Global Privacy Statement
Qonesafe
1. Introduction
When it comes to your personal data, Hecto Innovation and its subsidiaries (collectively referred to as “Hectoinnovation”, “we”, or “us”),
as well as our employees, contractors, and service providers, are committed to providing you with transparency.
This Privacy Statement (“Statement”) applies to the Hectoinnovation websites, services, and products (our “Services”) that link to
or reference this Statement. In this Statement, we describe how we collect, process, use and disclose personal data,
and your rights and choices regarding our processing of your personal data. California residents should read Section 10 below
for information relevant to them.
Additional information on our personal data practices may be provided in product descriptions, contractual terms,
supplemental privacy statements, or notices provided prior to or at the time we collect your personal data. Please see
Website (URL) for more details.
Unless otherwise specified contractually, the Controller of your personal data is:
Qonesafe
Hecto Innovation Co., Ltd.
6, Teheran-ro 34-gil,
Gangnam-gu, Seoul,
Republic of Korea
2. Categories of Personal Data We Collect
We collect personal data about you from different sources as listed below. In this Statement, “personal data” means any
information relating to an identified or identifiable individual, including but not limited to “personal information” as it is defined
under the California Consumer Privacy Act (“CCPA”).
Personal Data You Provide to Us
When you interact directly with us, we may collect personal data that you provide to us, including:
User Data. If you create an account with us, make a purchase, or request information about our product we collect information
about you, including:
· Account Data. If you create an account with us, we collect your name, mailing address, email address, user credentials
(login name and password) and date of birth.
· Payment Data. If you purchase one of our products and services, we collect your billing address, including credit card, and or
PayPal payment data, National ID (region specific, if outside the United States), VAT/Tax ID (regional specific, if outside the United States),
and information about the items you have purchased. For Credit Cards: When you make a payment using a credit card, we gather essential details, including
your email address, credit card issuer, complete card number, expiration date, and the CVV (Card Verification Value) code. However, for security reasons,
we only store the last four digits of the card number and mask the rest to ensure that full card identification is not possible within our systems.
Additionally, we collect the payment date and time for transaction records and tracking purposes. For PayPal: We collect the user's email address,
payment billing cycle, number of billing occurrences, and payment date and time.
· Identity Data. We collect your date of birth, phone number, email, ID and national personal identifier to verify your identity
and to provide privacy information monitoring and protection services.
· Communications. If you contact us directly, we collect personal data about you such as your name, email address, the contents
of any message or attachments that you may send to us, and any other information you choose to provide. We may retain and
review call and chat recordings and/or the contents of the messages as required/permitted by law and our recording and
information management policies. We will also collect personal data from you, such as your email address and phone number,
when you sign up to receive product updates, offers, and other promotional information or messages from us. When we email you,
we may track whether you open the email to learn how to deliver a better customer experience and improve our Services.
User Content. We operate 1:1 inquiry, websites, and related information services, to better assist you in using our Services,
discussing technical issues, and sharing your experiences.
Personal Data We Collect Automatically
When you visit and use our websites and Services, we may automatically collect data about your interaction with our websites
and Services, including:
Product Data. If you install our products, we collect information about you, including:
Service Data. This can include usage data, and/or preference information, browser activity, and URLs accessed. This data may
include diagnostic data such as crash dumps, system logs, error reports, product and internet usage time, network connection activity,
interactions with our websites and extensions, blocked websites, device or phone settings, and reviews from third parties which
we collect to, as necessary, to troubleshoot any malfunctioning Services. This data also helps us to understand better and serve your
interests, expectations, needs and requirements.
· Security Data. This data may include data that is collected for cyber threat intelligence, as needed to provide cyber safety and risk
of personal data exposure. This data can include name, date of birth, phone number, email address, website ID, password, IP address,
connection time, your interface and screen activity, and search terms. This data can also include device fingerprint ID from third parties
to validate and authenticate payment and transaction information related to billing on accounts.
· Network Traffic Data. We may process network traffic data related to cyber and identity threats for network and information security
purposes, including:
Sender email addresses (e.g., of sources of SPAM such as phishing scams);
Recipient email addresses (e.g., of victims of targeted email attacks);
Reply-to email addresses (e.g., as configured by cybercriminals sending malicious email);
Filenames and execution paths (e.g., of malicious or otherwise harmful executable files attached to emails);
URLs and associated page titles (e.g., of web pages broadcasting or hosting malicious or otherwise harmful content);
IP addresses (e.g., of web servers and connected devices involved in the generation, distribution, conveyance, hosting,
caching, or other storage of cyber and identity threats such as malicious or otherwise harmful content); and
Browser information (e.g., user agent string and session within cookies).
Depending on the context in which such data is collected, the data may contain personal data concerning you or third parties.
However, in such cases, we strive to process the data only to the extent reasonably necessary and proportionate to the purposes
of detecting, blocking, reporting (by removing any personally identifiable elements), and mitigating the cyber or identity threats
of concern or those of other users relying on our Services to protect their networks, systems, and identities. When processing
personal data in this context, we will only identify specific data subjects if and to the extent reasonably necessary for the remediation
of the cyber or identity threats concerned, or as required by law.
Website Data. When you browse our websites and Services, we automatically collect information about the individual web pages
or products that you view, the purchases you make, what websites or search terms referred you to our Services, the dates and times
of your visits, and other information about how you interact with our Services. When you browse our websites and services, we may
collect personal data using cookies and similar technologies (e.g., web beacons). Please see our Cookie Statement for more details.
Personal Data We Collect from Other Sources
When you choose to provide us with personal data about third parties, we will only use this data for the specific stated reason that
you provided it. It is your responsibility to abide by applicable privacy and data security laws when you disclose third parties’
personal data to us, including informing third parties that you are providing their personal data to us and how it will be transferred,
used, or processed, and securing the appropriate legal permissions and safeguards. If you choose to provide us with a third party’s
personal data, you represent that you have the third party’s permission to do so. Examples include forwarding references or sending
job referrals. You also acknowledge that when we interact with such third-party individuals whose personal data you share with us,
it is our duty to inform them that we obtained their personal data from you. Where applicable, third parties may unsubscribe from
any future communication following the link provided in the initial message. If you believe that one of your contacts has provided us
with your personal data and you would like to request that it be removed from our database, please contact us.
Third-Party Data. This information includes personal data we may obtain about you from a third party through the use of our Services,
such as:
· Credit reporting agencies and financial institutions (used for purposes such as identity theft protection Services);
· Marketing and joint-marketing partners (used for purposes such as to offer Services and/or joint Service bundles to
prospective members);
· Public sources such as the dark web to alert you to potential misuse of your personal data; and
· Private sources for purposes of providing customers with alerts related to financial transactions, property title, social media abuse,
and other types of alerts within our products.
Such data includes threat intelligence data used to analyze threats and protect you, us, and our other customers against cyber threats.
This data may include the email and IP address of the sender of malware. Third Party data may also include data reflecting
your usage of and engagement with our websites and Services collected by us or third-party analytics providers.
This data helps improve the functionality and effectiveness of our websites and Services and may help to better tailor our websites
and Service to your usage and preferences.
We may combine personal data from our partners and third parties with personal data we already have about you, to provide
you with more relevant communications and to better tailor our offers to you. We make reasonable efforts to verify that the third
parties we work with are reputable, and we do not ask them to disclose your personal data if we do not have a lawful purpose
and valid legal basis to collect and process that data.
3. How We Use and Process Your Personal Data
We process the personal data described above:
Where it is necessary to fulfill our contract with you at your request, in order to:
· Create and manage your account;
· Provide you with information and Services that you request;
· Authenticate your identity prior to enrolling in our Services;
· Verify your identity and entitlement to Services, when you contact us or access our Services;
· Process your purchase transactions;
· Update you on the status of your orders;
· Allow you to register the Services you purchase;
· Confirm that you received necessary service and transactional emails;
· Manage your subscriptions; and
· Provide you with technical and customer support.
Where you have provided your consent, in order to:
· Send you service update or send technical alerts alarm;
· Communicate with you about, and manage, your participation in contests, offers, or promotions;
· Solicit your opinion or feedback and/or provide opportunities for you to test Services;
· Enable you to refer a friend who may be interested in our offerings, as permitted by law;
· As applicable, to enable non-essential cookies or similar technologies; and
· As applicable, to provide you with interest-based ads about Qonesafe on sites other than our own.
For the purpose of fulfilling our legal obligations, we may be obligated to, for instance, keep and process records for tax purposes,
accounting, other obligations such as court or other legal orders, and other necessary disclosures.
For the purpose of promoting and operating our business and advancing our or a third party’s legitimate interests, such as the
effective delivery of our Services, and communications to you as well as to our other customers and partners, in order to:
· Enable participation in interactive features of our Services;
· Notify you about changes to our terms or this Privacy Statement;
· Communicate commercial promotions and provide quotes for our Services;
· Inform you about additional Services that provide solutions to issues detected as a result of your request;
· Promote and administer co-branded offers with trusted partners;
· Confirm sales conversions and conduct lead generation activities;
· Better administer and understand the usability, performance, and effectiveness of our Services websites, and communications to you,
including troubleshooting, debugging, reviewing customer service interactions, data analytics, testing, research, and statistical analysis;
· Improve our Services (including developing new Services) and customize and present content in the most relevant and effective
manner for you and for your device, including suggestions and recommendations about things that may be of interest to you;
* Enhance the security of our own networks and information systems;
* Develop cyber-threat intelligence resources; and
* Otherwise seek to keep our Services, business, and users safe and secure, and
· Comply with applicable laws and regulations or judicial process or government agencies, and to protect or exercise our
legal rights and defend against legal claims.
*For Network and Information Security Purposes and Cyber-Threat Intelligence:
Our legitimate interests include developing threat intelligence resources aimed at maintaining and improving the ability of
our information networks and systems to resist unlawful or malicious actions and other harmful events, such as cybercriminal
activities, and attempts at identity theft or fraud (“cyber and identity threats”).
We only rely on our or a third party’s legitimate interests to process personal data when these interests are not overridden by
your rights and interests.
4. When and Why We Disclose Your Personal Data
We are committed to maintaining your trust, and we want you to understand when and why we disclose personal data to
third parties. We do not sell, share, lease, or rent your personal data to third parties for monetary or other valuable consideration.
We may disclose personal data about you, with your consent, or:
· Our Partners
We may provide your personal data to our partners for the purpose of allowing them to conduct Qonesafe business. Our partners
may use your personal data to communicate with you and others about Qonesafe Services either alone or jointly with partner products
and services. We may provide your personal data to partners to confirm your eligibility for joint or co-branded offers or to communicate
and administer such offers (e.g., report sales conversions, verify eligibility, assess effectiveness of joint offer, etc.). Our partners are not
allowed to use any data including personal data that they receive from us for any purpose except for communicating, evaluating,
improving, and administering the offer in question (Qonesafe branded, co-branded, or joint offer). This will not affect the partner’s
ability to use personal data that it may already have obtained from you or other sources. If you do not wish to receive promotional
emails from our partners, you can unsubscribe directly using the unsubscribe link or tool provided in the partner’s email or other
communication to you.
In the past 12 months since this Statement was last updated, we disclosed the following categories of personal data to our partners:
User data, Product data, Website data, Third-party data.
· Our Advertising Partners
We may provide your personal data, including the data about your interests in our Services, to third parties for the purposes of serving
you more relevant ads about our Services. Where we provide you with interest-based ads on a site other than our own, we do not track
your other activities on that site. If you click on our ads, we will know the domain you came from. For more information, please see our
Cookie Statement.
In the past 12 months since this Statement was last updated, we disclosed the following categories of personal data to our advertising
partners: User data, Website data.
· Data Analytics Providers
We may provide your personal data to third parties to use the personal data in aggregate form to help us understand how our Services
are being used or to understand the effectiveness of our marketing campaigns. Please see our Cookie Statement.
In the past 12 months since this Statement was last updated, we disclosed the following categories of personal data to our data
analytics partners: User data, Product data, Website data.
· Service Providers Processing Data on Our Behalf
We may use contractors and service providers to process the personal data we collect for the purposes described in this Statement,
the relevant Product and Service Privacy Statements, and for business purposes such as financial auditing, data storage and security,
troubleshooting and debugging, improving the functionality and usability of our websites and Services, improving and operationalizing
threat intelligence and counter-threat measures, and for marketing and promoting our Services.
We contractually require service providers to keep data confidential, and we do not allow our service providers to disclose our data or
your personal data to others without our authorization, or to sell it or use it for purposes unrelated to the services they provide
(e.g., their own marketing purposes). However, if you have a separate and/or independent relationship with these service providers,
their privacy statements will apply to such relationships. Such service providers may include benefit brokers, your employer
(for products and services offered as an employee benefit), contact centers, payment card processors, and marketing, survey,
or analytics suppliers.
In the past 12 months since this Statement was last updated, we disclosed the following categories of personal data to our
service providers: User data, Product data, Website data, Third-party data.
· Public Authorities and Legal Proceedings
In certain instances, it may be necessary for us to disclose any of the personal data we collect to comply with a legal obligation,
at the request of public authorities, or as otherwise required by applicable law or as we determine reasonably necessary to
protect the rights or safety of us, you, or others. No personal data will be disclosed except in response to:
A subpoena, warrant, or other legal process issued by a court or other public authority of competent jurisdiction;
Discovery requests or demands as part of a civil lawsuit or similar legal process;
Where disclosure is required to comply with applicable laws, or necessary for us to enforce our legal rights pursuant to applicable law;
A request with the purpose of identifying and/or preventing credit card fraud or identity theft; or
Where we determine disclosure of personal data is reasonably necessary to protect the rights of us, you, or others.
· For Restoration Services
We may disclose your user data, security data, diagnostic information, and third-party data to financial institutions,
financial services companies, and other third parties at your direction to provide restoration services and other Services to you.
· To Third-Party Providers
If you access third-party services through our Services, these third parties may be able to collect user data, security data,
diagnostic information, and third-party data about you in accordance with their own privacy policies.
· Our Corporate Affiliates
We may share the information we collect with our corporate affiliates, subsidiaries, branch offices and other members of our
corporate group.
· For Business Transfers
We may share the personal data we collect in connection with a substantial corporate transaction, such as the sale of a website,
a merger, acquisition, consolidation, asset sale, or initial public offering, or in the unlikely event of bankruptcy.
5. Retention and Deletion of Your Personal Data
We will keep your personal data on our systems as long as necessary to provide you with our Services, or for as long as we
have another legitimate business purpose to do so, but not longer than permitted or required by law. When determining the
specific retention period, we take into account various criteria, such as the type of service provided to you, the nature and length
of our relationship with you, and mandatory retention periods provided by law and the relevant statute of limitations. When we
no longer have an ongoing legitimate business reason to keep your personal data, your personal data will either be securely
disposed of, or de-identified through an appropriate anonymization means.
6. Cross-Border Transfers of Personal Data Among Hectoinnovation Entities and to Third-Party Vendors
We are a global company and process personal data in many countries. As part of our business, your personal data may be
transferred to Hectoinnovation and/or its subsidiaries and affiliates in the Republic of Korea, and to subsidiaries and third-party
vendors of Hectoinnovation located worldwide. All transfers will occur in compliance with the applicable data transfer requirements
laws and regulations.
If your personal data originates from the European Economic Area and is transferred to Hectoinnovation subsidiaries, affiliates,
or third-party vendors engaged by Hectoinnovation to process such personal data on our behalf who are located in countries
that are not recognized by the European Commission as offering an adequate level of personal data protection, such transfers are
covered by alternate appropriate safeguards, specifically Standard Contractual Clauses adopted by the European Commission.
If we are involved in a reorganization, merger, acquisition, or sale of our assets, your personal data may be transferred as part of
that transaction.
7. How We Protect Your Personal Data
Securing personal data is an important aspect of protecting privacy. We take reasonable and appropriate physical, technical,
and organizational security measures in accordance with applicable laws to protect your personal data against the risk of
accidental loss, compromise, or any form of unauthorized access, disclosure, or processing. The relevant security controls are
communicated throughout Hectoinnovation to support the secure development of Services and maintain a secure operating
environment. Our security approach includes:
Physical Safeguards
We implement certain physical safeguards throughout our facility such as locking doors and file cabinets, controlling access to
our facilities, utilizing a clean desk policy for employees, and applying a secure destruction policy to media containing personal data.
Technical Safeguards
We implement and use information security standards, protocols, and technologies, including encryption, intrusion detection,
and data loss prevention, and we monitor our systems and data centers to comply with our security policies.
Organizational Safeguards
We conduct regular company-wide, as well as role-specific, training and awareness programs on security and privacy.
If you have any questions about the security of your personal data or the security of the site, or wish to report a potential security issue,
please contact seungman@hecto.co.kr. When reporting a potential security issue, please describe the matter in as much detail as
possible and include any information that might be helpful. If you are having problems accessing your account, please contact
our Member Support Center.
8. Your Privacy Rights and Choices
You can view and update your personal data through your Account or Qonesafe. There are a variety of data protection laws
around the globe that provide privacy rights to you as our customer. Subject to applicable laws, you may have the right to:
· Delete: Right to delete or erasure (“right to be forgotten”) of personal data we have collected from or about you;
· Access: Right to know and access the personal data we have collected about you, as well as other information about our data
processing practices;
· Rectify: Right to rectify, correct, update, or complement inaccurate or incomplete personal data we have about you;
· Restrict: Right to restrict the way we process your personal data;
· Withdraw Consent: Right to withdraw your consent to process your personal data;
· Object: Right to object to our processing of your personal data based on legitimate interest;
· Object to Automated Individual Decision-Making: Right to object to our processing of your personal data in automated individual
decision-making;
· Equal Service: Right not to receive discriminatory treatment for the exercise of your privacy rights, subject to certain limitations;
· Portability of Personal Data: Right to obtain a portable copy of your personal data; and
· Lodge a Complaint: Right to lodge a complaint with a supervisory authority if you are not satisfied with the way we have handled
your personal data, or any privacy request, or other request that you have raised with us.
California residents should read Section 10 below for additional information about the rights they may have.
To exercise any of your rights, or to raise any other questions, concerns, or complaints about our privacy practices, or about our use
of your personal data and its privacy, or if you are not a customer of ours and want to know what personal data we have about you,
please contact us as explained below (“Contact Us”). To exercise your rights under applicable law, you can visit our website here.
Once we receive your request, we will verify your identity and your authorization to take the actions requested, authenticating
your identity at a level appropriate to the requested action. We require you to re-authenticate before we will disclose or delete
personal data. You may be entitled, in accordance with applicable law, to submit a request through an authorized agent.
To designate an authorized agent to exercise your privacy rights and choices on your behalf, please contact Qonesafe Support.
Please note that there are exceptions and limitations to each of these rights, and that while any changes will be reflected in
active user databases instantly or within a reasonable period of time, we may retain personal data for backups, archiving,
prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that
we have a legitimate reason to do so, to the extent permitted by applicable law.
We will not discriminate against you for exercising your rights and choices, although some of the functionality and features
available on a Service may change or no longer be available to you where the processing of certain data is essential to the use of
the Service or feature.
9. Your Marketing Choices
You may receive marketing messages and materials from us or our affiliates.
You have choices on what communications you wish to receive from us. If you do not want to continue receiving any marketing
materials from us, you have the following options:
· Click on the unsubscribe function in the communications you receive from us;
· Unsubscribe from Qonesafe Marketing Offers;
· Manage your communication preferences in your Qonesafe Account or Qonesafe Portal;
· Contact our Member Services Department; or
· Contact our Member Services Department by regular mail at Attn.: Member Services, 6, Teheran-ro 34-gil, Gangnam-gu,
Seoul, 06222 Korea, Republic of Korea.
If you choose not to receive marketing communications from us, we will honor your request.
However, we will continue to communicate with you as needed to provide the Services you are entitled to, to respond to your inquiries,
or to relay transactional product or service-related messages otherwise.
Please also be aware that you may still receive information about our Services through other parties using their own mailing lists.
For instance, marketing materials for our Services may also be contained in messages you receive from third parties, such as
your employer if they offer our Services as part of their employee benefits.
How to Opt-Out of Interest-Based Advertising
To opt-out of interest-based advertising, you can visit our opt-out page and adjust your preferences accordingly.
Please note that if you opt-out, you will continue to receive generic ads that are not based on your interests. Opting out does
not otherwise limit the collection of information described elsewhere in this Statement. If you are in the European Union, please be
aware that our advertising practices adhere to the applicable regulations and guidelines.
Note: If your browser is configured to reject cookies when you visit the opt-out page, or you subsequently erase your cookies,
use a different computer, or change web browsers, your opt-out may no longer be effective.
How to Opt-Out of Email communications
If you wish to stop receiving emails from us, you have two options for opting out:
Unsubscribe via Email: You can opt-out of our email communications by clicking the "Unsubscribe" link provided in the emails you receive from QoneSafe.
Edit Email Preferences: Alternatively, you can manage your email preferences by visiting the "My Page" section on our website and adjusting your settings within the "Account Settings."
10. Additional Information for Residents of California
This section provides information, organized in accordance with the CCPA, for residents of California and describes the rights you
may have under California law.
Collection of Personal Data. As we describe in more detail in the section above entitled “Categories of Personal Data We Collect”,
we have collected the following categories of personal data in the past 12 months:
· Identifiers, such as your name, email address, mailing address, ID and national personal identifier, login name and password,
and IP address, and phone number.
· Personal data that may be deemed to be sensitive, including login credentials, financial account and CC number.
· Commercial information, such as credit card or other payment information, billing address, VAT/Tax ID
(regional specific, if outside the United States), information about the products you searched for or otherwise expressed
an interest in, and information about the items you have purchased.
· Demographic information, such as date of birth, biological sex.
· Non-precise geolocation information, such as zip or area code, state, and country.
· Precise geolocation information, such as your latitude and longitude.
· Internet and network activity information, such as information about the interactions you carry out through our Services.
· Information garnered from your communications with us, including the contents of any message or attachments that you
may send to us, and any other information you choose to provide. Note that, as mentioned above, we may retain and review call
and chat recordings and/or the contents of the messages as required/permitted by law and our recording and information
management policies. When we send emails to you, we may track whether you open the email to learn how to deliver a better
customer experience and improve our Services.
· Network Traffic Data that is related to cyber and identity threats.
· Service data, such as usage data, and/or preference information, browser activity, and URLs accessed. This data may include
diagnostic data such as crash dumps, system logs, error reports, product and internet usage time, network connection activity,
interactions with our websites and extensions, blocked websites, device or phone settings, and reviews from third parties which
we collect to, as necessary, to troubleshoot any malfunctioning Services. This data also helps us better understand and better
serve your interests, expectations, needs and requirements.
· Security data, including information such as your website ID, password, IP address, connection time, interface and screen activity,
and search terms. This data can also include device fingerprint ID from third parties to validate and authenticate payment and
transaction information related to billing on accounts.
· Website Data, including information about the individual web pages or products that you view, the purchases you make, what
websites or search terms referred you to our Services, the dates and times of your visits, and other information about how you
interact with our Services. When you browse our websites and services, we may collect personal data using cookies and similar
technologies (e.g., web beacons).
· Inferences derived from the personal data noted above.
Use of Personal Data. We may use, sell, or disclose the personal data described above for one or more of the following
business purposes:
· Where it is necessary to fulfill our contract with you at your request, in order to:
Create and manage your account;
Provide you with information and Services that you request;
Authenticate your identity prior to enrolling in our Services;
Verify your identity and entitlement to Services, when you contact us or access our Services;
Process your purchase transactions;
Update you on the status of your orders;
Allow you to register the Services you purchase;
Confirm that you received necessary service and transactional emails;
Manage your subscriptions; and
Provide you with technical and customer support.
Where you have provided your consent, in order to:
Send you service update or send technical alerts alarm;
Send you marketing communications and information on new Services;
Communicate with you about, and manage, your participation in contests, offers, or promotions;
Solicit your opinion or feedback and/or provide opportunities for you to test Services;
Enable you to refer a friend who may be interested in our offerings, as permitted by law;
As applicable, to enable non-essential cookies or similar technologies; and
As applicable, to provide you with interest-based ads about Qonesafe on sites other than our own.
· For the purpose of fulfilling our legal obligations, we may be obligated to, for instance, keep and process records for tax purposes,
accounting, other obligations such as court or other legal orders, and other necessary disclosures.
· For the purpose of promoting and operating our business and advancing our or a third party’s legitimate interests, such as
the effective delivery of our Services, and communications to you as well as to our other customers and partners, in order to:
Enable participation in interactive features of our Services,
Notify you about changes to our terms or this Privacy Statement;
Communicate commercial promotions and provide quotes for our Services;
Inform you about additional Services that provide solutions to issues detected as a result of your request;
Promote and administer co-branded offers with trusted partners;
Confirm sales conversions and conduct lead generation activities;
Better administer and understand the usability, performance, and effectiveness of our Services websites, and communications to
you, including troubleshooting, debugging, reviewing customer service interactions, data analytics, testing, research, and
statistical analysis;
Improve our Services (including developing new Services) and customize and present content in the most relevant and effective
manner for you and for your device, including suggestions and recommendations about things that may be of interest to you;
Enhance the security of our own networks and information systems;
Develop cyber-threat intelligence resources; and
Otherwise keep our Services, business, and users safe and secure, and comply with applicable laws and regulations or judicial
process or government agencies, and to protect or exercise our legal rights and defend against legal claims.
· For Network and Information Security Purposes and Cyber-Threat Intelligence. Our legitimate interests include developing threat
intelligence resources aimed at maintaining and improving the ability of our information networks and systems to resist unlawful
or malicious actions and other harmful events, such as cybercriminal activities, and attempts at cyber and identity threats.
Retention and Deletion of Your Personal Data. We will keep your personal data on our systems as long as necessary to provide
you with our Services, or for as long as we have another legitimate business purpose to do so, but not longer than permitted or
required by law. When determining the specific retention period, we take into account various criteria, such as the type of service
provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the
relevant statute of limitations. When we no longer have an ongoing legitimate business reason to keep your personal data,
your personal data will either be securely disposed of, or de-identified through an appropriate means of anonymization.
We sell or share Identifiers, Commercial information, Demographic information, Internet and network activity information
and Website data to our joint marketing partners for them to engage in joint marketing efforts and to advertising partners for
targeted advertising. We do not knowingly sell or share sensitive personal data or information related to individuals under 16
years of age. To opt out of sales or sharing of personal data, see below.
California Consumer Rights. If you are a resident of California, the following section details rights you may have under the
CCPA and how you may exercise them. In the event of a conflict between your rights, as described in this section, and any
rights further described in this Statement, the terms of this section shall prevail.
· Right to Access. You may be entitled to request that we disclose to you the specific pieces of your personal data that we have
collected about you in a portable and, to the extent technically feasible, readily usable format.
· Right to Know. You may have the right to confirm that we have collected personal data about you and know what personal data
we have collected about you, including, as applicable, the categories of personal data we have collected, the sources from which
we collected that personal data, the business or commercial purposes for which we collected, sold, and shared that personal data,
the categories of personal data that we sold, shared, or disclosed to third parties for business purposes and the categories of third
parties to whom we sold, shared or disclosed personal data.
· Right to Deletion. You may be entitled to request that we delete the personal data that we have collected from you. Please note,
however, that we may retain certain information as permitted or required by law.
· Right to Limit the Processing of Sensitive Personal Data. We process sensitive personal data only for those purposes expressly
authorized under California law.
· Right to Correct. You may request that we correct the personal data that we hold about you.
· Right to Non-Discrimination. You have the right not to receive discriminatory treatment if you exercise the rights conferred.
· Right to Opt-Out of Sales and Sharing for Targeted Advertising. You have the right to direct us not to sell your personal data and
disclose your personal data for certain targeted advertising. To opt out of such disclosures, please click here.
To exercise rights other than opting out of sales or sharing, please contact us as explained below (“Contact Us”), or you can visit
our website here.
Once we receive your request, we will verify your identity by asking you to log in to your account using your existing credentials
(username and password). After successfully logging in, we will confirm your authorization to take the requested actions and
authenticate your identity at a level appropriate for the requested action. We may require you to re-authenticate before we disclose
or delete personal data. You may be entitled, in accordance with applicable law, to submit a request through an authorized agent.
To designate an authorized agent to exercise your privacy rights and choices on your behalf, please contact Qonesafe Support.
11. Contact Us
Please visit our website for data subject rights requests.
Hecto Innovation Co., Ltd. – Privacy office
6, Teheran-ro 34-gil,
Gangnam-gu, Seoul,
Republic of Korea
E-mail: seungman@hecto.co.kr
12. Cookies and Third-Party Analytics
Please read our cookie and analytics notice for more information about how we use these tools.
13. Automated Individual Decision-Making and Profiling
Where Hectoinnovation processes network traffic data for the purpose of network and information security based on our or our
customers’ legitimate interest as outlined in the corresponding section of this Statement, automated decisions concerning data
elements may occasionally be made. This could involve assigning relative cybersecurity reputation scores to IP addresses
and URLs based on objective cyber-threat indicators measured by our and our partners’ cyber-threat detection engines.
Such indicators may be, for instance, the determination that malicious or otherwise harmful contents are hosted at a given URL or
are coming from a given IP address. Such automatically assigned reputation scores may be leveraged by you, by Hectoinnovation,
by our partners, and by other customers to detect, block, and mitigate the identified cyber threats. They could therefore result in
our Services blocking network traffic coming from or going to such URLs and IP addresses. This processing is intended only to
protect you, Hectoinnovation, our partners, and our other customers from cyber threats. If you consider that such automated
processing is unduly affecting you in a significant way, please contact us as explained above (“Contact Us”) to raise your concerns
or exercise your right to object and to seek our help in finding a satisfactory solution.
14. Children’s Privacy
Our websites are not directed to, nor do we knowingly collect data from, minors (as defined by applicable law),
except where explicitly described otherwise in the privacy notices of Services designed specifically for purposes such as
to assist you by providing child online protection features. In such cases, we will only collect, and process personal data related
to any child under 13 years of age that you choose to disclose to us or otherwise instruct us to collect and process. Please refer
to the Product Specific Privacy Statements for additional information.
15. Changes to this Statement
We reserve the right to revise or modify this Statement. In addition, we may update this Privacy Statement to reflect changes
to our personal data processing practices. If we make any material changes in the way we collect, process, use and/or disclose
your personal data previously collected from you through our Services, we will attempt to notify you by e-mail
(sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective.
In the case of a material change to our personal data processing practices, any such change will only apply on a going-forward basis.
We will not process the personal data currently in our possession in a materially different way without your prior consent. We
encourage you to periodically review this page for the latest information on our privacy practices.
16. Links to Other Websites
Our websites may contain links to other websites owned or operated by other companies. If you visit any linked websites, please
review their privacy statements carefully. We are not responsible for the content or privacy practices of websites that are owned
by those third parties. Our websites may also link to co-branded websites that are maintained by Hectoinnovation and one or
more of our business partners who are collecting your personal data pursuant to their own privacy practices. Please review
the applicable privacy statements on any co-branded site you visit, as they may differ from ours.
LAST UPDATED: 25th Oct 2023