Quota Lab Inc. - Privacy Policy

Last updated: 31 May 2022

Quota Lab Inc. - Privacy Policy 

Quota Lab, Inc. (hereinafter referred to as the “Company” or “Quota Lab”) complies with personal information protection regulations and Act on Promotion of Information and Communications Network Utilization and Information Protection. This Privacy Policy explains the Company’s treatments to protect personal information and rights and also to handle in case there are conflicts related to personal information. 

This Privacy Policy is applied to the Company and the use of its services. Please be noted that if the Company provides a separate Privacy Policy for any of its service, the Company shall comply with the specific policy and notify on the service website.

1. Purpose of use of Personal Information

Personal information will be used for the following purposes and will not be used for purposes other than the listed below. If there is to be a change in the purpose of use, the Company shall receive agreement prior to the change. 

a. Website registration and management

To verify your intention to register, manage user qualification, identify personal identification, prevent misuse of services, notify various changes or notifications, handle issues, keep record of conflicts and etc.

b. Provision of product or service

To provide service, contents or customized services, as well as fee payment and etc. 

c. Marketing and advertising

To develop new services and provide customized services, provide information and opportunities to participate in events and promotions, provide services and publish advertisements according to demographic features, to verify the validity of services, to figure out access frequencies or obtain statistics on the service uses by members

2. Items of Personal Information to be Collected and Collection Methods

a. Items of Collected Personal Information

Firstly, the Company collects the following information when users initially register for proper registration, smooth customer service, and various other services. 

  • ID, password, full name, birthday, home address, business registration number, fax number
  • Company name, title, CEO name, company address, company phone number, administrator’s mobile phone number

Secondly, in the process of using paid services, the following information may be collected.

  • Credit card information, bank account information, payment history. 

Thirdly, in the process of using services or business operation, the following information may be automatically created and collected.

  • Access IP information, records of service use, records of access and visit information

b. Personal Information Collection Methods

  • Website, hard copy document, fax, phone, customer support bulletin board, email
  • Provision from third-party partner companies

3. Storage and Use Period of Personal Information

The Company retains and uses personal information for a specified period of time in compliance with relevant laws or agreed upon by the information provider at the time of collection. 

a. Personal information related to website registration and management, customer service, provision of products and services, provision of marketing and advertisements are stored and used from date of privacy information collection agreement till membersion withdrawal

b. Under relevant laws including the Commercial Code, the Act Relating to Consumer Protection in Electronic Commercial Transactions and etc., the Company retains the user information for a certain period of time prescribed under relevant laws.  In this case, the Company uses the personal information it stores only for the purpose of preservation thereof, and the period are as follows:

  • Reason for record retention on contracts, agreements or withdrawals of offers: the Act relating to Protection of Consumers in Electronic Commercial Transactions, etc.

Retention period : five (5) years

  • Reason for record retention on payments and supplies of goods, etc.: the Act relating to Protection of Consumers in Electronic Commercial Transactions, etc.

Retention period : five (5) years

  • Reason for record retention on online financial transactions: Electronic Financial Transaction Act 

Retention period : five (5) years

  • Reason for record retention on digital tax invoice issuance: Value Added Tax Act

Retention period : five (5) years

  • Reason for record retention on complaints of consumers or dispute resolutions : the Act relating to Protection of Consumers in Electronic Commercial Transactions, etc.

Retention period : three (3) years

  • Reason for record retention on collection and usage of credit information : the Act relating to Credit Information use and protection 

Retention period : three (3) years

4. Provision of private information to third parties

Quota Lab only provides personal information to third parties under situations that fall under Articles 17 and 18 of the Personal Information Protection Act such as the consent from information provider or specific provisions under the law.

5. Consignment of personal information

Quota Lab entrusts personal information processes to third parties that provide professional services to offer its services, taking necessary measures for safe protection of personal data when consigning it to third parties in accordance with related laws. 

Under the Article 25 of the Personal Information Protection Act, the Company clarifies on the contract that personal information may not be used for purpose other than the entrusted activities, technical and administrative measures are to be taken for safety, reconsignment is to be restricted, management oversight of the consignee is provided, any damage shall be compensated and etc., supervising whether the consignee handles personal information safely.  

If the scope of consignment or the consignee is to change, the Company shall disclose the personal information processing policy without delay. 

Entrusted Company (Consignee) Entrusted operations
  • Transmitting personal (credit) information through data subject’s authenticated information
  • Requesting through data subject’s authenticated information for the improvement of API service and operation
  • Storing request and response data (Full destruction upon the end of consignment contract)
  • Processing data subject’s requests for perusal, correction, deletion, suspension of personal information
Kakao Pay
  • Verification of identity for registration and voting for specific agendas
Korea Financial Telecommunications and Clearings Institute (KFTC)
  • CMS withdrawal & transfer services
  • Sending out emails of major transactions (Location: United States)
  • cSending out emails (Location: United States)
Channel Corp.

  • Customer service management (Location: South Korea)

6. Rights of Users & Legal Representatives and Exercising Those Rights

Users, as owners of personal information, are entitled to exercise their rights listed below. 

a. Users can exercise their rights to personal information listed below at any time

i) Request to view personal information
ii) Request to edit errors
iii) Request to delete
iv) Request to stop process

b. Data subjects can exercise the rights provided in paragraph (1) by completing the form specified in attached Form 8 of the Enforcement Rule of the Personal Information Protection Act and submitting it to Quota Lab by post, email or fax and the Company shall take measures without any delay.  

c. When a data subject requests the correction or deletion of any error, etc., to the data subject’s personal information, the relevant information will not be used or provided until it is corrected or deleted.

d. A data subject may exercise the rights provided in paragraph (1) through an agent, including a legal representative and a power of attorney. In such cases, the data subject must submit a letter of delegation.

7. Installation, operation and rejection of automatic personal information collection system

The Company uses cookies that periodically search and save user information. Cookie is a small piece of text files that a server uses to operate a website, sent to the user's web browsers and that is stored on the user’s hard drive. Quota Lab uses encrypted cookies for the following purposes:

a. Purpose of use

To provide personalized service and target marketing based on statistical analysis of member/non-member visit frequency or time, user interest area or preference and its tracking, event participation frequency etc. Users have the right to allow all cookies, confirm at every cookie savings or to reject all savings of cookies from the web browser's setting options.  

b. Ways to reject the use of cookies

(Example: You can opt in or out of the use of cookies from your web browser’s options, either to allow all cookies, confirm at every cookie savings or to reject all savings of cookies)

Method: ie. Internet Explorer => Select "Tool" menu at the top of the browser. > "Internet Options" > "Personal Data" Tab > Settings  (Please be noted that if you choose to opt out of cookies, it might be difficult for the Company to provide you with a personalized service)

c. On installation, operation and rejection of other automatic personal information collection systems

To provide better service to users, Quota Lab uses Google’s Web log analytics tool, Google Analytics. 

Google Analytics collects the Company website user’s behavioral data through cookies, and only collects personally unidentifiable information. Even in this case, the user can install additional add-on from https://tools.google.com/dlpage/gaoptout to opt out of Google Analytics or can set from web browsers to opt out from cookies to refuse the use of Google Analytics. Please be noted that if you choose to opt out of Google Analytics, it might be difficult for the Company to provide you with a personalized service. Personally identifiable information collected through Google Analytics can be used for online advertising purposes through Google Ads service.

8. Destruction of Personal Information

Quota Lab destroys user personal information immediately after the purpose of collection has been properly achieved. The procedures and methods for destroying personal information are as follows:

  • Destruction procedure: Personal information provided by a user is destroyed in accordance with relevant laws and internal policies after the expiration of the retention period or the achievement of original purpose.
  • Destruction method: The Company destroys personal information in the following ways
    • Electronic data will be destroyed in an irreversible manner using technical methods. 
    • Paper data will be either destroyed by a shredder or will be incinerated

9. Security practices regarding personal information

Quota lab takes the following technical, managerial and physical security measures in accordance with  Article 29 of the Personal Information Protection Act

a. Minimization of personnel handling personal information and training. 

The Company designates personnel in charge of personal information at a minimal level on order to protect personal information. 

b. Personal information encryption

User’s personal information and password are encrypted for storage and can be only accessed by the user. Important information such as files and transferred data are also encrypted or locked using passwords and properly secured. 

c. Incident measures (ie. hacking)

Quota Lab runs security/protection programs to prevent personal information from being leaked or damaged due to incidents such as hacking or computer viruses. The Company also conducts periodical updates to check and install systems to prevent and monitor restricted information and area from external access technically and physically. 

d. Restricted access to personal information

The Company is taking necessary steps to prevent access to personal information through granting, updating and expiring permission to the database system to handle personal information and is restricting unpermitted external access through intrusion prevention system. 

e. Systems to secure documents

Documents or other storage devices that store user’s personal information are stored and managed in a safe place with secure locking systems. 

f. Access control of unauthorized persons

The Company holds a separate physical place to store personal information. We implemented and are operating its access control.

10. Privacy Protection Officer

a. To be responsible for personal information processes and to handle personal information subject’s complaints, inquiries and to protect users from damage, Quota Lab appoints the following personal information protection manager.

▶ Officer in charge

Name : Dong Hyun ChoiPosition : CEOContact number : 02-6447-8004Contact email : info@quotabook.com

b. For any inquiries, complaints, damage relief or other matters concerning personal information protection, data subjects can contact and inquire directly to the Privacy Protection Officer

11. Seeking remedy against rights infringement

You may direct complaints and further inquiries about Quota Lab’s action on personal information to the below external organizations 

▶KISA Report Center for Personal Information Breach- Responsibilities : receiving complaints regarding infringement of personal information- Website : privacy.kisa.or.kr- Contact : 118 (no area code needed)

▶Personal Information Dispute Mediation Committee (organized by Personal Information Protection Commission)- Responsibilities : mediating disputes regarding personal information and/or collective complaints (towards civil solutions)- Website : www.kopico.go.kr- Contact : 1833-6972

▶Cyber Crime Investigation, Supreme Prosecutors' Office : 02-3480-3573 (www.spo.go.kr)

▶Cyber Terror Response Center, National Police Agency : 182 ( http://cyberbureau.police.go.kr)

12. Amendment to the Privacy Policy

This Privacy Policy is enforced from May 31, 2022 and any amendment due to the change, inclusion or deletion to laws or terms shall be notified seven (7) days before the actual enforcement of the updated policy.