The safe handling of the personal information of our users is one of the most important things for us when providing our Service. Shiftee Inc. (hereinafter referred to as ‘Shiftee’) shall protect personal information of Users (hereinafter referred to as ‘users’, ‘user’) in accordance with the relevant laws and regulations such as the Promotion of Information and Communication Network Utilization and Information Protection Act, the Personal Information Protection Act. To handle such matters promptly and smoothly, Shiftee establish a privacy policy as follows. The collected personal information of the users will be utilized to provide more convenient service to the users. The privacy policy is disclosed to the users through the Shiftee website, can be viewed at any time, and may be subject to changes to comply with the privacy laws, guidelines, notices, or the mobile app and web application service policies. If the English version and the Korean version of the Privacy Policy are different, the Korean version should take precedence over the English version.
1. Collecting and Using Personal Information
2. Provision of Personal Information to third-party
3. Entrustment of Personal Information
4. Archiving and Destroying Personal Information Records
5. Mobile App
6. Cookies
7. Rights of Users & Legal Representatives and Exercising Those Rights
8. Links to Third Party Sites
9. Sending Advertisement information
10. Actions Taken to Protect Personal Information
11. Chief Privacy Officer
12. Obligation to Notify Prior to Amendment
A. Shiftee collects the User's personal data to provide our service. Shiftee collects the minimum personal information from the Users at the time they sign up. When collecting additional personal information, the Users are provided with further guidance regarding the ‘collected items of personal information, purposes of collecting and using personal information, and the retention period of personal information’ at the time of collecting such personal information and are asked to provide their consents.
B. When Shiftee collects the User's personal data, the minimum personal information required for providing a service is classified as ‘Required’ and other personal information is classified into ‘Optional’ and procedures are established for individual consents. Shiftee should not refuse to provide a service to the User who have expressed their intention to only provide ‘Required’ personal information referred above.
C. The personal information that Shiftee collects from users are as follows. Shiftee does not use or provide any of the User's personal information for other purposes without the User's consent.
| Service Name | Collected Personal Information Item | Purpose | Retention and Usage Period |
|---|---|---|---|
| Sign up | 1. Sign up by email - (Required)name, email, (Optional)phone number 2. Sign up by Naver Oauth - (Required)name, email, (Optional)phone number 3. Sign up by Google Oauth - (Required)name, email, (Optional)phone number 4. Sign up by Kakaowork Oauth - (Required)name, email, (Optional)phone number |
Sign up, Membership management, Providing Shiftee Service by Joining a Company | Upon membership withdrawal(In accordance with relevant laws) |
| Shiftee service (Customer Data) |
(Optional)name, email, phone number, company name, employee number, job title, department name, timeclock area address, shift, break times, attendance, leave, date of employment, date of termination | Providing Shiftee Service, Providing Integration Service, Guide for Shiftee Service, Statistical analysis of Service Usage, Service fee settlement and payment | Upon end of the Service or contract or as specified in a separate contract(In accordance with relevant laws) |
| Customer service | (Required)name, company name, email, phone number | Providing Customer Service | 3 years |
| Contact Sales | (Required)name, company name, email, phone number | Response to sale contact | 3 years |
| Contact Biz | (Required)name, job title, company name, email, phone number | Response to Partnership / Other Inquiries | 3 years |
| Application for K-voucher | (Required)name, company name, email, phone number | Response to Application for K-voucher | 3 years |
| Application for Cloud voucher | (Required)name, company name, email, phone number | Response to Application for Cloud voucher | 3 years |
| Subscription to Shiftee News Letter | (Required)name, email, company name, department, job title |
Providing the Shiftee News Letter | Upon the end of subscription |
| Application for clock in and out omission prevention sticker | (Required)name, company name, email, address (Optional)phone number |
Delivering the clock in and out omission prevention sticker | 3 years |
| Shiftee Service fee payment | (Required)card number (last 4 digits), company name, company registration number, CEO name, email, address, phone number | Shiftee Service fee payment and card registration, Manage Customer using paid service. | Upon membership withdrawal(In accordance with relevant laws) |
D. The IP address, cookies, service usage records, abusement records, device information, OS and location information of the User under the consent of terms of location based service may be generated and collected during the use of service.
F. Shiftee should collect the personal information data based on the User's agreement, if there is no any other relevant laws regarding the issues. Shiftee does not collect any sensitive data (e.g. personal data revealing racial, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or personal data relating to criminal convictions and offences) unless the User has agreed on to provide a data or due to abiding by the rules of relevant laws .
G. Shiftee collects personal information under the following methods.
(1) If the user agrees to the collection of personal information and enters his/her personal information when signing up for the use of service, such personal information will be collected.
(2) Personal information of the users may be collected through websites, email, fax, phone, etc. during the consultation through the Customer Service.
(3) Personal information provided from Shiftee’s Partners under users consent.
(4) Generated information may be automatically generated and collected during the use of PC web or mobile web/app.
H. Shiftee does not accept a membership for the children under the age of 14 who require the consent of a legal representative.
I. Personal information collected for the payment is collected and stored by the payment agency (PG company), and Shiftee only receives the transaction histories provided by the payment agency.
J. Users are responsible for problems caused by users directly entering personal information not collected, used, or requested by Shiftee within the Service.
A. Shiftee uses and provides the personal information of the User within the scope notified in paragraph 1 “Collecting and Using Personal Information”. Otherwise, Shiftee does not use or provide the information to the third parties. But, exceptionally, personal information could be provided without consent in some cases as follows.
(1) if the User agrees to provide personal information in advance.
(2) if there is a request from the investigating agency in accordance with procedures and methods prescribed in laws and ordinances for purposes of investigation pursuant to the provisions of laws and regulations.
(3) if necessary for payment settlement.
(4) if an agreement is unavailable even if the personal information is needed for an urgent issue with life, physical safety, profits of the User or the third party.
B. Cases when personal information is provided to third party after the User's consent
| Provided to | Purpose | Provided Personal Information Item | Retention and Usage Period |
|---|---|---|---|
| Kakao Enterprise Corp. | Changing employee status in Kakaowork | leave, shift | Upon the deletion of workspace in Kakaowork |
A. In order to improve our service, Shiftee has defined the necessary items to be managed safely when consigning the management of personal information.
Please be assured that Shiftee has the necessary policy to ensure that your personal information is safely handled during the contract of consignment in accordance with the relevant laws and ordinances. The entrusted and consignment responsibilities are as follows.
| Entrusted Company | Entrusted Operations |
|---|---|
| The White Communication | Customer Service via phone, chat, and email, Contact Sales, Contact Biz |
| Amazon Web Services, Inc. | Data storage and infrastructure operation |
| Korea PortOne Co.,Ltd NHN KCP Corp. |
Payment of service fee |
| BusinessOn Communication Co.,Ltd. Modusign Inc. |
Providing Electronic signature API |
| NAVER Cloud Corp. | Sending SMS |
B. The entrusted work processed by an overseas corporation among entrustment is as follows.
| Entrusted Company | Chief Privacy Officer Contact Information | Location of Entrusted Company | Personal Information List for Entrustment | Entrusted Operations | Date of Entrustment & methods | Retention & Usage Period |
|---|---|---|---|---|---|---|
| Tawk.to inc. | support@tawk.to | US, Ireland | name, email, phone number | retention for history of Customer Service | remote transmission using networks when Customer Service is started by chat | 3 years |
| Google LLC. | googlekrsupport@google.com | US | name, email, phone number, job title, company, name | Management for Contact Sales, Contact Biz, Application for K-voucher, Application for Cloud Voucher and Application for clock in and out omission prevention sticker | remote transmission using networks after contact | 3 years |
| Google LLC. | googlekrsupport@google.com | US | Statistical analysis of service use | remote transmission using networks when starting statistical analysis of service usage | Upon end of statistical analysis of service usage | |
| Google LLC. | googlekrsupport@google.com | US | name, email, shift, leave | Providing Google Calendar Integration Service | remote transmission using networks when using Google Calendar Integration Service | Upon deletion of Google Calendar |
| Slack Technologies, LLC | privacy@slack.com | US | name, attendance, leave | Providing Slack Integration Service | remote transmission using networks when using Slack Integration Service | Upon deletion of Channel in Slack |
| Microsoft Corporation | Mskoreaprivacy@generalagent.co.kr | US | name, email, shift, leave | Providing MS Calendar Integration Service | remote transmission using networks when using MS Calendar Integration Service | Upon deletion of MS Calendar |
| Twilio Inc. | privacy@twilio.com | US | Sending verification email and management sending history | remote transmission using networks when sending emails | 7 days | |
| Wrike inc. | privacy@team.wrike.com | US | name, email, phone number, job title, company, name | Management for Contact Sales, Contact Biz, Application for K-voucher and Application for Cloud Voucher | remote transmission using networks after contact | 3 years |
| Rocket Science Group LLC | privacy@mailchimp.com | US | name, email | Sending email for guide of Shiftee service and Shiftee News Letter | remote transmission using networks when sending emails | Upon membership withdrawal or the end of subscription |
| Datadog inc. | privacy@datadoghq.com | US | name, email, phone number, company name, employee number, job title, department name, timeclock area address, shift, break times, attendance, leave, date of employment, date of termination | Monitoring Service and Collecting log | remote transmission using networks when sending logs | Upon of deletion of logs |
A. Personal information is destroyed without delay when the period of use and retention is achieved, and the procedure and method of destruction are as follows. In principle, the information entered by the User for membership is destroyed without delay when the purpose of collecting and using the personal information is achieved. However, when it is necessary to preserve it in accordance with the relevant laws and regulations, the member information is kept for a certain period set by the related laws and regulations.
| Retention Items | Conservation Grounds | Retention Period |
|---|---|---|
| Records about display/advertising | Consumer Protection Act in E-Commerce etc. | 6 months |
| Records on contracts, withdrawals, etc. | Consumer Protection Act in E-Commerce etc. | 5 years |
| Records on payment and supply of goods | Consumer Protection Act in E-Commerce etc. | 5 years |
| Records of consumer complaints or disputes | Consumer Protection Act in E-Commerce etc. | 3 years |
| Service history, access log, access IP information | Communications Privacy Protection Act | 3 months |
B. Destroy methods
(1) Personal information printed on paper will be destroyed by shredding or through incineration
(2) Personal information stored in electronic form is securely deleted by technical means to prevent its recovery or restoration.
C. Personal Information Validity Period Plan
(1) Shiftee separately stores and manages or deletes the personal information of users who have not used its service for at least one year in accordance with the Personal Information Validity Period Plan. However, if the User has made a separate agreement on the retention period, Shiftee can retain the personal information of users after one year.
(2) Shiftee should notify the expiry date and the fact that personal information items are separately stored and managed to the User. And these above should be notified to the User via email, notice on website until 30 days before the expiration of the period. Users must provide/modify the correct contact information to Shiftee.
A. When Shiftee provides the service through the smartphone app, Shiftee notifies the users that the device information, etc. will be accessed within the scope of the consent for the collection and use of personal information, and collects or transmits the information after obtaining confirmation.
B. Even if the users grant the app permission, all information related to the permission is not immediately collected or transmitted.
C. In order to provide the service, it is requested to the users to allow the app permission either to be required or optional, and the users can directly change the authority through the “Settings” menu in the device. Users can check details about the app permission on Play Store and App Store.
D. Even if the app is deleted on the smartphone, the user account is maintained. Therefore, if users wish to withdraw the membership, users can withdraw the membership by logging into Shiftee website or through the “Withdrawal of Membership” feature in the Shiftee mobile app. Please contact Customer Service or by chat if there are any troubles.
A. Purpose of Cookies
(1) Shiftee uses cookies to customize the service and enhance your experience when using our website.
(2) A cookie is a small text file that a website saves on your computer or mobile device when users visit the website.
(3) When users visit the website, the website server reads the contents of the cookie stored in the storage of the device and is used to maintain the users environment settings.
B. Installation/operation and rejection of cookies
(1) Users can refuse to accept cookies by activating the settings on the browser which allows the users to disable cookies. However, if users disable cookies, users may not be able to access certain services provided by Shiftee that require cookies.
(2) How to specify whether or not to accept cookies is as follows.
1.Internet Explorer
- Select the gear in the upper-right corner of the screen, then select Internet Options.
- Click the Privacy tab.
- Select the Advanced button.
- Choose Block to automatically block cookies or Prompt to prompt with each cookie request.
- Click OK
2.Chrome
- At the top right, click More and go to Settings.
- Under “Privacy and security,” click Site settings.
- Click Cookies.
- Turn on cookies: Next to “Blocked,” turn on the switch.
- Turn off cookies: Turn off ‘Allow sites to save and read cookie data’.
A. Users are entitled to request a suspension of processing their personal information at any time, and Shiftee may refuse the request for suspension of processing if special provisions in the statute are provided. If a user requests the correction of errors in his/her personal information, the relevant personal information will not be used or provided until the correction is made. In addition, in the event where the incorrect personal information has already been provided to a third party, Shiftee will notify the third party of the corrected information without delay to ensure that the necessary correction is made.
(1) Request method
- Contact to Customer Service by Call/Email/Letters
B. Users have the right to have their personal information protected, as well as the duty to protect themselves and not to infringe on the information of others. Please be careful not to leak the personal information and be careful not to damage other users' posts and personal information.
C. User should maintain his/her information up to date and have the right to correct inaccurate personal data. Users are responsible for all the problems caused by false information.
D. When Shiftee becomes aware that the users have signed up for membership by stealing other people's personal information, Shiftee may take measures such as suspension of the service use or withdrawal of membership account, immediately. In addition, if users who have recognized theft of their personal information request the suspension of the service use or membership withdrawal for the account, measures such as withdrawal notice will be taken immediately after confirmation.
A. The Services may include links that direct users to other websites or services whose privacy practices may differ from Shiftee. Since Shiftee does not have any control over the third party sites, Shiftee cannot be held responsible for and cannot guarantee the usefulness of the services provided from them.
B. If users submit information to any of those third party sites, the information is governed by their privacy policies, not this one. Shiftee encourages users to carefully read the privacy policy of any website you visit.
A. Shiftee does not transmit advertising information for commercial purposes without the consent of users.
- However, if contact information is collected and processed directly from users through a transaction relationship with our services, advertising information may be sended without consent for services of the same type within 6 months from the date the transaction for the services and other services is terminated.
Various technical and administrative measures are taken to ensure the safety of personal information.
A. Users' personal information is encrypted. Personal information of users is transmitted using an encrypted communication section, and important information such as passwords is safely stored through encryption.
B. In order to secure the privacy of users personal information and prevent loss, theft, leakage, alteration or damage, Shiftee encrypts and stores personal information securely according to related legal regulations or internal policies. Shiftee also does the best to prevent personal information from being leaked or damaged by hacking or computer viruses. To prevent personal information from being damaged, Shiftee is backing up the data from time to time. Shiftee uses the latest vaccine program to prevent personal information and data from being leaked or damaged. Shiftee also securely transmits personal information on the network through encrypted communication. Shiftee strives to have all the technical equipment available to ensure security in other systems.
C. The personal information processing staff is limited to the person in charge, and a separate password is assigned which is updated periodically. In addition, education on personal information protection is held regularly for the person in charge and the in-house personal information protection department.
D. Internal procedures are in place to prevent information leakage in advance through constant monitoring and to audit the implementation of the Privacy Policy and the compliance of employees.
A. Shiftee has designated the following person as the Chief Privacy Officer to remain responsible for responding to user inquiries regarding personal information and resolving any related complaints.
| Position | Department | Name | Phone | |
|---|---|---|---|---|
| Chief Privacy Officer | CEO | Seung Won Shin | 02-6261-5318 | security+privacy@shiftee.io |
B. Inquiries related to personal information protection, complaint handling, damage relief, etc., arising from using the service provided by Shiftee can be inquired to the person in charge of Chief Privacy Officer and the Customer Support.
C. If you need to report or consult about other privacy infringement, please contact the following organizations.
(1) Personal Information Infringement Notification Center (https://privacy.kisa.or.kr / 118)
(2) Personal Information Dispute Mediation Committee (https://www.kopico.go.kr / 1833-6972)
(3) Cyber Crime Division of Supreme Prosecutors' Office (https://www.spo.go.kr / 1301)
(4) Cyber Bureau of Investigation, National Police Agency (https://ecrm.police.go.kr / 182)
Users will be notified of any addition, deletion, and/or modification in this Privacy Policy through notice on website or email at least 7 days prior to the scheduled amendment.
Effective date : May 2, 2023