Polaris Office Corp. (hereinafter "Company") always makes its best efforts to protect the personal information of its users as it considers the protection of personal information saved under Polaris Office Service (hereinafter "Service") is significant. This privacy policy is effective as of May 02, 2024, and it stipulates what personal information about its members the Service collects, why the information is collected, how the information is used, and explains how the content of members is processed.
1. Personal Information Collection Items and Collection Measures
The company collects and saves the following information to provide a better service to the users.
A. Information provided by users. 1. The following information is collected as it is required upon sign-up and purchasing a product.① Sign-up - Required: email address, and password - Optional: name ② Personal lifetime use - Required: name, email address, and password - Optional: phone number, and visitor's path ③ Company subscription type - Required: name, email address, password, company name, and number of users ④ Company lifetime use - Required: name, email address, company name, business registration number, and password - Optional: phone number 2. When a user contacts customer support for inquiries, the following information is collected. ① For inquiries from the web page * Personal inquiries - Required: email address, device, and OS version - Optional: personal information included in inquiries/answers
* Company inquiries - Required: email address, device, and OS version - Optional: phone number, personal information included in inquiries/answers
② For wired inquiries - Required: phone number, and email address - Optional: personal information included in inquiries/answers
3. The following information is collected as it is required for a newsletter subscription. ① Polaletter subscription - Required: email address, name, company, and team
4. The following information is collected as it is required for events and occasions. ① Event participation - Required (contactless voucher inquiry): company name, manager name, email address, and mobile phone number ② Download product brochure - Required: name, company name, contact number, and email address ③ Member analysis and target advertisement - Optional: year of birth, gender, and occupation
B. Information collected during use of service ① Device information User's device (mobile, PC) information, OS type and version. Basic information of usage quantity such as browser type, usage history, IP address, cookies, access token, session ID, country, language, route of entry, program installation, and operation of major functions is collected. ② Content information Files and their content in the user storage of Polaris Office service, and AI conversational service inputs are collected. This is intended for the purpose of providing the service selected by the user. The collected information will not be used for any other services or other users, and it will not be provided to any third parties. >③ Payment information Basic information of usage quantity such as browser type, usage history, IP address, cookies, country, language, program installation, and operation of major functions is collected. Also, to deduct the credits for using the AI service, the type of AI service used, and the length of AI input and output texts are collected. Transaction information required during the payment process for paid Service, such as credit card information, billing address, country, currency unit, and other related information, might be collected. ④ Contact information If the user allows the Service to access to their contact information, the Service saves the contact information in the server for users to use it in the future. Contact information is only used under the purpose of sharing files, sending emails, or inviting others to the Service. ⑤ Third-party partner account information If the user allows the Service to access to the personal information in the user's account of Google, Facebook, or any other service provider, the Service stores such information in the Service server for users to use it in the future. ⑥ Mobile phone number (when using partner's service) Only if it is necessary to they are the users of Orange AMEA, Orange DMFI and Orange UApro or other partner's service, their mobile phone number is collected. This information is used to confirm that they are the user of partner's service and it is not stored in the service or provided to a third party other than the partner.When using document view service via Polaris Office HWP from User Files via third-party services, such as Dropbox and Google Drive, you do not have to create a User Account with us or provide your login credentials for the third-party service or application. Rather, we will let you access our services with an authorization token (aka “OAuth token”) from the third-party service provider confirming that you are a valid user of their service. A. collected during use of document view service via third-party services, such as Dropbox and Google Drive ① Device information and Automatically Captured Information We automatically collect information sent to us by your operating device when you use our Services. The information sent to us may include your IP address, data about the pages you access, mobile network information, search history, and a time-stamp. Through the content of our undeleted cookies, we may also collect information regarding the devices connected to your computer, software installed upon, and referring website addresses.. ② Contents information(Files which are Uploaded) We DO NOT upload your file to our web server for document viewing service.Generally A document is locally handled on your browser. A file will be uploaded to our web server only if you use 'Share' feature after direct access to Web HWP, Web Sheet, and Web Slide. Shared files will be stored in our server for 14 days.
2. Objectives of Personal Information Collection and its Legal Basis
The company processes the user's personal information based on the following legal backgrounds.
A. Consent by the data subject The company may provide product offer or marketing information to users who agree to such provisions. Such information can be referred to for delivering event information or posting ads. User may opt to deny reception of such information in the service/event notification option in the account setup of service.
B. Contract execution The company can process the necessary personal information for contract execution with the user. ① Request confirmation of user confirmation intention and create a new account. ② Utilize to identify authorized users and prevent from a dishonest use by illegal users and unauthorized utilization. ③ Utilize to provide a promised service to the users and settle fares if the users purchase or use the charged services. ④ When a user shares documents, or has documents shared with them in an individual or group capacity, account information including, but not limited to, nickname, email, or Polaris Office profile picture will be shown to all users involved in that sharing instance. ⑤ Utilize to provide various services to users and disseminate a notification after dealing with matters of inquiry and processing complaints requested during experience of the services. ⑥ Uses it to confirm that it is the valid user for the partner's service in case that there exists some special issues due to partnerships in a specific device in use or a specific route of access.
C. Legal profits of the company The company can process the necessary personal information for lawful profits of the company. ① The company uses personal information to create statistics by analyzing patterns, frequency of access, and use of service for a reference including provision of customized services and development of new services. ② When providing free service, the company has the right to post various ads related to service of the partner company or the company on the service screen.
3. Retention and Use Period of Personal Information
The Company uses personal information in a limited capacity while providing the Service. The personal information will be destroyed without delay in the following situations. ① When a user withdraws one's membership ② When a user withdraws consent to the collection and use of personal information ③ When the purpose of collection and use of personal information is accomplished
Also, according to the internal policy, the company destroys documents in the drive of a user who has not used the service for one year or longer.
The personal information that must be stored for a certain time period in accordance with the related laws and the titles of the related laws are as below. ① Act on the Consumer Protection in Electronic Commerce - Records on contracts or revocation of subscriptions: 5 years - Record related to supply including price settlement and goods: 5 years - Record related to consumer complaints and dispute settlement: 3 years ② Electronic Financial Transaction Act - Electronic financial record: 5 years ③ Protection of Communications Secrets Act - Login record: 3 months
4. Personal Information Disposal Procedures and Measures
The procedures and measures for destruction of personal information are as below. A. Destruction procedures Once the intended purpose of collection and use is achieved, a user's personal information is stored separately for a certain time period as per the Company's internal policy and other relevant laws, and then is destroyed.
B. Destruction measures The personal information printed on paper can be destroyed by shredding or incineration, and those in the electrical format can be deleted by using a technical measure that prevents restoration of data.
5. User's Rights
Every user has the following rights (legal guardian for a child below the age of 14)
The data subject, at any time, may exercise one's rights by requesting the company allow the user to view, correct, delete, or suspend process of personal information. In accordance with Article 41-1 of the Enforcement Decree of the Personal Information Protection Act, users can exercise their rights in writing, e-mail, or fax, and the company will take action without delay.
A. Rights to receive information The company will notify the user of legal issues and obtain consent before processing the personal information. The overall aspects of the personal information processing can be immediately checked on this privacy policy.
B. Rights to view and correct A user can view or correct their personal information through 『account setting』.
C. Rights to delete and revoke consents ① A user can delete their personal information in 『account setting』 anytime or revoke consent on the personal information collection and use. ② A user can use the membership withdrawal menu in 『account setting』 to withdraw their membership. Once the membership is withdrawn, the personal information is processed according to "3. Retention Period and Destruction of Personal Information."
D. Right to suspend processing A member may request suspension of processing one's own personal information.
E. Rights to transfer data A user can download their own data in 『data saving and transfer』 and transfer it to other service provider.
F. Rights to object A user has the right to object against direct marketing and can set rejection of marketing email receiving in 『account setting』.
G. Rights to raise complaints to the privacy supervision authority in relation to personal data processing if they reside in EU countries.
6. Provision of Personal Information to Third Parties
The company supplies the personal information to a third party in the following cases of exceptions.
A. Agreement made by the users in advance When the personal data is provided for a third party, the company requests explicit and individual agreements after notifying a person who receives personal information, purpose, items, possession, and period of use in advance.
Provision of personal information to third parties ① Name of the party receiving the information: DECOMPANY GLOBAL, INC. PTE. LTD. ② Personal information items shared: [Required] email address, name, user identifier (if available) ③ Purpose of provision: To sign in with a Polaris Office account to use Polaris Share services, and/or to enter personal information to sign up for Polaris Share ④ Retetion period or use of personal information by the third party: Until membership withdrawal or service termination
B. In case that the relevant laws have special provisions for it.
7. Commissioned Processing of Personal Information
The Company consigns tasks of processing personal information to outsourced companies as below to improve the quality of Service. The Company regulates necessary conditions to manage personal information safely in accordance with the legislations regarding the management of personal information once the Company signed for a contract of consignment. The agencies and the tasks for consignment regarding personal information are as follows, and the personal information is retained and used until the contract of consignment expires. If there are any changes to the consigned tasks or the consignees, it will be open to you on this privacy policy without delay.
① Paygate Co., KG Inicis Co., and Tosspay Co.: payment intermediary Service ② Amazon Web Services, Inc: provides the Public Cloud Service for storing customer's personal information and content. ③ MegazoneCloud Corp.: DBMS troubleshoot and management service ④ MegazoneCloud Corp., Zendesk, Inc. : Service to use the Zendesk for handling customer inquiries ⑤ Stibee: sending Polaletter ⑥ OpenAI OpCo, LLC: AI document analysis service (AskDoc), AI conversational service
8. Child's Personal Information
The service is not intended for a child below 14 years old. If the company finds out that the personal information of a child below 14 years old is collected or if the legal guardian requests membership withdrawal(cancellation) of that child, then the company will immediately try to delete it.
9. Installation/Employment of Automated Personal Information Collection Equipment and Refusal
The company uses 'Cookie' which saves and brings out user information in order to provide personalized and customized services.
A. What is a cookie? Cookie are diminutive text files - sending to user browser from the servers operated by the websites - saved in the computer’s hard-disk. So, if the users visit websites, the websites' servers read cookie data saved in users' hard-disks to maintain users' environment settings and provide customized services. The users can always deletes or denies to save cookie since the cookie does not collect information which identify individuals automatically nor actively.
B. Purpose of using Cookie The company supports a faster Web environment for users by saving settings preferred by users via cookies and uses them for service improvements for increased convenience. Because of this incident, the users are able to use the service easily. In addition, cookies allow the company to provide a personal customized service, including advertisements, by understanding the users' website visits, patterns, and interests.
C. Installation/employment of Cookie and denial A user has the right to select cookie installation. Thus, a user can set the option on the web browser to allow every cookie or, perform confirmation each time a cookie is saved or reject saving of any cookie. But if they reject saving of any cookie, then the web use will become difficult and some of service requiring a log in may be unavailable.
D. Following directions will give a guidance to designate allowance of Cookie installation. ① Internet Explorer: Tool Menu on upper side of web-browser > Internet Option > Personal Information > Setting ② Chrome: Selection Menu on right side of web-browser > Selection of Extended Setting on bottom of screen (wording may differ) > Personal Information Contents Selection Button > Cookie
10. Issues Related to Personal Information Transfer to Abroad
A. The personal information collected by the company is processed or saved within the following districts and processed only for the goals specified in the privacy policy. ① Location of main office, affiliates and IT server: Korea ② Location of consignment company (Public Cloud Service supply): USA ③ Location of consignment company(Using Zendesk program for Customer Support) : Japan
B. The following EU user's personal information is transferred out of EU. ① Personal service: email address, password, device model name, name ② Company service: Name, email address, password, company name, country, telephone number, device model
C. In case that the company transfer the user's personal information out of EU, then the personal information is protected and the EU's general personal data protection regulation(GDPR) is complied with on the following basis. ① Designate the data recipient certified in the privacy shield framework between EU and USA and Swiss and USA. For efficient and safe data management, the company uses a company with privacy shield certifications to store the customer's personal information and data.
② Contract execution with the data subject The company provide service in Korea where the main office is located, and operates no branch in EU. Thus, transfer of personal information to Korea is unavoidable for service, and if you do not accept it, no service will be provided for you. The company is certified with the international standard of personal information(ISO/IEC 27001) and the company is safely managing the customer's personal information and contents according to the information protection management system based on it. This service consigns tasks of outsourcing of personal information to overseas companies as below for safekeeping.The consigned company does not have access to the customer's personal information.Also, the stored personal information is managed or deleted according to the provisions stipulated in "3. Retention and Use Period of Personal Information." and "4. Personal Information Disposal Procedures and Measures"
1. Consignee: Amazon Web Services, Inc. 2. Contacts: safeharbor@amazon.com 3. Purpose of transfer: data backup (storage) in-between countries for safe user data protection in case of emergencies such as disasters and catastrophes 4. Personal information transferred: ① Personal service: email, password, device model name, name, year of birth, gender, and occupation ② Company service: name, email address, password, company name, country, phone number, and device model 5. Country to transfer: U.S.A. 6. Time of transfer and its method: transmission via the network when using the service 7. Use Period of Personal Information: until a member withdraws one's membership or the consignment contract expires * The information will be transferred to provide the service, and therefore, you may not use the service if you deny the transfer. If you do not agree to the transfer, please withdraw your membership or contact the customer support.
1. Consignee: Zendesk, Inc. 2. Contacts: privacy@zendesk.com 3. Purpose of transfer: data transmission to handle customer inquiries such as consumer complaints or legal disputes 4. Personal information transferred: email address, device and OS version, ID or name, phone number, mobile phone number, company name, information included in inquiries/answers, and phone conversation transcripts 5. Country to transfer: Japan 6. Time of transfer and its method: transmission via the network when using the customer support service 7. Use Period of Personal Information: Three years * The information will be transferred to provide the service, and therefore, you may not make your inquiry if you deny the transfer. If you do not agree to the transfer, please call the customer support.
1. Consignee: OpenAI OpCo, LLC 2. Contacts: privacy@openai.com 3. Purpose of transfer: to use AI document analysis service (AskDoc), and AI conversational service 4. Personal information transferred: AskDoc documents to analyze, and inputs entered in the conversational service 5. Country to transfer: U.S.A. 6. Time of transfer and its method: transmission via API when using AskDoc document analysis and AI conversational service 7. Use Period of Personal Information: The information will be stored temporarily in the memory as API for ZDR (Zero Data Retention) is used, but it can be stored up to 30 days to detect any abuses. * You may refuse the transfer if you do not use the Service (AskDoc document analysis, conversational service), but you may not use the Service (AskDoc document analysis, conversational service) if you deny the transfer as the information is transferred to provide the Service.
11. Your California Privacy Rights
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or "CCPA."
California consumers may make a request pursuant to their rights under the CCPA by contacting us at support@polarisoffice.com. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf."
Right to Know You have the right to request that we disclose what personal information we collect, use, disclose, and "sell".
For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the '1. Personal Information Collection Items and Collection Measures' section above.
We collect this information for the business and commercial purposes described in the '2. Objectives of Personal Information Collection and its Legal Basis' section above.
In line with our Privacy Policy, we do not knowingly collect the personal information of minors under 13 years of age.
Right to Delete You have the right to request that Company deletes the personal information we currently hold about you. For more details about the right to delete, please see the '5. User's Rights> C. Rights to delete and revoke consents' section above.
Right to Opt-Out of 'Sales' of Personal Information If you are a California resident, the CCPA allows you to request that Company no longer “sells” your personal information. We do not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out).
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA
12. Customer Service for Privacy Inquiries
If you have any questions or inquiries about privacy issues, contact us using the information below. ▶ Chief Privacy Officer - Name: Miles Haeseok Lee (DPO) - Department: Business Headquarters - Email: support@polarisoffice.com
▶ Privacy management and handling department - Department: Customer Support - Email: support@polarisoffice.com
Please do not hesitate to contact us should you have any concerns or questions regarding privacy issues. The Company will endeavor to provide solutions to any claims, concerns, or questions from users.
13. Privacy Policy Changes
To reflect the changes in the service or the laws, the company can modify its privacy policy, In case of addition, deletion or modification in the current privacy policy, the company will post the reason and details on the web site or emails if necessary.
14. Security
The company devotes its effort to protect information from illegal access, change, exposure, or deletion for the service users. The passwords are mandated to access user data for the service, and sensitive data (credit card information etc.) inputted to pay a charged service will be encrypted by SSL. Nevertheless, it is not guaranteed that the information sent to others by your choice is completely safe because wired and wireless networks do not provide complete security. Accordingly, information being accessed, exposed, changed, or damaged is possible because physical, technical, or management safety devices may be attacked and destroyed.
- Posting date: May 02, 2024 - Enforcement date: May 02, 2024
Miscellaneous Provision The content of this Privacy Policy may vary per language as countries have different legal requirements. If there is any conflict between the Privacy Policy in different languages, the policy in the language of the country shall prevail, and if such a policy does not exist, the policy in English shall prevail. The Privacy Policy in Korean is applied to Korea exclusively.
