Privacy Policy

Privacy Policy

 

Company Name (hereinafter referred to as the “Company”) establishes and discloses the following personal information processing policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly handle related grievances.

Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than those stated below. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

  1. Membership registration and management on the website
    Personal information is processed for purposes such as confirming the intention to register as a member, identifying and authenticating members for membership services, maintaining and managing membership qualifications, conducting identity verification under the limited identity verification system, preventing fraudulent use of services, confirming consent from legal representatives when processing personal information of children under 14 years of age, sending various notices and notifications, and handling grievances.

  2. Provision of goods or services
    Personal information is processed for purposes such as delivering goods, providing services, sending contracts and invoices, providing content, offering personalized services, identity verification, age verification, payment and settlement of fees, and debt collection.

  3. Handling grievances
    Personal information is processed for purposes such as verifying the identity of complainants, confirming grievance details, contacting and notifying for fact-finding investigations, and notifying the results of processing.

Article 2 (Period of Processing and Retention of Personal Information)
① The Company processes and retains personal information within the period of retention and use stipulated by law or within the period agreed upon by the data subject at the time of collection.
② The processing and retention periods for each type of personal information are as follows:

  1. Membership registration and management on the website: Until the member withdraws from the business/organization website
    However, in the following cases, until the relevant cause ends:

    1. When an investigation or inquiry is in progress due to a violation of related laws: until the investigation or inquiry ends
    2. When there is a remaining credit/debt relationship arising from website use: until the credit/debt relationship is settled

  2. Provision of goods or services: Until completion of supply of goods/services and completion of payment/settlement
    However, in the following cases, until the relevant period ends:

    1. Records related to transactions such as display/advertising, contract details, and performance under the Act on the Consumer Protection in Electronic Commerce, etc.
      – Records of display/advertising: 6 months
      – Records of contracts, subscription withdrawal, payment, and supply of goods, etc.: 5 years
      – Records of consumer complaints or dispute resolution: 3 years
    2. Communication fact confirmation data under Article 41 of the Protection of Communications Secrets Act
      – Subscriber telecommunication date/time, start/end time, other party’s subscriber number, usage count, base station location tracking data: 1 year
      – Computer communication, Internet log records, access location tracking data: 3 months

Article 3 (Provision of Personal Information to Third Parties)
① The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only when the data subject’s consent is obtained or when there is a special provision in the law, in accordance with Articles 17 and 18 of the Personal Information Protection Act. Otherwise, the Company does not provide personal information to third parties.
② For the smooth provision of services, the Company may provide personal information to third parties within the minimum necessary scope after obtaining the data subject’s consent under Article 17(1)(1) of the Personal Information Protection Act.
– Recipient of personal information: <e.g., OOO Card Co., Ltd.>
– Purpose of use by the recipient: <e.g., joint events, business partnerships, issuance of affiliated credit cards>
– Items of personal information provided: <e.g., name, address, phone number, email address, card payment account information>
– Retention and use period by the recipient: <e.g., during the transaction period under the credit card issuance contract>

Article 4 (Entrustment of Personal Information Processing)
① The Company entrusts personal information processing tasks as follows to ensure smooth handling of personal information tasks:
– Entrustment details
– Entrustee (Processor): Imweb Co., Ltd.
– Details of entrusted tasks: Provision of shopping mall hosting system, mobile app services, marketing services and additional/affiliate services, notification talk, friend talk, SMS sending agency services, etc.
– Entrustee (Processor): OOO PG
– Details of entrusted tasks: Payment and escrow services
– Entrustee (Processor): OOO Delivery
– Details of entrusted tasks: Product delivery services
– Entrustee (Processor): OOO Customer Center
– Details of entrusted tasks: Customer consultation services
– Entrustee (Processor): OOO
– Details of entrusted tasks: Identity verification services
– Sub-entrustees
– Sub-entrustee (Processor): Imweb Co., Ltd. → Infobip (Ltd.)
– Details of entrusted tasks: SMS sending, KakaoTalk notification talk (informational messages) sending
– Sub-entrustee (Processor): Imweb Co., Ltd. → LunaSoft Co., Ltd.
– Details of entrusted tasks: SMS sending, KakaoTalk notification talk (informational messages) and friend talk sending

② When entering into an entrustment contract, the Company specifies in the contract or other documents matters such as prohibition of processing personal information for purposes other than the entrusted tasks, technical and managerial protection measures, restrictions on sub-entrustment, supervision of the processor, and liability for damages, in accordance with Article 25 of the Personal Information Protection Act, and supervises whether the processor processes personal information safely.
③ If the content of entrustment tasks or the processor changes, the Company will promptly disclose such changes through this privacy policy.

Article 5 (Rights of Data Subjects and Legal Representatives and How to Exercise Them)
① Data subjects may exercise the following personal information protection rights against the Company at any time:

  1. Request for access to personal information
  2. Request for correction of errors
  3. Request for deletion
  4. Request for suspension of processing

② The rights under Paragraph 1 may be exercised through written request, telephone, email, facsimile (fax), etc. The Company will take action without delay.
③ When a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
④ The rights under Paragraph 1 may be exercised through a legal representative or an agent authorized by the data subject. In such cases, a power of attorney in the form of Annex Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
⑤ Data subjects must not infringe upon the personal information or privacy of themselves or others processed by the Company in violation of the Personal Information Protection Act or related laws.

Article 6 (Items of Personal Information Processed)
The Company processes the following personal information items:

  1. Membership registration and management on the website
    Required items: <e.g., name, date of birth, ID, password, address, phone number, gender, email address, i-PIN number>
    Optional items: <e.g., marital status, areas of interest>

  2. Provision of goods or services
    Required items: <e.g., name, date of birth, ID, password, address, phone number, email address, i-PIN number, credit card number, bank account information, other payment information>
    Optional items: <e.g., areas of interest, past purchase history>

Article 7 (Destruction of Personal Information)
① When the retention period of personal information expires or the purpose of processing is achieved, the Company destroys the personal information without delay.
② If personal information must be retained for a longer period under other laws even after the agreed retention period has expired or the processing purpose has been achieved, the Company will transfer such personal information to a separate database (DB) or change the storage location to preserve it.
③ The procedures and methods for destroying personal information are as follows:

  1. Destruction procedure
    The Company selects personal information for which destruction is required and destroys it after obtaining approval from the personal information protection officer.
  2. Destruction method
    Electronic files are destroyed so that they cannot be reproduced, and paper documents are shredded or incinerated.

Article 8 (Measures to Ensure the Safety of Personal Information)
The Company implements the following measures to ensure the safety of personal information:

  1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
  2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
  3. Physical measures: Access control to computer rooms and data storage rooms

Article 9 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
① The Company uses “cookies” to store and retrieve user information from time to time to provide personalized services to users.
② Cookies are small pieces of information sent by the web server (http) operating the website to the user’s computer browser and are stored on the user’s PC or mobile device.
③ Data subjects can set whether to allow or block cookies through their web browser options. However, rejecting cookies may cause difficulties in using personalized services.

▶ Cookie allow/block in web browsers
– Chrome: Browser Settings > Privacy and security > Clear browsing data
– Edge: Browser Settings > Cookies and site permissions > Manage and delete cookies and site data

▶ Cookie allow/block in mobile browsers
– Chrome: Mobile browser Settings > Privacy and security > Clear browsing data
– Safari: Device Settings > Safari > Advanced > Block all cookies
– Samsung Internet: Mobile browser Settings > Internet usage history > Delete internet usage history

④ During service use, the Company collects and uses information on visited services and websites, usage patterns, popular search terms, secure connection status, etc., to provide users with optimized information.

Article 10 (Personal Information Protection Officer)
① The Company designates a personal information protection officer to oversee personal information processing tasks and to handle complaints and remedies related to personal information processing as follows:

▶ Personal Information Protection Officer
Name: OOO
Position: OOO
Contact: <Phone number>, <Email>, <Fax number>
※ Connects to the personal information protection department

▶ Personal Information Protection Department
Department name: OOO Team
Contact: <Phone number>, <Email>, <Fax number>

② Data subjects may contact the personal information protection officer or the responsible department regarding all inquiries, complaints, and remedy requests related to personal information protection arising from the use of the Company’s services (or business). The Company will respond and handle such inquiries without delay.

Article 11 (Request for Access to Personal Information)
Data subjects may request access to personal information under Article 35 of the Personal Information Protection Act to the following department. The Company will strive to process such requests promptly.

▶ Department for Receiving and Processing Requests for Access to Personal Information
Department name: OOO
Contact: <Phone number>, <Email>, <Fax number>

Article 12 (Methods for Remedy of Rights Infringement)
Data subjects may contact the following institutions for remedy of personal information infringement, consultation, etc.:

  1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  2. Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)
  4. National Police Agency: 182 (ecrm.police.go.kr/minwon/main)

Article 13 (Implementation and Amendment of the Privacy Policy)
This privacy policy takes effect from 20XX. X. X.