Privacy Policy
(Milistar Co., Ltd. hereinafter referred to as the
"Company") complies with the personal information
protection regulations under the relevant laws and
regulations that information and communication service
providers must comply with, such as the Act on Promotion of
Information and Communications Network Utilization and
Information Protection (hereinafter referred to as the
"Information and Communications Network Act"), the
Personal Information Protection Act, the Communications
Secrets Protection Act, and the Telecommunications Business
Act, and is committed to protecting the rights and interests
of users by establishing a privacy policy in accordance with
the relevant laws and regulations. The Company establishes
and implements the Privacy Policy to protect users' personal
information and smoothly handle users' grievances related to
personal information, and if the Privacy Policy is revised,
it will be notified through the notice (or individual
notice) on the website or mobile application (hereinafter
referred to as the "Platform") provided and
operated by the Company.
Article 1: Purpose of Collection and Use of Personal
Information
The Company shall not use your personal information beyond
the scope notified in this Article except with your consent
or in accordance with the provisions of laws and
regulations. The purpose of using the collected personal
information is as follows.
1. Provide and Operate the Milistar Service
Identification of individuals within the Milistar Service,
use of (personal) location information to provide
location-based services, fulfillment of contracts for
service provision and payment of fees for service provision,
driver arrangement, content provision, delivery of goods or
invoices, authentication of financial transactions and
financial services, collection of fees, etc.
2. Manage Members
Provision of membership services, identification of
members, identification of individuals, prevention of
unauthorized use and unauthorized use by members whose use
is restricted (members whose use is restricted under the
Milistar Terms and Conditions), confirmation of intention to
subscribe and limit the number of subscriptions, record
keeping for dispute settlement, handling of complaints,
including handling of complaints, delivery of notices,
identification of future legal representatives, delivery of
the latest information, validation of the service,
identification of access frequency, and identification of
statistics on service use by members.
3. Collect and use for cause investigation and handling
in the event of an incident.
4. Development of new services and utilization in
marketing and advertising (optional).
Develop new services and provide customized services,
provide services and advertisements based on statistical
characteristics, provide opportunities to participate in
events or provide advertising information.
Article 2: Items of Personal Information Collected and
Methods of Collection
The Company collects personal information as follows to
fulfill the purpose of collecting and using personal
information in Article 1.
1. Items of Personal Information Collected
Required items for membership
①. General Members
a.
Member's name (or nickname), email address (username) and
password, mobile phone number, device information (including
model name, carrier, OS, device unique identification
number, ad ID, etc.
②
Additional Required Items to Use the Service
a.
Information on Operation and Use
·
Payment history, (personal) location information,
information related to various complaints/accidents,
inquiries, call logs related to the use of the Milistar
service (such as the
start and end time of the call with the driver), video and
audio collected by the dashcam (voice is not collected
directly by the Company, and there are cases where voice is
automatically collected depending on the dashcam model, but
the Company does not use and view it)
b.
Payment-related Information
·
Credit Card Payments: card issuer, card number, expiration
date, date of birth, encrypted card identification, etc.
·
Direct Deposit: Bank name, account number, etc.
·
Other Payment Methods: such as account numbers for easy
payments or prepayments
③ Optional Items
a.
When Entered by the Member
·
Profile photos, address information such as home or work,
friend invitation history, account information to connect
with external services you choose (such as Facebook), and
other information you voluntarily provide to use the
Services
b.
When Registering a Business Profile
·
Company information (name, organization), business email
address
④
Automatically generated and collected information (in
the course of using the Services or in the course of
doing business)
·
IP address, date and time of visit, service usage history,
cookies, access logs, bad usage history, app installation
information, network location information, etc.
2. Methods of Collecting Personal Information
The Company collects personal information in the following
ways.
·
Membership registration through the Platform, application
for subsidiary services, and information collection
·
Collection through identity verification services
·
Use of telephone or online consultation services
·
Participation in event prize contests, delivery
requests
·
Provision from partner companies
·
Automatic collection through information generation
tools
·
Automatic collection during service use
·
Complaints or reports by oneself or others
Article 3: Processing and Retention Period of Personal
Information
We may retain and use your personal information collected
while you remain a Member.
If a user withdraws or loses membership, we will delete and
destroy the collected membership information even if the
user does not request otherwise. However, notwithstanding
the withdrawal or disqualification of a member, the
following information will be retained for a specified
period of time and then deleted
and destroyed for the following reasons.
1. Retention of Information by Internal Company
Policy
|
Retention Bases |
Retention items |
Retention period |
|
Disputes and troubleshooting between
members |
Phone number |
Statute of limitations and other time limits on
disputes |
|
Restrict banned members and fraudulent members
from rejoining |
Phone number |
Subject to time limits |
2. Retention of Information as Required by Applicable
Law
|
Retention Bases |
Retention items |
Retention period |
|
The Consumer Protection in Electronic Commerce
Act |
Display-advertising history |
6 months |
|
The Consumer Protection in Electronic Commerce
Act |
Records about contracts or withdrawals,
etc. |
5 years |
|
The Consumer Protection in Electronic Commerce
Act |
Records of payments and supply of goods and
services |
5 years |
|
The Consumer Protection in Electronic Commerce
Act |
Records about handling consumer complaints or
disputes |
3 years |
|
Communications Privacy Act |
Login history |
3 months |
Article 4: Outsourcing the Processing of Personal
Information
To improve services, the Company outsources the processing
of users' personal information to other companies within the
necessary scope of work as follows. In accordance with
relevant laws, the company ensures that necessary measures
are in place to manage personal information safely when
signing outsourcing contracts. When
entering into outsourcing
contracts, the Company specifies in documents such as
contracts that personal information should not be processed
beyond the purpose of performing outsourced tasks, and
outlines technical and managerial protective measures,
restrictions on re-outsourcing, management and supervision
of the contractor, and liabilities for damages.
The Company supervises the contractor to ensure they handle
personal information securely. If there are changes in the
contents of the outsourced tasks or contractors, this
privacy policy will be promptly updated to reflect those
changes.
The Company's personal information outsourcing agencies and
the details of the outsourced tasks are as follow.
1. Entrusting the Processing of Personal Information to
a Domestic Company for the Use of the Service
·
Privacy Shield Status
|
Outsourcers |
Outsourced Tasks |
|
NHN Cloud |
Manage infrastructure for service delivery and
analytics |
|
Toss Payments Co., Ltd |
Payment and collection of expenses and
reimbursements, financial transaction identity
verification and financial services |
2. Entrusting Overseas Companies to Process Personal
Information for the Use of the Service
·
Outsourcing of Personal Information Processing
|
Outsourcers |
Outsourced Tasks |
|
AWS |
Manage infrastructure for service delivery and
analytics |
|
Paypal |
Payment and collection of expenses and
reimbursements, financial transaction identity
verification and financial services |
Article 5: Provision of Personal Information to Third
Parties
The Company processes the user's personal information
within the scope notified in the purpose of collecting and
using personal information in Article
1, and does not use it beyond the
scope of consent or disclose the user's personal information
to the outside without the user's prior consent. However,
the following cases are exceptions.
·
The user has given prior consent to the third-party
provision
·
Necessary to settle charges for the provision of
services
·
When requested by investigative and supervisory authorities
in accordance with the provisions of laws and regulations or
in accordance with the procedures and methods prescribed by
laws and regulations for the purpose of investigation and
investigation
·
Processed in an unrecognizable form for statistical
purposes, academic research, or market
research
In other cases where it is necessary to provide personal
information to a third party for the purpose of providing
better services, the Company will seek the user's consent in
advance by specifying the person to whom the personal
information is provided, the purpose of using the personal
information, the items of personal information to be
provided, the period of retention and use of personal
information by the person to whom the personal information
is provided, the fact that the user has the right to refuse
consent to the provision of information, and the
disadvantages of refusing consent.
We limit the personal information you provide to our
affiliated services to that which is strictly necessary to
provide the service, such as your name and profile picture.
We will inform you of the personal information provided for
each service at the time of consent. The contents of the
personal information provided may be added or changed while
providing the service, and if the personal information
required to use the affiliated service is changed,
additional consent will be obtained when using the
service.
However, the third party to whom the personal information
is provided may retain and use the personal information
until the purpose of the provision is achieved or the member
requests withdrawal, even if the information is necessary
for internal reporting, audit and inspection, contract
performance such as cost settlement (billing), and
preparation for disputes, and if there are special
provisions in relevant laws such as the Commercial Code, it
may be retained accordingly.
1. Providing Personal Information to Third
Parties
·
Disclosure of Personal Information to Third Parties
|
Recipient's Purpose of Use |
Recipient |
Provided Items |
Recipient's Retention and Use Period |
|
Provide taxi hailing and ride brokerage
services, mutual identification between users
and drivers |
Milistar Member mutual sharing (member using
the service - driver) |
Name, personal location information |
Destroyed after achieving the purpose of
use |
However, a third party to whom personal information has
been provided may retain and use personal information
necessary for the fulfillment of contracts and preparation
for disputes, such as internal reporting, audit and
inspection, cost settlement (billing), etc. until six months
after the termination of the transaction, or until the
completion of performance and resolution of disputes if
non-performance or disputes continue, and may retain and use
personal information in accordance with special provisions
in relevant laws such as the Commercial Act.
2. Refusal of Consent
Users have the right to refuse consent to the provision of
their personal information as described above. However, if
you refuse to provide the minimum amount of personal
information necessary to provide the Service, you may be
unable to conclude, maintain, fulfill, and manage contracts
for the provision of the Service, or there may be
disadvantages such as delays in handling incidents.
Article 6: Notification of the Right to Refuse Consent
and Disadvantages of Refusal
Users have the right to refuse consent for the collection
and use of personal information. However, if they refuse
consent for the minimum necessary collection and use of
personal information required for service use, contract
conclusion, and performance, there may be disadvantages such
as inability to use the service or delays in processing
tasks.
Furthermore, if users refuse consent for the collection and
use of personal information for marketing activities and
promotions, or for optional collection and use, there may be
disadvantages such as not receiving information about events
or benefits, inability to receive giveaways or promotional
items, inability to use partnership services, apply for
discounts, or accumulate points.
※
In addition to the consent provided herein, the company
may collect and use personal information or provide it
to third parties according to the user's separate
consent.
Article 7: Rights, Obligations, and Methods of
Exercising Rights of Users and Legal
Representatives
Users can view or modify their registered personal
information at any time, and if they disagree with the
Company's processing of their personal information, they can
refuse consent or request to cancel their membership
(withdrawal). However, if you change your name, profile
picture, etc. in your personal information, or information
that needs to be verified for the operation of the service,
such as the history of receivables, you may be restricted
from using the service until the company's approval is
obtained.
To view and modify your personal information, click
"Change Personal Information" (or "Modify
Membership Information," etc.), and to cancel your
membership (withdraw consent), click "Withdraw
Membership." You can view, modify, or withdraw directly
after going through the identity verification process by
clicking each click. Or contact the person in charge of
personal information management in writing or by email, and
we will take action without
delay.
If you request the correction of errors in your personal
information, the Company will not use or provide such
personal information to third parties until the correction
is completed. In addition, if incorrect personal information
has already been provided to a third party, the Company will
notify the third party without delay of the results of the
correction process so that the correction can be made.
The Company shall process personal information that has
been terminated or deleted at the request of the user as
specified in Article 3, Personal Information Processing and
Retention Period, and shall not allow the user to view or
use it for any other purpose.
In principle, we do not collect personal information of
children under the age of 14 whose legal representative's
consent is required for the collection and use of personal
information.
Article 8: Installation, Operation, and Refusal of
Automatic Personal Information Collection Devices
1. Cookies
① What are Cookies?
In order to
provide you with personalized and customized services, we
use "cookies" to store and retrieve your
information from time to time. A cookie is a very small text
file sent to the member's browser by the server used to
operate the website and stored on the member's computer's
hard disk. On subsequent visits to the Website, the Website
server reads the contents of the cookie stored on the
Member's hard disk to maintain the Member's preferences and
provide personalized service. Cookies do not automatically
or actively collect personally identifiable information, and
you can refuse to have these cookies stored or delete them
at any time.
②Purpose of the Company's Use of Cookies
When you visit Milistar's PC or
mobile website, we use information from cookies to help you
access and use the website as you have set up, and to
provide you with customized information, such as optimized
advertisements based on your visit to the website and your
usage patterns. To provide targeted marketing and
personalized services by analyzing the frequency and
duration of access by members and non-members, identifying
users' tastes and interests, tracking their traces, and
understanding their participation in various events and the
number of visits.
③ Installation, Operation and Refusal of Cookies
Users have the option to set cookie preferences. Therefore,
users can allow all cookies by setting options in their web
browser, go through confirmation whenever a cookie is saved,
or refuse the storage of all cookies. The methods for
setting cookies are as follows.
|
Browsers |
Method |
|
Internet Explorer |
Tools at the top of the web browser >
Internet Options > Privacy > Setting |
|
Chrome-based (Chrome, Edge, etc.) Browsers |
Settings & More at the top of the web
browser > Settings > Cookies & Site
Permissions |
Refusing to store cookies may result in inconvenience in
using the website or certain services, in which case the
Company shall not be liable.
2. Online Personalized Advertising Service
①
Collecting Advertising Identifiers when Using Mobile
Apps
The Company may collect your ADID/IDFA. ADID/IDFA is a
mobile app user's advertising identification value, which
may be collected to provide personalized services or
measurements to provide a better experience. You can opt out
of ADID/IDFA collection as follows.
|
Operating System
|
Method |
|
Android |
Settings → Google → Ads → Uncheck Personalize
ads |
|
iOS |
Settings → Privacy → Ads → Limit Ad
Tracking |
②
Online Personalized Advertising Services
The Company allows online personalized advertising
providers to collect ad identifiers and behavioral
information as follows.
·
Advertising providers that collect and process behavioral
information: Google, Facebook, Appsflyer, Branch
·
How we collect behavioral information: Automatically
collected and transmitted when you launch our apps
Article 9: Protective Measures for Personal Information
and Personal Location Information
In handling your personal information, the Company takes
the following technical and administrative measures to
ensure the safety of your personal information so that it is
not lost, stolen, leaked,
altered or damaged.
1. Encryption of Personal Information
The Company encrypts personal information according to
relevant legal regulations or internal policies to securely
store and manage it.
2. Measures Against Hacking, etc.
The Company is committed to protecting your personal
information from being leaked or compromised by hacking,
computer viruses, etc.
The Company backs up the data every day to prevent damage
to personal information, use the latest security patches and
firewalls to prevent leakage or damage to members' personal
information or data, and securely transmit personal
information on the network through encrypted
communication.
The Company uses intrusion prevention systems to control
unauthorized access from the outside, and we strive to have
all other technical measures in place to ensure systemic
security.
3. Minimization and Training of Processing Staff
The Company's personal information processing staff is
limited to those in charge, and a separate password is
assigned to them and updated regularly, and compliance with
the Privacy Policy is always emphasized through frequent
training for the staff.
4. Operation of a Dedicated Privacy Protection
Organization
Through an internal dedicated privacy protection
organization, the company monitors compliance with the
privacy policy and ensures that corrective actions are taken
promptly if any issues are discovered.
The Company also applies the following measures to protect
personal location information.
①
Administrative actions
·
Designation and operation of a geolocation officer
·
Specify who has access and limit permissions at each stage
of the collection, use, provision, and destruction of
location information.
·
Have handling and management procedures and guidelines in
place that define the duties and responsibilities of
location data handlers
·
Operation and management of a handling ledger that records
the fact of providing location
information
·
Conduct regular self-checks of your privacy
measures
② Technical measures
·
Identify and authenticate access to location information
and geolocation systems to ensure authorization to access
them
·
Measures such as installing a firewall to block
unauthorized access to the geolocation system.
·
Operation of electronic and automated recording and
archiving of access to location information systems
·
Application of encryption technology or equivalent measures
to securely store and transmit location
data
·
Other technical measures necessary to protect location
data
③ Obligation to collect, use, and automatically record and
preserve location information and verification data
·
Measures to automatically record and store the date, method
of collection, purpose of collection (requested contents),
date and history of provision, and purpose of use of
location information in the location information
system
·
Technical measures to ensure that automatically recorded
and archived data is not leaked, altered, or
compromised
However, the Company shall not be liable for any problems
caused by the leakage of personal information such as ID,
password, etc. due to the Member's own negligence or
Internet problems.
Article 10: Procedures and Methods for Destroying
Personal Information and Personal Location
Information
In principle, personal information and personal location
information of Members are destroyed without delay when the
purpose of collecting and using personal information and
personal location information is achieved. The Company's
procedures and methods for destroying personal information
and personal location information are as follows.
1. Destruction Procedures
The information entered by the user for membership, etc. is
transferred to a separate database (for paper, separate
filing cabinet) after the purpose is fulfilled and stored
for a certain period of time (see
Retention and Use Period) in accordance with the internal
policy and other relevant laws for information protection
reasons, and then destroyed.
The personal information and personal location information
will not be used for any purpose other than the purpose for
which it was collected and used unless required by law.
2. Destruction Methods
Personal information and personal location information
printed on paper will be destroyed by shredding or
incineration, and personal information and personal location
information stored in electronic files will be deleted using
technical that prevent the records from being
restored.
Article 11: Personal Information Manager and Location
Information Manager
Personal information-related complaints and location
information-related complaints arising from your use of the
Company's services can be reported to the person in charge
of personal location information management below. The
Company will provide a prompt and sufficient response to
your report.
1. Chief Privacy Officer (and Data Protection
Officer)
|
Name |
Affiliation |
Job title |
Phone number |
Email address |
|
Myungsoo Kim |
Milistar |
Representative |
02-6959-1250 |
milistardev@gmail.com |
2. Privacy Authorities Information
If you need to report or consult about other privacy
violations, please contact the following organizations.
·
Personal Information Infringement Report Center (개인정보침해신고센터/ privacy.kisa.or.kr / 118 without area code)
·
Cybercrime Prosecution Service (대검찰청 사이버수사과/ www.spo.go.kr / 1301 without area code)
·
Korean National Police Agency Cyber Bureau (경찰청 사이버수사국/ police.go.kr / 182 without area code)
Article 12: Processing of Personal Location
Information
The Company processes and retains personal location
information as follows.
·
Processing and Retention of Personal Location
Information
|
Processing Item |
Processing Purpose |
Retention Period |
|
User's (Passenger's) mobile phone location
information (GPS, Wi-Fi, carrier base station
information), travel route, service usage
logs |
Dispatch and allocation, fare calculation and
processing, providing Milistar platform
services, providing various promotions like
coupons, analyzing service
usage and improving
services, various notifications and
communications, handling complaints |
Dispatch and allocation, fare calculation and
processing, providing Milistar platform
services, providing various promotions like
coupons, analyzing service
usage and improving
services, various notifications and
communications, handling complaints |
|
User (Driver) location information (vehicle GPS
information) |
For 1 year from the end of the transaction
relationship (However, if the purpose of use is
achieved before this period, it will be
destroyed immediately, and if a legal retention
period expires after this period or if a dispute
persists, it will be retained until the end of
that period) |
For 1 year from the end of the transaction
relationship (However, if the purpose of use is
achieved before this period, it will be
destroyed immediately, and if a legal retention
period expires after this period or if a dispute
persists, it will be retained until the end of
that period) |
When the Company uses the user's personal location
information, the Company shall immediately destroy the
personal location information, other than the confirmation
data of the fact of providing the location information,
which must be preserved in accordance with Article 16,
Paragraph 2 of the Location Information Act, when the
purpose of collecting, using, or providing the personal
location information is achieved in accordance with Article
23 of the Location Information Act.
The Company provides personal location information of users
to third parties with the consent of the information subject
as follows.
·
Disclosure of Personal Location Information to Third
Parties
|
Information Disclosed |
Third Party Recipients |
Retention and Use Period by Third
Parties |
|
Personal location information of users
(passengers) (mobile phone location information
- GPS, Wi-Fi, carrier base station
information) |
User (individual driver) and partner
transportation company |
From the time the user (passenger) is called to
the time you decide
whether or not to
board. |
|
Location information (vehicle GPS information)
of the user's (private driver) drivers |
Users (passengers) who board the vehicle
through the Milistar platform. |
From the time the user (passenger) booked
(requested) the ride to the time the user
(passenger) gets off the ride. |
If the Company provides personal location information to a
third party designated by the user, the Company shall
immediately notify the user of the recipient, date, time,
and purpose of the provision each time through the
communication device that collected the personal location
information.
However, in the following cases, we will notify you via a
communication terminal device or e-mail address specified by
you in advance.
·
The communication device that collected the personal
location information is not equipped to receive text, voice,
or video.
·
The user has requested in advance that you notify them by,
for example, posting online.
The person responsible for the protection of the following
users (hereinafter referred to as "children under 8
years of age") may consent to the Company's use or
provision of personal location information of children under
8 years of age for the protection of their life or body.
·
Individuals with mental disabilities under the provision of
Article 2, Paragraph 2, Clause 2 of the Act on Welfare of
Persons with Disabilities, who correspond to severe
disabilities under the provision of Article 2, Paragraph 2,
Clause 2 of the Act on Promotion of Employment of Persons
with Disabilities and Vocational Rehabilitation (limited to
those registered as disabled persons under Article 32 of the
Act on Welfare of Persons with Disabilities)
The method of consent by the guardian is by stating the
following items in the written consent form and attaching a
written/electronic document (including a seal, signature, or
electronic signature of the guardian) certifying that the
person is a guardian, such as a child under the age of 8,
and submitting it to the Company.
|
[Describe the Written Consent].
1.
Full name, address, and date of birth,
including for children 8 and under
2.
Name, address, and contact information for the
duty holder
3.
That the purpose of collecting, using, or
providing the personal location information is
limited to protecting life or limb, such as a
child under the age of
8
4.
Date of Consent |
The Company automatically records the confirmation of the
fact of collecting, using, and providing location
information in the system based on Article 16, Paragraph 2
of the Location Information Act, and preserves it for six
months from the time of recording.
Article 13: Miscellaneous
Please be aware that this Privacy Policy does not cover the
privacy practices of websites linked to from within the
Milistar Service.
Article 14: Amendments and Notices to the Privacy
Policy
If this Privacy Policy is revised, we will notify you
through the Company's homepage, notices within the Service,
or other easy-to-understand methods. However, if there are
significant changes to member rights, such as the collection
and use of personal information, provision to third parties,
etc.
·
Revision Date: May 17, 2024
·
Date of Enactment: May 17, 2024