Notice Regarding Personal Information Processing Policy (Updated: June 27, 2025)
SK Inc. (hereinafter referred to as the “Company”) has established this Personal Information Processing Policy to protect the personal information of data subjects (hereinafter referred to as “Data Subjects” or “Users”) collected and used through the CloudZ Support Portal (https://support.skax.co.kr, hereinafter the “Portal”). The Company is committed to safeguarding the rights and interests of Data Subjects.
(Unless otherwise defined herein, the terms used in this Policy shall have the meanings defined in the Terms of Use posted on the Portal.)
Article 1 (Items Collected, Purpose of Collection, and Method of Collection)
The Company collects only the minimum personal information necessary to provide services, and uses the collected information solely within the scope disclosed in this Policy. The Company does not use or disclose the information beyond the notified scope without prior consent.
1. Items Collected and Purpose of Collection
Category | Usage Details | Items Collected |
Required Information | For membership registration, provision of member services, identity verification, prevention of misuse and unauthorized access by malicious users, limiting duplicate sign-ups, record retention for dispute resolution, notification of new services or service changes, communication purposes, and provision of services using CloudZ service usage data | Email address, password, full name, CloudZ service usage data, IP address, cookies, date of visit, service usage history |
Optional Information | For verifying service effectiveness, statistical analysis of service usage, and data collection for cyberattack prevention | Contact information (workplace or mobile), address, title (e.g., job title, nickname), company |
Optional Information (with consent for marketing and promotional purposes) | For providing user-friendly services, personalized content and services, event notifications, marketing, development of new services, and service improvement | Information agreed upon in the required and optional consent sections and derived data created by combining such information |
2. Methods of Collection
The Company collects personal information through the following means:
- Information provided by the User during sign-up or when starting to use the Portal via email or the Portal (including updates through profile edits)
- Information generated or collected automatically during service use or business processing, including via data collection tools
- Information provided by external companies or organizations in partnership with the Company (collectively referred to as “Partners”), in compliance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter the “Information and Communications Network Act”), under which the Partner obtains prior consent from the User before sharing personal information with the Company
- For members of the CloudZ Portal (https://www.cloudz.co.kr, hereinafter “CloudZ Portal”), the Company may collect CloudZ service usage information from the CloudZ Portal
Article 2 (Sharing and Provision of Personal Information)
The Company uses the personal information of Data Subjects only within the scope notified in Article 1 (Items Collected, Purpose of Collection, and Method of Collection), and does not use, share, or provide such information to third parties without the prior consent of the Data Subject.
However, exceptions may apply in the event that information is requested through legally defined procedures. These exceptions include:
- When required by applicable laws and regulations
- When requested by administrative or investigative agencies for administrative or investigative purposes
Even in such cases, the Company provides personal information only in accordance with the procedures and methods prescribed by law.
Article 3 (Outsourcing of Personal Information Processing)
To ensure smooth service delivery, the Company outsources certain tasks to external service providers. The Company specifies and oversees necessary measures to ensure that entrusted companies handle personal information safely in accordance with the Information and Communications Network Act.
In the event of any changes to the scope of entrusted services or the entrusted companies, the Company will promptly disclose such changes through this Personal Information Processing Policy.
Entrusted Party | Description of Entrusted Service | Retention and Use Period |
SK Shieldus | Operation of the site | Until the end of the service contract |
Freshworks Inc. | Provision and maintenance of Freshdesk services | Until the end of the service contract |
Article 4 (Retention and Storage Period of Personal Information)
The Company retains and uses Users’ personal information for the duration necessary to provide services to the User, and keeps the information for up to six (6) months after service termination or membership withdrawal for the purpose of dispute resolution.
However, if retention is required under relevant laws and regulations, the Company may retain the information for the legally specified period. Personal information may also be retained for the periods specified below when necessary for other purposes.
Applicable Law | Retained Information | Retained Period |
Act on the Consumer Protection in Electronic Commerce, etc. | Records on the supply of goods and services | 5 year |
Records on labeling and advertising | 6 month | |
Records on customer complaints or dispute resolution | 3 year | |
Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. | Records on identity verification | 6 month |
Protection of Communications Secrets Act | Records of visits (log data) | 3 month |
Article 5 (Overseas Transfer of Personal Information)
For smooth service operation and personal information processing, the Company may entrust part or all of the User’s personal information to overseas affiliates or third-party service providers as described below:
Recipient (Contact) | Freshworks Inc. (2950 S. Delaware Street, Suite 201, San Mateo , CA 94403 (1-650-513-0514)) |
Country of Recipient | United States |
Purpose of Use | Data storage and email delivery |
Items Transferred | Email address, password, full name, CloudZ service usage data, contact information (workplace or mobile), address, title (job title, designation, nickname, etc.), company, IP address, cookies, date of visit, service usage records, etc. |
Transfer Time & Method | Transferred from time to time over the information and communications network as needed |
Retention & Use Period | Until the purpose of use is fulfilled by the Company or the User requests correction or deletion of the information |
If you wish to refuse the overseas transfer of your personal information, please contact us via email at zservice@sk.com.
However, please note that refusing the overseas transfer may limit your access to certain services.
Article 6 (Procedures and Methods for Disposal of Personal Information)
1. Disposal Procedures
- When personal information becomes unnecessary due to expiration of the retention period or fulfillment of the processing purpose, the Company promptly disposes of such information without delay.
- If the Company is required by law to continue retaining personal information even after the agreed retention period has expired or the purpose of processing has been achieved, such information will be stored in a separate database (DB) or kept in a different location. Once the legal obligation ends, the information will be immediately disposed of.
2. Disposal Methods
- Personal information printed on paper is shredded or incinerated.
- Personal information stored in electronic file formats is deleted using technical methods that render the data unrecoverable.
Article 7 (User Rights, Obligations, and Exercise Methods)
1. Users may exercise the following rights related to personal information protection at any time:
1) Request to access personal information
2) Request for correction of errors
3) Request for deletion
4) Request for suspension of processing
2. The rights in Paragraph 1 may be exercised by submitting a request in writing, by email, fax, or via support tickets. The Company will take necessary actions without delay upon receipt.
3. If a Data Subject requests correction or deletion of their personal information due to an error, the Company will not use or provide the information until the correction or deletion is completed.
4. A Data Subject may exercise their rights through a delegated representative (hereinafter referred to as a “Representative”). In such cases, a power of attorney prepared by the Data Subject must be submitted.
5. As a general principle, the Company does not collect personal information from children under the age of 14. However, if it becomes necessary to collect such information through 1:1 inquiries or support services, the Company will obtain consent from the child’s legal guardian. The collected information will be promptly disposed of once the intended purpose is fulfilled or the retention period agreed upon at the time of collection has expired.
Article 8 (Use of Automatic Data Collection Devices and Opt-Out Options)
The Company uses cookies to store and retrieve user information as needed in order to provide personalized services tailored to Users.
A cookie is a small text file that the web server (HTTP) sends to the User’s browser. It may be stored on the User’s hard drive and contains a small amount of data.
Users have the option to accept or refuse cookies. By configuring their web browser settings, Users can choose to (i) allow all cookies, (ii) be prompted before cookies are stored, or (iii) refuse all cookies.
Please note that disabling cookies may result in limited functionality or inconvenience when using certain services.
1. Purpose of Cookie Usage
Cookies are used to identify the purpose of a User’s visit and to provide optimized information and services accordingly.
2. How to Disable Cookies
- For Microsoft Edge : Click the icon in the upper-right corner of the browser → Select Settings → Go to Cookies and Site Permissions → Choose Manage and delete cookies and site data
- For Google Chrome : Click the icon (︙) in the upper-right corner of the browser → Select Settings → Scroll down and click Advanced → Under Privacy and security, click Content settings → Go to Cookies
Article 9 (Technical and Managerial Measures for the Protection of Personal Information)
The Company has established and applies the following technical and managerial protection measures to prevent loss, theft, leakage, alteration, or damage of personal information during processing:
1. Password Encryption
- User passwords are encrypted and securely stored and managed.
2. Measures Against Hacking and Other Threats
- The Company makes every effort to prevent the leakage or damage of Users’ personal information caused by hacking, computer viruses, or similar threats.
- Data is regularly backed up in preparation for possible damage, and the latest antivirus programs are used to prevent data breaches or corruption. An intrusion prevention system is in place to block unauthorized access from external sources, and all technically feasible security measures are taken to ensure system-level protection.
3. Minimization and Training of Authorized Personnel
- Only authorized personnel are granted access to personal information, and access rights are protected with dedicated passwords that are regularly updated. The Company conducts periodic training for staff to ensure compliance with this Personal Information Processing Policy.
4. Operation of a Dedicated Personal Information Protection Team
The Company operates a dedicated team to monitor compliance with the Personal Information Processing Policy and staff responsibilities. If any issues are discovered, the Company takes immediate action to correct them.
Please note that the Company is not responsible for any leakage of personal information resulting from the negligence of the Data Subject or issues inherent to the internet environment.
Article 10 (Contact Information of the Personal Information Protection Officer and Staff)
The Company has appointed a Personal Information Protection Officer to take overall responsibility for personal information processing, and to handle User complaints and inquiries regarding personal data protection, as shown below:
Personal Information Protection Officer | Personal Information Manager | |
Name | Heo Min-Hoe, Executive Director | Portal Operations Team |
Department | Cloud Platform Group, SK Inc. | Managed Service Team, SK Inc. |
Phone | 02-6400-0114 | 02-6400-0114 |
zservice@sk.com | zservice@sk.com |
Data Subjects may contact the officer or manager at any time regarding personal information protection-related inquiries, complaints, or dispute resolution.
The Company will respond and handle such matters without delay.
For external consultation or to report a privacy violation, you may also contact the following organizations:
• Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 (no area code))
• Comprehensive Privacy Portal (www.privacy.go.kr / 02-403-0073)
• Cyber Investigation Bureau, Korean National Police Agency (www.ctrc.go.kr / 182 (no area code))
Article 11 (Duty of Notification)
In the event of any additions, deletions, or modifications to this Personal Information Processing Policy, the Company will notify Users at least seven (7) days in advance through the Portal's “Notices” section.
• Data of Announcement : June 20, 2025
• Effective Date : June 27, 2025
Previous Versions of the Policy
• Personal Information Processing Policy Notice (Updated: 2024.09.26)
• Personal Information Processing Policy Notice (Updated: 2021.06.18)
• Personal Information Processing Policy Notice (Updated: 2020.05.07)
• Personal Information Processing Policy Notice (Updated: 2019.01.16)