Privacy Policy

December 15 2023
swIDch Ltd. (hereinafter referred to as the "Company") is committed to safeguarding users' personal information and adheres to applicable regulations governing information and communication networks and data protection. We diligently uphold user rights and interests by complying with pertinent laws and regulations related to the protection of personal information. This privacy policy outlines how the Company collects, uses, and safeguards user information, and it may be subject to changes in accordance with relevant laws, guidelines, and revisions to the Company's internal operating policies.
The company's personal information processing policy may be subject to changes in accordance with applicable laws, guidelines, and revisions to the company's internal operating policies. Changes will be communicated in compliance with methods prescribed by relevant laws and regulations.
 
 
1. Collection of Personal Information
The company differentiates between mandatory and optional information essential for service delivery, ensuring collection only with user consent. To minimize the gathering of personal information, the company acquires only vital details essential for service provision. The purposes for collecting and utilizing this information are detailed below.
 
A. Personal Information Collection Items

Division

Purpose of Collection and Use

Required/Optional

Collection and Use Items

Integrated Authentication
(StonePASS/StoneAUTH)

Provide integrated authentication service

Required

Organization: organization name, phone number, HQ address, company registration number

Individual: name, division, position(title), company phone number, mobile phone number, email address, address

Public Authentication
(OTAC AUTH)

Authentication service provided

Optional

Organization: organization name

Individual: email address, name, division, position(title)

Identity Verification

Identification

Required

Name, date of birth, gender, nationality, mobile carrier information, mobile phone number, Connecting information (CI), Duplicate subscription information (DI)

Event

Participation in events

Optional

Email address, mobile phone number, social media ID

Duplicate participation confirmation

Optional

Advertising identifier, service usage records, cookies

Marketing

users about new services, sending newsletters, (e)DM

Optional

Email address, mobile phone number, social media ID

Customized advertising

Optional

Service usage records, cookies

Customer Inquiry

User identification and contact information

Required

Name, division, position(title), company phone number, mobile phone number, email address, address

Conversation history check

Optional

Address, Other information required

 
B. Purpose of Collecting Personal Information
The company collects customer information for providing integrated authentication services, self-authentication, identification for registration/modification/disposal of authentication means, notification activities regarding service use and changes, and customer center operation. Optional items are collected for customer consultation support, prevention of fraudulent use, statistical analysis, research for service development, events, marketing activities, and guidance/recommendations for products/services.
 
C. Method of Collecting Personal Information
The company obtains user consent before collecting personal information through methods such as:
       - Registration for membership and service usage.
       - Consultation process through the customer center via web pages, email, fax, or phone.
       - Offline collection at seminars and events.
       - External companies or service affiliates may provide personal information after obtaining user consent.
 
 
2. Third-party Provision of Personal Information
The company does not provide or use personal information for other organizations beyond the scope notified in the 'Purpose of Collection and Use of Personal Information' under any circumstances, except with the member's consent or in accordance with the provisions of relevant laws and regulations.
The company may share users' personal information to develop new technologies or provide better services. In this case, before collecting or providing information, we go through a process of informing the user about the institution, organization, or business partner with which personal information will be shared. We provide details on what information is needed, why it is needed, how long it will be protected and managed, and ask for consent. We do not arbitrarily collect or share additional information without users’ consent.
 
 
3. Processing of Personal Information by Third Parties
In order to provide services and improve user convenience, the company entrusts the processing of personal information only to the ‘identity authentication’ and ‘identity verification’ procedures. Personal information is safely managed at the time of consignment contract in accordance with relevant laws and regulations. We stipulate the necessary matters to enable this to happen.
The company's personal information processing agency and the tasks entrusted to them are as follows:
 
Personal information processing consignment items

Consignment company

Consignment work details

SCI Evaluation Information Co., Ltd.

User identity verification (mobile phone authentication)
*S. Korea-specific-mobile phone authentication

 
 
4. The Rights of Users and Legal Representatives and How to Exercise Them
The company does not provide services or accept membership for children under the age of 14 who require the consent of a legal representative to protect the child's personal information.
If there is a justifiable reason to refuse a request to view or correct all or part of the user's personal information, the company will notify the user without delay and explain the reason.

 

 

5. Processing and retention period of personal information

The company follows a robust approach to the utilization and retention of user personal information, aligning with the provided notice and consent duration. The retention process continues until the objectives of collection and usage are fulfilled, the specified retention period concludes, or the user withdraws consent. As a standard practice, the company ensures the secure and prompt disposal of information.

In instances where preservation is mandated for a specific duration, as stipulated by applicable laws and regulations, the company adheres to global standards and applicable local regulations. It recognizes that the types of information collected and the corresponding retention periods may vary in accordance with diverse laws and regulations concerning personal data protection globally. To uphold these standards, the company diligently oversees and supervises entrusted entities, ensuring their strict adherence to laws and regulations related to the protection of personal information. This comprehensive approach guarantees the safeguarding of user data in compliance with international and local privacy standards.
 
 
6. Personal Information Destruction Procedures and Methods
The company promptly eliminates users' personal information once the intended purpose of collection and use is fulfilled. The destruction procedures and methods are outlined as follows:
 
A. Destruction Procedure
The user-entered information for service sign-up, etc., is retained according to the internal policy and relevant laws for the designated retention period after achieving the purpose. Subsequently, it undergoes the destruction process.
 
B. Destruction method
       - Print Type: Destroyed through shredding or incineration.
       - Electronic File Type: Deleted using a technical method that prevents record reproduction.
If legal obligations necessitate information retention for a specific period, personal information is securely stored during that duration.
 
 
7. Technical/Administrative/Physical Protection Measures for Personal Information
 When processing users' personal information, the company diligently implements a combination of technical and administrative measures to ensure the security of personal information, preventing its loss, theft, leakage, alteration, or damage. However, the company is not responsible for any issues resulting from the leakage of essential personal information due to the carelessness of service users or members, such as the loss of devices.
 
A. Technical Measures
The company employs an intrusion prevention system to thwart personal information theft, leakage, alteration, or damage caused by malicious hacking. Additionally, an intrusion detection system is installed on each server to monitor illegal intrusions 24/7. Regular backups of customers' personal information are conducted to prepare for unforeseen emergencies.
 
B. Administrative Measures
The company employs rigorous administrative measures to safeguard users' personal information. Access to such information is restricted to a minimal number of individuals, including: 
       - Persons engaged in marketing, events, customer support, and direct delivery services to users.
       - Individuals responsible for personal information protection, including the designated personnel for this purpose.
       - Individuals whose access to personal information is indispensable for other business-related purposes.
 
The company not only manages the handling of personal information but also entrusts it to external entities. Regular inspections and training sessions are conducted for these external entities, emphasizing their obligations in adhering to personal information protection standards. Guided by a dedicated department for personal information protection, the company establishes and manages personal information processing guidelines. Regular checks on compliance with internal regulations are conducted, and immediate corrective actions are taken upon the identification of any issues. This proactive approach ensures ongoing adherence to stringent personal information protection standards.
 
C. Physical Measures
The company implements access controls for unauthorized personnel and maintains a distinct physical storage location for the personal information system. Access control procedures are established and enforced. Documents containing personal information and auxiliary storage media are securely stored in a designated area with a locking device, utilizing locking mechanisms for document security.
 
 
 
8. Cookie Usage and Preferences: Your Control Over Automatic Information Collection
In the course of using the service, information may be automatically generated or collected to ensure service stability, provide a secure service, and enforce compliance with laws and service terms and conditions.
 
A. What are Cookies?
swIDch utilizes cookies to store and efficiently retrieve customer information, enabling the provision of personalized and customized services. A cookie, a minute text file sent by the website server to the customer's browser, is stored on the customer's computer's hard disk. Upon subsequent visits, the website server reads the cookie's contents on the hard disk, maintaining user preferences and delivering customized services. Importantly, cookies do not automatically or actively collect personally identifiable information, and customers retain the option to refuse storage or delete these cookies at any time. 
 
B. Purpose of Using Cookies
Cookies are employed to deliver convenient services optimized for customers. This involves maintaining login status, modifying IDs, registering/editing/discarding authentication methods, preserving page visit records, and storing additional service-related information for visited websites.
 
C. Installation/Operation and Refusal of Cookies
Customers have the flexibility to allow or refuse cookie installation. Through web browser settings, customers can choose to permit all cookies, receive confirmation prompts each time a cookie is saved, or decline the storage of all cookies. It's important to note that refusing to store cookies may result in difficulty accessing certain services on the website that require login.
 
D. Your Control Over Cookie Preferences
We encourage you to refer to the help section of your specific web browser for instructions on managing and controlling your cookie preferences. This allows you to customize how cookies are stored on your device, giving you greater control over the data collected through cookies.
 
 
9. Personal Information Protection Manager and Responsible Department
To ensure the protection of users' personal information and address any related complaints, the company has designated a Personal Information Protection Manager and established a responsible department as follows:

Personal information protection officer

Personal information protection department

Name: Vinny Sagar
Email: vinny@swidch.com

Department Name: Management Support
Email: accounts@swidch.com

If you need to report or consult about personal information infringements, please consider contacting relevant local authorities. For global users, we recommend reaching out to the data protection authorities or privacy offices in your respective country.
Remember, you should encourage users to reach out to their local data protection authorities as privacy regulations and reporting mechanisms may vary by region.
 
 
10. Obligation to notify
In case of any changes to the contents outlined above, the company is dedicated to transparent communication. Such modifications will be officially announced through a notice at least 7 days before the implementation date. Should changes have a substantial impact on the use of the service for customers worldwide, these adjustments will be subject to revision, and the company will provide a notice at least 30 days in advance. Additionally, if modifications to the processing policy become necessary due to relevant laws or company policies, users will be promptly informed through a notice.
Given the global nature of our app, we encourage users to to contact their local data protection authorities or privacy offices for any concerns or inquiries. Privacy regulations and reporting mechanisms vary by region, and contacting local authorities ensures users receive accurate and region-specific information.

Privacy Policy

December 15 2023

swIDch Ltd. (hereinafter referred to as the "Company") is committed to safeguarding users' personal information and adheres to applicable regulations governing information and communication networks and data protection. We diligently uphold user rights and interests by complying with pertinent laws and regulations related to the protection of personal information. This privacy policy outlines how the Company collects, uses, and safeguards user information, and it may be subject to changes in accordance with relevant laws, guidelines, and revisions to the Company's internal operating policies.

The company's personal information processing policy may be subject to changes in accordance with applicable laws, guidelines, and revisions to the company's internal operating policies. Changes will be communicated in compliance with methods prescribed by relevant laws and regulations.

1. Collection of Personal Information

Identity Data

includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

Contact Data

includes billing address, delivery address, email address and telephone numbers.

Financial Data

includes bank account and payment card details.

Transaction Data

includes details about payments to and from you and other details of products and services you have purchased from us.

Technical Data

includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

Profile Data

includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

Usage Data

includes information about how you use our website, products and services.

Marketing and Communications Data

includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Direct interactions.

You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:apply for our products or services;
create an account on our website;
subscribe to our service or publications;
request marketing to be sent to you;
enter a competition, promotion or survey; or
give us feedback or contact us.

Automated technologies or interactions.

As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

Third parties or publicly available sources.

We will receive personal data about you from various third parties as set out below: Technical Data from the following parties: (a.a) analytics providers;
(a.b) advertising networks; and
(a.c) search information providers inside and outside the UK.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services based inside and outside the UK.
Identity and Contact Data from data brokers or aggregators inside and outside the UK. Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.