Personal Information Processing Policy
The company (hereinafter referred to as 'the Company') establishes and discloses this personal information processing policy to protect the personal information of information subjects in accordance with Article 30 of the Personal Information Protection Act and to quickly and smoothly address related grievances.
Article 1 (Purpose of Personal Information Processing) The Company processes personal information for the following purposes. The processed personal information will not be used for purposes other than those stated below, and if the purpose of use changes, necessary measures, including obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act, will be taken.
Membership Registration and Management
We process personal information for the purposes of verifying membership intention, providing membership services, identifying and authenticating members, maintaining and managing membership status, verifying identity under the limited identity verification system, preventing fraudulent use of services, checking the consent of legal representatives for processing the personal information of children under 14 years old, and various notifications and grievance handling.
Provision of Goods or Services
We process personal information for the purposes of product delivery, service provision, sending contracts and invoices, providing content, offering customized services, verifying identity and age, processing payments and settlements, and debt collection.
Grievance Handling
We process personal information for the purposes of confirming the identity of the complainant, verifying the complaint, contacting and notifying for fact investigation, and informing about the results of handling.
Article 2 (Personal Information Processing and Retention Period)
The Company processes and retains personal information within the period of retention and use according to laws or the period agreed upon at the time of collecting personal information from the information subject.
The retention and use periods for each type of personal information are as follows:
Membership Registration and Management: Until the business/organization member withdraws. However, in cases that fall under the following reasons, until the end of those reasons:
If an investigation or inquiry is ongoing due to a violation of related laws, until the investigation or inquiry is concluded.
If there are outstanding claims and obligations related to the use of the website, until those claims or obligations are settled.
Provision of Goods or Services: Until the provision of goods/services and payment/settlement are completed. However, in cases that fall under the following reasons, until the end of that period:
Records related to transactions, advertisements, and contractual content as per the "Act on Consumer Protection in Electronic Commerce":
Records related to advertisements: 6 months
Records of contracts, withdrawals, payments, and supply of goods: 5 years
Records related to consumer complaints or dispute resolution: 3 years
Retention of communication fact confirmation materials as per Article 41 of the "Act on Protection of Communications Secrets":
Subscriber telecommunications date and time, start/end time, recipient subscriber number, usage frequency, and location tracking data of the sending base station: 1 year
Computer communication, internet log records, and access tracking data: 3 months
Article 3 (Provision of Personal Information to Third Parties)
The Company processes the information subject's personal information only within the scope specified in Article 1 (Purpose of Personal Information Processing) and provides personal information to third parties only in cases of consent from the information subject, specific regulations by law, or under Article 17 of the Personal Information Protection Act.
The Company provides personal information to third parties as follows:
Recipient of personal information: [Example: ABC Card Co., Ltd.]
Purpose of use of personal information by the recipient: [Example: Jointly hosting events and issuing partner credit cards]
Personal information items provided: [Example: Name, address, phone number, email address, card payment account information]
Retention and use period of the recipient: [Example: For the duration of the transaction under the credit card issuance contract]
Article 4 (Outsourcing of Personal Information Processing)
The Company outsources the following personal information processing tasks to facilitate smooth processing:
Outsourcing recipient: ABC Web
Content of the outsourced tasks: Providing systems for shopping mall hosting services, mobile app services, marketing services, supplementary and affiliate services, and sending notification messages and text messages.
Outsourcing recipient: XYZ PG
Content of the outsourced tasks: Payment and escrow tasks.
Outsourcing recipient: XYZ Delivery
Content of the outsourced tasks: Product delivery tasks.
Outsourcing recipient: XYZ Customer Service
Content of the outsourced tasks: Customer consultation tasks.
Outsourcing recipient: XYZ
Content of the outsourced tasks: Identity verification tasks.
The Company specifies matters concerning the prohibition of processing personal information for purposes other than the outsourced tasks, technical and managerial protection measures, restrictions on re-outsourcing, management and supervision of the recipient, and liability for damages in documents such as contracts in accordance with Article 25 of the Personal Information Protection Act when entering into outsourcing contracts, and supervises whether the recipient safely processes personal information.
If the content of the outsourced tasks or the recipient changes, we will promptly disclose this through this personal information processing policy.
Article 5 (Rights of Users and Legal Representatives and Method of Exercise)
Information subjects can exercise the following rights related to personal information protection against the Company at any time:
Request to view personal information
Request for correction in case of errors
Request for deletion
Request to stop processing
The exercise of rights under Paragraph 1 can be done through written requests, phone calls, emails, faxes, etc., and the Company will take action without delay.
If an information subject requests correction or deletion of errors in their personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
The exercise of rights under Paragraph 1 can be done through a representative, such as a legal representative or a person authorized by the information subject. In this case, a letter of authorization according to the format provided in the Enforcement Regulations of the Personal Information Protection Act must be submitted.
Information subjects must not infringe upon the personal information and privacy of themselves or others that the Company processes by violating the Personal Information Protection Act or other related laws.
Article 6 (Items of Personal Information Processed) The Company processes the following personal information items.
Membership Registration and Management
Required items: [Example: Name, date of birth, ID, password, address, phone number, gender, email address, I-PIN number]
Optional items: [Example: Marital status, areas of interest]
Provision of Goods or Services
Required items: [Example: Name, date of birth, ID, password, address, phone number, email address, I-PIN number, credit card number, bank account information, etc.]
Optional items: [Areas of interest, past purchase history]
During the use of internet services, the following personal information items may be automatically generated and collected:
IP address, cookies, MAC address, service usage records, visit records, and records of bad usage.
Article 7 (Destruction of Personal Information)
The Company will destroy personal information without delay when it is no longer necessary, such as after the retention period has expired or the purpose of processing has been achieved.
If the retention period agreed upon by the information subject has expired, or the purpose of processing has been achieved, but it is necessary to continue retaining personal information under other laws, the relevant personal information will be moved to a separate database (DB) or stored in a different location.
The procedure and method for destroying personal information are as follows:
Destruction Procedure
The Company selects personal information for which the destruction reason has occurred and destroys it after obtaining approval from the personal information protection officer.
Destruction Method
The Company destroys personal information recorded and stored in electronic file formats using methods that render the records irretrievable, such as Low Level Format, and shreds or incinerates personal information recorded and stored on paper documents.
Article 8 (Measures to Ensure the Safety of Personal Information) The Company takes the following measures to ensure the safety of personal information:
Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, and installation of security programs.
Physical Measures: Access control for computer rooms, data storage rooms, etc.
Article 9 (Installation and Operation of Automatic Personal Information Collection Devices)
The Company uses "cookies" to store and retrieve user information to provide personalized services.
Cookies are small pieces of information sent by the server (HTTP) operating the website to the user's computer browser and may be stored on the user's hard disk.
Purpose of Using Cookies: Used to identify the visiting and usage patterns of each service and website, popular search terms, whether secure access is used, etc., to provide optimized information to users.
Installation, Operation, and Refusal of Cookies: You can refuse to store cookies through the settings of the options menu in the privacy settings of the Internet Options in the tools section at the top of the web browser.
If you refuse to store cookies, you may have difficulties in using customized services.
Article 10 (Personal Information Protection Officer)
The Company designates a personal information protection officer as follows to oversee all responsibilities related to personal information processing and to address grievances and provide remedies for information subjects:
Personal Information Protection Officer
Name: OOO
Position: OOO
Contact:
, ,
Connected to the Personal Information Protection Department.
Personal Information Protection Department
Department Name: OOO Team
Person in Charge: OOO
Contact: , ,
Information subjects can contact the personal information protection officer and the department for any inquiries, complaints, or remedies related to personal information protection that arise while using the Company's services (or business). The Company will respond to and address the inquiries of the information subjects without delay.
Article 11 (Request for Access to Personal Information) Information subjects can request access to their personal information in accordance with Article 35 of the Personal Information Protection Act at the department below. The Company will strive to ensure that requests for access to personal information from information subjects are processed promptly.
Department for Receiving and Processing Access Requests
Department Name: OOO
Person in Charge: OOO
Contact: , ,
Article 12 (Remedies for Rights Infringement) Information subjects can inquire about remedies and counseling regarding personal information infringements at the following institutions:
Personal Information Infringement Reporting Center (operated by the Korea Internet & Security Agency)
Responsible Tasks: Reporting personal information infringements, requesting counseling
Website: privacy.kisa.or.kr
Phone: (No area code) 118
Address: 3rd Floor, 9 Jinheung-gil, Naju, Jeonnam, 58324 (Bikgaram-dong 301-2)
Personal Information Dispute Mediation Committee
Responsible Tasks: Application for dispute mediation regarding personal information, collective dispute mediation (civil resolution)
Website: www.kopico.go.kr
Phone: (No area code) 1833-6972
Address: 4th Floor, Government Seoul Building, 209 Sejong-daero, Jongno-gu, Seoul, 03171
Cyber Crime Investigation Unit, Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)
Cyber Safety Bureau, Korean National Police Agency: 182 (http://cyberbureau.police.go.kr)
Article 13 (Enforcement and Changes to Personal Information Processing Policy) This personal information processing policy is effective from 20XX. X. X.
