NShiftKey Privacy Policy
The NShiftKey Privacy Policy prescribes the principles of personal information processing and protection of “NShiftKey,” provided by NAVER Corporation (hereinafter referred to as “Company”). The Company complies with personal information protection regulations of related laws, such as the Personal Information Protection Act, and strives to protect the rights and interests of data subjects.
1. Purpose and Particulars of Personal Information Collection and Use
If you install NShiftKey on your Github repository, the repository owner’s Github account ID, Organization name, and Repository name will be collected.
In case the vulnerability analysis of a source code is performed using NShiftKey, the analysis results will be collected. The analyzed source code will be temporarily stored on the Company’s server only during the time of analysis, and immediately destroyed once the analysis is completed.
The collected information will be used for the development, provision, and improvement of the NShiftKey service, prevention of acts that disrupt the operation of NShiftKey, processing of civil complaints related to the NShiftKey service, and for archiving purposes for dispute mediation.
2. Outsourcing of Personal Information Processing and Provision to a Third Party
Personal information will only be used within the notified scope and shall not be disclosed to the third party without your prior consent.
NAVER entrusts part of its work necessary to provide NShiftKey service to outside companies, and specifies and manages/supervises the matters necessary for the contractors to safely process personal information in accordance with related laws.
- NAVER Cloud Corp.: Infrastructure operation, data storage
- NIT Service Corp.: Infrastructure operation
NAVER Cloud Corp., the entrusted company, stores personal information outside of Korea in the following way.
NAVER safely stores data within and outside Korea to continue providing the company’s services even in the event of natural disasters and catastrophes. ‘NAVER Cloud Corp.’ is an affiliate of NAVER, subject to the same data protection policy as NAVER. Furthermore, the company performs data management tasks under NAVER’s strict control.
Entrusted Company | NAVER Cloud Corp. |
Storage Location | Singapore(#24-01, Vision Exchange, 2 Venture Drive, Singapore 608526) |
Date of Entrustment & methods | May 30, 2023 Remote transmission using dedicated private networks |
Chief Privacy Officer Contact Information | dl_ncloud_privacy@navercorp.com |
Personal Information List for Entrustment | Only a minimal amount of user data required for recovery |
Entrusted Operations | Data backup (store) between countries for safe user data protection from disasters and accidents |
Personal Information Retention & Usage Period | Corresponds to the storage period described in this privacy policy |
3. Retention Period, Procedure and Method of Destruction of Personal Information
The collected personal information shall be destroyed without delay once the retention period expires or the purpose of its use has been achieved. Provided, however, that if any information must be stored as required by relevant laws, it shall be stored for the period required by those laws before destruction.
4. Rights of the Data Subject and Legal Representative and Exercising such Rights
The data subject and legal representative shall request to access, modify, delete the personal information of themselves or children below the age of 14 at any time.
If you wish to delete collected information, contact the ‘Chief Privacy Officer’ by email or phone and the information shall be deleted without delay.
5. Matters related to the Installation·Operation and Refusal of an Automatic Collection Tool for Personal Information
The Company does not install·operate an automatic collection tool for personal information.
6. Actions Taken to Protect Personal Information
NAVER has established and implemented an internal privacy management plan.
Actions are undertaken to control access to and restrict the right to access personal information.
Personal information is being encrypted for safe storage and transmission.
Actions are taken to store personal information access records and prevent any forgery and tampering.
NAVER installs and renews security programs for personal information.
NAVER enforces physical actions to keep personal information safe.
NAVER operates a separate organization that only deals with the protection of personal information.
7. Chief Privacy Officer
Name: Jinkyu Lee
Affiliation: Data Protection&Privacy
Position: CPO / DPO
Phone: 1588-3820
Email: Send an inquiry (https://help.naver.com/inquiry/input.help?serviceNo=1&categoryNo=15744&lang=ko)
Release date: May 30, 2023
Effective date: May 30, 2023