The company (hereinafter referred to as the "Company") establishes and discloses this privacy policy to protect the personal information of data subjects in accordance with Article 30 of the Personal Information Protection Act and to process related complaints promptly and smoothly.
Article 1 (Purpose of Processing Personal Information)
The company processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use changes, necessary measures, such as obtaining separate consent under Article 18 of the Personal Information Protection Act, will be taken.
1. Website membership registration and management: Processing personal information for the purpose of confirming membership intentions, authenticating, and identifying members for providing member services, maintaining, and managing member qualifications, confirming the consent of legal representatives for processing personal information of children under 14 years old, various notifications, complaint handling, etc.
2. Goods or service provision: Processing personal information for purposes such as delivering goods, providing services, sending contracts and invoices, providing content, offering personalized services, identity verification, age verification, payment and settlement of fees, debt collection, etc.
3. Complaint handling: Processing personal information for purposes such as verifying the identity of complainants, confirming complaint details, notifying them of contact for fact-finding investigations, and notifying them of processing results.
Article 2 (Period of Processing and Retention of Personal Information)
1. The company processes and retains personal information within the period specified by law or the period agreed upon when collecting personal information from data subjects.
2. The processing and retention periods for each type of personal information are as follows:
1. Website membership registration and management: Until the withdrawal of business/organization website membership. However, in the following cases, until the end of the relevant circumstances:
1) If an investigation, inspection, etc., is in progress due to a violation of related laws, until the end of the investigation or inspection.
2) If there is a remaining debt and credit relationship due to the use of the website, until the settlement of the relevant debt and credit relationship.
2. Goods or service provision: Until the completion of the supply of goods/services and the completion of payment/settlement. However, in the following cases, until the end of the relevant period:
1) Records related to advertising, contracts, and transactions under the "Act on Consumer Protection in Electronic Commerce, Etc.":
- Records related to advertising: 6 months
- Records of contracts or subscription withdrawal, payment of fees, supply of goods, etc.: 5 years
- Records of consumer complaints or dispute resolution: 3 years
2) Storage of telecommunication data according to Article 41 of the Telecommunications Secrets Protection Act:
- Subscriber's electronic communication date, start/end time, counterparty subscriber number, frequency of use, and location tracking data: 1 year
- Computer communication, internet log data, access location tracking data: 3 months
Article 3 (Provision of Personal Information to Third Parties)
1. The company processes personal information within the scope specified in Article 1 (Purpose of Processing Personal Information), and personal information is provided to third parties only with the consent of the data subject or in cases specified by special regulations of the Personal Information Protection Act under Article 17.
2. The company provides personal information to third parties as follows:
- Recipient of personal information: [e.g., (Company) OOO Card]
- Purpose of using the provided personal information: [e.g., Business cooperation, joint hosting of events, issuance of affiliated credit cards]
- Items of provided personal information: [e.g., Name, address, phone number, email address, card payment account information]
- Retention and use period of the recipient: [e.g., During the transaction period according to the credit card issuance contract]
Article 4 (Outsourcing of Personal Information Processing)
1. The company outsources the processing of personal information for smooth personal information business operations as follows:
- Outsourced entity: [e.g., OOO Website Developer]
- Content of the outsourced business: [e.g., System provision of shopping mall hosting service, mobile app service, marketing service, affiliated service provision, and notification, agency service for sending alert messages, friend messages, and text messages]
- Outsourced entity: [e.g., OOO PG (Payment Gateway)]
- Content of the outsourced business: [e.g., Payment and escrow business]
- Outsourced entity: [e.g., OOO Delivery]
- Content of the outsourced business: [e.g., Product delivery business]
- Outsourced entity: [e.g., OOO Customer Center]
- Content of the outsourced business: [e.g., Customer consultation business]
- Outsourced entity: [e.g., OOO]
- Content of the outsourced business: [e.g., Identity verification business]
2. When entering into an outsourcing agreement, the company complies with Article 25 of the Personal Information Protection Act, specifying matters such as the prohibition of processing personal information beyond the purpose of performance, technical and managerial protective measures, restrictions on re-outsourcing, supervision of the outsourced entity, and liability for damages, in documents such as contracts. The company is supervising whether the outsourced entity is processing personal information securely.
3. If the content of the outsourced business or the outsourced entity changes, the company will promptly disclose it through this privacy policy.
Article 5 (Rights of Users and Legal Representatives and How to Exercise Them)
1. Users can exercise the following privacy-related rights at any time:
1. Request to access personal information
2. Request correction if there are errors
3. Request deletion
4. Request suspension of processing
2. Rights under paragraph 1 can be exercised in writing, by phone, by email, by fax, etc., and the company will take prompt action in response.
3. If a user requests correction or deletion of personal information, the company will not use or provide the information until the correction or deletion is complete.
4. The rights under paragraph 1 can be exercised through a legal representative or a delegate. In this case, the user must submit a power of attorney according to the form specified in Attachment 11 of the Enforcement Rules of the Personal Information Protection Act.
5. Users must not violate the laws related to personal information protection and must not infringe on the personal information and privacy of the user or others.
Article 6 (Personal Information Processed)
The company processes the following personal information:
1. Website membership registration and management
Required items: [e.g., Name, date of birth, ID, password, address, phone number, gender, email address, IPIN (Internet Personal Identification Number)]
Optional items: [e.g., Marital status, areas of interest]
2. Goods or service provision
Required items: [e.g., Name, date of birth, ID, password, address, phone number, email address, IPIN, credit card number, bank account information for payment]
Optional items: [e.g., Areas of interest, past purchase history]
3. The following personal information may be automatically generated
and collected during the process of using internet services:
IP address, cookies, MAC address, service usage records, visit records, records of improper use, etc.
Article 7 (Destruction of Personal Information)
1. The company promptly destroys personal information when it becomes unnecessary due to the expiration of the personal information retention period or the achievement of the processing purpose.
2. If the retention period agreed upon with the data subject has expired or the processing purpose has been achieved, but it is necessary to continue storing the personal information due to other laws, the company moves the personal information to a separate database (DB) or stores it separately.
3. The procedure and method of personal information destruction are as follows:
1. Destruction procedure: The company selects personal information for destruction, obtains approval from the company's personal information protection manager, and destroys the personal information.
2. Destruction method: Personal information recorded and stored in electronic file format is destroyed to make it irreproducible using methods such as low-level formatting. Personal information recorded and stored on paper is shredded or incinerated.
Article 8 (Ensuring the Security of Personal Information)
The company takes the following measures to ensure the security of personal information:
1. Administrative measures: Establishment and implementation of internal control plans, regular employee education, etc.
2. Technical measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, etc.
3. Physical measures: Access control to places such as computer rooms and data storage rooms.
Article 9 (Installation, Operation, and Refusal of Automatic Collection Devices for Personal Information)
1. The company uses 'cookies' to provide individualized customized services to users by storing and retrieving usage information.
2. Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser and may be stored on the hard disk inside the user's computer.
a. Purpose of using cookies: Cookies are used to understand and provide optimized information to users about each service and website visited, usage patterns, popular search terms, and secure access status.
b. Installation, operation, and refusal of cookies: Users can refuse to store cookies by setting options in the Tools > Internet Options > Privacy menu of the web browser. However, refusing to store cookies may cause difficulties in using customized services.
Article 10 (Personal Information Protection Manager)
1. The company is responsible for overall personal information processing and has designated a personal information protection manager as follows:
▶ Personal Information Protection Manager
Name: OOO
Position: OOO
Contact: [Phone number], [Email], [Fax]
※ Connected to the personal information protection department.
▶ Personal Information Protection Department
Department: OOO Team
Person in charge: OOO
Contact: [Phone number], [Email], [Fax]
2. Users can contact the personal information protection manager or the department in charge for all inquiries, complaint handling, damage relief, etc., related to personal information processing during their use of the company's services.
Article 11 (Request for Access to Personal Information)
Data subjects can request access to personal information in accordance with Article 35 of the Personal Information Protection Act from the following department. The company will make efforts to ensure that data subject requests for access to personal information are processed promptly.
▶ Department for Receiving and Processing Requests for Access to Personal Information
Department: OOO
Person in charge: OOO
Contact: [Phone number], [Email], [Fax]
Article 12 (Method of Remedying Violations of Rights)
Data subjects can contact the following organizations for damage relief, counseling, etc., related to personal information infringements:
▶ Personal Information Infringement Report Center (Operated by the Korea Internet & Security Agency)
- Jurisdiction: Reporting of facts of personal information infringement, application for counseling
- Website: privacy.kisa.or.kr
- Phone: 118 (no area code)
- Address: 3rd floor, 9 Jinheung-gil, Naju-si, Jeollanam-do 301-2, Postal Code 58324, Personal Information Infringement Report Center
▶ Personal Information Dispute Mediation Committee
- Jurisdiction: Application for personal information dispute resolution, group dispute mediation (civil resolution)
- Website: www.kopico.go.kr
- Phone: 1833-6972 (no area code)
- Address: 4th floor, Government Seoul Building, 209 Sejong-daero, Jongno-gu, Seoul 03171, Personal Information Dispute Mediation Committee
▶ Cyber Crime Investigation Division of the Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)
▶ Cyber Safety Bureau of the National Police Agency: 182 (http://cyberbureau.police.go.kr)
Article 13 (Implementation and Amendment of the Privacy Policy)
This privacy policy is effective from [Year.Month.Day].