Privacy Policy

Infraware Inc. (hereinafter “Company”) always makes its best efforts to protect the personal information of its users as it considers the protection of personal information saved under Polaris Office Service (hereinafter "Service") is significant. This Privacy Policy, effective from July 09, 2020 explains why this service collects information as well as what measures are taken to handle the collection and contents of user data.

1. Personal Information Collection Items and Collection Measures

The company collects and saves information to provide a better service to the users.

A. Information provided by users.
When joining as a member, the following personal information is collected and also the following items are collected for personal and company services.
① Personal service
- Required: email address, password
- Optional: name
② Company service
- Required: name, email address, password, company name, number of users
- Optional: telephone number

B. Information collected during use of service
① Device information
A member's device (mobile/PC), OS type and version, browser type, usage history, IP address, cookies, access token, session ID, country, language, route of entry, program installation, operation of major functions, and basic information of usage quantity are collected.
② Contents information
Files and their content in the user's Polaris Office storage are collected, which is intended for the service selected by the user, and will not be used for any other services or users or be provided to any third parties.
③ Payment information
The browser type, usage history, IP address, cookies, country, language, program installation, operation of major functions, and basic information of usage quantity will be collected. Also, transaction information required during the payment process, such as credit card information, billing address, country, currency unit and other related information, might be collected.
④ Contacts information
When the user allows others to access to the user’s contact information within the service, in this case, the service saves contact information in the server for users to utilize contacts during usage of Polaris Office. Contact information is only used under the purpose of sharing files, sending emails, or inviting others to the service.
⑤ A third party partner account information
If the user allows others to access to their own personal information via Google, Facebook, or any other service provider, the service stores such information in the server, so that the user may access the information later.

⑥ Mobile phone number (when using partner's service)
Only if it is necessary to they are the users of Orange AMEA, Orange DMFI and Orange UApro or other partner's service, their mobile phone number is collected. This information is used to confirm that they are the user of partner's service and it is not stored in the service or provided to a third party other than the partner.

2. Objectives of Personal Information Collection and its Legal Basis

The company processes the user's personal information based on the following legal backgrounds.

A. Consent by the data subject
The company may provide product offer or marketing information to users who agree to such provisions. Such information can be referred to for delivering event information or posting ads. User may opt to deny reception of such information in the service/event notification option in the account setup of service.

B. Contract execution
The company can process the necessary personal information for contract execution with the user.
① Request confirmation of user confirmation intention and create a new account.
② Utilize to identify authorized users and prevent from a dishonest use by illegal users and unauthorized utilization.
③ Utilize to provide a promised service to the users and settle fares if the users purchase or use the charged services.
④ When a user shares documents, or has documents shared with them in an individual or group capacity, account information including, but not limited to, nickname, email, or Polaris Office profile picture will be shown to all users involved in that sharing instance.
⑤ Utilize to provide various services to users and disseminate a notification after dealing with matters of inquiry and processing complaints requested during experience of the services.
⑥ Uses it to confirm that it is the valid user for the partner's service in case that there exists some special issues due to partnerships in a specific device in use or a specific route of access.

C. Legal profits of the company
The company can process the necessary personal information for lawful profits of the company.
① The company uses personal information to create statistics by analyzing patterns, frequency of access, and use of service for a reference including provision of customized services and development of new services.
② When providing free service, the company has the right to post various ads related to service of the partner company or the company on the service screen.

3. Retention and Use Period of Personal Information

A. The company uses personal information in a limited capacity while providing service. The personal information will be deleted without delay i) if users request for the cancellation and withdraw consent to the collection and use of personal information, ii) when the purpose of collection and use of personal information is accomplished, iii) or the period of use expires.

B. The company stores the personal data only for the time period allowed by the relevant laws and never uses the stored information for any other purposes.
① The act of consumer protection in electronic commerce
- Contract and revocation records: 5 years
- Payment and fund supply record: 5 years
- Consumer's complaint or legal disputes record: 3 years
② Electronic commerce transaction act
- Electronic commerce record: 5 years
③ Communication secret protection act
- Login record: 3 months

4. Personal Information Disposal Procedures and Measures

The disposal procedures and measures of personal information are follows.

A. Disposal procedures
A user's personal information is stored for a certain time period due to the information protection reason according to the internal policy or other laws and then disposed once the goals are achieved.

B. Disposal measures
The personal data printed on paper can be disposed by destruction or incineration and an electrical format of personal data can be deleted by using a technical measure that prevents restoration of data.

5. User's Rights

Every user has the following rights (legal guardian for a child below the age of 14)

A. Rights to receive information
The company will notify the user of legal issues and obtain consent before processing the personal information.
The overall aspects of the personal data processing can be immediately checked on the privacy policy.

B. Rights to view and correct
A user can view or correct their personal information through 『account setting』.

C. Rights to delete and revoke consents
① A user can delete their personal information in 『account setting』 anytime or revoke consent on the personal information collection and use. Until the consent is revoked, all the items processed based on the consent are deemed to be lawful.
② A user can use the membership withdrawal menu in 『account setting』 to withdraw their membership. Once the membership is withdrawn, the personal information is processed according to ". Retention and Use Period of Personal Information."

D. Rights to transfer data
A user can download their own data in 『data saving and transfer』 and transfer it to other service provider.

E. Rights to object
A user has the right to object against direct marketing and can set rejection of marketing email receiving in 『account setting』.

F. Rights to raise complaints to the privacy supervision authority in relation to personal data processing if they reside in EU countries.

6. Provision of Personal Information to Third Parties

The company supplies the personal information to a third party in the following cases of exceptions.

A. Agreement made by the users in advance
When the personal data is provided for a third party, the company requests explicit and individual agreements after notifying a person who receives personal information, purpose, items, possession, and period of use in advance.

B. In case that the relevant laws have special provisions for it.

7. Commissioned Processing of Personal Information

Customer service is entrusted to a third party company to ensure the quality and promptness of all customer support related issues.
The agencies and their entrusted tasks about personal information are as follows, and they retain personal information until the entrustment contract expires.

A. Personal service
① Paygate Co., KG INICIS, Paypal : Vicarious execution of payment.
② Amazon Web Services, Inc. : Provide the public cloud service for customer's personal information and contents storage.

B. Company service
① Paygate Co., KG INICIS, Paypal : Vicarious execution of payment.
② Amazon Web Services, Inc. : Provide the public cloud service for customer's personal information and contents storage.

8. Child's Personal Information

The service is not intended for a child below 14 years old.
If the company finds out that the personal information of a child below 14 years old is collected or if the legal guardian requests membership withdrawal(cancellation) of that child, then the company will immediately try to delete it.

9. Installation/Employment of Automated Personal Information Collection Equipment and Refusal

The company uses 'Cookie' which saves and brings out user information in order to provide personalized and customized services.

A. What is a cookie?
Cookie are diminutive text files - sending to user browser from the servers operated by the websites - saved in the computer’s hard-disk. So, if the users visit websites, the websites' servers read cookie data saved in users' hard-disks to maintain users' environment settings and provide customized services.
The users can always deletes or denies to save cookie since the cookie does not collect information which identify individuals automatically nor actively.

B. Purpose of using Cookie
The company supports a faster Web environment for users by saving settings preferred by users via cookies and uses them for service improvements for increased convenience. Because of this incident, the users are able to use the service easily. In addition, cookies allow the company to provide a personal customized service, including advertisements, by understanding the users' website visits, patterns, and interests.

C. Installation/employment of Cookie and denial
A user has the right to select cookie installation. Thus, a user can set the option on the web browser to allow every cookie or, perform confirmation each time a cookie is saved or reject saving of any cookie. But if they reject saving of any cookie, then the web use will become difficult and some of service requiring a log in may be unavailable.

D. Following directions will give a guidance to designate allowance of Cookie installation.
① Internet Explorer: Tool Menu on upper side of web-browser > Internet Option > Personal Information > Setting
② Chrome: Selection Menu on right side of web-browser > Selection of Extended Setting on bottom of screen (wording may differ) > Personal Information Contents Selection Button > Cookie

10. Issues Related to Personal Information Transfer to Abroad

A. The personal information collected by the company is processed or saved within the following districts and processed only for the goals specified in the privacy policy.
① Location of main office, affiliates and IT server: Korea
② Location of consignment company (Public Cloud Service supply): USA

B. The following EU user's personal information is transferred out of EU.
① Personal service: email address, password, device model name, name
② Company service: Name, email address, password, company name, country, telephone number, device model

C. In case that the company transfer the user's personal information out of EU, then the personal information is protected and the EU's general personal data protection regulation(GDPR) is complied with on the following basis.
① Designate the data recipient certified in the privacy shield framework between EU and USA and Swiss and USA.
For efficient and safe data management, the company uses a company with privacy shield certifications to store the customer's personal information and data.

② Contract execution with the data subject
The company provide service in Korea where the main office is located, and operates no branch in EU. Thus, transfer of personal information to Korea is unavoidable for service, and if you do not accept it, no service will be provided for you.
The company is certified with the international standard of personal information(ISO/IEC 27001) and the company is safely managing the customer's personal information and contents according to the information protection management system based on it.

11. Your California Privacy Rights

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or "CCPA."

California consumers may make a request pursuant to their rights under the CCPA by contacting us at We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf."

Right to Know
You have the right to request that we disclose what personal information we collect, use, disclose, and "sell".

For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the '1. Personal Information Collection Items and Collection Measures' section above.

We collect this information for the business and commercial purposes described in the '2. Objectives of Personal Information Collection and its Legal Basis' section above.

In line with our Privacy Policy, we do not knowingly collect the personal information of minors under 13 years of age.

Right to Delete
You have the right to request that Company deletes the personal information we currently hold about you.
For more details about the right to delete, please see the '5. User's Rights> C. Rights to delete and revoke consents' section above.

Right to Opt-Out of 'Sales' of Personal Information
If you are a California resident, the CCPA allows you to request that Company no longer “sells” your personal information.
We do not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out).

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA

12. Customer Service for Privacy Inquiries

If you have any questions or inquiries about privacy, contact us using the information below.
▶ Data Protection Officer (DPO):
- Email address:
Please do not hesitate to contact us should you have any concerns or questions regarding privacy issues. The Company will endeavor to provide solutions to any claims, concerns, or questions from users.

13. Privacy Policy Changes

To reflect the changes in the service or the laws, the company can modify its privacy policy, In case of addition, deletion or modification in the current privacy policy, the company will post the reason and details on the web site or emails if necessary.

14. Security

The company devotes its effort to protect information from illegal access, change, exposure, or deletion for the service users.
The passwords are mandated to access user data for the service, and sensitive data (credit card information etc.) inputted to pay a charged service will be encrypted by SSL.
Nevertheless, it is not guaranteed that the information sent to others by your choice is completely safe because wired and wireless networks do not provide complete security. Accordingly, information being accessed, exposed, changed, or damaged is possible because physical, technical, or management safety devices may be attacked and destroyed.

- Posting date: July 09, 2020
- Enforcement date: July 09, 2020

Miscellaneous Provision
The content of this Privacy Policy may vary per language as countries have different legal requirements. If there is any conflict between the Privacy Policy in different languages, the policy in the language of the country shall prevail, and if such a policy does not exist, the policy in English shall prevail. The Privacy Policy in Korean is applied to Korea exclusively.