Privacy Policy
Last modified Aug 6, 2024
Thinkfree Inc. (hereinafter referred to as “the Company” or “Thinkfree”) complies with laws, regulations, and guidelines for personal information protection, and establishes and discloses this privacy policy to protect users’ personal information and rights, and to handle complaints related to personal information smoothly. This policy applies to the services provided by the Company based on the Thinkfree Website and Office Service (hereinafter referred to as ‘Service’).
Matters not specified in this policy shall be governed by the terms of service and operational policies of each service. If this policy conflicts with specific guidelines, the operational policies and specific guidelines shall take precedence. If you do not agree with any part of this policy, you should not use the services.
1. Purpose of Processing Personal Information
Thinkfree processes personal information for the following purposes: ensuring the smooth provision of services, preventing misuse, protecting the service, providing targeted advertising, analyzing usage statistics, and resolving errors. Personal information is not processed for purposes other than those specified, and if the processing purpose or items change, necessary actions such as obtaining separate consent will be taken.
2. Methods and Items of Personal Information Processing
Thinkfree collects the following personal information using the methods specified below for the essential functioning of the service. Sensitive personal information is not processed.
A. Information Automatically Collected by Thinkfree
This may include the user’s IP address, browser information, device information, operating system, language preferences, country, location, and information on how and when the service is used. This information is used for service operation, security, prevention of malicious use, and internal analysis and reporting.
- IP Address: To prevent misuse of the service and for general user identification purposes.
- Browser and Device Characteristics: For providing a customized UI and service based on language and environment.
- Log and Usage Data: For diagnosing issues, identifying errors, verifying performance, and gathering information on frequently accessed pages, features, user events, and activities.
B. Information Collected Through Integrated Third-Party Services
- Google Analytics: The Company uses Google Analytics to track and analyze user behavior and interactions with the service.
- Collected Items: IP address, browser information, device information, website usage metrics (visited pages, time spent on the site, interactions with website elements).
- Cookies and Identifiers: Google Analytics uses cookies and other tracking technologies to collect and store user information. These cookies help understand how users interact with the website and improve the service.
- Data Retention: The Company retains data collected through Google Analytics for the period necessary to achieve the purposes outlined in this policy. The retention period may vary depending on legal requirements and business needs.
- Data Processing: Google Analytics is a third-party service provider that collects and processes data on behalf of the Company. For more details, refer to Google’s Privacy Policy.
- Google AdSense: The Company uses Google AdSense to serve and manage advertisements on the website.
- Collected Items: IP address, browser information, device information, interactions with ads (e.g., clicks, impressions), user interests, and visited websites.
- Cookies and Identifiers: Google AdSense uses cookies and other tracking technologies to collect and store user information. These cookies help understand how users interact with the website and provide tailored advertisements.
- Data Retention: The Company retains data collected through Google AdSense for the period necessary to achieve the purposes outlined in this policy. The retention period may vary depending on legal requirements and business needs.
- Data Processing: Google AdSense is a third-party service provider that collects and processes data on behalf of the Company. For more details, refer to Google’s Privacy Policy.
- Amazon Web Services (AWS): The Company uses Amazon Web Services (AWS) for cloud infrastructure to store and manage data.
- Collected Items: IP address, browser information, and automatically collected information during service use (e.g., log data, IP address, device information).
- Data Processing and Security: AWS is a third-party service provider that stores and processes data on behalf of the Company. AWS applies industry-standard security measures to protect the data. The Company utilizes AWS’s security infrastructure to protect data, which may include data encryption, access control, and regular security audits.
- Data Transfer: User data may be transferred and stored through AWS’s global data center network. AWS ensures that such data transfers comply with relevant regulations.
- The Company continuously monitors third-party service providers to ensure they securely handle personal information. If there are changes in the details of the entrusted work or the third-party service provider, the Company will promptly disclose this through this Privacy Policy.
C. Information Collected from Third-Party Sources
3. Legal Basis for Processing Personal Information
The Company will only process users’ personal information when necessary and if there is a valid legal reason (i.e., legal basis) under applicable laws, which includes the user’s consent. This includes:
- Providing services to fulfill the Company’s contractual obligations.
- Protecting the user’s rights.
- Realizing the Company’s legitimate business interests.
A. Legal Basis for Users Residing in the EU or UK
The General Data Protection Regulation (GDPR) and the UK GDPR require the Company to explain the valid legal bases for processing users’ personal information. The Company processes users’ personal information based on the following legal grounds:
- Consent:
The Company may process users’ personal information if the user has consented to the use of their personal information for specific purposes outlined in this policy. Users can withdraw their consent at any time by contacting the Company, although doing so may limit access to some or all of the services. - Performance of a Contract:
The Company may process users’ personal information as necessary to provide services or to take steps at the user’s request before entering into a contract. - Legitimate Interests:
The Company may process users’ personal information if it is necessary for the legitimate business interests of the Company, provided that these interests do not override the user’s interests or fundamental rights and freedoms. The Company may process users’ personal information for purposes including, but not limited to:- Providing personalized advertising content.
- Analyzing service usage patterns to improve the service.
- Supporting marketing activities.
- Diagnosing and resolving service issues and errors.
- Preventing fraudulent activities.
- Legal Obligations: The Company may process users’ personal information if it is necessary to comply with legal obligations, such as:
- Exercising or defending the Company’s legal rights.
- Cooperating with law enforcement or regulatory agencies.
- Disclosing users’ information as evidence in legal proceedings involving the Company.
- Vital Interests: The Company may process users’ personal information if it is necessary to protect the vital interests of the user or another person, such as situations involving potential threats to personal safety.
- Consent: The Company may process users’ personal information if the user has given explicit consent for specific purposes outlined in this policy, or if the user’s consent can be inferred from the circumstances (implied consent). Users can withdraw their consent at any time by contacting the Company, although this may limit access to some or all of the services.
- Special Cases: In certain exceptional situations, the Company may process users’ personal information without consent if permitted by applicable laws, such as:
- When the collection is clearly in the individual’s interest and consent cannot be obtained in a timely way.
- For fraud detection and prevention.
- For business transactions that meet certain conditions.
- If included in a witness statement and necessary for assessing, processing, or settling an insurance claim.
- To identify injured, ill, or deceased persons and communicate with next of kin.
- If the Company has reasonable grounds to believe the individual has been, is, or may be a victim of financial abuse.
- When collecting and using information with consent would compromise the availability or accuracy of the information and the collection is reasonable for investigating a breach of an agreement or a contravention of Canadian or provincial laws.
- To comply with a subpoena, warrant, court order, or rules of the court concerning the production of records.
- If the information was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced.
- For journalistic, artistic, or literary purposes.
- If the information is publicly available and specified by regulations.
4. Entrusting the Processing of Personal Information
The Company may share user data with third parties (suppliers, service providers, contractors, or agents, collectively referred to as “contractors”) who perform certain services on behalf of the Company and require access to the information to carry out their work.
The Company enters into contracts with contractors to ensure personal information is securely managed according to relevant laws. Contractors are prohibited from sharing or using users’ personal information for purposes other than those specified by Thinkfree. Contractors may hold and store data on behalf of the Company only for the duration specified. The Company will promptly disclose any changes to the entrusted work or contractors through this policy.
Contractors with whom the Company may share personal information include:
- Advertising, Direct Marketing, and Lead Generation: Google AdSense
- Cloud Computing Services: Amazon Web Services (AWS)
- Web and Mobile Analytics: Google Analytics
The Company may also share users’ personal information in the following circumstances:
- Business Transfers: The Company may share or transfer users’ information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of the Company’s business to another company.
5. Links to Third-Party Sites
The service may include advertisements or links to third-party websites, online services, or mobile applications (“third-party services”) in connection with its operations.
Providing links to third-party services does not imply endorsement by the Company. The Company does not provide third-party services, and thus, the Company does not guarantee or take responsibility for third-party services, nor for any loss or damage resulting from their use. Data collected by third-party services is not governed by this policy, and the Company does not guarantee the security or privacy of the data provided to third-party services. Users should review the policies of third-party services and contact them directly with any questions.
6. Use of Cookies and Online Tracking Technologies
The Company may use cookies and similar online tracking technologies (such as pixels and web beacons) for service operations, providing appropriate functionalities, understanding user service usage patterns, identifying errors, and preventing malicious use.
Additionally, the Company allows third parties and service providers to use online tracking technologies on the Company’s services to provide advertisements, tailor advertisements to users’ interests, and analyze user behavior. These third parties and service providers may use their technologies to deliver advertisements for products and services tailored to users’ interests, which may appear on the Company’s services or other websites.
For specific information on how the Company uses these technologies and how to refuse certain cookies, please refer to the Company’s Cookie Policy.
7. International Transfer of User Data
The Company’s servers are located in France and Japan. If you access the Company’s services from outside France and Japan, please be aware that your information may be transferred to, stored, and processed in our facilities and by those third parties with whom we share your personal information (see “Entrusting the Processing of Personal Information”), in the United States and other countries.
If you are a resident of the European Economic Area (EEA), United Kingdom (UK), or Switzerland, these countries may not have data protection laws or other similar laws as comprehensive as those in your country. However, the Company will take all necessary measures to protect your personal information in accordance with this policy and applicable law.
The Company implements measures to protect your personal information, which include using the European Commission’s Standard Contractual Clauses (SCCs) with service providers like AWS. These clauses ensure that all recipients protect all personal information processed from the EEA or UK in accordance with European data protection laws and regulations. Copies of the Company’s SCCs are available upon request. The Company has also implemented similar appropriate safeguards with third-party service providers and partners, and further details can be provided upon request.
8. Destruction of Personal Information
The Company retains users’ personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require the Company to keep your personal information for longer than two years.
When the Company no longer has an ongoing legitimate business need to process your personal information, it will delete or anonymize such information. If this is not possible (for example, because your personal information has been stored in backup archives), then the Company will securely store your personal information and isolate it from any further processing until deletion is possible.
9. Security of Personal Information
Thinkfree takes the following measures to protect the security of users’ personal information:
- Encryption of Confidential Personal Information:
Confidential personal information is encrypted for storage and management. - Prevention of Hacking and Computer Viruses:
The Company installs a personal information processing system with protective measures against external intrusions to protect personal information from hacking, viruses, and other external threats. - Access Restriction and Training:
The Company minimizes the number of employees who handle personal information and provides regular training on personal information protection obligations and security.
Despite these efforts, electronic transmission over the internet or information storage technology cannot be guaranteed to be completely secure. Therefore, there is a possibility that hackers, cybercriminals, or other unauthorized third parties could circumvent the Company’s security systems and improperly collect, access, steal, or modify personal information.
The Company will do its best to protect users’ personal information, but users assume the risk related to personal information transmission to and from the Company’s services. Users should access the services only within a secure environment.
10. Collection of Minors' Information
Users under the age of 18 are not allowed to use the services. The Company does not knowingly collect, solicit, or market data from users under 18, nor does it sell personal information of users under 18.
By using the services, users affirm that they are at least 18 years old or the parent or guardian of a user under 18 and consent to such minor’s use of the services.
11. Rights and Obligations of Users and Legal Representatives
In certain regions, such as specific states in the United States, the European Economic Area (EEA), the United Kingdom (UK), Switzerland, and Canada, users may have enhanced access and control over their personal information.
1. Rights for Users Residing in the EEA, UK, Switzerland, and Canada
- Right to Access and Request Copies of Personal Information: Users have the right to access and request copies of their personal information.
- Right to Request Correction or Deletion: Users have the right to correct inaccurate information or delete unnecessary information.
- Right to Restrict Processing: Users have the right to restrict the processing of their personal information under certain circumstances.
- Right to Data Portability: Where applicable, users have the right to transfer their personal information to another service.
- Right to Object to Automated Decision-Making: Users have the right not to be subject to decisions based solely on automated processing.
- Right to Object to Processing: Users may object to the processing of their personal information in certain situations.
The Company will consider and take action on all requests in accordance with applicable data protection laws. Users can contact data protection authorities or lodge complaints if they believe the Company is unlawfully processing their personal information.
- EEA or UK:
- National Data Protection Authorities: JUSTICE AND CONSUMERS ARTICLE 29 – National Data Protection Authorities (europa.eu)
- UK Data Protection Authority: Make a complaint about how an organisation has used your personal information | ICO
- Switzerland:
- Federal Data Protection and Information Commissioner: Homepage (admin.ch)
2. Withdrawal of Consent
If the Company processes personal information based on user consent, users have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing before its withdrawal nor does it affect processing based on other legal grounds. Withdrawing consent may limit the ability to use the services.
For questions or comments about privacy rights, users can email [email protected].
12. Control Over Do Not Track Features
Most web browsers, as well as some mobile operating systems and applications, include a Do Not Track (DNT) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. However, no uniform technology standard for recognizing and implementing DNT signals has been finalized as of the date this policy was written. As such, our service does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.
If a standard for online tracking is adopted in the future that we must comply with, we will inform you about that practice in a revised version of this privacy policy.
You can also manage cookie settings to control the use of cookies and online tracking technologies. However, please note that blocking cookies may impact the availability and functionality of some services, such as automatic website login.
A. Web Browser
- Microsoft Edge:
[Settings] → [Cookies and site permissions] → Uncheck [Allow sites to store and read cookie data] - Chrome:
[Settings] → [Privacy & Security] → [Cookies and other site data] → [Block all cookies]
B. App
- Android:
[Settings] → [Google] → [Ads] → [Disable Ads Personalization] - iOS
[Settings] → [Privacy & Security] → [Tracking] → [App recommends tracking]
13. Personal Information Protection Officer
The Company designates the following department and person in charge of handling complaints regarding personal information protection and managing personal information:
A. Chief Privacy Officer (CPO)
- Name: Jihoon Park
- Department and Position: Strategic Growth Division / Division Manager
- Email: [email protected]
B. Department for Personal Information Viewing and Complaint Handling
- Name: Jihoon Park
- Department and Position: Strategic Growth Division / Division Manager
- Email: [email protected]
Users may request to view their personal information under Article 35 of the Personal Information Protection Act, and the Company will strive to promptly handle users’ requests and complaints regarding personal information.
14. Specific Country Residents' Rights
A. Privacy Rights for Residents of the United States
- Right to Access Personal Information
- You have the right to access the personal information the company holds about you.
- You can request details on how your personal information is being processed.
- Right to Rectify Inaccurate Information
- You have the right to correct any inaccurate personal information.
- Right to Request Copies of Personal Information
- You have the right to request copies of your personal information.
- Right to Request Deletion of Personal Information
- You can request the company to delete your personal information.
- Right to Withdraw Consent
- You have the right to withdraw your consent to the processing of your personal information.
Category
|
Examples
|
Collected and Disclosed
|
---|---|---|
A. Identifiers
|
Real name, alias, postal address, phone number or mobile contact number, unique personal identifier, online identifier, IP address, email address, and account name
|
Collected
|
B. Personal information categories listed in the California Customer Records statute
|
Name, contact information, education, employment, employment history, and financial information
|
No
|
C. Protected classification characteristics under state or federal law
|
Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data
|
No
|
D. Commercial information
|
Transaction information, purchase history, financial details, and payment information
|
No
|
E. Biometric information
|
Fingerprints and voiceprints
|
No
|
F. Internet or other similar network activity
|
Browsing history, search history, online behavior, interest data, interactions with our website, applications, systems, and advertisements
|
Disclosed
|
G. Geolocation data
|
Device location
|
Disclosed
|
H. Audio, electronic, visual, or similar information
|
Images and audio, video, or call recordings created in connection with our business activities
|
No
|
I. Professional or employment-related information
|
Business contact details for providing our services or information during a job application
|
No
|
J. Education information
|
Student records and directory information
|
No
|
K. Inferences drawn from other personal information
|
Inferences drawn to create a profile about personal preferences and characteristics
|
No
|
L. Sensitive personal information
|
|
No
|
Additionally, we may collect personal information from you through interactions with us online, by phone, or by mail for:
- Customer support channels
- Participating in customer surveys or contests
- Facilitating the provision of our services and responding to your inquiries
User’s Rights
Under certain U.S. state data protection laws, you have rights including, but not limited to:
- Right to Know whether the company is processing your personal data.
- Right to Access your personal data.
- Right to Correct inaccuracies in your personal data.
- Right to Request Deletion of your personal data.
- Right to Obtain a Copy of the personal data you have previously shared with the company.
- Right to Non-Discrimination for exercising your privacy rights.
- Right to Opt-Out of the sale or sharing of your personal data for targeted advertising, and other profiling activities.
Depending on your state of residence, you may also have:
- Right to Obtain a List of third parties to whom your personal data was disclosed for direct marketing (as allowed by California and Delaware privacy laws).
- Right to Obtain a List of specific third parties to whom your personal data was disclosed (as allowed by Oregon privacy law).
- Right to Limit Use and Disclosure of sensitive personal data (as allowed by California privacy law).
- Right to Opt-Out of the collection of sensitive data through voice or facial recognition (as allowed by Florida privacy law).
Exercising User’s Rights
To exercise these rights, email [email protected] or submit a form at https://thinkfree.com/contact-sales/.
Under certain U.S. state data protection laws, you can designate an authorized agent to make requests on your behalf. The company may require proof that the agent has been authorized to act on your behalf and may deny requests if such proof is not provided.
Verification of Requests
Upon receiving your request, the company may need to verify your identity to ensure you are the same individual about whom the information is held. This may involve requesting additional information for verification purposes. If you submit a request through an authorized agent, the company may collect additional information to verify your identity and authorization before processing the request.
Appeals
If the company denies your request, you may appeal the decision by emailing [email protected]. The company will provide written notice of any action taken or not taken in response to your appeal, including an explanation of the reasons for the decision. If your appeal is denied, you may submit a complaint to your state’s Attorney General.
California “Shine The Light” Law
California Civil Code Section 1798.83, also known as the “Shine The Light” law, allows California residents to request and obtain information about personal data disclosed to third parties for direct marketing purposes once a year, free of charge. If you are a California resident and would like to make such a request, email [email protected] or submit a form at https://thinkfree.com/contact-sales/.
B. Privacy Rights for Residents of Australia and New Zealand
The company collects and processes personal information in accordance with the Australian Privacy Act 1988 and the New Zealand Privacy Act 2020 (Privacy Acts). This privacy policy meets the notification requirements of the Privacy Acts, particularly the information the company collects from users, the sources, purposes, and other recipients of users’ personal information.
Refusal to provide personal information necessary for achieving the specified purposes may affect the company’s ability to:
- Provide desired products or services.
- Respond to user inquiries or provide requested assistance.
Users have the right to request access to or correction of their personal information at any time. To exercise these rights, email [email protected] or submit a form at https://thinkfree.com/contact-sales/.
If you believe the company is processing your personal information unlawfully, you can contact or lodge a complaint with the data protection authorities:
- Office of the Australian Information Commissioner: Lodge a privacy complaint with us | OAIC
- Office of New Zealand Privacy Commissioner
C. Privacy Rights for Residents of South Africa
Users have the right to request access to or correction of their personal information at any time. To exercise these rights, email [email protected] or submit a form at https://thinkfree.com/contact-sales/.
If you believe the company is processing your personal information unlawfully, you can contact the regulatory authority:
- The Information Regulator (South Africa)
- General inquiries: [email protected]
- Complaints (POPIA/PAIA Form 5): [email protected], [email protected]
15. Obligation to Provide Advance Notice of Changes to the Privacy Policy
The Company may update this Policy from time to time. The revised version will be indicated by an updated “Revised” date at the top of this Policy. If there are material changes to this Policy, the Company will notify users by prominently posting a notice of such changes or by directly sending notifications to users. Users are encouraged to review this Policy frequently to stay informed about how the Company is protecting their information.
16. Contact Information for Inquiries
If you have any questions or comments about this notice, you may email us at [email protected] or send mail to the following address:
- Company: Thinkfree Inc.
- Address: 5th Floor, Hancom Tower, 49 Daewangpangyo-ro, 644 Beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, 13493, Republic of Korea
17. Reviewing, Updating, and Deleting Collected Data
Depending on your country of residence or state within the United States, you may have the right to request access to the personal information the Company has collected about you, details about how your information is processed, correction of inaccurate information, and deletion of your personal information. Additionally, you may have the right to withdraw your consent to the processing of your personal information. These rights may be limited in certain circumstances by applicable law. To request to review, update, or delete your personal information, please email us at [email protected] or submit a form at https://thinkfree.com/contact-sales/.