Privacy policy
Privacy Policy
During the membership registration process, the Company requires Users to complete consent procedures for the Terms of Use and this Privacy Policy. By clicking the “I Agree/Pay Now” button, Users acknowledge that they have read and agreed to the Terms of Use, including the Refund Policy and this Privacy Policy, including the consent request accompanying.
1. Publication and Disclosure of the Privacy Policy
- Capitalized terms used but not defined in this Privacy Policy shall have the meanings set forth in the Terms of Use, except that the term “Personal Information” means personal information under applicable privacy laws or regulations, as it relates to Users whose Personal Information the Company collects, uses, and otherwise processes.
- Through this Privacy Policy, Socra AI Inc. (the “Company”), having its principal office at 424, Teheran-ro, Gangnam-gu, Seoul, Republic of Korea (Daechi-dong, Samsung Life Insurance Daechi Tower), explains the types of Personal Information it collects, the purpose of its use, Users’ rights as data subjects, and the measures the Company takes to protect Users’ Personal Information.
2. Notification of Changes to the Privacy Policy
Before making any additions, deletions, or revisions to the terms of this Privacy Policy, the Company will provide advance notice to Users by in-Service notification or other appropriate means at least seven (7) days prior to the effective date of the amendment.
However, in the event of material changes affecting Users’ rights, including changes to the types of Personal Information to be collected or the purpose of use, the Company will provide prior public notice at least thirty (30) days in advance, and, if necessary, may obtain renewed consent from Users.
3. Purpose of Collection and Use of Personal Information
The Company processes the Personal Information of Users only for the following purposes:
- User management: to identify Users, prevent unauthorized or fraudulent use, provide notices and notifications, maintain the security and stability of the Service, develop new features, personalize the Service, and process payments.
- Processing User inquiries: to receive and respond to User inquiries and complaints.
- Provision of Service: to provide Service and improve Service quality.
- Marketing and advertising: to provide advertising information, including marketing and event notifications.
- Preparation of commercial statistics and information analysis: analysis of Service access and usage records per User.
4. Methods and Types of Personal Information Collected and Processed
- The Company collects and processes only the Personal Information that is necessary for membership registration and for Users’ use of the Service provided by the Company.
|
Time of Collection |
Items Collected |
Purpose of Collection |
|||
|
Membership Registration |
By email |
Email address, nickname, password and mobile phone number |
Membership registration |
||
|
|
|||||
|
By KakaoTalk account |
KakaoTalk account email address, nickname, mobile phone number, date of birth and gender |
||||
|
|
|||||
|
By Facebook account |
Facebook account email address and nickname |
||||
|
|
|||||
|
By Apple account |
Apple account email address and nickname |
||||
|
|
|||||
|
By Google account |
Google account email address and nickname |
||||
|
|
|||||
|
By LINE account |
LINE account email address and nickname |
||||
|
|
|||||
|
Use of Service |
IP Address, cookies, date and time of Service access, Service use record, unique device identifier, MAC address, mobile device information (model name, mobile carrier information, OS information, screen size, language and country information, advertising ID and device identification information) and records of unauthorized use or misuse of Service |
Provision and improvement of the Service; prevention of unauthorized use and ensuring service stability; development of new services and technologies; provision of personalized services |
|||
|
Information or contents created, submitted, or uploaded by Users |
|||||
|
Date of birth, mobile phone number, mobile carrier and connecting information |
|||||
|
Receipt of User inquiries and complaints; notification of outcomes |
By email |
Email address |
Receipt and processing of User inquiries and complaints; notification of outcomes |
||
|
By fax |
Fax number |
||||
|
By telephone |
Mobile phone number |
||||
|
By mail |
Mailing address |
||||
5. Outsourcing of Personal Information Processing
- The Company may engage its affiliates or third-party service providers which will process Personal Information on its behalf, as described below:
|
Name of Third Party Outsourcees |
Description of Services |
|
BH ARESCOM |
SMS/MMS (text messages) |
|
PortOne Korea Corp. |
Payment and refund processing (mobile phone, bank transfer, credit card) |
|
NHN Korea Cyber Payment Corp. |
Payment and refund processing (mobile phone, bank transfer, credit card) |
|
Kakao Pay Corp. |
Payment and refund processing (mobile phone, bank transfer, credit card) |
|
NAVER FINANCIAL Corp. |
Payment and refund processing (mobile phone, bank transfer, credit card) |
|
Shopify Inc. |
Payment and refund processing (mobile phone, bank transfer, credit card) |
|
PayPal, Inc. |
Payment and refund processing (mobile phone, bank transfer, credit card) |
|
Danal Co., Ltd. |
User identity verification |
|
GS NEOTEK |
Receipt and handling of User inquiries and complaints |
|
CJ OLIVENETWORKS |
Automatic collection of usage data from mobile Users via Braze; customer-segment-based personalized recommendations; CRM communications; mobile push notification services |
|
Cloa Technologies, Inc. |
Log data analysis for improvement of Service quality |
|
Lunasoft Co., Ltd. |
Delivery of KakaoTalk notifications |
|
Amazon Web Services, Inc.
|
Infrastructure management for provision of Service |
|
Google, Inc.
|
Data analysis for improvement of Service quality |
|
Google Cloud Platform
|
Data analysis for improvement of Service quality |
|
Confluent, Inc.
|
Log data analysis for improvement of Service quality |
|
Datadog, Inc. |
Service monitoring and log collection and inquiry |
|
Zendesk, Inc. |
Operation and management of the customer consultation system |
|
Tidio LLC |
Operation and management of the customer consultation system |
|
Braze |
Customer-based personalized recommendations, mobile notification services |
- Users located in the State of California, United States of America, may opt out of the sale or sharing of their Personal Information under the California Consumer Privacy Act (CCPA). All Users, regardless of location, may exercise their rights as data subjects under applicable privacy laws, including the right to access, correct, delete, or restrict the processing of their Personal Information, as provided under applicable laws and regulations.
- Users may refuse the overseas transfer of their Personal Information by contacting the Company's Privacy Officer or the department responsible for Personal Information protection. Where a User refuses such transfer, the Company will exclude that User's Personal Information from overseas transfer. However, in such cases, the User's access to certain services that necessarily involve the overseas transfer of Personal Information may be restricted.
6. Sharing and Provision of Personal Information with Third Parties
- The Company does not sell or share Personal Information with third parties without explicit consent of data subject, except as otherwise provided in this Article 6.
- The Company does not share Users’ Personal Information with third parties without Users’ consent, except in the following cases:
- Where required by law or necessary to comply with legal obligations.
- When clearly necessary to protect the life, body, or property of the data subject or a third party.
- When urgently necessary for reasons of public interest in the area of public health or public safety.
- The Company may use Personal Information beyond the original purpose of collection, or disclose it to third parties without obtaining Users’ consent, when necessary for academic research, statistical analysis, or similar purposes, provided that the information is clearly anonymized so that no individual can be identified, to the extend permitted under applicable laws and regulations.
7. Period of Retention and Processing of Personal Information
- The Company retains and processes Users’ Personal Information for the retention period consented to by Users at the time of collection, or for any longer period required by applicable law.
- If a User agrees to the Terms of Use and this Privacy Policy and registers for membership, the Company retains the User’s Personal Information until the User terminates the relevant service agreement or otherwise cancels the membership; provided, however, that the Company may retain Personal Information until the relevant matter has been resolved in the following circumstances:
- Where an investigation or inquiry is ongoing due to a violation of applicable laws or regulations, until such investigation or inquiry has been completed.
- Where credit or debit relationships arising from use of the website remain outstanding, until such relationships have been completed.
- Notwithstanding the preceding provision, the Company may retain Users’ Personal Information for one (1) year from the date of the membership cancellation to prevent any unauthorized or fraudulent use in connection with any subsequent re-registration.
- The Company may retain Personal Information in accordance with the applicable laws and regulations.
8. Rights and Obligations of Data Subjects and Methods for Exercising Such Rights
- Data subjects may exercise the following rights with respect to their Personal Information at any time:
- The right to access their Personal Information.
- The right to request correction of inaccurate or incomplete Personal Information.
- The right to request deletion of their Personal Information.
- The right to request suspension of the processing of their Personal Information.
· Data subjects may exercise the above rights by submitting a request to the Company by mail, telephone, email, or fax. The Company will take appropriate measures without undue delay.
- If a data subject requests the correction or deletion of Personal Information, the Company will refrain from using or sharing such Personal Information until the correction or deletion has been completed.
- Data subjects shall not infringe upon their own or others’ Personal Information or privacy that is processed by the Company in violation of applicable laws and regulations, including applicable data protection laws.
- The Company does not intentionally collect Personal Information from children under the age of 13. If a child under the age of 13 has provided Personal Information to the Company, such data subject or the child’s legal representative may access or correct such Personal Information or may request termination of the account at any time. The data subject or the legal representative may click, within the Service, the “Change Personal Information” (or “Change Account Information”) button, to access or correct Personal Information, or “Cancel Membership” button, to terminate the subscription (or withdraw consent), and complete the requested action following the identity verification process. Alternatively, the data subject or the legal representative may contact the Company’s Privacy Officer by mail, telephone, or email, and the Company will take appropriate action without undue delay.
9. Transfer of Personal Information in Connection with a Business Transfer
When the Company transfers Personal Information to another party in connection with the transfer of all or part of its business or a merger, the Company will provide advance notice to the relevant Users, by public notice, direct notification, or announcement, of the following matters.
- The fact that the Personal Information will be transferred.
- The name (or corporate name, in the case of a corporation), address, telephone number, and other contact information of the transferee.
- Methods and procedures available to the data subjects who do not wish their Personal Information to be transferred.
10. Installation, Operation, and Opt‑Out Methods for Cookies and Automatic Data Collection
- The Company automatically collects device identifiers (such as a device ID or IMEI) when the Service is used. If a User refuses or opts out of the automatic collection of device identifiers, the User will not be able to use the Service.
- The Company uses ‘cookies,’ which store and periodically retrieve information about Users’ usage, in order to provide personalized services to Users.
- Cookies are small pieces of information sent by the server (HTTP) used to operate websites and other services to a User’s computer browser, and they may be stored on the hard drive of the User’s PC.
- Purpose of cookies: Cookies are used to identify Users’ visit and usage patterns for each service and website visited, popular search terms, and whether secure connections are used, in order to provide Users with optimized information and services.
- Establishment, operation, and rejection of cookies.
- Users may refuse the storage of cookies by adjusting the settings under Tools > Internet Options > Privacy in their web browser.
- In Google Chrome, Users may refuse the storage of cookies by selecting the icon “[⋮]” at the top of the browser > Settings > Advanced > Privacy and security > Content settings > Cookies.
- If a User refuses the storage of cookies, use of the Service provided by the Company may be restricted.
11. Technical and Administrative Measures for the Protection of Personal Information
- In handling Users’ Personal Information, the Company implements the following measures to ensure data security and to prevent the loss, theft, leakage, alteration, or damage of Personal Information:
- Establishment and implementation of an internal management plan for the secure processing of Personal Information.
- Access controls and restrictions on access rights to Personal Information.
- Application of encryption technology or equivalent measures to ensure the secure storage and transmission of Personal Information.
- Retention of access logs and implementation of measures to prevent forgery or tampering in response to Personal Information security incidents.
- Installation and routine updating of security programs to protect Personal Information.
- Physical security measures, such as the provision of secure storage facilities or the installation of locking mechanisms, to ensure the safe storage of Personal Information.
- The Company limits access to Personal Information to the minimum number of personnel necessary. Employees who handle Personal Information receive regular training to reinforce the importance of protecting Users’ Personal Information.
12. Procedures and Methods for the Deletion of Personal Information
- The Company deletes Personal Information without undue delay once it is no longer necessary due to the expiration of the applicable retention period or the fulfillment of the purpose for which it was processed.
- Where Personal Information must be retained beyond the expiration of the consented retention period or the fulfillment of the processing purpose, as required by applicable law, the Company will transfer such Personal Information to a separate database or store it in a separate location.
- The procedures and methods for the deletion of Personal Information of Users are as follows:
- Deletion procedure: The Company identifies Personal Information for which grounds for deletion exist and deletes such Personal Information after obtaining approval from the Company’s Privacy Officer.
- Deletion method: Personal Information recorded or stored in electronic file formats is deleted using technical methods that render the information irrecoverable. Personal Information recorded or stored in paper form is destroyed by shredding or incineration.
13. Privacy Officer and Responsible Department
The Company has designated the following individual as its Privacy Officer, who is responsible for overseeing the Company’s Personal Information processing activities and for handling complaints from data subjects and requests for remedies related to such processing.
- Privacy Officer
|
Name |
Email Address |
|
Kiwoong Choi |
hello.santa@socra.ai |
- Department Responsible for Personal Information Protection
|
Department |
Person in Charge |
Email Address |
|
AI/Tech |
Joo Hwan Ma |
hello.santa@socra.ai |
- Users may direct all inquiries regarding the protection of Personal Information, including complaints and requests for remedies arising from their use of the Service, to the Privacy Officer or the responsible department identified above. The Company will respond to such inquiries and take appropriate action without undue delay.
14. Remedies for Infringement of Personal Information Rights
In the event of a Personal Information breach, the Company will notify affected data subjects of the breach, upon which they may seek legal remedies, including through civil litigation.
15. Compliance with Laws and Regulations Relating to the Protection of Personal Information
The Company complies with applicable privacy laws and regulations. Users’ Personal Information collected through the Service by the Company or its affiliates is collected and processed in the Republic of Korea or where such affiliates are located. However, the Company may transfer Users’ Personal Information outside the Republic of Korea, as expressly set forth in this Privacy Policy and, by agreeing to this Privacy Policy through accessing or using the Service, Users consent to such overseas transfer.
Consent Request in connection with the Collection, Use and Processing of Personal Information (Required)
|
Purpose of Collection |
Items Collected |
Retention Period |
|
|
Identification and identity verification of users Communication regarding the performance of agreements and notifications of any changes to the terms and conditions Confirmation of intent and handling of customer complaints and grievances |
Nickname, phone number, email address, social authentication identifier |
The Company deletes users' personal information without undue delay upon cancellation of membership or once the purpose of collection has been fulfilled. However, if the user has separately consented to a specific retention period, or if applicable laws require the Company to retain certain personal information for a specified period, the Company will securely retain such information for that period. |
|
|
Analysis of service visit and usage records |
IP address, cookies, date and time of service access, service usage records, unique device identifier, mobile device information (model name, OS information, screen size, language and country settings, device identification information), records of unauthorized use or misuse of the service |
※ You have the right to refuse to consent to the collection and use of personal information as described above. However, if you refuse, your access to educational content may be restricted.