Second Team Co., Ltd. (hereinafter referred to as 'the Company') has established and disclosed the following privacy policy in accordance with Article 30 of the ‘Personal Information Protection Act’ to protect users' personal information and to promptly and smoothly address related grievances.
Article 1. Purpose of Processing Personal Information
The Company processes the minimum necessary personal information for the following purposes. The personal information being processed will not be used for purposes other than those specified, and in the event of a change in the intended use, necessary measures such as obtaining separate consent will be implemented.
To confirm the intent to join and manage the corporate member (hereinafter referred to as “Hiring Company”) website, identify and authenticate users for service use, maintain and manage qualifications, provide information related to the recruitment process (AI interviews, etc.), deliver announcements, contact related to recruitment and website use, prevent fraudulent use, etc., personal information is processed.
Provision of goods or services: Processing personal information for the purposes of providing AI interview services, analyzing interview results, generating and delivering analysis reports (provided to the Hiring Company), sending invoices, providing content, offering customized services, verifying identity, payment and settlement, and debt collection.
Utilization for marketing and advertising: Processing personal information for the purposes of developing new services (products) and providing customized services, providing event and advertising information and participation opportunities, offering services and advertisements based on demographic characteristics, identifying access frequency or statistics on service usage, etc. In this case, the Company complies with relevant laws and obtains necessary separate consent.
Grievance Handling: Processing personal information for the purposes of verifying the identity of the complainant, confirming the details of the complaint, contacting and notifying for fact-finding investigations, and notifying the results of processing.
Article 2. Processing and Retention Period of Personal Information
1. The Company processes and retains personal information within the retention and utilization periods specified by laws and regulations or that agreed upon when collecting personal information from information subjects.
2. The periods for processing and retention of personal information are as follows:
1) Membership registration and management of the website
Retention Period: Until the end of service subscription and withdrawal from the website
However, in cases that fall under the following reasons, it will be retained until the reason ends.
If an investigation or inquiry is underway due to violations of relevant laws, it will be retained until the investigation or inquiry is completed.
In case of remaining creditor-debtor relations due to service use: Until the settlement of such relations and the completion of billing for unpaid subscription fees.
2) Processing of personal information of the Company and applicants
Retention Period: 1 year from the completion date of the AI interview
This period is for ensuring the fairness of the recruitment process and managing the re-application of applicants, and will be destroyed without delay upon expiration. However, if the hiring company requests retention for separate legal grounds, it will follow that period.
3) Provision of goods or services
Retention Period: Until the completion of subscription service provision and billing/payment settlement
However, in cases where retention is necessary under relevant laws, it will be retained until the end of the execution period as follows.
Records under the ‘Act on the Consumer Protection in Electronic Commerce, etc.’
Records of advertising: 6 months
Records of contracts or withdrawal of subscriptions, payments, and provision of goods: 5 years
Records of consumer complaints or dispute resolutions: 3 years
Records under Article 41 of the ‘Protection of Communications Secrets Act’
Computer communication, internet log records, access tracking data: 3 months
Records under the ‘Value-Added Tax Act’
Information related to transaction details such as invoices and receipts: 5 years
Article 3. Provision of Personal Information to Third Parties
The Company does not usually provide the personal information of information subjects to third parties. However, exceptions apply in the following cases.
1. Provision to the Hiring Company
Due to the nature of AI interviews, the results of the interviews taken by the information subject may be provided to the respective hiring company for recruitment processing.
Recipient: The hiring company that invited the information subject
Purpose of Provision: To conduct recruitment processing (evaluation/review), check results
Items Provided: All videos, audio, text (including transcripts/summaries), questions/evaluations, logs, etc., generated and collected during the AI interview process
Retention and Use Period: Based on the recruitment operating standards of the hiring company. However, the retention and viewing period within the service platform is limited to a maximum of 1 year from the date of completion of the interview, and the data will be automatically destroyed after the period.
2. Provision based on laws
It may be provided in accordance with the law, such as legitimate requests from investigation agencies.
Article 4. Outsourcing of Personal Information Processing
The Company outsources personal information processing duties as follows for smooth processing.
Trustee Company | Outsourced Tasks and Data Address | Collected/Transferred Items | Retention and Use Period |
|---|---|---|---|
Microsoft (Azure) | Server operation, data storage, security/backup, etc. / South Korea | Applicant's name, applicant's email, interview video, audio | Up to 1 year from the AI interview date |
Agora | Real-time video/audio streaming transmission of AI interviews / not stored | Real-time interview video and audio data | Not stored |
The Company specifies matters concerning the prohibition of personal information processing outside the purpose of entrusted tasks, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of trustees, liability for damages, etc., in documents such as contracts when entering into outsourcing contracts, and supervises whether the trustee safely processes personal information.
In the event of changes to the content of the entrusted tasks or trustees, we will promptly disclose this through the current personal information processing policy.
The Company conducts overseas transfers of personal information as follows.
Company Name | Transferred Country | Date and Method of Transfer | Contact Information of Information Manager | Items of Personal Information Transferred | Purpose of Transfer | Personal Information Retention Period |
|---|---|---|---|---|---|---|
Google Inc | United States | Transmission via network when using visitor services on the website | googlekorea@google.com | Cookie ID, IP address, web/app visit and activity data, device information | For statistical measurement of user interactions occurring on the website | 14 months |
Article 5. Rights and Duties of the Information Subject and Legal Representatives and Methods of Exercise
The information subject can exercise the rights to access, correct, delete, and request the suspension of processing personal information at any time against the Company.
Exercise of rights under paragraph 1 may be made in writing or via email in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the ‘Personal Information Protection Act’, and the Company will respond without delay.
If the information subject requests correction or deletion of errors in personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
The rights mentioned in paragraph 1 may also be exercised through a legal representative or an authorized person. In this case, a power of attorney according to the form attachment No. 11 of the Enforcement Rules of the ‘Personal Information Protection Act’ must be submitted.
Requests for access and suspension of processing of personal information may be limited under Article 35, Paragraph 4, and Article 37, Paragraph 2 of the ‘Personal Information Protection Act’.
Requests for correction and deletion of personal information cannot be made if the relevant personal information is specified as a target of collection in other laws.
The Company verifies whether the person making a request regarding access, correction, deletion, or suspension of processing is the information subject or a legitimate representative.
On automated analysis using artificial intelligence (AI) technology
The Company operates a system that analyzes applicants' answers using AI and generates analysis reports. The information subject can request explanations and reviews regarding automated decisions that significantly affect their rights or obligations.
The Company's services provide AI analysis reports merely as supplementary materials for recruitment decision-making, and the final decision on acceptance in the recruitment process is made through the intervention of a hiring manager (human). Therefore, it may not constitute 'fully automated decision-making' without human intervention according to Article 37-2 of the ‘Personal Information Protection Act’, and exercising the right to refuse such automated decisions may be restricted.
Article 6. Items of Personal Information Processed
The Company processes the following items of personal information.
Registration and management
Required: Name, password, email address, company name
Utilization for marketing and advertising
Required items: Name, email address
Applicant's application and interview information
Required items: Name, email address, AI interview video and audio data, answer text, resume
During the use of internet services, the following personal information may be automatically generated and collected.
IP address, cookies, MAC address, service usage records, visit history, bad usage records, device information (OS, browser information), Google Analytics behavioral data
Article 7. Destruction of Personal Information
The Company will destroy personal information without delay when it becomes unnecessary due to expiration of the retention period or achievement of the purpose of processing.
If the retention period agreed upon by the information subject has expired or the purpose of processing has been achieved, but the Company is required to continue to preserve the personal information under other laws, it will be moved to a separate database (DB) or preserved in a different location.
The procedures and methods for destruction of personal information are as follows:
Destruction procedures: The Company selects personal information for which the reason for destruction has occurred and destroys it with the approval of the person responsible for personal information protection.
Destruction methods:
Electronic file format: The Company destroys personal information recorded/stored in the cloud infrastructure using a low-level format or equivalent technical destruction method that makes records unrecoverable.
Paper documents: Personal information recorded/stored in paper documents is destroyed by shredding or incineration.
Article 8. Security Measures for Personal Information
The Company takes the following measures to ensure the security of personal information.
Establishing and operating an internal management plan for personal information, including the appointment of a personal information protection officer and the organization and operation of personal information protection, and verifying annually whether the internal management plan is being properly implemented.
Controlling access to personal information through management of access rights to the database system processing personal information and preventing unauthorized access from both inside and outside.
The personal information handlers store and manage access records to the personal information processing system and regularly check access logs to prevent misuse, loss, forgery, and alteration of personal information. In addition, to ensure that access logs of personal information handlers are not altered, stolen, or lost, such access logs are securely stored.
Separating physical storage locations for personal information and establishing and operating access control procedures for them.
Article 9. Installation, Operation, and Rejection of Personal Information Automatic Collection Devices
The Company uses 'cookies' to store and retrieve usage information in order to provide personalized services.
Cookies are small amounts of information sent by the web server (http) to the user's computer browser and are sometimes stored on the user's PC hard disk.
Purpose of using cookies: They are used to understand the visit and usage patterns of each service and website visited by users, popular search terms, security access, analysis of usage behavior via Google Analytics, and to provide optimized information to users and improve service quality.
Installation, operation, and rejection of cookies: Users have the right to choose whether to accept cookies. They can reject cookie storage through the settings menu at the top of the web browser.
Header 1 | Header 2 | Header 3 |
|---|---|---|
Web Browser | Chrome | Settings > Privacy and Security > Clear Browsing Data |
Web Browser | Edge | Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data |
Mobile | Chrome | Settings > Privacy and Security > Clear Browsing Data |
Mobile | Safari | Settings > Safari > Advanced > Block All Cookies |
Article 10. Personal Information Protection Officer
The Company assigns a personal information protection officer to oversee the processing of personal information and address grievances and damages related to personal information processing as follows.
Officer: Choi Jae-woong
Position: CISO / CPO
Level: CEO
Contact: privacy@supercoder.co
Article 11. Remedies for Rights Violations
Information subjects can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Violation Reporting Center, etc., to receive redress for personal information infringement. For other reports or inquiries on personal information infringement, please contact the organizations below.
Personal Information Violation Reporting Center (Operated by the Korea Internet & Security Agency): (Without area code) 118 (privacy.kisa.or.kr)
Personal Information Dispute Mediation Committee: (Without area code) 1833-6972 (www.kopico.go.kr)
Supreme Prosecutors’ Office: (Without area code) 1301 (www.spo.go.kr)
Police Agency: (Without area code) 182 (ecrm.police.go.kr)
Article 12. Changes to the Privacy Policy
This privacy policy will take effect from the date of implementation, and if there are any additions, deletions, or corrections to the changes in laws and policies, they will be notified through announcements.
This policy will be effective from January 29, 2026.