OCTATCO
Personal Information Processing Policy
[Octatco Co., Ltd. EzAUTH] ("https://www.octatco.com" hereinafter referred to as "EzAuth"), establishes and discloses Personal Information Processing Policy as follows in an effort to protect the personal information of data subjects and to smoothly and quickly address their grievance in accordance with Article 30 of the Personal Information Protection Act of Korea.

○ This Personal Information Processing Policy will be applied from August 1, 2021.

Article 1 (Purpose of Processing Personal Information)
EzAuth processes personal information for the purposes described in the following section. The processed personal information will not be used for any other purposes than as set out below. In case of any changes to the purpose of use, the necessary measures will be implemented such as obtaining the prior consent of the data subject, in accordance with Article 18 of the Personal Information Protection Act.

Android
android.permission.CAMERA: smartphone QR scan privacy configuration settings

iOS
Camera: smartphone QR scan privacy configuration settings
Notification: Permissions to notify users of authentication requests

Article 2 (Processing and Holding Period of Personal Information)
① EzAuth scans QR code using the smartphone camera for configuration but does not store personal information.

Article 3 (Rights and obligations of the data subject and legal representative, and exercising method)
① The data subject may exercise the right to access, correct, delete, and request the suspension of personal information processing to EzAuth at any time.
② The exercise of rights under paragraph (1) can be made in writing, e-mail, or facsimile (FAX) in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and EzAuth will take necessary measures without delay.
③ The exercise of rights under paragraph (1) may be conducted through an agent, such as the entrusted person or legal representative of the data subject. In such cases, according to the "Notice on the Method of Processing Personal Information (No. 2020-7)", the data subject must submit a power of attorney.
④ Requests for access to personal information and processing suspension may be restricted in accordance with Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ Requests to correct and delete personal information cannot be requested if the personal information is specified as the subject of collection in other ordinances.
⑥ EzAuth inspects and verifies whether the person who requested to view, correct, delete, or suspend personal information processing according to the data subject's rights, is the subject themselves or a legitimate agent.

Article 4 (Personal information items)
① EzAuth is processing the following personal information items.
Required items: smartphone QR scan privacy configuration settings

Article 5 (Measures to ensure personal information safety)
EzAuth is taking the following measures to ensure the safety of personal information.

1. Minimizing and training employees handling personal information
We are implementing measures to protect personal information by designating adequate employees and limiting their number to minimize data handling.

2. Restricted access to personal information
We are taking the necessary measures to control access to personal information by granting, updating, and canceling access to the database system that processes data and also by preventing unauthorized external access through our firewall system.

Article 6 (Personal Information Protection Manager)
① EzAuth is in charge of personal information processing and designates a personal information protection manager as follows to handle complaints and grievances suffered by information subjects related to personal information processing.

▶ Person in charge of personal information protection
Name: Personal Information Protection Manager
Job position: Personal Information Protection Manager
Contact: 07046524124, info@octatco.com

② The data subject can contact the personal information protection manager and the department in charge for all personal information protection inquiries, complaints, and grievances related to EzAuth's services. EzAuth will answer and process inquiries in a timely manner.

Article 7 (Personal Information Deletion)
① EzAuth destroys personal information without delay when personal information becomes unnecessary, such as after achieving the purpose of data collection or when the stated holding period is over.
② In some other cases, in accordance with any laws or regulations requiring the storage of personal information, data shall be transferred and stored in a separate database or storage place even after the holding period agreed by the data subject has elapsed or the purpose of data collection has been achieved.
③ The procedure and method to delete personal information data are as follows:

1. Deletion procedure
EzAuth selects personal information subject to deletion and deletes the data with the consent of EzAuth's personal information protection manager.
2. Deletion method
Personal information in digital forms is deleted using technologies that disable data replay and recovery.

Article 8 (Installation, running, and refusal of automatic personal information collection systems)
① EzAuth uses cookies to collect and store information about the data subject in order to provide customized services.
② Cookies represent a small data file sent from the HTTP server to the data subject's computer browser and are sometimes stored on the hard disk inside their computer.

1. Purpose of cookies: It is used to identify used services, visited websites, popular search terms, etc. in order to provide optimized services to data subjects.
2. Installation, running, and refusal of cookies: You can manage cookies in the settings of your web browser.
3. Without consenting to use cookies, it may be difficult to use our customized services.

Article 9 (Personal information access request)
The data subject may request the following department to access their personal information in accordance with Article 35 of the Personal Information Protection Act.
EzAuth will promptly process the personal information access request.

▶ Personal Information Access Request and Processing Department
Division Name: Customer Service Team
Person in charge: The person in charge
Contact: 07046524124, info@octatco.com

Article 10 (Remedies for infringement of rights and interests)
In order to settle personal information infringement, data subjects can apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency's Personal Information Infringement Report Center. In addition, please contact the institutions below for other reports and consultations on personal information infringement.

1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
3. Prosecution Service Office: 1301 (www.spo.go.kr)
4. National Police Agency Cyber Bureau: 182 (cyberbureau.police.go.kr)

Under Article 35 (access to personal information), Article 36 (correction or deletion of personal information), and Article 37 (suspension of processing personal information) of the Personal Information Protection Act, a data subject suffering infringement of their rights or interests due to a disposition or omission taken by a public institution, can apply for an administrative appeal as prescribed by the Administrative Appeals Act.

※ For more information on administrative trials, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr)

Article 11 (Change of Personal Information Processing Policy)
① This Personal Information Processing Policy will be applied from August 1, 2021.

OCTATCO Co., Ltd.
Address: 718ho, 54, Changeop-ro, Sujeong-gu, Seongnam-si, Gyeonggi-do, 13449 Republic of Korea
Phone: +82-31-8039-7400

Sales and partnership : sales@octatco.com
Technical support : info@octatco.com