top of page
Privacy Policy
OVERVIEW
1. Privacy Policy Introduction
2. Personal Information Collection
3. Use of Personal Information
4. Provision of Personal Information
5. Destruction of Personal Information
6. Rights and Methods of Exercising Rights for Users and Legal Representatives
7. Automated Collection of Personal Information (Installation, Operation, and Refusal)
8. Measures to Ensure the Security of Personal Information
9. Data Protection Officer and Grievance Handling Department
10. Obligation to Notify Prior to Amendments
1. Privacy Policy Introduction
Our Privacy Policy outlines the guidelines that Corca, Inc. ("the Company") adheres to, ensuring users can utilize our services with peace of mind. In accordance with South Korean laws, including the Personal Information Protection Act, GDPR, and CCPA, we comply with relevant privacy regulations and guidelines to provide our Privacy Policy.
The Company collects, uses, and provides personal information based on user consent. We actively ensure the rights of users (right to self-determination of personal information) by providing clear labeling of key personal information processing details for easy understanding.
This Privacy Policy explains the information collected from users ("Users") through CORCA’s products or related services (each referred to as "Service") and website, and how that information is used. Any use of user information for purposes not explained in this Policy will not occur.
-
Personal Information: CORCA collects the minimum necessary personal information required to provide services. Personal information is collected after notifying the user of the purpose and items to be collected and obtaining their consent. *For more details, please refer to the Privacy Policy below (2. Personal Information Collection).
-
Purpose of Processing: The personal information collected by CORCA is used solely for purposes necessary to provide services, such as member management, service provision and improvement, and new service development. Users are notified of the purpose of processing during personal information collection and their consent is obtained. *The purposes of personal information use by the Company can always be checked in the Privacy Policy below (3. Purpose of Personal Information Use).
-
Provision to Third Parties: Personal information may be provided to third parties for service connections and partner services. CORCA does not provide personal information to third parties without separate user consent, except as required by law. Users are informed of the recipient and purpose of such provision and their consent is obtained. *For potential third-party provision cases, please refer to the Privacy Policy below (4. Provision of Personal Information).
-
Outsourcing Processing: Some essential tasks for service provision are outsourced to external companies. The Company manages and supervises these companies to ensure compliance with relevant laws, including prohibiting the processing of personal information for purposes other than performing the outsourced tasks, applying technical and managerial protection measures, and limiting re-outsourcing. *For details on outsourced companies, please refer to the Privacy Policy below (4. Provision of Personal Information).
-
Rights and Obligations of Information Subjects: CORCA guarantees the rights and obligations of information subjects regarding personal information processing. Users can access, correct, withdraw consent for the collection/use/provision of their personal information, or request termination of their membership at any time. *For more details on user rights and obligations, please refer to the Privacy Policy below (6. Rights and Exercise Methods of Users and Legal Representatives).
-
Complaint Handling Department: For inquiries, complaints, advice, or other matters related to personal information protection during service use, please contact us at privacy@corca.ai. CORCA always listens to your voice and strives to provide safer services. *For the contact details of the person responsible for personal information processing and the complaint handling department, please refer to the Privacy Policy below (9. Personal Information Protection Officer and Complaint Handling Department).
2. Personal Information Collection
CORCA collects the minimum necessary personal information required for service provision. Required information is collected as mandatory items, and additional information may be collected as optional items depending on the nature of the service. If users do not consent to optional items, there may be limitations in using some services.
Collection Items by Service
-
Service: CORCA Website, Moonlight Website
-
Collection Items:
-
Automatically Collected Items: IP address, access logs, cookies, etc.
-
Customer Inquiry or Meeting Request Form Submission:
-
Mandatory: Name, phone number, email address
-
-
Partnership Proposal:
-
Mandatory: Company (institution) name, proposer name, job title, phone number, email address
-
-
-
-
Service: Talent Acquisition (Job Application, Talent Pool Registration, Coffee Chat Request)
-
Collection Items:
-
Applicant Registration:
-
Mandatory: ID (email address), name, date of birth, mobile number
-
-
Application Form Submission:
-
Mandatory: Career details (start and end dates, company name, job title, responsibilities, employee type), project history (start and end dates, company name, project name, project type, role and technology used), military status, self-introduction
-
Optional: Education details, certifications, language proficiency, awards, veteran status, disability details
-
-
Compensation Determination:
-
Mandatory: Supporting documents
-
-
Upon Final Acceptance:
-
Mandatory: Copy of ID, bank account, graduation (enrollment) certificate, nationality, address, resident registration number (or alien registration number for foreigners)
-
Optional: Veteran number
-
-
-
-
Service: Access Badge Application System
-
Collection Items:
-
Mandatory: Name, affiliation, mobile number, email address
-
-
-
Service: CORCA Office Visitor Management
-
Collection Items:
-
Mandatory: Name, phone number, affiliation, email address
-
-
-
Service: CORCA Ads
-
Collection Items:
-
Corporate Member Registration:
-
Mandatory: Company name, name, email address, mobile or extension number, department, job title
-
Corporate Information (for main contact): Representative's name, phone number, business address, bank account details, account copy
-
-
Individual Member Registration:
-
Mandatory: ID (email address), name, email address, mobile number
-
-
Survey and Prize Distribution:
-
Mandatory: Name, mobile number, email address
-
-
-
-
Service: CORCA Recommend
-
Collection Items: Same as CORCA Ads
-
-
Service: CORCA Search
-
Collection Items: Same as CORCA Ads with additional optional items: Date of birth, gender, address
-
-
Service: Moonlight
-
Collection Items:
-
Feature Usage History: Time, feature name, etc.
-
Automatically Collected Items: IP address, access logs, cookies, etc.
-
Corporate Member Registration:
-
Mandatory: Company name, name, email address, date of birth, gender, mobile or extension number, address, department, job title
-
Corporate Information (for main contact): Representative's name, phone number, business address, bank account details, account copy
-
-
Individual Member Registration:
-
Mandatory: ID (email address), name, email address
-
-
Survey and Prize Distribution: Same as CORCA Ads
-
-
-
Service: Brain
-
Collection Items: Same as Moonlight
-
-
Service: Trace
-
Collection Items: Same as Moonlight with additional item collection during service usage:
-
Automatically Collected Information: Device information (OS, screen size, device ID, phone model), IP address, cookies, visit date/time, usage records, etc.
-
-
Additionally, the following information may be automatically generated and collected during service use: Information such as device details (OS, screen size, device ID, phone model, device model), IP address, cookies, visit date and time, records of misuse, and service usage records may be automatically generated and collected during the use of PC web, mobile web, and apps.
Methods of Collecting Personal Information
-
Direct input of information by users who agree to personal information collection during registration and service use.
-
Information provided by affiliated services or organizations.
-
Communications through customer service (webpage, email, fax, phone).
-
Participation in online/offline events or activities.
Labeled Items
-
Personal Information: We collect only the minimum necessary personal information for service provision. Additional personal information may be collected with user consent for specialized features.
-
Unique Identifiers | Resident Registration Number: We may collect resident registration numbers as required by relevant laws for tasks such as payment processing, account verification, and withholding tax.
-
Automated Collection: Information such as device details, IP address, cookies, visit date and time, records of misuse, and service usage records may be automatically generated and collected during service use
3. Use of Personal Information
The Company uses users' personal information within the scope of the purposes for which consent was obtained.
-
Job Applicant Management: Identifying applicants, confirming application intent, managing recruitment processes, delivering notices, ensuring smooth communication with applicants, and using them as reference materials for continuous recruitment. (Upon final acceptance) Calculating compensation, confirming identity of new hires, managing human resources, executing and fulfilling employment contracts (e.g., workforce assignment, welfare, training, salary agreements), and maintaining employee records and payroll.
-
Access System Management: Identifying individuals, issuing and collecting access badges, managing access requests and history, and identifying individuals during access control.
-
CORCA Office Visitor Management: Managing visitor information, access history, and identifying individuals during access control.
-
Partnership Proposal Management: Receiving and responding to proposals, and verifying information for review and acceptance of partnership proposals.
-
Customer Management and Contract Administration for CORCA E-Commerce Marketing Solutions (CORCA Ads, CORCA Search, CORCA Recommend): Identifying users, member management, verifying identity, preventing misuse, delivering notices, responding to inquiries, providing information related to service use, analyzing user behavior to improve services, providing personalized services, verifying and registering clients, checking account validity, contract execution, managing orders and payments.
-
Survey and Prize Distribution
-
Customer Management and Service Contract Administration for Moonlight, Trace, Brain: Identifying users, member management, verifying identity, preventing misuse, delivering notices, responding to inquiries, providing information related to service use, analyzing user behavior to improve services, providing personalized services, verifying and registering clients, checking account validity, contract execution, managing orders and payments, conducting surveys and distributing prizes.
Labeled Items
-
Processing Items and Purposes: Personal information collected with user consent is processed for necessary service provision purposes. The items of personal information processed and their purposes are always disclosed through the privacy policy.
4. Provision of Personal Information
We do not provide users' personal information to third parties without separate consent from the user or unless required by law. However, if the provision of personal information to third parties is necessary during service use, we obtain the user's consent in advance.
The Company may entrust all or part of the personal information processing tasks to external companies if necessary for service provision. We manage and supervise the entrusted companies to ensure compliance with relevant laws on personal information protection, including prohibitions on processing for purposes other than the entrusted task, application of technical and administrative protective measures, and limiting re-entrustment.
Entrusted Processing of Personal Information
Entrusted Company | Details of Entrusted Tasks
-
Amazon Web Services: Service development and operation, data center operation
-
Google Cloud Platform: Service development and operation, data center operation
-
Wix: Website development and operation
-
SparkPlus: Comprehensive office management (meeting reservations, office visit management, integration and management of access systems and issuance of access QR codes, integration and management of parking management systems)
-
Greeting: Recruitment service use and management
-
Wanted: Recruitment service use and management
-
Remember: Recruitment service use and management
-
ModuSign: Electronic signature use and management
Labeled Items
-
Third-Party Provision: Personal information is provided to third parties only after obtaining user consent for the use of external affiliate services. The list of companies to which personal information may be provided can be checked in the detailed view of the third-party provision of the personal information section.
-
Entrusted Processing: Some essential tasks for service provision are entrusted to external companies. We regularly manage and supervise the entrusted co
5. Destruction of Personal Information
We promptly destroy collected personal information once the purpose of its collection and use has been achieved. The procedures and methods are as follows: When the purpose of collection and use is achieved or a reason for destruction arises, such as member withdrawal, we determine the method of destruction considering the form of the personal information. If the information is in electronic file form, it is securely deleted to prevent recovery and reproduction. For records, printed materials, and documents, they are shredded or incinerated.
The following information is stored for a certain period according to our internal policies and then destroyed:
-
Information regarding partnership proposals is stored for 3 months after review and then promptly destroyed.
-
Job applicant's application history is stored for 1 year after withdrawal to verify application history. (The original values are safely converted to prevent identification, and only comparative values are used.)
-
Information of the final successful applicants allowed to be retained by law is stored for the period specified by law. (If separate consent is obtained, personal information may be processed and retained within the scope of the agreed purpose and period.)
-
Purpose of issuing certificates for former employees' career verification: Basis for retention - Labor Standards Act
-
Purpose of processing year-end tax settlement: Basis for retention - Income Tax Act, Framework Act on National Taxes | Retention period: 5 years
-
Meeting reservation information is stored for 1 year from the meeting request date and then promptly destroyed.
-
Office visit records are stored for 1 year from the visit date and then promptly destroyed.
-
Member and transaction information of all CORCA services (CORCA Ads, CORCA Search, CORCA Recommend, Moonlight, Brain, Trace) is stored for the following periods according to company internal policies and relevant laws, and other information is promptly destroyed upon member withdrawal.
A. Retention period according to company internal policies:
-
If a membership application is rejected, the information is retained for 7 days from the request date and then destroyed.
-
Notification sending history to suppliers is retained for 1 month from the sending date and then destroyed.
-
All transaction-related information is retained for 6 years from the last transaction date to respond to regulatory requests and then destroyed.
B. Retention period according to relevant laws:
-
10 years for company commercial books and important documents related to business according to the Commercial Act, 5 years for vouchers or similar documents.5 years for all transaction-related books and supporting documents according to the Framework Act on National Taxes and the Corporate Tax Act.
-
Information of dispute resolution applicants is stored for 1 year from the dispute resolution notification date and then promptly destroyed.
-
Member information used in the office access request system with SparkPlus is retained for 1 year upon member withdrawal and then destroyed, and information collected for access history management is retained for 1 year from the access event occurrence and then destroyed.
-
Biometric information (fingerprints, vein original information, and feature information) is promptly destroyed upon deletion of authority or member withdrawal.
In addition, personal information that needs to be retained for a certain period according to relevant laws or the statute of limitations under the Commercial Act is as follows. View detailed information on personal information retention according to relevant laws.
Labeled Items
-
Retention Period and Destruction: Collected personal information is retained for the agreed retention period and is securely destroyed once the purpose of use is achieved. However, if certain information needs to be retained for a specified period according to relevant laws, it is separately stored and then destroyed.
6. Rights and Methods of Exercising Rights for Users and Legal Representatives
Users have the following rights regarding the processing of their personal information:
-
The right to request access to personal information
-
The right to request correction of personal information
-
The right to request suspension of personal information processing
-
The right to request deletion of personal information and to withdraw consent/terminate membership
However, for smooth progress of the recruitment process, job applicants cannot modify or delete already submitted applications after passing the document screening. If you wish to delete the submitted personal information, please contact our recruitment team, and we will take action without delay.
-
Recruitment Team Contact: careers@corca.ai
When processing personal information of children under 14 years old, the consent of a legal representative is required. Legal representatives have the right to access, correct, delete, suspend the processing, and withdraw consent for their child's personal information. We may request minimal information from children, such as the legal representative's name and contact information, to obtain consent from the legal representative. The consent of the legal representative is confirmed through the following methods:
-
Verification of the legal representative's identity through mobile phone authentication
-
Providing a written consent form to the legal representative for signature and submission
-
Other methods equivalent to the above to inform the legal representative of the consent details and confirm consent
Labeled Items
-
Rights and Duties of Information Subjects: Users can view or modify their personal information at any time and withdraw consent for personal information they have already agreed to.
-
Legal Representative: For users under 14 years old, legal representatives are guaranteed the right to access, correct, delete, suspend processing, and withdraw consent for the child's personal information.
7. Automated Collection of Personal Information (Installation, Operation, and Refusal)
The Company may install and operate cookies to provide web-based services. Cookies are used to support faster and more convenient website usage and to provide customized services to users.
What are cookies?
Cookies are very small text files sent to the user's browser by the server used to operate the website and are stored on the user's computer.
Why do we use cookies?
Cookies store users' preferred settings to support a faster web environment and are used to improve services for convenience. This allows users to use the services more easily.
How to refuse the collection of cookies?
Users have the option to allow or refuse the installation of cookies through their web browser settings by navigating to 'Settings > Privacy > Cookies and other site data' in the browser's menu. However, if the installation of cookies is refused, web usage may become inconvenient, and it may be difficult to use some services that require login.
Enabling/Disabling Cookies in Web Browsers
-
Chrome: Settings > Privacy and security > Clear browsing data
-
Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data
Enabling/Disabling Cookies in Mobile Browsers
-
Chrome: Settings > Privacy and security > Clear browsing data
-
Safari: Settings > Safari > Advanced > Block all cookies
-
Samsung Internet: Settings > Browsing history > Clear browsing history
8. Measures to Ensure the Security of Personal Information
The Company is committed to protecting users' personal information through the following efforts:
Encryption of Personal Information
We transmit users' personal information using encrypted communication channels and store important information, such as passwords, in an encrypted format.
Protection from Hacking and Computer Viruses
To prevent the leakage or damage of users' personal information due to hacking or computer viruses, we install systems in areas where access is controlled from the outside. We have set up systems that detect and block intrusions by hackers, and we monitor them 24/7. We also have antivirus programs installed to protect systems from the latest malware and viruses. Additionally, we continuously research and apply new hacking and security technologies to our services.
Minimization of Personnel Access to Personal Information
We limit the number of employees who have access to personal information to the minimum necessary. We also have systematic criteria for creating and changing passwords for the personal information processing system and the rights to access it, and we conduct continuous audits.
Regular Training for Personal Information Handlers
All personnel handling personal information receive regular training and participate in campaigns on their obligation to protect personal information and security.
Secure Storage of Documents and Storage Media Containing Personal Information
Documents, auxiliary storage media, and other materials containing personal information are stored in a secure location with locking devices.
Compliance with Domestic and International Certification Standards
We ensure compliance with domestic and international certification standards for our activities and systems to protect user information. We undergo annual verification from independent auditing organizations to meet the standards for information protection and personal information management systems and identify opportunities for improvement.
Various Activities for Protecting Users' Personal Information
CORCA operates a privacy management system based on Privacy by Design and provides necessary guides to help all users, including children, adolescents, and the elderly, easily understand the company's personal information protection policies.
Security Measures: We comply with all legal requirements under the Personal Information Protection Act to safely manage users' personal information. The level of protection measures is regularly checked through internal inspections and external verifications.
GDPR Compliance
CORCA complies with the General Data Protection Regulation (GDPR) and the laws of EU member states. The following applies when we provide services to users within the European Union.
Purpose and Legal Basis of Personal Information Processing
CORCA uses collected personal information only for the purposes specified in "3. Use of Personal Information" and informs users of these facts in advance and obtains their consent. According to the GDPR, the Company may process users' personal information in the following cases:
-
With the consent of the data subject
-
For the performance and execution of a contract with the data subject
-
For compliance with legal obligations
-
To protect the vital interests of the data subject
-
For the legitimate interests pursued by the Company (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject)
Rights of Users within the European Union
In accordance with the GDPR, users have the right to request the transfer of their personal information to another data controller and the right to object to the processing of their information. Users also have the right to lodge a complaint with a supervisory authority. Corca, Inc. may use personal information for marketing purposes such as events and advertisements, and we obtain users' consent in advance. Users can withdraw their consent at any time if they do not wish to receive such communications. For related requests, please contact privacy@corca.ai, and we will take action without delay. If you request a correction of personal information errors, we will not use or provide the relevant personal information until the correction is complete.
CCPA Compliance
CORCA complies with the California Consumer Privacy Act (CCPA). The following applies when we provide services to users within the state of California, USA.
Categories of Collected Personal Information
The Company collects the following categories of personal information, although not all categories are collected from every individual:
-
Identifiers such as name, email address, internet protocol address, account name, or other similar identifiers
-
Categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), which may include phone number, mailing address, payment information, and education and employment history for job applicants
-
Commercial information such as product usage data, records of products or services purchased or considered, or other purchasing or consuming histories or tendencies
-
Internet and other similar network activity, such as browsing history on our website, interactions with our website, email, or products
-
Customer records, billing address, credit or debit card information
-
Geolocation data
-
Professional or employment-related information, including job title and business contact information for consumers and job applicants
Rights of Users within California
Under the CCPA, California consumers have the right to request access to specific personal information collected in the past 12 months. The Company provides additional details about our personal information collection and related guidelines, including the categories of personal information collected, the categories of sources from which the personal information is collected, the business or commercial purposes for which the personal information is collected, and the categories of third parties with whom we share personal information. Requests can be made through privacy@corca.ai. Users' rights under the CCPA include:
-
The right to request correction and deletion of personal information (certain exceptions may apply)
-
The right to object to processing
-
The right to data portability
-
The right to opt out of the sale of personal information and profiling related to automated decision-making
Sale and Sharing of Personal Information
CORCA does not provide collected personal information to third parties in the traditional sense of "selling." However, we may share or entrust collected personal information to third parties for the purposes explained in this privacy policy. We also use website analytics services that may process personal information, which could be considered "selling" under the CCPA. Users can always refuse this by blocking cookies on CORCA's website.
9. Data Protection Officer and Grievance Handling Department
The Company has designated a Data Protection Officer and a Grievance Handling Department to address user inquiries and complaints related to personal information.
Data Protection Officer and Contact Information
-
Officer: Young Hyun Chung (Data Protection Officer)
-
Contact: privacy@corca.ai | +82 2 6925-6978
Additional Support
For further assistance with personal information-related reports or consultations, you can contact the following agencies:
-
Personal Information Infringement Report Center: 118 (no area code) | http://privacy.kisa.or.kr
-
Supreme Prosecutors' Office Cyber Crime Investigation Unit: 1301 (no area code) | https://cybercid.spo.go.kr/
-
National Police Agency Cyber Bureau: 182 (no area code) | https://ecrm.cyber.go.kr/
-
Personal Information Dispute Mediation Committee: 1833-6972 (no area code) | https://www.kopico.go.kr
Labeled Items
-
Data Protection Officer & Grievance Handling Department: For all inquiries and requests related to personal information protection during service use, please contact our customer service center for prompt assistance.
-
Remedies for Infringement of Rights: If you need to report or consult on a personal information infringement, you can contact national agencies for assistance.
10. Obligation to Notify Prior to Amendments
This Privacy Policy may be modified to reflect changes in relevant laws or services, and we will notify users of such changes through announcements on our website at least 7 days before the changes take effect. However, for significant changes affecting users' rights, we will provide at least 30 days' notice.
-
Effective Date of the Privacy Policy: November 1, 2024
-
Changes to the Privacy Policy: This Privacy Policy may be revised due to changes in relevant laws or services. Any changes will be announced in advance through notices.
bottom of page