Privacy Policy
20241207
20240612-1
20240510-1
20191001-1
20171108-1
20170303-1
Article 1 (Purpose of Handling Personal Information)
Moaform (‘www.moaform.com’, hereinafter referred to as the “Service”) which is a service made and provided by Qoom Networks Inc. (Hereinafter referred to as the “Company”) handles personal information for the following purposes and the information shall not be used for any other purposes.
- Confirmation of intent to join the membership, personal identification/authentication following service provided to the customer, maintenance/management of member status, payment following provision of item or service, provision/delivery of item or service, etc.
- Statistical purposes for data without personal identification
- Purpose of advertisement that the member is a user of Moaform when the member is already using Moaform publicly to conduct or has conducted a survey
Article 2 (Handling and Retention Period of Personal Information)
- The Company shall handle and retain personal information within the retention/usage period of personal information according to retention/usage period of personal information with consent when collecting personal information from source of information or by law.
- In principle, personal information shall be discarded without delay once the purpose of collection and usage of personal information has been achieved. However, the Company may retain member information for a certain period designated by relevant regulations as below when the information needs to be preserved according to regulations of relevant laws.
- Records regarding indication/advertisement: 6 Months (Act on the Consumer Protection in Electronic Commerce, Etc.)
- Records regarding the contract, subscription withdrawal, etc.: 5 Years (Act on the Consumer Protection in Electronic Commerce, Etc.)
- Records regarding payment, provision of goods, etc.: 5 Years (Act on the Consumer Protection in Electronic Commerce, Etc.)
- Records regarding consumer complaint, dispute settlement, etc.: 3 Years (Act on the Consumer Protection in Electronic Commerce, Etc.)
- Records regarding collection/handling and usage of credit information: 3 Years (Act on the Consumer Protection in Electronic Commerce, Etc.)
- Provision of communication confirmation data: 3 Months (Protection of Communications Secrets Act)
Article 3 (Provision of Personal Information to Third Party)
- The Company shall not provide personal information to a third party unless it pertains to Article 17 of the Personal Information Protection Act, such as separately given consents from the data subject or special regulations specified in the law, etc.
- The Service's use and transfer to any other app of information received from Google APIs will adhere to [Google API Services User Data Policy], including the Limited Use requirements.
Article 4 (Consignment of Handling Personal Information)
- The Company has consigned the task of handling personal information as the following for smooth handling of personal information.
- Korea PortOne Co., Ltd.: Agency for credit card payment authorization and purchases, birthday and corporate registration number for confirmation of payment, email address for contact regarding payment
- GSMbiz Co., Ltd.: Recipients phone number for sending response reward coupons
- AWS: Server and DB
- The Company has outlined obligations such as prohibition of handling personal information aside from purpose of consigned task, technical/․managerial protective measures, restriction of re-consignment, management/supervision regarding consignee, damage compensation, and others on the agreement and other documentations and is supervising whether the consignee is safely handling the personal information according to Article 25 of the Personal Information Protection Act following the conclusion of the consignment agreement.
- When the details of consigned task or consignee have changed, the Company shall disclose such changes according to its personal information handling policies.
Article 5 (Third-party AI Model Utilization)
- The company uses third-party AI models in some features to provide better services.
- AI Form Creation
- Moaform provides the 'Create with AI' feature to produce forms requested by users, utilizing AI models from OpenAI, Inc.
- Data entered by users is transmitted to OpenAI's AI models and used solely for the purpose of generating forms.
- Forms generated are available for use on the Moaform platform.
- To provide the Create with AI' feature, Moaform utilizes the API platform from OpenAI, Inc., ensuring that the original data entered by users or the content generated by AI is neither stored on OpenAI, Inc.'s servers nor used for AI training by OpenAI, Inc.
- To use the ‘Create with AI' feature, users must activate it themselves; this process is considered consent to the use and processing of data by the AI model.
- Moaform provides detailed explanations about this feature, and users can discontinue its use at any time.
- AI Form Creation
- The company commits to responsible and ethical use of user data, and data processing is conducted transparently. User privacy and data security are prioritized, and all data processing complies with relevant laws and regulations.
- The company maintains transparency in all procedures related to the use of AI models. Users can check how their data is being used at any time and may request additional information if necessary.
Article 6 (Integration with External Services)
The company provides the functionality to integrate forms created by users on the Moaform service with various external services. When such external service integration occurs, the relevant data is transmitted to the servers of the respective service providers. The company adheres to the following guidelines.
- Users can integrate forms created on the Moaform service with external services for seamless data analysis, notifications, automation, and data management.
- During the integration process, data transmitted may include the contents of the form created by the user, response data, and user account information.
- By activating the external service integration feature, users are deemed to have consented to their data being transmitted to the servers of the external service providers.
- The company prioritizes the protection of users' personal information and complies with relevant laws and regulations when integrating with external services. After data transmission, the handling and security of the data by the integrated external services are subject to the policies of the respective external service providers.
- Users can disable the integration with most external services on the Moaform service, and upon disabling, data will no longer be transmitted to the respective external services. However, for some external services, integration can only be disabled through the respective external service's platform.
- The company continuously monitors the integration process to prevent any data leakage or personal information breaches and collaborates with external service providers to ensure safe data handling.
- In case of significant changes related to the integration with external services, the company will promptly disclose such changes through this Privacy Policy and notify users. The specific list of external services is detailed on each form’s 'Integrate' page.
- The company promises responsible and ethical use of user data, ensuring transparent data processing. Users can check how their data is being used at any time and request additional information if necessary.
Article 7 (Rights)
- Rights, Obligations, and its Exercise as Provider of Information. The user may exercise the following rights as the individual provider of information and the provider of information can exercise the rights related to protection of personal information against Moaform at any time.
- Request for access to personal information
- Request for correction following error, etc.
- Request for deletion
- Request for stopping of handling
- Rights from section 1 can be exercised through the company with letters, e-mail, customer support, etc. and the company will oblige without delay.
- When the user requests for deletion or correction regarding privacy information error, etc. company won’t use or reveal private information until correction or deletion is complete.
- Under age 14, section 1 rights can be exercised through legal representative, someone who is mandated, agent, etc. In this circumstance, legal representative has all rights.
- User should not violate Information and Communication Network Act, Privacy Act related laws to invade the privacy of your own or others’ that the company is processing.
Article 8 (Creation of Items for Personal Information Handled)
The Company is handling the following items of personal information.
- <Membership Registration>
Requirements: Name, email, password - <Upon Purchase (Member)>
Requirements: Email, access IP information, service usage record, birthday, corporate registration number, credit card information, name, first 2 digits of credit card pin - <Complaint Handling>
Requirement: Email
Article 9 (Matters Pertaining to Installation, Operation of Automatic Collection Device of Personal Information)
- The Company may install and operate cookies which stores and regularly finds user data through the service it provides. The Company may use the customer data collected through cookies for the following purposes.
- Providing different information by individual member when creating a survey
- Providing specialized services by determining the fields of interest and taste of user through an analysis of access frequency or visiting time of member and non-member
- Providing individual response service by tracing the responded surveys
- Notifying usage period when using paid services
- Utilizing as criteria for service improvement and such through an analysis of user habits
- User cannot deny installing cookies. If the user denies installing cookies, service may not operate normally. How to reject installing cookies is as following (Internet Explorer): go to the upper right corner of web browser, Tools>Internet options> Privacy> Settings > Sites > insert the address to the Address of website and click block.
Article 10 (Disposal of Personal Information)
The Company shall discard the corresponding personal information without delay upon achieving the purpose of handling personal information by principle. The procedure, period, and method of discarding are as below.
- Discarding Procedure
Information entered by user is moved to a separate DB after purpose has been achieved (Separate documentation for paperwork) and stored for a certain period according to internal policies and other relevant laws and then discarded immediately afterwards. At this time, personal information moved to DB is not used for any other purposes aside from legal purposes. - Discarding Period
Personal information of user is discarded within 5 days from termination date of retention period when retention period for personal information has expired or within 5 days from the date when it is acknowledged that handling of personal information is unnecessary once that personal information has become unnecessary due to purpose achievement, closure of corresponding service, termination of project, etc.
Article 11 (Securing Safety for Personal Information)
The Company is taking technical/managerial and physical measures necessary to secure safety for personal information as below according to Article 29 of the Personal Information Protection Act.
- Minimization and Training of Employees Handling Personal Information
The Company is enforcing the plan to manage personal information by designating employees for handling personal information and limiting the scope to designated employees. - Execution of Regular Internal Auditing
The Company is conducting an internal audit regularly (Once per quarter) to secure safety regarding handling of personal information. - Encryption of Personal Information
Personal information and passwords of users are encrypted as they are stored and managed which only the user can know and all critical data utilize separate security functions such as encryption of files and transmitted data and file lock function. - Technical Countermeasure for Hacking, Etc.
Moaform has installed security programs and conducts regular renewals and inspections to prevent leakage and corruption of personal information from computer virus and hacking and it has installed the system in an area with access restricted from the outside which is being technically/physically monitored and restricted. - Restriction of Access to Personal Information
All necessary measures for controlling access to personal information are being taken through assignment, change, and termination of access rights to database system handling personal information and firewall system is being used to restrict unauthorized access from outside. - Storage of Access Records and Prevention of Forgery/Falsification
Access records for personal information handling system are stored and managed for at least 6 months and security functions to prevent forgery, falsification, theft, and loss of access records have been implemented.
Article 12 (Designation of Chief Privacy Officer)
- The Company has designated the chief privacy officer as the following to oversee all tasks related to handling of personal information as well as handling complaints from information providers related and damage relief related to handling of personal information.
- Chief privacy officer
- Name: Myoung cheol Seo
- Position: CEO
- Title: President
- Contact: mcseo@qoom.net - Provider of information may inquire the chief privacy officer and relevant departments for matters regarding inquiries related to protection of personal information, complaint handling, damage relief, and others which incur during the usage of the service (Project) provided by the Company. The Company shall reply and handle all inquiries from provider of information without delay.
Article 13 (Change of Privacy Policy)
- The Company will post the contents of this privacy policy along with its name, business address, email address, corporate registration number, mail-order business registration number, chief privacy officer along with other information through a connection display.
- The Company shall notify the user that the act of joining membership is giving consent to privacy policy and let the user view the contents of privacy policy through connection display.
- The Company can amend this privacy policy within the scope that does not violate relevant laws.
- The Company shall allow the users to see the currently implemented privacy policy as well as the amended privacy policy and outline the grounds for amended upon amendment of privacy policy and announce the amended privacy policy on the service notice board for all users from 7 days prior to 1 day prior to implementation of amended privacy policy and send the details of amendment 7 days prior to implementation of amended privacy policy via individual email addresses of members.
- The Company shall notify the members of amendment through method as outlined in Clause 1 when privacy policy is amended and the Company shall acknowledge the user giving consent to the amended privacy policy unless the user notifies objection to the Company between 7 days and 1 day prior to implementation of amended privacy policy.