Introduction

This Privacy Policy describes how Dotio, Inc. (hereinafter referred to as the “Company”) collects, uses, and protects the personal information of users in connection with the use of its BINDER cloud-based SaaS service (hereinafter referred to as the “Service”).

The Company complies with the Personal Information Protection Act of the Republic of Korea and other relevant laws, and establishes this Privacy Policy to protect usersʼ personal information and rights and to handle complaints promptly and appropriately.

This Policy also adheres to key principles of the EU General Data Protection Regulation(GDPR) and other applicable international data protection standards.

1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes. The personal information being processed shall not be used for any purposes other than those stated herein, and if the purpose of use is changed, the Company will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

1. Service Sign-up and User Management
   • To confirm the intention to sign up for the Service; to identify and authenticate the users for the provision of Services; to maintain and manage user qualifications;
   • To enforce restrictions on users violating laws or Terms of Service; to prevent and sanction acts that interfere with the smooth operation of the Service, including fraudulent or unauthorized use.
   • To retain records for dispute resolution; to provide various notices and notifications; to handle complaints.
2. Provision of Goods or Service
   • To process purchases and payments for paid services; to deliver goods and services or send invoices; to collect fees.
3. Service Improvement and Analysis
   • To provide and improve services; to develop new services; to analyze and generate statistics on service usage;  where necessary, to analyze usage patterns and service usage records for the purpose of enhancing service to the Customer and onboarding .
4. Response to User Request
   • To receive and handle user inquiries; to handle complaints; to contact and notify users for fact-finding; to resolve disputes.
5. Provision of Materials and Content
   • To process brochure, white papers and content download requests.
6. Application and Operation of Free Trial
   • To confirm free trial requests, issue accounts, provide user guidance; to provide information on switch and payment.

2. Items of Personal Information Processed

The Company processes personal information by categorizing the relevant items according to their respective legal bases, in accordance with the Personal Information Protection Act and other applicable laws and regulations.

1. Items of personal information processed without obtaining the data subject’s consent

The Company processes the following personal information without obtaining the data subject’s consent only where permitted by applicable laws, including where necessary for the conclusion and performance of a contract, compliance with legal obligations, or the achievement of legitimate interests.

1. Service sign-up and account/authentication (including email/password and SSO)

   • Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)

   • Items of personal information collected and used

     (email sign-up/login) email address (ID), password, and date of joining the company

     (SSO login)

     Google SSO basic identification information within the scope provided by the SSO provider and permitted by the user, such as email address, name, and profile image

     SAML SSO identification and authentication information transmitted in accordance with the customer’s SSO configuration, such as email address, name, and employee number/user ID

     SSO-linked identification information: OAuth/SAML identifiers and token/session identifiers

2. Provision and operation of Service

   • Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)

   • Items of personal information collected and used

     name, email address, company name, and authorization /role

     mandatory information generated in the course of using the Service (such as account status and history of authorization changes)

3. Payment and settlement for paid services

   • Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)

   • Items of personal information collected and used

     billing contact information (name, email address, and phone number)

4. Response to user request

   • Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)

   • Items of personal information collected and used

     name, company name, email address, and phone number