Privacy Policy

Article 1 (Purpose of Processing Personal Information)

Qoom Networks Inc. (hereinafter the “Company”), which operates Moaform (www.moaform.com, hereinafter the “Service”), processes personal information for the following purposes and does not use such information for any purpose other than those set forth below.

1. to confirm a customer’s intention to register, identify and authenticate the customer in connection with the provision of services, maintain and manage membership status, process payments arising from the supply of goods or services, and supply and deliver goods or services;
2. to prepare and analyze statistics based on information that cannot identify an individual; and
3. to promote that a member is a user of Moaform if the member has publicly conducted or is conducting a survey using Moaform.

 

Article 2 (Period of Processing and Retention of Personal Information)

1. The Company processes and retains personal information within the personal information retention and use period consented to by the data subject at the time of collection, or within the retention and use period prescribed by applicable laws and regulations.
2. In principle, once the purpose of collection and use of personal information has been achieved, the Company destroys the relevant information without delay. However, where preservation is required under applicable laws, the Company retains personal information for the periods set forth below:
3. records on labeling and advertising: six (6) months;
4. records on contracts or withdrawal of subscriptions, etc.: five (5) years;
5. records on payments and the supply of goods, etc.: five (5) years;
6. records on consumer complaints or dispute resolution: three (3) years;
7. records on the collection, processing, and use of credit information, etc.: three (3) years; and
8. records related to the provision of communication fact confirmation data: three (3) months.

 

Article 3 (Provision of Personal Information to Third Parties)

1. The Company does not provide personal information to a third party except where the data subject has separately consented, where there is a special provision in law, or where such provision falls under Article 17 of the Personal Information Protection Act.
2. When the Service uses information received from Google APIs or transfers such information to another app, the Company complies with the Google API Services User Data Policy and the Limited Use requirements.

 

Article 4 (Entrustment of Personal Information Processing)

1. For the efficient processing of personal information-related tasks, the Company entrusts the following processing tasks:
2. Payple Inc.: agency services for credit card payment authorization and purchase processing, date of birth and corporate business registration number for payment confirmation, and email address for payment-related contact;
3. GSMbiz Co., Ltd.: recipient phone number for sending response reward coupons;
4. Daou tech, Inc.: recipient phone number for sending response reward coupons;
5. AWS: operation of servers and databases;
6. When entering into an entrustment agreement, the Company specifies in documents such as the agreement, in accordance with Article 25 of the Personal Information Protection Act, matters concerning responsibilities including the prohibition of processing personal information for any purpose other than the performance of the entrusted tasks, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of the entrusted party, and compensation for damages, and supervises whether the entrusted party safely processes personal information.
7. If the details of the entrusted tasks or the entrusted party change, the Company will disclose such changes without delay through this Privacy Policy.

 

Article 5 (Use of Third-Party AI Models)

1. The Company may use third-party AI models or related APIs/platforms provided by OpenAI, Anthropic, and Google in order to perform functions requested by users and improve service quality. The specific provider and service configuration actually used may vary depending on the relevant feature, operational environment, and technical needs.
2. When a user uses an AI-based feature, the Company may process the user’s input data and generated results through a third-party AI model provider’s API or platform only to the extent necessary to perform the relevant function. The Company does not transmit or use such data for general exploitation or for the provider’s model training or product improvement.
3. The Company uses only commercial or paid APIs, or comparable enterprise configurations, provided by OpenAI, Anthropic, and Google, and, as a general rule, only uses configurations under which users’ input data and generated outputs are not used for the provider’s AI model training or product improvement. The Company will not use configurations that materially reduce this level of protection without separate notice or consent where required.
4. Such data is not stored for general use or permanent retention, but may be temporarily stored, logged, cached, or otherwise processed within a limited scope for purposes such as service provision, system stability, abuse prevention, security, compliance with applicable policies and laws, and state retention necessary for functionality.
5. Such retention is carried out for a limited period in accordance with each provider’s policy and the service configuration selected by the Company, and, after that period, the data may be deleted, removed, or no longer maintained in an identifiable form. However, exceptions may apply where the user submits specific feedback, uses features that require file or state storage, or retention is required for legal compliance or special security reasons.
6. Users may use AI-based features only if they directly activate the relevant feature.
7. The Company provides explanations regarding AI-based features and the necessary information regarding the processing of user data, and complies with applicable laws and regulations.

 

Article 6 (Integration with External Services)

The Company provides features that allow users to integrate surveys created in the Service with various external services. When such external service integration occurs, relevant data may be transmitted to the servers of the relevant service provider, and the Company complies with the following:

1. By integrating surveys created in the Service with external services, the Company provides functions such as data analysis, notifications, automation, and data management.
2. Data transmitted in the course of integration may include survey content created by the user, response data, user account information, and similar information, and the specific items actually transmitted may vary depending on the external service selected by the user and the user’s settings.
3. The Company transmits relevant data to the external service provider only when the user directly activates the external service integration feature, and only to the extent necessary for the relevant integration.
4. Before a user activates an external service integration, the Company provides notice through the relevant integration settings screen or a similar screen regarding the target service, the scope of data to be transmitted, and major matters requiring attention.
5. If a user activates an external service integration feature, the relevant data may be processed or stored outside the Republic of Korea depending on the operating policy and infrastructure environment of the relevant external service. The Company will provide notice of such possibility through the relevant integration settings screen or a similar screen, and the user may activate the integration after reviewing such notice and, where necessary, giving consent.
6. After the transmission of data, the processing, storage, security measures, and overseas transfer, if any, of data within the external service are governed by the terms and personal information-related policies of the relevant external service provider.
7. Users may disable most external service integrations within the Service, and once disabled, data will no longer be transmitted to the relevant external service. However, for some external services, disabling the integration may only be possible on the platform of the relevant external service.
8. To prevent data leakage and infringement of personal information that may occur in the course of integration with external services, the Company monitors such integrations to the extent necessary and endeavors to ensure safe data processing through cooperation with external service providers.
9. If there are material changes relating to integration with external services, the Company will disclose them without delay through this Privacy Policy and notify users. A specific list of external services is stated on the “Integrations” page of each survey or in a similar location.
10. The Company endeavors to maintain transparency in the processing of user data, and users may request additional information regarding such processing where necessary.

 

Article 7 (Rights and Duties of Data Subjects and Legal Representatives; Method of Exercise)

1. A data subject may exercise the following rights related to the protection of personal information against the Company at any time:
2. the right to request access to personal information;
3. the right to request correction where there is an error, etc.;
4. the right to request deletion; and
5. the right to request suspension of processing.
6. The rights under Paragraph 1 may be exercised by contacting the Company in writing, by email, through customer support, or by other similar means, and the Company will take action without delay.
7. If a user requests correction or deletion of personal information due to an error or the like, the Company will not use or provide the relevant personal information until such correction or deletion has been completed.
8. In the case of a child under fourteen (14) years of age, the rights under Paragraph 1 may be exercised through the user’s legal representative or an agent authorized by the legal representative. In such case, the legal representative shall have all rights of the user.
9. A data subject shall not infringe the personal information or privacy of the data subject or any third party that is being processed by the Company in violation of applicable laws, including the Personal Information Protection Act.

 

Article 8 (Categories of Personal Information Processed)

The Company processes the following categories of personal information:

1. Membership registration
2. Required items: name, email address, password
3. Purchase (member)
4. Required items: email address, access IP information, service usage records, date of birth, corporate business registration number, credit card information, name, and the first two digits of the credit card password
5. Complaint handling
6. Required items: email address

 

Article 9 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

1. The Company may use cookies and similar technologies in order to provide users with more appropriate and convenient services, maintain login status, analyze service usage, improve the Service, provide advertisements, and measure advertising performance.
2. The information that the Company may collect or verify through cookies and similar technologies, and the purposes of such use, are as follows:
3. to identify members, maintain login status, and provide convenience in using the Service;
4. to provide customized information to users in the process of creating and using surveys;
5. to operate the Service, including notifying users of paid service usage periods;
6. to analyze users’ access frequency, visit time, and usage patterns for service improvement; and
7. to provide advertisements, analyze ad exposure and usage patterns, and measure advertising performance.
8. Advertisements from Google and other advertising vendors or ad networks may be displayed on the Service. In the course of serving advertisements, such advertising vendors or ad networks may place or read cookies on users’ browsers and may collect information using web beacons, IP addresses, advertising identifiers, or similar technologies or identifiers.
9. Google and other advertising vendors or ad networks may serve advertisements based on a user’s visits to this Service or other websites. Accordingly, Google’s use of advertising cookies enables Google and its partners to serve personalized advertisements to users, and additional third-party ad networks may be used depending on the Company’s advertising operations.
10. Users may opt out of personalized advertising by visiting Google Ads Settings. Users may also opt out of personalized advertising by some third-party advertising vendors or ad networks through aboutads.info.
11. Users may refuse the storage of cookies or delete cookies that have already been stored through their web browser settings. However, if users refuse the storage of cookies, some features of the Service may be restricted or may not function properly.
12. The Company may use third-party advertising vendors or ad networks other than Google as needed for advertising operations, and in such cases, the Company may provide the notices required by applicable laws and advertising policies through this Privacy Policy or relevant screens.

 

Article 10 (Destruction of Personal Information)

In principle, where the purpose of processing personal information has been achieved, the Company destroys the relevant personal information without delay. The procedures, deadlines, and methods of destruction are as follows:

1. Destruction procedure
2. Information entered by users is transferred to a separate database after the purpose has been achieved, retained for a certain period in accordance with internal policies and other applicable laws, and then destroyed. Personal information transferred to a separate database is not used for any purpose other than as required by law.
3. Destruction deadline
4. If the retention period of a user’s personal information has expired, the personal information is destroyed within five (5) days from the end date of the retention period. Where the personal information has become unnecessary due to achievement of the purpose of processing, discontinuance of the relevant service, termination of the business, or any similar reason, the personal information is destroyed within five (5) days from the date on which it is recognized that such personal information has become unnecessary.
5. Destruction method
6. Information in electronic file form is deleted using technical methods that make recovery or reproduction impossible.

 

Article 11 (Measures to Ensure the Security of Personal Information)

In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, managerial, and physical measures necessary to ensure the security of personal information:

1. Minimization and training of employees handling personal information
2. The Company designates employees who handle personal information and limits such handling to designated personnel in order to minimize the number of employees handling personal information and implement measures for personal information management.
3. Regular internal audits
4. The Company conducts regular internal audits (once every quarter) to ensure safety in the handling of personal information.
5. Encryption of personal information
6. Users’ personal information and passwords are stored and managed in encrypted form, and important data is protected by separate security functions such as encryption of files and transmitted data or the use of file-locking functions.
7. Technical measures against hacking, etc.
8. To prevent leakage and damage of personal information caused by hacking or computer viruses, the Company installs security programs, performs periodic updates and inspections, and installs systems in areas with controlled external access and monitors and blocks them technically and physically.
9. Restriction of access to personal information
10. The Company takes necessary measures to control access to personal information by granting, changing, and revoking access rights to the database system that processes personal information, and uses an intrusion prevention system to control unauthorized external access.
11. Retention of access records and prevention of tampering and falsification
12. The Company retains and manages records of access to personal information processing systems for at least six (6) months and uses security functions to prevent such access records from being tampered with, falsified, stolen, or lost.

 

Article 12 (Chief Privacy Officer)

1. The Company has designated the following Chief Privacy Officer to take overall responsibility for personal information processing and to handle complaints and provide remedies for damages related to personal information processing:
2. Chief Privacy Officer
3. Name: Myoung cheol Seo
4. Position: CEO
5. Title: Representative Director
6. Contact: mcseo@qoom.net
7. Data subjects may contact the Chief Privacy Officer regarding any inquiries, complaints, or remedies for damages related to personal information protection arising in the course of using the Company’s services. The Company will respond to and process such inquiries without delay.

 

Article 13 (Changes to the Privacy Policy)

1. The Company discloses this Privacy Policy on the initial screen of the Service or through a linked page.
2. At the time of membership registration, the Company allows users to review the contents of this Privacy Policy through a linked page.
3. The Company may amend this Privacy Policy to the extent that such amendment does not violate applicable laws and regulations.
4. If the Company amends this Privacy Policy, it shall specify the effective date, the reason for amendment, and the major changes, and post the amended Privacy Policy together with the current Privacy Policy on the initial screen of the Service or through a linked page from seven (7) days prior to the effective date until the day immediately preceding the effective date. However, if the amendment is unfavorable to users or data subjects, the Company shall provide at least thirty (30) days’ prior notice by the same method and also notify them individually by email or other appropriate means.
5. If the Company clearly notifies users or data subjects, in accordance with the preceding paragraph, that failure to express an objection by the effective date shall be deemed consent, and a user or data subject nonetheless does not explicitly state an objection, such user or data subject shall be deemed to have agreed to the amended Privacy Policy.
6. If a user or data subject does not agree to the amended Privacy Policy, the user may discontinue use of the Service and, where applicable, request membership withdrawal.