Services Privacy Policy
Lambda256 Privacy Policy
Overview
Lambda256 Co., Ltd. (hereinafter referred to as "the Company") places great importance on the protection of personal information of customers using its sites and services. The Company is committed to protecting the personal information provided by customers for the use of its services. This Privacy Policy is based on the standards of the Personal Information Protection Act and complies with the regulations for the protection of personal information stipulated by relevant laws for information and communication service providers. The Company discloses this Privacy Policy on the homepage for easy access by customers at any time. This policy is subject to change in accordance with related laws and internal policies of the Company and will be updated as needed.
If you are a California resident, please also see our Lambda256 California Privacy Statement.
1. Collection, Use, and Retention of Personal Information
The Company processes personal information for the following purposes. The information is not used for any other purposes than those listed, and if the usage purposes change, necessary measures such as obtaining separate consent under the Personal Information Protection Act Article 18 will be taken:
- Membership registration and age verification, customer identification, prevention of unauthorized use, conflict resolution, and customer service.
- Limitations on customers who violate laws and terms of use, including prevention of unauthorized use and fraud, communication of policy changes, dispute resolution, and customer protection.
- Authentication for paid services, payment processing, and service usage.
- Providing information on events, advertising for marketing and promotional purposes.
- Service usage record analysis, statistical services, and advertising based on service analytics.
- Ensuring security, privacy, and a safe service environment for customers.
Personal information is fundamentally destroyed immediately after the purpose of its collection and use has been fulfilled.
2. Procedures and Methods for Personal Information Destruction
2-1 Immediate Destruction upon Necessity
When the retention period of personal information has elapsed or the processing purpose has been achieved, and the personal information is no longer necessary, it is destroyed without delay.
- Retention Despite Purpose Achievement: If personal information must be retained continuously as per other legal requirements despite the expiry of the agreed retention period or achievement of processing purposes, such information is moved to a separate database (DB) or stored in a different location.
- Destruction Procedures and Methods:
- Procedure: The data controller selects personal information for destruction upon the occurrence of a destruction reason. The destruction is executed with the approval of the data controller’s personal information protection officer.
- Method: Personal information stored in electronic file formats is destroyed in a manner that makes record regeneration impossible. Information recorded on paper documents is either shredded using a shredder or incinerated to ensure destruction.
2-2 Measures for Destruction of Personal Information of Non-Users (In Case of Destruction)
- Destruction of Non-User Information: The data controller ensures that the information of users is managed in compliance with applicable retention periods as specified by relevant laws.
- Notification Prior to Destruction: The data controller notifies users by email, text message, or other feasible methods about the impending destruction of personal information, at least 30 days before the expiry of the retention period and the specific items of personal information to be destroyed.
3. Minimal Collection of Personal Information
The Company collects the minimum necessary personal information for membership registration, customer support, and service provision, including names, email addresses, phone numbers, login IDs, and marketing activity consent.
4. Service Usage
The Company operates various services and provides contact support through support@lambda256.io. Additionally, the Company maintains logs related to product usage for service improvement and to prevent unauthorized use.
5. Third-Party Information Sharing
The Company processes customer personal information only within the scope specified in the "Purpose of Processing Personal Information" and does not provide it to third parties without the subject's consent, except as specified under the Personal Information Protection Act Articles 17 and 18. The Company will share personal information with third parties only when explicit consent has been obtained from the users and only to the extent necessary for the provision of smooth service.
6. Category of Personal Data Collected by Lambda256
6-1 Domestic(Republic of Korea) Contractors
| Contractor | Service Description | Retention and Usage Period |
|---|---|---|
| Payletter | SMS dispatch service, payment processing (credit card) | Until membership withdrawal or termination of the contract |
| AWS (Korea) | Operation of infrastructure storing personal data | Until membership withdrawal or expiration of data validity |
| JOBKOREA | Recruitment management solution operation and maintenance, applicant information storage | Until termination of the contract or upon data subject's request for destruction |
6-2 Overseas Contractors
| Contractor | Service Description | Retention and Usage Period | Contact Information | Purpose of Use | Personal Data Items Entrusted | Method and Timing of Transfer | Personal Data Protection Period |
|---|---|---|---|---|---|---|---|
| Active Campaign | Provision and participation opportunity in newsletters, events, and promotional information, content delivery, notification of announcements | Until membership withdrawal or termination of the contract | 1 North Dearborn St 5th Floor Chicago, IL 60602; or mailto:help@activecampaign.com | Provision of newsletters, events, and promotional information | Name, email address, membership information, purchase information, event participation information | Transferred via network each time the service is used | Until termination of the contract or upon data subject's request for destruction |
| Datadog | Logging of records related to product usage | Until termination of the contract or upon data subject's request for destruction | Datadog, Inc., 620 8th Avenue, Floor 45, New York, NY 10018; or mailto:privacy@datadoghq.com | Debugging, product improvement | Product usage logs | Transferred via network each time the service is used | Until termination of the contract or upon data subject's request for destruction |
Category of Third Parties to Whom Personal Data is Disclosed for Business Purposes
- Service providers
- Third-party services with which you engage or interact
- Advertising associates
7. Rights and Obligations of Customers and Legal Representatives
- Customers and their legal representatives can at any time request access to, correction, deletion, or transfer of their personal information stored in the Company's services. However, such rights may be limited under certain conditions as specified by relevant laws.
- In cases where the applicant is a minor under civil law, the use of the service is not permitted, even with the consent of a legal guardian (protector). The company may refuse the service application of a minor. By using the service, the customer confirms to the company that they are not a minor. Users who are children under the age of 14 cannot register for the service.
8. Information Processing Delegation
The Company delegates personal information processing tasks for efficient handling. This includes tasks such as SMS services, payment processing, and infrastructure operation. The delegated tasks and information retention periods are strictly supervised by the Company in accordance with the Personal Information Protection Act.
9. Information Security Measures
The Company has implemented both managerial and technical measures to ensure the safety of customer personal information. This includes internal management plans, minimizing and training personal information handling staff, and operating a dedicated personal information protection organization within the Company. Technological measures include encryption of passwords, regular data backup, the use of antivirus software, encrypted communication, and access control systems to prevent unauthorized access.
10. Automatic Information Collection Devices
The Company uses cookies for personalized and customized services. Cookies are small text files stored on the user's computer by the server. They help maintain user settings and provide customized services. Customers have the right to refuse or delete cookies, but doing so may limit the use of certain services requiring login.
11. Procedures and Methods for Personal Information Destruction
- Right to Access, Correct, Delete, or Suspend Processing: Data subjects have the right to access, correct, delete, or request the suspension of processing of their personal information at any time. This includes the ability to make inquiries about personal information held by the data controller. For minors under 14 years of age, such requests must be made by a legal guardian, while minors above 14 years can exercise these rights themselves or through their legal guardians.
- Method of Exercising Rights: These rights can be exercised through written, email, or fax communication as per Article 41, Paragraph 1 of the Personal Information Protection Act. The data controller is obligated to take prompt action upon receiving such requests.
- Exercising Rights Through a Representative: Data subjects may exercise their rights through a legal representative or an appointed agent. In such cases, a power of attorney as prescribed in the "Notification on the Method of Processing Personal Information (No. 2020-7)" must be submitted.
- Limitations on Rights: The rights to access and request the suspension of processing are subject to limitations under Articles 35(4) and 37(2) of the Personal Information Protection Act.
- Restrictions on Correction and Deletion Requests: Requests for correction or deletion of personal information may not be possible if the information is specified as a data collection target under other laws.
- Identity Verification: When a request for access, correction, deletion, or suspension of processing is made, the data controller must verify whether the requester is the data subject or a legitimate representative.
12. Personal Information Protection Officer
For any inquiries or complaints related to personal information protection, customers can contact the Company's Personal Information Protection Officer or the designated department. The Company will respond promptly and sufficiently to customer reports.
Personal Information Protection Officer
| Protection Manager | Lee Jaewon |
|---|---|
| Protection | SE Team (security engineering) |
| Protection Manager | Lee Heonjin |
|---|---|
| Protection Officer | SE Team (security engineering) |
| Protection Officer | 02-568-2560 |
| support@lambda256.io |
13. Scope of Policy Application
This service has been established in accordance with the laws of the Republic of Korea, and if used in regions not expressly mentioned, it will be governed by Korean law. Should any issues arise from access in other countries, Lambda256 is indemnified and bears no liability.
14. Changes to the Privacy Policy
The Company will notify any additions, deletions, or modifications to this Privacy Policy at least 7 days in advance. However, significant changes affecting user rights, such as changes in personal information items collected or their usage purposes, will be notified at least 30 days in advance, and user consent may be obtained again if necessary.
Announcement date: 2024.07.30
Enforcement date: 2024.08.06
You can check the previous Term of Service below.
2024. 03. 27 ~ 2024. 08. 05 (click)
2024. 02. 28 ~ 2024. 03. 26 (click)
2023. 05. 12 ~ 2024. 02. 27 (click)
2020. 11. 20 ~ 2023. 05. 11 (click)
2019. 05. 29 ~ 2020. 11. 19 (click)
2019. 03. 18 ~ 2019. 05. 28 (click)