Enforcement Date : 2025.01.30

NAVER Cloud Corporation (hereinafter the "Company") complies with the privacy regulations of applicable laws that must be observed by information and communication service providers, such as the Personal Information Protection Act, the Act on Promotion of Information and Communication Network Utilization and Information Protection, Etc., the Protection of Communications Secrets Act, and the Telecommunications Business Act. The Company establishes this Privacy Policy based on these laws and makes its best effort to protect the rights of its customers. This privacy policy is applicable to the services provided by the Company and covers the following:

Labelling

Contents

  • 1.Personal information processing purposes, processing items, and retention periods

    The Company processes personal information for the following purposes. The personal information processed will not be used for any purpose other than the following, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent based on relevant laws and regulations.

    In principle, personal information is destroyed without delay when members withdraw their membership or when the purpose of use is fulfilled. However, if separate consent is obtained at the time of collecting personal information or if additional retention is required in accordance with relevant laws and regulations, personal information shall be processed and retained within the applicable personal information retention and use period.

    1.1 Purpose of processing personal information

    • Membership sign-up and management

    The Company collects personal information for member management purposes to verify user identities for using member services, to confirm individual identification, to prevent illegal use and unauthorized use by inadequate members, to confirm account registrations, to prevent duplicate registrations, to validate identities of legal representatives, to archive records for dispute resolution, to process civil complaints, to provide notices, and to confirm member's decision to withdraw membership.

    • Execute service agreements and process transactions related to service offerings

    The Company collects personal information to provide Customers with content and customized services, deliver goods, issue invoices, verify user identities, process purchases and fee payments, and collect fees.

    • New service development and utilization in marketing·advertising

    The Company collects personal information for the purposes of developing new services and customizing services, providing existing services and posting advertisements based on user demographics, validating services, providing event information and advertisements as well as opportunities for Customer participation, understanding Customer access frequency, and developing statistics on Customer use of services.

    1.2 Personal information processing items

    • Membership sign-up and management

      • For individual member sign-ups

        • (Required) Email address, password, name, mobile phone number, address, country of residence, duplicate registration identification information (DI)

      • For business member sign-ups

        • (Required) Email address, password, company name, name of person in charge, mobile phone number, address, country of residence, duplicate registration identification information (DI)

      • Log in with NAVER ID

        • (Required) Name, mobile phone number, email address

    • Settlement of fees based on service provision

      • Payment processing

        • Credit card: date of birth (business registration number for businesses), card number, expiration date

        • Bank transfer (For the Korean business members): bank name, date of birth (business registration number for businesses), account number

        • Verification of business-related documents when registering automatic payment methods (for Korean business members): representative name, business registration number, copy of business registration certificate

    • The following information may automatically be created or additionally collected during service use or processing of service provision tasks:

      • IP address, cookies, device information, access logs, date and time of visit, service usage records, fraudulent usage records, payment records

    • The following additional information may be collected from the customers of certain services during the process of service use.

    Type

    Purpose of processing

    Processing items

    Retention period

    Contact us

    General inquiries

    (Required) Email address, mobile phone number

    3 years

    Sales inquiries

    (Required) Email address, mobile phone number, company name

    (Optional) Name

    3 years

    Membership/payment and fees/others

    Cash receipt requests

    (Required) Mobile phone number or cash receipt card number, business registration number (for businesses)

    Destroyed after five years of retention in accordance with relevant laws and regulations

    Verification of contract subject change request

    • Individual member

    (Required) Personal seal certificate of the requestor

    • Business member

    (Required) Business seal certificate or proof of employment of the requestor

    Destroyed immediately at the end of the service usage period

    Duplicate payment cancellation request

    • Individual member

    (Required) Account number, copy of ID card (information other than name and date of birth masked)

    • Business member

    (Required) Corporate seal certificate, account number, name of person in charge, mobile phone number, email address

    6 years and 3 months from the last transaction date

    Newsletter

    Subscription request to NAVER Cloud Platform news

    (Required) Name, email address, country of residence

    (Optional) affiliation and company name

    Until the point of opting out

    Marketplace

    Provision of technical support for Marketplace solutions

    (Required) Name, email address, mobile phone number

    Until membership withdrawal and service termination

    Report center

    Copyright infringement or harmful post reports

    (Required) Name, email address, mobile phone number

    Report details and history: 1 year

    (Required) Copy of ID card (information other than name and date of birth masked)

    Required documents attached: 3 months

    Request for training and events

    NAVER Cloud Platform training and event registration information

    (Required) name, email address, mobile phone number, company name, duty

    (Optional) Affiliated department, job title

    3 months from the date of collection

    User environment diagnostics tool

    Measurement of service quality

    (Required) client IP

    1 year

    Simple & Easy Notification Service

    Identity verification for customers who fail SMS verification for caller ID registration

    • Telecom service proof of use

    (Required) Telecom company name, name, address, date of birth (business registration number for business member), phone number

    • Power of attorney

    (Required) Name, business registration number, address, mobile phone number

    • Proof of employment

    (Required) Name, affiliation, years of service

    1 year from the request date of service cancellation

    User verification to prevent illegal activities in the Biz Message service

    • Individual member

    (Required) Copy of ID card (information other than name and date of birth masked)

    , Kakao ID verified on the Kakao Talk channel

    • Business member

    (Required) Business registration certificate, information of person in charge (name, email address, mobile phone number, proof of employment), Kakao ID verified on the Kakao Talk channel

    3 years

    Cloud Security Watcher

    Service subscription

    (Required) Admin ID, name, email address, IP, password

    Destroyed without delay upon withdrawal or fulfillment of the purpose of use

    Account integration

    (Required) Account name, API key, name, email address

    Cloud Data Box

    Service subscription

    (Required) Username, password, email address, mobile phone number

    Data Box Frame

    Service subscription

    (Required) Username, password, email address, mobile phone number

    Data Catalog

    Service subscription

    (Required) ID, password

    Data Query

    Service subscription

    (Required) ID, password, API key

    NIMORO

    Service subscription

    (Required) ID, name

    NAVER WORKS

    Service subscription

    (Required) Admin ID, password, company name

    Sending location and specifying location for schedule

    (Optional) Location information

    WORKS Finance - Expense - Credit card company management feature

    (Required) Credit card company ID, password

    WORKS Finance - Accounting - National Tax Service Hometax integration

    (Required) Certificate ID, password

    WORKS Attendance - Manage work - Clock-in/out records

    (Optional) Location information

    Implementation inquiries

    (Required) Name, email address, mobile phone number, company name, business category

    (Optional) job position

    Non-member inquiries

    (Required) Name, email address, mobile phone number

    (Optional) NAVER WORKS login ID

    Ncloud Chat

    Service subscription

    (Required) Admin ID, password

    Backup

    Service subscription

    (Required) ID, password

    Cloud Connect

    Service subscription

    (Required) name, mobile phone number, address

    Blockchain Service

    Service subscription

    (Required) ID, password

    Media Connect Center

    Service subscription

    (Required) Admin ID, password

    Video Player Enhancement

    Service subscription

    (Required) Admin ID, password

    Data Teleporter

    Task creation

    (Required) Name, contacts, address

    GAMEPOT

    Service subscription

    (Required) Admin ID, password

    Pinpoint Cloud

    Input of service subscription and user information

    (Required) Admin ID, password, name

    (Optional) Email address, mobile phone number, department name

    • The Company collects personal information via the following methods:

      • Website collection, written forms, fax, phone, customer service bulletin board, email, offline collection (event registration, seminar attendance)

      • Data provided by partner companies

      • Collection using information collecting tools

  • 2.Items regarding provision of personal information to third parties

    The Company provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as prior consent of the information subject or special provisions of the law, and otherwise does not provide the user's personal information to third parties.

    • If the customer has agreed in advance

    Receiving party

    Purpose of provision

    Items provided

    Period of retention and use

    NAVER Cloud Platform partners

    Partner program's

    provision and support

    Partner member ID, member name

    For the duration of the partner service

    NAVER Cloud Platform partners

    Provision of technical support

    in relation to the solution

    Name, email address, mobile phone number

    For the duration of the partner service

    NAVER Cloud Platform partners

    Sales inquiry support

    (Required) Email address, mobile phone number, company name

    (Optional) Name

    Destroyed immediately after

    fulfillment of the purpose of use

    LINE WORKS Corp

    Japanese partner program's

    provision and support

    Partner member ID, member name

    For the duration of the partner service

    Whois,

    Didim365

    Provision of NAVER WORKS

    initial setup support service

    Name, email address, mobile phone number, company name

    6 months

    TmaxSoft

    Provision of technical support

    service for JEUS, WebtoB

    Email address, service usage information

    Technical support service

    usage period

    TmaxData

    Provision of technical support

    service for Tibero

    Email address, service usage information

    Technical support service

    usage period

    NVIDIA

    Clara Parabricks technical support

    Email address, service usage information

    Technical support service

    usage period

    BusinessOn Communication

    WORKS Finance Electronic Tax Invoice SmartBill service integration

    Email address, business registration number, business public certificate,

    (when signing up for SmartBill) business information registered to WORKS Business Support

    Service usage period

    AppMarket partner

    AppMarket service provision

    Admin ID, email address,

    name

    Service usage period

    Provision of member information for application's single sign on login

    Member identifier (member ID),

    name, email address

    Service usage period

    NAVER WORKS partners

    Implementation inquiries support

    (Required) Name, email address, mobile phone number, company name, business category

    (Optional) job position

    Destroyed immediately after

    fulfillment of the purpose of use

    • Due to the frequency of changes in agreements between the Company and its partners, it is difficult for the Privacy Policy to be constantly updated to reflect each new change. For the Customers who utilize the services of NAVER Cloud Platform partners, the list of partners is provided in a website link.

    • If required based on the provisions of laws and regulations, or if requested by an investigation agency according to the procedures and the methods set forth in the laws and regulations for investigation purposes.

    • When providing processed data in a form that can't be used to identify specific individuals for the purpose of compiling statistics, conducting scientific research, or preserving public records

  • 3.Items related to the consignment of personal information processing tasks

    The Company consigns the processing of personal information as follows for efficient business processing.

    • When signing a consignment contract, matters related to liability, such as prohibition of processing personal information for purposes other than performing the consignment work, securing safety, restriction of re-consignment, management and supervision of the consignee, and compensation for damages, are specified in documents such as contracts in accordance with Article 26 of the Personal Information Protection Act, and the consignee is supervised to ensure that personal information is handled safely.

    • The consigned company entrusted to process the company's personal information and the details of the entrusted work are as follows. If there is a re-entrusted company, it will be disclosed through the link to the consigned company's privacy policy.

    Consigned company

    Consignment work details

    Period of retention and use

    NAVER Corp. (link)

    System operation consignment for service provision, identity verification

    Until membership is withdrawn or the consignment agreement is terminated

    NAVER FINANCIAL Corp.

    Usage fee payment, prevention of payment theft

    NIT Service Corp.

    Operation of customer service, security control service,

    and security service

    N Tech Service Corp.

    Service development and operation

    inComms Co., Ltd., Greenweb Service Co., Ltd.

    Service operation

    KCP, Hyosung FMS (link), Toss Payments (link), KSNET

    Payment processing (credit card, bank transfer,

    refund account authentication, cash receipt issuance)

    InfoBank Corp., CJ OliveNetworks Co., Ltd. (link)

    Text message delivery system operation

    Hanmac Software Co., Ltd., Simplekey Inc.

    AI contact center service support

    Nbase Korea Corp.

    Game service and chat service support

    SOLIDENG Co., Ltd.

    Data transfer related service support

    SimPlatform Co., Ltd.

    IoT service support

    Astron Security Co., Ltd.

    Integrated cloud security management service support

    JinInfra Co., Ltd.

    Network secure communication service support

    SGRSOFT Co., Ltd.

    Video Player related service support

    Mixwith Co., Ltd. (link), Hancom Inc. (link), PMG Integrated communications Co., Ltd.

    Marketing event planning and operation

    Until the end of the consignment contract

  • 4.Items related to overseas retention of personal information

    The Company does not provide the personal information of customers to other businesses overseas. However, for Global Region customers, we process minimal customer information in the Global Region country of customer's choice for retention and customer support purposes.

    If you do not wish to transfer (store) your personal information overseas, the service cannot be provided. Please withdraw your membership if you do not wish to transfer your information.

    Processing grounds for international transfer

    Article 28 (8) (1) of the Personal Information Protection Act

    Item 3 (Processing Consignment/Storage for Contractual Fulfillment)

    Recipient of transfer (retaining party)

    NAVER Cloud

    Transferred country

    Global Region country of customer's choice

    (Singapore, Japan, U.S., and Germany)

    Transfer date and method

    Transferred through a dedicated private network

    Transferred personal information items

    Minimal membership information required to operate and support Global Region services

    Period of retention and use

    Consistent with the terms set forth in this Privacy Policy

    Only when applying to participate in a survey or event on NAVER Cloud Platform through Typeform, the minimum personal information (name, company name, department, position, contact information, email address) will be transferred (saved) to Typeform in Spain (security@typeform.com) in the form of a network transfer each time the application is completed. Transferred information will be destroyed as soon as the survey closes or event promotion ends.

  • 5.Items concerning the procedures and methods for destroying personal information

    In principle, the Company will destroy, without delay, the Customer's personal information once the Customer withdraws from the membership or the purpose for its use has been satisfied.

    However, if the Company has obtained separate consent from the Customer regarding the period of personal information retention, if the relevant laws and regulations impose an obligation to retain information for a certain period of time, or if the internal policy requires the retention of information for a certain period of time, the Company will securely retain the personal information for the relevant period.

    • Retention of information due to related laws and regulations

    Grounds for retention

    Information retained

    Retention period

    Act on the Consumer Protection in Electronic Commerce, Etc.

    Contract or subscription withdrawal records

    5 years

    Records on payment or supply of goods and others

    5 years

    Customer complaints or dispute handling records

    3 years

    Display/advertisement records

    6 months

    Framework Act on National Taxes, Corporate Tax Act, Value-Added Tax Act

    Ledgers and evidentiary documents of all transactions under the tax laws

    5 years

    Electronic Financial Transactions Act

    Electronic transaction records

    5 years

    Copyright Act

    Copyright infringement records

    1 year

    Protection of Communications Secrets Act

    Login records

    3 months

    • Retention of information due to internal policies

    Grounds for retention

    Information retained

    Retention period

    Detection of fraudulent use

    Fraudulent usage records

    1 year from

    withdrawal or collection date

    Attachments determined to be infected malicious files

    Analysis of the malicious files

    1 month

    Recording violations of the Occupational Safety and Health Act

    Preventive measures and sanctions for health damage caused by customer's abusive language, etc.

    3 years

    Email authentication and customer service processing

    Email address verified during membership registration process

    2 month

    Information generated from NAVER WORKS, GAMEPOT, and Ncloud Chat

    User protection purposes

    such as data recovery requests

    7 days from the request date of

    service cancellation

    • The following are the procedures and methods for destroying personal information.

      • Discarding procedure

      • The Company establishes a personal information destruction plan for personal information that must be destroyed and destroys such information. It selects the personal information for which the reason for destruction has occurred, and destroys the personal information with the approval of the Company's personal information security officer.

    • Destruction methods

      • Personal information printed on paper will be destroyed by shredding or incinerating.

      • Personal information saved in electronic formats will be deleted via a technical deletion method that destroys data permanently.

  • 6.Items related to the rights and obligations of the information subject and methods of exercising

    The data subject may exercise their rights to access, correct, delete, and request the suspension of processing of personal information at any time.

    • The rights of the data subject can be exercised directly on the "My Page > Manage account" page, or by contacting the Company through "Contact Us" or the personal information security officer.

      • After going through the identity verification process, the data subject can view or edit their registered personal information in "Change member information (My Page > Manage account > Change member information)."

      • You can request to cancel your subscription (withdrawal of consent) under "Withdraw membership (My Page > Manage account > Withdraw membership)."

      • Alternatively, the Customer may contact the Company's personal information officer in writing or via phone or email. The Company will process the request without delay.

    • In the event that the data subject requests correction of errors in personal information, the relevant personal information shall not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, then the third party will be notified about the change without delay.

    • The data subject may request the suspension of the processing of personal information at any time, and the request for suspension of processing may be rejected in cases where there are special provisions in the law, etc.

    • The Company processes personal information that has been terminated or deleted at the request of the data subject in accordance with the processing and retention period specified in this Privacy Policy, and processes it so that it cannot be viewed or used for any other purpose.

  • 7.Items related to measures to ensure safety of personal information

    The Company does its best to safely manage the personal information of the Customer (including pseudonymized information) and protects personal information to a level higher than that required by the Personal Information Protection Act.

    • The Company has established and is implementing an internal management plan for the protection of personal information.

    • The Company is taking measures to control access to personal information and restrict access permissions.

    • The Company takes encryption measures to safely store and transmit personal information.

    • The Company takes measures to retain the personal information access records and prevent forgery and alteration.

    • The Company installs and updates security programs for personal information.

    • The Company takes physical measures to ensure the safe storage of personal information.

    • The Company has established and operates a detailed plan to be implemented in the event of a crisis situation caused by a disaster or other emergency.

    • The Company manages printed and copied materials containing personal information securely.

    • The Company destroys personal information that has achieved its intended purpose in a way that makes it impossible to restore or reproduce it.

    • The Company operates a dedicated organization for the protection of personal information.

    • The Company is verified by domestic and international certification bodies for its information protection and personal information protection activities.

    For more information, please visit the NAVER Cloud Platform Security Center page.

  • 8.Items concerning installation and operation of devices that automatically collect personal information and refusal thereof

    The Company uses "cookies" that save and frequently retrieve usage information to provide personalized and customized services.

    • Cookies are very small text files that are stored on the user's PC by the user's web browser when the user accesses a website. When the user visits the website again, the website server reads the contents of the cookies stored on the user's PC to maintain the service environment set by the user, enabling convenient use of the Internet service.

    • The user has the option to set the browser options to allow all cookies, check each time a cookie is saved, or refuse to save all cookies.

    • Cookies do not automatically or actively collect information that identifies individuals, and the user can refuse to store or delete these cookies at any time.

    • However, if the user refuses to store cookies, it may be difficult to use customized services.

      • How to allow/block cookies in web browsers

        • Chrome: Web browser settings > Privacy and security > Delete browsing data

        • Edge: Web browser settings > Cookies and site permissions > Manage and delete cookies and site data

      • How to allow/block cookies in mobile browsers

        • Chrome: Mobile browser settings > Privacy and security > Delete browsing data

        • Safari: Mobile device settings > Safari > Advanced > Block all cookies

        • Samsung Internet: Mobile browser settings > Internet usage history > Delete internet usage history

  • 9.Disclosure of the personal location information processing policy

    • Purpose of retention and period of use of personal location information

      • The Company retains and uses the personal location information for the minimum period required to provide location-based services.

      • The Company destroys, without delay, the personal location information after using the information one time or temporarily in most of the location-based services. However, if the personal location information is saved along with other content in the service, the information is stored together for the content retention period or user-defined retention period.

    • Grounds and period of retention of the data confirming the collection, use, and provision of personal location information

      • The Company automatically records the data confirming the use and provision of the location information regarding the subject of personal location information based on Article 16, Paragraph 2 of the Act on the Protection, Utilization, etc. of Location Information, and retains it for 6 months or more.

    • Procedure and method of destruction

      • The Company destroys personal location information without delay and in a way that makes it impossible to restore or reproduce it after the purpose of processing the information has been achieved.

    • Items related to the provision of personal location information to third parties and notifications thereof

      • The Company does not provide personal location information to a third party without the consent of the subject of personal location information. If the Company provides a third party provision service, then the Company notifies the subject of personal location information in advance and obtains consent.

      • If the Company provides personal location information to a third party specified by the subject of personal location information, then the Company immediately notifies the subject of personal location information of the receiving party, provision date and time, and purpose of provision every time the communication end device is used to collect personal location information.

    Receiving party

    Purpose of provision

    Items provided

    The company of NAVER WORKS members who use Attendance clock-in/out records based on current location

    Verification of clock-in/out location

    Current location

    NAVER WORKS members participating in the chat room where the link of current location is shared

    Location sharing

    Current location

    NAVER WORKS members invited to the schedule where the link of current location is shared

    Specifying location for the schedule

    Current location

      • However, the Company notifies via the communication end device or email address that the subject of personal location information specified in advance.

        • The relevant communication end device that collected the personal location information does not have the feature for receiving text, audio, or video

        • The subject of personal location information asked the Company to notify via the communication end device other than the one that collected the personal location information or email address in advance

      • In the case of Paragraph 3, if the particular Member does not notify the Company or does follow the Company's guidelines after notification, the Company is not responsible or liable for any disadvantages that may occur.

    • Rights and obligations of the person responsible for the protection of children under the age of 8 or younger, etc. and how to exercise them

      • If the person responsible for the protection of a person falling under the following cases (hereinafter “child at the age of 8 or under, etc.”) agrees to the use or provision of personal location information for the protection of the lives or physical safety of a child at the age of 8 or under, etc., then the Company is deemed to have the consent of the person themselves.

        • Child at the age of 8 or under

        • Adult ward

        • Person with a mental disability in accordance with Article 2, Paragraph 2, Subparagraph 2 of the Act On Welfare Of Persons With Disabilities who is deemed to be a person with a severe disability in accordance with Article 2, Subparagraph 2 of the Act On The Employment Promotion And Vocational Rehabilitation Of Persons With Disabilities (It is only applicable for those who registered as a person with disability under Article 32 of Act On Welfare Of Persons With Disabilities.)

      • The person responsible for the protection of a child at the age of 8 or under, etc., who would like to consent to the use or provision of personal location information for the protection of the life or physical safety of the child must submit written consent with a document proving that they are the person responsible for that child's protection. The person responsible for the protection of the child at the age of 8 or under may exercise the entirety of rights of subjects of personal location information if they consent to the use or provision of personal location information of the child.

    • Information of the location information security officer

      • Location Information Security Officer is a concurrent position with 10. Personal Information Security Officer.

  • 10.Items related to the personal information protection officer and manager

    The Company designates persons in charge of personal information protection as follows to take overall responsibility for the processing of personal information and to handle complaints and damage relief related to the processing of personal information.

    CPO/DPO

    Personal information security manager

    Name

    Hanyong Park

    Name

    Sujin Lee

    Department

    Security Policy & Privacy

    Department

    Security Policy & Privacy

    Phone

    +82-1544-5876

    Phone

    +82-1544-5876

    Email

    Email

    The Customer can report complaints related to personal information protection, which occurred while using the company's services, to the Personal Information Security Officer or the responsible department. The Company will promptly provide an adequate reply on the reported details of customers.

    The Customer can make a request for access to personal information under Article 35 of the Personal Information Protection Act to the responsible department. The Company will work to ensure that customers' requests for access to their personal information are processed promptly.

  • 11.Remedies for infringements of rights and interests of users

    The user may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency's Personal Information Infringement Report Center, etc. to receive relief from personal information infringement. Please contact the following agencies to report or consult about other personal information infringements.

    The following organizations are separate from the Company, and the Customer may contact them if they're not satisfied with the results of the Company's own personal information complaint handling or damage relief, or if they need further assistance.

    • Personal Information Dispute Mediation Committee: (Without area code) +82-1833-6972 (www.kopico.go.kr)

    • Personal Information Infringement Report Center: (Without area code) +82-118 (privacy.kisa.or.kr)

    • Cyber Investigation Bureau of the Supreme Public Prosecutor's Office: (Without area code) +82-1301 (www.spo.go.kr)

    • Cyber Safety Bureau of the National Policy Agency: (Without area code) +82-182 (ecrm.police.go.kr)

  • 12.Exceptions

    Please note that this "Privacy Policy" is not applicable to personal information collected by the websites linked to the Company's internet service.

    In addition, this Privacy Policy applies only to members who have signed a service contract with the Company. It does not apply to users handled through services (NAVER WORKS, GAMEPOT, etc.) operated under the management of members. The personal information processing policy applied to the applicable user must be verified through the personal information protection officer of each company (organization).

  • 13.Addendum

    Addendum - For U.S. Customers

    The Addendum herein ("Addendum") shall be applied only to people who are located or reside in the U.S. or its territories, or to customers accessing service(s) provided in the U.S. This Addendum is part of the Privacy Policy, which is a prerequisite for the Addendum. In the event of an inconsistency in the Privacy Policy and the Addendum, the terms set forth in the Addendum shall prevail, as long as they are specified in the Addendum. Any term not specifically defined in the Addendum will follow the definition given in the Privacy Policy.

    (1) Customer's Consent

    The customer's access or use of the service constitutes the customer's consent to the Privacy Policy.

    (2) Additional information about cookies and similar tracking technologies

    The Company may collect data from cookies, web sockets, and similar technologies to track the Customers' activity patterns within the Company's services and compile statistics about usage and response rates. Customers have the right to choose whether to install cookies or not and can use all cookies, opt to provide confirmation each time a cookie is saved, or reject the use of cookies entirely by specifying options in the web browser. However, if the Customer rejects the cookie usage, the Customer may experience difficulties accessing some of NAVER's services that require login.

    (3) Additional uses and disclosures of personal information

    The Company may also use and disclose your personal information as it believes to be necessary or appropriate: (a) to comply with applicable law, to respond to requests from public and government authorities, to cooperate with law enforcement, or for other legal reasons; (b) to enforce its terms and conditions; and (c) to protect its rights, privacy, safety or property, and/or that of its affiliates, you, or others. Additionally, the Company may use, disclose, or transfer the Customer's information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of its business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

    Addendum – For Singapore Customers

    The Addendum herein ("Addendum") shall only be applied to customers who are located or reside in Singapore or its territories, or to customers accessing service(s) provided in Singapore. This Addendum is part of the Privacy Policy, which is a prerequisite for the Addendum. In the event of an inconsistency in the Privacy Policy and the Addendum, the terms set forth in the Addendum shall prevail, as long as they are specified in the Addendum. Any term not specifically defined in the Addendum will follow the definition given in the Privacy Policy.

    (1) Consent from the customer with respect to the collection, use, and disclosure of personal information

    The Customer acknowledges and agrees that the Company may collect various types of information (including personal information) about themselves as set out in '1.Personal information processing purposes, processing items, and retention periods' of the Privacy Policy.

    (2) Personal information retention period

    The Customer's personal information will cease to be retained by the Company once the purpose of collecting and using the personal information has been accomplished, unless further retention of personal information is required for legal or business purposes.

    (3) Transfers of personal information outside of Singapore

    The Company may transfer the Customer's personal information to countries and territories outside of Singapore. During this process, the Company will take the appropriate measures to ensure that the personal information of a user continues to receive a standard of protection that is at least comparable to that provided under the Personal Data Protection Act.

    Addendum – For EU Customers

    The Addendum herein ("Addendum") shall be applied only to customers who are located or reside in the EU or its territories, or to customers accessing service(s) provided in the EU. This Addendum is part of the Privacy Policy, which is a prerequisite for the Addendum. In the event of an inconsistency in the Privacy Policy and the Addendum, the terms set forth in the Addendum shall prevail, as long as they are specified in the Addendum. Any term not specifically defined in the Addendum will follow the definition given in the Privacy Policy.

    (1) Collected directly in Korea

    All personal information collected by the Company for the purpose of providing the service is transferred from the collection stage to the data center located in Korea using secure cryptographic communication. This personal information is then stored for the duration specified in the privacy policy. The Company has implemented appropriate technical and administrative security standards, including industry standard safeguards, to protect Customer privacy.

    (2) Rights of the data subject

    Customers have the right to request all their personal information stored in NAVER Cloud Platform. Customers can access their own personal information and update it or change the default settings by clicking "My Page." Customers also have the rights to request NAVER Cloud Platform to edit, block, complete, delete, or limit access to their personal information, or to transfer the data to another organization. Customers also have the right to request additional information about the processing of their personal information. In addition, customers can execute their rights to raise objection over NAVER Cloud Platform's data processing under certain circumstances and to rescind their consent to data processing. For any support regarding the rights listed above, customers can contact the staff in charge of personal information for inquiries (dl_ncloud_privacy@navercorp.com).

    Addendum – For Japanese customers

    The Addendum herein ("Addendum") shall only be applied to customers who are located or reside in Japan or its territories, or to customers accessing service(s) provided in Japan. This Addendum is part of the Privacy Policy, which is a prerequisite for the Addendum. In the event of an inconsistency in the Privacy Policy and the Addendum, the terms set forth in the Addendum shall prevail, as long as they are specified in the Addendum. Any term not specifically defined in the Addendum will follow the definition given in the Privacy Policy. In addition, the definition of terms of the Privacy Policy and Addendum are interpreted in accordance with the definitions prescribed in the relevant Japanese laws due to the relation wherein the company must comply with Japanese law not specified in the "Act on the Protection of Personal Information".

    (1) Address and CEO

    - Address: NAVER Green Factory, 6, Buljeong-ro, Jeongja-dong, Bundang-gu, Seongnam-si, Gyeonggi-do, 13561, Korea

    - CEO: Kim, You-won

    (2) Procedures for disclosure of personal information, etc.

    Please contact the person in charge specified under '10.Items related to the personal information protection officer and manager' regarding the request for notification of the purpose of use of company-held personal information, the disclosure, correction, addition, deletion, and suspension of company-held personal data, and the disclosure of third-party provision records, etc.

    (3) Security management measures

    The Company stores membership information of Japanese residents in Japan. The company aims to retain personal data accurate and up-to-date as needed to achieve the purpose of use, while discarding any unnecessary personal data. Additionally, the Company devises necessary and appropriate security management measures during the handling, use, and storage of personal data to prevent the leak, loss, or damage thereof, following the personal information protection guidelines set by the Japan Personal Information Protection Commission.

    - For the proper handling of personal data, personal information handling policies and regulations are complied with.

    - Regulations and policies on the handling, use, storage, and disposal of personal data, including the handling method, persons in charge and their duties, are established and complied with.

    - A person in charge of personal data handling is assigned, and regular maintenance checks and audits of personal data handling and are executed simultaneously. Furthermore, the results are reported to a person in charge who arranges a system in which they evaluate, review, and search for improvements.

    - Matters concerning the confidentiality of personal data shall be specified in the employment rules, and the education and training of employees for the familiarity of security management shall be thoroughly conducted.

    - Measures shall be taken to prevent the theft or loss in divisions that handle personal data.

    - Information systems that handle personal data shall be equipped with an identification function to be protected against unauthorized access or illegal software. In addition, access permissions can be set as needed, access to personal data can be recorded, analyzed, and stored, and regular checks are made to detect any suspicious malicious access.

    - When handling personal data overseas, necessary security management measures are taken after identifying personal information protection systems of the country/region in question.

    (4) Compliance with laws, regulations, etc.

    When handling pseudonymized information, anonymized information, and personal information, the company complies with the obligations prescribed in relevant laws, guidelines, etc.

  • 14.Supplementary Provision. Items concerning changes to the Privacy Policy

    If any details are added, deleted, or modified in the privacy policy, then the Company will notify the Customer through "Announcements" of its website at least seven days in advance. However, the Company will make an announcement at least thirty days in advance if there is an important change in the Customer' rights, and the Company can obtain the Customers' consent again if necessary.

    This Privacy Policy shall take effect from January 30, 2025.

    • View previous privacy policy

    Revision history

    Link

    2024-12-12

    Link

    2024-11-28

    Link

    2024-10-24

    Link

    2024-10-03

    Link

    2024-09-12

    Link

    2024-07-30

    Link

    2024-07-11

    Link

    2024-06-27

    Link

    2024-06-11

    Link

    2024-05-02

    Link