English

Privacy Policy

이 문서는 한국어로도 제공됩니다. 개인정보처리방침

Riduck Co., Ltd. (hereinafter referred to as "Riduck" or "Company"), which operates Riduck, is doing its best to ensure that the personal information of the data subject is protected through the personal information protection regulations under the relevant laws, including the Personal Information Protection Act and the Information Network Promotion and Information Protection Act from the end of the service planning stage to the end. In addition, through the Personal Information Processing Policy and the Personal Information Protection Policy, we will guide you on how and how the personal information provided by the data subject is used and managed.

Announcement

This privacy policy may be provided in a language other than Korean. However, the privacy policy provided in non-Korean languages are additionally provided to help members understand easily, and if the contents of the Privacy Policy processing policy written in Korean and the Privacy Policy written in non-Korean languages conflict, the contents of the Privacy Policy written in Korean shall be followed.

Personal information items, objectives, and methods of collection

  1. When signing up for membership or in the process of using the service, we collect the minimum personal information for service provision through the website, mobile app, etc. from the data subject as follows.

Membership registration and account linkage

You can collect the following information to create an account or to link an account.

  • ID, password, email address, nickname

Service delivery

To analyze riding data and provide relevant services, you can gather the following information:

  • Bicycle driving records including travel distance, acquisition altitude, travel time, etc.

  • Measurement information included in bicycle driving records such as speed, heart rate, cadence, power, and temperature

  • Location information included in bicycle record

  • Date of birth, height, weight, introductory period

In addition, "Company" can inquire or collect the following information with the consent of the user through the Strava API, Garmin Activity API, Wahoo Fitness Cloud API, or the API service that the user chooses to use for normal service delivery depending on the function that the user wants to use. However, in the case of some items, if the individual data subject does not agree to provide information on a specific item or if there is a request from the platform, the information is inquired or collected except for the corresponding information.

  • Member profiles provided by the appropriate API, including nickname, date of birth, height, and weight

  • Measurement records and location information included in bicycle driving records and bicycle molestation records

Consent from legal representatives

The following information may be collected to obtain the consent of the legal representative for the collection and use of personal information of children under the age of 14.

  • Name, date of birth, gender, mobile phone number, and duplicate subscription confirmation information (DI) of the legal representative

Customer Service

For customer service and complaint handling, the following information can be collected:

  • Email address, ID, name (optional), mobile phone number (optional), payment information (optional)

Participation in the event

The following information can be collected for participation in events, delivery of prizes, etc.

  • Name, mobile number, address, email address, gender, date of birth

Marketing

For new services and guidance, you can gather the following information:

  • Marketing acceptance status, mobile phone number, email address

Service Operations, Improvements and Surveys

The following data can be collected by checking user usage data and conducting surveys to improve service and identify problems.

  • Account information and usage information of 'Company' and other products

  • ID, nickname, email, gender, date of birth

  • Other items that have been guided to the data subject and obtained consent for collection

In addition, for the purpose of improving the service, identifying problems, and stable operation, the following information can be automatically generated according to the service use process of the data subject.

  • IP address, date and time of visit, service usage history, sanction history due to incorrect service use, device model name, device OS information, device unique number, device firmware version, carrier information, network-based location information, device unique token value

Personal information not collected and processed

The 'company' does not collect, use, or process unique identification information such as resident registration number, foreigner registration number, passport number, and driver's license number. If unique identification information is collected and used in the future, we will encrypt and safely manage personal information classified as unique identification information pursuant to Article 24 (1) of the Personal Information Protection Act and Article 19 of the Enforcement Decree of the Personal Information Protection Act.

Processing and retention period of personal information

  1. In principle, the "company" shall hold and use the personal information of the data subject only for the period necessary for the provision of the service, that is, the agreed period, and destroy it without delay when the purpose of collecting and using personal information is achieved, the expiration of the holding period, and the withdrawal of the user's consent to collect and use. However, in the case of personal information that has been agreed upon in advance by members or needs to be preserved in accordance with relevant laws and regulations, personal information shall be safely stored during the period, and the items and periods are as follows.

  • Act on Consumer Protection in Electronic Commerce, etc.

    • Record of contract or withdrawal of subscription (5 years)

    • Record of payment settlement and supply of goods, etc. (5 years)

    • Record of consumer complaints or disputes (3 years)

    • Record of display/advertisement (6 months)

  • Communications Secret Protection Act

    • Log in (3 months)

  • Electronic Financial Transactions Act

    • Records on Electronic Finance (5 years)

  • If the member's consent is obtained

    • Each consented item (until the agreed period)

  1. Regardless of the relevant laws and regulations above and the consent of the members, in the following cases, the 'company' may retain personal information until the reason is terminated.

  • In the case where an investigation, investigation, or trial is in progress due to violation of the relevant laws and regulations (until the relevant investigation, investigation, or trial is terminated);

  • When the bond or debt relationship remains due to the use of the service of the 'company' (until the settlement of the relevant bond or debt relationship)

provision of personal information to a third party

  1. The 'company' processes the personal information of the data subject only within the scope specified in this personal information processing policy and does not provide it to a third party without any special reason. However, it can be provided to a third party if the data subject agrees or falls under legal regulations as follows.

  • If a separate consent is obtained from the data subject;

  • Where there are special provisions in the law

  • Where there is a legitimate or urgent reason for not obtaining consent from the data subject in the event of an urgent danger to a person's life or body;

  • Where it is anonymized and provided in a form that cannot be identified as a specific individual, if necessary for the purpose of statistics preparation, academic research, etc.

  1. In order to provide or share personal information to a third party with consent from the data subject, the person who receives personal information in advance, the purpose of using personal information, the items of personal information provided, the period of holding and using personal information, and the disadvantages of refusing consent are informed and specified in advance.

Third parties who receive current personal information from the 'company' can be found through the link below.

[Link: Third party status of receiving personal information from "company"]

Consignment of personal information processing

  1. The 'company' entrusts the processing of personal information to a specialized company as follows for the purpose of signing, maintaining, performing, and managing contracts or contracts agreed by members for smooth business processing.

  • Amazon Web Service

    • Country: United States

    • Previous items: Email address, ID, access IP address, nickname, etc.

    • Consignment work: system development, operation, hosting provision, and data storage for service provision

    • Period of retention and use: until withdrawal of membership or termination of consignment contract

  • Google (Analytics)

    • Country: United States

    • Previous item: de-identified connection history

    • Consignment work details: Providing statistical solution for service improvement

    • Period of retention and use: until withdrawal of membership or termination of consignment contract

  1. According to Article 26 of the Personal Information Protection Act, the "company" will supervise whether the relevant company handles personal information safely when entrusting personal information, and will revise and disclose the details of the consignment work or the consignment company without delay.

Procedures and methods for destroying personal information

  1. The company will destroy the personal information without delay when the personal information holding institution has elapsed or when personal information is no longer needed, such as achieving the purpose of processing. However, if personal information needs to be preserved due to the following reasons, move it to a separate database depending on the type of personal information or store it separately at different physical storage locations.

  • In cases falling under Article 2, Paragraph 2 of this Personal Information Processing Policy

  • Where the civil/criminal liability or prescription of the "company" or the data subject continues, or personal information is retained as evidence of a dispute;

  • Where it is to be preserved pursuant to Article 33 of the Commercial Act, etc.

  • Where there are other legitimate legal reasons;

  1. Personal information recorded and stored in the form of electronic files shall be destroyed so that records cannot be reproduced, and personal information recorded and stored in paper documents shall be destroyed by crushing or incineration.

Rights and methods of exercise of members and legal representatives

  1. Information subjects such as members and legal representatives of members under the age of 14 may exercise the right to view, correct, delete, and suspend processing of personal information to the "company" at any time.

  2. The exercise of rights under paragraph 1 above may be requested through an agent, such as if it is a legal representative of the data subject or if it has been delegated. In this case, "Notice on how to process personal information (No. 2020-7)" You must submit a power of attorney in attached Form 11 or a separate form provided by the 'company'.

  3. The exercise of rights under paragraph 1 above may be requested in writing, e-mail, etc.

  4. The 'company' will take action without delay after receiving the relevant request from the data subject. However, the 'Company' may refuse or withhold action if:

  • Cases falling under Article 35 (4) of the Personal Information Protection Act;

  • Cases falling under Article 37 (2) of the Personal Information Protection Act

  • Where the personal information is specified as the subject of collection in other statutes;

  • Where the person who requested the inspection, correction, deletion, or suspension of processing is not the data subject himself or an agent entrusted under due process;

Matters concerning the installation, operation, and refusal of the automatic personal information collection device;

1. Riduck, a service operated by the 'company', installs and operates devices or technologies that store usage information and automatically collect personal information such as cookies that are frequently recalled to provide individual customized services to members and users.

  1. Cookies, etc., can be stored on devices such as PCs and smartphones used by members and users with a small amount of information sent by the servers used to operate websites and mobile apps to users' computer web browsers or mobile apps.

  2. The 'Company' uses cookies, etc., for the following purposes:

  • Certification when payment or purchase of goods or services provided by the company

  • Provide differentiated information based on the interests of members and users

  • Guidance on the period of use when using a paid service

  • Service use and content registration

  • Check the details of activities such as participation when conducting events and surveys

  • Use it as a measure of service reorganization through analysis of usage patterns of members and users

  1. Members and users have options for installing and using cookies, etc., and you can set options in your own web browser to allow all cookies, check each time they are saved, or refuse to save all cookies, etc. However, if a member refuses to install cookies, etc., the service requiring membership registration and login is not available.

  2. If you want to refuse to install and use cookies, you can set them according to the instructions of your browser or app. If you are using Google Chrome, you can set it as follows.

  • Add menu on the top right > Settings > Advanced > Site Settings > Cookies > Allowed/Blocked or Domain Settings as desired

Matters concerning the processing of pseudonymized information

  1. Alias information refers to information processed so that specific individuals and data subjects cannot be identified without additional information, such as deleting part of personal information or replacing part or all of it.

  2. The 'company' can process and use pseudonym information for the purpose of statistics creation, scientific research, and machine learning to improve services.

  3. The 'Company' complies with the following for the safe use and protection of pseudonym information.

    1. Establishment and operation of internal management plans for safe management and protection of pseudonymized information and additional information

    2. Separate storage of pseudonym information and additional information

    3. Designate by minimizing the authority to use and access pseudonymized information and additional information by using only the minimum items necessary for the purpose of use.

    4. Conducting training at least once a year for pseudonym information processors

    5. Prohibition of re-identification of pseudonymized information and other measures to ensure safety required by law

  4. The company may entrust the processing of pseudonymized information or provide it to third parties for smooth service delivery. In this case, the company provides only the minimum pseudonym information necessary for the purpose of business processing, and conducts management supervision to ensure stability, including prohibition of re-identification of pseudonym information when provided to third parties.

  5. Currently, a third party who receives pseudonym information from the 'company' has entrusted the 'company' work.

Third parties who receive current personal information from the 'company' can be found through the below.

Currently, there are no third parties receiving personal information from the 'Company.' If it occurs in the future, we will update this page accordingly.

Technical and administrative protection measures to ensure the stability of personal information

  1. In handling your personal information, the Company is taking the following technical and administrative protective measures and measures to ensure that your personal information is not lost, stolen, leaked, altered or damaged.

    1. For the safe processing of personal information, we establish and implement an internal management plan.

    2. By granting, changing, and expunging access to databases and systems that process personal information, we minimize personal information handlers to those in charge, and use the system to control unauthorized access from outside.

    3. The password and sensitive information of the data subject are encrypted, stored, and managed, and for important data, we are taking separate security measures such as encrypting files and transmission data or using separate lock functions.

    4. Security programs are installed and periodic checks are conducted to prevent personal information leakage and damage caused by hacking or computer viruses, while systems are installed in areas where access is controlled from the outside, and technical and physical abnormal access is monitored and blocked.

    5. A separate physical storage place is set up to store personal information, and documents and auxiliary storage media containing personal information are stored in a secure place with locks, and access control procedures are established and operated.

Matters concerning the person in charge of personal information protection and the management department;

  1. The "company" designates a person in charge of personal information protection who manages the personal information of the data subject safely, handles complaints quickly, and manages related tasks as follows.

  • a person information protection officer

    • a name

    • one's position

    • Position

    • Contact information

  1. If necessary, the data subject may inquire about all personal information protection inquiries, complaints, and damage relief arising from the use of the 'company' service, including requests for access to personal information under Article 35 of the Personal Information Protection Act. The contact information of the department in charge and the person in charge of the task is as follows.

  • Department for receiving and processing personal information protection and access to personal information

    • Department name

    • Person in charge

    • Contact information

Method of remedy for infringement of rights and interests

  1. In order to receive relief from personal information infringement, the data subject may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency's Personal Information Infringement Reporting Center. In addition, please contact the following institution for reporting and consulting other personal information infringement.82

  • Personal Information Dispute Mediation Committee: (+82) 1833-6972 (www.kopico.go.kr )

  • Personal Information Infringement Reporting Center: (+82) 118 (privacy.kisa.or.kr )

  • Supreme Prosecutors ' Office: (+82) 1301 (www.spo.go.kr )

  • National Police Agency: (+82) 182 (ecrm.cyber.go.kr )

  1. A person who has been infringed on rights or interests due to dispositions or omissions made by the head of a public institution in response to requests under Article 35 (reading personal information), Article 36 (correction and deletion of personal information), and Article 37 (suspension of processing personal information) of the Personal Information Protection Act may request an administrative trial as prescribed by the Administrative Trial Act.

※ For more information on administrative trials, please refer to the website of the Central Administrative Trial Committee (www.simpan.go.kr ).

Change of privacy policy

1.If there is any additional, deletion, or change in the contents of the personal information processing policy, we will continuously disclose it on the website so that the data subject can easily know the changes and the timing of the implementation at any time.

2. If the personal information processing policy is changed, the changes will be disclosed by comparing before and after the change.

Disclaimer

  1. This personal information processing policy applies to one of the 'Company's' services, Riduck (https://riduck.com ) and all related services (including web/apps), and a separate personal information processing policy may be applied to services provided under other brands, even for the 'Company' service.

  2. Riduck services can link other companies' web or app services. This personal information processing policy does not apply to the collection of personal information on the service's website or app, and the 'Company' does not make any guarantees, responsibilities, compensation, or action obligations for these services.

Supplementary Provisions

1.This privacy policy will take effect from 13, Oct, 2023.

PreviousCommunity GuidelineNextCookie Policy

Last updated