LANE4 - Premium Mobility Service for Better Possibilities

Privacy Policy

LANE4 Company Co., Ltd. (hereinafter referred to as "the Company") places great importance on the personal information of members (including drivers in the context of ride referrals and passengers, when the customer making the reservation is different from the passenger, the latter is also included as a "member"). The Company is committed to protecting the rights and interests of its members by adhering to the laws and regulations regarding personal information protection, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Protection of Communications Secrets Act, and the Telecommunications Business Act that service providers must comply with.

Through the privacy policy, the Company informs members how the personal information provided by them is being used and what measures are being taken to protect their personal information. The Company’s privacy policy is readily accessible to members at all times via the homepage (‘http://lane4.ai’).

Should the privacy policy be revised, the Company will notify members of the reasons for the revision and its content via website announcements (or individual notifications). Changes to the privacy policy are indicated with version numbers, allowing members to easily recognize any adjustments.

This privacy policy will come into effect from March 22, 2021.

Article 1 (Types of Personal Information Collected and Method of Collection)

1. Types of Personal Information Collected The company collects the following personal information when members first use LANE4 services for membership (or service registration), customer support, and the provision of various services:

General Personal Information: Member’s name (or nickname), email address (used as ID), and password, mobile phone number, device information (including model name, telecommunications company, OS, unique device identifier, advertising ID, etc.), profile photo (if entered by the member), video and audio collected by a black box (the company does not directly collect audio, but it may be automatically collected depending on the black box model; however, this is not used or accessed by the company), location information (subject to the agreement to the Location Information Service Usage Conditions), birth date information for card company authentication, information related to complaints/accidents, home or office address information (if entered by the member), call logs related to LANE4 service use (including start and end times of calls with drivers), invitation history, other information collected during service usage, and any voluntarily provided information by members for service use.

Sensitive Information: (Limited to LANE4 members registered with a disability) Disability registration information, in-car recordings and images of passengers including those with disabilities (images only).

Additionally, members can choose to input account information for their Facebook account or other external services they wish to connect to, based on their selection.

During service usage or business processing, the following information may be automatically generated and collected:

IP Address, visit date and time, service usage records, cookies, access logs, bad usage records, app installation information, network location information, etc.

Further, during service usage, the following information may be collected:

Credit card payments: Card company name, card number, etc.

Mobile phone payments: Mobile phone number, telecommunications company, payment authorization number, etc.

Bank transfers: Bank name, account number, etc.

Other payment methods: Account number for easy payment or prepaid methods.

LANE4 corporate (group) usage: Name, information of the affiliated company (corporation, group name), member type (corporate administrator/member), and other usage details provided above.

The company may regularly verify or confirm the validity of personal information deemed necessary for service operation, such as member’s payment cards, account numbers, etc.

Furthermore, as a service operator, the company also collects such personal information which includes affiliates and drivers (drivers’ passenger car transport business entities or driver referral agencies they are affiliated with).

2. Method of Personal Information Collection

The company collects personal information in the following ways:

Collection during execution or use of the LANE4 program

Provided by cooperation partners

Collection via information collection tools (including cookies)

Collection through voluntary provision by members during service use

Article 2 (Purpose of Collecting and Using Personal Information)

The company does not utilize a member's personal information beyond the range specified herein except with the member's consent or as prescribed by law. The company uses the collected personal information for the following purposes:

1. Provision and Operation of LANE4 Services Identifying each member within LANE4 services, fulfilling contracts related to service provision and fee settlement, renting vehicles with partners, referring drivers from partners, user and expense payments, content provision, delivery of goods or invoices, financial transaction authentication and financial services, debt collection, accident handling in case of vehicle incidents, and record inquiries to detect activities that breach the company's terms or usage policy.

2. Member Management Provision of membership services, member identification, verification of identity, preventing unauthorized and fraudulent use by members who have been restricted from using LANE4 per terms, confirming the intention to join and limiting the number of sign-ups, preserving records for dispute resolution, handling complaints, delivering notifications, verifying legal guardians where necessary, transmitting the latest information, verifying the effectiveness of services, determining access frequencies, and analyzing statistics on members' service usage.

3. (Optional) Use in Development of New Services and for Marketing/Advertising Development of new services and provision of customized services, providing services and advertisements based on statistical characteristics, providing opportunities for event participation, or providing promotional information.

4. Collection and Use for Determining Causes and Handling in Case of Incidents

Article 3 (Limited Disclosure and Provision to Third Parties of Personal Information)

The company processes a member's personal information within the scope stated in "Article 2 (Purpose of Collecting and Using Personal Information)" and does not use or publicly disclose the information externally or provide it to third parties without the member's prior consent. However, in the following cases, the company may disclose a member's personal information on a limited basis with due attention:

During LANE4 service use, names, profile photos, and possibly birthdays, email addresses, and mobile phone numbers are disclosed to connected members within LANE4 for mutual identification.

When a member invites another member, depending on the settings, the inviter's 'name, profile picture, and invitation status' may be shared with the invited member. If contact information is chosen as the invitation method, the invitation is sent via mobile message, KakaoTalk, Line, WhatsApp, Twitter, Facebook, or email, and thus the email or mobile phone number of the inviter is disclosed to the recipient.

If a member connects their Facebook account, the Facebook connection status is displayed. The data disclosed is limited to whether the member has signed up for LANE4 services.

For LANE4 group (corporate) usage, a member's name, workplace, payment method (card number, etc.), and usage details are shared with corporate service managers and others for payment or contracting purposes, service use suspension decisions, etc.

If the need arises for better service provision to disclose a member's personal information to a third party, consent is sought beforehand unless prescribed otherwise by law or regulation. This includes informing the member about who is receiving the information, their purpose for using the personal information, what personal information is provided, the duration of personal information retention and use by the recipient, and the member's right to refuse consent and potential disadvantages due to such refusal. Personal information provided to partnered services is limited to essential information for service provision, such as the member's name and profile photo. At the time of consent, the specifics of the provided personal information for each service are communicated. Details of the provided personal information may change/add during service provision, and additional consent is obtained for service use if the necessary personal information changes.

However, even if a member requests the withdrawal of provided information, the third-party recipient may retain and use the necessary information to fulfill contracts, anticipate disputes, and for internal reporting, audits, and cost settlement (billing) until the purpose is achieved. Furthermore, information may be stored in accordance with special provisions set forth in the Commercial Code and other relevant laws.

(Note: The original text is long and detailed, and the above summarizes the key points for brevity. If you require the complete translation of the text or specific sections, please let me know.)

Article 4 (Outsourcing of Personal Information Handling)

The Company outsources the collection, storage, processing, etc. of member's personal information within the necessary scope of work to improve its services. Additionally, in accordance with related laws, the Company ensures that personal information is managed securely through stipulations in the outsourcing contract.

When entering into an outsourcing contract, the Company specifies in documents, such as contracts, matters related to the prohibition of processing personal information for purposes other than the performance of outsourced tasks in accordance with the Personal Information Protection Act, technical and administrative protection measures, restrictions on re-outsourcing, management and supervision of the trustee, and liability for damages. The Company supervises the trustee to ensure the secure processing of personal information.

If the content of outsourced work or the trustee changes, the Company will promptly disclose this through this privacy policy.

The institutions entrusted with the processing of the Company's personal information and their tasks are as follows:

For processing personal information for service use from domestic and overseas companies:
- AWS: Infrastructure management for providing and analyzing services
- NHN KCP, Iamport: Financial transaction authentication and financial services, and payment and collection of compensation amounts
- SK Telling Co., Ltd.: Safe number issuance service
- Daou Technology, Aligo: SMS sending
- Credit Card Companies (KB, BC, Lotte, Samsung, Hyundai, KEBC, Shinhan, etc.): Confirmation of transaction approval, cancellation and refunds, settlement of transaction payments, and response to transaction confirmation requests
- Rental Car Mutual Aid Association, Humax Mobility: Handling accidents and insurance-related tasks

Article 5 (Right to Refuse Consent and Notice of Disadvantages When Refusing)

Members have the right to refuse consent to the collection and use of personal information. However, if a member refuses consent necessary for the conclusion and performance of contracts, there may be disadvantages such as the inability to use the service or delays in processing tasks.

Also, if a member refuses consent for the collection and use of personal information for marketing activities and promotions and/or optional collection and use, there may be disadvantages such as not receiving information on events and benefits, being ineligible for gifts or promotional items, inability to use partner services, inapplicability of discount benefits, and inability to earn points.

※ In addition to this policy, the Company may collect, use, or provide personal information to third parties as per separate consent given by members.

Article 6 (Retention and Usage Period of Personal Information)

The Company may retain and use the collected personal information as long as the member maintains their membership status.

If a member withdraws or loses their membership, the Company will delete or destroy the collected member information without a separate request from the member. However, despite the withdrawal or loss of membership, the following information will be preserved for the stated period and then deleted or destroyed for the reasons specified below:

1) Information Retention According to Internal Policy
- Records of member information for dispute resolution between members: Until the statute of limitations, etc., expires.
- Records of member information to limit rejoining of withdrawn members: 3 months
- Records of member information for limiting rejoining of restricted and fraudulent members: According to the restriction period (stored separately)

2) Information Retention According to Legal Requirements
- Records related to display/advertising: 6 months ("Act on Consumer Protection in Electronic Commerce")
- Records regarding contracts or withdrawals: 5 years ("Act on Consumer Protection in Electronic Commerce")
- Records related to payment and supply of goods: 5 years ("Act on Consumer Protection in Electronic Commerce")
- Records on consumer complaints or dispute resolution: 3 years ("Act on Consumer Protection in Electronic Commerce")
- Login records: 3 months ("Protection of Communications Secrets Act")

Article 7 (Procedures and Methods for Destruction of Personal Information and Personal Location Information)

Member's personal information and personal location information are, in principle, destroyed without delay once the purpose of collection and use of personal information and personal location information has been achieved. The Company’s procedures and methods for destroying personal information and personal location information are as follows:

1. Destruction Procedure
The information entered by the user for membership registration, etc., is transferred to a separate DB after its purpose is achieved and is stored for a certain period according to internal policies and other related legal reasons (refer to retention and use period) before destruction. This personal information and personal location information will not be used for purposes other than those provided by law.

2. Destruction Method
Personal information and personal location information printed on paper are destroyed either by shredding or incineration, and those stored in electronic file formats are deleted using technical methods that prevent the records from being regenerated.

(Note: The provided translation is summarized to include key points. Should you require the full text or specific sections to be translated in detail, please specify which parts.)

Article 8 (Rights and Obligations of Members and Their Legal Representatives and How to Exercise Them)

Members can view or modify their registered personal information at any time and can withdraw consent to the processing of personal information by the Company, refuse consent, or request withdrawal from membership (member cancellation). However, if members alter information required for service operations such as name, profile picture, or history of unpaid dues, service usage may be restricted until the Company's approval.

Members can directly view, correct, or withdraw their own information by clicking "Change Personal Information" (or "Edit Member Information," etc.) after undergoing identity verification procedures. Alternatively, you can contact the personal information management officer in writing or by email for immediate action.

If a member requests correction of errors in their personal information, the Company will not use nor provide this information to third parties until the correction is complete. If incorrect personal information has already been provided to a third party, the Company will notify the third party promptly to ensure that correction takes place.

The Company handles personal information requested to be deleted or withdrawn by members following "Article 6 on Retention and Usage Period of Personal Information" and ensures it cannot be accessed or used for other purposes.

Only those who are 19 years and older may register for the service, and the Company does not, in principle, collect personal information of children under the age of 14 who need the consent of their legal representatives for the collection and use of personal information.

Article 9 (Installation/Operation of Automatic Personal Information Collection Devices and Rejection Thereof)

[Cookies]

1. What are cookies?

The Company uses 'cookies' to store and retrieve member information intermittently to provide personalized and customized services. A cookie is a very small text file sent by the server operating the website to your browser and is stored on your computer's hard disk. Cookies help maintain member settings and provide personalized services when you visit the website again.

Cookies do not automatically or actively collect personal identification information, and members can refuse or delete cookies at any time.

2. Purpose of Cookie Usage by the Company

Cookies are used to help members access and conveniently use the website as set and to provide optimized advertising and tailored information based on the website visit history and usage patterns. They are also used for target marketing and personalized service provisioning by analyzing access frequency or time, identifying member preferences and interests, tracking patterns, and determining participation in events and visit frequency.

3. Installation/Operation of Cookies and Rejection

Members have the option to install cookies. Members can allow all cookies, check each time a cookie is stored, or refuse all cookie storage through their web browsers.

For example, in Internet Explorer: web browser tools > internet options > privacy.

However, if you refuse cookie storage, there may be difficulties in receiving technical support and service provision, for which the Company is not responsible.

[Online Personalized Advertising Services]

1. Collection of advertising identifiers when using mobile apps

The Company may collect your ADID/IDFA. ADID/IDFA are advertising identifier values for mobile app users, which may be collected for providing personalized services or to provide a better advertising environment for measurement purposes.

How to refuse

For example, on Android: Settings → Google (Google Settings) → Ads → Opt-out of ads personalization On iOS: Settings → Privacy → Advertising → Limit Ad Tracking

2. Online personalized advertising services

The Company allows online personalized advertising service providers to collect advertising identifiers and behavioral information. Advertisers who collect and process behavioral information include Google, Facebook, etc. This information is automatically collected and transmitted when the user runs our app.

Article 10 (Technical/Administrative Protection Measures for Personal and Personal Location Information)

The Company devises technological and managerial measures to ensure the security of members' personal information, preventing loss, theft, leakage, alteration, or damage. These measures include:

1. Encryption of Personal Information
The Company securely stores and manages personal information by encrypting it following legal regulations or internal policies.

2. Measures Against Hacking and Other Threats
The Company does its best to prevent the leakage or damage of members' personal information caused by hacking or computer viruses. It backs up data daily to prevent distortion of personal information, uses up-to-date security patches and firewalls to prevent leakage or damage, and uses encryption communications to transmit personal information securely over the network. Access from unauthorized external sources is controlled, and every technological device possible to ensure systemic security is being equipped.

3. Minimizing Handling Staff and Training
The Company restricts the staff handling personal information to designated individuals, assigns a separate password for them, and regularly renews it. Regular training emphasizes compliance with the LANE4 personal information processing policy.

4. Operating a Dedicated Organ for Personal Information Protection
The internal personal information protection organization checks the implementation and compliance of the LANE4 personal information processing policy. Any problems found are corrected immediately.

Meanwhile, the Company applies and operates the following protection measures for personal location information:

a) Managerial Measures
- Designating and operating a location information manager.
- Assigning and restricting access rights for each stage of collection, use, provision, and destruction of location information.
- Establishing handling and management procedures and guidelines that define the duties and responsibilities of those handling location information.
- Operating and managing a ledger that records the facts about the provision of location information.
- Regularly conducting internal inspections for location information protection measures.

b) Technical Measures
- Implementing identification and authorization to confirm access rights to location information and location information systems.
- Installing firewalls and other measures to block unauthorized access to location information systems.
- Operating electronic automated devices to record and preserve access to location information systems.
- Applying encryption technology or equivalent measures to securely store and transfer location information.
- Other necessary technical measures for the protection of location information.

c) Obligation to Automatically Record and Preserve Location Information Collection, Use, and Provision
- Arranging for the automatic recording and storage of location information collection time, collection method, collection purpose (request content), provision time and content, purpose of use, etc., in the location information system.
- Taking technical measures to ensure that automatically recorded and preserved materials are not leaked, altered, or damaged.

However, the Company is not responsible for any issues that arise due to the member's negligence or problems on the internet, such as the leakage of ID, password, and other personal information.

Article 11 (Protection of Non-Member Personal Information)

1. Even when using LANE4 as a non-member, only necessary personal information is requested for reservation, payment, boarding history inquiry, and boarding confirmation. Such information is solely used for the purpose related to fare payment, vehicle call, and boarding, and never for any other purposes.

2. Purpose and Items of Personal Information Collection/Use for Non-Members Name, mobile phone number, service usage information (service usage records created during customer service usage, billing and payment records, access logs, cookies, access IP information): Confirmation of boarding address and contact details for LANE4 service use (reservation/dispatch/cancellation), handling complaints, confirmation of intent, and notification of new information and notices. Account/card information: Provision of payment services, etc. IP address, visit date and time: Prevention of illegal use. Name, address, mobile phone number, access IP, and payment records: Prevention of fraudulent transactions.

3. When using the service as a non-member, the personal information processing policy applies equally to non-members, except for items that apply only to members (such as items regarding retention and usage periods).

Article 12 (Personal Information Manager, Location Information Manager, and Contact Details)

You may report any personal information protection-related complaints arising from using the Company's services to the Personal Information Manager or the designated department.

The Company designates and operates a Location Information Manager in a position capable of taking actual responsibility to establish and implement technical and managerial measures for the protection of personal location information and smoothly handle complaints of persons concerned about personal location information. The names and contact details are as follows:

The Company will respond promptly and adequately to the reports from its members.

1. Personal Information Manager
- Name: Choi Wonsam
- Affiliation: LANE4Company
- Phone: 02-6253-2000
- Position: CTO
- Email: support@lane4.ai

2. Location Information Manager - Name: Kwon Osang - Affiliation: LANE4Company - Phone: 02-6253-2000 - Position: CEO - Email: support@lane4.ai If you need to report personal information violations or require consultation, please contact the institutions below: - Personal Information Violation Report Center (http://www.118.or.kr / 118 without area code) - Cyber Crime Investigation Team of the Supreme Prosecutors' Office (http://www.spo.go.kr / 02-3480-200) - Cyber Terror Response Center, Korean National Police Agency (http://cyberbureau.police.go.kr / 182 without area code)

Article 13 (Processing of Personal Location Information)

The Company processes and retains personal location information as follows:

1. Current Status of Personal Location Information Processing and Retention
a) Processing items (mobile location information (GPS, Wifi, telecom base station information) of vehicle call service users, drivers) movement paths, service usage logs.
b) Purpose of processing (call and dispatch, fare calculation and processing, providing LANE4 services, offering various promotions and coupons, service usage analysis and service improvements, announcements and communication, complaint resolution)
c) Retention period (as mentioned above for various reasons)

The Company destroys personal location information that is not required to provide the service immediately after achieving the purpose for which personal location information was collected, used, or provided, according to the Location Information Act, Article 23.

2. The Company may provide personal location information to third parties with the consent of the information subject as needed:
a) User information provided by vehicle call service (boarding and alighting location of the vehicle).
b) Driver information provided (location of the vehicle).

The Company immediately notifies the information subject through their communication device every time personal location information is provided to the designated third party.

However, in the following cases, notification will be made to a predetermined communication device or email address specified by the user:
- If the communication device used to collect personal location information does not have text, voice, or video reception functionality.
- If the user has previously requested to be notified by online posting or other methods.

Legal guardians of minors under the age of eight have the right to consent to the Company using or providing the minor's personal location information for the protection of the minor's life or body.
- Legal guardian of a minor
- Persons with mental disabilities as defined in Article 2(2)(2) of the Disability Welfare Act who are severe disabilities as prescribed in Article 2(2) of the Act on Employment Promotion and Vocational Rehabilitation for Disabled Persons (limited to those registered as disabled according to Article 32 of the Disability Welfare Act).

The consent of the legal guardian is obtained by filling out a written consent form with the following details and submitting it to the company along with a written/electronic document proving the person is the child's guardian (including the guardian's signature or electronic signature):

[Details to be filled out in the written consent form]
- Name, address, and birthdate of the child under the age of eight.
- Name, address, and contact details of the legal guardian.
- The purpose of the collection, use, or provision of personal location information is restricted to the protection of the life or body of a minor under eight years of age.
- Date of consent.

The Company records and preserves the facts of the collection, use, and provision of location information based on Article 16(2) of the Location Information Act and keeps them for six months from the recording date.

Article 14 (Others)

Please note that the "LANE4 Privacy Policy" does not apply to websites linked within the LANE4 services that collect personal information.

Article 15 (Duty to Notify)

In case of any addition, deletion or amendment to the current privacy policy, the changes will be notified at least 7 days prior on the company website and 'Announcements' within the service or by other easy methods. For significant changes affecting member rights, such as personal information collection, utilization, and provision to third parties, the notice will be given at least 30 days in advance.

Revision Date: September 1, 2022

Previous versions of the privacy policy can be checked on the website (https://lane4.ai/terms).