Services Privacy Policy

Lambda256 Privacy Policy


Lambda256 Co., Ltd. (hereinafter referred to as "the Company") places great importance on the protection of personal information of customers using its sites and services. The Company is committed to protecting the personal information provided by customers for the use of its services. This Privacy Policy is based on the standards of the Personal Information Protection Act and complies with the regulations for the protection of personal information stipulated by relevant laws for information and communication service providers. The Company discloses this Privacy Policy on the homepage for easy access by customers at any time. This policy is subject to change in accordance with related laws and internal policies of the Company and will be updated as needed.
If you are a California resident, please also see our Lambda256 California Privacy Statement.

Effective Date: 2024.03.27

  1. Collection, Use, and Retention of Personal Information The Company processes personal information for the following purposes. The information is not used for any other purposes than those listed, and if the usage purposes change, necessary measures such as obtaining separate consent under the Personal Information Protection Act Article 18 will be taken:
    • Membership registration and age verification, customer identification, prevention of unauthorized use, conflict resolution, and customer service.
    • Limitations on customers who violate laws and terms of use, including prevention of unauthorized use and fraud, communication of policy changes, dispute resolution, and customer protection.
    • Authentication for paid services, payment processing, and service usage.
    • Providing information on events, advertising for marketing and promotional purposes.
    • Service usage record analysis, statistical services, and advertising based on service analytics.
    • Ensuring security, privacy, and a safe service environment for customers.

Personal information is fundamentally destroyed immediately after the purpose of its collection and use has been fulfilled.

Procedures and Methods for Personal Information Destruction

  • Immediate Destruction upon Necessity: When the retention period of personal information has elapsed or the processing purpose has been achieved, and the personal information is no longer necessary, it is destroyed without delay.
    • Retention Despite Purpose Achievement: If personal information must be retained continuously as per other legal requirements despite the expiry of the agreed retention period or achievement of processing purposes, such information is moved to a separate database (DB) or stored in a different location.
    • Destruction Procedures and Methods:
      • Procedure: The data controller selects personal information for destruction upon the occurrence of a destruction reason. The destruction is executed with the approval of the data controller’s personal information protection officer.
      • Method: Personal information stored in electronic file formats is destroyed in a manner that makes record regeneration impossible. Information recorded on paper documents is either shredded using a shredder or incinerated to ensure destruction.

Measures for Destruction of Personal Information of Non-Users (In Case of Destruction)

  • Destruction of Non-User Information: The data controller ensures that the information of users is managed in compliance with applicable retention periods as specified by relevant laws.
    • Notification Prior to Destruction: The data controller notifies users by email, text message, or other feasible methods about the impending destruction of personal information, at least 30 days before the expiry of the retention period and the specific items of personal information to be destroyed.
  1. Minimal Collection of Personal Information The Company collects the minimum necessary personal information for membership registration, customer support, and service provision, including names, email addresses, phone numbers, login IDs, and marketing activity consent.
  2. Service Usage The Company operates various services and provides contact support through Additionally, the Company maintains logs related to product usage for service improvement and to prevent unauthorized use.
  3. Third-Party Information Sharing The Company processes customer personal information only within the scope specified in the "Purpose of Processing Personal Information" and does not provide it to third parties without the subject's consent, except as specified under the Personal Information Protection Act Articles 17 and 18. The Company will share personal information with third parties only when explicit consent has been obtained from the users and only to the extent necessary for the provision of smooth service
  4. Category of Personal Data Collected by Lambda256

    Domestic(Republic of Korea) Contractors
ContractorService DescriptionRetention and Usage Period
PayletterSMS dispatch service, payment processing (credit card)Until membership withdrawal or termination of the contract
AWS (Korea)Operation of infrastructure storing personal dataUntil membership withdrawal or expiration of data validity
JOBKOREARecruitment management solution operation and maintenance, applicant information storageUntil termination of the contract or upon data subject's request for destruction

Overseas Contractors

ContractorService DescriptionRetention and Usage PeriodContact InformationPurpose of UsePersonal Data Items EntrustedMethod and Timing of TransferPersonal Data Protection Period
Active CampaignProvision and participation opportunity in newsletters, events, and promotional information, content delivery, notification of announcementsUntil membership withdrawal or termination of the contract1 North Dearborn St 5th Floor Chicago, IL 60602; or mailto:help@activecampaign.comProvision of newsletters, events, and promotional informationName, email address, membership information, purchase information, event participation informationTransferred via network each time the service is usedUntil termination of the contract or upon data subject's request for destruction
DatadogLogging of records related to product usageUntil termination of the contract or upon data subject's request for destructionDatadog, Inc., 620 8th Avenue, Floor 45, New York, NY 10018; or mailto:privacy@datadoghq.comDebugging, product improvementProduct usage logsTransferred via network each time the service is usedUntil termination of the contract or upon data subject's request for destruction

Category of Third Parties to Whom Personal Data is Disclosed for Business Purposes

  • Service providers
  • Third-party services with which you engage or interact
  • Advertising associates
  1. Rights and Obligations of Customers and Legal Representatives
    • Customers and their legal representatives can at any time request access to, correction, deletion, or transfer of their personal information stored in the Company's services. However, such rights may be limited under certain conditions as specified by relevant laws.
    • In cases where the applicant is a minor under civil law, the use of the service is not permitted, even with the consent of a legal guardian (protector). The company may refuse the service application of a minor. By using the service, the customer confirms to the company that they are not a minor. Users who are children under the age of 14 cannot register for the service.
  2. Information Processing Delegation The Company delegates personal information processing tasks for efficient handling. This includes tasks such as SMS services, payment processing, and infrastructure operation. The delegated tasks and information retention periods are strictly supervised by the Company in accordance with the Personal Information Protection Act.
  3. Information Security Measures The Company has implemented both managerial and technical measures to ensure the safety of customer personal information. This includes internal management plans, minimizing and training personal information handling staff, and operating a dedicated personal information protection organization within the Company. Technological measures include encryption of passwords, regular data backup, the use of antivirus software, encrypted communication, and access control systems to prevent unauthorized access.
  4. Automatic Information Collection Devices The Company uses cookies for personalized and customized services. Cookies are small text files stored on the user's computer by the server. They help maintain user settings and provide customized services. Customers have the right to refuse or delete cookies, but doing so may limit the use of certain services requiring login.
  5. Procedures and Methods for Personal Information Destruction
    • Right to Access, Correct, Delete, or Suspend Processing: Data subjects have the right to access, correct, delete, or request the suspension of processing of their personal information at any time. This includes the ability to make inquiries about personal information held by the data controller. For minors under 14 years of age, such requests must be made by a legal guardian, while minors above 14 years can exercise these rights themselves or through their legal guardians.
    • Method of Exercising Rights: These rights can be exercised through written, email, or fax communication as per Article 41, Paragraph 1 of the Personal Information Protection Act. The data controller is obligated to take prompt action upon receiving such requests.
    • Exercising Rights Through a Representative: Data subjects may exercise their rights through a legal representative or an appointed agent. In such cases, a power of attorney as prescribed in the "Notification on the Method of Processing Personal Information (No. 2020-7)" must be submitted.
    • Limitations on Rights: The rights to access and request the suspension of processing are subject to limitations under Articles 35(4) and 37(2) of the Personal Information Protection Act.
    • Restrictions on Correction and Deletion Requests: Requests for correction or deletion of personal information may not be possible if the information is specified as a data collection target under other laws.
    • Identity Verification: When a request for access, correction, deletion, or suspension of processing is made, the data controller must verify whether the requester is the data subject or a legitimate representative.
  6. Personal Information Protection Officer
    For any inquiries or complaints related to personal information protection, customers can contact the Company's Personal Information Protection Officer or the designated department. The Company will respond promptly and sufficiently to customer reports.

Personal Information Protection Officer

Protection ManagerLee Jaewon
ProtectionSE Team (security engineering)
Protection ManagerLee Heonjin
Protection OfficerSE Team (security engineering)
Protection Officer02-568-2560
  1. Scope of Policy Application This service has been established in accordance with the laws of the Republic of Korea, and if used in regions not expressly mentioned, it will be governed by Korean law. Should any issues arise from access in other countries, Lambda256 is indemnified and bears no liability.
  2. Changes to the Privacy Policy The Company will notify any additions, deletions, or modifications to this Privacy Policy at least 7 days in advance. However, significant changes affecting user rights, such as changes in personal information items collected or their usage purposes, will be notified at least 30 days in advance, and user consent may be obtained again if necessary.

2024. 02. 28 ~ 2024. 03. 26 (click)

2023. 05. 12 ~ 2024. 02. 27 (click)

2020. 11. 20 ~ 2023. 05. 11 (click)

2019. 05. 29 ~ 2020. 11. 19 (click)

2019. 03. 18 ~ 2019. 05. 28 (click)