STCLab Privacy Policy
Last updated: 30 July, 2024
STCLab (hereinafter referred to as "the Company") complies with the 「Personal Information Protection Act」 and other relevant laws to protect the freedom and rights of data subjects, handling personal information lawfully and safely managing it. In accordance with Article 30 of the 「Personal Information Protection Act」, we establish and disclose this Privacy Policy to guide data subjects on the processing procedures and standards of personal information and to handle related grievances promptly and smoothly.
Article 1 (Purpose of Processing Personal Information, Collection Items, Retention and Use Period)
The Company processes the personal information of data subjects as follows:
Collection purpose
Required items
Optional items
Retention and period of use
Confirming the intention to join, subscribing/changing/terminating services, delivering notices, operating member participation spaces, conducting member surveys, providing personalized services, offering advertising information and affiliated services, verifying delivery addresses and contact information for products, sending congratulatory messages for member anniversaries, and dispatching publications.
Name, email address, company name, encrypted password.
Contact information
Until membership withdrawal
Analyzing service usage statistics (age, region, gender, usage history, frequency), preventing fraudulent use by bad members, allowing login from designated IP addresses
cookies, service usage records (visit time, bad usage records, etc.), device information (unique device identifier, OS version, etc.)
IP Address
Until membership withdrawal
Handling customer consultations, grievance resolution, operating member participation spaces, conducting member surveys
Consultation content
name, email
Up to 3 years in accordance with the 「Act on the Consumer Protection in Electronic Commerce」
Providing Personalized Services
Service usage status (sign-up date, usage period, service items used)
Until membership withdrawal
Settlement of Purchase Price
Payment-related records (product, amount)
Account information (bank name, account holder name, account number)
5 years in accordance with the 「Act on the Consumer Protection in Electronic Commerce」
Refund Settlement
Account information (bank name, account holder name, account number)
5 years in accordance with the 「Act on the Consumer Protection in Electronic Commerce」
Article 2 (Processing of Personal Information of Children Under 14)
The Company does not process personal information of children under the age of 14.
Article 3 (Provision of Personal Information to Third Parties)
The Company processes personal information within the scope specified for its purpose and provides it to third parties only with the consent of the data subject or in cases stipulated by special provisions of the law under Articles 17 and 18 of the 「Personal Information Protection Act」.
Article 4 (Installation, Operation, and Rejection of Automatic Collection Devices for Personal Information)
- Cookies: Cookies are small pieces of information sent by a web server to a data subject's browser and stored on the data subject's computer hard disk.
- Cookie Usage: The Company uses cookies to store and retrieve information about members' usage patterns through internet services.
- Purpose of Collected Cookies: The Company collects the unique number of members through cookies and does not collect other information. Collected cookie information is used for:
- Providing customized services according to individual interests
- Analyzing access frequency or stay time to understand user preferences for targeted marketing
- Tracking and analyzing service usage for service restructuring
- Options for Cookies: Members can choose whether to allow cookies through their web browser settings. However, refusing cookies may cause inconvenience in using services, and some functions may not work properly.
Article 5 (Entrustment of Personal Information Processing)
The Company entrusts personal information processing tasks to ensure smooth handling as follows:
| Entrusted Parties | Consignment work |
|---|---|
| Zendesk, Inc. | customer consultation via chat, phone, and email, integrated management for personalized services and advertising information |
| Port One | Payment processing |
| NICEPAYMENTS | Payment processing |
| Stripe, Inc. | Payment processing |
| Naver Cloud Platform | Data storage and system operation management |
Article 6 (Disclosure of Sensitive Information and Options for Non-Disclosure)
If there is a risk of privacy invasion due to the disclosure of sensitive information in the process of providing goods or services, the Company will post the possibility of disclosure and options for non-disclosure on its website before providing the goods or services.
Article 7 (Overseas Transfer of Personal Information)
The company does not transfer personal information processing tasks overseas.
| Entrusted Party | Zendesk, Inc. |
|---|---|
| Location | San Francisco, California, USA |
| Transfer Method and Timing | Through encrypted networks during service provision |
| Contact Information | supportzendesk.com |
| Entrusted Personal Information Items | Handling customer consultations and grievances, operating member participation spaces, conducting member surveys. |
| Entrusted Tasks | Customer consultation via chat, phone, and email, integrated management for personalized services and advertising information |
| Retention and Use Period | Until the earliest of contract termination or up to 3 years in accordance with the 「Act on the Consumer Protection in Electronic Commerce」 |
| Rejection of Overseas Transfer | To refuse the overseas transfer of personal information, please contact via email at support@stclab.com. If you wish to refuse after the fact, send an email expressing your intention to refuse, and your personal information will be deleted. |
Article 8 (Procedures and Methods of Personal Information Destruction)
The Company destroys personal information without delay when it is no longer needed, such as when the retention period has expired or the processing purpose has been achieved. If personal information must be preserved due to other laws even after the retention period agreed upon by the data subject has expired or the processing purpose has been achieved, the information will be moved to a separate database (DB) or stored differently.
- Destruction Procedures: The Company selects the personal information subject to destruction and obtains approval from the Company's Personal Information Protection Officer before destroying the information.
- Destruction Methods: Personal information recorded and stored in electronic file formats is destroyed so that the records cannot be reproduced, and personal information recorded and stored in paper documents is shredded or incinerated.
Article 9 (Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives)
Data subjects can exercise their rights to access, correct, delete, and suspend the processing of personal information at any time.
- Exercise of Rights: Data subjects can exercise their rights by submitting a written request, email, or fax in accordance with Article 41(1) of the Enforcement Decree of the 「Personal Information Protection Act」, and the Company will take immediate action.
- Rights through Representatives: Data subjects can exercise their rights through their legal representatives or authorized representatives. In this case, a power of attorney according to Form No. 11 of the "Personal Information Handling Methods Notice (No. 2023-12)" must be submitted.
- Restrictions on Rights: Requests for access, correction, deletion, and suspension of processing of personal information may be restricted according to Articles 35(4) and 37(2) of the 「Personal Information Protection Act」.
- Verification of Identity: The Company verifies the identity of the requester or their legitimate representative when requesting access, correction, deletion, or suspension of processing of personal information.
Article 10 (Measures to Ensure the Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information:
- Administrative Measures: Establishment and implementation of an internal management plan, operation of a dedicated organization, regular employee training
- Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and updating of security programs
- Physical Measures: Access control of computer rooms, data storage rooms, etc.
Article 11 (Personal Information Protection Officer)
The Company has designated the following Personal Information Protection Officer to oversee the overall responsibility for personal information processing and to handle complaints and damage relief related to personal information processing:
Chief Information Security Officer
- Position: Chief Information Security Officer
- Name : Ha-dong Kim
- E-mail : henry@stclab.com
Data subjects can request access to personal information in accordance with Article 35 of the 「Personal Information Protection Act」 from the Personal Information Processing Manager. The Company will respond to and process inquiries without delay.
Article 12 (Methods for Remedying Infringement of Rights)
Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc., to receive remedies for personal information infringement. For other reports and consultations regarding personal information infringement, please contact the following agencies:
- Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center : 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office : 1301 (www.spo.go.kr)
- National Police Agency : 182 (ecrm.cyber.go.kr)
In addition, if a data subject's rights or interests are infringed due to a disposition or inaction by the head of a public institution in response to a request under Articles 35 (Access to Personal Information), 36 (Correction and Deletion of Personal Information), and 37 (Suspension of Processing of Personal Information) of the 「Personal Information Protection Act」, the data subject may file an administrative appeal in accordance with the Administrative Appeals Act.
- Central Administrative Appeals Committee : 110 (www.simpan.go.kr)
Article 13 (Changes to the Privacy Policy)
- This Privacy Policy will be effective from May 28, 2024.
- Previous versions of the Privacy Policy can be found below:
- Privacy Policy applied from December 16, 2022.
Ready for the next level?