Privacy Policy

Privacy is the utmost priority at BusinessOn Communication’s Glosign services. The purpose of the following is to inform you of how BusinessOn Communication’s Glosign collects, uses, stores, and processes personal information of individuals who use our service (platform, API/SDK, on-premise, solution, etc.). We recommend that you read through this document to ensure that you are fully informed about what and how we collect, use, store, and process your personal information.

1. Collection, use, storage, and procession of personal information

1.1 Personal information that we collect

1.1.1 Registration

We collect personal information at this stage to register and manage users.
The information we collect are as follows:
- [Required]: email, name, password, information confirming possible re-registration, email authentication
- [Optional]: nationality, referral code, phone number
However, if a user decides to register with a social account, the following information may also be collected:
- [Kakao]: email, profile information (nickname, profile picture)
- [Google]: email, profile picture
If a user decides to register as a corporate account, the information we collect are as follows:
- [Required]: name, email, company name, company phone number, country, password, email authentication
- [Optional] : business registration number
Retention of personal information:
All personal information, aside from a user’s registration record, is deleted permanently and immediately upon deletion of the account. The registration record is retained for 5 years with its only purpose of retention being the prevention of re-registration of users seeking to take advantage of the free trial period.

1.1.2 Service use

We collect personal information at this stage to provide users with our eContract service. The following information is collected while using our service (online).
The information we collect are as follows:
- [Required]: personal information (name, phone number, address, email, date of birth, etc.) entered during the contract process, service usage history, service purchase history, payment records (card number, date of birth, first 2 digits of the card password, card expiration date)
- [Optional]: authentication methods (phone authentication, PASS authentication, authorization certification)
Retention of personal information:
- All personal information, aside from a user’s registration record, is deleted permanently and immediately upon deletion of the account. The registration record is retained for 5 years with its only purpose of retention being the prevention of re-registration of users seeking to take advantage of the free trial period. Exceptional circumstances in which we may retain your personal information are under legal obligations (court order, government audit, subpoena, etc.).
The information we collect to issue requested tax invoices are as follows:
- Company name, business registration number, representative name, business type, sector, country, email
※ Acts on consumer protection in electronic commerce, etc.
- Contract, subscription, etc. relevant records : 5 years
- Payment, supplying of goods, etc. relevant records : 5 years
- Consumer complaints, dispute, etc. relevant records : 3 years
※ Basic Act of Electronic Documents and Electronic Commerce
- Distribution records of electronic documents via certified electronic address : 10 years
※ Protection of Communications Secrets Act
- Log in records : 3 months
Further, the personal information of dormant users who have not used the service for 1 year is separately stored and managed.

1.1.3 Purpose

For user management purposes:
- Provide the best user experience we can offer
- Identify users
- Penalize users who engage in wrongful and unauthorized access of the service
- Prevent users from disrupting the operation of the service
- Confirm users’ decisions to register and delete account
- Limit number of registration attempts
- Receive confirmation from legal guardians to collect minors’ personal information prior to registration of underaged users
- Verify the identification of a legal representative later on
- Retain records for dispute resolutions
- Respond to complaints, comments, etc.
- Deliver notices/updates
For service development & marketing·ad purposes:
- Develop new service features
- Validify service
- Deliver content and tailored advertising to target demographic
- Offer participatory event opportunities
- Evaluate access frequencies
- Analyze audience statistics, etc.
For collecting payment purposes:
- Provide eSignature service
- Provide contents
- Provide customized services
- Request and collect payment for using paid service
- Offer self authentication methods
- Deliver products or issue receipts, invoices, etc.
- Request payment for unpaid use of service
For legal purposes:
- Submit files or information as evidence to resolve legal disputes

2. Data sharing and third parties

We collect and process information only in the manner in which we have disclosed and ergo, no third parties are allowed access to user’s personal information. However, data may be shared under the following circumstances wherein:
- The user has given approval to access
- The company is legally obligated to provide access
- The user or a third party is clearly at risk of death, unfavorable health conditions, and monetary disadvantages but the user or legal representative is currently unreachable or in a physically incommunicable state to timelily obtain approval to access

When requesting approval to access and share personal information with a third party, we are obligated to inform users of the following (users must be informed if any changes are made to the standard protocol):

3. Entrustment of personal information

We entrust personal information to the following third parties to better manage and process our users’ personal information.

3.1 Entrusted parties

1) NICE Payments Co., Ltd., KG INICIS Co., Ltd., I’mport, PayPal Pte. Ltd.: payment gateway service
2) KG Mobilians. Co., Ltd.: PASS mobile self authentication service
3) Summerce Platform Co., Ltd.: Kakaotalk notification delivery service
4) Channel Co., Ltd.: online customer chat, marketing channel service
5) SendGrid : email delivery service
6) Amazon Web Services Inc.: personal information operation/storage/management cloud service
- Entrusted area: required information to better Glosign’s service
- Entrusted period: until the contract termination period
※ Once entrusted, in accordance with the Personal Information Protection Act Article 26, we explicitly have the following conditions stated and known in the contract: personal information must only be processed for purposes related to the entrustment and technical∙administrative protection measures; re-entrustment is restricted; fiduciaries are managed under scrutiny (i.e.: how they are processing personal information); responsibilities including but not limited to compensation for damages are mentioned. If changes regarding specifics of the entrustment occur or fiduciaries are replaced, we will immediately deliver and make known of such changes via our Privacy Policy.

4. User’s rights·responsibilities·exercisement

4.1 Users can request access to their personal information. However, users may be denied or limited in the scope of which they can access if the circumstances fall into any of the cases listed below:
- In cases wherein the law denies or limits the scope of which users can access
- In cases wherein there is a risk of a third party’s life∙physical body being in danger or an unfair infringement on the a third party’s property or interests

4.2 We will notify the users if their requests to access personal information have been granted, delayed, or denied along with the reasons to these conclusions within 10 days of their requests.

4.3 Users who have accessed their personal information can request for the information to be edited or deleted. However, information that has been, by law, stated as required categories to be collected, users cannot request for deletion.

4.4 Upon receiving and responding to the request for the edit∙deletion of personal information within 10 days of submission, we must deliver the record stating the decision, its underlying reasons, and the next steps the user can take to rebut the decision made.

4.5 Users can request to stop the procession of personal information. We will immediately comply with the requests and put a full stop to or partially pause any collection or procession of personal information. However, users may be denied their requests if there are logical reasons behind or fall into any of the cases listed below:
- In cases wherein the law specially states or legally compels the requests to be denied
- In cases wherein there is a risk of a third party’s life∙physical body being in danger or an unfair infringement on the a third party’s property or interests
- If the service cannot be provided to the user without processing personal information and if the user has not made it clear enough of his or her decision to terminate use of the service

4.6 Upon receiving and responding to the request for a full stop of the procession of personal information within 10 days of submission, we must inform the user of the action taken, its underlying reasons, and the next steps the user can take to rebut the decision made.

4.7 User can exercise the right by submitting the personal information access request to the power of attorney (which is in accordance to the Privacy Policy) [Notice 8] to the company directly, by electronic mail, etc.

4.8 Legal representative, entrusted individual, etc. can exercise the right as well. If this be the case, one must submit the power of attorney (which is in accordance to the [Notice 11].

5. Deletion of personal information

5.1 Personal information is immediately deleted after the goal of its retention, stated retention period, etc. has been reached and the personal information becomes unneeded.

5.2 The deletion of personal information, depending on which of the following circumstances apply, methods will differ.

- If it is an electronic file: permanant deletion in which recovery is impossible
- Records, print outs, in-person, and other record keeping mediums: incineration or shredding

6. How we secure your personal information

We abide by the Personal Information Protection Act Article 29 and have taken technical·administrative·physical measures to secure your personal information.

6.1 Our minimal access to personal information
We ensure that your personal information is only accessible by the person in charge of personal information and that the person is limited in exercising this role to guarantee the security and privacy of your personal information.

6.2 Regular company audits
We regularly conduct audits to secure your personal information within the company.

6.3 Exercise of internal management goals
We set and actualize goals to strengthen the security of how your personal information is processed.

6.4 Encryption of personal information
Important information including your password, payment information, and such are encrypted before being saved. Important files are also encrypted and can be locked using our high-security methods such as the file lock feature.

6.5 Technological solutions to hacking, etc.
To prevent any personal information leakage resulting from hacking, computer viruses, etc., we install and conduct regular checks on our security program.

6.6 Limiting the rights and roles regarding access to personal information
Only the personal information department has access to your personal information and with limited role in what can be accessed. With different degrees of rights granted to each member and with all the access history recorded, we ensure your personal information is safely kept under strict supervision. Further, to prevent any foreign invasion of personal information, we have installed security equipment to monitor and control access.

6.7 Storage of access records and prevention of forgery
We keep record of all access to the personal information system for 2 years and conduct monthly checks to ensure all is working well.

6.8 Securing documents with the file lock feature
Documents containing highly classified personal information are stored in an extensive security system.

6.9 Unauthorized access
Our company allows no access to any individuals with no authorized access to our main faculties.

7. Person in charge of personal information and invasion rights

Any user who has any complaints, comments, inquiries, etc. on personal information while using our service can contact the following person in charge. We are open and ready to hear you out and provide our users a satisfying experience.

7.1 Person in charge of personal information
Name: Kwang-Hee Han
Job title: EVP
Email: kenny.han@businesson.co.kr

7.2 Department in charge of personal information
Department: Information Security
Person in charge: Jong-hwi Kim
Email: glosign@glosign.com

Further, if you want to report or consult on the invasion of personal information, contact the following institutions and get the help you need.
- Personal Information Infringement Report Center
https://privacy.kisa.or.kr / (without country code) 118
http://www.spo.go.kr / (without country code) 1301
- Cyber-security Department of the Supreme Prosecutor’s Office:
https://cyberbureau.police.go.kr / (without country code) 182

8. Cookie enablement, operation, and disablement

Web-based services generally use cookies to enhance user experience as the enablement of cookies allow a faster and more convenient web experience with their customized service.

8.1 Cookies
- Cookies are text files with small pieces of data (i.e.: username, password) that are used to identify your computer as you use a computer network.
- Cookies save and retrieve user information to provide the user a personalized and customized service. If the user visits a website, the website server reads the cookies saved onto the user’s device and provides a customized service while maintaining the user’s settings. Cookies allow the user a more convenient access and use of the service by retrieving appropriate cookies that remember user behavior on the particular website. Further, as the user’s web history and user behavior compile over time, cookies expose users to advertisements, information, etc. that they assume are of interest to the specific user.
- Users can choose to enable or disable cookies through their web browser settings. You can allow all cookies, allow cookies only after user consent, or disable all cookies. However, we recommend you to enable cookies when using our service because you may experience technical errors during the eContract process (issuing COI, etc.), and inform you beforehand that we will not be held accountable for any disadvantages that you may face during this process.

8.2 Disabling cookie settings
- Internet Explorer: "Tools" > "Internet Options" > "Privacy" > Manually disable cookies
- Chrome: "Settings" > "Advanced” > "Privacy and security" > "Contents settings" > Manually disable cookies

9. Changes to the Privacy Policy

If additions, deletions, and changes are made to the privacy policies, we will have you notified at least 7 days prior to the effective date on our homepage (https://glosign.com), Customer Support > Notice Page, or email. Any significant changes made regarding the user’s rights or responsibilities will be notified to users 30 days prior to the policies taking effect.

Version: 4.0
Notice date : August 13, 2021
Effective date: August 23, 2021
View prior version of Privacy Policy [View]