MunchSkill

Wordtype=On

MunchSkill – Privacy Policy

Last Modified Date: 2022-07-12

In accordance with Article 30 of the Personal Information Protection Act (the “PIPA”), Promenade AI Inc. (hereinafter referred to as the “Company”) uses MunchSkill and MunchSkill-related services (hereinafter referred to as “Service” or “Services”) provided by the Company in the process of hiring candidates. In order to protect the personal information and rights and interests of the data subject and to effectively handle the complaints of the data subject related to personal information, this Privacy Policy is established and announced as below.

1. The Purposes of Processing Personal Information

The Company processes personal information for the following purposes. The personal information processed by the Company will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be taken such as obtaining separate consent in accordance with the PIPA.

  1. Registration and Management of Membership
    The Company processes personal information for the purpose of verifying the identity of persons using the website and intention of signing up for the membership, maintaining and managing right of a membership, preventing from illegal use of Service, replying to customer inquiries, notifying information of a new Service and various notices, and resolving complaints.
  2. Service Provision
    The Company processes personal information for the purpose of providing Service, sending contracts/invoices, providing contents, customizing Services, verifying identity and age, settling bills, collecting debts, analyzing statistics, advancing and improving Service, developing new Service, etc.

  3. Use for Marketing
    The Company processes personal information for the purpose of providing customized services, informing new services, recommending use of new services, advertising based on statistics, providing opportunities to participate in events.

2. Period of Processing and Retention of Personal Information

  1. The Company retains and processes personal information only for the period in compliance with all relevant laws and regulations or within the scope of the period agreed by the data subject when his/her personal information was collected.
  2. The period of processing and retention of personal information is as follows:
    1. Registration and management of membership at the home page : Until the user withdraws the membership from the home page; provided that, in any of the following events, until the relevant event is completed:
      1. If an investigation is in progress due to a violation of the relevant laws and regulations, until the investigation is completed
      2. If any debt or credit exists relating to use of Service, until debt or credit is finally settled
    2. Provision of Service: Until the Service is fully provided and the relevant fees are fully paid and settled; provided that, in any of the following events, until the relevant period is completed:

      1. Display and advertisements, transactions records such as contract details and performance under the 「Act on Consumer Protection in Electronic Commerce, Etc.」
        • records of display and advertisement: 6 months
        • record of contracts or withdrawal of subscription, payment, supply of goods, etc.: 5 years
        • records of consumer complaints or dispute resolution: 3 years
        • records of fraudulent use: 5 years
      2. 2) Storing communication confirmation data in accordance with「Protection of Communication Secret Act」
        • Computer communications, internet log records, data on tracing a location of information communication apparatus: 1 year
      3. Value-Added Tax Act
        • Data relating to transaction details such as tax invoices and receipts: 5 years
    3. For use of marketing purposes: 1 year

3. Items of Personal information Processed by the Company

The Company processes following items of personal information:

  1. Registration and management of membership at the home page
    • Mandatory information (user information): name, position, phone number, email address, passwords
  2. Provision of Service
    • Mandatory information (candidate information): name, email address, academic background and major, work experience (assignment task and work period), country of residence, age, language, ethnicity, gender, photo
  3. For use of marketing
    • Optional information (user information): name, email address
  4. Following types of items of personal information may be automatically generated and collected during the use of Services on internet.
    • IP address, cookie, MAC address, Service usage records, website visit records, records of fraudulent use

4. Provision of Personal Information to Third Parties

The Company processes the personal information only within the scope specified in Article 1 (The purpose of processing personal information), and provides personal information to third parties only when it falls under Articles 17 and 18 of the PIPA such as when the consent is obtained from the data subject or when required by special provisions in the law

5. Outsourcing of Personal Information Processing

  1. The Company outsources personal information processing to a third party as follows for smooth provision of Services

Outsourcee

[ Payment Gateway companies ]

Outsourced Task

Processing settlement

Retention and Usage Period of Personal Information

Until the user withdraws membership, or the outsourcing agreement is terminated

2. The Company conducts overseas transfer of the following personal information for outsourced processing by foreign entities.

Outsourcee (Contact details)

Amazon Web Services, Inc
AWS Korea Privacy
Email: aws-korea-privacy@amazon.com

Outsourced personal information

All types of personal information described in Article 3

Country of Outsourcee

United States

Time and Method of Outsourcing

Frequent transfer using dedicated private networks during Service provision

Purpose of Entrustment​

Data backup and store

Retention & Usage Period​

Until the user’s withdrawal of membership or the termination of the outsourcing agreement

Outsourcee (Contact details)

Google LLC
Privacy Team
Email: googlekrsupport@google.com

Outsourced personal information

All types of personal information described in Article 3

Country of Outsourcee

United States

Time and Method of Outsourcing

Frequent transfer using dedicated private networks during Service provision

Purpose of Outsourcing (Outsourced Task)

Data backup and store, sending emails

Retention & Usage Period​

Until the user’s withdrawal of membership or the termination of the outsourcing agreement

Outsourcee (Contact details)

Intercom
Security Team
Email: security@intercom.com

Outsourced personal information

All types of personal information described in Article 3

Country of Outsourcee

United States

Time and Method of Outsourcing

Frequent transfer using dedicated private networks during Service provision

Purpose of Outsourcing (Outsourced Task)

Sending email responses related to customer inquiries

Retention & Usage Period​

Until the user’s withdrawal of membership or the termination of the outsourcing agreement

3. When the Company executes outsourcing agreements, the Company states prevention of personal information processing for other purposes that the outsourcing purpose, technical and managerial safeguards of personal information, prevention of sub-outsourcing, management and supervision of outsourcee, matters relating to liabilities such as compensation for damages, etc. through a document in the outsourcing agreement, and supervise whether the outsourcee processes the personal information in a safe manner, in accordance with the Article 26 of the PIPA. 

4. The Company will immediately notify through this Privacy Policy if there is a change in outsourcee, outsourced task, etc..

6. Rights and Obligations of Data Subject and Its Legal Representatives, How to Exercising Such Rights

  1. The data subject may exercise its rights such as requesting the Company to allow viewing, update, modify, delete or suspend processing of its personal information at any time.
  2. Exercise of the rights under the paragraph 1 may be conducted in writing or via in accordance with Article 41(1) of the Enforcement Decree of the PIPA, And the Company will take measures without delay.
  3. When the data subject requests the Company to modify or delete errors in the personal information, the Company will not use or provide the relevant personal information until requested modification or deletion is completed.
  4. Exercise of the rights under the paragraph 1 may be conducted by the legal representation of the data subject or anyone having delegated authority from the data subject, in which event, the power of attorney prepared in accordance with Form 11 attached to the Public Notice on Personal Information Handling Methods (No.2020-7) shall be submitted.
  5. In case of the request for viewing or suspension of processing of personal information, the rights of the data subject user may be restricted under Article 35(4) and Article 37(2) of the PIPA.
  6. In case of the request for modification or deletion of personal information, such request will not be accepted if collection of the relevant personal information is required under other laws.
  7. The Company verifies whether the person who requests to view, modify, delete or suspend processing of the personal information is the data subject himself/herself or legal representative.

7. Destruction of Personal Information

  1. The Company destroys personal information without delay when the personal information becomes unnecessary, for instance, when the retention period is expired, purpose of processing is accomplished etc.
  2. If retention of personal information is required under other laws even after the retention period of personal information for which consent is obtained from the data subject is expired or it’s the purpose of processing personal information is accomplished, the Company will store personal information by transferring the personal information to a separate database (DB) or in a different location.
  3. The process and methods of destruction of personal information are as follows.
    1. Destruction process
      The Company selects the personal information for which cause of destruction has occurred, and destroys the personal information with the approval of the Company’s Privacy Officer.
    2. Destruction methods
      The Company destroys personal information recorded and stored in the form of electronic files using related methods so that the record cannot be recovered, and personal information recorded and stored in paper documents is destroyed with a shredder or burnt.

7.1 Measures Regarding Destruction of Personal Information of Dormant Users

  1. The Company converts users who have not used the Service for at least one year to a dormant account, and separately stores and manage personal information. Separately stored personal information is stored for one year and then destroyed without delay.
  2. The Company notifies user whose account would be converted dormant until 30 days prior to conversion to dormancy with information about the fact relating to conversion, timing of conversions, items that would be separately stored by any means available for such notice including email or text message.
  3. Users who do not want their accounts to be converted to dormancy may log in to the Service before the scheduled conversion. Furthermore, even after the account has converted to dormant account, the user still may the Service by logging in to the account, providing the consent and restoring the account.

8. Measures to Secure Safety of Personal Information

The Company takes following measures to secure safety of the personal information.

  1. The Company has established an internal management plan of personal information, containing matters in relation to the composition and operation of the personal information protection organization, such as the designation of Privacy Officer, and inspects whether the internal management plan is duly implemented each year.
  2. The Company controls access to personal information by managing access authority for database system that processes personal information and restricts unauthorized access from inside and outside.
  3. The Company stores and manages access records of the personal information processing system by personal information handler, periodically inspects access records, etc. to prevent any misuse, loss, forgery, or tampering of personal information, and safely stores the relevant access records so that they are not forged, stolen, or lost.
  4. If the personal information is stored in a physical location, the Company establishes and operates access control procedures.

9. Matters concerning Installation, Operation, and Denial of Automatic Collection Tool for Personal Information

  1. The Company use ‘cookies’ to save and retrieve use information in order to provide personally customized services.
  2. Cookie is small amount of information that the server (http) used to operate the website sends to users’ computer browsers, and is also stored on the hard disk of users’ PC.
    1. Purpose of using cookies: to provide optimized information to users by identifying visits and usage, popular search terms, secure access, etc. based on user’s visit of each Service and website
    2. b. Installation, operation and denial of cookies: user may deny saving of cookies at at ( Tools > Internet option > Personal information ) on top of the browser.
    3. If user denies to saving cookies, user may experience difficulties using personalized Service.

10. Privacy officer

  1. 1. The Company designated the following person as the Privacy Officer and operates the Personal Information Protection Team in order to protect the personal information of users and to resolve disputes involving the personal information of users.
    [ Personal Information Protection Team ]
  2. Users may inquire any matter relating to questions about personal information protection, complaints, compensation for damage, etc. to the Privacy Officer or Personal Information Protection Team.

11. Remedy for Infringement of Rights of Data Subject

Users may apply for dispute resolution or consultation in order to obtain remedies for damages resulting from infringement of personal information by contacting Personal Information Dispute Mediation Committee, Korea Internet & Security Agency, Personal Information Infringement Report Center, etc. Please contact following institutions for reporting or consultation on infringement of personal information.

12. Exclusion of Application of Privacy Policy

The Company may provide members with hyperlinks to other companies’ websites or materials through the Service page. In this case, the Company has no control over external sites or materials, and the Company’s Privacy Policy does not apply to collection of personal information by such other companies. In this regard, please be sure to check the privacy policy of the newly visited website once you click on a new hyperlink included in Company’s website.

13. Amendment of Privacy Policy

This Privacy Policy is effective as of 2022-07-12.

 

개인정보처리업무 위탁에 관한 사항​

회사는 주식회사 프롬나드에이아이에 채용절차 진행에 관한 업무를 위탁하였으며, 위탁업무 수행 과정에서 개인정보 처리가 수반됩니다. 주식회사 프롬나드에이아이는 개인정보 처리 업무를 수행함에 있어 귀하의 정보를 안전하게 보호할 수 있도록 최선을 다합니다.

We use cookies

We use cookies to improve your experience with us. By continuing to browse our website, you accept cookies from our website. For more informattion, go to our Privacy Policy.