Privacy Policy

General Provisions

CoworkCity Inc. (hereinafter the "Company") complies with the Personal Information Protection Act and other personal information protection-related laws and regulations, and does its best to protect the personal information and rights of users (hereinafter the "data subject"). This Privacy Policy applies to the CoworkCity service (hereinafter the "Service") provided by the Company, and informs you of the purposes and methods for which the personal information provided by members is used, and what measures are taken to protect personal information.

Article 1 (Definitions)

The definitions of terms used in this Policy are as follows.

  1. "Customer" or "Lessee": refers to a member who agrees to these terms and uses the Company's Service to enter into a non-resident office lease agreement.
  2. "CoworkFamily" or "Lessor": refers to a member who, through a partnership agreement with the Company, registers the space they operate on the Service and provides lease agreements to "Customers".
  3. "CoworkPartners": refers to a business member who carries out marketing and promotional activities for the Service through an affiliate program agreement with the Company.
  4. "Member": collectively refers to all types of users falling under items 1 through 3.

Article 2 (Purposes of Processing Personal Information)

The Company processes personal information for the following purposes. The personal information being processed shall not be used for purposes other than the following, and if the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent in accordance with relevant laws.

  1. Website membership registration and management: confirming intent to register, identifying and authenticating members according to member type, maintaining and managing membership status, preventing fraudulent use of the Service, various notices and notifications, handling grievances, etc.
  2. Service provision and contract performance:
    • (Customer) Conclusion and performance of non-resident office lease agreements; receiving, storing, and providing notifications regarding mail and parcels on behalf of the data subject upon request; opening, scanning, and converting mail into digital files and uploading them within the platform based on the data subject's explicit consent
    • (CoworkFamily) Conclusion and performance of partnership agreements, registration and management of service spaces
    • (CoworkPartners) Conclusion and performance of affiliate program agreements, support for marketing activities
  3. Payment and settlement: payment of service fees, settlement of contract payments, payment of commissions, etc.
  4. Handling of civil complaints: verifying the identity of complainants, confirming the details of complaints, contacting and notifying for fact-finding, and notifying the results of processing
  5. Use for marketing and advertising (with separate consent): development of new services and provision of customized services, provision of event information, etc.
  6. Compliance with legal obligations: fulfillment of obligations stipulated by law, such as issuing tax invoices

Article 3 (Items of Personal Information Processed and Methods of Collection)

① The Company collects the minimum personal information necessary for providing the Service at each stage, such as membership registration, conclusion of contracts, and use of the Service, as follows.

CategoryPurpose/Stage of CollectionItems Collected (Required)
Customer (Lessee)Membership registrationName, contact information, email, password
Conclusion of contract(Individual) Name, contact information, email, address, date of birth
(Corporation) Corporation name, corporation registration number, representative's name, place of business address, contact information, email
Payment for paid services and registration of recurring paymentsCard company name, part of the card number, expiration date, date of birth (or business registration number), automatic payment identification key (billing key)
CoworkFamily (Lessor)Membership registration and space registrationName, contact information, email, business name, business type, business registration number, corporation registration number, main type/category of business, address, business registration certificate
When applying for revenue settlementDepositing bank, account holder name, account number, copy of bankbook
CoworkPartnersMembership registration and contractName (representative's name), contact information, email, activity name, business name, business registration number
When applying for revenue settlementDepositing bank, account holder name, account number, copy of bankbook, (electronic) tax invoice issuance information
Partnership consultation requestConsultation and inquiryName, contact information, email

② During the course of using the Service, the following information may be automatically generated and collected.

  • IP address, cookies, service usage records, visit records, records of improper use, device information (OS, browser type, etc.)

③ The Company collects personal information by the following methods.

  • Collection through online forms such as the website (membership registration, contract pages, consultation request forms)
  • Collection through written forms, telephone, fax, and email
  • Automatic collection through tools that collect generated information, such as log analysis tools and cookies

④ [Processing of Information Related to Mail Management Services]

As part of the non-resident office contract, the Company provides a basic mail management service to all members, and provides additional services according to the member's choice. The processing entity is distinguished according to the operating method of the branch contracted by the member.

1. Basic Mail Management Service (provided as part of the contract)

The Company photographs the exterior of all mail that arrives for a member and uploads it to the platform. The following information is processed in this course.

  • Processing entity: the Company (directly operated platform branch) or the occupant company (branch operated by CoworkFamily)
  • Items processed: information on the exterior of mail (recipient, sender address, name, business name, etc.)

2. Mail Opening and Content Verification Service (provided with the member's separate consent)

Only for members who have separately consented to using the service, the Company opens the mail, photographs its contents, and uploads them to the platform.

  • Processing entity: the Company (directly operated platform branch) or the occupant company (branch operated by CoworkFamily)
  • Items processed: information on the contents of mail (all contents confirmed after opening the mail)
  • Common method of collection: the operating entity (the Company or the occupant company) directly photographs the mail using a mobile phone camera, etc., and collects and uploads it in the form of digital image files
  • Retention and destruction: all digital image files (copies of the exterior and contents of mail) generated through the mail management service are stored in encrypted form on the server. Such data is retained until the time of membership withdrawal, so members using the paid service can check it through the platform at any time, and upon membership withdrawal it is permanently destroyed without delay.

⑤ To provide the recurring payment service, the Company collects and stores the payment method information registered by the user in encrypted form (billing key, etc.), and uses it to perform automatic payments in each payment cycle.

Article 4 (Processing and Retention Period of Personal Information)

① The Company processes and retains personal information within the retention and use period of personal information as prescribed by law or within the retention and use period of personal information consented to by the data subject at the time of collection.

② If the data subject requests membership withdrawal or withdraws consent to the collection and use of personal information, the Company shall destroy the relevant personal information without delay, except for the exceptions in Paragraph 3 below. However, if the user has any outstanding debt to the Company, such as unpaid service fees, the Company may retain payment-related personal information and the automatic payment identification key until the debt is fully repaid.

③ Where retention is required under the provisions of relevant laws, the Company shall 'store separately' the relevant personal information for the period prescribed by such laws.

Legal Basis for RetentionItems RetainedRetention Period
Act on the Consumer Protection in Electronic Commerce, Etc.Records on contracts or withdrawal of subscription, etc.5 years
Act on the Consumer Protection in Electronic Commerce, Etc.Records on payment and supply of goods, etc.5 years
Act on the Consumer Protection in Electronic Commerce, Etc.Records on consumer complaints or dispute resolution3 years
Framework Act on National TaxesBooks and supporting documents on all transactions prescribed by tax law5 years
Protection of Communications Secrets ActWebsite visit records (login records)3 months

※ 'Separate storage' means separating the relevant information from the operating service database and moving it to a separate space with strictly controlled access, to be used only for the fulfillment of legal obligations.

Article 5 (Provision of Personal Information to Third Parties)

① The Company provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the data subject or special provisions of law.

② The Company provides personal information to third parties as follows in order to provide a smooth service.

RecipientPurpose of ProvisionItems ProvidedRetention and Use Period
CoworkFamily
(the business operator of each branch contracted by the customer)
Conclusion, performance, and management of non-resident office lease agreements, and the direct performance of mail-related services such as receiving, photographing, uploading to the platform, and destroying mail on behalf of customers upon their requestThe customer's name, contact information, email, address, contract information, and information on the exterior and contents of mail (if necessary)Until the end of the contract period or membership withdrawal

Article 6 (Entrustment of Personal Information Processing and Cross-Border Transfer)

① For the purpose of enhancing management efficiency and improving service quality, etc., the Company performs part of its work by outsourcing it to third parties such as external specialized companies, and for this purpose entrusts the processing of work to third parties so that they may collect, store, process, use, provide, manage, and destroy users' personal information and customer information held by businesses. However, if you do not use the services related to the entrusted work below, the data subject's personal information will not be provided to the relevant company.

EntrusteeEntrusted WorkItems ProvidedLocationRetention Period
NICE Information & Telecommunication, Inc.Payment processing via credit card, account transfer, etc., and recurring automatic payment servicePayment information (card number, expiration date, billing key, etc.)Republic of KoreaUntil the end of the entrustment contract or the legal retention period
Korea PortOne Inc.Payment system integration and payment data management (including billing keys)Payment information (card number, expiration date, billing key, etc.)Republic of KoreaUntil the end of the entrustment contract or the legal retention period
Supabase IncDatabase management and operationContract and payment history (name, email, contact information, etc.)United StatesUntil membership withdrawal or the end of the entrustment contract
VercelWeb application hosting and deploymentEmail, IP address, etc.United StatesUntil membership withdrawal or the end of the entrustment contract
Plus Five Five, Inc.Email deliveryEmail, etc.United StatesUntil membership withdrawal or the end of the entrustment contract
Solapi Co., Ltd.Sending informational notifications such as contracts and mail arrivalName, contact informationUntil the end of the entrustment contract or the legal retention period
UIDID Co., Ltd. (UcanSign)Creation, delivery, signing, and storage of electronic contractsName, contact information, email, address, resident registration number, copy of identification card, and all other contract informationUntil the end of the entrustment contract or the legal retention period
Channel CorporationProvision and operation of online chat consultationName, contact information, email, IP address, consultation content, etc.Until membership withdrawal or the end of the entrustment contract
Squares Inc.Analysis of site visit records and user behavior, and performance analysis of online customized advertisingBehavioral information (cookies, IP address, service usage records, etc.), hashed identification informationUntil membership withdrawal or the end of the entrustment contract
Amplitude, Inc.Analysis of customer information such as customer service usage behavior and preparation of statisticsMember information (ID), device identification and registration information, order information, service usage records, etc.United StatesUntil membership withdrawal or the end of the entrustment contract

[Notice on the Legal Basis for Processing Unique Identification Information]

As a general principle, the Company does not collect users' unique identification information such as resident registration numbers.

However, in order for a lessee to register a business at the competent tax office through a non-resident office lease agreement, the lawful procedures under the Value-Added Tax Act must be followed. Under the relevant law, the business registration application requires the representative's resident registration number to be stated, and the lease agreement is submitted as a mandatory document to verify the place of business.

Accordingly, the Company has UIDID Co., Ltd. (UcanSign), its electronic contract entrustee, process unique identification information only on a limited basis and solely for the purpose of securing the validity of the lease agreement and supporting the lessee's fulfillment of the 'business registration obligation'.

② When concluding an entrustment contract, the Company specifies in documents such as the contract, in accordance with Article 26 of the Personal Information Protection Act, matters concerning the prohibition of processing personal information beyond the purpose of performing the entrusted work, technical and managerial protection measures, restrictions on re-entrustment, supervision and management of the entrustee, and liability such as compensation for damages, and supervises whether the entrustee processes personal information safely.

③ If the content of the entrusted work or the entrustee changes, the Company shall disclose this without delay through this Privacy Policy.

④ The data subject may refuse to consent to the cross-border transfer of personal information, and if consent is refused, some or all use of the Service may be restricted.

※ When concluding an electronic contract, accurate identity verification of the contracting parties is performed directly within the secured pages of the electronic signature entrustee (UIDID Co., Ltd.), and the unique identification information collected at that time, such as the resident registration number and a copy of the identification card, is neither collected nor stored on the Company's servers.

Article 7 (Procedures and Methods for Destroying Personal Information)

The Company destroys the relevant personal information without delay when it becomes unnecessary, such as upon the lapse of the retention period or the achievement of the processing purpose. The procedures and methods for destruction are as follows.

  1. Destruction procedure: The Company selects the personal information for which a reason for destruction has arisen and destroys the personal information with the approval of the Company's Chief Privacy Officer.
  2. Destruction method:
    • Active data: Information in the form of electronic files is deleted using technical methods that make the records unrecoverable, and personal information printed on paper is destroyed by shredding with a shredder or by incineration. In particular, mail photography data is retained until membership withdrawal and then destroyed in accordance with Article 3, Paragraph 4 of this Policy.
    • Backup data: Personal information contained in backup data generated to prevent data loss and for disaster recovery is not viewed or used for any purpose other than the purpose of the backup. Such backup data is permanently deleted in an unrecoverable manner once the prescribed retention period expires.

Article 8 (Rights and Obligations of Data Subjects and Their Legal Representatives and Methods of Exercising Them)

① The data subject (in the case of a person under the age of 14, the legal representative) may exercise the following personal information protection-related rights against the Company at any time.

  1. Request to access personal information
  2. Request to correct errors, etc.
  3. Request for deletion
  4. Request to suspend processing

② The exercise of rights under Paragraph 1 may be made to the Company through chat, in writing, by telephone, email, facsimile (FAX), etc., and the Company shall take action thereon without delay.

③ If the data subject requests the correction or deletion of errors, etc., in personal information, the Company shall not use or provide the relevant personal information until the correction or deletion is completed.

④ The exercise of rights under Paragraph 1 may be made through an agent such as the data subject's legal representative or a person who has been delegated authority. In this case, you must submit a power of attorney in accordance with Annexed Form No. 11 of the "Notice on Methods of Processing Personal Information."

⑤ The data subject shall not infringe upon the personal information or privacy of themselves or others being processed by the Company in violation of the Personal Information Protection Act and other relevant laws.

Article 9 (Installation and Operation of Automatic Personal Information Collection Devices and Refusal Thereof)

① The Company uses 'cookies' that store and frequently retrieve usage information in order to provide individually customized services to users.

② Cookies are a small amount of information that the server (http) used to operate the website sends to the user's computer browser, and are sometimes stored on the hard disk inside the user's PC.

  1. Purpose of using cookies: To provide target marketing and personalized services by analyzing the frequency of users' access and visit times, identifying and tracking users' preferences and areas of interest, and identifying the degree of participation in various events and the number of visits, etc.
  2. Installation, operation, and refusal of cookies: Users have the option to install cookies. Therefore, by setting options in the web browser, users may allow all cookies, go through confirmation each time a cookie is saved, or refuse to save all cookies.
    • Example of how to set (for Internet Explorer): Tools at the top of the web browser > Internet Options > Privacy
  3. If you refuse to save cookies, you may experience difficulties in using customized services.

Article 10 (Measures to Ensure the Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information.

  • Managerial measures: establishment and implementation of internal management plans, regular employee training, etc.
  • Technical measures: management of access rights to personal information processing systems, etc., installation of access control systems, encryption of unique identification information, etc., installation of security programs
  • Physical measures: access control of computer rooms, data storage rooms, etc.
  • Managerial protection measures such as communication channel control: In order to prevent members' personal information from being indiscriminately exposed, the Company, as a principle, restricts direct communication between 'Customers' and 'CoworkFamily' and mediates all contact through the Company's Customer Experience (CX) team. The Company's management of such communication channels and measures to halt direct communication that violates the terms constitute important managerial protection measures to protect members' personal information.

Article 11 (Chief Privacy Officer)

① The Company designates a Chief Privacy Officer as follows, who takes overall responsibility for the work related to the processing of personal information and handles complaints and damage relief of data subjects related to the processing of personal information.

Chief Privacy Officer

  • Position: CEO
  • Name: Kim Kyungsoo
  • Contact: 1833-2565, support@coworkcity.co.kr

Personal Information Protection Department

  • Department: Operations Department
  • Person in charge: Kim Kyungsoo
  • Contact: 1833-2565, support@coworkcity.co.kr

② Data subjects may direct any inquiries, complaint handling, damage relief, etc., related to personal information protection arising while using the Company's Service to the Chief Privacy Officer and the responsible department. The Company will respond to and handle data subjects' inquiries without delay.

Article 12 (Remedies for Infringement of Rights)

In order to receive relief for personal information infringement, data subjects may apply for dispute resolution or consultation, etc., to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc. For other reports and consultations regarding personal information infringement, please contact the agencies below.

  1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
  2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
  4. National Police Agency: (without area code) 182 (ecrm.police.go.kr/minwon/main)

Article 13 (Changes to the Privacy Policy)

① This Privacy Policy applies from the effective date.

② If the Company changes the Privacy Policy, it will give notice through announcements from 7 days before the effective date of the changes. However, when there is a significant change to the rights of data subjects, such as a change to the items of personal information collected or the purpose of use, the Company will give notice at least 30 days in advance, and may obtain the data subject's separate consent if necessary.

③ When the Company changes the Privacy Policy pursuant to Paragraph 2, it discloses the amended contents so that the before and after can be easily compared.

Addendum

Effective date: February 1, 2026

Privacy Policy | 비상주 사무실