Privacy policy
CRScube Inc. and its subsidiaries (hereinafter "CRScube") establish and disclose the following privacy policy in order to protect the personal information of the subject of information and to promptly and smoothly handle related complaints.
1. Purpose of personal information processing
CRScube processes personal information to the minimum extent necessary for the following purposes. The personal information processed by CRScube will not be used for any purpose other than the following purposes, and if the purpose of use changes, CRScube will take necessary measures such as obtaining additional consent.
Creation and management of user account
Provision of service
Customer support for service
2. Period of personal information processing and retention
CRScube processes and retains personal information within the period stipulated by relevant laws and regulations, or within the period agreed by the subject of information when CRScube collects the personal information.
The period of personal information processing is as follows.
Purpose of Personal Information Processing | Period of Personal Information Processing and Retention |
|---|---|
Creation and management of user account | Duration of service |
Provision of service | Duration of service |
Customer support for service | Duration of service |
The retention period for personal information shall be in accordance with the retention period for clinical trial data as stipulated by relevant regulations or the contractual period.
3. Entrustment of Personal Information Processing
CRScube entrusts the processing of personal information to the following trustees in order to facilitate the handling of personal information.
Purpose of Personal Information Processing | Trustee | Entrusted affair |
|---|---|---|
Storage of service data | Amazon Web Service, Inc. | Storage of CRScube's service data |
Customer support for service | Zendesk, Inc. | Management of personal information for the service provision of the CRScube Help Center |
CRScube, when entrusting affairs, specifies in writing the prohibition of processing personal information for purposes other than those of the entrustment, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the entrusted party, and liability for damages to ensure the secure processing of personal information.
If the details of entrusted affairs or trustees change, CRScube will promptly disclose the changes through this Privacy Policy.
4. Rights, duties, and methods of exercising the rights of the subject of information and their legal representatives
Subjects of information have the right to exercise various rights regarding their personal information at CRScube, including access, correction, deletion, and suspension of processing at any time.
Request to access the personal information: Subjects of information may regularly check their personal information by logging into CRScube solutions.
Request to correct or delete personal information: Subjects of information may send a request to help@crscube.io via their email address registered in CRScube solutions.
Request to suspend the processing of personal information: Subjects of information may send a request to help@crscube.io via their email address registered in CRScube solutions.
The rights under paragraph 4.1. can be exercised via email to CRScube, and CRScube will take necessary actions after verification.
If a subject of information requests a correction or deletion of personal information errors, CRScube will not use or provide the personal information until the correction or deletion is completed.
The exercise of rights pursuant to 4.1. can be made through a legal representative or a delegate authorized by the subject of information.
5. Personal information processed
CRScube processes the following personal information.
Purpose of Personal Information Processing | Personal Information |
|---|---|
Creation and management of user account | Required: Name, contact, and email address |
Provision of service | Required: Name, contact, email address, IP address, identifiers of browser and device, and operating system |
Customer support for service | Required: Name, contact, email address, IP address, identifiers of browser and device, and operating system |
6. International transfer of personal information
CRScube may provide personal information to third parties as follows, and may process the user's personal information on servers located in regions outside of the user's country of residence.
Category | AWS | Zendesk |
|---|---|---|
Personal information transferred | Name, contact, and email address | Name, contact, and email address |
Nations where the personal information is transferred to | Republic of Korea, Japan | Japan |
Date, time, and method of transfer | Transmission through the network at the time of service use | Transmission through the network at the time of service use |
Recipient of the personal information | · Recipient: Amazon Web Services (AWS)· Contact: https://aws.amazon.com/compliance/data-privacy/ | · Recipient: Zendesk, Inc.· Contact: https://www.zendesk.com/company/agreements-and-terms/privacy-policy/ |
Purpose of use of the personal information by the recipient | CRScube stores the personal information on AWS and does not use the stored data without prior consent. | CRScube stores the personal information relevant to the service of the CRScube Help Center, and does not use the stored data without prior consent. |
Period of retention and use of the personal information by the recipient | Duration of the service by CRScube | Duration of the service by the CRScube Help Center |
Right to refuse consent and its consequences | A user has the right to refuse the collection of personal information. However, when a user refuses consent, the use of services may be limited. | A user has the right to refuse the collection of personal information. However, when a user refuses consent, the use of services may be limited. |
7. Destruction of personal information
CRScube will destroy the relevant personal information when it becomes unnecessary, such as when the period of personal information retention has expired or when the purpose of the processing has been achieved.
If personal information needs to be retained due to any relevant regulation even after the expiration of the agreed-upon retention period or the achievement of the processing purpose, CRScube will segregate and continue to retain that specific personal information.
The procedure and method of destroying personal information are as follows:
Destruction procedure: CRScube selects the personal information which falls under any reason for destruction, and destroys the personal information with the approval of the Personal Information Protection Officer.
Destruction method: CRScube ensures that personal information recorded and stored in the database is destroyed in such a way that the records cannot be regenerated.
The exercise of rights pursuant to 7.1. can be made through a legal representative or a delegate authorized by the subject of information.
8. Installation and operation of an automatic personal information collection system, and the refusal thereof
CRScube uses "cookies" to store and retrieve usage information periodically to provide personalized services to users.
Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser and may also be stored on the hard drive of a user's PC.
Purpose of using cookies: Cookies are used to gather information about user visits and usage patterns on various services and websites visited by users, as well as to determine if a secure connection is established, in order to provide optimized services to users.
Installation, operation, and refusal of cookies: The use of cookies can be refused by changing the options in the Tools > Internet Options > Privacy menu at the top of the web browser.
Refusing the use of cookies may lead to difficulties in using a personalized service.
9. Measures to ensure the security of personal information
CRScube takes the following measures to ensure the security of personal information.
Administrative measures: Establishment and implementation of an internal management plan, regular training for employees, etc.
Technical measures: Management of access authority for personal information management system, installation of an access control system, encryption of personal information, installation of security programs, etc.
Physical measures: Not applicable (Cloud service in use)
10. Personal information protection officer
CRScube takes overall responsibility for the processing of personal information, and designates a personal information protection officer for handling complaints, redress and related matters concerning personal information processing as follows.
Department in charge | Person in charge | Contact |
|---|---|---|
Development | Gidae Yeo, CTO | Email: help@crscube.ioPhone: +82-2-722-7275 |
A subject of information may contact the personal information protection officer and the relevant department at CRScube for any inquiries, complaints, and redress related to personal information protection arising from the use of CRScube's services. CRScube will respond and address the inquiries from subjects of information promptly.
11. Changes to the privacy policy
This privacy policy is effective as of September 15, 2023.
Previous versions of the privacy policy can be requested by contacting help@crscube.io.