Privacy Policy
MakinaRocks Co., Ltd. ("the Company") adheres to the Personal Information Protection Act and other relevant laws to protect the rights and freedoms of data subjects when providing its products and services. The Company processes personal information lawfully and manages it securely. In accordance with Article 30 of the Personal Information Protection Act, this Privacy Policy outlines the procedures and standards for processing personal information and aims to handle related grievances promptly and efficiently.
| 1. Purpose of Processing Personal Information 2. Types of Personal Information Collected 3. Retention and Processing Period for Personal Information 4. Delegation of Personal Information Processing 5. Overseas Transfer of Personal Information 6. Disposal of Personal Information 7. Rights and Respsonsibilities of Data Subjects and Their Representatives |
8. Safeguards for Personal Information 9. Use of Cookies 10. Management of Fixed Video Surveillance Equipment 11. Data Protection Officer 12. Requests for Access to Personal Information 13. Remedies for Infringement 14. Changes to the Privacy Policy |
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes. Personal information will not be used for purposes other than those stated below, and if there is a change in purpose, the Company will obtain additional consent in accordance with Article 18 of the Personal Information Protection Act.
- Recruitment : Managing the hiring process and facilitating communication with applicants.
- Provision of Goods or Services : Offering services, delivering content, and providing personalized services.
- Marketing and Advertising : Developing new services/products, providing tailored services, sharing event information, and offering opportunities to participate in promotional activities.
2. Types of Personal Information Collected
The Company collects personal information through lawful means and only to the extent necessary for service provision.
| Category | Personal Information Details |
| Recruitment | [Required] Name, date of birth, email, phone number, address, educational history, work experience |
| Product & Service Inquiries | [Required] Name, company name, department, position, phone number, email |
| Demo Requests | [Required] Name, company name, department, position, phone number, company email |
| Webinar Registrations | [Required] Name, company name, department, position, phone number, company email |
| Newsletter | [Required] Email [Optional] Name |
| Marketing & Advertising | [Optional] Name, company name, phone number, company email |
Other personal information, such as IP address, cookies, device information, visit times, and service usage logs, may be generated and collected during service use. Collection methods include:
- Homepage, written forms, offline events(seminar), business card exchanges, information provided by event organizers
3. Retention and Processing Period for Personal Information
The Company retains and processes personal information within the agreed-upon period, as indicated at the time of collection.
| Category | Retention Basis | Retention Period |
| Recruitment | Article 15(1)(1) of the Personal Information Protection Act | 3 years |
| Product & Service Inquiries | 3년 | |
| Demo Requests | 3 years | |
| Webinar Registrations | 3 years | |
| Newsletter | Until consent is withdrawn | |
| Marketing & Advertising | Until consent is withdrawn |
If required by law, personal information may be retained for a specified period. For example:
| Category | Retention Basis | Retention Period |
| Tax records | National Tax Framework Act | 5 years |
| Tax invoices | National Tax Agency Notice 2016-3 | 3 years |
4. Delegation of Personal Information Processing
The Company outsources personal information processing tasks to enhance service delivery. Details of the delegated tasks and providers are as follows:
| Provider | Delegated Task | Retention Period |
| Doodlin Co., Ltd. | Recruitment management solutions | Until the termination of the contract |
| Wanted Lab Inc. | Recruitment management solutions | Until the termination of the contract |
| BrainCommerce Co., Ltd. | Recruitment management solutions | Until the termination of the contract |
| Shoplic Inc. | Website maintenance and operation | Until the termination of the contract |
| HubSpot, Inc. | Customer information management | Until the termination of the contract |
| Stibee Inc. | Newsletter distirbution | Until the termination of the contract |
5. Overseas Transfer of Personal Information
For stable service provision, the Company transfers personal information overseas as outlined below. If a user objects, the Company will ensure their information is not transferred overseas, though certain services may be limited.
| Recipient | Country | Time and Method of Transfer | Contact Information of the Data Protection Officer | Transferred Items | Purpose of Transfer | Retention and Usage Period |
| HubSpot, Inc. | United States | Transferred immediately upon the collection of personal information using encrypted communication | Nicholas Knoop (Data Protection Officer)+1-888-413-1296 |
Name, company name, department, position, mobile phone number, company email | Storage, operation, and management of personal information | Until the personal information retention period specified in Section 3 |
6. Disposal of Personal Information
Upon achieving the purpose of use, the Company promptly disposes of personal information as follows:
A. Procedure
Selects information for disposal, obtains approval, and deletes it.
B. Methods
Physical documents are shredded or incinerated, while electronic files are permanently deleted to prevent recovery.
7. Rights and Responsibilities of Data Subjects and Their Representatives
- Data subjects have the right to request access to, correction of, deletion of, suspension of processing, or withdrawal of consent for their personal information at any time with MakinaRocks.
- These rights can be exercised through written requests, email, or fax, in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and MakinaRocks will respond promptly to such requests.
- Rights may also be exercised through a legal representative or an authorized agent of the data subject. In such cases, a power of attorney in the format specified in Annex 11 of the "Notice on the Methods of Processing Personal Information" must be submitted.
- The right to request access or suspension of processing of personal information may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.
- If personal information is explicitly designated as required for collection under other laws, a request for its deletion cannot be made.
- MakinaRocks verifies whether the individual making the request for access, correction, deletion, or suspension of processing is the data subject themselves or a legitimate representative.
8. Measures to Ensure the Security of Personal Information
The Company implements the following measures to ensure the security of personal information:
A. Minimization and Training of Personnel Handling Personal Information
The Company designates specific employees to handle personal information, minimizes the number of personnel involved, and provides ongoing training on personal information protection.
B. Establishment and Implementation of Internal Management Plans
The Company establishes and enforces internal management plans to ensure the secure processing of personal information.
C. Encryption of Personal Information
Personal information is stored and managed in an encrypted format in accordance with legal standards. Critical data is secured through encryption during storage and transmission or by utilizing file locking features.
D. Technical Measures Against Hacking and Other Threats
To prevent personal information leaks and damage caused by hacking or computer viruses, the Company installs security programs, conducts regular updates and inspections, and places systems in restricted zones to monitor and block unauthorized access both technically and physically.
E. Restriction of Access to Personal Information
The Company controls access to personal information by granting, modifying, or revoking database system access rights. Unauthorized external access is blocked using intrusion prevention systems.
F. Retention and Protection of Access Logs
The Company maintains and manages access logs for its personal information processing systems, ensuring they are not tampered with, altered, stolen, or lost.
G. Use of Locking Devices for Document Security
Documents and auxiliary storage media containing personal information are stored in secure locations equipped with locking devices.
H. Access Control for Unauthorized Individuals
Physical storage locations for personal information are maintained separately, and access control procedures are established and enforced to prevent unauthorized entry.
9. Installation, Operation, and Refusal of Automatic Data Collection Devices
The Company uses cookies to store and retrieve usage information as needed to provide personalized services to data subjects. Cookies are small pieces of data sent by the web server (HTTP) to the user’s browser and may be stored on the user’s computer hard drive.
A. Purpose of Using Cookies
Cookies are used to analyze the user’s visits to services and websites, usage patterns, popular search terms, and secure access status to provide optimized information to the user.
B. Cookie Installation, Operation, and Refusal
Users can refuse the storage of cookies by adjusting the settings in their web browser: Go to Tools > Internet Options > Privacy menu to set preferences for cookie storage. Please note that refusing cookies may result in difficulties in using personalized services.
10. Operation and Management of Fixed Video Surveillance Systems
The Company operates and manages fixed video surveillance systems for purposes such as safety management, facility security, and crime prevention.
A. Number of Installations, Locations, and Coverage Areas
| Number of Installations |
Location and Coverage |
| 2 | 11th floor, entrances and hallway |
| 2 | 12th floor, entrances and hallways |
B. Recording Times, Retention Periods, Storage Locations, and Processing Methods
| Recording Time | Retention Period | Storage Location and Processing Method |
| 24 hours | 30 days from the date of recording | Stored and processed on video surveillance systems by the F&A team |
Once the retention or processing period for personal video information expires, the files are permanently deleted using technical methods, and any printed or recorded materials are shredded or incinerated.
C. Management Responsible Parties and Access Rights Holders
| Category | Department | Name | Position | Contact |
| Manager | F&A Team | Jisun Jang | TL | 02-6245-1221 |
| Access Rights Holder | F&A Team | Hyunju Yong | - | 02-6245-1221 |
The Company does not use video footage generated by video surveillance systems for purposes other than safety management, facility security, or crime prevention. Recorded footage is not viewed or shared with unauthorized individuals beyond those granted access rights.
- How and Where to Access Video Information: The management support team will facilitate access to video information upon request to the person responsible for management.
- Measures for Requests to View Video Information: Data subjects may request to view, confirm the existence of, or delete personal video information by contacting the operator of the fixed video surveillance system. Viewing is permitted only if the data subject is captured in the footage or if it is clearly necessary to protect the life, body, property, or interests of the data subject.
- Technical, Administrative, and Physical Measures to Protect Video Information: The Company implements access control and restriction of access rights, secure storage and transmission technology, maintenance of processing records to prevent tampering, internal management plans, regular personal information protection training, and controlled access to computer rooms and personal video information storage areas.
- Outsourcing of Installation and Management: The Company does not outsource the installation or management of fixed video surveillance systems. All necessary measures are implemented to ensure personal information is securely managed in compliance with relevant laws and regulations.
- Changes to the Policy: This fixed video surveillance system operation and management policy was enacted on July 1, 2024. Any changes due to updates in laws, policies, or security technologies will be promptly announced on the Company’s website, including the reasons and details of the changes.
11. Personal Information Protection Officer and Responsible Department
The Company assumes overall responsibility for personal information processing and designates the following Personal Information Protection Officer to handle complaints and provide remedies related to personal information processing.
| Personal Information Protection Officer | Responsible Department for Personal Information Protection |
| Name : Sangwoo Shim Position : CISO Phone : 02-6245-1221 Fax : 02-6245-0008 Email: mrx_privacy@makinarocks.ai |
Department : Infra Security Team Phone : 02-6245-1221 Fax : 02-6245-0008 Email : mrx_privacy@makinarocks.ai |
12. Requests for Access to Personal Information
Data subjects may request access to their personal information under Article 35 of the Personal Information Protection Act by contacting the department below. The Company will strive to process such requests promptly.
- Department for Receiving and Processing Personal Information Access Requests
Department : Infrastructure Security Team
Contact Person : Gyeongjae Cho
Contact Information : [Phone] 02-6245-1221 / [Fax] 02-6245-0008 / [Email] mrx_privacy@makinarocks.ai
13. Remedies for Rights Infringement
Data subjects may seek remedies for personal information infringement by applying for dispute resolution or counseling through the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center under the Korea Internet & Security Agency, or other related organizations. For further reporting or counseling regarding personal information infringement, please contact the following institutions:
| Personal Information Infringement Report Center | Personal Information Dispute Mediation Committee | Supreme Prosecutors’ Office | Korean National Police Agency |
| (toll-free) 118 privacy.kisa.or.kr |
(toll-free) 1833-6972 www.kopico.go.kr |
(toll-free) 1301 www.spo.go.kr |
(toll-free) 182 ecrm.cyber.go.kr |
14. Changes to the Privacy Policy
A. This Privacy Policy is effective from July 22, 2024.
B. Updates will be announced promptly via the Company website.
