Privacy Policy
- Announcement Date :
- 2024.04.24
- Effective Date:
- 2024.04.24
NHN Cloud Corp ("the Company") complies with the Republic of Korea’s Personal Information Protection Act and relevant laws and regulations that personal information processors are required to observe, and is committed to protecting the rights of users by establishing NHN Cloud Privacy Policy in accordance with applicable laws and regulations.
Privacy policy of AppPaaS contains the following.
- 1. Collected personal information items and collection method
- 2. Purpose of collection and use of personal information
- 3. Sharing and provision of personal information
- 4. Consignment of personal information processing
- 5. Period of retention and use of personal information
- 6. Procedure and methods of destruction of personal information
- 7. Rights of users and their legal representatives and how to exercise the rights
- 8. Installation, operation, and rejection of personal information auto collection devices
- 9. Matters concerning online personalized advertising
- 10. Measures to secure the safety of personal information
- 11. Contact Information of the chief privacy officer
- 12. Others
- 13. Duty to notify
1. Collected personal information items and collection method
A. Collected personal information items
The following personal information is collected during the service member sign up process.
- GitHub profile picture, GitHub account (Username, Email Address), GitHub name, additional email addresses
- Survey content(Member Type, Affiliation, Role, Purpose of Use, Expectations)
In addition, the following information may be generated and collected in the course of using the service.
- IP address, cookies, date and time of visit, service usage history, fraudulent usage history, device information (device identification unique information, device environment information, advertising ID, basic statistics on service usage), payment and purchase history
B. Methods of personal information collection
The Company collects personal information in the following ways.
- Website, mobile device, written format, fax, phone, consultation bulletin board, email, event submission, and delivery requests
- Provision by partner companies
- Collection via generated information collection tools
2. Purpose of collecting and using personal information
The Company uses the collected personal information for the following purposes.
- For membership registration, smooth customer counseling, provision of services promised to members, and service usage history.
- To manage members: identify members, confirm the their sign-ups and withdrawals, and to process their inquiries and complaints.
- To protect members and to operate services:such as restricting services for members breaching the law and terms of use, preventing and regulating unauthorized acts including illegal use that interfere with the service stable operation, preventing account theft and fraudulent transactions, sending notices, and to dispute settlement.
- To provide services according to demographic characteristics, analyze the frequency of access, improve functions, provide statistics on service use, and provide new services that reflect members' propensity to purchase products and use services based on service analysis and statistics, interests, and usage history analysis.
- To inform about events, marketing promotions, etc.
3. Sharing and providing of personal information
The Company uses personal information within the described scope of "2. Purpose of collection and use of personal information" and does not use personal information beyond the scope without the prior consent of users or provide users’ personal information in principle, except for the following cases.
- When users give a prior consent
- When required by laws and regulations, or requested by an investigation agency in accordance with procedures and methods stipulated in the laws for the investigation purpose
4. Consignment of personal information processing
For service improvement, the Company consigns processing of the personal information as follows, and establishes requirements so that the personal information can be managed securely when concluding a consignment contract, in accordance with the relevant laws and regulations. Below are the organizations that act as a consignee for personal information and the details of consignment work. (Reconsignee is marked as *.)
Consignee | Consignment work | Retention and use period of personal information |
---|---|---|
NHN Enterprise Corp | Service operation, customer service, quality control, and service testing | Until withdrawal of membership or termination of consignment contract |
NHN Corp., *NHN Service Corp. | Service operation, customer service, quality control, and service testing |
5. Retention and use period of personal information
In principle, the Company retains the user's personal information until the user withdraws from the membership. However, if required by the regulations from the applicable laws, such as commercial law and the Act on the consumer protection in electronic commerce transactions, etc., the company retains the membership information for a certain period of time stipulated by the applicable laws. In this case, the company uses the retained information only for the specific purpose of retention. The retention period is as follows.
- Log records related to service usage
- Reason for retention: Protection of Communications Secrets Act
- Retention period: 3 months
- Records related to resolution of consumer complaints or disputes
- Reason for retention: Act on the consumer protection in electronic commerce transactions, etc.
- Retention period: 3 years
- Records of contracts or subscription withdrawal
- Reason for retention: Act on the consumer protection in electronic commerce transactions, etc.
- Retention period: 5 years
- Records on payment and supply of goods
- Reason for retention: Act on the consumer protection in electronic commerce transactions, etc.
- Retention period: 5 years
- Records of tax invoice issuance for e-invoice service users only
- Reason for retention: To notify businesses in charge of building and operating electronic (tax) bill systems
- Retention period: 3 years
6. Procedures and methods for destroying personal information
In principle, the Company destroys the information without delay once the purpose of collection and use of the personal information is achieved.
The destruction procedure and method are as follows.
A. Destruction procedures
The information entered by the user for signing up and such will be transferred to a separate DB (separate filing cabinet) once its purpose has been achieved. This information will be retained for a certain period of time and destroyed according to the reasons for protecting the information as per internal policies and other relevant laws (refer to 5. Retention and use period of personal information). This personal information is not used for any other purposes unless specified by the laws.
B. Destruction method
Personal information printed on paper is either shredded through a shredder or destroyed by incineration. Personal information stored in the form of electronic files is deleted using a technical method that makes the record unrecoverable.
7. Rights of users and their legal representatives and exercising the rights
Users and their legal representatives may view or modify the personal information of their own or the children under the age of 14 and refuse their consent when they do not agree with the Company’s processing of the personal information or may request the withdrawal of membership at any time.
However, in such a case, it may be difficult to use some or all of the services.
To view or revise the personal information of the user or children under 14, go to "Change personal information" (or "Change member information").
To withdraw consent, go to "Membership withdrawal" to go through verification procedure to view or revise the information and to withdraw membership.When you contact the personal information protection officer by sending a document or by email or telephone, the Company will take measure without delay.
When users request correction for a personal information error, the personal information will not be used or provided before completion of correction.
Additionally, if incorrect personal information has already been provided to a third party, the correction results will be notified to the third party without delay.The Company treats the personal information that is revoked or deleted by the requests of users or legal representatives according to "5. Period of retention and use of personal information” and the personal information is not permitted to be accessed or used for other purposes.
8. Installation, operation, and rejection of personal information auto collection devices
A. What are cookies?
The company uses the "cookie" which stores and constantly retrieves the user's information to provide personal and customized service. A "cookie" is a very small text file which is sent by the server to the user's browser for better operating the website, which is stored in the hard disk in the user's computer.
B. Purpose of using cookies
Cookies are used to provide customized and optimized information to the user by analyzing each service used by the user and how it was used.
C. Installation/operation and refusal of cookies
Users have the option to enable cookies. Therefore, they can enable all cookies, confirm cookies every time they are saved, or disable saving cookies. However, if the user refuses to save cookies, there could be difficulties using some of the NHN services that require login.
- Chrome web browser
At the top right, go to [Settings] > [Privacy and security] > [Site settings] > [Cookies and other site data] and change the settings
- Edge web browser
At the top right, go to [Settings] > [Cookies and site permissions] > [Cookies and site data management and deletion] and change the settings
D. Issues regarding installation/operation of cookies in mobile services
The company can use "cookies" in mobile devices (e.g. smartphone, tablet PC) to provide internet experience similar or identical to that of the PC. However, the company does not discretionally collect a third party's cookies that contain personal information without the user's explicit consent. You can also choose to allow cookies in mobile devices as well by using the web browser settings. The details and exact function may vary depending on the type of the OS or web browser of the mobile device, but most of them enables the user to allow cookies via Settings in the mobile web browser or delete all of the previous cookies. If cookies are denied, some services that requires a login may be restricted.
- Chrome web browser
At the top right of the screen, click [Settings] > [Advanced] > [Site Settings] > [Cookies] to configure the settings
- Safari web browser
[Settings] > [Safari] > [Block All Cookies] > Settings
9. About online personalized ads
The Company allows the following advertising providers to collect online user behavior information through the generated information analysis tool in the Company's services and use it for the purpose of delivering customized advertising services to users.
10. Measures to Ensure the Security of Personal Information
In order to prevent the loss, theft, leakage, alteration or damage of personal information of users, the Company takes technical and administrative measures for securing safety as follows.
A. Encryption of personal information
The company encrypts personal information such as passwords or payment method according to the legal regulations, and takes additional security measures by encrypting files and data to be transferred to protect the user's personal information.
B. Measures against hacking, etc.
The Company is committed of preventing the leakage or damage of personal information caused by hacking or computer viruses. The Company backs up data from time to time in preparation for potential damage to personal information, and uses the latest vaccine program to prevent leakage or damage to users' personal information or data, and enables secure transmission of personal information over the network through encrypted communication and other measures. Also, the Company uses an intrusion prevention system to control unauthorized access from the outside, and is trying to equip all possible technical devices to secure other systemic security.
C. Minimal number of the persons in charge and their training
The Company limits the work of processing personal information to the person in charge, assigns and regularly renews a separate password for the work, and always emphasizes the compliance of the privacy policy through a regular training of the person in charge.
D. Operation of organization dedicated to privacy
The Company is committed to correcting and addressing any personal information issues when they occur by determining whether the Company implements the privacy policy and the person in charge complies with the policy through the internal organization dedicated to personal information protection. However, the Company is not held responsible for any problem caused by the leakage of personal information such as ID, password, etc. that occurred due to the user’s negligence or internet-related issues.
11. Contact information of the personal information protection officer
The Company designates a personal information protection officer who is responsible for collecting opinions and handling complaints related to personal information. You can report any complaints related to personal information protection that occur while using the company's services to the personal information protection officer. The Company will promptly and sufficiently respond to users' reports.
- Personal information protection officer
- Name: Hwang Seon-young
- Job position: Director/Legal Policy Office
- Email: nhn.privacy@nhn.com
- Phone: 1544-6859
If you need to make reports or require consultation regarding other privacy infringements, please contact one of the following organizations.
- Personal Information Dispute Mediation Committee ( kopico.go.kr , 1833-6972 without area code)
- Personal Information Infringement Report Center ( privacy.kisa.or.kr , 118 without area code)
- Prosecution Service, Cyber Investigation ( spo.go.kr , 1301 without area code)
- Korean National Police Agency Cyber Bureau ( ecrm.cyber.go.kr , 182 without area code)
12. Others
13. Duty of disclosure
- Version: v1.0