k.ride Privacy (Location Information) Policy for Users

Kakao Mobility Corporation (the “Company”) collects, uses, and provides personal information based on users’ consent and actively guarantees users’ rights (the right to the self-control of personal information).
Kakao complies with applicable laws and personal information protection regulations of the Republic of Korea, which information communication service providers must obey.
Privacy (Location Information) Policy refers to guidelines on protecting users’ valuable personal information that the Company must follow operating the service so that users can use the service with confidence.

---

Collection and Usage of Personal Information

All users can access the services provided by the Company and enjoy further various services by signing up for them.
The Company will send prior notice and ask for a user’s consent when collecting his/her personal information.

How do we collect personal information?

• The user agrees to the collection of personal information and enters relevant information when signing up for a service or while using the Services.
• Personal information is provided through affiliated services or groups.
• Personal information is provided via home page, email, fax, phone, etc., during customer service calls.
• The user participates in online and/or offline events.
• We collect the minimum personal information to provide the service.
  • Required Information: Information required to perform the essential functions of the Services (including essential information pursuant to relevant conditions).
  • Optional Information: Information collected to provide additional functions other than the service’s primary functions (Users can use the service, still without agreeing to provide information.)
• We will not collect sensitive information without a user’s consent.
  • What is sensitive information? : Information that may violate a user's privacy (race, ideology and creed, political or criminal records, medical information, etc.)

What will we use personal information for?

We will only use a user’s personal information for the following purposes. If the purpose is changed, we will ask for his/her prior consent.

• Identify the members, check their subscription intent, verify identity/age, and provide benefits according to the Terms and Conditions.
• Resolve inquiries, settle complaints/disputes, or deliver notifications
• Service usage history, access frequency, statistics on service use
• Develop new services, improve the services, and/or provide personalized/customized services and advertisements
• Prevent and sanction activities interfering with the smooth operation of the service, including fraud; prevent account theft and fraudulent transactions
• Improve service quality by managing the history of service subscription/withdrawal and/or monitoring customer grade management
• Purchase of paid services and payment settlement

How do we collect personal information?

The following personal information is collected when a user signs up.

Services	Item	Purpose
k.ride	*When signing up via email (Required) Name, mobile phone number, nationality, email, location information (departure/arrival), and message history with drivers. *When signing up via SNS easy login (Required) Name, mobile phone number, nationality, easy login account (Google or Apple account), location information (departure/arrival), and message history with drivers.	- Verification of member identity and registration intent, confirmation of personal identity and age, deterrence of unauthorized usage, and entitlement to benefits as per the terms of service. - Addressing inquiries, grievances, or disputes and delivering notices. - Service usage records, access frequency, and statistics related to service use. - Prevention and sanction of actions that disrupt the smooth operation of the service (including account hijacking and fraudulent use). - Development of new services, improvement of existing services, personalized/customized services, and advertising. - Providing a service that connects members with transportation providers via the Splyt intermediary platform. - Offering features for user protection. - Processing payment, settlement and refund for paid services.
	(Required) mobile phone number or email	- Check customer inquiries, requests, and complaints and reply to the results of processing.
	(Optional) Name, mobile phone number, email, Easy Login account, k.ride service usage history.	- Utilization in events and marketing related to k.ride services. - Tailored advertising based on demographic characteristics and inferred interests and preferences of users.

In principle, the Company shall not collect personal and location information of children under 14 whose legal representative’s consent is required.

The location information refers to GPS, Wi-Fi, mobile station information, and trip route.

When users use the Services, information may be generated or collected automatically to ensure service reliability, provide secure services, and prohibit any violations of relevant laws and Terms of Service.

• History of service usage, access logs, transaction history, IP information, cookies, rogue and fraudulent usage records, mobile device information (model name, carrier information, OS information, screen size, language and country information, advertising ID, and device identification, etc.)
• illegal/fraudulent access to the Services and service applications and related records thereof, records of access attempts to service applications, information required to verify the safe operating environment for the Services and service applications

---

Entrustment and provision of Personal Information

The following tasks are entrusted to provide the service we promised to our users.

We entrust personal information to third parties to carry out some of the necessary tasks required for providing various services to our users.

Entrustment of handling personal information (View Details)

The information is composed based on the time the user confirms it, and the entrusted company is managed and supervised to ensure that it does not violate any laws related to personal information protection.

We provide personal information to a third party only when the user gives his/her consent thereto under relevant laws and regulations.

In principle, the Company shall not provide a user’s personal information to third parties. The Company must notify the user in advance and ask for his/her consent if it is required to provide personal information to third parties.

However, a case falling under any of the following sub-paragraphs shall be deemed an exception.

1. WHERE it is required for billing charges accrued for the service;
2. WHERE investigative authorities request as stipulated in relevant laws and regulations or pursuant to due process and method for the purpose of investigation; and
3. WHERE it aims to execute the contract for providing information and communication services and enhancing users’ convenience in case of overseas transfer (provision, inquiry, processing, consignment, storage).

Provision of personal information to third parties (View Details)

Overseas transfer of personal information (View Details)

Users are notified when their personal location information is provided to a third party designated by themselves.

If the Company provides personal location information to a third party designated by the User, each time, it shall immediately notify him/her of the recipient, date, and purpose thereof via the telecommunications device where such information is collected.

However, such notification shall be sent via telecommunications device or email address specified by the User if a case falls under any of the following sub-paragraphs;

1. WHERE the telecommunications device that collected personal location information has no function to receive text, audio, or video;
2. WHERE the User requests in advance to be notified by means of online publishing, etc.

---

Destruction of Personal Information

How and when do we destroy the collected personal information?

In principle, the user's personal information shall be immediately destroyed once the purpose of collecting and using it is fulfilled. The procedure and method thereof are as follows:

• Personal information stored in electronic file formats is to be deleted by technical means that make the information unrecoverable. Personal information printed on paper records, printed matters, and documents is to be destroyed through shredding or incineration.
• The Company may retain the minimum amount of information required to identify the user for up to thirty(30) days after his/her request to withdraw from the membership to minimize the damage caused by fraud and identity theft according to the service policy; provided, however, that records of fraudulent use may be kept for one(1) year to ensure user safety and prevent service fraud and disputes.
• The Company shall automatically record and store any data confirming the collection, utilization, and provision of location information to charge service fees to and handle civil complaints from other service providers or the User. Such data shall be retained for six (6) months.

However, if the law imposes a duty to keep information for a certain period, the personal information is safely stored for such a period.

Type	Period of Retention	Rationale for Retention
Service Login History	For three (3) months	Protection of Communications Secrets Act
Records of consumer’s complaint and the settlement of dispute	For three (3) years	Act on the Consumer Protection in Electronic Commerce, Etc.
Records of contract or withdrawal of subscription/ Records of payment and supplying goods	For five (5) years
Records of marks and advertisement	For six (6) months
Account books and evidential documents for all transactions prescribed in Tax Acts	For five (5) years	Framework Act on National Taxes
Records of electronic financial transactions	For five (5) years	Electronic Financial Transactions Act
Data on financial transactions subject to confirmation and reporting of real name; or customer confirmation data	For five (5) years	Specified Financial Information laws

---

Others

We protect our users’ rights as follows:

Users and their legal representatives may request at any time to view, correct, withdraw or delete their consent, or suspend the processing of the information collected. However, withdrawal or deletion of consent may limit the use of some or all of the Services.

• Request to access or provide personal information
  • Users can request access to and provision of their personal information processed by Kakao Mobility.
  • Membership information can be checked in Mobile App > Menu > My Info.
  • If users want to read the personal information that cannot be accessed through the Services, they should contact Customer Service, and the Company will take action within ten(10) days unless there is any particular reason. However, if any reason to delay or reject the reading arises, the Company will promptly notify its users of the circumstances.
• Request to correct or delete personal information
  • Users can request correction and deletion of their personal information processed by Kakao Mobility.
  • Membership information can be checked in Mobile App > Menu > My Info or possibly be processed via Customer Service. To this end, users may need to verify their identity.
• Withdrawal and deletion of personal information consent and suspension of processing thereof
  • Users can request to withdraw their consent for the information collected and used, delete such information, or suspend the processing thereof. However, upon such request, access to some or all of the Services may be restricted, but it may be difficult to withdraw consent, delete or suspend the processing of the information collected under other laws.
  • When users request correction of errors in their personal information, the Company will not use or provide such information until the correction is completed. If the Company has already provided personal information containing errors to third parties, it will notify the party that received the correction so that it can take action.

We protect the rights of legal guardians of children 8 years or younger.

• When the individual (referred to as the “legal guardian”), who is defined in Article 26.2 of the “Act On The Protection and Use Of Location Information” as the legal guardian of any of the following persons (referred to as "children eight (8) years or younger"), gives consent to collection, use and/or provision of the personal location information regarding the child eight years or younger, for the protection of the latter's health or safety, the Company deems that the child has personally given consent as such.

  1. A child eight (8) years or younger
  2. An individual under adult guardianship
  3. An individual with a mental disorder defined in Article 2.2.2 of the “Act on Welfare of Persons with Disabilities”, classified as an individual with a severe disability in Subparagraph 2 of Article 2 of the “Act on the Employment Promotion and Vocation Rehabilitation of Persons with Disabilities” (limited to those registered as disabled under Article 32 of the “Act on Welfare of Persons with Disabilities”).

• Legal guardians who want to consent to the collection, use and/or provision of personal location information for the protection of the health and safety of the child eight (8) years or younger must submit a written consent form, as well as a document that proves their guardianship status, to the Company.

• The legal guardian can exercise all rights granted to the subject of the personal location information if they consent to the collection, use and/or provision of personal location information of a child eight (8) years or younger.

We attempt to install and operate cookies, and users may refuse them.

What are cookies?

A cookie is a small text file usually sent from the server used for operating a website and stored in a user's computer.

Why do we use cookies?

We use cookies that store and retrieve a user’s information from time to time to provide him/her with personalized and customized services. When the user visits a website, the website server will read the contents of the cookies stored on the user’s device to maintain the set configuration and provide him/her with personalized services. Cookies help the user access the website as configured and use it conveniently when he/she visits it. Cookies are also used to analyze the user’s website visit history and use patterns and provide him/her with personalized information such as optimized advertisements.

What can users do to stop cookies from being collected?

Cookies do not automatically or actively collect information that is essential to identify an individual, and users have their choice to install cookies. Therefore, users can allow all cookies, confirm their installation every time, or refuse all cookies to be installed by setting the relevant options in a web browser.
However, if users decline to install cookies, they may not be comfortable using the web and may have difficulty using some services that require them to log in.

Examples of Settings

• For Internet Explorer: Select "Tool" at the top of the browser > "Internet Options" > "Personal Data” > Settings
• For Chrome: Select the "Settings" menu at the top right side of the browser. > "Show advanced settings" > In the "Privacy" section, click "Content settings". > Cookies

We exert the following efforts to protect our users’ valuable personal information.

The Company values its users’ personal information as the highest value and makes the following efforts in handling it. Also, the Company protects the location information of the users to the same level as personal information.

• The Company encrypts the users’ personal information.
• It transmits it using the encrypted communication section and encrypts and stores sensitive information such as passwords.
• The Company works hard to protect its users from hacking and computer viruses.
  • The Company has been installing the relevant system in an area where access is controlled from outside to prevent leakage or damage of the users' personal information by hacking or computer viruses.
  • The Company has the necessary system installed to detect and stop hackers and monitors them around the clock while installing anti-virus programs to ensure that the system is free of the latest malware and viruses.
  • In addition, new hacking/security technologies are continually being studied and applied to the Services.
• The Company minimizes the number of people who have access to valuable personal information.
  • The Company also minimizes the number of employees who handle personal information.
  • In addition, the Company has established systematic criteria for the creation, change, and access of passwords to database systems that store and process personal information and has conducted inspections regularly.
• The Company provides regular training to its employees on protecting users' personal information.
• The Company also provides all employees who handle personal information with regular training on their obligations to protect personal information and ensure security.

We have a dedicated organization for personal information protection.

Users can contact Privacy Officer (Location Information Manager) and Customer Service to inquire about any issues on personal information protection, complaint handling, and remedy-seeking that arise from using the Company's services (or businesses). Kakao Mobility will respond to and process such inquiries without delay.

• Personal Information Protection Officer and Location Information Manager
  • Name/Title: Choi Jin wook / CPO
  • Contact: Chat with KakaoT Customer Service (click) / 1599-9400
• Personal Information Handling Department
  • Department: Customer Service
  • Contact: Chat with KakaoT Customer Service (click) / 1599-9400

Please make inquiries to the following organizations if you need to report or consult regarding the violation of personal information.

• Privacy Infringement Report Center: (No prefix) 118 / http://privacy.kisa.or.kr
• Supreme Prosecutor's Office: (Toll-Free)1301 / http://www.spo.go.kr
• National Police Agency Cyber Investigation Bureau: (No prefix) 182 / https://ecrm.cyber.go.kr

Additional Policies

The Company shall notify users of any additions, deletions, or amendments to the above contents through a notice seven (7) days prior to implementing such changes. However, we will tell users at least thirty (30) days before any essential changes to their fundamental rights or obligations. In addition, if there is an unavoidable need to change the policy due to related laws or company policies, please refer to the notice sent to a user's contact as soon as possible.

Privacy (Location Information) Policy shall be applied from the effective date.

---

Notice Date of Privacy (Location Information) Policy: 2024. 5. 9.

Effective Date of Privacy (Location Information) Policy: 2024. 5. 16.

View the previous version of the Privacy (Location Information) Policy