Article 1 [Purpose of collecting and processing personal information]

The company collects and processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following purposes, and if the purpose of use changes, a separate consent will be sought in accordance with Article 18 of the Personal Information Protection Act.

1. Membership registration and managementPersonal information is processed for the purpose of confirming customer subscription intention, identification by providing paid services, personal identification, prevention of illegal use and unauthorized use of defective customers, identification of legal representatives, record storage for dispute settlement, handling civil complaints such as customer complaints, and delivery of notices.
2. Payment settlement based on performance of information use contract and service provisionIt processes personal information for the purpose of personal authentication and payment of financial transactions, delivery of goods or bills, provision of services and contents, age authentication, rate collection, and settlement.
3. handling civil complaintsWe process personal information for the purpose of identification, confirmation of civil complaints, contact for fact-finding, notification, and notification of processing results.
4. Developing new services and using them for marketing/advertisingProcess personal information for the purpose of developing new services and providing customized services, providing services based on demographic characteristics and publishing advertisements, confirming the validity of services, identifying access frequency, or statistics on customer service use.
5. Performance report managementPersonal information is processed for the purpose of reporting the customer’s cargo transport performance data in accordance with the mandatory reporting items under Article 2 of the guidelines for implementing the cargo transport performance reporting system to the FPIS system.
6. Delivery of transportation tracking servicesPersonal location information is processed to provide real-time location tracking services for cargo transportation.
7. How to collect personal informationHow to collect personal information
   • A. Home page, written form, fax, phone, consultation bulletin board, e-mail, event application, delivery request
   • B. Provision from partner companies
   • C. Collection through generative information collection tools
8. Denial and restriction of consent to personal information
   1. Users who wish to join as members need consent to the consent of personal information and the provision of personal information to a third party, and if there is no consent to personal information, the subscription and use of this service will be restricted.
   2. Members may withdraw their consent to provide personal information and to provide it to third parties at any time, and in this case, the company will be restricted from using the service under paragraph A. Changes in consent to personal information and provision to third parties will be notified and notified separately.

Article 2 [Retention and Use Period of Personal Information]

1. processing of personal informationWe process personal information either based on the data subject’s consent or as permitted by applicable laws and regulations. When signing up for the first time, the following information is collected for personal identification and service provision.
   • A. Mandatory items for carrier members: Name, resident registration number, address, contact information, e-mail address, vehicle information, business number, account number, etc. For foreigners, including alien registration number, passport number, driver’s license, legal representative information
   • B. Mandatory items for shipper member: corporate name, representative name, business registration number, business place, representative phone number, representative e-mail address, password, name of person in charge/telephone number/position/department/email/fax number
   • C. The following information may be automatically generated and collected during service use or business processing. IP Address, Cookie, Date and Time of Visit, Service Use Record, Access Log, Payment Record, Transportation Performance Information, Bad Use Record (Record of Restriction of Use, etc.)
   • D. The following information may be collected only from users of additional services or personalized services, or during participation in events, and only if consent has been obtained for additional collection of personal information.
   • E. During the use of paid services, the following payment information may be collected:
     – When paying by credit card : card company name, card number, etc.
     – When paying by mobile phone : mobile phone number, mobile carrier, payment approval number, etc.
     – When transferring funds via bank account : bank name, account number, etc.
2. Period of retention and use of personal informationIn principle, the customer’s personal information shall be destroyed without delay after the purpose of collecting and using personal information has been achieved: Provided, That the following information shall be preserved for the period specified for the following reasons for preservation.
   • 1) Reasons for holding information according to the company’s internal policy
     • A. Records of illegal use– Retention items : Abnormal service usage records
       – Reasons for preservation : Prevention of fraudulent subscription and use
       – Preservation period : 5 years

       ※ The term “unauthorized use record” means a record of being restricted by the company due to the fact that it violates the terms and conditions of fraudulent subscription and use, as well as transaction records that violate the rights or interests of others.

   • 2) If it is necessary to preserve it in accordance with the provisions of the relevant laws, such as the Commercial Act and the Consumer Protection Act in Electronic Commerce, etc., the company keeps customer information for a certain period of time as prescribed by the relevant laws and regulations. In this case, the company uses the information it keeps for the purpose of storage only, and the retention period is as follows.
     • A. Records on contract or withdrawal of subscription, etc– Items to be preserved : Subscription, registration, and contract documents (including consent form)
       – Basis for Preservation : Act on Consumer Protection in Electronic Commerce, etc
       – Preservation period : 5 years
     • B. Record of consumer complaints and dispute settlement– Retention items : Electronic documents related to customer complaints and disputes
       – Basis for Preservation : Act on Promotion of Information and Communication Network Utilization and Information Protection, etc
       – Preservation period : 3 years
     • C. Conservation personal information related to commerce– Items to be preserved : Transaction performance, transaction record for all funds, and other electronic document data
       – Basis for preservation : Consumer protection in the Commercial Act, Electronic Commerce, Electronic Financial Transactions Act, and the Framework Act on National Taxes
       – Preservation period : 5 years
     • D. Survey statistics– Items to be preserved : Data including personal information after preparing statistical data for the survey
       – Preservation basis : Data collection for customer satisfaction activities and system improvement
       – Preservation period : 5 years
     • E. Website visit records– Retention items : Website visit records
       – Basis for Preservation : Communication Secret Protection Act
       – Preservation period : 3 months
3. Purpose of Processing and Retention Period of Personal Location InformationThe company processes personal location information to provide location-based services to the customer and uses it within the scope of the purpose agreed upon by the customer in accordance with Article 23 of the Act on the Protection and Use of Location Information. It also uses the information to respond to customer complaints, and retains and uses the location information from the time of membership registration until membership withdrawal.
4. Retention Period of Records Confirming the Use and Provision of Personal Location InformationThe company automatically records data on the use and provision of personal location information in the location information system pursuant to Article 16, Paragraph 2 of the Act on the Protection and Use of Location Information, and retains such records for six (6) months from the time of recording for the purpose of responding to customer complaints.

Article 3 [Provision of Personal Information to Third Parties]

The Company, in principle, processes the personal information of data subjects within the scope specified for the purpose of collection and use. Except in the following cases, the Company shall not process the information beyond the original scope or provide it to any third party without the prior consent of the data subject

1. Where prior consent has been obtained or separate consent is received from the data subject;
2. Where special provisions are provided by law
3. Where it is impossible to obtain prior consent due to the inability of the data subject or their legal representative to express intent, or due to unknown address, and it is clearly deemed necessary for the urgent benefit of the life, body, or property of the data subject or a third party
4. Where it is necessary for the purpose of compiling statistics or conducting academic research, and the information is provided in a form that does not allow identification of a specific individual
5. Where it is impossible to perform the duties prescribed by other laws without using the personal information for purposes other than the intended use or providing it to a third party, and such use or provision has been reviewed and resolved by the Protection Commission
6. Where it is necessary to provide information to a foreign government or international organization for the implementation of a treaty or other international agreement;
7. Where it is necessary for criminal investigations, prosecution, or the maintenance of charges
8. Where it is necessary for judicial proceedings by the court;
9. Where it is necessary for the execution of sentences, protective custody, or protective disposition.

Article 4 [Use or Provision of Personal (Location) Information and Notification of Use]

The Company may use the location information collected from customers to provide services. If a customer agrees to these Terms and Conditions, the customer is deemed to have consented to the use of location information.

The Company shall not use the personal location information provided by the customer for any purpose other than service provision without the customer’s consent.

The Company shall not use the personal location information provided by the customer for any purpose other than service provision without the customer’s consent.

1. If the telecommunications device that collected the personal location information does not have the function to receive text, voice, or video
2. If the subject of personal location information requests notification via a device or (email) address other than the device that collected the personal location information.

Where the Company provides personal location information to a third party designated by the member, it shall notify the member of the recipient, the date and time of provision, and the purpose of provision through the telecommunications device that collected the information, either immediately each time or in the manner selected by the member among the intervals set by the Company within the scope of the Location Information Protection Act.
However, where the Company notifies information provision details to a third party periodically in bulk, the Company shall notify the customer of the following and obtain consent

1. The frequency or period of the aggregated notification
2. That the method of notification can be changed to immediate upon request by the personal location information subject, and the method for such request.

Article 5 [Use of Location Information for the Protection of Children Under the Age of 8, etc.]

If the legal guardian of a person who falls under any of the following categories (hereinafter referred to as “children under the age of 8, etc.”) consents to the collection, use, or provision of personal location information to protect the life or body of the said person, such consent shall be deemed as the person’s own consent

1. A child under the age of 8
2. A person under adult guardianship
3. A person with a mental disability as defined in Article 2(2)(2) of the Act on Welfare of Persons with Disabilities and classified as a person with severe disability under Article 2(2) of the Act on the Employment Promotion and Vocational Rehabilitation of Persons with Disabilities (limited to those registered under Article 32 of the Act on Welfare of Persons with Disabilities)

A legal guardian under Paragraph 1 refers to a person who actually protects the child and falls under any of the following

1. The legal representative of a child under the age of 8, or a guardian under Article 3 of the Act on the Guardianship of Minors in Protective Facilities
2. The legal representative of a person under adult guardianship
3. The legal representative of the person under Subparagraph 3 of Paragraph 1, or the head of a residential facility for the disabled under Article 58(1)(1) of the Act on Welfare of Persons with Disabilities (limited to facilities established and operated by the state or local governments), or the head of a mental care facility under Article 22 of the Mental Health Promotion and Welfare Services Support Act, or the head of a mental rehabilitation facility under Article 26 of the same Act (limited to facilities established and operated by the state or local governments)

A guardian who wishes to consent to the collection, use, or provision of personal location information for the protection of the life or body of a child under the age of 8, etc., shall submit a signed consent form along with documents proving their guardian status to the Company.

Article 19 (Customer Rights) shall apply mutatis mutandis to cases where the guardian gives consent under Article 26(4) of the Location Information Act. In such cases, the guardian shall be regarded as the customer.

Article 6 [Outsourcing of Personal Information Processing]

1. The Company may outsource the processing of personal information to a third party to provide smooth and enhanced services. In such cases, the Company shall inform users in advance and obtain consent on all of the following matters. The same applies if any of the following matters is changed
   1. The entity entrusted with the processing of personal information
   2. The details of the work entrusted for personal information processing
2. Notwithstanding Paragraph 1, the Company may outsource personal information processing without a separate notification or consent procedure if it is necessary for the fulfillment of a contract for the provision of information and communication services and for user convenience, by publicly announcing the matters of each subparagraph of Paragraph 1 in the Privacy Policy.
3. The Company outsources the following tasks related to the processing of personal information, and takes necessary measures to ensure the safe management of personal information when entering into an outsourcing contract in accordance with relevant laws.
   The Company considers the data protection capabilities of the outsourced party when contracting, and periodically verifies whether the obligations related to safe management and disposal of personal information are being fulfilled.
   Additionally, the information subject to outsourcing is limited to the minimum necessary for providing the service.
   1. Status of Domestic Outsourcing for Personal Information Processing
      

      Entrusted Company	Details of Outsourced Services
      NICEPAYMENTS	Payment processing (mobile phone, bank transfer, account transfer, credit card, gift certificates, and other payment methods)
      Daou Technology INC	Notification Talk (KakaoTalk) and SMS transmission
      WIDU SOFT CO.,LTD.	Customer service operations and customer support
      NICE Information Service Co., Ltd.	Identity verification and adult authentication
      KIS Information&Communication,inc	Electronic billing and payment processing

Article 7 [Rights and Obligations of the Data Subject and How to Exercise Them]

The data subject may exercise the following rights. A legal representative may, upon submission of a power of attorney, request to access, correct, delete, or suspend the processing of the customer’s personal information.

1. Request for Access to Personal InformationThe data subject may request access to personal information files retained by the Company in accordance with Article 35 (Access to Personal Information) of the Personal Information Protection Act.
   However, requests for access to personal information may be restricted pursuant to Paragraph 5 of Article 35 of the Act, in the following cases
   • A. Where access is prohibited or restricted by law
   • B. Where there is a concern that access may cause harm to another person’s life or body, or unjustly infringe upon another person’s property or other interests
   • C. Where it may cause serious disruption to the performance of any of the following tasks by a public institution

     ①  Tasks related to the imposition, collection, or refund of taxes
     ②  Tasks related to academic achievements, skills, or recruitment examinations, or qualification reviews
     ③  Tasks related to ongoing evaluations or judgments regarding the calculation of compensation
     ④  Tasks related to ongoing audits or investigations conducted in accordance with other laws

2. Request for Correction or Deletion of Personal InformationThe data subject may request the correction or deletion of personal information files retained by the Company in accordance with Article 36 (Correction or Deletion of Personal Information) of the Personal Information Protection Act.
   However, if the personal information is specified by other laws or by Paragraph 2 of Article 2 of the Company’s Privacy Policy as subject to collection and retention, deletion may not be requested.
3. Request to Suspend Processing of Personal InformationThe data subject may request the suspension of processing of personal information files retained by the Company in accordance with Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act, and appropriate action shall be taken without delay upon receipt of such request.
   However, requests for suspension of processing may be rejected pursuant to Paragraph 2 of Article 37 of the Act in the following cases
   • A. Where processing is unavoidable in order to comply with legal obligations or provisions of law
   • B. Where there is a concern that suspension may cause harm to another person’s life or body, or unjustly infringe upon another person’s property or other interests
   • C. Where a public institution is unable to perform its statutory duties without processing the personal information
   • D. Where suspension of processing would make it difficult to fulfill a contract with the data subject, such as in the case of service provision agreed with the data subject, and the data subject has not clearly expressed their intention to terminate the contract

Article 8 [Destruction of Personal (Location) Information]

The Company shall, in principle, destroy personal information without delay once the purpose of processing such personal information has been fulfilled. The procedures, timelines, and methods of destruction are as follows

1. Destruction ProcedureInformation entered by the user for purposes such as membership registration is transferred to a separate database (or, in the case of paper documents, to a separate filing cabinet) after the purpose is achieved. It is stored for a certain period in accordance with internal policies and other applicable laws and regulations for information protection purposes (refer to retention and usage period), and is then destroyed.
   Such personal information shall not be used for any purpose other than retention unless required by law
2. Time and Method of DestructionWhen the retention period has expired, or the purpose of processing the personal information has been achieved, or the relevant task has been terminated, and thus the personal information is no longer necessary, it shall be destroyed without delay.
   Information in electronic file format is destroyed using technical methods that make the records irrecoverable.
   Printed documents containing personal information are destroyed by shredding or incineration.

Article 9 [Measures to Ensure the Security of Personal Information]

The Company has established the following technical and administrative measures to protect personal information.

1. Minimization of Personal Information Handling Personnel and TrainingEmployees who handle personal information are designated and managed as a minimum number of necessary personnel, and training is provided to such personnel for safe management.
2. Restriction of Access to Personal InformationThe Company takes necessary measures to control access to personal information by granting, changing, or revoking access rights to the database system that processes personal information, and uses intrusion prevention systems to block unauthorized external access. Documents and storage media containing personal information are stored in places equipped with locking devices.
3. Retention and Prevention of Falsification of Access RecordsRecords of access to the personal information processing system (such as web logs, summary information, etc.) are retained and managed for at least six (6) months, and security functions are used to prevent the alteration or loss of such records.
4. Encryption of Personal InformationAmong personal information, resident registration numbers and passwords are safely stored and managed through encryption and other means. Important data is encrypted for both storage and transmission, and separate security functions are used. Customers themselves must also be careful not to expose their passwords and IDs to third parties.
5. Installation of Security Programs and Periodic Inspection and UpdateTo prevent leakage and damage of personal information due to hacking or computer viruses, security programs are installed and periodically updated and inspected
6. Control of Entry by Unauthorized PersonsThe physical storage location of the personal information system where personal information is stored is separated and the system is installed in an area controlled from external access, and procedures for entry control are established and operated. To prevent damage to personal information, data is backed up regularly, and up-to-date antivirus programs are used to prevent leakage or damage of users’ personal information or data. Encrypted communication is used to ensure the secure transmission of personal information over the network. Intrusion prevention systems are used to block unauthorized external access, and all possible technical devices are equipped to secure the system.
7. Regular Self-InspectionTo ensure the security of personal information handling, the Company conducts regular self-inspections and audits of personal information protection management, including external servers. However, even if the Company has fulfilled its personal information protection obligations, it shall not be liable for any damages not attributable to the Company, such as negligence by the user or accidents occurring in areas not under the Company’s management.
8. Establishment and Implementation of Internal Management PlanThe Company establishes and implements an internal management plan to ensure the secure processing of personal information. Article 8 [Installation, Operation, and Rejection of Devices That Automatically Collect Personal Information, Such as Internet Access Files]
   The Company and the services provided through its website do not allow customer registration via the Internet, and only customers who have registered offline may receive services through login. Accordingly, no information is collected via login from non-customers.
   However, in order to provide customized services tailored to customers who have registered offline, the Company operates cookies that occasionally store and retrieve information from such customers’ mobile phones or computers.
   A cookie is a very small text file that the server used to operate the website sends to the customer’s browser, and which may be stored on the customer’s computer hard disk.
   The Company uses cookies for the following purposes
   • Purpose of Using CookiesNon-customers cannot log in. Customers are required to enter their ID and password when logging in via the website, and their phone number and radio number when using mobile devices.
     Cookies are stored on the customer’s computer or mobile phone by identifying the browser of the registered customer upon their first visit.
     Cookies enable logged-in customers to maintain environment settings and use the “Service” or the Internet website in a more personalized manner with customized services.
     Customers have the option to allow or refuse the installation of cookies. By configuring browser settings, customers can allow all cookies, receive a prompt each time a cookie is stored, or refuse the storage of all cookies.
   • Cookie Settings / Operation and Rejection MethodFor example, to reject cookie settings, customers can select options in the web browser they use to allow all cookies, be prompted each time a cookie is saved, or block all cookies.
     Example of setting method (in the case of Internet Explorer)

     – Select the [Tools] menu and click [Internet Options]
     – Click the [Privacy] tab
     – Set the level of personal information handling

     However, if the customer’s cookies are not functioning or have been deleted, the customer may not be able to use the services provided by the Company and its website.

Article 10 [Contact Information of the Personal Information Protection Officer]

In accordance with Article 31, Paragraph 1 of the Personal Information Protection Act, the Company designates the following individual as the Personal Information Protection Officer to handle complaints and provide remedies related to the processing of personal information.

1. Personal Information Protection Officer: Seungmin Chae, Director, Logispot Co., Ltd.
   – Contact Number : 010-7229-7467
   – Email : smchae@logi-spot.com

   For reporting or consultation regarding personal information infringement, you may also contact the following organizations

   – Personal Information Infringement Report Center (privacy.kisa.or.kr / dial 118 without area code)
   – Supreme Prosecutors’ Office Cyber Crime Investigation Division (www.spo.go.kr / 02-3480-3571)
   – Cyber Bureau of the National Police Agency (www.ctrc.go.kr / dial 182 without area code)

Article 11 [Consultation and Submission of Requests for Access to Personal Information]

The data subject may request access to personal information in accordance with Article 35 of the Personal Information Protection Act by contacting the following department. The Product Division will make every effort to process such requests promptly.

1. Responsible Department : Product Division
   – Person in Charge : Seungmin Chae, Personal Information Protection Officer
   – Contact Number : 1600-0011
   – Email : dev@logi-spot.com

Article 12 [Others]

Please note that this Privacy Policy does not apply to the collection of personal information by websites that are linked through the “Service” (web or app).

Article 13 [Duty of Notification]

This Privacy Policy may be amended due to changes in operational policy or security technologies. In the event of such revision, the Company shall notify users at least 7 days in advance through a notice on the website (or app), or via individual notice.

* Initial Announcement Date of the Privacy Policy: November 2, 2016

* Initial Enforcement Date of the Privacy Policy: December 1, 2016