Privacy Policy
December 15 2023
swIDch Ltd. (hereinafter referred to as the "Company") is committed to safeguarding users' personal information and adheres to applicable regulations governing information and communication networks and data protection. We diligently uphold user rights and interests by complying with pertinent laws and regulations related to the protection of personal information. This privacy policy outlines how the Company collects, uses, and safeguards user information, and it may be subject to changes in accordance with relevant laws, guidelines, and revisions to the Company's internal operating policies.
The company's personal information processing policy may be subject to changes in accordance with applicable laws, guidelines, and revisions to the company's internal operating policies. Changes will be communicated in compliance with methods prescribed by relevant laws and regulations.
1. Collection of Personal Information
The company differentiates between mandatory and optional information essential for service delivery, ensuring collection only with user consent. To minimize the gathering of personal information, the company acquires only vital details essential for service provision. The purposes for collecting and utilizing this information are detailed below.
A. Personal Information Collection Items
|
Division
|
Purpose of Collection and Use
|
Required/Optional
|
Collection and Use Items
|
|
Integrated Authentication
(StonePASS/StoneAUTH)
|
Provide integrated authentication service
|
Required
|
Organization: organization name, phone number, HQ address, company registration number
|
|
Individual: name, division, position(title), company phone number, mobile phone number, email address, address
|
|
Public Authentication
(OTAC AUTH)
|
Authentication service provided
|
Optional
|
Organization: organization name
|
|
Individual: email address, name, division, position(title)
|
|
Identity Verification
|
Identification
|
Required
|
Name, date of birth, gender, nationality, mobile carrier information, mobile phone number, Connecting information (CI), Duplicate subscription information (DI)
|
|
Event
|
Participation in events
|
Optional
|
Email address, mobile phone number, social media ID
|
|
Duplicate participation confirmation
|
Optional
|
Advertising identifier, service usage records, cookies
|
|
Marketing
|
users about new services, sending newsletters, (e)DM
|
Optional
|
Email address, mobile phone number, social media ID
|
|
Customized advertising
|
Optional
|
Service usage records, cookies
|
|
Customer Inquiry
|
User identification and contact information
|
Required
|
Name, division, position(title), company phone number, mobile phone number, email address, address
|
|
Conversation history check
|
Optional
|
Address, Other information required
|
B. Purpose of Collecting Personal Information
The company collects customer information for providing integrated authentication services, self-authentication, identification for registration/modification/disposal of authentication means, notification activities regarding service use and changes, and customer center operation. Optional items are collected for customer consultation support, prevention of fraudulent use, statistical analysis, research for service development, events, marketing activities, and guidance/recommendations for products/services.
C. Method of Collecting Personal Information
The company obtains user consent before collecting personal information through methods such as:
- Registration for membership and service usage.
- Consultation process through the customer center via web pages, email, fax, or phone.
- Offline collection at seminars and events.
- External companies or service affiliates may provide personal information after obtaining user consent.
2. Third-party Provision of Personal Information
The company does not provide or use personal information for other organizations beyond the scope notified in the 'Purpose of Collection and Use of Personal Information' under any circumstances, except with the member's consent or in accordance with the provisions of relevant laws and regulations.
The company may share users' personal information to develop new technologies or provide better services. In this case, before collecting or providing information, we go through a process of informing the user about the institution, organization, or business partner with which personal information will be shared. We provide details on what information is needed, why it is needed, how long it will be protected and managed, and ask for consent. We do not arbitrarily collect or share additional information without users’ consent.
3. Processing of Personal Information by Third Parties
In order to provide services and improve user convenience, the company entrusts the processing of personal information only to the ‘identity authentication’ and ‘identity verification’ procedures. Personal information is safely managed at the time of consignment contract in accordance with relevant laws and regulations. We stipulate the necessary matters to enable this to happen.
The company's personal information processing agency and the tasks entrusted to them are as follows:
Personal information processing consignment items
|
Consignment company
|
Consignment work details
|
|
SCI Evaluation Information Co., Ltd.
|
User identity verification (mobile phone authentication)
*S. Korea-specific-mobile phone authentication
|
4. The Rights of Users and Legal Representatives and How to Exercise Them
The company does not provide services or accept membership for children under the age of 14 who require the consent of a legal representative to protect the child's personal information.
If there is a justifiable reason to refuse a request to view or correct all or part of the user's personal information, the company will notify the user without delay and explain the reason.
5. Processing and retention period of personal information
The company follows a robust approach to the utilization and retention of user personal information, aligning with the provided notice and consent duration. The retention process continues until the objectives of collection and usage are fulfilled, the specified retention period concludes, or the user withdraws consent. As a standard practice, the company ensures the secure and prompt disposal of information.
In instances where preservation is mandated for a specific duration, as stipulated by applicable laws and regulations, the company adheres to global standards and applicable local regulations. It recognizes that the types of information collected and the corresponding retention periods may vary in accordance with diverse laws and regulations concerning personal data protection globally. To uphold these standards, the company diligently oversees and supervises entrusted entities, ensuring their strict adherence to laws and regulations related to the protection of personal information. This comprehensive approach guarantees the safeguarding of user data in compliance with international and local privacy standards.
6. Personal Information Destruction Procedures and Methods
The company promptly eliminates users' personal information once the intended purpose of collection and use is fulfilled. The destruction procedures and methods are outlined as follows:
A. Destruction Procedure
The user-entered information for service sign-up, etc., is retained according to the internal policy and relevant laws for the designated retention period after achieving the purpose. Subsequently, it undergoes the destruction process.
B. Destruction method
- Print Type: Destroyed through shredding or incineration.
- Electronic File Type: Deleted using a technical method that prevents record reproduction.
If legal obligations necessitate information retention for a specific period, personal information is securely stored during that duration.
7. Technical/Administrative/Physical Protection Measures for Personal Information
When processing users' personal information, the company diligently implements a combination of technical and administrative measures to ensure the security of personal information, preventing its loss, theft, leakage, alteration, or damage. However, the company is not responsible for any issues resulting from the leakage of essential personal information due to the carelessness of service users or members, such as the loss of devices.
A. Technical Measures
The company employs an intrusion prevention system to thwart personal information theft, leakage, alteration, or damage caused by malicious hacking. Additionally, an intrusion detection system is installed on each server to monitor illegal intrusions 24/7. Regular backups of customers' personal information are conducted to prepare for unforeseen emergencies.
B. Administrative Measures
The company employs rigorous administrative measures to safeguard users' personal information. Access to such information is restricted to a minimal number of individuals, including:
- Persons engaged in marketing, events, customer support, and direct delivery services to users.
- Individuals responsible for personal information protection, including the designated personnel for this purpose.
- Individuals whose access to personal information is indispensable for other business-related purposes.
The company not only manages the handling of personal information but also entrusts it to external entities. Regular inspections and training sessions are conducted for these external entities, emphasizing their obligations in adhering to personal information protection standards. Guided by a dedicated department for personal information protection, the company establishes and manages personal information processing guidelines. Regular checks on compliance with internal regulations are conducted, and immediate corrective actions are taken upon the identification of any issues. This proactive approach ensures ongoing adherence to stringent personal information protection standards.
C. Physical Measures
The company implements access controls for unauthorized personnel and maintains a distinct physical storage location for the personal information system. Access control procedures are established and enforced. Documents containing personal information and auxiliary storage media are securely stored in a designated area with a locking device, utilizing locking mechanisms for document security.
8. Cookie Usage and Preferences: Your Control Over Automatic Information Collection
In the course of using the service, information may be automatically generated or collected to ensure service stability, provide a secure service, and enforce compliance with laws and service terms and conditions.
A. What are Cookies?
swIDch utilizes cookies to store and efficiently retrieve customer information, enabling the provision of personalized and customized services. A cookie, a minute text file sent by the website server to the customer's browser, is stored on the customer's computer's hard disk. Upon subsequent visits, the website server reads the cookie's contents on the hard disk, maintaining user preferences and delivering customized services. Importantly, cookies do not automatically or actively collect personally identifiable information, and customers retain the option to refuse storage or delete these cookies at any time.
B. Purpose of Using Cookies
Cookies are employed to deliver convenient services optimized for customers. This involves maintaining login status, modifying IDs, registering/editing/discarding authentication methods, preserving page visit records, and storing additional service-related information for visited websites.
C. Installation/Operation and Refusal of Cookies
Customers have the flexibility to allow or refuse cookie installation. Through web browser settings, customers can choose to permit all cookies, receive confirmation prompts each time a cookie is saved, or decline the storage of all cookies. It's important to note that refusing to store cookies may result in difficulty accessing certain services on the website that require login.
D. Your Control Over Cookie Preferences
We encourage you to refer to the help section of your specific web browser for instructions on managing and controlling your cookie preferences. This allows you to customize how cookies are stored on your device, giving you greater control over the data collected through cookies.
9. Personal Information Protection Manager and Responsible Department
To ensure the protection of users' personal information and address any related complaints, the company has designated a Personal Information Protection Manager and established a responsible department as follows:
|
Personal information protection officer
|
Personal information protection department
|
|
Name: Vinny Sagar
Email: vinny@swidch.com
|
Department Name: Management Support
Email: accounts@swidch.com
|
If you need to report or consult about personal information infringements, please consider contacting relevant local authorities. For global users, we recommend reaching out to the data protection authorities or privacy offices in your respective country.
Remember, you should encourage users to reach out to their local data protection authorities as privacy regulations and reporting mechanisms may vary by region.
10. Obligation to notify
In case of any changes to the contents outlined above, the company is dedicated to transparent communication. Such modifications will be officially announced through a notice at least 7 days before the implementation date. Should changes have a substantial impact on the use of the service for customers worldwide, these adjustments will be subject to revision, and the company will provide a notice at least 30 days in advance. Additionally, if modifications to the processing policy become necessary due to relevant laws or company policies, users will be promptly informed through a notice.
Given the global nature of our app, we encourage users to to contact their local data protection authorities or privacy offices for any concerns or inquiries. Privacy regulations and reporting mechanisms vary by region, and contacting local authorities ensures users receive accurate and region-specific information.