STCLab Privacy policy
STCLab (hereinafter referred to as "the Company") complies with the Personal Information Protection Act and related laws and regulations to protect the freedom and rights of data subjects. The Company handles and manages personal information lawfully and securely. In accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following personal information processing policy to inform data subjects of the procedures and standards for processing personal information, as well as to handle any related grievances promptly and smoothly.
Article 1 (Purpose of Personal Information Processing, Items Collected, Retention and Use Period)
The Company handles the personal information of data subjects as follows.
| Purpose of collection | Required | Optional | Retention and usage period |
|---|---|---|---|
| Confirmation of membership, service registration/change/cancellation, delivery of announcements, operation of member participation spaces, member surveys, provision of personalized services, provision and notification of advertising information and affiliate services, confirmation of product delivery addresses and contact information, sending of member anniversary celebration messages, and sending of publications. | Name, email address, company name, encrypted password | Contact | Until membership withdrawal |
| Service usage statistics analysis (age, region, gender, usage history, usage frequency), prevention of fraudulent use by bad members, login allowed from designated IP addresses | Cookies, service usage records (date and time of visit, improper usage records, etc.), device information (unique device identification value, OS version, etc.) | IP address | Until membership withdrawal |
| Customer consultation/complaint handling, dispute mediation, member participation space management, member surveys | Consultation Details | Name, email | Up to three years in accordance with laws related to consumer protection in e-commerce, etc. |
| Providing personalized services | Service usage status (date of subscription, period of use, services used) | Until membership withdrawal | |
| Settlement of purchase payments | Payment-related records (products, amounts) | Delivery address (detailed address, region) | Records related to payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.) |
| Refund settlement | Account information (bank name, account holder name, account number) | Records related to payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.) |
Article 2 (Matters concerning the processing of personal information of children under the age of 14)
The Company does not process personal information of children under the age of 14.
Article 3 (Provision of Personal Information to Third Parties)
The Company processes the personal information of information subjects only within the scope specified in the purpose of processing personal information, and provides personal information to third parties only in cases specified in Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the information subject or when specifically stipulated by law. In all other cases, the Company does not provide the personal information of information subjects to third parties.
Article 4 (Matters Related to the Installation, Operation, and Refusal of Automatic Collection Devices for Personal Information)
1. Cookies are strings of information (text files) sent by a web server to a web browser, stored there, and then sent back to the server when the server makes an additional request. They are stored on the member's computer hard drive.
2. The Company installs and operates cookies that store and retrieve member information through Internet services.
3. The information collected by the Company through cookies is limited to the member's unique number, and no other information is collected. The member's unique number collected through cookies may be used for the following purposes.
① Providing customized services based on individual interests
② Analyze the frequency of access and time spent on the site by members and non-members to identify user preferences and areas of interest for use in targeted marketing.
③ Track service usage history and use analysis results as a benchmark for service improvements, etc.
4. Members have the option to choose whether to install cookies, and members can set options in their web browsers to allow all cookies, confirm each time a cookie is stored, or refuse to store all cookies. However, if you refuse to install cookies, you may experience difficulties in providing services.
Article 5 (Consignment of Personal Information Processing)
The Company entrusts the following personal information processing tasks to ensure smooth handling of personal information.
| Consignee (trustee) | outsourced work |
|---|---|
| Salesforce, Inc | CRM system operation, maintenance, and customer consultation history management, integrated customer data management for customized services and advertising information provision |
| Amazon Web Service | Data storage and computer system operation and management |
Article 6 (Possibility of Disclosure of Sensitive Information and Method of Choosing Non-Disclosure)
If the company determines that there is a risk of privacy infringement due to the disclosure of sensitive information of information subjects in the process of providing goods or services, it will post information on the possibility of disclosure of sensitive information and methods for choosing non-disclosure on its website before providing goods or services, so that information subjects can easily check the information.
Article 7 (Transfer of Personal Information Outside the Country)
The company does not transfer personal information processing operations overseas.
Article 8 (Procedures and Methods for Disposing of Personal Information)
1. The Company shall destroy personal information without delay when it is no longer necessary due to the expiration of the personal information retention period or the achievement of the purpose of processing.
2. If the period of retention of personal information for which consent has been obtained from the information subject has expired or the purpose of processing has been achieved, but personal information must continue to be retained in accordance with other laws and regulations, such personal information shall be transferred to a separate database (DB) or stored in a different location for retention.
3. The procedure and method for destroying personal information are as follows.
- ① Disposal procedure
- The Company shall select personal information for which grounds for destruction have arisen and destroy such personal information with the approval of the Company's personal information protection officer.
- ② Method of disposal
- The Company destroys personal information recorded and stored in electronic file format so that it cannot be reproduced, and personal information recorded and stored on paper documents is destroyed by shredding or incineration.
Article 9 (Rights, Obligations, and Methods of Exercise of Information Subjects and Legal Representatives)
1. Information subjects may exercise their rights to view, correct, delete, or suspend the processing of their personal information at any time.
2. You may exercise your rights by sending a written request, email, or fax to the Company in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act. The Company will take immediate action in response to such requests.
3. Rights may also be exercised through a legal representative or other authorized representative of the data subject. In this case, a power of attorney form in accordance with Appendix 11 of the “Notice on Personal Information Processing Methods (No. 2023-12)” must be submitted.
4. Requests for access to and suspension of processing of personal information may be restricted in accordance with Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act. The rights of the information subject may be restricted.
5. Requests for correction or deletion of personal information cannot be made if the personal information is specified as subject to collection in other laws and regulations. Requests for deletion cannot be made.
6. When a data subject requests access, correction, deletion, or suspension of processing in accordance with their rights, the Company shall verify that the person making the request is the data subject themselves or their legitimate representative.
Article 10 (Measures to Ensure the Security of Personal Information)
The Company takes the following measures to ensure the security of personal information.
1. Administrative measures: Establishment and implementation of internal management plans, operation of dedicated organizations, regular employee training, etc.
2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and updating of security programs. Installation and updating of security programs.
3. Physical measures: Access control to computer rooms, data storage rooms, etc.
Article 11 (Personal Information Protection Officer, etc.)
1. The Company is responsible for overseeing the handling of personal information and has designated the following personal information protection officer to handle complaints from information subjects and provide relief for damages related to the handling of personal information.
Privacy Officer
- Position : Chief Information Security Officer
- Name : Kim Ha-dong
- Contact : henry@stclab.com
2. Information subjects may request access to their personal information from the relevant personal information processor in accordance with Article 35 of the Personal Information Protection Act. The Company will respond to and process inquiries from information subjects without delay.
Article 12 (Means of Remedy for Violation of Rights)
1. Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Resolution Committee, Korea Internet & Security Agency, Personal Information Infringement Reporting Center, etc. to receive relief for personal information infringement. For other reports or consultations regarding personal information infringement, please contact the following institutions.
- Personal Information Dispute Resolution Committee : (without area code) 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Reporting Center : (without area code) 118 (privacy.kisa.or.kr)
- Cybercrime Investigation Unit, Supreme Prosecutors' Office : (without area code) 1301 (www.spo.go.kr)
- Cyber Security Bureau, National Police Agency : (without area code) 182 (ecrm.cyber.go.kr)
2. Any person whose rights or interests have been infringed upon by a decision or omission made by the head of a public institution in response to a request made pursuant to the provisions of Article 35 (Access to Personal Information), Article 36 (Correction or Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may file an administrative appeal in accordance with the provisions of the Administrative Appeal Act.
- Central Administrative Appeals Tribunal : (without area code) 110 (www.simpan.go.kr)
Article 13 (Changes to the Privacy Policy)
1. This privacy policy will take effect on August 1, 2025.
2. The previous privacy policy can be found below.