Privacy policy
Last updated: 16 December, 2022
STCLab and all of its subsidiaries and other affiliates (collectively, "STCLab," "we," "us," and "our") respect and want to protect your privacy. This privacy policy (“Privacy Policy”) explains, among other things, the types of information we collect about you when you visit this website (the “Site”) or when you access or use other STCLab websites, mobile or desktop applications, and/or additional online services (collectively with the Site, the “Services”); how your information may be used and disclosed; how you can control the use and disclosure of your information; and how your information is protected. By accessing and/or using any Services, you accept, agree, and affirmatively consent to be bound by all of the terms of this Privacy Policy without limitation or qualification, including our collection, storage, and processing of your personal information in the Republic of Korea, U.S. and E.U. and in any other country to which we may transfer your personal information in accordance with the terms of this Privacy Policy. Please be sure to read this entire Privacy Policy before using this Site or any Services or providing any information to us. If you disagree with or do not accept any part of this Privacy Policy, do not use this Site or any Services or provide us with any information. The Privacy Policy is a part of, and subject to, the STCLab’s Terms and Conditions ("the Terms and Conditions") Click here https://cloud.stclab.com/terms. The Privacy Policy and the Terms and Conditions are legally binding on all users of this Site and any Services. If you have any questions, please contact us using one of the methods set out in the "Contact Us" section at the end of this Privacy Policy.
1. Information We Collect
We may collect personal information in connection with your use of the Site or any Services (collectively, "Personal Information"). This information is collected for our legitimate business purposes and may be used as described below.
(1) Active Collection Of Information We may actively collect certain Personal Information including: (a) name; (b) contact information, such as email address, postal address, zip code, and telephone number; (c) user name and password; (d) demographic information, such as gender or date of birth; (e) information about whether you are over the age of 13 and a U.S. resident; (f) any email communications, comments, suggestions, or other information that you provide on, through, or relating to this Site or any Services and/or that relates to us or our products or services; (g) personal information we collect when you report a possible side effect associated with one of our products; (h) responses to surveys; (i) your search queries; (j) credit card or bank account information, billing/payment terms, credit limit, and credit status; (k) job title and professional affiliations; (l) communications preferences; (m) product preferences; (n) responses to questionnaires ; (o) information you provide when you subscribe to one of our mailing lists or newsletters, or (p) other types of information described to you at the point of collection.
(2) Automatic Collection Of Information We also may collect certain information automatically when you visit and use the Site and any Services. We collect this information for our legitimate business purposes and to facilitate your use of our Site and Services. Such information may include: (a) the time, date, and duration of your visit to the Site; (b) your browser type and operating system; (c) your Internet Protocol (IP) address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area; (d) other unique identifiers, including device information such as the unique device identifier, hardware model, operating system and version, and mobile network information; (e) sites you visited before and after visiting the Site; (f) pages you view and links you click on within the Site; (g) products ordered and their value; (h) your interactions with email messages, such as the links clicked on and whether the messages were opened or forwarded; and (i) social media tracking pixels that allow platforms such as Facebook and Twitter to interact with this Site and give feedback on your actions. We may use cookies, pixel tags, and similar technologies to automatically collect this type of information. Cookies are small bits of information that are stored by your computer’s web browser. Aggregate cookie and tracking information may be shared with third parties. You should be able to decide if and how your computer will accept a cookie by configuring your preferences or options in your Internet browser settings. However, if you choose to disable cookies, you may not be able to use certain services or features on the Site or in connection with the Services. Pixel tags are very small images or small pieces of data embedded in images, also known as "web beacons" or "clear GIFs," that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. By accessing the Site or using any Services, you affirmatively consent to our use of cookies, pixel tags, and similar tracking technologies. You may change your preferences in this respect by emailing us at to_jaein@stclab.com. We may allow third parties to place and read their own cookies, web beacons, and similar technologies to collect information through the Site and Services. We do not control how those third parties use that information. These third parties include service providers who may use these technologies to collect information that helps us with traffic measurement, research, and analytics. If you have any questions regarding the use of cookies on our sites, or wish to change or revoke your consent to the use of cookies, please contact us using one of the methods set out in the "Contact Us" section at the end of this Privacy Policy.
(3) Information From Other Sources To the extent permitted by applicable law, we may collect or receive additional information about you, such as demographic data or fraud detection information, from third-party service providers and/or partners. For example, we may receive background check results (with your consent where required) or fraud warnings from service providers for our fraud prevention and risk assessment efforts. We may also collect public personal information about you when we monitor other websites. For example, we may monitor conversations on public platforms concerning STCLab or the pharmaceutical industry more generally. We may combine information about you from various sources. If you link, connect, or log in with a third-party service (such as Google, Facebook, or LinkedIn), the third-party service may send us information such as your registration and profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service. We do not control, supervise, or respond regarding the processing of your personal data by these third-party services. Any information request regarding the use or disclosure of such personal data by these third parties should be directed to the respective third party.
2. Method of Collection
We collect personal data of users in the following manner:
Collection through Website or mobile devices with the prior consent of the users
3. Use and Disclose of Information
Your information is collected for our legitimate business purposes, including to effectuate, monitor, evaluate, and improve our business relationship with you. We use, store, and process the information we collect about you to, among other things, provide, understand, improve, and develop our Site and Services; communicate with you; fulfill your requests; facilitate our engagement with you; and comply with our legal obligations. As such, we may use and/or disclose your Personal Information that we collect in connection with this Site or any Services as follows:
(1) With Your Consent. Where you have provided consent, we may use and disclose your Personal Information as described at the time of consent.
(2) Our Business Purposes. We may use your Personal Information for our business purposes, such as to (a) provide products, services, and information you request including through our affiliates; (b) communicate updates, promotions, or news about us, including our products, services, or events, through email, direct mail, or otherwise; (c) engage in market research; (d) maintain or administer the Services, perform business and/or for other internal purposes to improve the quality of our business, the Services, and other products and services we offer and to better understand how visitors are interacting with the Services; (e) protect our company, our customers, and/or the Services; (f) prepare government reports; (g) process employment applications and inquiries; (h) customize and personalize your use of the Site or the Services; (i) market our products and services, (j) monitor and conduct reviews of our products and services, (k) help us improve our current products or develop new products, (l) collect demographic and geographic information about the users of the Site and our products, (m) communicate administrative or legislative related information, (n) respond to your requests; (o) respond to reports you make of a possible side effect associated with one of our products, monitor the safety of our products, and engage in adverse event reporting; and (p) as otherwise described to you at the point of collection.
(3) Third-Party Providers. We use a variety of third-party service providers to help us provide services related to the Site, the Services, and our business. Such service providers may include, without limitation, (a) our professional advisors, auditors, and business partners, (b) our vendors that host the Site, manage databases, perform analyses or data analytics, process payments, provide technical or customer support, or send communications for us; and (c) companies with which we have promotional, marketing, advertising, or other commercial relationships, including financial institutions and companies that perform fulfillment and/or delivery services. These service providers may be located inside or outside of the Republic of Korea, U.S. or E.U.. In each case, we take reasonable precautions to help protect your Personal Information from unauthorized use or disclosure. For example, we may enter into written agreements that commit such service providers to keep your information confidential and to use appropriate security measures with respect to such information. In addition, these service providers’ access to your Personal Information is limited to that necessary or advisable to perform tasks on our behalf.
(4) Business Transactions. We may transfer any information collected, including Personal Information, in the event of (a) a sale, assignment, or other transfer of ownership or control of all or any portion of our business to which such information relates; (b) other business transactions involving STCLab, such as an internal restructuring, buying or selling subsidiaries, or engaging in joint ventures with third parties; and (c) a bankruptcy or similar event involving STCLab provided, however, that in each such case we will use reasonable efforts to notify you before your Personal Information becomes subject to a different privacy policy. We may also use your Personal Information to perform a contract to which you are a party.
(5) Compliance With Law Or Regulatory Action Or Requests. We may disclose your information, including Personal Information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary to: (a) comply with applicable law, regulation, or guidance; (b) comply with legal process and/or to respond to claims asserted against us; (c) respond to requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability; (d) protect the rights, property, and/or personal safety STCLab, its employees, or members of the public; and/or (e) comply with or respond to an investigation or request for information or cooperation by a regulatory, governmental, or other entity, whether or not legally required. Where appropriate, we may notify you about legal requests unless providing such notice is prohibited by the legal process itself, by court order, or by applicable law, or we believe that providing such notice would be futile, ineffective, create a risk of injury or other harm to an individual or group, or create or increase a risk of liability upon STCLab.
(6) Subsidiaries and Affiliates. We may disclose your information to our subsidiaries and other affiliates for a variety of reasons, including for business, operational, and marketing purposes.
(7) Aggregated Information. We may share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
(8) We will not sell, rent, or lease your Personal Information to any third party unless disclosed to you at the time of your submission of such information.
4. User Rights
In addition to the rights set forth elsewhere in this Privacy Policy, you may be entitled to some or all of the rights identified below.
(1) Managing Content. You have the right to subscribe or unsubscribe to content from the Company by contacting us using one of the methods set out in the "Contact Us" section at the end of this Privacy Policy.
(2) Objection to receiving marketing emails. You may refuse of receiving marketing and promotional emails from us by following the opt-out procedure described in each email we send or by contacting us using one of the methods set out in the "Contact Us" section at the end of this Privacy Policy. However, even if you object to receiving marketing and promotional emails, we may continue to email you for administrative or informational purposes, including follow-up messages regarding any content you have submitted to a Site or in connection with any Services.
(3) Withdrawing Consent. When you have provided your consent to our processing of your Personal Information, you may withdraw your consent at any time by sending a communication to the Company (using one of the methods set out in the "Contact Us" section at the end of this Privacy Policy) specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
(4) Data Access; Copies; Transfer; Correction. Applicable law may entitle you to request the following with respect to Personal Information that we hold about you: (a) that we provide you with access to such Personal Information; (b) that we provide you with copies of such Personal Information in a structured, commonly used, and machine-readable format and/or request that we transmit this information to another service provider (where technically feasible); and/or (c) that we correct inaccurate or incomplete Personal Information about you.
(5) Restriction Of Processing. Applicable law may give you the right to limit the ways in which we use your Personal Information, in particular where (a) you contest the accuracy of your Personal Information; (b) the processing of your Personal Information is unlawful and you oppose the erasure of such information; (c) we no longer need your Personal Information for the purposes of the processing, but you require the information for the establishment, exercise, or defense of legal claims; or (d) you have objected to the processing and a determination of whether our legitimate grounds override your own is pending.
(6) Objection To Processing. Applicable law may entitle you to require us not to process your Personal Information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing, we will no longer process your Personal Information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise, or defense of legal claims. Where your Personal Information is processed for direct marketing purposes, you may, at any time, ask us to cease processing your data for these direct marketing purposes.
(7) Erasure. If you no longer want us to use your information, you can request that we erase your Personal Information. Please note that if you request the erasure of your Personal Information: (a) we may retain some of your Personal Information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety; (b) we may retain and use your Personal Information to the extent necessary to comply with our legal obligations; (c) some copies of your Personal Information (such as log records) may remain in our database, but are disassociated from personal identifiers; and (d) residual copies of your Personal Information may not be removed from our backup systems for a limited period of time.
(8) Lodging Complaints. You have the right to lodge complaints about the data processing activities carried out by us before the applicable data protection authorities.
5. User Obligations
In addition to the obligations set forth elsewhere in this Privacy Policy, you must comply with the obligations identified below. We cannot and will not be responsible for any liability or other problems that may arise from your failure to comply with these requirements.
(1) Complete, Current, Truthful, and Accurate Information. It is your responsibility to provide complete, current, truthful, and accurate information. It is also your responsibility to contact us as described at the end of this Privacy Policy to update or correct your Personal Information whenever necessary. If you submit any personal data relating to other people, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
(2) Use of and Access to Services. You, not STCLab, are solely responsible and liable for your activity, behavior, use, and conduct on the Site and in connection with any Services. Any submission of information by you does not guarantee that we will permit you to access and/or use any or all of the features or functions of the Site or any Services.
(3) Confidentiality; Reporting. You are responsible for maintaining the confidentiality of any account usernames and/or passwords you may have that are associated with the Site or the Services and for any access to or use of the Services using such account usernames and/or passwords, whether or not authorized by you. You must notify us immediately of any unauthorized use of such account usernames and/or passwords or any other breach of security.
6. Data Security
We maintain reasonable technical, physical, administrative, and procedural security precautions to help protect against loss, misuse, unauthorized access, disclosure, alteration, interception, or destruction of the information you provide to us. Please note, however, that no such precautions are 100% effective. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us, and we are not responsible for the theft, destruction, interception, or inadvertent disclosure of your Personal Information. Therefore, any transmission of Personal Information is at your own risk.
We do not and will not send you emails asking you to provide or confirm personal information. A technique known as "phishing" attempts to steal personal identity data and financial account credentials from consumers. "Phishers" use "spoofed" emails to lead consumers to sham websites which trick recipients into divulging personal information including credit card numbers, account usernames, passwords, and social security numbers. If you receive such an email communication purporting to be from the Site or in connection with any Services, please forward it immediately to to_jaein@stclab.com and then delete it from your computer.
We reserve the right to deny to any user access and/or use privileges, including without limitation use of any services, features, or functions of one of our sites, if there is a question regarding the identity of the person accessing or attempting to access any services, features, or functions.
7. Retention of Personal Information
We generally retain your personal information for as long as necessary for our legitimate business interests or to comply with legal obligations. If you no longer want us to use your information, you may request that it be erased. Please see "3. User Rights" section (7) above for more detail about such erasure. If you would like to find out how long we keep your personal information for a particular purpose you can contact us at to_jaein@stclab.com
8. User Generated Content
From time to time on certain areas of the Site or Services you may be able to submit written posts and certain other materials (collectively, "User Content"). Any User Content that you submit to or for use on the Site or in connection with any Services may become public information. You should exercise caution if any such User Content includes information about yourself or others, including any Personal Information. We are not responsible for the results of such submissions and cannot prevent such information from being used by third parties in a manner that may violate this Privacy Policy, the law, or your personal privacy and safety. By submitting any such User Content, you signify your acceptance of, and agreement to follow and be bound by, this Privacy Policy and the Terms and Conditions https://stclab.com/terms
9. Social Networking Services
You may be able to link an account from a social networking service (such as Facebook, Google+, or LinkedIn) to an account through our Services. This may allow you to use your credentials from the other site or service to sign in to certain features on our Services. If you link your account from a third-party site or service, these social networking services may be able to collect information about you, including your activity on our Services.
We also may work with certain third-party social media providers to offer you their social networking services through our Services. For example, you may be able to use third-party social networking services, including but not limited to Facebook, Twitter, and others to share information about your experience on our Services with your friends and followers on those social networking services. These social networking services may be able to collect information about you, including your activity on our Services. These third-party social networking services also may notify your friends, both on our Services and on the social networking services themselves, that you are a user of our Services or about your use of our Services, in accordance with applicable law and their own privacy policies. If you choose to access or make use of third-party social networking services, we may receive information about you that you have made available to those social networking services, including information about your contacts on those social networking services.
10. Children’s Privacy
STCLab respects the privacy of children. We do not knowingly collect, use, or disclose Personal Information from children under the age of 13. If you believe that we have received any such Personal Information, please contact us using one of the methods set out in the "Contact Us" section at the end of this Privacy Policy.
11. Links To Third Party Sites
This Site and any Services may provide links to other websites on the Internet that are operated and maintained by third parties. These websites operate independently from STCLab and are not under our control or responsibility. In addition, you may be required to download certain programs, products, or services from such third parties, including without limitation in order to access coupons to certain STCLab products or services. The existence of such links to other websites does not constitute an endorsement by STCLab of those other websites, the content displayed therein, the programs, products, or services thereon, or the persons or entities associated therewith. When you visit any such third-party websites, you will exit our Site and not be using the Services, and STCLab accepts no responsibility or liability with respect to any such website or any other website that is not under our control. We encourage you to review the privacy policies and terms of use of those third-party websites. You accept sole responsibility for and assume all risk arising from your use of any such websites.
12. California Privacy Policy
For California residents please click here.
https://cloud.stclab.com/cppa
13. General Data Protection Policy
For the purpose of data protection of its users, we maintain a record of processing activities (Article 30 of GDPR), designates STCLab to operate its business in accordance with GDPR (Article 37), implements Data Protection Impact Assessment (DPIA) under the supervision of the DPO and trains its employees for data protection (Article 39).
We formulates legal framework to process personal data including sensitive data (Articles 6 and 9) and has the explicit consent of the data subject to the processing of his or her personal data (Article 7). It has the explicit consent of a data subject in case of automated individual decision-making, including profiling (Article 22), and has the consent of the holder of parental responsibility over a child for the child’s data processing, in which case it makes reasonable efforts to verify if such consent is given or authorized by the lawful person, taking into consideration available technology (Article 8). Additionally, in case of transfer of personal data to third countries, the company has the explicit consent of a data subject (Article 49).
We allows a data subject to exercise his or her rights guaranteed by GDPR as follows: the right to receipt of his or her data (Articles 13 and 14), the right to access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to data portability (Article 20), the right to object (Article 21) and the right not to be subject to an automated individual decision-making, including profiling (Article 22).
We are in compliance with the obligations of data protection by design and by default (Article 25) and implements technical and operational measures reasonably necessary to prevent the data from leakage and breach (Article 32). It notifies a personal data breach to the supervisory authority within 72 hours after having become aware of it (Article 33) and communicates a personal data breach to a data subject without undue delay if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons (Article 34).
We may transfer users’ personal data to companies located in other countries or other companies for any purpose specified in this Policy. It will take reasonable measures to the companies where the personal data is transmitted, retained or processed in order to protect the data.
In particular, We transfers all personal data provided by the users or automatically collected by the Company to a server (Microsoft Azure) located in the United States and re-transfers it to the Republic of Korea. The United States and the Republic of Korea have not received an adequacy decision from the European Commission, and the laws of the United States and the Republic of Korea do not stipulate all the rights of data subjects and principles of data processing as defined by the GDPR. However, We fully complies to the GDPR through this Privacy Policy, and users are entitled to all protections based on the GDPR.
Based on the above notice, the Company may transfer users’ personal data to the United States and the Republic of Korea after obtaining explicit consent for transfer of personal data to third countries (Article 49 Paragraph 1 (a)).
14. Global Operations
The Site is controlled and operated by us from the Republic of Korea (South Korea). If you are visiting this Site from a country other than the Republic of Korea (South Korea), your Personal Information collected on this Site will be transferred outside of your country. This Site is designed to comply with the laws, rules, and regulations of the the Republic of Korea(South Korea) and is not intended to subject us to the laws, rules, or regulations of any jurisdiction other than the the Republic of Korea(South Korea).
Nevertheless, to facilitate our global operations, Personal Information that we collect may be transferred, stored, and/or processed between and accessed from other jurisdictions throughout the world. Laws in these other jurisdictions may differ from, and may not provide an equivalent level of data privacy, security, and protection as, the applicable laws in your country. However, we will handle your Personal Information in accordance with this Privacy Policy and applicable law regardless of where we transfer, store, process, or access such information.
15. Notification Of Changes
STCLab reserves the right to change or modify this Privacy Policy at any time in its sole discretion by updating this policy without advance notice to you. Such changes or modifications shall be effective immediately upon being posted on the Site. You agree that we may notify you of material changes to this Privacy Policy by indicating the date of the most recent update at the top of the Privacy Policy, and that you will check the Site regularly for updates. Continuing to access and/or use the Services after we post a revised Privacy Policy constitutes your acceptance of those revisions and all terms of the then effective Privacy Policy.
16. Contact Us
If you have any questions, requests, or concerns related to this Privacy Policy or would like to exercise any of the rights described herein, you may contact us by emailing us at to_jaein@stclab.com or by writing to us at the following address:
Office of the Chief Privacy Officer
Kim Ha Dong
- 2nd floor, CampG, 5, Bongeunsa-ro 37-gil, Gangnam-gu, Seoul, Republic of Korea
- +82-2-3453-1424 support@stclab.com