Privacy Policy
TmaxTibero Co., Ltd. Privacy Policy
TmaxTibero Co., Ltd. (hereinafter referred to as the 'Company') places great importance on protecting the personal information of data subjects and strives to protect the personal information provided to the Company by data subjects for the purpose of using the Company's services. Accordingly, the Company complies with laws and regulations related to personal information protection, including the "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc." and the "Personal Information Protection Act."
The Company makes this Privacy Policy publicly available on the site's main page so that data subjects can easily access it at any time.
This Privacy Policy may be amended in accordance with relevant laws and regulations and the Company's internal policies. When amended, version management is implemented to enable easy verification of the changes.
1. Purpose of Processing Personal Information
The Company processes the personal information of data subjects for the following purposes. The personal information being processed will not be used for any purpose other than those listed below. Should the purpose of use change, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
|
Purpose |
Details |
Legal Basis |
|
Customer Inquiries |
Responding to customer inquiries |
Consent |
|
Brochure Request |
Providing Materials and Responding to Inquiries |
Consent |
|
Newsletter subscription |
Newsletter (may contain promotional information such as technical updates, products/events/promotions) delivery and customer management |
Consent |
|
Blog Membership Registration |
Membership registration for providing client content |
Consent |
|
Customer Sales |
Customer Contact Management for Sales |
Consent |
|
Education Application |
Verification and Management of Training Participants |
Contract fulfillment |
|
Ethics Management Reporting |
Additional verification of report details, confirmation of report receipt, and notification of results |
Consent |
|
TechNet |
Providing services such as membership registration and management, technical documentation, downloads, and community access |
Consent |
|
Recruitment |
Identifying and registering applicants Confirming intent to apply |
Consent |
|
Marketing and Promotion Notifications (Optional) |
Event and promotion notifications |
Consent |
2. Personal Information Items Collected, Collection Methods, and Retention Period
The company collects the following personal information from data subjects during membership registration or service use.
2.1 General Personal Information
|
Category |
Classification |
Items Collected |
Collection Method |
Retention Period |
|
Customer |
Required |
Inquiry Category, Name, Phone Number, Email |
Website Customer |
2 years |
|
Customer |
Optional |
Company Name, Department Name, Position, Title |
||
|
Brochure |
Required |
Name, Company Name, Department Name, Position, |
Homepage Brochure |
2 years |
|
Newsletter |
Required |
Company Email, Full Name, Company Name, |
Website Newsletter |
Until unsubscribed |
|
Blog |
Required |
Name, Company Email |
Use the Tech Blog |
Until withdrawal |
|
Customer Sales |
Required |
Name, Company Name, Email, Contact Information |
Collected from customers |
Until purpose is achieved |
|
Education |
Required |
Name, Date of Birth, Email, Mobile Phone Number, |
Website Training |
3 years |
|
Optional |
Work Phone Number |
|||
|
TechNet Membership |
Required |
Email, Name, Password, Contact Information, TSI NO (for GTS service users) |
TechNet Website Registration |
Until withdrawal |
|
Optional |
Department name, Company phone number |
|||
|
Marketing |
Optional |
Name, Email, Contact Information, Company Name |
When separate marketing consent is obtained from the data subject upon service application |
Upon withdrawal of consent |
|
Recruitment |
Required |
Name, Email, Phone Number, Field of Application, |
Recruitment website, headhunter, etc. Collected from recruitment channels |
3 years after application |
|
Optional |
External activities, language test scores, certifications, cover letter, portfolio, internal referrer, |
For recruitment, this applies only within South Korea.
2.2 Protection of Children's Personal Information
- Residents of Korea: We do not collect personal information from individuals under the age of 14.
- EU Residents: We do not collect personal information from individuals under the age of 16.
- Residents of other countries: We do not collect personal information from individuals under the age of 13 to 15.
2.3 Matters Concerning the Collection and Use of Marketing Information (Optional)
The company processes personal information for marketing purposes, such as providing news about new
products, feature updates, event/seminar announcements, and promotional/advertising information, only when the data subject has optionally consented.
The Company processes personal information for marketing purposes to provide such information.
The Company performs only basic-level segmentation classification, such as job role, industry sector, and subscription type, to provide more appropriate content. In this process, it does not utilize sensitive information and does not perform automated decision-making that significantly affects legal or contractual rights or the use of services.
Data subjects may withdraw their consent to the processing of personal information for marketing purposes and segmentation at any time.
[Items Collected] Name, email address, mobile phone number, company name, and other items provided by the data subject upon consent
[Processing Purpose] Notification of new products/updates, invitations to events/seminars, provision of promotional/advertising information, Basic segmentation based on customer interests
[Retention Period] Until consent is withdrawn
[Withdrawal Method] Click 'Unsubscribe' at the bottom of emails, use the withdrawal page on the website, or request via security@tibero.com
Consent is freely optional, and refusal will not result in any disadvantage in service use.
2.4 Matters Concerning the De-identification and Preservation of Technical Support Records
The company retains personally identifiable information such as names, contact details, email addresses, and account information generated during technical support processes (Trouble Tickets, inquiry responses, etc.) upon member withdrawal, then promptly destroys it.
However, technical information accumulated during the technical support process that has been de-identified to prevent personal identification—such as problem-solving procedures, system configuration details, settings, error analysis records, and recurrence prevention guidelines—will be separately isolated and managed for use as the company's technical assets (Knowledge Base). No retention period restrictions apply to this information.
De-identified information does not constitute personal information as defined by the Personal Information Protection Act, GDPR, and other relevant laws and regulations. It is strictly managed to prevent re-identification of individuals under any circumstances.
3. Provision of Personal Information to Third Parties
The Company processes the personal information of data subjects only within the scope specified in "1. Purpose of Processing Personal Information." Personal information is provided to third parties only with the user's consent or when it falls under the provisions of Articles 17 and 18 of the Personal Information Protection Act.
The Company provides personal information only to the minimum necessary extent and with the data subject's consent in the following cases to ensure smooth service provision.
|
Recipient |
Purpose of Provision |
Items Provided |
Retention and Use Period |
|
Doodlin Co., Ltd. |
Providing recruitment-related information and benefits through the recruitment platform 'Offercent' |
Information necessary for recruitment containing personally identifiable information such as name, phone number, email address, and resume |
3 years after application submission; however, if the data subject requests deletion, it will be destroyed without delay |
4. Outsourcing of Personal Information Processing
The company outsources the processing of personal information to external specialized companies as follows to perform its services. If you do not use the services related to the outsourced tasks, your personal information will not be provided to the outsourcing companies.
When outsourcing personal information processing, the Company clearly stipulates the following to ensure the safety of personal information protection: strict adherence to personal information protection instructions, confidentiality of personal information, restrictions on third-party provision, liability in case of incidents, outsourcing period, and return or destruction of personal information after processing completion. The Company supervises the outsourcing company to ensure safe processing of personal information.
4.1 Personal Information Entrusted Domestically
|
Entrusted Company |
Scope of Entrusted Work |
|
STIBY Co., Ltd. |
Newsletter recipient management and newsletter distribution |
|
MTS Company Co., Ltd. |
SMS/LMS/MMS/Kakao Talk notification message delivery |
4.2 Personal Information Entrusted Overseas
Overseas processing of personal information occurs when utilizing solutions for certain services to provide the service. This is necessary for processing personal information to provide the service, and data subjects may refuse or withdraw consent for overseas transfer. However, refusal of consent may restrict use of related services requiring such overseas processing (e.g., blog sign-up, TechNet sign-up, etc.).
|
Outsourced Companies |
Oasis Technologies Ltd. |
|
Previous Country |
Singapore |
|
Previous Recipient |
Oasis Technologies Ltd. |
|
Basis |
Consent |
|
Date and Method of Entrustment |
- After applying for training via the website, the administrator creates an online training account using the application information in the training center |
|
Data Processor Contact |
Email: policy@moodleoasis.com. |
|
Personal Information Items Entrusted |
Name, Email, Company Name |
|
Details of Entrusted Work |
Online Education Services |
|
Retention and Use Period of Personal Information |
One year from the date of education application, Until membership withdrawal or termination of the entrustment contract |
The company transfers personal data in accordance with Article 46 of the GDPR through the following appropriate safeguards:
- Conclusion of Standard Contractual Clauses (SCCs) approved by the European Commission
- Data encryption (during transmission and storage)
- Strict access controls
- Regular security assessments
Data subjects may request additional information about the transfer mechanisms and safeguards at security@tibero.com.
5. Destruction of Personal Information
When personal information becomes unnecessary due to the expiration of the company's retention period or the achievement of the processing purpose, it is destroyed without delay. If personal information must be retained further under other laws and regulations despite the expiration of the retention period agreed upon with the data subject or the achievement of the processing purpose, it is preserved by transferring it to a separate database (DB) or storing it in a different location.
The procedures and methods for destroying personal information are as follows.
5.1 Destruction Procedure
The company shall promptly destroy personal information once its retention and usage period has expired.
5.2 Destruction Methods
The Company shall destroy personal information recorded and stored in electronic file format in a manner that prevents its reproduction. Personal information recorded and stored on paper documents shall be destroyed by shredding using a shredder or by incineration.
5.3 Retention of Personal Information Pursuant to Relevant Laws and Regulations of the Republic of Korea
|
Legal Basis |
Retention Items |
Retention Period |
|
Commercial Act |
Statute of Limitations for Commercial Claims |
5 years |
|
Contracts, Applications, Invoices, and Other Important Business Documents |
10 years |
|
|
Act on Consumer Protection in Electronic Commerce, etc. |
Records related to labeling/advertising |
6 months |
|
Records related to consumer complaints or dispute resolution |
3 years |
|
|
Records related to contracts or withdrawal of subscription, etc. |
5 years |
|
|
Records concerning payment settlement and supply of goods, etc. |
5 years |
|
|
Act on the Use and Protection of Credit Information |
Records concerning the collection, processing, and use of credit information |
3 years |
|
Communications Secrecy Protection Act |
Communication Fact Verification Data (Log Records, Access Location Tracking Data, etc.) |
3 months |
|
Communication fact verification data such as telecommunication date and time, telecommunication start/end time, number of uses, etc. |
12 months |
6. Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives
The company respects the personal information protection rights of data subjects worldwide and guarantees these rights in accordance with the laws of each country and region.
6.1 Rights of Residents of the Republic of Korea (Personal Information Protection Act)
Data subjects may exercise the following rights:
a) Right to Request Access to Personal Information
b) The right to request correction if there are errors or inaccuracies
c) Right to request deletion
d) Right to request suspension of processing
e) The right to withdraw consent
6.2 Rights of European Union (EU) Residents (GDPR)
EU residents may additionally exercise the following rights:
a) Right of Access
- Provision of a copy of personal data and information regarding its processing
b) Right to Rectification
- Correction of inaccurate personal information
c) Right to Erasure
- 'Right to be Forgotten'
- Complete deletion of personal information under specific conditions
d) Right to Restriction of Processing
- Restriction of processing in specific situations
e) Right to Data Portability
- Provision of personal data in a structured, machine-readable format
- Can request direct transmission to another controller
f) Right to Object
- Object to processing based on legitimate interests
- Unconditional refusal of processing for direct marketing purposes
g) Right to Object to Automated Decision-Making and Profiling
- Objection to decisions based solely on automated processing
- Request for human intervention and opportunity to express one's point of view
h) Right to lodge a complaint with a supervisory authority
- Right to lodge a complaint with the data protection authority (DPA) in the relevant country
- Right to judicial remedy
6.3 Rights of U.S. Residents
6.3.1 Rights of California Residents (CCPA/CPRA)
California residents may exercise the following rights:
a) Right to Know
- Categories and specific pieces of personal information collected
- Sources of collection, purposes of processing, and third parties with whom information was shared
b) Right to Delete
- Deletion of collected personal information, except where legally exempt
c) Right to Opt-Out of Sale/Sharing
- Refusal of sale or sharing of personal information
- The company does not currently sell or share personal information
d) Right to Limit Use of Sensitive PI
- Restrict the use and disclosure of sensitive personal information to essential purposes only
e) Right to Correct
- Correct inaccurate personal information
f) Right to Data Portability
- Provision of personal information in a portable format
g) Right to Non-Discrimination
- Prohibition of discriminatory treatment due to the exercise of rights
6.3.2 , and Other U.S. State Residents
Residents of states with privacy laws in effect, such as Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA), may exercise similar rights under their respective state laws.
6.4 Rights of Japanese Residents (Act on the Protection of Personal Information - APPI)
Residents of Japan may exercise the following rights:
a) Right to Request Notification of Purpose of Use
- Request notification of the purpose of use of personal information
b) Right to Request Disclosure
- Request for disclosure (access) of retained personal information
c) Right to Request Correction, etc.
- Request for correction, addition, or deletion of inaccurate information
d) Right to Request Suspension of Use, etc.
- Requesting suspension of use or deletion in cases of improper acquisition or use
- Requesting suspension of use in cases of unauthorized use or improper provision to third parties
e) Right to Request Suspension of Third-Party Provision
- Request to suspend provision to third parties
f) Right to request disclosure of third-party provision records
- Request for disclosure of records of third-party provision
6.5 Rights of Residents in Other Countries
Residents of countries not listed above may exercise their rights under the personal information protection laws of their country or region of residence.
The company complies with the personal information protection laws and regulations of each country and responds appropriately in accordance with the relevant laws when data subjects exercise their rights.
Key rights generally include the following:
- Access to and review of personal information
- Correction of inaccurate information
- Deletion or destruction of personal information
- Restriction or suspension of personal information processing
- Withdrawal of consent
Specific rights and methods of exercise may vary depending on the laws of the relevant country.
Therefore, please contact the company when exercising your rights.
6.6 How to Exercise Your Rights
Rights may be exercised through the following methods:
Submission Methods:
- Email: security@tibero.com
- Phone: 031-8018-1749 (Weekdays 09:00-18:00, Korea Standard Time)
- Mail: TmaxSoft Tower, 45 Jeongja-il-ro, Bundang-gu, Seongnam-si, Gyeonggi-do
- Online Request Form: https://www.tibero.com/service/inquiryWrite.do
- Required Documents:
- Copy of identification for identity verification
- If requesting through an agent: Power of Attorney and a copy of the agent's ID
(Korea: Form No. 11 of the Enforcement Rules of the Personal Information Protection Act) - Processing Period:
- Korea: Within 10 days of request (may be extended by 10 days for unavoidable reasons)
- EU (GDPR): Within 1 month of request (extendable up to 2 months for complex cases)
- US (CCPA): Within 45 days of request (may be extended by an additional 45 days if necessary)
- Japan: Promptly, typically within 2 weeks
- Other Countries: Within a reasonable period according to the applicable country's laws - The company will act on requests without delay and notify the processing result via the method requested
(written, email, fax, etc.).
6.7 Grounds for Restriction of Rights Exercise
The exercise of rights may be restricted or denied in the following cases:
- Where there are special provisions under law or to comply with legal obligations
- Where there is a risk of harm to another person's life or body
- Where there is a risk of unjustly infringing upon another person's property or rights
- When necessary for contract performance and the data subject has not clearly expressed intent to terminate the contract
- When the request is manifestly unfounded or excessive
- When related to ongoing legal proceedings
- When necessary for the public interest
When the exercise of rights is restricted, the company shall notify the data subject of the reasons and the data subject may object to such restriction.
6.8 Fees
In principle, exercising your rights is free of charge. However, a reasonable fee may be charged in the following cases:
- If the request is manifestly unfounded or excessive
- When the same information is requested repeatedly
- When additional copies are requested (the first copy is free)
If fees are charged, we will provide advance notice of the details and basis for the charges.
6.9 Automated Decision-Making and Profiling
The company does not currently perform automated decision-making that significantly affects the legal rights of data subjects or has a similar significant impact.
Current scope of automated processing:
- Email marketing: Basic recipient group classification (e.g., industry sector, job title, areas of interest)
- Website analytics: Anonymous statistical analysis
- Customer support: Automatic classification by inquiry type (final processing performed by responsible personnel)
The above processing does not produce legal effects on individuals and does not constitute profiling that evaluates personal characteristics.
Recruitment Process:
- No use of AI-based resume auto-screening
- All applications are reviewed directly by hiring managers
- Final hiring decisions are always made by a human
Rights of EU Residents (GDPR Article 22):
If automated decision-making with legal effects is introduced in the future, EU residents have the following rights:
- The right not to be subject to automated decision-making
- The right to request human intervention
- The right to express their point of view
- The right to obtain an explanation of the decision
- The right to object to the decision and request a review
When introducing automated decision-making:
When introducing a new automated decision-making system, we will provide clear prior notice and obtain consent where necessary.
Inquiries: security@tibero.com / 031-8018-1749
7. Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
7.1 Automatically Collected Information
The company collects behavioral information gathered through browser type, OS, visit records (IP Address, access time), cookies, etc., to provide service convenience to data subjects.
7.2 Matters Concerning Cookie Collection and Use
Cookies are small pieces of information that a website sends to a customer's computer browser (such as Internet Explorer).
1) Purpose of Using Cookies
Cookies store the data subject's preferred settings to provide a faster web environment and are used to improve services for convenient use. This enables the data subject to use the services more easily.
2) Installation, Operation, and Rejection of Cookies
Data subjects have the option to choose whether to install cookies and can refuse or delete these cookies at any time.
3) How to Refuse Cookie Settings
Data subjects have the right to choose whether to accept cookies. Therefore, by configuring their web browser settings, they can either allow all cookies, receive a prompt each time a cookie is stored, or refuse to store all cookies.
However, if you refuse cookie installation, difficulties may arise in providing the service.
7.3 How to Refuse Cookie Collection by
Web Browser
-Chrome: Select the '⋮' icon in the top-right corner of the web browser > New Incognito Window (Shortcut: Ctrl+Shift+N)
-Edge: Select the '…' icon in the top-right corner of the web browser > New InPrivate Window (Shortcut: Ctrl+Shift+N)
-Safari: Select 'File' from the top menu > New Private Window (Shortcut: Command+Shift+N)
* Other major web browsers like Firefox and Opera also provide cookie deletion features.
* The method for refusing cookie collection may vary depending on the web browser version.
Mobile browser
-Chrome: Tap the '…' icon in the bottom-right corner of the mobile browser > New Incognito Tab
-Edge: Tap the '≡' icon in the bottom-right corner of the mobile browser > New InPrivate tab
-Safari: Tap the 'Tabs' icon in the bottom-right corner of the mobile browser > Private Tab > Done
-Samsung Internet: Tap the '☰ or three dots' icon in the bottom-right corner of the mobile browser > Settings > Sites and downloads > Site permissions > Cookies
* The method for refusing cookie collection may vary depending on the mobile browser version.
8. Matters Concerning Measures to Ensure the Security of Personal Information
The company has established the following technical, administrative, and physical measures to ensure the security of personal information while processing data subjects' personal information, preventing its loss, theft, leakage, alteration, or damage.
8.1 Administrative Measures
Establishment and implementation of internal management plans, designation of personal information handlers, minimization of personnel with access to personal information, implementation of personal information protection training.
8.2 Technical Measures
Managing access rights to personal information processing systems, implementing access controls, encrypting critical information such as passwords, using encrypted communication channels for transmission over internet networks, installing security programs, etc.
8.3 Physical Measures
Access control for server rooms, data storage rooms, etc.
8.4 Response to Personal Information Breaches
The company responds promptly to personal information breaches in accordance with relevant laws and regulations.
Notification of Breach:
Notification to Supervisory Authorities:
- Korea: Within 24 hours of becoming aware of the breach (mandatory if affecting 1,000 or more individuals)
- EU: Within 72 hours of becoming aware of the breach
Data Subject Notification:
- Notify without undue delay if rights and freedoms are at risk
- Notification content: Items leaked, circumstances of occurrence, response measures, remedies available, contact details
- Notification Methods: Email, SMS, written notice, website announcement
Exceptions to notification:
- When data is unrecognizable due to protective measures such as encryption
- When post-incident measures have been taken to eliminate the risk
Inquiries regarding security breaches: security@tibero.com / 031-8018-1749
9. Personal Information Protection Officer and Responsible Personnel
The company has designated the relevant department and the Personal Information Protection Officer as follows to protect the personal information of data subjects and handle complaints related to personal information.
Global Chief Privacy Officer (CPO)
Contact Information by Department:
You may report any privacy-related concerns arising from the use of the Company's services to the Chief Privacy Officer or the responsible department. The Company will provide a prompt and thorough response to all reported matters.
10. Remedies for Rights Violations
If you require reporting or consultation regarding other personal information infringements, you may contact the following institutions to find remedies.
Personal Information Dispute Mediation Committee (www.kopico.go.kr / Toll-free 1833-6972)
Personal Information Infringement Reporting Center (privacy.kisa.or.kr / Toll-free 118)
Cyber Investigation Division, Scientific Investigation Department, Supreme Prosecutors' Office (www.spo.go.kr / Toll-free 1301)
Cyber Safety Bureau, National Police Agency (ecrm.cyber.go.kr / Toll-free 182)
11. Privacy Policy Changes
This Privacy Policy shall take effect on Febrary 20, 2026.