Privacy Policy

Airbridge Academy Privacy Policy

Airbridge, Inc., including all of its affiliates, (collectively, the "Company") complies with the Personal Information Protection Act and other applicable laws and regulations to protect personal information of users provided or collected on the website on which this Privacy Policy is posted, and the Company’s Privacy Policy is as follows.

As a controller of information provided or collected via the website, the Company hereby informs users via this Privacy Policy regarding the purpose and manner in which the Company uses personal information provided by users to the Company and what measures are taken for protection of personal information.

This Privacy Policy shall be effective as of March 28, 2023, and the Company shall notify users in the event of any further amendment of this Privacy Policy by notice on the website (or by individual notification via e-mail).

※ This Privacy Policy has been in effect since March 28, 2023 and was last amended on March 29, 2023.

1. Information Collected and Collection Method

1) Items of Personal Information Collected

The Company collects the following items of personal information.

(1) Information Provided by Users

Service

Items Collected

Membership Service

Name (last name, first name), e-mail address, company, position, ID, password

Online Payment Service

Name (last name, first name), address, telephone number, e-mail address
Payment information, such as account numbers and card numbers
Shipping information, such as shipping address, name of recipient, and contact information of recipient

(2) Information Collected When Users Use Services

	Items Collected
Device Information	Device identifier, operating system, hardware version, device settings, browser type, version and settings, information regarding website use
Log Information	IP address, log data, hours of use, search words entered by users, cookies
Location Information	Information regarding location of device, including specific countries/cities/time zones relating to a point of access identified through Wi-Fi signals (to the extent permitted by laws of jurisdiction)
Other Information	User's preference for using services, advertising environment, pages visited

2) Collection Method

collects information which is directly entered by users via websites, such as homepage, written forms, and e-mails
collects information by using the user agent of connection IP and browser, creation information collection tool, etc.
receives information from partner companies

2. Use of Collected Information

The Company uses personal information for the following purposes. If the Company uses information for any purpose other than as specified in this Privacy Policy, the Company will seek the prior consent from the user.

1) Membership subscription and management on the website

Confirmation of user’s intention to join the membership, identification and verification of users for provision of membership-based services, maintenance and management of membership qualifications, prevention of abuse of services, preservation of records for various notices and notifications, grievance handling, and dispute settlement, etc.

2) Processing of complaints

Identification of complainants, confirmation of details of complaints, contact and notification for fact-finding, notification of response to complaint, etc.

3) Provision of goods or services

Performance of contracts relating to provision of services required by users, account settlement and payment of fees, provision of contents, provision of customized services, etc.

4) Improvement of existing services, development and specialization of new services.

5) Provision of services and posting of advertisements based on statistics regarding use of services by members and statistical characteristics of members' use of services.

6) Notification of changes in website features or policies.

7) Provision of marketing advertisements and promotional event information, and provision of opportunities for participation.

8) Other uses with the prior consent of users.

9) Where it is necessary to take measures to protect material interests of users or other natural persons, such as detection, prevention, and response to fraud, abuse, security risks and technical problems which may harm users or other natural persons.

10) Where it is necessary to comply with relevant laws, regulations, legal procedures, and government requests applicable to the Company.

3. Disclosure of Collected Information

The Company will not disclose user's personal information to any third party except:

1) where it is disclosed to affiliates, partners, and service providers of the Company, if:

such affiliate, partner, or service provider of the Company performs services on behalf of the Company, such as payment processing, fulfillment or orders, product delivery, dispute resolution, etc. (e.g., service providers of web analytics tool, web hosting and web development, editing and translation, CRM system services, cloud services, payment services, etc.); or
in a merger, sale, restructuring, reorganization, dissolution or bankruptcy, liquidation of the Company or any other similar procedure, information is transferred by the Company as part of its assets to the purchaser or the successors, etc.;

2) with the prior consent of user, if:

a user has provided prior consent such as where a user chooses to share the user's personal information with a specific business entity in order to receive information regarding its products and services; or

3) where disclosure is required by laws and regulations, if:

disclosure is required by applicable laws and regulations, or a request is made by an investigative agency for an investigation in accordance with the procedures and methods prescribed by laws and regulations.

4. Transfer of Personal Information Abroad

Unless otherwise specified in this Privacy Policy, a user's personal information is processed by the Company's servers located in Korea. However, since the Company operates its business globally, it may provide a user's personal information to the Company itself or a third party located in a foreign country for a purpose specified in this Privacy Policy. When Company uses or discloses personal information collected in the European Union, it will transfer personal information to a third country covered by an adequacy decision, and when transferring personal information to a country is not covered by an adequacy decision, the Company will transfer it overseas by taking appropriate safeguards or with the consent of user.

5. Delegation of Personal Information Processing

The Company delegates the processing of personal information as follows for orderly processing of personal information matters.

Items Subject to Transfer

Recipient’s Country

Transfer Method

Recipient of Transferred Information (Officer in Charge of Information Management)

Purpose of Use

Period of Retention and Use

Personal information collected

Canada

Online transmission using security protocols (encryption)

Thinkific Labs Inc. ([email protected])

Use of Thinkific’s services (outsourcing of physical operations environment)

Until withdrawal from membership or termination of contract (provided, if retention is required under other laws and regulations, until such time)

Personal information collected

Republic of Korea

Online transmission using security protocols (encryption)

AB180 Inc. ([email protected])

Operation of the Airbridge Academy

Until withdrawal from membership or termination of contract (provided, if retention is required under other laws and regulations, until such time)

In accordance with Article 26 of the Personal Information Protection Act, when entering into a delegation agreement, the Company specifies in such agreements and other documents matters related to responsibilities including, prohibition of personal information processing other than for the purpose of performing delegated duties, technical and administrative protection measures, restrictions on re-delegation, management and supervision of the delegatee, and compensation for damages, and the Company supervises whether the delegatee processes personal information safely.

If there is any change in the terms of the delegated duties or the delegatee, the Company will disclose such change through this Privacy Policy without delay.

6. Rights and Obligations of Data Subjects and Legal Representatives, and Exercise of Such Rights

1) Data subjects may exercise their rights in relation to the Company at any time, such as rights to access, correct, delete, and request for suspension of processing in relation to personal information.

2) Data subjects may exercise rights under paragraph 1) by using the ‘My Account’ menu on the web page or by writing (via e-mail) to the Company, and the Company will take measures without delay. However, the Company may decline a data subject’ s request if there is a reasonable ground specified in the relevant laws and regulations or another similar reason.

3) Data subjects may exercise rights under paragraph 1) through an agent, such as a legal representative or a person authorized by the data subject. In such cases, an agent shall submit a power of attorney to the Company which can confirm that the agent has been properly authorized by the data subject.

4) Data subjects’ exercise of rights under paragraph 1) may be restricted if there are grounds regarding use of the website and services provided by the Company and/or protection of personal information prescribed in the relevant laws and regulations.

5) The Company will verify whether a person who has made a request, such as a request for access, a request for correction or deletion, or a request for suspension of processing, is the data subject him or herself or a legitimate representative.

7. Destruction of Personal Information

In principle, the Company will destroy personal information without delay when the purpose of processing such personal information has been achieved. However, where it is required to retain personal information in accordance with the applicable laws and regulations, such personal information may be retained for a certain period. The procedure, timing, and methods of destruction of personal information are as follows.

1) Destruction Procedure

After the purpose of information processing has been achieved, information entered by a user will be either immediately destroyed, or destroyed after it is transferred to a separate database (for information in the form of a paper, to a separate document) and stored for a certain period of time in accordance with internal policies and other applicable laws and regulations. In the latter case, personal information transferred to the database will not be used for any purpose unless required by law.

2) Destruction Schedule

Personal information of a user will be destroyed within five (5) days from the last day of the retention period if the retention period of the personal information has elapsed, or within five (5) days from the date on which it was determined that processing of the personal information would not be necessary due to reasons such as achievement of the purpose of processing personal information, discontinuance of relevant services, and termination of the business.

3) Destruction Method

Personal information recorded or stored in the form of papers will be destroyed by shredding, and personal information in the form of electronic files will be destroyed using technical methods that will not allow restoration of such records.

8. Matters Regarding Installation and Operation of Automatic Personal Information Collection Device and Rejection

1) The Company uses ‘cookies,’ which store and summon usage information from time to time, to provide individually targeted services.

(1) Cookies constitute a small amount of information that the server (http), which is used to operate the website, sends to a user’s computer browser and they can also be stored on the hard disk of a user’s personal computer.

i. The Company collects and stores cookies which can identify patterns of visits and usage, popular search terms, secure access, etc. with respect to each service and website visited by users and uses cookies to provide optimized information to users.

	Collected Items and Purpose of Use
Essential Cookies	These cookies are necessary for users to use the features of the Company's website, and services such as course enrollment and electronic bills cannot be provided unless these cookies are allowed. These cookies: remember information entered in an order form when searching for other pages during a web browser session; remember services ordered; verify that whether a user is logged into the website; confirm that users are connected to the correct services on the Company’s website when the Company changes the operation format of the website; and connect users to specific servers in relation to a service.
Execution Cookies	These cookies gather information about how users are using the Company's website, such as information regarding most frequently visited pages, to optimize the website and improve user experience. These cookies do not collect any information about who the user is, and any information collected is processed in bulk, ensuring anonymity. These cookies: provide statistics on how to use the website; verify effectiveness of the Company's advertisements; provide anonymous feedback to partner companies about users visiting their websites; and help to improve the website by measuring errors which may occur.
Feature Cookies	These cookies are used to remember settings in order to provide services or improve the experience of using the website, and information collected by these cookies do not identify users individually. These cookies: remember settings applied, such as layout, text size, default preferences, and colors; and remember when customers respond to the Company’s surveys.
Target Cookies	These cookies connect to services provided by third parties. These cookies: provide information regarding user visits to advertising agencies so that they can propose advertisements which users may be interested in.

2) Users have the right to choose whether to install cookies, and users can elect not to save any or all of the cookies via the options setting of the web browser.

3) If users restrict storing of cookies, it may be difficult to use some of the services provided by the Company.

9. Third-party Websites and Services

The Company's websites, products, or services may include links to a third party’s websites, products, or services. Since the privacy policy of a linked third-party website may differ from the Company's Privacy Policy, when using the linked third-party website, users should further review the website's privacy policy.

10. Protection of Children's Personal Information

The Company's websites, products, and services are provided for the general public, and the Company does not, in principle, collect information from any child under the age of 13 or the applicable minimum age under applicable laws. However, if the Company has no choice but to collect personal information of a child under the age of 13 or the applicable minimum age under applicable laws for use of services, the following additional procedures are required to protect personal information of children:

verifying, to the extent of reasonable efforts, whether a child is of an age requiring consent from a guardian, and whether the person providing consent is a competent guardian;
obtaining guardian consent to collect personal information of a child or to directly send products or service information of the Company to a child;
notifying the guardian of the Company's Privacy Policy on the protection of a child’s personal information, including the items, purposes, and whether to share collected personal information;
granting a child’s legal representative authority to request access to personal information of the child, correction or deletion of personal information, temporary suspension of personal information processing, and withdrawal of consent provided; and
restricting collection of personal information beyond the level necessary for use of the website.

11. Guidance for California Residents

California residents may have the following specific additional rights. To comply with California's Online Privacy Protection Act, the Company has prepared preventive measures for protection of personal information of members:

1) users may request confirmation of information leakage if any personal information has been leaked. All users of the Company's website may also access their personal accounts and change their information at any time by using the ‘My Account’ menu; and

2) the Company does not track visitors to its website. It also does not use any 'tracking prevention' signal. The Company does not collect personal identification information or provide it to third parties through advertising services without the consent of the user.

12. Privacy Officer

The Company has designated a Privacy Officer who is responsible for overseeing the processing of personal information, and for managing complaints and damage relief in respect of processing of personal information of data subject.

The data subject may contact the Company (at [email protected]), the Privacy Officer, or the relevant department regarding any issue related to protection of personal information which occurred while using the Company’s services (or business), such as, inquiries, processing of complaints, damage relief, and requests to access personal information.

The Privacy Officer is as follows:

Category	Name	Responsible department	E-mail
Privacy Officer	Sungpil Nam	Enablement & Knowledge Development Team	[email protected]

13. Modification of Privacy Policy

1) The most recently amended provisions relative to the effective date of this Privacy Policy will apply in relation to the Company's protection of personal information, and the last amended date of the Privacy Policy will be displayed at the top of the page. The Company reserves the right to modify or amend this Privacy Policy from time to time. If the Company amends this Privacy Policy, it will provide notice on the website (or by individual notification via e-mail), and if required under applicable laws and regulations, the Company will seek user's consent.

2) Users are responsible for regularly visiting the Company's website and this Privacy Policy page to stay informed of any changes to the Privacy Policy.

14. Measures to Ensure Safety of Personal Information

The Company implements technical/administrative and physical measures necessary to ensure safety as follows:

1) Implementation of regular self-audits

The Company regularly conducts self-audits to ensure safety in the handling of personal information.

2) Minimization of number of employees handling personal information and training

The Company implements personal information management measures which minimize the number of persons involved by designating the employees who handle personal information and restricting the handling to the designated persons.

3) Establishment and implementation of internal management plans

The Company has established and implemented internal management plans to safely process personal information.

4) Technical measures against hacking, etc.

In order to prevent leakage or damage in relation to personal information due to hacking, computer viruses, etc, the Company has installed and periodically update and inspect security programs, and installed systems in areas with controlled access from the outside, and monitor and block the systems technically/physically.

5) Encryption of personal information

Only the user can know his/her password as passwords are stored and managed after encryption. Separate security features such as encryption and file lock function are applied to files and transmitted data to protect material data.

6) Retention of access records and falsification prevention

The records of access to the personal information processing system are stored and managed for a period as permitted under the relevant laws and regulations, and security features are applied to prevent falsification, theft, and loss of the access records.

7) Restriction of access to personal information

The Company takes necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and the Company uses an intrusion prevention system to control unauthorized access from the outside.

8) Access control for unauthorized persons

The Company maintains a separate physical storage area for storing personal information, and the Company has established and operate access control procedures for the area.