PRIVACY POLICY

<2020.12.16>

QMIT Inc. (hereinafter referred to as the “Company”) respects privacy of individual users (“User”) and is committed to protecting it through the Company’s compliance with this Privacy Policy (hereinafter referred to as this “Policy”). This Policy is applicable to personal information collected in “plco” application services (“Application”) operated by the Company. 

The Company is the controller of the personal information provided by a User or collected from a User in the Application. This Policy describes the types of personal information the Company may collect from a User or that User may provide, and the Company’s practices and purpose for collecting, using, maintaining, protecting, and disclosing the personal information. The Company endeavors to process user’s personal information in compliance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”), and with the Korean Personal Information Protection Act (“PIPA”) and any other applicable data protection law.

This Policy shall take effect on December 16, 2020 and, in case of modification thereof, the Company will make public notice of it by posting them on the Company’s Application or by using other methods (via text, e-mail, messenger or pop-up screen requesting acceptance at the time of a sign-in). 

Personal information to be collected

(1) Personal information provided by Users 

The Company collects personal information as follows: 

Type of Users Type of Personal Information Items
Member Required Information Name, nationality, gender, date of birth, e-mail address, phone number, profile picture 
Optional Information  Height, weight, career as a professional athlete (name of the club, logo, position, duration), academic background, name of the club, winning record, pictures 
Information collected while using the Application Physical condition (physical health, mental well-being, bedtime, wake-up time, sleep quality), training load (exercise intensity, start time and finish time of a satisfactory training exercise), injuries (areas of pain, intensity, condition, time) 
Admin Required Information Name, nationality, gender, date of birth, e-mail address, phone number, profile picture 
Optional Information  Height, weight, career as a professional athlete (name of the club, logo, position, duration), education, name of the club, winning record, pictures 

 

(2) Personal information collected while User’s use of Application 

Besides the personal information directly provided by the Users, the Company may also collect the following personal information that are automatically created during a User’s use of the Application: 

  • IP address, cookie, equipment information, operation system, hardware information, language settings of equipment, country setting, log data, use time, use and faults records

(3) Personal information collected from a third party service provider 

The Company may receive the following personal information from third party service providers at the time of a User’s registration, depending on the User’s selected social media: 

Service Provider Collected Information  Purpose 
Facebook, Inc. Identifier, name, email address, profile picture To register as a user at the Application
Google LLC Identifier, email address, profile picture
Kakao Corp. Identifier, profile pictures, username, email address
Apple Inc. Identifier, namer, email address

 

2. Use of collected personal information 

The Company uses the collected personal information of Users for the following purposes: 

(1)User identification and management 

    • In order to provide a membership based service, the Company collects personal information to (i) identify users, (ii) confirm a user’s intent to register, (iii) restrict any registration or the number of registration, (iv) secure communication, (v) respond to customer inquiries, (vi) provide new information and notices, (vii) prevent bad members from using the Application, (viii) prevent unauthorized use, (ix) preserve records for identification and dispute settlement, (x) handle complaints, etc.

(2) To provide plco service 

    • As part of the Application’s functions, the Company collects personal information to (i) confirm identification information, (ii) allow users to share information, (iii) post information on a third party social media services based on a User’s request, (iv) prevent any misuse that may harm Users in contrary to the terms of use or applicable laws.

(3) To fulfill the Company’s contractual obligation for its provision of services, and to settle any fees for the paid services when necessary

    • The Company collects personal information for purchase of paid service, payment, and delivery of goods and services, etc.

(4) To improve and develop services 

    • The Company collects personal information to (i) provide customized services based on demographic analysis, analysis of access and usage records, personal connections and interests, (ii) improve its existing service by discovering new service elements such as users’ building relationship based on personal information and interests, etc.  

(5) To provide marketing and advertising information in accordance with applicable laws

    • The Company collects personal information to (i) announce new functions, usage method and usage benefit information, (ii) post advertisements and provide opportunities to participate in various events, (iii) comply with applicable laws and regulations by providing statistical data on response to the advertisements to external recipients, etc.  

(6) To process pseudonymized information according to laws and regulations

    • The Company collects personal information to process pseudonymized information for statistics preparation, scientific research, and to preserve records for public interest

(7) To comply with applicable laws or legal obligation 

(8) To pursue legitimate interest of the Company, except where such interests are overridden by the interests or fundamental rights and freedoms of the users

(9) To use personal information with prior consent of the users 

The Company agrees that it will obtain consent from each user, if the Company desires to use the personal information for any purposes other than those expressly stated in this Policy.

 

3. Disclosure and consignment of personal information 

(1) Disclosure of personal information 

During the use of the Application, the User’s player profile and other information that the User has selectively entered into that are related to such User’s condition, training load, injury, etc. may be disclosed among the connected Users. In addition, when a User invites the other party, the name, profile picture, and some information may be disclosed to the invitee to identify the host. When a User requests to share his or her information on an external social media service or website, such User’s information will be posted on the corresponding media.

(2) Disclosure of personal information to a third party 

The Company will disclose personal information to a third party only if the User consents to such disclosure or such disclosure is required by laws. 

(3) User’s club, corporation, or organization

Upon the User’s consent, personal information will be provided to the club, company, or organization to which the User belongs to as a player as follows.

    • Recipient of personal information: The club, corporation, or organization of which the User is a player
    • Recipient’s purpose of using personal information: Analysis of User’s status, guidance, setting up a training plan, notification of training plans, operation of the User’s affiliated teams, etc.
    • Personal information provided: All information entered by the User (name, nationality, gender, date of birth, email, phone number, profile picture, height, weight, career as a professional athlete (name of the club, logo, position, duration), education, name of the club, winning record, pictures, physical condition (physical health, mental well-being, bedtime, wake-up time, sleep quality), training load (exercise intensity, start time and finish time of a satisfactory training exercise), injuries (areas of pain, intensity, condition, time)
    • Retention/use period of the recipient: During the User’s membership at the club (unless a separate agreement between the User and the Club states otherwise, or preservation of personal information is necessary under the applicable law)

(4) Consignment of personal information

To provide its services, the Company consigns an external professional company or companies (subcontractors) to process personal information as described in this Article 3. This consigned processing of personal information is carried out by each subcontractor, only if necessary to obtain such processing services. 

In consigning process of personal information, in order to protect the personal information, the Company will expressly state in its agreement with the subcontractors that those subcontractors will safely process and protect personal information in accordance with the applicable laws and regulations. 

In case any of the below subcontractors are changed, the Company will immediately announce the change by amending this Policy. 

(a) Google LLC 

Name of subcontractor Google LLC
Contact Information  1-855-817-0841
Purpose and Description of consigned works  Operation of system and storing data
Provided items  All personal information collected on the Application 
Date of data provision When personal information is collected
Method of provision Storing personal information on Google Cloud computing services 
Term of Data Usage Until expiration of personal information 
Country of Destination United States of America

 

(b) Twilio Inc. 

Name of subcontractor Twilio Inc. 
Contact Information  3-531-592-1002
Purpose and Description of consigned works  Sending text messages for identity verifications 
Provided items  Phone number  
Date of data provision When verification of phone number is requested
Method of provision Transfer via network when API is called 
Term of Data Usage Information will be deleted 30 days after the call at the latest  
Country of Destination United States of America

 

(c)Mailgun Technologies, Inc. 

Name of subcontractor Mailgun Technologies, Inc.
Contact Information  privacy@mailgun.com
Purpose and Description of consigned works  Sending email messages for identity verifications 
Provided items  Email address
Date of data provision When email verification is requested or when email is sent 
Method of provision Transfer via network when API is called 
Term of Data Usage Information will be deleted 30 days after the call at the latest  
Country of Destination Unites States of America

 

4. International transfers 

Many of the Company’s external third parties are based outside the EEA so their processing of a User’s personal information will involve a transfer of data outside the EEA. Whenever the Company transfers User’s personal information out of the EEA, the Company will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

(a)The Company will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

(b)Where the Company uses certain service providers, the Company may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.  

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

5. Period for retention and use of personal information 

In principle, the Company destructs personal information of users without delay when: the purpose of its collection and use has been achieved; a user withdraws from the Website; the legal or management needs are satisfied; or receipt of users’ request. However, the Company will retain the following information for the duration as set forth below, as required by relevant laws and regulations:

(1) Retention pursuant to the Company’s internal policy: 

(a) Record of unauthorized use: 1 year (to prevent unauthorized use)

(2) Retention under the applicable laws and regulations: 

(a)Record regarding contract or withdrawal of subscription in case of electronic commerce: 5 years (The Act on Consumer Protection in Electronic Commerce)
(b) Record on payment and supply of goods in case of electronic commerce: 5 years (The Act on Consumer Protection in Electronic Commerce)
(c) Record on consumer complaint or dispute treatment in case of electronic commerce: 3 years (The Act on Consumer Protection in Electronic Commerce)
(d) Log record of users such as internet/data detecting the place of user connection: 3 months (The Protection of Communications Secrets Act) 

6. Procedure and method of destruction of personal information 

In principle, the Company destructs the personal information immediately after the Company has achieved the purpose of its collection and use, and the period for retention described in Section 5 is expired without delay; provided that, if any personal information is to be retained as required by relevant laws and regulations, the Company will retain it for the duration as required by those laws and regulations before destruction and, in such event, the personal information which is stored and managed separately will not be used for other purposes. 

The Company destructs personal information as follows: 

(1) Process of destruction 

After the purpose is achieved, the personal information provided by the User for registration for the Company’s services will be transferred to a separate database or storage location and stored for the duration as required by the Company’s internal policy or applicable laws to protect the information (please refer to the period for retention and use of personal information) before destruction. Personal information stored as set forth above will not be used for any purpose other than the specified purpose.

(2) Method of destruction 

The Company destroys hard copies of personal information by shredding with a shredder or incinerating it; and delete personal information stored in the form of electronic file by using method to make that personal information cannot be restored.

7. Cookies and Similar Technologies 

The Company may collect collective and impersonal information through “cookies.” Cookies are very small text files to be sent to the storage device of the Users from the server used for operation of the Application. Cookies are transferred in a format that is only readable on the website server, and will be stored under a directory of a browser used by the User. When cookies cannot be used, such as in a mobile application setting, any other technology that could perform similar functions as a cookie (e.g., advertising identifier) may be used. The Users have an option for cookie installation. Users may either allow all cookies by setting option in web browser, make each cookie checked whenever it is saved, or refuse all cookies to be saved; provided that, if a user rejects the installation of cookies, it may be difficult for such User to use services provided by the Company in whole or in part which requires signing in.

8. User’s Legal Rights

The Users or their legal representatives, as main agents of the personal information, may exercise the following rights regarding the collection, use and sharing of personal information by the Company: 

(1) Request access to personal information; 

(2) Request corrections or erasure of personal information; 

    • Users and legal representatives may access and correct their registered personal information at any time. Users or legal representatives may click the personal information registered at the Application for access and modification, or directly access or modify by clicking the settings menu. 
  1. (3) Object to processing of personal information or request temporary suspension or restriction of processing personal information; 
    • If a User or legal representative wants to withdraw from membership, they can do so by signing into the mobile application or website and clicking “Settings – Withdraw from plco”. If it is difficult to withdraw directly, the Company may take necessary actions without undue delay if User requests for withdrawal in writing, by phone or email.

(4) Request transfer of personal information; 

(5) Request information, in case of automated decision-making processes, of the logic underlying the system and the importance and consequences envisaged by the processing for the user concerned; or

(6) Withdraw consent. 

If a User contacts the Company (or personal information manager or a deputy) via electronic mail or telephone in order to exercise any of the above rights as a User, the Company will take measures without delay; provided that the Company may reject a User’s request only to the extent that there exists either a proper cause as prescribed in the laws or an equivalent cause.

User’s withdrawal of consent will not affect the lawfulness of any processing carried out before such withdrawal of consent. If a user withdraws consent, the Company may not be able to provide certain products or services to such user. The Company will advise that user if this is the case at the time he or she withdraws consent.

Users have right to file complaints with supervisory authority. The Company requests such users to contact the Company or its DPO before submitting any complaints with the said supervisory authority to seek a mutually acceptable solution.

It is important that personal information the Company holds about a User is accurate and current. Users shall keep the Company informed if any of the user’s personal information changes. 

9. User’s Obligation. 

User shall also ensure that their personal information is secure. Users shall protect personal information by choosing sufficiently strong password and keep his or her credentials and password confidential at all times. A User has obligation to not infringe a third party’s personal information. A User shall refrain from disclosing his or her personal information such as password, and from damaging a third party’s personal information, including any postings. 

10. Measures to protect personal information

In order to prevent the loss, theft, unauthorized disclosure, leakage, alteration or damage of personal information of the users, the Company has implemented system of protection. Such measures include technical and managerial measures for security as follows:

(1) Technical Measures 

(a) Preventive measures against data leakage due to hacking and computer virus
(b) Encrypt and pseudonymize certain personal information
(c) Transmit personal information using security servers
(d) Firewall system to block unauthorized access from outside 

(2) Managerial Measures

(a) Appoint a person in charge of protecting personal information
(b) Provide a separate password for the person in charge and regularly update the same
(c) Provide education and training for the person in charge to ensure compliance with the Company’s Policy
(d) Operate an internal group specializing in protection of personal information; ensure that the Company and its personnel are in compliance with the Policy, and promptly correct any non-compliance.

11. Contact Information

Please use one of the following methods to contact the Company should you have any queries in respect to this policy or wish to update your personal information: 

(1) Data Protection Officer 

Name: Sang-ki Lee
Position: CEO
Email: plco_help@qmit.kr

(2) Department in charge of privacy protection 

Team: Business Team
Phone: +82-2-853-1201
Email: plco_help@qmit.kr

12. Modification of Privacy Policy 

The Company has the right to amend or modify this Policy from time to time and, in such case, the Company will make a public notice of it through plco’s website (www.plco.site) or the “Notice” of the Application by at least 7 days prior to implementing such modifications. Provided, however, if any rights of the Users are under material change, the Company will make a public notice by at least 30 days prior to implementation and obtain consent from the Users if required by relevant laws.

13. Miscellaneous 

This Policy will not be applicable to the collection and processing of personal information performed by third party service providers, such as any websites that are linked at the Application. 

 

The latest update date: December 16,2020

PRIVACY POLICY

<2020.11.19>

QMIT Inc. (hereinafter referred to as the “Company”) respects privacy of individual users (“User”) and is committed to protecting it through the Company’s compliance with this Privacy Policy (hereinafter referred to as this “Policy”). This Policy is applicable to personal information collected in “plco” application services (“Application”) operated by the Company. 

The Company is the controller of the personal information provided by a User or collected from a User in the Application. This Policy describes the types of personal information the Company may collect from a User or that User may provide, and the Company’s practices and purpose for collecting, using, maintaining, protecting, and disclosing the personal information. The Company endeavors to process user’s personal information in compliance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”), and with the Korean Personal Information Protection Act (“PIPA”) and any other applicable data protection law.

This Policy shall take effect on November 19, 2020 and, in case of modification thereof, the Company will make public notice of it by posting them on the Company’s Application or by using other methods (via text, e-mail, messenger or pop-up screen requesting acceptance at the time of a sign-in). 

Personal information to be collected

(1) Personal information provided by Users 

The Company collects personal information as follows: 

Type of Users Type of Personal Information Items
Member Required Information Name, nationality, gender, date of birth, e-mail address, phone number, profile picture 
Optional Information  Height, weight, career as a professional athlete (name of the club, logo, position, duration), academic background, name of the club, winning record, pictures 
Information collected while using the Application Physical condition (physical health, mental well-being, bedtime, wake-up time, sleep quality), training load (exercise intensity, start time and finish time of a satisfactory training exercise), injuries (areas of pain, intensity, condition, time) 
Admin Required Information Name, nationality, gender, date of birth, e-mail address, phone number, profile picture 
Optional Information  Height, weight, career as a professional athlete (name of the club, logo, position, duration), education, name of the club, winning record, pictures 

 

(2) Personal information collected while User’s use of Application 

Besides the personal information directly provided by the Users, the Company may also collect the following personal information that are automatically created during a User’s use of the Application: 

  • IP address, cookie, equipment information, operation system, hardware information, language settings of equipment, country setting, log data, use time, use and faults records

(3) Personal information collected from a third party service provider 

The Company may receive the following personal information from third party service providers at the time of a User’s registration, depending on the User’s selected social media: 

Service Provider Collected Information  Purpose 
Facebook, Inc. Identifier, name, email address, profile picture To register as a user at the Application
Google LLC Identifier, email address, profile picture
Kakao Corp. Identifier, profile pictures, username, email address

 

2. Use of collected personal information 

The Company uses the collected personal information of Users for the following purposes: 

(1)User identification and management 

    • In order to provide a membership based service, the Company collects personal information to (i) identify users, (ii) confirm a user’s intent to register, (iii) restrict any registration or the number of registration, (iv) secure communication, (v) respond to customer inquiries, (vi) provide new information and notices, (vii) prevent bad members from using the Application, (viii) prevent unauthorized use, (ix) preserve records for identification and dispute settlement, (x) handle complaints, etc.

(2) To provide plco service 

    • As part of the Application’s functions, the Company collects personal information to (i) confirm identification information, (ii) allow users to share information, (iii) post information on a third party social media services based on a User’s request, (iv) prevent any misuse that may harm Users in contrary to the terms of use or applicable laws.

(3) To fulfill the Company’s contractual obligation for its provision of services, and to settle any fees for the paid services when necessary

    • The Company collects personal information for purchase of paid service, payment, and delivery of goods and services, etc.

(4) To improve and develop services 

    • The Company collects personal information to (i) provide customized services based on demographic analysis, analysis of access and usage records, personal connections and interests, (ii) improve its existing service by discovering new service elements such as users’ building relationship based on personal information and interests, etc.  

(5) To provide marketing and advertising information in accordance with applicable laws

    • The Company collects personal information to (i) announce new functions, usage method and usage benefit information, (ii) post advertisements and provide opportunities to participate in various events, (iii) comply with applicable laws and regulations by providing statistical data on response to the advertisements to external recipients, etc.  

(6) To process pseudonymized information according to laws and regulations

    • The Company collects personal information to process pseudonymized information for statistics preparation, scientific research, and to preserve records for public interest

(7) To comply with applicable laws or legal obligation 

(8) To pursue legitimate interest of the Company, except where such interests are overridden by the interests or fundamental rights and freedoms of the users

(9) To use personal information with prior consent of the users 

The Company agrees that it will obtain consent from each user, if the Company desires to use the personal information for any purposes other than those expressly stated in this Policy.

 

3. Disclosure and consignment of personal information 

(1) Disclosure of personal information 

During the use of the Application, the User’s player profile and other information that the User has selectively entered into that are related to such User’s condition, training load, injury, etc. may be disclosed among the connected Users. In addition, when a User invites the other party, the name, profile picture, and some information may be disclosed to the invitee to identify the host. When a User requests to share his or her information on an external social media service or website, such User’s information will be posted on the corresponding media.

(2) Disclosure of personal information to a third party 

The Company will disclose personal information to a third party only if the User consents to such disclosure or such disclosure is required by laws. 

(3) User’s club, corporation, or organization

Upon the User’s consent, personal information will be provided to the club, company, or organization to which the User belongs to as a player as follows.

    • Recipient of personal information: The club, corporation, or organization of which the User is a player
    • Recipient’s purpose of using personal information: Analysis of User’s status, guidance, setting up a training plan, notification of training plans, operation of the User’s affiliated teams, etc.
    • Personal information provided: All information entered by the User (name, nationality, gender, date of birth, email, phone number, profile picture, height, weight, career as a professional athlete (name of the club, logo, position, duration), education, name of the club, winning record, pictures, physical condition (physical health, mental well-being, bedtime, wake-up time, sleep quality), training load (exercise intensity, start time and finish time of a satisfactory training exercise), injuries (areas of pain, intensity, condition, time)
    • Retention/use period of the recipient: During the User’s membership at the club (unless a separate agreement between the User and the Club states otherwise, or preservation of personal information is necessary under the applicable law)

(4) Consignment of personal information

To provide its services, the Company consigns an external professional company or companies (subcontractors) to process personal information as described in this Article 3. This consigned processing of personal information is carried out by each subcontractor, only if necessary to obtain such processing services. 

In consigning process of personal information, in order to protect the personal information, the Company will expressly state in its agreement with the subcontractors that those subcontractors will safely process and protect personal information in accordance with the applicable laws and regulations. 

In case any of the below subcontractors are changed, the Company will immediately announce the change by amending this Policy. 

(a) Google LLC 

Name of subcontractor Google LLC
Contact Information  1-855-817-0841
Purpose and Description of consigned works  Operation of system and storing data
Provided items  All personal information collected on the Application 
Date of data provision When personal information is collected
Method of provision Storing personal information on Google Cloud computing services 
Term of Data Usage Until expiration of personal information 
Country of Destination United States of America

 

(b) Twilio Inc. 

Name of subcontractor Twilio Inc. 
Contact Information  3-531-592-1002
Purpose and Description of consigned works  Sending text messages for identity verifications 
Provided items  Phone number  
Date of data provision When verification of phone number is requested
Method of provision Transfer via network when API is called 
Term of Data Usage Information will be deleted 30 days after the call at the latest  
Country of Destination United States of America

 

(c)Mailgun Technologies, Inc. 

Name of subcontractor Mailgun Technologies, Inc.
Contact Information  privacy@mailgun.com
Purpose and Description of consigned works  Sending email messages for identity verifications 
Provided items  Email address
Date of data provision When email verification is requested or when email is sent 
Method of provision Transfer via network when API is called 
Term of Data Usage Information will be deleted 30 days after the call at the latest  
Country of Destination Unites States of America

 

4. International transfers 

Many of the Company’s external third parties are based outside the EEA so their processing of a User’s personal information will involve a transfer of data outside the EEA. Whenever the Company transfers User’s personal information out of the EEA, the Company will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

(a)The Company will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

(b)Where the Company uses certain service providers, the Company may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.  

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

5. Period for retention and use of personal information 

In principle, the Company destructs personal information of users without delay when: the purpose of its collection and use has been achieved; a user withdraws from the Website; the legal or management needs are satisfied; or receipt of users’ request. However, the Company will retain the following information for the duration as set forth below, as required by relevant laws and regulations:

(1) Retention pursuant to the Company’s internal policy: 

(a) Record of unauthorized use: 1 year (to prevent unauthorized use)

(2) Retention under the applicable laws and regulations: 

(a)Record regarding contract or withdrawal of subscription in case of electronic commerce: 5 years (The Act on Consumer Protection in Electronic Commerce)
(b) Record on payment and supply of goods in case of electronic commerce: 5 years (The Act on Consumer Protection in Electronic Commerce)
(c) Record on consumer complaint or dispute treatment in case of electronic commerce: 3 years (The Act on Consumer Protection in Electronic Commerce)
(d) Log record of users such as internet/data detecting the place of user connection: 3 months (The Protection of Communications Secrets Act) 

6. Procedure and method of destruction of personal information 

In principle, the Company destructs the personal information immediately after the Company has achieved the purpose of its collection and use, and the period for retention described in Section 5 is expired without delay; provided that, if any personal information is to be retained as required by relevant laws and regulations, the Company will retain it for the duration as required by those laws and regulations before destruction and, in such event, the personal information which is stored and managed separately will not be used for other purposes. 

The Company destructs personal information as follows: 

(1) Process of destruction 

After the purpose is achieved, the personal information provided by the User for registration for the Company’s services will be transferred to a separate database or storage location and stored for the duration as required by the Company’s internal policy or applicable laws to protect the information (please refer to the period for retention and use of personal information) before destruction. Personal information stored as set forth above will not be used for any purpose other than the specified purpose.

(2) Method of destruction 

The Company destroys hard copies of personal information by shredding with a shredder or incinerating it; and delete personal information stored in the form of electronic file by using method to make that personal information cannot be restored.

7. Cookies and Similar Technologies 

The Company may collect collective and impersonal information through “cookies.” Cookies are very small text files to be sent to the storage device of the Users from the server used for operation of the Application. Cookies are transferred in a format that is only readable on the website server, and will be stored under a directory of a browser used by the User. When cookies cannot be used, such as in a mobile application setting, any other technology that could perform similar functions as a cookie (e.g., advertising identifier) may be used. The Users have an option for cookie installation. Users may either allow all cookies by setting option in web browser, make each cookie checked whenever it is saved, or refuse all cookies to be saved; provided that, if a user rejects the installation of cookies, it may be difficult for such User to use services provided by the Company in whole or in part which requires signing in.

8. User’s Legal Rights

The Users or their legal representatives, as main agents of the personal information, may exercise the following rights regarding the collection, use and sharing of personal information by the Company: 

(1) Request access to personal information; 

(2) Request corrections or erasure of personal information; 

    • Users and legal representatives may access and correct their registered personal information at any time. Users or legal representatives may click the personal information registered at the Application for access and modification, or directly access or modify by clicking the settings menu. 
  1. (3) Object to processing of personal information or request temporary suspension or restriction of processing personal information; 
    • If a User or legal representative wants to withdraw from membership, they can do so by signing into the mobile application or website and clicking “Settings – Withdraw from plco”. If it is difficult to withdraw directly, the Company may take necessary actions without undue delay if User requests for withdrawal in writing, by phone or email.

(4) Request transfer of personal information; 

(5) Request information, in case of automated decision-making processes, of the logic underlying the system and the importance and consequences envisaged by the processing for the user concerned; or

(6) Withdraw consent. 

If a User contacts the Company (or personal information manager or a deputy) via electronic mail or telephone in order to exercise any of the above rights as a User, the Company will take measures without delay; provided that the Company may reject a User’s request only to the extent that there exists either a proper cause as prescribed in the laws or an equivalent cause.

User’s withdrawal of consent will not affect the lawfulness of any processing carried out before such withdrawal of consent. If a user withdraws consent, the Company may not be able to provide certain products or services to such user. The Company will advise that user if this is the case at the time he or she withdraws consent.

Users have right to file complaints with supervisory authority. The Company requests such users to contact the Company or its DPO before submitting any complaints with the said supervisory authority to seek a mutually acceptable solution.

It is important that personal information the Company holds about a User is accurate and current. Users shall keep the Company informed if any of the user’s personal information changes. 

9. User’s Obligation. 

User shall also ensure that their personal information is secure. Users shall protect personal information by choosing sufficiently strong password and keep his or her credentials and password confidential at all times. A User has obligation to not infringe a third party’s personal information. A User shall refrain from disclosing his or her personal information such as password, and from damaging a third party’s personal information, including any postings. 

10. Measures to protect personal information

In order to prevent the loss, theft, unauthorized disclosure, leakage, alteration or damage of personal information of the users, the Company has implemented system of protection. Such measures include technical and managerial measures for security as follows:

(1) Technical Measures 

(a) Preventive measures against data leakage due to hacking and computer virus
(b) Encrypt and pseudonymize certain personal information
(c) Transmit personal information using security servers
(d) Firewall system to block unauthorized access from outside 

(2) Managerial Measures

(a) Appoint a person in charge of protecting personal information
(b) Provide a separate password for the person in charge and regularly update the same
(c) Provide education and training for the person in charge to ensure compliance with the Company’s Policy
(d) Operate an internal group specializing in protection of personal information; ensure that the Company and its personnel are in compliance with the Policy, and promptly correct any non-compliance.

11. Contact Information

Please use one of the following methods to contact the Company should you have any queries in respect to this policy or wish to update your personal information: 

(1) Data Protection Officer 

Name: Sang-ki Lee
Position: CEO
Email: plco_help@qmit.kr

(2) Department in charge of privacy protection 

Team: Business Team
Phone: +82-2-853-1201
Email: plco_help@qmit.kr

12. Modification of Privacy Policy 

The Company has the right to amend or modify this Policy from time to time and, in such case, the Company will make a public notice of it through plco’s website (www.plco.site) or the “Notice” of the Application by at least 7 days prior to implementing such modifications. Provided, however, if any rights of the Users are under material change, the Company will make a public notice by at least 30 days prior to implementation and obtain consent from the Users if required by relevant laws.

13. Miscellaneous 

This Policy will not be applicable to the collection and processing of personal information performed by third party service providers, such as any websites that are linked at the Application. 

 

The latest update date: November 19, 2020