Privacy Policy

Privacy Policy

 

THE SWING Co., Ltd. (hereinafter the “Company”) complies with the provisions related to the protection of personal information (including personal location information; hereinafter the same) under relevant laws to be complied with by information and communications service providers, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, Act on the Protection and Use of Location Information, the Protection of Telecommunications Secrets Act, and the Telecommunications Business Act, and makes its best efforts to protect the rights and interests of members (“Members”) by establishing a privacy policy in accordance with relevant laws and regulations. The Company establishes and enforces a privacy policy to protect the Members’ personal information and smoothly handle grievances related thereto, and the Company shall notify any amendments to its privacy policy through the bulletin board (or individual notice) on the “Reservation Website.”

 

 

Article 1 (Purposes for the Collection and Use of Personal Information)

The Company does not use personal information of Members beyond the scope of this Article, except with the consent of Members or in accordance with the provisions of the law. The purposes for the use of collected personal information are as follows:

1. Member management: Identity verification for the use of membership service, personal identification, prevention of fraudulent and unauthorized use by faulty members, confirmation of intention to sign up for membership, restriction on signing up for membership or the number of times thereof, personal identification of legal representative, preservation of records for dispute mediation, confirmation of age, handling of grievances including complaints, delivery of latest information such as notices;

2. Execution of contract for provision of Service and payment of fees: Reservation for electric kickboard rental, payment of Service fees, provision of contents, delivery of goods or mailing of invoices, identity verification for financial transactions and financial services, fee collection, etc.;

3. Utilization for marketing and advertising: Development and specialization of new services (products), delivery of advertising information such as events, provision of services and publishing of advertisements according to demographic characteristics, identification of the frequency of access or statistics on Service use by Members; and

4. Identification of the cause of an accident and handling accidents.

 

 

Article 2 (Purposes and Items of Personal Information Collection)

1. Items of Personal Information Collected Personal information collected consists of required items which are necessary for Service use and optional items selected by Members. Items of personal information collected are as follows.

Type	Purpose of Collection	Items Collected
Mandatory	Provision of membership service	Name, ID, password, mobile phone number, address
Mandatory	Mobile identity verification	Date of birth, gender, CI, DI, telecommunications company
Mandatory	Provision of rental service for mobile devices, including kickboards	Credit card information, Driver’s License information, users’ location information
Optional	Community	Profile photo, email address, contact information registered on user’s terminal address list
Optional	Provision of membership service	Driver’s license information

In addition, the following information may be automatically generated and collected during Service use by Members or handling of business.

Timing of Collection	Items Collected
Chat service by phone or online	Customer chat service records (Details of Service use, contents of chat service, etc.)
Use of payment and refund services through wire transfer	Account information (Account holder, bank name, account number)
Use of mobile services	Access device and access environment information (IP address, cookies, date and time of visit, device location information, network identification and location information, access token information, records of Service use, personal location information, etc.)

Personal Information Collection Method

The Company collects personal information by the following means:

1. Membership registration and information modification through Mobile Service;

2. Participation in giveaways, delivery request;

3. Provision from affiliated partner companies;

4. Automatic collection through collection tool for generated information; and

5. Personal location information collected through collection device mounted on personal vehicles such as electric kickboards.

 

Article 3 (Retention of Personal Information and Period of Use)
The Company may retain and use personal information of Members collected while the Members are maintaining membership, and when a Member withdraws membership or is disqualified, the collected information is deleted and destroyed even without separate request from the Member; provided that, the following information is retained for the period specified below, notwithstanding membership withdrawal or disqualification of the Member.

 

1. Information retention under the Company’s internal regulations

Items Subject to Retention	Grounds for Information Retention	Retention Period
Contract withdrawal data (Consumer identification information, contract withdrawal history, etc.)	Act on the Consumer Protection in Electronic Commerce	5 years
Data related to payment of fees and supply of goods	Act on the Consumer Protection in Electronic Commerce	5 years
Data related to consumer complaints and dispute resolution	Act on the Consumer Protection in Electronic Commerce	3 years
Data related to the collection, handling, and use of credit information	Credit Information Use and Protection Act	3 years
Website browsing data (log data, IP, etc.)	Protection of Telecommunications Secrets Act	3 months

2. Reasons for information retention pursuant to relevant laws (not limited to the laws listed below)

Items Subject to Retention	Grounds for Information Retention	Retention Period
Contract withdrawal data (Consumer identification information, contract withdrawal history, etc.)	Act on the Consumer Protection in Electronic Commerce	5 years
Data related to payment of fees and supply of goods	Act on the Consumer Protection in Electronic Commerce	5 years
Data related to consumer complaints and dispute resolution	Act on the Consumer Protection in Electronic Commerce	3 years
Data related to the collection, handling, and use of credit information	Credit Information Use and Protection Act	3 years
Website browsing data (log data, IP, etc.)	Protection of Telecommunications Secrets Act	3 months

 

3. Data verifying the collection, use, and provision of personal location information The Company automatically records and preserves data verifying the collection, use, and provision of location information to settle fees and handle grievances with other business operators or customers, and retains the data for one (1) year.

 

 

Article 4 (Right to Refuse to Consent, Etc.)

Members have the right to refuse to provide their consent to the collection and use of personal information; provided that, when a Member refuses to give consent to the collection and use of the minimum amount of personal information required for the execution of contracts, the electric kickboard rental agreement cannot be executed, maintained, implemented, managed, etc., (for inability to verify the Member’s identification and such Member’s clear intention for contract execution), and when a Member refuses to consent to the collection and use, or selective collection and use, of personal information for marketing activities and publicity, or selective collection and use, the Member may not be provided with information about events and benefits, or may be subject to disadvantages, such as being excluded from the provision of gifts and promotions, affiliated services, discounts, and reward points.

 

 

Article 5 (Destruction Procedures and Method of Personal Information)

The Company, in principle, destroys personal information without delay once the purpose for which the information was collected and used has been achieved; provided that, when the Company is required by relevant laws and regulations to retain personal information, the information shall be destroyed without delay by a method that renders it irreproducible after the retention period, and the Company’s procedures and methods for destroying personal information shall be as follows.

1. Personal information destruction procedure Information provided by Members are moved to a separate DB (a separate file in the case of paper documents) after the purpose for the use of such information has been achieved, then stored for a specific period of time set forth in the Company’s internal regulations and other relevant laws, or destroyed immediately. In this case, personal information moved to a DB is not used for purposes other than those required by law.

2. Personal information destruction period When the retention period of personal information has elapsed, the Company shall destroy the personal information without delay (within five (5) days unless justifiable grounds exist) from the date of elapse, or when personal information is no longer needed for reasons such as achieving the purpose of processing personal information, discontinuation of the Services concerned, and closure of business, the Company shall do the same from the date on which the processing of personal information is deemed no longer necessary.

Item	Destruction Period
Information for membership registration	Withdrawal or expulsion from membership
Information for payment of fees	Date of payment in full or expiration of debt
Delivery information	Upon delivery or provision of goods or services
Information collected for one-time use, including surveys and events	Upon completion of said surveys, events, etc.

Personal information destruction method

Information in the form of electronic files is deleted by a technical method that renders the information irreparable and irreproducible. Personal information printed on paper is destroyed by shredding or incineration.

 

 

Article 6 ( Rights of Members and Legal Representatives, and Exercise Thereof)

1. Members may access or modify their personal information at any time, and when they do not agree with the Company’s processing of personal information, they may refuse to consent or request that their membership be terminated (withdrawn), or that their personal information be deleted or suspended from being processed.

2. Members should click “Modify Member Information” to access or modify personal information of Members, or “Withdraw Membership” to cancel membership (revoke consent), followed by identity verification, after which they may access or modify information, or withdraw membership. Members may also contact the division responsible for personal information protection in writing, or by phone or email for immediate response. - Members may withdraw all or part of their consent to the collection of personal location information or to the provision of location-based services using personal location information and provision of personal location information to third parties, in which case, the Company destroys the personal location information collected and data verifying the collection, use, and provision of location information (when consent is partially withdrawn, limited to the personal location information and data verifying the collection, use, and provision of location in formation pertaining to the withdrawn part).

3. When a Member withdraws consent or requests that their personal information be deleted or suspended from being processed, he/she may be restricted from using all or part of the Services, and in the case of information collected pursuant to other laws, withdrawal of consent, deletion, or suspension of processing may be difficult.

4. When a Member requests correction of an error in his/her personal information, the Company does not use or provide the personal information concerned until the correction is made. In addition, when inaccurate personal information has already been provided to a third party, the correction thereof will be notified to the third party without delay so that the correction can be reflected.

5. The Company handles personal information that has been terminated or deleted at the request of a Member in accordance with Article 3, and processes it so that it is not viewed or used for any other purposes.

6. Members may request to the Company access to or notification regarding the following data. Members may also request correction of data if it is inaccurate. In these cases, the Company may not reject the Members’ requests without a justifiable reason.

1) Data verifying the collection, use, and provision of the Member’s location information; and

2) Reason for and details regarding provision of the Member’s personal location information to a third party pursuant to the Act on the Protection and Use of Location Information.

7. Only those over the age of eighteen (18) may sign up for membership, and the Company, in principle, does not collect personal information of children under the age of fourteen (14) who require the consent of a legal representative for the collection and use of personal information.

8. Rights of Legal Guardians of Adult Wards, Etc., Regarding Personal Location Information

1) In the case where the legal guardian of a person falling under one of the following (hereinafter “Adult Ward, etc.”) consents to the collection, use, or provision of personal location information for the protection of the Adult Ward’s life or body, the Company shall deem to have obtained the Adult Ward’s consent.

 

Adult Ward

A person with mental disability according to Article 2(2)(2) of the Act on Welfare of Persons with Disabilities who is a person with severe disabilities according to Article 2, Subparagraph 2 of the Act on the Employment Promotion and Vocational Rehabilitation of Persons with Disabilities (provided that the person is registered as a person with disabilities pursuant to Article 29 of the Act on Welfare of Persons with Disabilities).

2) A legal guardian of Adult Ward, etc., under the preceding Paragraph is the person practically responsible for the protection the Adult Ward, and falls under any one of the following:

Legal representative of the Adult Ward; and

Legal representative or the head of a living facility for the disabled (limited to facilities established and operated by the state or local government) under Article 58(1)(1) of the Welfare of Persons with Disabilities Act, the head of a community psychiatric rehabilitation center (limited to facilities established and operated by the state or local government) under Article 3, Subparagraph 4 of the Mental Health Act, or the head of a mental health sanatorium under Subparagraph 5 of the same Article under the same Act

3) A legal guardian who wishes to consent to the collection, use, or provision of personal location information for the protection of the life or body of an Adult Ward shall submit a written consent form to the Company along with a document proving that he/she is the legal guardian of the Child.

4) The legal guardian of an Adult Ward, etc., may exercise all the rights of a subject of personal location information if they consent to the collection, use or provision of personal location information of the Adult Ward, etc.

 

 

Article 7 (Installation, Operation, and Rejection to Automatic Personal Information Collection Device)

The Company operates “Cookies” that store and find information of Members from time to time. A cookie is a very small text file sent to your browser by the server that is used to operate the Mobile Service and is stored on the hard disk of the Member’s computer. However, this information is saved only when the Member provides the information, and the Mobile Service cannot obtain information not provided by the Member and cannot access other files stored on the computer. The purpose of using cookies and the method of rejecting cookie settings are as follows.

 

1. Purpose of Using Cookies

Cookies are used to provide targeted marketing and personalized services by analyzing the access frequency and browsing time of Members and non-members, identifying the tastes and interests of Members and tracking traces, and identifying the degree of participation in various events and the number of visits.

 

2. Rejecting Cookie Settings

① Members have the option to install cookies. Therefore, Members may allow all cookies by setting options in the web browser, go through confirmation whenever a cookie is saved, or refuse to save all cookies. However, if a Member refuses to install cookies, he/she may experience difficulties in being provided with some services that require login.

② Cookie settings are as follows:

1. Internet Explorer: Tools at the top of web browser > Internet options > Personal information

2. Google Chrome: Settings at the top of web browser > Advanced settings > Personal information

[For Mobile Service] The Company may collect users’ ADID and IDFA. ADID (Android OS) and IDFA (iOS) are advertising identification values for mobile app users. ADID and IDFA are collected and used to provide customized services and benefits optimized for users, such as online customized advertisements.

ADID/IDFA collection method: Automatic collection when a user visits/runs the app

ADID/IDFA retention/use period: One (1) year from the date of collection

③ Exercising user control

1. Android: Settings > Google (Google settings) > Advertising > Deselect ads personalization

2. iOS: Settings > Privacy > Advertising > Limit ad tracking

 

 

Article 8 (Provision of Collected Personal Information to Third Parties)

In each of the following cases, the Company provides personal information to a third parties with the prior consent of the Members. Specifically, the third parties to whom the Company provides personal information are listed in the table below.

1. When the Member gives prior consent to the provision of personal information to third parties;

2. When it is necessary for settlement of fees;

3. When it is required by the provisions of the law or requested by an investigative agency or supervisory authority for the purpose of investigation or inquiry in accordance with the procedures and methods prescribed by law;

4. When the minimum amount of member information is provided to the delivery company for delivery purposes;

5. When the minimum amount of member information (name, address, phone number) necessary for insurance contract is provided to the electric kickboard insurer;

6. When information is provided in an unrecognizable form because it is necessary for statistical writing, academic research or market research; and

7. When sharing of personal information is necessary within the scope necessary the use of Services provided through partner companies and affiliated business operators.

Recipient	Purpose for the Use of Personal Information by Recipient	Personal Information Items provided	Period of Personal Information Retention and Use by the Recipient
Nice Pay/Toss Payments	Payment of fees, electronic payment, etc.	Credit card information	Until withdrawal of membership
Hyundai Marine & Fire Insurance	Execution and implementation of insurance contract	Name, date of birth, driver’s licence information	Until withdrawal of membership
Channel Corp.	Infrastructure for customer service	Phone number, history of service use	Until withdrawal of membership
Amazon Web, Services Inc.,	Operation and management of domestic cloud server where personal information is stored	Name, date of birth, Driver’s License information, credit card information	Until withdrawal of membership
Ucess Partners	Customer service agency	Name, date of birth, Driver’s License information, credit card information, history of service use	Until termination of contract
SWING Operation Partners [View all]	Electronic kickboard sharing service operation partnership	Name, date of birth, Driver’s License information, credit card information, history of service use	Until termination of contract

When it is necessary to provide personal information to a third party, the Company shall ask Members for consent by clearly stating in advance the recipient of the information, the purpose of the recipient for using personal information, the items of personal information provided, the period of retention and use by the recipient, the fact that Members reserve the right to refuse to consent to the provision of information, and the disadvantages Members may be subject to by refusing to give consent.

 

However, even when the third party receiving personal information has achieved the above purposes, the information necessary for contract implementation such as internal reporting, audit, inspection, and settlement (billing) of fees, and preparation for disputes may be retained or used for up to six (6) months after the termination of contractual relationship under electric kickboard rental agreement, and until the fulfillment of obligations or settlement of disputes in the case where non-fulfillment or dispute continues. Personal Information may be retained the transaction according to the electric kickboard rental agreement. Personal Information may be retained when stipulated in special provisions of relevant laws and regulations, including the Commercial Act.

 

Provision of Personal Location Information to Third Parties

When the Company provides a service whereby it provides personal location information to a third party designated by the user, the Company notifies Members in advance of the recipient and the purpose for the provision of personal information, and obtains their consent.

When the Company provides a service whereby it provides personal location information to a third party designated by the Member, it immediately notifies users of the recipient, the date and time of provision, and the purpose of provision each time through the communication terminal device used to collect personal location information; provided that, in the following cases, notification is made to the communication terminal device or email address specified and designated in advance by the user:

1) When the communication terminal device through which personal location information is collected does not have the function of receiving text, voice, or video messages; and

2) When the member has requested in advance to be notified by a communication terminal device other than the one through which his/her personal location information is collected, or by email. Notwithstanding the above, Members may choose to receive details of information provision to third parties every thirty (30) days or every thirty (30) cases, and the Company may change the method of notification to the immediate notice method under the previous paragraph when a member makes a request according to the Company’s procedures.

 

Member’s Right to Refuse

Members have the right to refuse to consent to the provision of Members’ personal information as above; provided that, when a Member refuses to consent to the collection and use of the minimum amount of personal information required for the execution of a contract, electric kickboard rental contract may not be executed, maintained, implemented, managed, etc., and or Members may be subject to disadvantages, such as delay in the handling of electric kickboard accidents.

 

 

 

Article 9 (Outsourcing of Personal Information Processing)

The Company outsources some of the tasks necessary for providing the Services to other companies, and stipulates matters related to the prohibition of processing personal information for purposes other than the outsourced task, technical/managerial protective measures, limitation of re-outsourcing, management/supervision of service providers, and liability for compensation of damages in the “Outsourcing Agreement for Personal Information Processing,” for safe processing of personal information by service providers in accordance with laws related to personal information.

When outsourcing of personal information processing is necessary, the Company discloses matters necessary for this Privacy Policy as listed below in accordance with Article 26 of the Personal Information Protection Act, and if there are any changes in the outsourced tasks or service providers, the Company immediately discloses the same through this Privacy Policy.

For the implementation of Service contracts and the promotion of Member convenience, the Company outsources the following tasks to the service providers listed below.

 

1. Outsourcing of personal information processing to domestic companies for the provision of Service

Purpose of Oursourcing	Service Provider
Payment processing (credit cards, confirmation of whether payments have been made successfully)	Nice Information & Telecommunication
Mobile SMS verification	SMSGlobal
Payment of fees, electronic payments	Nice Pay
Payment of fees, electronic payments	Toss Payments
Execution and implementation of insurance contracts	Hyundai Marine & Fire Insurance
Service operation in certain areas	Partner companies
Outsourcing of personal information processing when verifying a user’s Driver’s License using the automatic Driver’s License verification system	Ministry of Land, Infrastructure and Transport

 

2. Outsourcing of personal information processing to companies overseas for the provision of Service

Category	Information
Service Provider	Amazon Web Services, Inc.
Transferred Country	United States of America
Date and Method of Transfer	Transfer by network upon membership sign-up and Service use
Items Transferred	All personal information collected
Purpose of Use	Data storage
Period of Retention and Use	Upon withdrawal of membership or termination of outsourcing agreement
Domestic Agent	General Agent Co., Ltd. (CEO: Young-soo Kim)
Address	Saemunan-ro 5ga-gil 28, Jongno-gu, Seoul
TEL	02-735-6888

 

 

Article 10 (Measures to Secure the Safety of Personal Information)

In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, managerial and physical measures necessary to secure safety. The Company also protects users’ personal location information at a level equivalent to personal information.

1. Regular self-audits The Company conducts regular self-audits to ensure stability in handling personal information.

2. Minimization of staff handling personal information and Provision of Training The Company implements measures whereby personal information is managed by the minimum number of employees responsible for handling personal information.

3. Establishment and implementation of internal management plans The Company establishes and implements internal management plans to ensure that personal information is handled safely. Technical measures in preparation for hacking, etc. The Company installs security programs which are regularly updated and inspected, as well as systems in areas with limited access from outside which are technically and physically inspected and blocked, in order to prevent personal information from being leaked or damaged by hacking or computer viruses, etc.

5. Encryption of personal information Passwords to the personal information of Members are encrypted before being stored and managed, and the Company separately applies security functions that encrypt or lock files and transmission data only knowable and important to their owners.

6. Storage of access records and prevention of forgery and alteration Records of access to the personal information processing system are stored and managed for at least six (6) months, and security functions are used to prevent forgery, alteration, theft, and loss. Restriction of access to personal information system The Company takes necessary measures to control access to personal information by granting, changing, or canceling access authority to the database system that processes personal information, and controls unauthorized access from outside through an intrusion prevention system. Use of locking device for document security Documents and auxiliary storage media containing personal information are stored in a safe place with a locking device. Control of access from unauthorized persons The Company has a separate place for physical storage of personal information, for which access control procedures are established and operated.

 

 

Article 10-2 (Notice of Criteria for Additional Use and Provision)

In accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act, the Company may additionally use and provide personal information without the consent of the information subject in consideration of matters under Article 14-2 of the Enforcement Decree of the Personal Information Protection Act. Accordingly, the Company considers the following for additional use and provision without the consent of the information subject:

▶ Whether the purpose of additionally using or providing personal information is relevant to the original purpose of collection;

▶ Whether there is predictability in the additional use and provision of personal information in light of the circumstances in which personal information was collected and past practices;

▶ Whether the additional use and provision of personal information unfairly infringed the interests of the information subject; and

▶ Whether necessary measures, such as pseudonymization or encryption, were taken to ensure safety.

 

 

Article 11 (Division in Charge of Privacy Protection and Personal Information Protection Manager / Location Information Manager)

In order to protect the personal information of Members and handle relevant complaints, the Company has designated the following division, personal information protection officer, and location information manager. Members can report all privacy-related complaints that may occur in the course of using the Company’s Service to the personal information protection manager (location information manager) or the division in charge, and the Company will provide Members with prompt and sufficient answers to their reports.

 

1. Division in charge of personal information protection

Category	Information
Division in Charge	Customer Service Division
TEL	1688-4356
Email	hello@theswing.co.kr

2. Personal information protection manager

Category	Information
Person in Charge	Yong-seop Shin
TEL	1688-4356
Email	jason@theswing.co.kr

3. Location information manager

Category	Information
Person in Charge	Dae-gwon Song
TEL	1688-4356
Email	daekwon@theswing.co.kr

 

 

Article 12 (Amendment of Privacy Policy)

The announcement date and enforcement date of this Privacy Policy currently in effect, and the previous Privacy Policy are as follows.

 

 

Addendum

Enforcement Date: October 20, 2023

 

 

Check previous privacy policies

1st privacy policy (2019.05.25)

2nd privacy policy (2022.09.20)