Article 1. Purpose of Processing Personal Information
Personal information ("personal information") referred to herein does NOT include data obtained from third-party data providers such as Google APIs, Atlassian APIs, Notion APIs, GitHub APIs, etc., and only pertains to data collected during the use of proprietary functionalities within Boildown. Data provided by third-party data providers is handled in accordance with Article 4.
Lotlas collects and uses personal information for the following purposes, following explicit consent from you:
Membership registration and management: confirmation of membership registration intention, identification authentication, confirmation of age (above 14), maintenance and management of membership, prevention of unauthorized use of the Service, various notices and notifications, etc.;
Services provision: General services, customized services, delivery of invoice and other contracts, identification authentication, age authentication, bill payment and settlement, debt collection, etc.;
Inquiry response: identity verification, inquiries confirmation, fact-finding, and outcome notification, etc.;
Service improvements and development: improvement of existing services and development of new services, development of customized services, etc.;
Article 2. Personal Information to be Collected and Processed
1. Lotlas collects and processes the following personal information:
a) Items collected when you subscribe: ID, password, email address,
b) Items collected when you use the Service: the SaaS used and your credentials for the SaaS;
c) Items collected automatically as you use the Service: IP address, cookies, device information (model name, OS), app settings, behavioral information, usage records, ad-identifiers;
d) Items collected when using paid services
- Payment by credit card: credit card information, such as the card company, card number
- Payment by wireless transfer: account information, such as account holder name, bank name
- Payment by mobile: payment information, such as mobile number, network service provider
e) Customer support: information, including each of the above information, may be collected and processed separately as is necessary to handle your inquiry.
Article 3. Period of Retention and Use for Personal Information
a) if there is an ongoing investigation regarding a violation of relevant laws and regulations, until the completion of the respective investigation;
b) If any debts resulting from the user’s use of the Services remain unsettled, until the settlement of the relevant debts;
c) If the Company terminates a service contract in accordance with the terms of service, Lotlas shall retain any records of unauthorized use of the Service for a period of one year after the termination of the service contract in order to prevent unauthorized resubscription and use of the Services.
Notwithstanding the foregoing, Lotlas may retain the following information until the end of the specified period:
a) Log records related to the use of the Services: for three (3) months, which is the retention period prescribed by the Protection of Communications Secrets Act of Korea;
b) Records of subscription or withdrawal of membership and records on payment and supply of goods: for five (5) years, which is the retention period prescribed by the Act on the Consumer Protection in Electronic Commerce, Etc.;
c) Records of customer complaints and dispute resolution: for three (3) years, which is the retention period prescribed by the Act on the Consumer Protection in Electronic Commerce, Etc.;
d) Records on advertisement displays: for six (6) months, which is the retention period prescribed by the Act on the Consumer Protection in Electronic Commerce, Etc.;
e) Books and supporting documents for all transactions prescribed by the tax laws: for five (5) years, which is the retention period prescribed by the Framework Act on National Taxes.
The Company shall separately store personal information of users who have not used the Services for a period or one year or a different period otherwise determined by the user.
Article 4. Provision of Personal Information to Third Parties
Service’s use of information received, and Service’s transfer of information to any other app, from Google APIs will adhere to Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes), including the Limited Use Requirements.
Article 6. You and Your Legal Representatives’ Rights, Obligations, and Exercise Methods
You may, at any time, exercise the right to peruse, correct, delete, and suspend the transfer of or processing of your personal information or request an explanation regarding the automated decisions about your personal information.
Your rights under 7.1 may be exercised in writing, by phone, or by e-mail. Lotlas shall take respective measures regarding your request without delay, subject to certain exceptions provided by applicable laws.
You may exercise the right under Section 7.1. through your agent such as your legal representative or a The Entrustee Description of the Entrusted Work Contact Amazon Web Services, Inc. Data hosting 1-888-280-4331 delegate in which case you will be required to submit to Lotlas a power of attorney that confirms such delegation and Lotlas may deny your request in accordance with applicable laws.
Your rights under Section 7.1 may be restricted in accordance with relevant laws such as the Personal Information Protection Act. Further, You may not request a correction and deletion of your personal information if such information is required to be collected according to other laws. Lotlas will confirm whether the person who made the request, such as a request for perusing, correction, or deletion, or request for suspension of the processing, holds such right or is a legitimate agent.
Article 7. Destruction of Personal Information
Lotlas will, without delay, destroy your personal information when your personal information becomes unnecessary, such as in the cases of the expiration of the personal information retention period, or achievement of the purpose of processing.
If Lotlas needs to preserve your personal information in accordance with the applicable laws and regulations even when the personal information retention period agreed by you has elapsed or the purpose of processing has been achieved, Lotlas will securely store your personal information and isolate it from further processing by storing it in a separate database.
Lotlas takes the following destruction procedures and methods:
a) Destruction procedures: Lotlas will select the personal information that needs to be destroyed and destroy the personal information with the approval of Lotlas ‘s personnel for management of personal information; and
b) Destruction method: Lotlas destroys personal information recorded and stored in electronic file format using technical methods so that the information cannot be reproduced, and personal information recorded and stored on paper documents is destroyed by crushing or incineration with a shredder
If a users has not used the Services for a period of year or a separate period of time otherwise agreed by the user separately, Lotlas converts the user’s account as dormant accounts and stores their personal information separately. The separated personal information is retained for four (4) years and thereafter destroyed without delay.
If you do not want your account to be converted into a dormant account, you can log in to the Services before the account is converted. Moreover, you may restore a dormant account even if it has been converted, by logging in the dormant account and providing your consent to the restoration of your account. Once restored, you may use the Services as normal.
Article 9. Safety Measures for Personal Information
Lotlas has implemented the following appropriate and reasonable administrative and technical security measures designated to protect the security of your personal information:
a) Administrative measures: establishment and implementation of internal management plans for personal information, regular employee training, etc.
b) Technical measures: technical countermeasures against hackings, etc., encryption of personal data, storage access records, and prevention of forgery, etc.
c) Physical measures: Access restrictions to information storages, servers, etc.
Notwithstanding the foregoing, no electronic transmission over the Internet or information storage technology can be guaranteed 100% secure, so Lotlas cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will endeavor our best to protect your personal information, the transmission of personal information to and from our website is at your own risk. Further, you should only access our website within a secure environment.
Article 10. Installation, Operation, and Refusal of Automatic Personal Information Collection
In order to provide customized services to the users, Lotlas uses ‘cookies’ to store and retrieve your information as described below. Cookies refer to small amounts of data that is sent by the server that operates the website to your computer browser, which may be stored on the hard disk of your computer.
Purpose of Cookies: Cookies are used to manage security measures, enhance and develop services, offer customized Services and provide tailored advertisements through analyzing user access, such as the frequency and timing of access, identify patterns in the user’s usage, track user activities, and access to security measures.
Installation, Operation, and Rejection of Cookies: users may choose to install cookies. Accordingly, users have the right to reject the storage of cookies by changing their settings in their web browser as described below.
Rejecting the storage of cookies may result in difficulties using certain Services.
Article 12. Chief Privacy Officer
Lotlas has designated the Chief Privacy Officer, who is the person in charge of managing personal information tasks and handling your complaints about personal information. Our Chief Privacy Officer’s contact information is as follows:
▶ Chief Privacy Officer
- Name : Jinoo Lee
- Position : Tech Lead
- Contact : email@example.com
You may inquire about all personal information protection-related inquiries, handling complaints, damage relief, etc. that occurred while using Lotlas’s services to our Chief Privacy Officer and the following department in charge:
- Department : Information security team
- Contact : firstname.lastname@example.org
Article 13. Dispute Resolution
You may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee or the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency to receive relief from personal information infringement. For other reports and consultations on personal information infringement, please contact the following organizations:
- Personal Information Dispute Mediation Committee: +82-1833-6972 (without area code) / www.kopico.go.kr
- Personal Information Infringement Reporting Center: +82-118 (without area code) / privacy.kisa.or.kr
- Supreme Public Prosecutors’ Office: +82-1301 (without area code) / www.spo.go.kr
- National Police Agency: +82-182 (without area code) / ecrm.cyber.go.kr
Lotlas ensures the user’s right to self-determination of their personal information and strives to provide consultation and remedies for damages caused by any breach of personal information. If you need to report or consult us regarding a personal information breach, please contact our Chief Privacy Officer or the Personal Information Management Team.