[‘RIKARIDE’ Privacy Policy]
Studio Galilei Co., Ltd. (hereinafter, the “Company”
or “we”) provides this Privacy Policy to explain how we collect, use, process,
and disclose your personal data through the RIKARIDE Solution, which
includes the passenger app, driver app, vehicle dashboard tools, server
systems, and all other functionalities required to operate the service
(hereinafter collectively referred to as the “RIKARIDE App”).
Personal data (“data”) refers to any information that can be used to
identify you, either directly or indirectly. This includes, but is not limited
to: your name, nationality, phone number, banking and credit card details,
personal interests, email address, image, government-issued identification
numbers, biometric data, race, date of birth, marital status, religion, health
information, vehicle and insurance details, employment history, and financial
data.
The Company generally collects, uses, discloses, or otherwise processes your
personal data based on your consent and in accordance with this Privacy Policy.
We may also process your data to the extent permitted or required by applicable
laws in the following cases:
l When required to comply with the legal requirements
l When it is necessary to enter into or fulfill a contract with you
l When it is necessary for our legitimate interests, or those of a third party, provided that such interests do not override your fundamental rights and freedoms
1. Data Collections and Uses
The Company collects your personal data through the methods listed below. We may also combine personal data collected through various channels as described.
1.1 Personal Data Collection
The Company collects personal data under the following methods.
-
When users participated in both online and
offline events, promotions, or similar activities..
- When the user consents to the collection of personal data and voluntarily provides their information during membership registration.
- When personal data is collected during the use or operation of the service.
- When personal data is provided by affiliated services or outside companies or organizations partnered with the Company.
- When personal data is collected through websites, email, fax, or phone during consultation via the Help Center.
- When the user participates in events, promotions, or similar activities conducted both online and offline.
1.2 Personal Data Collection During Service Use
The Company collects the following personal data while you use the RIKARIDE Solution:
- Location Information
- Device information (hardware model and serial number, IP address, etc.), file and app names and versions, GPS location, IMEI number, advertising identifier, and other data indicating device or app modifications
- Transaction information, such as payment methods
- Usage data, such as features you interact with and content you view on our app, website, or services
- Feedback, ratings, and commendations
- Personal data you input when using in-app communication features
- Audio and/or video recordings that may include your image, voice, or both, and related metadata collected during interactions with drivers or with the Company during rides
n In-vehicle applications or devices: We may install audio and/or video recording devices or software in vehicles to enhance the safety and security of both users and drivers, or delivery partners.
-
When You Provide Personal Data of Others:
In some cases, you may provide us with personal data of other individuals
(e.g., your spouse, family members, or friends). This may occur when you use
in-app chat features, book a ride on their behalf, or designate them as
recipients or emergency contacts. By doing so, you represent and guarantee that
you have obtained their consent for their personal data to be collected, used,
and disclosed in accordance with this Privacy Policy.
- Other Sensitive Personal Data:
Some of the personal data we collect may be classified as sensitive. This includes racial or ethnic origin, national ID information, religious beliefs, background data (including legally collectable financial or criminal records), health-related data, disability status, marital status, location, and biometric data. We collect such data only in compliance with the law and with your explicit consent.
2. Purpose of Personal Data Use
The Company may utilize your personal data for the following purposes:
1. Member Management
- To identify users, verify registration intent, confirm identity and age, and provide membership-based services
- To detect users with limited access rights, prevent fraudulent or abusive use, and restrict repeated registrations
2. Service Provision and Operation
- Primary Service Provision: demand-responsive transport (DRT) service
- To analyze service usage records, access frequencies, and relevant statistical data
- To prevent and respond to unauthorized use or account misuse that may affect service operations
- To deliver service-related notices and announcements
- To conduct user satisfaction surveys to improve service quality
3. Marketing and Advertising Usage
- To offer promotional events in connection with service enhancements or the development of new features
- To provide personalized or targeted services and advertising
4. Incident Management and Response
- To retain records necessary for resolving disputes
- To respond to inquiries, complaints, or service-related claims
- To identify the cause of incidents and take appropriate action
Management of Personal Data Collected
The Company entrusts part of its work necessary for providing services to outside companies. It stipulates, through service agreements, the matters necessary to ensure that the entrusted parties comply with applicable data protection laws, maintain the confidentiality of personal data, prohibit third-party disclosures, assume responsibility in the event of incidents, define data retention periods, and return or securely dispose of personal information upon termination of processing.
The Company conducts appropriate management and supervision to ensure such compliance.
※ The list of entrusted companies may be updated depending on service changes or contract periods, and any such updates will be promptly disclosed in this Privacy Policy.
|
Entrusted Company |
Description of Services Provided |
|
JANDI PLUS Co., Ltd. |
Vehicle operation and driving services |
|
2C2P |
Identity verification |
|
AWS |
Provision of infrastructure solutions |
|
|
Mapping and navigation services |
|
Insurance Company |
Report submission and claim handling during insurance fee processing, as required under contractual terms |
Provision of Personal Data to Third Parties
As a general principle, the Company does not use, disclose, or provide your personal data to any third party beyond the scope of your consent, unless such use or disclosure is required by law or regulation. However, in the following cases, your personal data may be disclosed in a limited and controlled manner, with due care:
- When a vehicle is assigned through the RIKARIDE Solution for service use, the passenger’s nickname (user ID) may be displayed in the RIKARIDE driver app for identification purposes.
|
Recipient |
Purpose |
Information Provided |
Retention and Usage Period |
|
Driver |
Pick-up, drop-off, and ride management |
Nickname |
Until the purpose of ride processing has been fulfilled |
|
Transportation Company |
Accident reporting and customer service handling |
Name, Phone Number, Ride History |
Until the purpose of accident or customer service handling has been fulfilled |
We do not use your personal data beyond the scope specified above, nor do we
disclose or provide it to any third party, individual, or organization without
your prior consent. However, exceptions may apply in the following cases:
① When you have given prior consent
② When required by specific provisions of applicable laws or regulations
③ When requested by law enforcement authorities in accordance with procedures and methods prescribed by law
When personal location information is provided to a third party designated by the user, the Company notifies the user of the disclosure. In such cases, we send a notification to the user’s communication device used to collect the location data, specifying the recipient, the date and the time of provision along with the purpose.
However, if the user has pre-designated a specific communication device or email address, the notification will be sent to that channel instead.
Retention and Usage Period of Personal (Location) Data
The Company retains and uses your personal data from the time it is collected until the purposes for which the user has provided consent are fulfilled. Once these purposes have been fulfilled, the data will be promptly and securely deleted.
However, in certain cases where retention is required by applicable laws such as the Commercial Act, we may retain the relevant data strictly for such legal purposes. In such cases, the data will be used only for the specific retention purpose, and the retention periods are as follows:
Retention of Personal Data according to Internal Policy
|
Category |
Retention and Usage Period |
|
Records of member information related to customer complaints or dispute resolution |
Until the dispute is fully resolved |
|
Records of former members retained to prevent re-registration |
Three months after account deletion |
Destruction of Personal (Location) Data
Unless otherwise required under applicable laws, we safely destroy personal data in an unrecoverable way when the purpose of processing personal data has been attained.
-
Data Destruction Procedure
Personal data provided by the user is transferred to a separate database (or a
designated physical storage cabinet in the case of paper records) after the
purposes of its collection and use have been fulfilled. It is then retained for
a limited period in accordance with internal policies and other applicable
legal requirements (see Retention and Usage Period) and subsequently destroyed.
Personal data stored in the separate database will not be used for any purpose
other than those required by law.
-
Data Destruction Method
Electronic files are destroyed using a technical method that cannot be
recovered or regenerated, and other records such as printed materials, written
documents, physical files are destroyed by shredding or incineration.
Rights of Users and Legal Guardians, and How to Exercise Them
Users or their legal guardians (in the case
of the use under the age of 18) may revoke their consent to the collection and
use of personal data at any time, including by terminating their membership.
Users may request access to, disclosure of, or correction of their personal
data. Legal guardians may make such requests on behalf of the user under the
age of 18.
Users may exercise these rights by contacting our Help Center or the Chief
Privacy Officer (CPO) via written request, phone, or email.
If a user requests a correction of personal data due to an error, the Company will
not use or disclose the data in question until the correction has been completed.
If the data has already been provided to a third party, we will promptly notify
the third party to ensure that the correction is properly made.
If a user or legal guardian withdraws their consent (e.g., termination of
membership), the Company will promptly delete the relevant personal data,
unless retention is required under applicable laws. In such cases, the data
will be processed in accordance with the retention and usage periods set forth
in this Privacy Policy and will be accessed or used only when strictly
necessary.
Automatic Collection of Personal Data and How to Refuse It
The Company uses cookies and similar technologies that store and retrieve user information as needed. Cookies are small text files sent by a website server to a user’s browser, which are then stored on the user’s computer hard drive.
We use cookies for the following purposes:
Purpose of Cookie Usage
The Company uses cookies to analyze website traffic and visit frequency, identify and understand user interests, and track participation in events and visit history, allowing us to conduct targeted marketing and provide personalized services.
Users have the option to control the use of cookies. Through your browser settings, users can choose to allow all cookies, receive a notification each time a cookie is stored, or reject the storage of all cookies.
How to Refuse Cookies
Users can manage cookie preferences through the settings of their web browser. Depending on their choice, they may allow all cookies, receive notifications each time a cookie is stored, or reject the storage of all cookies. Please note that if you choose to reject all cookies, some services that require login functionality may not be available or may not function properly.
Examples of Cookie Settings:
- For Internet Explorer: Tools → Internet Options → Privacy → Settings
- For Chrome: Settings → Privacy and Security → Content settings → Cookies
Measures to Ensure the Security of Personal Data
The Company implements the following technical and administrative measures to ensure the security of personal data and to prevent loss, theft, leakage, alteration, or damage during the handling of user’s personal data.
1. Technical Measures
① Encryption of User Information
All sensitive personal data is stored in an encrypted format within the
database, ensuring that even in the event of an external breach, the data
cannot be accessed or used.
② Security Solutions
To provide secure services and protect users’ personal information, we have
installed antivirus software on our personal data processing systems, and we
perform regular updates and security checks along with the database encryption
solution. In addition, to guard against external threats such as hacking, we
have implemented intrusion prevention and detection systems (IPS/IDS) and
conduct continuous monitoring through an integrated security control center.
2. Administrative Measures
① We have established and operate an internal personal data management system to ensure the secure handling of personal data.
② Access to personal data is strictly limited to authorized personnel only.
③ All employees who handle personal data receive regular training on data protection and security responsibilities. Access privileges are carefully managed to minimize unnecessary access to or exposure of user information.
Contact Information for the Chief Privacy Officer (CPO)
If you have any inquiries, concerns, complaints, or requests related to the protection of personal data while using our services, you may contact our Chief Privacy Officer (CPO) or Help Center. We will respond to your inquiry promptly and handle the matter without undue delay.
|
Name / Position |
Contact Number |
|
Hyungmin Jin / CIO |
+82-31-299-2133 |
Chief Privacy Officer (CPO)
|
Name / Position |
Contact Number |
|
Hyungmin Jin / CIO |
+82-31-299-2133 |
Changes to Privacy Policy
If there are any additions, deletions, or modifications to the contents of this Privacy Policy, the Company will notify users at least 7 days prior to the effective date through official notice. In cases where the changes may significantly affect users’ rights or obligations, notice will be provided at least 30 days in advance.
If the Policy must be urgently amended due to changes in relevant laws or internal company policies, we will promptly inform users through a notice.
This Personal (Location) Data Policy shall take effect from the date of implementation.