Privacy Policy

S2W Co., Ltd. (“the Company” hereinafter) establishes and adheres to the following Privacy Policy to protect and uphold the privacy and rights of users and to smoothly handle users' grievances related to personal information, in accordance with relevant laws including the Personal Information Protection Act.

1. Collection and Use of Personal Information

The Company processes personal information for the purposes specified in this Privacy Policy. The collected personal information will not be used for purposes other than those outlined here, and in the event of any changes to the usage purposes, necessary actions will be taken in accordance with Article 18 of the Personal Information Protection Act, including obtaining separate consent.

① Collected Information: The Company collects various types of information related to services, including but not limited to:

  • Information voluntarily provided to the Company through the membership registration and account issuance process to use Company services.
  • Information voluntarily provided by users to the Company through contact or information/material (e.g., Analysis report) submission via the Company's website (
  • Information collected by the Company regarding users' service usage, including cookie information.
  • Other information obtained from customers through offline events, campaigns, and other such occasions.

② Purpose of Use: The Company uses collected information for the following purposes:

  • Issuing accounts for requested services (including information request services, Audit Log and search history provision services, specialized user services), development of new services, and service improvement.
  • Providing requested information or materials to users.
  • Understanding users' service usage patterns to enhance their user experience.
  • Providing customized content and advertisements (such as sending newsletters, webinar invitations, event notifications, product, and order-related emails).
  • Handling user inquiries via email, phone, and other means.
  • Other matters for which users have provided separate consent.

2. Information to be collected and method of collection

① Personal information items to be collected

Quaxar / S2-XARVIS Service (Account Creation and Service Usage)

  • Mandatory: ID, Password, Email
  • Optional: Name, Affiliation (workplace, title, department), Contact information (phone number, mobile number), Service usage information (requests, access IP, usage history, usage time, search terms, search time), Company security-related information (domain information, internal security solution/equipment status, Internal public IP usage status), areas of interest.

Company Website Usage (Inquiries and Resource Access)

  • Mandatory: Name, Affiliation (Company, Job Title, Department), Contact Information (Email, Phone Number), Inquiry Details
  • Optional: Country, Region

Participation in Company Events

  • Optional: Name, Affiliation (Company, Job Title, Department), Contact Information (Email, Phone Number, Mobile Number)

② Method of collection

  • Provided directly by users during the registration process or service usage.
  • Collection through web pages, emails, and phone calls during communication for customer support
  • Voluntary provision by customers during Company's offline events or other activities
  • Automatically generated and collected during the process of using PC web or mobile web/applications.

During the service usage process, access logs, the source of user website visits, time spent on the website or specific pages, clicked links, search keywords (with search time), access IP information, cookies, and more may be generated and collected.

* Sensitive personal information that may pose a risk to users' fundamental rights (such as resident registration numbers, race and ethnicity, beliefs and ideologies, political tendencies, criminal records, etc.) will not be collected.

3. Processing and Retention Period of Personal Information 

The Company retains users' personal information until the consent-based retention period agreed upon during the collection of personal information or until the purpose of processing the personal information is achieved. However, in cases where the Company is required to retain personal information under applicable laws, the Company will store users' personal information for a certain period as prescribed by relevant laws.

4. Destruction of Personal Information

① The Company promptly destroys unnecessary personal information when the retention period for personal information has expired or when the purpose of processing personal information has been achieved.

② In cases where the retention period for personal information, as consented to by users, has expired or the purpose of processing has been achieved but the Company is required to continue retaining personal information under other laws, the Company transfers the relevant personal information to a separate database (DB) or stores it in a different location for retention.

③ The procedure and method for the destruction of personal information are as follows:

  • Destruction Procedure: The Company selects and obtains approval from the Company's Privacy Officer for personal information that has met the criteria for destruction and proceeds with its destruction.
  • Destruction Method: Personal information recorded or stored in electronic files is irreversibly destroyed to prevent regeneration, and personal information recorded or stored on paper documents is shredded or incinerated for destruction.

5. Provision of Personal Information to Third Parties

The Company generally does not provide or disclose users' personal information to third parties unrelated to the service. However, the following exceptions apply:

  • When required by investigative agencies for investigative purposes in accordance with the procedures and methods prescribed by relevant laws.
  • When the Company is legally obligated to submit personal information in accordance with relevant laws.

6. Maintenance Outsourcing

The Company outsources certain necessary tasks for service provision to external companies as follows:

Company name Tasks Retention and Usage Period of Personal
Amazon Web Services Korea LLC Website hosting, web services, data storage, and infrastructure management Upon withdrawal of membership or termination of outsourcing contract
LOTTE Data Communication Company
Facility management for the system's service provision Upon termination of outsourcing contract
S-1 (에스원) Office access security and system alarm management Upon termination of outsourcing contract

7. Rights of Users and Legal Representatives and How to Exercise Such Rights

① Users can request to access, modify, delete, suspend processing, or revoke consent for collection, usage, and provision of their registered personal information at any time. If users contact the Company's Personal Information Management Department in writing, by phone, or via email, appropriate actions will be taken promptly.

② If a user requests the correction of personal information errors, the Company will not use or provide such personal information until the correction is completed.

③ For users under the age of 14, their legal representatives have the right to access, modify, delete, suspend processing, and withdraw consent for collection, usage, and provision of personal information of child users. In this case, please contact us including the child user's authorization letter through the provided contact information.

④ The Company will handle the suspension of processing, deletion, and withdrawal of consent for personal information in accordance with Article 4 of this Privacy Policy, as requested by the user or their legal representatives, and will not access or use such information for any other purpose.

8. Installation, Operation, and Refusal of Automatic Collection for Personal Information

The Company operates 'cookie' and similar technologies that store and retrieve user information. Cookies are small text files sent by the server operating the Company's website to your browser, which are then stored on your computer's hard drive. The Company, along with third-party vendors such as Google, uses its own cookies (e.g., Google Analytics cookies) to collect data related to user interactions with the Company's website and other advertising service functions associated with advertisement exposure and interactions. Cookies are also used for ad tracking and site traffic management.

  • Purpose of Cookie Usage: Cookies are used to understand users' website visits and usage patterns to provide optimized information to users.
  • Installation, Operation, and Refusal of Cookies: Users can adjust their web browser settings to allow all cookies, request confirmation each time a cookie is saved, or reject all cookies. However, please note that rejecting cookie storage may result in limitations on using certain services.

※ Method to Refuse Cookie Settings (e.g., for Internet Explorer): Go to Tools at the top of the web browser > Internet Options > Privacy tab > Adjust the privacy settings under Privacy handling level.

9. Measures to secure the safety of personal information

The Company takes the following measures to secure the safety of personal information:

  • Administrative Measures: Implementation of internal management plans, regular employee training, etc.
  • Technical Measures: Access rights management for personal information processing systems, installation of access control systems, encryption of passwords and unique identification information, encryption communication, storage and prevention measures against forgery and alteration of access logs, installation of security programs, etc.
  • Physical Measures: Access control to computer rooms, data storage rooms, etc.

10. Department and Personnel in Charge of Personal Information Protection

The Company designates privacy officer who is responsible for overseeing personal information-related tasks and handling user complaints, damage relief, and related matters concerning the processing of personal information. For all inquiries, complaints, and matters related to personal information protection arising from the use of Company services, users can contact the privacy officer and the designated department.

Personal Information Protection Division

  • Name: Yesung Chae
  • Department: Information Protection Center
  • Contact: (Tel) 070-5066-5277, (Email) [email protected]
  • Name: Daul Kim
  • Department: Information Protection Center
  • Contact: (Tel) 070-5066-5277, (Email) [email protected]

Personal Information Protection Manager

  • Name: Hyunmin Seo
  • Department: Information Protection Center
  • Contact: (Tel) 070-5066-5277, (Email) [email protected]

11. Remedies for Rights Violation

Users can apply for dispute resolution, counseling, and other actions related to personal information violations through organizations such as the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency (KISA) Personal Information Infringement Report Center. For reporting and consulting on other personal information violations, please contact the following organizations:

12. Changes to Privacy Policy

If the content of this Privacy Policy is changed, the Company will disclose the changes on its website (

This Privacy Notice shall take effect from August 22nd, 2023