주메뉴 바로가기 본문 바로가기

Privacy policy

GC Labs (“the Company”), the Company’s goods, and the Company’s website (www.gclabs.co.kr/eng) observe the clauses concerning the protection of personal information of the laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and the Personal Information Protection Act that the providers of information and communications services must observe. The Company also does what it can to protect the information of users (both members and non-members) of the Company’s services (“users”) and goods under these guidelines.

These guidelines contain the following contents.

  • 1. Collected Items of Personal Information and Method of Collection
  • 2. Purpose of Collection and Use of Personal Information
  • 3. Provision of Personal Information to Third Parties
  • 4. Period of Storage and Use of Personal Information
  • 5. Method and Procedure of Destruction of Personal Information
  • 6. Separate Management of Personal Information in Dormant Accounts
  • 7. Rights of Users and Legal Agents & Method of Exercising Such Rights
  • 8. User Obligations
  • 9. Matters Concerning Installation, Operation, and Rejection of Automated Personal Information Collection System
  • 10. Technical/Administrative Measures for Protection of Personal Information
  • 11. Contact of Personal Information Manager and Personnel in Charge

1. Collected Items of Personal Information and Method of Collection

The Company only collects and uses essential personal information stated in the following for purposes related to the supply of goods or provision of more efficient consultation to customers.

A. Collected Items of Personal Information

  • Required Information: personal name, name of business, department, position, email address, phone number, etc.
  • Automatically Collected Information: App activity data via Firebase Analytics, app crash reporting Data via Firebase Crashlytics

B. Method of Collection

The Company collects personal information through the following.

  • Website/email/phone/fax
  • When using the product, information is collected during execution or use

2. Purpose of Collection and Use of Personal Information

A. Management of users

Identification of individual users, prevention of dishonest/unauthorized use of the Company’s services, preservation of records for arbitration of disputes, technical support, delivery of notices, ascertainment of a user’s intention for membership withdrawal

B. Use of relevant materials for improvement of goods

User’s experience associated with improvement of goods and development of new goods, error reporting analysis, improvement of the functions of goods, and analysis of statistical materials concerning the frequency of a user’s access to the Company’s services or use of the Company’s goods

C. Use in marketing and ads (optional)

Supply of goods based on information on demographics, ascertainment of the effectiveness of goods, provision of promotional information, and provision of opportunities for participation

3. Provision of Personal Information to Third Parties

A. The Company uses users’ personal information within the extent stated in the foregoing 2. Purpose of Collection and Use of Personal Information. The Company does not use users’ personal information or provide it to third parties outside the said extent without obtaining their prior consent. The following cases are exceptions to what is stated in the foregoing sentence.

Third party providers: Google Inc.

  • To improve service quality, the company uses Firebase Analytics and Firebase Crashlytics, which are mobile application analysis services provided by “Google Inc.”, and sends log information, cookies, error reports, etc., to “Google Inc.” server
  • Where users consent in advance to the Company’s provision of their personal information to a third party
  • Where a law enforcement agency or supervisory institution asks for provision of personal information for investigation under the law
  • Where there is a request for personal information in a procedure stipulated by the law
  • Where personal information is provided in way that cannot identify specific individuals purposes of compilation of statistics, academic research, market survey, etc.

B. The Company may provide users’ personal information to a third party by following the adequate procedures and obtaining the prior consent from the user.

4. Period of Storage and Use of Personal Information

The Company destroys stored personal information once the purpose of storage has been attained. However, the Company keeps the following information for a stated reason and for the stated period.

A. Continuing to keep information per the law

Where the Company is required to keep users’ personal information under the Act on the Consumer Protection in the Electronic Commerce Transactions, etc., Commercial Act, etc., the Company does it for the period stated in the law as follows.

Records related to contracts or membership withdrawal

  • Basis for retainment: Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
  • Period of retainment: 5 years

Records on consumer complaints or handling of disputes

  • Basis for retainment: Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
  • Period of retainment: 5 years

Records on consumer complaints or handling of disputes

  • Basis for retainment: Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
  • Period of retainment: 3 years

Login records

  • Basis for retainment: Protection of Communications Secrets Act
  • Period of retainment: 3 months

Information collected through Firebase Analytics, Firebase Crashlytics

  • Period of retainment: When membership is withdrawn or when the provision of third-party information is terminated

5. Process of Destroying Personal Information

The Company destroys stored personal information in the following process.

A. In principle, all personal information of users is destroyed once the purpose of collection and use has been attained.

B. In the case where personal information has to be stored according to laws apart from the abovementioned, notwithstanding the fact that the period of storage has expired and the purpose of processing has been attained, the relevant personal information will be transferred and saved to a separate database (DB) or system, and destroyed after a certain period.

C. Process of destruction:

  • All personal information saved as hardcopy, such as printed matter, is destroyed by using a paper shredder or undergoing incineration process.
  • All personal information saved as softcopy, such as electronic files, is destroyed in a process where the data cannot be retrieved and the like.

6. Separate Management of Personal Information in Dormant Accounts

The Company manages the following information of users who fail to use or connect with the Company’s services for a whole year by separating it from the information of others.

A. Personal information collected and managed at the time of membership subscription and revised/managed user information

B. Information created in the process of the user’s use of the Company’s services such as login information, and details on their use of the Company’s services

7. Separate Management of Personal Information in Dormant Accounts

A. Users or their legal agent may ask the Company’s Personal Information Manager or personnel in charge for access to/revision of/deletion of their personal information in writing, by email, or by phone.

B. Where the user or their legal agent submitted a request for correction of an error in their personal information, the Company will stop using or providing the personal information until it is corrected. Where erroneous personal information has been provided to third parties, the Company provides them with information on the correction immediately.

C. Regarding personal information that the relevant user has asked us to cancel or delete, the Company handles the information per the foregoing 5. Period of Storage and Use of Personal Information and makes sure that such information is not subject to access or use for any other purpose.

8. User Obligations

Users are obligated to protect their own personal information. The Company is not responsible for the result of a problem that has occurred due to the disclosure of their personal information due to user carelessness or an internet problem.

A. Users must always update their personal information. Users are responsible for the result of a problem occurring due to their provision of inaccurate information.

B. Membership subscription or a transaction of goods through the dishonest use of another person’s personal information, such as their resident registration number, is strictly prohibited and may be punished under the Resident Registration Act.

C. Users are responsible to keep secret their ID and password and should not transfer/lend them to a third party. Users should change their password periodically in compliance with the Company’s Personal Information Protection Policy.

D. Users should log out and close the web browser program after using the Company’s service.

E. Users must observe laws related to personal information, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., Personal Information Protection Act, Resident Registration Act, etc.

9. Matters Concerning Installation, Operation, and Rejection of Automated Personal

A. What are cookies?

  • Cookies are small text files sent to the user’s browser by the server used to operate the website and stored on the hard drive of the user’s computer. Subsequently, when a user visits the website, the website server reads the contents stored on the user’s hard drive to maintain the user’s preferences and provide customized services.
  • Cookies are stored in the hard drive of a user’s computer. The user’s computer identifies cookies, but not the users themselves. The user may accept no/all cookies or ask us to send a notice whenever cookies are stored.

B. Purpose of using cookies

  • The use of cookies allows us to engage in targeted marketing and provide customized services to users based on an analysis of the frequency of their connection, the number of hours they spend visiting the Company’s website, and their propensity and interests.

C. Rejection of installation/operation of cookies by a user

  • The user may accept no/all cookies or ask us to send a notice whenever cookies are stored. They may reject the installation of cookies, but such rejection may lead to difficulties in using the Company’s services.

10. Technical/Administrative Measures for Protection of Personal Information

In handling the personal information of users, the Company takes the following technical/administrative measures lest the personal information be lost, stolen, disclosed, forged, or damaged.

A. Measures against hacking, etc.

  • The Company does what it can to prevent users’ personal information from being disclosed or damaged through hacking or viruses. To prevent damage to personal information, the Company backs up materials regularly. The Company uses updated vaccine programs to prevent users’ personal information or materials from being disclosed or damaged. The Company uses encoding in network communications for the safe transmission of personal information. The Company uses an intrusion prevention system to block any unauthorized access from outside. The Company strives to be equipped with all technical devices available for system security.

B. Handling of the personal information by a minimum number of employees and relevant education

  • A minimum number of employees handle personal information, and the Company stresses the importance of observing these guidelines to employees at educational sessions held from regularly. Employees handover/takeover the duties of handling personal information under tight security. The Company deals with the responsibility for mishaps related to personal information very strictly.

C. Operation of organization dedicated to the protection of personal information

  • The Company has newly hired employees submit a security-related affidavit as part of efforts to prevent the disclosure of important information. The team in charge of personal information protection sees that these guidelines are duly observed and is ready to take corrective steps when a security-related problem is identified. However, the Company is not responsible for the result of a problem that has occurred due to the disclosure of a user’s personal information (e.g. ID, password, etc.) due to user carelessness or an internet problem.

11. Contact of Personal Information Manager and Personnel in Charge

The Company operates a department that is in charge of the protection of personal information, along with Personal Information Manager. They handle complaints and matters related to personal information. Users may contact the Personal Information Manager or the personnel in charge stated in the following for inquiries about their personal information.

GC Labs

  • Personal Information Infringement Reporting Center
    (https://privacy.kisa.or.kr/ ☎: 118)
  • Cybercrime Investigation Center of the Supreme Prosecutors’ Office
    (http://www.spo.go.kr/ ☎: 1301)
  • Cyber Bureau of the National Police Agency
    (http://cyberbureau.police.go.kr/ ☎: 182)