Personal Information Processing Policy

The corporation Hwikgo Co., Ltd. (hereinafter referred to as the "Operator") complies with the provisions of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (hereinafter referred to as the "Information and Communications Network Act"), the Personal Information Protection Act, and other relevant laws and regulations related to the protection of personal information from the planning to the conclusion of the International Taxi service (hereinafter referred to as the "Service"). Additionally, the operator adheres to international standards such as the OECD Personal Data Protection Guidelines. In this regard, the operator establishes a personal information processing policy to ensure the protection of the rights and interests of customers (hereinafter referred to as "Members"). In the event of a revision of the personal information processing policy, the operator will notify through its website or mobile application.

Article 1 (Purpose of Collection and Use of Personal Information) The operator collects personal information for the following purposes and uses the collected personal information only within that purpose. If the purpose of use is changed, we will seek the prior consent of the member. These terms and conditions become effective when a member or subject of personal location information agrees to these terms and registers as a user of the service according to the prescribed procedure set by the operator.

  1. Intention to join as a member and intention to withdraw membership
  2. Verification of identity matching : membership application phone number and name of the applicant
  3. Determining whether the operator approves the application for membership, such as whether the member has reasons for refusal of membership according to the terms and conditions
  4. Provision of services to members
    • Personal identification within the service, use of personal location information to provide location-based services, payment of fees for service provision, brokering of drivers and vehicles, provision of contents, delivery of goods or sending invoices, authentication of financial transactions and financial services, collection of fees, etc. Matters necessary for signing and fulfilling contracts
  5. Issuance of One Account per Member
  6. Prevention and sanctions against acts that interfere with the smooth operation of the service, including account theft, prevention of fraudulent transactions,and acts of fraudulent use
  7. Member management, such as monitoring members' violations of laws and terms and conditions, operator's actions against members' violations of laws and terms and conditions, payment of coupons to members, expiry, identification of members' copyrighted works, etc.
  8. Notifications and information delivery to members of the operator as required by the terms and conditions
  9. Establishment of a service use environment that users can use with confidence in terms of security, privacy, and safety
  10. Service improvement, improvement and new service development through identification of age, gender, service usage records, access frequency and statistical analysis, etc.
  11. Dispute resolution, dispute mediation, handling of inquiries or complaints from members in the event of a dispute between the operator and the member
  12. Responding to charges for service usage fees, impossibility of billing (expired registration card period of members, validity of contract termination, lack of balance, exceeding of limits, false registration of members, misregistration, etc.), and responses to members’ objections to billing
  13. Collection and use for identification and treatment of causes in the event of an accident
  14. According to the procedures and methods prescribed by the legal regulations, in response to requests from investigative agencies
  15. For marketing and promotion purposes, such as providing event information and opportunities to participate, and providing advertising information

Article 2 (Items of Personal Information to be Collected and Method of Collection) The operator collects personal information as follows to achieve the purpose of collection and use of personal information in Article 1 above.

  1. The operator collects the following personal information as essential items for membership registration.
    Purpose of Collection and Use Collection Items Use and Retention Period
    Join the membership Full Name, e-mail adress and password Immediate deletion after Join the termination of service membership provision or membership withdrawal
  2. The operator collects the following additional mandatory personal information for the purpose of using the service.
    Purpose of Collection and Use Collection Items Use and Retention Period
    Operation and use Payment history,personal location information, various complaints/accident information, inquiries Destruction after achieving the purpose of use (however, if preservation is required according to relevant laws, keep for the applicable period), personal location information is kept for one year, and in case of dispute, until the statute of limitations has elapsed
    Card registration, payment and validation (Credit card payment) Member name, date of birth, card company, card number, card password (first two digits), CVC number, expiration date, business registration number, e-mail address, encrypted card identification information, etc. Destroy after achieving the purpose of use
  3. After member registration, the operator may collect the following items as optional choices through the method where members directly input them into the service
    Purpose of Collection and Use Collection Items Use and Retention Period
    Operation and use Member's SNS account information (ID), company/institution information (company/institution name, affiliated department), company email address, and other information voluntarily entered by members to use the service, etc. 30 days after termination Operation and use of service provision or membership withdrawal
  4. During the service use process or business process, IP address, visit date, service use record, access log, bad use record, app installation information, network location information, etc. may be automatically generated and collected.
  5. In the process of using the service, the operator provides personal location information providers (cell phone manufacturers, telecommunication companies, portal companies, etc.) only when the member agrees to the terms and conditions of use of location information through the service. (hereinafter referred to as “Personal Location Information”) is requested and received. Matters regarding the collection, use, and provision of personal location information are described in the Location Information Terms of Use.
  6. The operator may periodically validate or verify member information that it deems necessary for service operation, such as member card registration information.
  7. Personal information may be provided from external companies or organizations affiliated with the operator, and in this case, it is provided to the operator after obtaining consent from the affiliate to provide personal information to the user in accordance with the Information and Communications Network Act.
  8. The operator collects personal information through the following methods :
    1. Membership registration, sub-service application and information collection through website and mobile application
    2. Collection through identity verification service
    3. Written, phone, fax, e-mail, online counseling service, bulletin board, text message (SMS), SNS use
    4. Event giveaway application, delivery request
    5. Offers from affiliates
    6. Automatic collection through collection of generated information
    7. Automatic collection in the process of using the service
    8. Complaints or reports of the person or others

Article 3 (Period of Retention and Use of Collected Personal Information) The operator uses the member's personal information during the period when the customer receives the service as a member. However, when the member requests withdrawal from membership, deletion and disposal of personal information, or when the purposes of personal information collection as described above have been fulfilled, or when the retention and use period has expired, or in case of business closure, all collected personal information obtained through consent will be disposed of. However, the following information will be retained for the specified periods for the reasons stated below :

  1. Retention of information according to internal policy
    Basis for Retention Items Held Retention Period
    Disputes and problem solving with members Member information record Until the expiration of the statute of limitations, etc.
    Restrictions on re-registration of a member who has withdrawn 1 month
    Restriction on re-registration of restricted members and fraudulent users 1 year
  2. Retention of information according to related laws
    Basis for Retention Items Held Retention Period
    Article 6 Paragraph 1 Subparagraph 1 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc. Records of Displays / Advertisements 6 months
    Article 6 Paragraph 1 Subparagraph 2 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc. Records of Contracts or Revocations of Offers, etc 5 years
    Article 6 Paragraph 1 Subparagraph 3 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc. Records of Payment Transactions and Supply of Goods/Services 5 years
    Article 6 Paragraph 1 Subparagraph 4 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc. Records on handling consumer complaints or disputes 3 years
    Article 41, Paragraph 2, Subparagraph 2 of the Enforcement Decree of the Protection of Communications Secrets Act Login history 3 months
    Article 41, Paragraph 2, Subparagraph 1 of the Enforcement Decree of the Protection of Communications Secrets Act Other communication confirmation data 1 year
    Article 12 of the Enforcement Decree of the Electronic Financial Transaction Act Records on electronic financial transactions, etc. 1~5 years
    Article 85-3 of the Framework Act on National Taxes Ledgers and Documentary Evidence for All Transactions as Mandated by Tax Law 5 years (Offshore transaction 7 years)
  3. etention of dormant member information
    1. To ensure the protection of member's personal information, the operator classifies accounts as "Dormant Members" for users who have not logged into the service or utilized the service for a period of one year. Once designated as a dormant member, access to all services, including member logins, is suspended. The operator stores and manages the personal information of dormant members separately from existing members unless the information falls under the scope of retention as specified in paragraph 2 above.
    2. The operator will provide prior notice to the member, at least 30 days before the dormancy status is applied. After the date of dormancy processing, users can regain access to the services immediately by submitting a termination request following their identity verification.

Article 4 (Right to Refuse Consent and Notification of Disadvantages upon Refusal) Members have the right to refuse to consent to the collection and use of personal information. However, if you refuse to consent to the collection and use of the minimum amount of personal information necessary for contract conclusion and execution, you may experience disadvantages such as unavailability of the service or delay in processing. In addition, if you refuse to consent to the collection and use of personal information or selective collection and use for marketing activities and publicity, you may not be provided with information on events and benefits, or you may not be provided with free gifts, promotional materials, use of affiliate services, or application of discounts. And there may be disadvantages such as not being able to accumulate points.
*In addition to the consent for providing the main services, the operator may collect and use personal information or provide personal information to third parties according to the member's separate consent as agreed upon.

Article 5 (Personal Information Destruction Procedure and Method) In principle, the operator destroys the information without delay after the purpose of collecting and using personal information is achieved. Destruction procedures and methods are as follows.

  1. Personal information that has achieved the purpose of collection and use of personal information, such as membership withdrawal, termination of service, or the expiration of the personal information retention period agreed to by the user to destroy.
  2. Even in the case of information for which preservation obligations have been imposed by law, it is destroyed in a way that cannot be reproduced without delay after the expiration of the applicable period.
  3. In the case of members who have not used the service for one year (dormant account), the operator destroys or separately stores and manages personal information in accordance with Article 29, Paragraph 2 of the Information and Communications Network Act and Article 16 of the Enforcement Decree of the same Act. However, if separate consent is obtained from the user for the retention period of personal information, or if the law imposes an obligation to retain information for a certain period of time, personal information will be safely stored for that period.
  4. Records of fraudulent use, such as fraudulent sign-up and disciplinary records, are stored and destroyed for 6 months from the point of collection to prevent fraudulent sign-up and use.
  5. Records of fraudulent transactions (cell phone number, card number, device information, refund account) that violate related laws and terms of use, such as payment theft and illegal discount loans (aka 'card crackers'), prevent fraudulent transactions, protect other good users, and secure To ensure the transaction environment, it is stored and destroyed for 3 years from the point of collection.
  6. If the laws and regulations such as the Consumer Protection Act in Electronic Commerce, Electronic Financial Transaction Act, Protection of Communications Secrets Act, and the Framework Act on National Taxes stipulate the storage of information for a certain period, it will be followed. During this period, the operator stores personal information in accordance with the provisions of the law, and never uses this information for any other purpose.
  7. In the case of electronic files, they are safely deleted using technical methods to prevent recovery and reproduction, and outputs are destroyed by shredding or incinerating.

Article 6 (Processing of Personal location Information)

  1. The operator processes and retains personal location information as follows.
    Items of Processing Purpose of Processing Retention Period
    Mobile phone location information of users (passengers) (GPS, Wi-Fi, communication company base station information), movement route, service use log Provision of services such as call, reservation and dispatch, calculation and processing of rates, provision of various promotions such as coupons, analysis of service use and service improvement, various notices and communications, handling of civil complaints 1 year from the end of the commercial relationship (however, if the purpose of use is achieved before the relevant period, it will be immediately destroyed, and if the legally obligatory storage period ends after the relevant period or if a dispute persists thereafter, the relevant termination point) stored until)
  2. The operator may collect, use, or provide personal location information in accordance with the Terms of Use for location-based services in order to provide services.
  3. The operator provides the member's personal location information to a third party with the consent of the information subject as follows.
    Items of Provision Third Parties Receiving Information Retention and Usage Period of Third Parties
    Mobile phone location information of users (passengers) (GPS, Wi-Fi, base station information of telecommunication companies) Users (individual drivers) and corporate drivers belonging to participating transportation companies (Seoul Smart, Dongseoul Taxi, Shinshin Enterprises) From the time of calling/reservation of the user (passenger) to the decision of boarding
  4. However, the operator does not provide personal location information to a third party without the member's consent, and when providing it to a third party, the member is notified in advance of the recipient and purpose of provision and consent is obtained.
  5. When personal location information is provided to a third party with the member's consent, the member is notified immediately of the recipient, the date and time of provision, and the purpose of provision each time.
  6. When the purpose of processing personal location information, such as membership withdrawal, is achieved, the operator safely deletes personal location information so that it cannot be restored or reproduced in accordance with Article 5 of these Terms and Conditions. However, if storage is required in accordance with relevant laws and regulations, it will be kept for as long as the applicable period.
  7. The detailed information regarding the management of personal location information is governed by the Location Information Usage Agreement.

Article 7 (Rights of Members and Legal Representatives and How to Exercise Them)

  1. Members and legal representatives may exercise their rights related to personal information protection at any time with respect to the operator as follows, and may request to view, correct, delete, or suspend processing of registered personal information of themselves or their representatives.
    1. Request for personal information access
    2. Request for correction in case of errors or discrepancies
    3. Request for deletion
    4. Request for processing suspension
  2. The exercise of rights pursuant to Paragraph 1 above can be done in writing, by phone or e-mail, and the operator takes action without delay and notifies the processing result by signature, e-mail, or text message (SMS).
  3. If the operator intends to provide a service that provides a member's personal location information to a third party, it seeks consent from the member in advance, and in this case, the member is immediately notified of the recipient, date and time, and purpose of provision.
  4. When a member requests correction of an error in personal information, the operator does not use the personal information or provide it to a third party until the correction is completed. In addition, if incorrect personal information is provided to a third party, the correction result will be notified to the third party without delay.
  5. If a member requests deletion of personal information, the retention and use period of collected personal information in Article 3 and the procedure and method for destroying personal information in Article 5 shall be followed.
  6. The exercise of rights under this Article can be done through a member or an authorized person (agent). In this case, you must submit a power of attorney in accordance with Attachment No. 11 of the Enforcement Rules of the Personal Information Protection Act.

Article 8 (Rights of Persons Responsible for Protection of Children Under the Age of 8, etc.)

  1. The operator consents to the collection, use or provision of personal location information for the protection of the life or body of a person who falls under the following cases (hereinafter referred to as “Children Under the Age of 8”) If you do, it is considered that you have given your consent.
    1. Children under the age of 8
    2. Adult guardian
    3. A person with a mental disability according to Article 2, Paragraph 2, Subparagraph 2 of the Welfare of Persons with Disabilities Act, and a person with severe disabilities pursuant to Article 2, Subparagraph 2 of the Employment Promotion and Vocational Rehabilitation Act for Disabled Persons (according to Article 32 of the Disabled Persons Welfare Act) Limited to persons registered as disabled)
  2. A person obligated to protect a child under the age of 8 under the preceding paragraph is a person who actually protects the child and falls under any of the following subparagraphs:
    1. Legal representative of children under the age of 8 or guardian under Article 3 of the Act on Guardianship of Minors in Protection Facilities
    2. Legal representative of the adult guardian
    3. The legal representative of the person referred to in Paragraph 1, Subparagraph 3 of this Article, or the head of a living facility for the disabled (limited to facilities established and operated by the state or local governments) pursuant to Article 58, Paragraph 1, Paragraph 1 of the Welfare of Persons with Disabilities Act, Article 3 of the Mental Health Act The head of a social rehabilitation facility for the mentally ill under subparagraph 4 of Article 3 (limited to facilities established and operated by the state or local government), and the head of a mental sanatorium under subparagraph 5 of the same Article of the same Act
  3. A guardian who wishes to consent to the collection, use or provision of personal location information for the protection of the life or body of children under the age of 8 must submit a written consent form with a document proving that he/she is a guardian and submit it to the operator. The document contains the contents of each subparagraph below to prove that you are a person with a duty of care on a written consent form signed and dated.
    1. Name, address and date of birth of children under the age of 8, etc.
    2. Name, address, and contact information of the obligated guardian
    3. The fact that the purpose of collecting, using or providing personal location information is limited to protecting the life or body of children under the age of 8
    4. Date of consent
  4. The duty of protection may exercise all of the rights of the subject of personal location information if they agree to the collection, use or provision of personal location information of children under the age of 8.

Article 9 (Installation, Operation and Rejection of Automatic Personal Information Collection Devices) The operator does not use ‘Cookies’ that frequently store and find member information.

Article 10 (Provision of Personal Information to Third Parties)

  1. The operator shall only process the member's personal information within the scope of Article 1 and Article 2 of this agreement, and shall not use or provide the information to third parties beyond the agreed scope without the member's prior consent. However, there are exceptions in the following cases.
    1. If the user has agreed to the provision to a third party in advance
    2. When it is necessary to settle charges for service provision
    3. In case there is a request from an investigative agency or supervisory authority according to the provisions of the law or according to the procedures and methods set forth in the law for the purpose of investigation or investigation
    4. In cases where it is necessary for statistical writing, academic research, or market research, it is processed and provided in a form in which a specific individual cannot be identified
  2. In addition, if it is necessary to provide personal information to a third party in order to provide better service, the operator may reject the person who is provided with personal information in advance, the period of retention and use of personal information of the person who is provided with personal information, and the consent to provide information. Obtain consent from users by specifying the fact that they have rights and the disadvantages of refusal of consent.
    Recipient Information You Provide Of the Recipient Purpose of Information Retention and Use Of the Recipient Information Retention and Use Period
    Seoul City Member name, e-mail address, service use details International Taxi Operation and management,performance analysis and statistics creation Destroy after achieving the purpose of use
    KSNET Member name, date of birth, card company, card number, card password (first two digits), card expiration date, card CVC number, business registration number, e-mail address, service use details Card validation and payment Destroy after achieving the purpose of use (However, if preservation is required according to relevant laws, keep for the relevant period)
    EXIMBAY Member name, date of birth, card company, card number, card password (first two digits), card expiration date, card CVC number, business registration number, e-mail address, service use details Card validation and payment Destroy after achieving the purpose of use (However, if preservation is required according to relevant laws, keep for the relevant period)
    Members using the service mutual sharing of drivers Member name, e-mail address, mobile phone number, SNS ID, personal location information International taxi calling and car brokerage service, mutual identification between members and drivers Destroy after achieving the purpose of use (However, if preservation is required according to relevant laws, keep for the relevant period)
    jinmobility
    (i.M Taxi)    		 Mobile phone number including country code, e-mail address, name Provide call and vehicle brokerage services to affiliates, mutual identification between members and drivers Destroy after achieving the purpose of use (However, if preservation is required according to relevant laws, keep for the relevant period)
    1. However, even if the third party who receives the personal information achieves the purpose of provision or withdraws from the user, information necessary for contract implementation such as internal reporting, audit and inspection, cost settlement (claim), and preparation for disputes will be provided after the end of the business relationship. If there is no implementation or dispute persists, personal information may be retained and used until the implementation is completed or the dispute is resolved.
    2. The user has the right to refuse consent to the provision of personal information of the user as above. However, if you refuse to agree to the minimum amount of personal information necessary for service provision, etc., there may be disadvantages such as impossibility of entering into, maintaining, fulfilling, and managing contracts for service provision, or delays in handling accidents. there is.

Article 11 (Consignment of Personal Information Processing)The operator entrusts the following personal information processing tasks for smooth personal information processing.

  1. The operator entrusts some of the tasks necessary to provide services to external companies, and when concluding a consignment contract, prohibits processing of personal information other than the purpose of consignment work in accordance with Article 26 of the Personal Information Protection Act, technical and managerial protection measures, Measures to ensure safety, such as scope, restrictions on re-entrustment, and restrictions on access to personal information, management and supervision of trustees, and responsibilities such as compensation for damages are specified in documents such as contracts, and matters necessary for trustees to safely handle personal information are specified. Manages and supervises.
    1. Overseas transfer (consignment of personal information processing to an overseas company)
      Company Name - Amazon Web services. Inc
      Country of Transfer of Personal Information - USA
      Purpose of Use - Data storage and processing according to service use
      Transfer Items - Member unique ID, Service use record
      Date and Method of Transfer - Transmission through the network at the time of service use
      Retention and Use Period - Until membership withdrawal or consignment contract termination(However, if preservation is required according to relevant laws, keep for the relevant period)
  2. However, the third party who receives the personal information achieves the purpose of provision, or even if the member requests withdrawal, the information necessary for contract implementation such as internal reporting, audit and inspection, cost settlement (billing), and preparation for disputes is the contract specified in the Terms of Use. Personal information may be retained and used for up to 6 months after the termination of the business relationship according to the Act, and in the case of non-fulfillment or dispute continuing, until the fulfillment is completed or the dispute is resolved.

Article 12 (Measures to Ensure Safety of Personal Information Processing) The operator does its best to safely manage the member's personal information, and takes the following measures to protect personal information beyond the level required by the Information and Communications Network Act and the Personal Information Protection Act.

  1. Administrative measures
    1. Organization of personal information protection organization, such as designation of personal information manager
    2. Restriction of personal information handlers to a minimum
    3. Establishment and implementation of internal management plan including matters related to operation and training of personal information handlers
  2. Technical measures
    1. Establishment and enforcement of standards for granting/changing/cancelling access rights to systematically organized database systems to process personal information
    2. Installation and operation of intrusion prevention system and intrusion detection system for personal information processing system
    3. When a personal information handler accesses the personal information processing system and processes personal information, the date and time of access, details of processing, etc. are stored and checked and supervised.
    4. One-way encrypted storage of passwords, encrypted storage of financial information such as resident registration number, alien identification number, account information, credit card information, etc., use of encrypted secure communication when sending/receiving user's personal information and authentication information through information and communication networks
    5. Install anti-virus software and periodically update and inspect the personal information processing system and information devices used by personal information handlers to process personal information so that malicious programs such as computer viruses and spyware can always be checked/repaired.

Article 13 (Department in Charge of Personal Information Protection and Person in charge of Personal Information Management) The operator has designated the following departments and a personal information management officer to protect member's personal information and handle complaints related to personal information :

  1. Members use the service of the operator and can report all complaints related to personal information protection to the person in charge of personal information management or the department in charge. The operator will provide a prompt and sufficient response to the member's report.
    1. Personal information manager
      - Department : Planning and Operation Headquarters
      - Manager : Choi Jung Hyun Executive Director
      - Contact Number : 1644-2255
      - E-mail : reserve@intltaxi.co.kr
    2. Department in charge of personal information
      - Department : MaaS Service Business Team
      - Contact Number : 1644-2255
      - E-mail : reserve@intltaxi.co.kr
  2. If you need to report or consult about other personal information infringement, please contact the following organizations.
    1. Personal Information Infringement Reporting Center (https://privacy.kisa.or.kr / without area code 118)
    2. Information Protection Mark Certification Committee (https://www.eprivacy.or.kr / 02-550-9532~4)
    3. Advanced Crime Investigation Division, Supreme Prosecutor’s Office (https://www.spo.go.kr / without area code 1301)
    4. National Police Agency Cyber Investigation Bureau (https://ecrm.police.go.kr / without area code 182)

Article 14 (Duty to Notify) If there are any additions, deletions, or modifications to this Personal Information Processing Policy, it will be notified through the ‘Notice’ at least 7 days prior to revision. However, if there is a significant change in member rights, such as collection and use of personal information and provision to a third party, it will be notified at least 30 days in advance.

Addendum
These terms and conditions apply from November 18, 2024.