Terms and Conditions

Document

Safetics Inc. (hereinafter referred to as the “Company”) complies with the personal information protection regulations set forth in the relevant laws and regulations, such as the Personal Information Protection Act, the Promotion of Information and Communication Network Utilization and Information Protection Act, the Communications Secret Protection Act, and the Telecommunications Business Act. This personal information processing policy applies to services provided by the company and contains the following contents.

Article 1. Purpose of Processing Personal Information

The purpose of this Agreement is to prescribe rights, obligations and responsibilities between the Company and its members, and other necessary matters in relation to the use of SafetyDesigner and related services (hereinafter referred to as the “Service Page”) provided by the Company through the “SafetyDesigner” page.

Membership registration and management
1. Personal information will be collected for the purpose of member management, such as identification, personal identification, prevention of illegal use and unauthorized use of defective members, confirmation of subscription intention, limitation of the number of subscriptions, confirmation of legal representatives, record retention for dispute mediation, complaint handling, delivery of notices, and confirmation of membership withdrawal.
Develop new services and use them for marketing/advertising
1. Personal information is processed for the purpose of developing new services (products) and providing customized services, providing events and advertising information and participation opportunities, providing services based on demographic characteristics, advertising, identifying access frequency, or statistics on members’ service use. In this case, the company complies with relevant laws, such as obtaining the necessary separate consent.

Article 2. Personal Information Collected

Items of personal information collected

The items of personal information collected by the company are as follows

information provided by members

Service Name	Data Collection Items
SafetyDesigner	Individual Membership Required items : Company name, name, email address, password, mobile phone number, Corporate Classification Optional : department name, job title, address Business membership registration Required items: Company name, business registration number, address Optional: Representative name, representative number

Information required for settlement of down payment according to service provision
1. Business Registration Certificate
2. Contract Person Information
  1. Name, email address, mobile phone number, company name, department name, job title, address

The following information can be automatically generated or collected during the service use process or service provision process.
1. IP Address, Cookies, Access Logs, Date and Time of Visit, Service Usage History, Bad Usage History
The company collects personal information in the following ways.
1. Collect from website, written form, fax, phone, e-mail, offline collection (event submission, attending seminar)
2. Delivery from partner companies

Article 3. Period of Processing and Retention of Personal Information

The company processes and holds personal information within the period of holding and using personal information or the period of use when collecting personal information from the data subject according to laws and regulations.

In principle, the customer’s personal information will be destroyed without delay upon withdrawal. However, the following information shall be preserved for the period specified for the following reasons.

In the case of obtaining separate consent for the retention period of personal information

Archive Items	Reason for Preservation	Retention Period
a record of unauthorized use	prevention of fraudulent use	3 months after withdrawal
Contact Us	Handling customer consultations	3 years
Attachment determined to be a malicious infection file	Malicious File Analysis	1 month
Information generated in SafetyDesigner	User protection purposes, such as data recovery requests	3 months from service termination request date

Reasons for holding information under relevant laws and regulations

If it is necessary to preserve it in accordance with the provisions of relevant laws and regulations, such as the Commercial Act and the Consumer Protection Act in e-commerce, the company shall keep member information for a certain period of time. In this case, the company uses the stored information only for the purpose of its storage, and the preservation period is as shown in the following example.

Archive Items	Reason for Preservation	Retention Period
Records of contract or withdrawal of subscription, etc	Act on Consumer Protection in Electronic Commerce, etc	5 years
a record of display/advertisement	Act on Consumer Protection in Electronic Commerce, etc	6 months
Record on consumer complaints or dispute processing	Act on Consumer Protection in Electronic Commerce, etc	3 years
Books and evidential documents concerning all transactions prescribed by the tax law	The National Taxes, corporate tax law, corporate tax law, and VAT Act	5 years
Logs related to service usage	Communication Secret Protection Act	3 months

However, in the following situations, the information is retained until the end of the period.
1. Where an investigation is in progress due to violation of relevant laws and regulations, the relevant investigation and investigation shall be completed until the end of the investigation
2. If the bond or debt relationship remains due to service use, until the relevant bond or debt relationship is settled
3. Provision of goods or services: Until the completion of supply of goods and services and the completion of payment and settlement of charges

Article 4. Utilization of Collected Personal Information

The company uses the collected information of users for the following purposes.
- Member management, identification, etc. • Detection and prevention of unauthorized use of services, illegal use, etc
- Performance of contracts, payment of fees, settlement of fees, etc. concerning the provision of services requested by users
- Improve existing services, develop new services, etc
- Notification of company site or policy changes
- Other uses with the prior consent of users (e.g., use in marketing advertisements, etc.)
- Provision of services and advertisements according to statistics and statistical characteristics on the use of services by members
- Provide promotional event information and opportunities to participate
- Compliance with applicable laws or legal obligations
In the case of using information for purposes other than those specified in this personal information processing policy, the company shall obtain the consent of the user

Article 5. Matters Concerning the Provision of Personal Information to Third Parties

The company processes the personal information of the data subject only within the scope specified in Article 1 (for the purpose of processing personal information) and provides personal information to third parties only if it falls under Article 17 of the Personal Information Protection Act, such as the consent of the data subject and special provisions of the law.
The company provides personal information to third parties as follows.
1. If a third party, such as a safety certification agency, requests to share a document to determine whether the collision risk analysis report submitted by a member is forged, the company may provide the collision risk analysis report corresponding to the requested document number to the relevant third party with the consent of the member.

Article 6. Provision and Entrustment of Personal Information

Contracting Company	Dc Details of Consignment Work	The Retention Period of Personal Information
NCP(NaverCloudPlattform)	Infrastructure for service development and operation	Until the member’s withdrawal
Korea Robot User Association	Issues Collision Risk Analysis Report	Until the period to be reviewed by a third party agency (the period can be extended under consultation with the user)
Korea Industrial Safety Association	Issue Collision Risk Analysis Report	Until the period to be reviewed by a third party agency (the period can be extended under consultation with the user)

Article 7. Procedures and methods for destroying personal information

In principle, the customer’s personal information is destroyed without delay when the purpose of collecting and using personal information is achieved.
If personal information needs to be preserved in accordance with internal policies and other relevant laws (Article 3, period of processing and holding personal information) despite the expiration of the period of holding personal information agreed by the data subject or the purpose of processing has been achieved, the personal information shall be transferred to a separate DB (in the case of paper, a separate briefcase) and stored safely for a certain period of time before destroying it.
The procedure and method of destroying personal information are as follows.
1. A Procedure for Destruction
  The company establishes a personal information destruction plan for personal information to be destroyed and destroys it. The personal information that caused the reason for destruction is selected, and the personal information is destroyed with the approval of the company’s personal information protection manager.
2. Method of Destruction
  The company destroys personal information recorded and stored in the form of electronic files by using methods such as Low Level Format so that records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by crushing with a shredder or incineration.

Article 8. Rights/Obligations and Methods of Exercise of the Data Subject and Legal Representative

Customers and legal representatives may exercise their rights to view, correct, delete, and suspend processing of personal information at any time to the company.
The rights of customers and legal representatives can be processed directly on the “My Page > Member Information” page or requested in writing or by e-mail.
If a customer or legal representative requests correction or deletion of a personal information error, the company will not use or provide the personal information until the correction or deletion is completed.
Requests to view and suspend processing of personal information may limit the rights of the data subject under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
A request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
The company checks whether the person who made the request for reading, correction or deletion, and suspension of processing in accordance with the data subject’s rights, is the person who made the request or a legitimate agent.
The exercise of rights under paragraph 1 may be carried out through an agent, such as a legal representative of the data subject or a person entrusted. In this case, you must submit a power of attorney in accordance with attached Form 11 of the Enforcement Regulations of the Personal Information Protection Act.

Article 9. Measures to Ensure the Safety of Personal Information

We establish an internal management plan for personal information, including matters related to the composition and operation of the personal information protection organization, such as the designation of a person in charge of personal information protection, and check whether the internal management plan is well implemented every year.
By managing access rights to database systems that process personal information, we control access to personal information and control unauthorized access from inside and outside.
We store and manage records of personal information handlers accessing the personal information processing system, regularly inspect access records to prevent misuse, loss, forgery, and tampering of personal information, and safely store access records so that personal information handlers’ access records are not tampered with, stolen, or lost.
We have a separate physical storage place where personal information is stored, and access control procedures are established and operated.

Article 10. Installation, Operation, and Refusal of Automatic Collection Devices of Personal Information

1. To provide personalized and customized services, the company uses ‘cookies’ that store and frequently retrieve customer information.
2. Cookies are tiny text files that the server used to run the website sends to the customer’s browser and are sometimes stored on the customer’s computer’s hard disk. Later, when a customer visits a website, the website server reads the contents of the cookies stored on the customer’s hard disk to maintain the customer’s environment settings and provide customized services.
3. Cookies do not automatically/actively collect information that identifies individuals, and customers can refuse or delete these cookies at any time.

 How to block cookies by browser

Chrome(Windows): Select ‘Chrome Customization and Control’ at the top right of the web browser > Settings > Privacy and Security > Cookies and Other Site Data > ‘Block All Cookies (Not Recommended)’

Safari(Mac): Select Settings > Privacy > Cookies and Web Site Data > Block All Cookies

Edge(Windows) : Select the “Menu Icon” > Cookie and Site Permissions > “Manage and Delete Cookie and Site Data” > “Block Third-Party Cookies” switch in the upper right corner of the web browser

Chrome(Android): Select ‘Menu Icon’ at the top right of the web browser > Settings > Site Settings > Cookies > ‘Block all cookies (not recommended) ‘

Safari (iPhone, iPad, or iPod touch): Settings > Safari > “Block all cookies” switch

1. Installation, operation, and rejection of cookies – Customers have options for installing cookies. Therefore, customers can allow all cookies by setting options in their web browser, go through verification whenever they are saved, or refuse to save all cookies.
2. For service use and statistical analysis, we use Google Analytics tool, a log analysis tool. If you wish to discontinue log analysis through an external analysis tool, you can turn it off via the information page below.
  > Google Analytics Opt Out Guide
3. If you refuse to save cookies, some of the company’s services that require login may be difficult to use.

Article 11. A Personal Information Protection Officer

Personal Information Protection Officer

Name : Donghwan Kim
Position : Team leader, Director
Contact : 82-2-568-7985
E-mail : info@safetics.io

Article 12. Methods of Remedy for Infringement of Rights and Interests

The data subject may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency, etc. in order to receive relief for personal information infringement. In addition, please contact the following institutions for reports and consultations on other personal information infringement.

The following institutions are separate from the company, and if you are not satisfied with the results of the company’s personal information complaint handling and damage relief, or if you need more detailed help, please contact us.

Center for Reporting Personal Information Infringement (Operation of Korea Internet & Security Agency)

Tasks in charge: Report personal information infringement and request for counseling

Home page: privacy.kisa.or.kr

Phone: 118 (without country number)

Address: (58324) Personal Information Infringement Reporting Center, 3rd floor, Jinheung-gil 9, Naju-si, Jeollanam-do (301-2 Bitgaram-dong)

Personal Information Dispute Mediation Committee

Tasks in charge: Application for dispute mediation of personal information, collective dispute mediation (civil resolution)

Home page: www.kopico.go.kr

Phone: (Without country code) 1833-6972

Address: (03171) 4th floor of the Seoul Government Complex, 209 Sejongdae-ro, Jongno-gu, Seoul

Cybercrime Investigation Unit of the Supreme Prosecutors’ Office: 02-3480-3573 (www.spo.go.kr)

Cyber Crime Reporting System of the National Police Agency: 182 (ecrm.cyber.go.kr )

Article 13. Change of Personal Data Processing Policy

This privacy policy will take effect on November 21, 2023.

Appendix

<1> Legal Processing of Personal Information According to the Application of GDPR

The company shall process the user’s personal information legally only in any of the following cases.

Where the user agrees to process his/her personal information
Where it is necessary to deal with the performance of the contract to which the user is a party or to take measures at the request of the user before signing the contract
- Member management, identification, etc
- Performance of contracts, payment of fees, settlement of fees, etc. concerning the provision of services requested by users
Where processing is required to comply with the legal obligations applicable to the company
Compliance with relevant laws, regulations, legal procedures and government requests
- Where processing is necessary to protect the serious interests of users or other natural persons
Detect, prevent and respond to fraud, abuse cases, security risks, and technical problems that may harm users or other natural persons
- Public interest where processing is necessary for the execution of duties or the exercise of public authority granted to the company
- Where processing is necessary for the legitimate interests pursued by the company or a third party (but this is not the case especially when the interests or basic rights and freedoms of users who require personal information protection take precedence over those interests, such as when the user is a child)

<2> User’s rights when applying GDPR

Users or legal representatives may exercise the following rights in relation to the collection, use, and sharing of the company’s personal information as the subject of information.

Access to personal information
- Users or legal representatives can access information and request confirmation of records such as collection, use, and sharing of information in accordance with relevant laws.
The right to correct personal information
- Users or legal representatives may request correction of inaccurate or incomplete information.
The right to delete personal information
- Users or legal representatives may request the deletion of information due to the achievement of the purpose, withdrawal of consent, etc.
Restriction on the processing of personal information
- Users or legal representatives has a dispute over the accuracy of information and the legality of information processing, etc
  If you need to preserve information, you can ask for information processing restrictions.
The right to move personal information
- Users or legal representatives may request the provision or transfer of information.
The right to oppose
- Users or legal representatives may demand an interruption in information processing for direct marketing, information processing for legitimate interests or public duties and for research and statistical purposes.
Opposition to automated individual decisions, including profiling
- Users or legal representatives may require you to stop processing automated information that has a legal effect or a significant impact on you, including profiling. For this purpose, you can use the “Edit Member Information” menu on your website, or contact the company (or your personal information manager, representative) in writing, by phone or e-mail, and we will act without delay. However, the company may reject such a request only if there is a valid reason or corresponding reason specified in the law.

<3> Third-party sites and services

The company’s websites, products, services, etc. may include links to third-party websites, products, services, etc. The privacy policy of the linked third-party site can be addressed with the company’s policy. Therefore, users should additionally review the privacy policy of the linked third-party site.

Supplementary Provisions

This agreement will be effective from May 2, 2024.