This addendum (“Addendum”) supplements the Application Privacy Policy and sets forth, in greater detail, the information related to how we collect, use, and disclose the personal information of users in South Korea.
Specifically, we transfer your personal information to third parties as below.
Procedures of destruction
We select the personal information to be destroyed (i.e., personal information whose purpose of processing is achieved or whose retention period has expired) and destroy it with the approval of our Data Protection Officer.
Method of destruction
We do not print any personal information related to the 1.1.1.1 Application on paper. If we did, however, such personal information will be destroyed by shredding, incinerating, or some other similar method and, if saved in electronic form, the data will be destroyed by technical methods (e.g. Low Level Format) which ensure that the data cannot be restored or recovered.
If required to retain personal information pursuant to applicable Korean laws, such as those set forth below, then, to the extent we collect such personal information, we will retain it solely for the retention periods and purposes prescribed thereunder.
(a) Commercial ledgers and material documents/statements related to business operations, all ledgers on business transactions and information related to supporting documentation: 10 years for material business documents and 5 years for statements (as required under the Commercial Code, the Framework Act on National Taxes, and the Corporate Tax Act)
(b) Records on contracts and withdrawal of subscriptions: 5 years (as required under the Act on Consumer Protection in Electronic Commerce Transactions)
(c) Records on payments and supply of goods: 5 years (as required under the Act on Consumer Protection in Electronic Commerce Transactions)
(d) Records on consumer complaints and processing of disputes: 3 years (as required under the Act on Consumer Protection in Electronic Commerce Transactions)
(e) Records of logins: 3 months (as required under the Protection of Communications Secrets Act)
As detailed here, we collect only very limited personal data. A user and/or their legal representative may access, correct, or delete the user’s registered personal information at any time. A user and/or their legal representative may also withdraw consent to the collection, use, provision, or storage of personal information that the user provided in order to use the services. Please contact SAR@cloudflare.com if you wish to exercise any of these above rights.
Effective Date: February 28, 2023
To see prior versions of the privacy policy please send an email to privacyquestions@cloudflare.com