlling access to personal information are being taken through assignment, change, and termination of access rights to database system handling personal information and firewall system is being used to restrict unauthorized access from outside.
- Storage of Access Records and Prevention of Forgery/Falsification
Access records for personal information handling system are stored and managed for at least 6 months and security functions to prevent forgery, falsification, theft, and loss of access records have been implemented.
Article 10 (Designation of Chief Privacy Officer)
- The Company has designated the chief privacy officer as the following to oversee all tasks related to handling of personal information as well as handling complaints from information providers related and damage relief related to handling of personal information.
- Chief privacy officer
- Name: Myoung cheol Seo
- Position: CEO
- Title: President
- Contact: firstname.lastname@example.org
- Provider of information may inquire the chief privacy officer and relevant departments for matters regarding inquiries related to protection of personal information, complaint handling, damage relief, and others which incur during the usage of the service (Project) provided by the Company. The Company shall reply and handle all inquiries from provider of information without delay.