Willog Co., Ltd. (hereinafter the "Company") complies with the personal information protection regulations of relevant laws that information and communications service providers must observe, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Communications Privacy Act, and the Telecommunications Business Act, and has established a privacy policy in accordance with such laws to do its best to protect users' rights and interests.
All personal information of customers handled by the Company is collected, retained, and processed based on relevant laws or with the consent of the data subject.
Article 1 [Collection and Purpose of Personal Information]
The Company collects and processes personal information for the following purposes. The personal information being processed is not used for purposes other than those listed below, and if the purpose of use changes, separate consent will be obtained under Article 18 of the Personal Information Protection Act.
1. Provision of goods or services
Personal information is processed to provide services and content.
2. Use for marketing/advertising
Personal information is processed to provide marketing content, deliver advertisements based on demographic characteristics, and track access frequency.
3. Methods of collecting personal information
The Company collects personal information through the following methods.
a. Website, blog subscription, written forms, fax, telephone, inquiry boards, email, event entry
b. Provision from partner companies
c. Collection through generated-information collection tools
4. Refusal and restriction of consent to personal information
a. Users who wish to receive marketing content or participate in events require consent to personal information; without consent, use is restricted.
b. Users may withdraw consent to personal information at any time.
c. Changes to consent will be notified through announcements and separate notifications.
Article 2 [Processing of Personal Information
— Items and Retention Period]
1. Processing of personal information
Personal information collected with the consent of the data subject and personal information under relevant laws is processed. The following information is collected for marketing use.
a. Required items for service provision: company name, contact name, phone number, position, department, email, company address
b. Required items for website inquiry: name, company name, department, email, phone, industry
c. Required items for blog subscription: email
d. Required items for content delivery and event participation: name, company name, phone number, position, department, email
e. The following information may be automatically generated and collected during use of the website and blog:
IP address, cookies, visit date and time, service usage records, access logs
2. Retention and use period of personal information
In principle, a customer's personal information is destroyed without delay once the purpose of collection and use is achieved. However, the following information is retained for the period stated below for the reasons listed:
1) When retention is required by relevant laws, the Company keeps customer information for the period set by such laws. In this case, the Company uses the retained information only for the purpose of retention, with retention periods as follows.
a. Service provision management / event participation
- Basis: Use of the OTQ service, content provision, event participation
- Retention: 5 years
b. Website inquiry
- Basis: Verification of inquiry content and response
- Retention: 1 year
c. Blog subscription
- Basis: Delivery of blog content
- Retention: 5 years
d. Website visit records
- Basis: Communications Privacy Act
- Retention: 3 months
Article 3 [Provision of Personal Information to Third Parties]
In principle, the Company processes the data subject's personal information within the scope specified for the purpose of collection and use, and does not process beyond the original purpose or provide it to third parties without the prior consent of the data subject, except in the following cases.
1. When the data subject has consented in advance or provides separate consent
2. When special provisions exist in laws
3. When the data subject or legal representative is unable to express an intention, or when prior consent cannot be obtained due to unknown address, and provision is clearly necessary for the urgent life, body, or property interests of the data subject or third party
4. When personal information is provided in a form that cannot identify a specific individual for purposes such as statistical preparation or academic research
5. When deliberated and resolved by the Protection Commission as personal information that would otherwise be needed to perform another law's tasks
6. When provision to foreign information or international organizations is necessary to implement treaties or other international agreements
7. When necessary for criminal investigation, indictment, and trial
8. When necessary for court proceedings
9. When necessary for the execution of sentences and protective measures
Article 4 [Outsourcing of Personal Information Processing]
The Company outsources some of its work to provide convenient and better services.
1. Outsourcing companies (consignees): Amazon AWS, Google GCP
2. Outsourced tasks: Operation and maintenance of information systems for service provision
Article 5 [Rights and Obligations of Data Subjects
and Their Exercise]
The data subject may exercise the following rights, and a legal representative may, after submitting a power of attorney, request access, correction or deletion, and suspension of processing of the customer's personal information.
1. Right to request access to personal information
Under Article 35 of the Personal Information Protection Act, you may request access to your own personal information in files held by the Company. However, requests for access may be restricted under Article 35(5) as follows.
a. When access is prohibited or restricted by law
b. When there is a risk of harming another person's life or body, or unfairly infringing on another person's property or other interests
c. When access would significantly hinder a public agency's performance of any of the following tasks:
① Tax assessment, collection, or refund
② Examinations regarding academic background, skills, and employment; qualification reviews
③ Ongoing evaluations or judgments regarding compensation assessment
④ Audits or investigations underway under other laws
2. Right to request correction or deletion of personal information
You may request correction or deletion under Article 36 of the Personal Information Protection Act. However, where other laws and Article 2(2) of the Company's privacy policy specify that the personal information is subject to collection and retention, deletion cannot be requested.
3. Right to request suspension of personal information processing
You may request suspension of processing of personal information held by the Company under Article 37 of the Personal Information Protection Act by submitting Form No. 6 (Withdrawal Request), which will be acted on without delay. However, requests may be refused under Article 37(2) in the following cases.
a. When special provisions exist by law, or when unavoidable to comply with legal obligations
b. When there is a risk of harming another person's life or body, or unfairly infringing on another person's property or other interests
c. When a public agency cannot perform tasks under other laws if personal information is not processed
d. When it would be impossible to perform the contract such as the agreed service if processing is suspended, and the data subject has not clearly expressed an intention to terminate the contract
Article 6 [Destruction of Personal Information]
In principle, the Company destroys personal information without delay once the purpose of processing is achieved. The procedure, deadline, and method of destruction are as follows.
1. Destruction procedure
Information entered by users for membership registration is transferred to a separate database (or separate paper filing) once the purpose is achieved, stored for a certain period in accordance with internal policy and applicable laws (refer to retention and use period), and then destroyed. Such personal information is not used for other purposes except where required by law.
2. Destruction deadline and method
When the retention period expires, the processing purpose is achieved, the relevant work is abolished, or the personal information becomes unnecessary, it is destroyed without delay. Information in electronic file form is destroyed using technical methods that prevent record recovery. Personal information printed on paper is destroyed by shredding or incineration.
Article 7 [Measures to Ensure the Safety
of Personal Information]
The Company implements the following technical/administrative measures to protect personal information.
1. Minimization and training of personnel handling personal information
Employees handling personal information are designated and managed only as necessary, and training is conducted for safe management.
2. Access restrictions on personal information
Necessary measures are taken to control access to personal information by granting, changing, or revoking access rights to the database system processing personal information, and unauthorized external access is controlled using intrusion-prevention systems. Documents and storage media containing personal information are stored in locked locations.
3. Retention and tampering prevention of access records
Access records (web logs, summary information, etc.) to the personal-information processing system are retained and managed for at least 6 months, and security functions are used to prevent forgery, alteration, or loss of access records.
4. Installation and periodic inspection/update of security programs
Security programs are installed and periodically updated/inspected to prevent leakage and damage of personal information by hacking or computer viruses.
5. Access control for unauthorized personnel
Separate physical storage locations for personal-information systems are established in controlled areas, with access control procedures established and operated. Data is backed up regularly in preparation for damage to personal information; the latest antivirus programs are used to prevent users' personal information or data from being leaked or damaged; and encrypted communication is used to safely transmit personal information over networks. Unauthorized external access is controlled using intrusion-prevention systems, and other technical security measures are pursued.
6. Periodic self-inspection
To ensure safety in handling personal information, self-inspections and audits of personal-information protection management are periodically conducted, including external servers. However, the Company is not liable for damages not attributable to the Company, including users' own carelessness or accidents in areas not managed by the Company, even when the Company has fulfilled its personal-information protection obligations.
Article 8 [Contact Information of the Privacy Officer]
Under Article 31(1) of the Personal Information Protection Act, the following personal information protection officer is designated to handle complaints and provide relief regarding personal information processing.
1. Personal Information Protection Officer
- Name: Hwang Kyung-ha
- Position: CHO
- Contact: peter@willog.io
2. Personal Information Protection Department (in charge of access requests and processing)
- Name: Ryu Hwi-seung
- Department: HR
- Contact: louis@willog.io
For reports or consultations regarding other personal information infringements, please contact the following organizations.
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
- Supreme Prosecutors' Office Cybercrime Investigation Unit (www.spo.go.kr / 1301)
- National Police Agency Cyber Safety Bureau (www.ctrc.go.kr / 182)
Article 9 [Processing of Personal Location
Information]
Under Article 21-2 of the Act on the Protection, Use, etc. of Location Information (hereinafter the "Location Information Act") and Article 25-2 of its Enforcement Decree, the Company discloses the following matters regarding the processing of personal location information.
1. Purpose of processing and retention period of personal location information
The Company processes personal location information to provide vehicle monitoring services (real-time location tracking and visibility of cargo and assets, movement history management and analytical reports, geofence entry/exit notifications, etc.). Personal location information is retained for the duration of the service agreement and is destroyed immediately when the purpose of collection, use, or provision is achieved. However, location-information collection-use-provision confirmation data is retained for 12 months under Article 16(2) of the Location Information Act.
2. Basis and retention period for location-information collection-use-provision confirmation data
Under Article 16(2) of the Location Information Act, location-information collection-use-provision confirmation data is automatically recorded and preserved, and is retained for 12 months before destruction.
3. Destruction procedure and method of personal location information
Personal location information whose purpose of collection, use, or provision has been achieved is destroyed immediately. When stored in electronic form, it is permanently deleted using methods from which recovery is impossible; when printed on paper, it is shredded or incinerated.
4. Provision to third parties and notification of personal location information
The Company does not provide personal location information to third parties without the customer's (personal location information subject's) consent. When providing personal location information to a third party designated by the customer, the recipient, the time, and the purpose of each provision are immediately notified to the relevant communications terminal or email under Article 19(3) of the Location Information Act.
5. Rights and obligations of guardians of children under 8 years old, etc.
Under Article 26 of the Location Information Act, consent for the collection, use, or provision of location information of children under 8, adult wards, persons with mental disabilities under the Welfare of Disabled Persons Act, etc. (hereinafter the "guardians") is given by such guardians. Guardians may exercise the rights granted to personal location information subjects (withdrawal of consent, request for temporary suspension, request for access and notification, etc.) and may make such requests to the personal information protection department listed in Article 8.
6. Location Information Manager
Under Article 16 of the Location Information Act, the Company designates the following Location Information Manager.
- Name: Bae Seong-hoon (CEO)
- Phone: 02-6959-0966
- Email: hoon@willog.io
For inquiries and complaints regarding location-information processing, please contact the Location Information Manager above or the personal information protection department in Article 8.
Article 10 [Duty of Notification]
If the current privacy policy is amended to add, delete, or modify content due to changes in operational policy or security technology, the changes will be announced through the website (or app) notice (or individual notification) at least 7 days prior.
* Announcement date of the privacy policy: April 3, 2026
* Initial effective date of the privacy policy: November 8, 2023
