Privacy policy
CRScube Inc. and its subsidiaries (hereinafter "CRScube") establish and disclose the following privacy policy in order to protect the personal information of the subject of information and to promptly and smoothly handle related complaints.
1. Purpose of personal information processing
CRScube processes personal information to the minimum extent necessary for the following purposes. The personal information processed by CRScube will not be used for any purpose other than the following purposes, and if the purpose of use changes, CRScube will take necessary measures such as obtaining additional consent. (Article 28 of the EU General Data Protection Regulation [GDPR] and §164.502 of HIPAA)
Creation and management of cubeSOLUTION user account
Storage of data entered into cubeSOLUTION
Generation of analytics for operation and maintenance of cubeSOLUTION
Provision of cubeSOLUTION
Customer support for cubeSOLUTION
Delivery of information via CRScube HOMEPAGE
*cubeSOLUTION collectively refers to every Web/Mobile-based applications developed and provided by CRScube, including cubeCDMS, cubeIWRS, cubeBUILDER, cubePRO, cubeSAFETY, cubeTMF, cubeCTMS, cubeLMS, cubeDDC, cubeCONSENT, CRM, etc.
2. Personal information processed
CRScube processes the following personal information upon the consent of the subject of information, in accordance with Article 7 of the EU General Data Protection Regulation [GDPR]. The data entered into cubeSOLUTION is stored without being subjected to any processing procedures beyond storage. The items required for service provision are used to ensure more stable provision of the cubeSOLUTION service.
The Use of cubeSOLUTION
applied to all EXCEPT cubePRO
Purpose of personal information processing | Personal information |
|---|---|
Creation and management of cubeSOLUTION user account | Required: Name, email address, ID, and Password Optional: Cell phone number, telephone number, FAX number, and alternate email address |
Generation of statistical information for the operation and maintenance of cubeSOLUTION | Subject data stored via cubeSOLUTION |
Provision of cubeSOLUTION | Required: IP address, identifiers of browser and device, and operating system |
Customer support for cubeSOLUTION | Required: Email address |
Use of cubePRO
Purpose of personal information processing | Personal information |
|---|---|
Provision of cubePRO | Required: application version in use and device information of the connected terminal. |
Storage of data entered into cubePRO | Subject data stored via cubePRO |
Use of CRM
Applicable only to data subjects who use the facial recognition function.
Purpose of personal information processing | Personal information |
|---|---|
Provision of face recognition function of CRM | Required: name, date of birth, facial data, application version in use, and device information of the connected terminal. |
Delivery of information via CRScube HOMEPAGE
Purpose of personal information processing | Personal information |
|---|---|
Provision of cubeSOLUTION DEMO | Required: Name, email address Optional: Telephone number |
NEWSLETTER | Required: Email address |
CASE STUDY DOWNLOAD | Required: Email address |
Analysis of HOMEPAGE usage pattern | Optional: HOMEPAGE access and behavioral information (page navigation paths, device information, access location, etc.) |
3. Period of personal information processing and retention
CRScube processes and retains personal information within the period stipulated by relevant laws and regulations, or within the period agreed by the subject of information when CRScube collects the personal information.
Clinical trial data collected through cubeSOLUTION is retained for the duration of the clinical trial data retention period in accordance with relevant laws and regulations.
The period of personal information processing is as follows.
Purpose of Personal Information Processing | Period of Personal Information Processing and Retention |
|---|---|
Creation and management of user account for cubeSOLUTION | During the clinical data retention period or until account deletion |
Storage of data entered to cubeSOLUTION | During the clinical data retention period |
Provision of cubeSOLUTION | One year |
Customer support for cubeSOLUTION | During the clinical data retention period or until account deletion |
Provision of cubeSOLUTION DEMO | One year following the provision of DEMO |
NEWSLETTER | One year following the request to unsubscribe NEWSLETTER |
CASE STUDY DOWNLOAD | One year following DOWNLOAD |
Analysis of HOMEPAGE usage pattern | One year from the date of access |
4. Destruction of personal information
CRScube will destroy the relevant personal information when it becomes unnecessary, such as when the period of personal information retention has expired or when the purpose of the processing has been achieved.
The procedure and method of destroying personal information are as follows:
Procedure of destruction: CRScube selects the personal information which falls under any reason for destruction and will destroy the personal information with the approval of the Personal Information Protection Officer.
Method of destruction: CRScube ensures that personal information recorded and stored in the database is destroyed in such a way that the records cannot be regenerated.
5. Entrustment of personal information processing
CRScube entrusts the processing of personal information to the following trustees in order to facilitate the handling of personal information.
Trustee | Entrusted affair |
|---|---|
Amazon Web Service, Inc. | Storage of CRScube's cubeSOLUTION data |
Zendesk, Inc. | Storage of personal information related to the provision of CRScube Help Center |
CMT INFO & COMM | Management of CRScube’s internal network firewall |
Wix.com, Inc. | Storage of personal information collected through CRScube HOMEPAGE |
Hotjar Ltd. | Analytics of HOMEPAGE access and behavioral information |
CRScube, when entrusting affairs, specifies in writing the prohibition of processing personal information for purposes other than those of the entrustment, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the entrusted party, and liability for damages, to ensure the secure processing of personal information. (Articles 29 and 30 of the EU General Data Protection Regulation [GDPR])
If the details of entrusted affairs or trustees change, CRScube will promptly disclose the changes through this Privacy Policy.
The task of personal information processing is partially delegated to foreign parties, details of which can be found in Paragraph 6 ‘International transfer of personal information’.
6. International transfer of personal information
CRSscube provides and delegates personal information collected from the user and through HOMEPAGE in accordance with relevant laws and regulations. CRScube may also process personal information of the subject of information on servers located outside the user’s country of residence.
AWS | Zendesk | Wix | Hotjar | |
|---|---|---|---|---|
Transferred personal information | Name, contact (cell phone and telephone number, fax number, alternate email address), email address, ID, password, IP address, identifiers of browser and device, and operating system, the version of the currently used application, and information about the connected device, date of birth, and face data | Email address | Name, email address, and phone number (if entered) collected through HOMEPAGE | Anonymized homepage access and behavioral information (when collection is permitted |
Nations to which the personal information is transferred | Republic of Korea, Japan | Japan | The United States, European Union, Israel | European Union |
Date and time of transfer and method | Transmission via network at the time of service use | Transmission via network at the time of service use | Transmission via network at the time of service use | Transmission via network at the time of service use |
Recipient of the personal information | · Recipient: Amazon Web Service, Inc. · Contact: AWS data privacy policy | · Recipient: Zendesk, Inc. · Contact: Zendesk data privacy policy | · Recipient: Wix.com, Inc. · Contact: WIZ Privacy Policy | · Recipient: Hotjar Ltd. · Contact: Hotjar Privacy Policy |
Purpose of the recipient’s use of the personal information | Personal information is stored when entered and used through cubeSOLUTION, and the stored data will not be used without prior consent. | Personal information related to CRScube Help Center service is stored, and the stored data will not be used without prior consent. | Personal information is stored in order to provide information requested through HOMEPAGE, and the stored data will not be used without prior consent. | Personal information is stored only when cookie collection is permitted on the homepage, and stored data will not be used without prior consent. |
Period of retention and use of the personal information by the recipient | Equal to what is specified in Paragraph 3 'Period of personal information processing and retention’ | Equal to what is specified in Paragraph 3 'Period of personal information processing and retention’ | Equal to what is specified in Paragraph 3 'Period of personal information processing and retention’ | Equal to what is specified in Paragraph 3 'Period of personal information processing and retention’ |
Right to refuse consent and consequences associated with the refusal | Users have the right to decline the collection of personal information. However, refusal to provide consent may result in limitations on the use of services. | Users have the right to decline the collection of personal information. However, refusal to provide consent may result in limitations on the use of services. | Users have the right to decline the collection of personal information. However, refusal to provide consent may result in limitations on the use of services. | Users have the right to refuse data collection. The homepage remains accessible even when consent is declined. |
7. Measures to ensure the security of personal information
CRScube takes the following measures to ensure the security of personal information, in accordance with Article 32 of the EU General Data Protection Regulation [GDPR]
Administrative measures: Establishment and implementation of an internal management plan, regular training for employees, etc.
Technical measures: Management of access authority for personal information management system, installation of an access control system, encryption of personal information, installation of security programs, etc.
Physical measures: Not applicable (Cloud service in use)
8. Installation and operation of an automatic personal information collection system, and refusal options
CRScube uses "cookies" to store and retrieve usage information periodically to provide personalized services to users.
Purpose of using cookies: Cookies are used to gather information about user visits and usage patterns on various services and websites visited by users, as well as to provide optimized services to users.
Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser and may also be stored on the hard drive of a user's PC.
Users can adjust their web browser settings to allow or block cookies. However, refusing to store cookies may lead to difficulties in using personalized services.
9. Rights, duties, and methods of exercising the rights of the subject of information and their legal representatives
Subjects of information have the right to exercise various rights regarding their personal information at CRScube, including access, correction, deletion, and suspension of processing at any time.
Request to access personal information: Subjects of information may regularly check their personal information by logging into CRScube solutions.
Request to correct or delete personal information: Subjects of information may send a request to help@crscube.io via their email address registered in CRScube solutions.
Request to suspend the processing of personal information: Subjects of information may send a request to help@crscube.io via their email address registered in CRScube solutions.
The rights pursuant to Paragraph 4.1. can be exercised via email to CRScube, and CRScube will take necessary measures after verification.
The exercise of rights pursuant to Paragraph 4.1. can be carried out through a legal representative or an authorized delegate, provided that a valid power of attorney is submitted. (Articles 5 and 7 of the EU General Data Protection Regulation [GDPR])
The right of the subjects of information to request access to and suspension of processing of personal information may be restricted in the following cases:
When access is prohibited or restricted by law
When there is a risk of harm to another person's life or physical safety, or when there is a risk of unjustly infringing upon another person's property or other interests
When personal information is specified as subject to retention under applicable laws and regulations, deletion of such personal information cannot be requested.
10. Personal Information Protection Officer and handling of complaints
CRScube assumes overall responsibility for the processing of personal information and appoints a Personal Information Protection Officer to handle complaints, grievances, and other matters related to personal information processing, as outlined below.
Gidae Yeo, CTO
Email: help@crscube.io
Phone: +82-2-722-7275
A subject of information may contact the personal information protection officer for any inquiries, handling of complaints, and remedies for damages related to personal information protection arising from the use of CRScube's services. CRScube will respond to and address the inquiries from subjects of information promptly.
11. Remedies for infringement of the rights of the subject of information
Subjects of information may seek remedies for personal information infringements by applying for dispute resolution or consultation with organizations with valid authorities.
CRScube is committed to protecting the rights of the subject of information to self-determination regarding personal information and strives to provide consultation and remedies for damages caused by personal information infringement. If you require assistance or consultation, please contact the Personal Information Protection Officer listed in Paragraph 10, 'Personal Information Protection Officer and handling of complaints'.
12. Additional efforts to protect personal information
CRScube endeavors to safely manage users' personal information, making additional efforts to enhance privacy protection beyond the security measures stipulated by laws and regulations.
CRScube has obtained ISO/IEC 27001 certification, an international standard for Information Security Management Systems, covering the entire scope of the cubeSOLUTION service.
Information related to GDPR can be found on page below.
13. Changes to the Privacy Policy
This privacy policy will take effect starting from August 4, 2025.
Previous versions of the privacy policy can be requested by contacting help@crscube.io.