- Article 1) Consent to collection of personal information and method of collection
- Article 2) Personal information to be collected, purpose of collection and use thereof
- Article 3) Provision of personal information
- Article 4) Delegation of personal information processing
- Article 5) Period of retention and use of personal information, discarding procedure and method
- Article 6) Department responsible for the protection of personal information and handling of relevant matters
- Article 7) Automatic personal information collection tool
- Article 8) Disclosure and correction of personal information
- Article 9) Withdrawal of consent to collection, use and disclosure of personal information
- Article 10) Managerial, technical and physical measures for security of personal information
- Article 11) Right of users and their legal representative and how to exercise thereof
- Article 13) Governing law
Article 1 (Consent to the collection of personal information and method of collection)
- ① Member shall refer to all registered users who have agreed to the provision of their personal information to the Company.
Article 2 (Personal information to be collected, purpose of collection and use thereof)
- ① The Company collects the minimal personal information required to provide the Service when you register to be a member.
- ② The Company shall not collect sensitive information that may be involved with the violation of human rights, including your thoughts, beliefs, membership of a labor union, political party or movement, your political view, health, sexual orientation, medical history, religion, racial origin and criminal record unless you give your explicit consent.
- ③ The following information shall be collected by the Company for the purpose stated below:
Personal information to be collected Purpose of collection and use of personal information Period of retention and use of personal information Required Name, ID (e-mail), password To identify individuals for providing the Service and to prevent fraud and/or illegal use Until membership is withdrawn Purchase history To manage the history of using the Service and membership based on purchase made Optional Birthday, gender, skin type To provide a personalized service Address, phone number To provide information about the Service, the business policy of the Company and partner(s) and to send marketing communications about events
- ④ In the case that the Company requires extra information in addition to personal information according to the Clause 3, the Company shall notify you of the purpose, information required, period of use, your right to reject and consequent disadvantages and seek consent from you.
- ⑤ The Company shall not use personal information for the purpose stated herein and not disclose personal information to a third party unless otherwise required by applicable law and provided with your express consent.
- ⑥ You have the right to reject to consent collection and use of personal information. However, if you reject to provide the optional information, you may not be able to use the Service to the fullest extent possible and perhaps not get all the benefits, though you can register as a member.
Article 3 (Provision of personal information)
- ① The Company shall not use personal information for the purpose stated in the Article 2) and not disclose personal information to a third party unless otherwise required by applicable law and provided with your express consent. However, your personal information may be used without your explicit consent in the following cases:
- 1. To calculate and settle the cost of providing the Service
- 2. To provide for statistical data, academic research and market research in which personal information is processed to be not personally identifiable
- 3. Required by applicable laws including the Privacy Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, Protection of Communications Secrets Act, Framework Act on National Taxes, Act on Real Name Financial Transactions and Confidentiality, Credit Information Use and Protection Act, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Act, Consumer Protection Act and Criminal Procedure Act
- ② You have the right to reject to the consent of the provision of personal information for a third party and your refusal to this consent may restrict you from using services provided by the third party involved.
- ③ The Company shall notify and seek your consent for disclosure of your personal information to a third party outside Korea.
Article 4 (Delegation of personal information processing)
- ① The Company shall delegate the processing of your personal information to outside experts to improve the quality of the Service and streamline processing.
- ② The Company shall manage and supervise the delegates to work in compliance with the delegation contract and prevent any loss and provision of personal information to a third party without your express consent, by the delegation.
- ③ The list of the delegates and the scope of their delegated work are as in the following:
Delegate Scope of delegated work IBM Processing and management of personal information iShift Management and operation of e-commerce website EXIMBAY Payment Sherpa Logistics Shipment and handling related inquires MPC Partners Handling inquiries related to logistics Korea POST, DHL Shipment of products and/or gifts ZIN Corporation Maintenance of the delivery system humusOn Maintenance of bulk e-mail system CIZION Work involved with linking social networking websites to user account
Article 5 (Period of retention and use of personal information, discarding procedure and method)
- ① The Company shall retain and use your personal information for the period of time required to fulfill the purpose of providing the Service. Your information registered shall not be printed by anyone other than persons responsible for the management of personal information and/or unless their approval is given.
- ② The Company shall take prompt action upon your request to delete personal information or withdraw your membership, and your information will be completely deleted from disk in a way that the deleted information is unrestorable by any means to prevent retrieval and use afterward.
- ③ In principle, your personal information will be deleted from the disk immediately after the purpose is fulfilled and information in print will be destroyed using a shredding machine according to the Company’s document destruction procedure, unless otherwise specified by applicable laws.
- ④ Personal information shall be retained by the Company for a specific period of time as required by applicable laws including the Act on the Consumer Protection in Electronic Commerce, Etc, Privacy Act, Commercial Law and Framework Act on National Taxes after the purpose is achieved.
- * Information about contract, withdrawal and the like: Five (5) years
- * Information about payment, supply of goods and the like: Five (5) years
- * Information about handling consumer complaint and/or disputes: Three (3) years
Article 6 (Department responsible for protection of personal information and handling relevant matters)
- ① The Company appoints a department responsible to protect your personal information and handle related complaints. Moreover, the officer and manager responsible for management of personal information are appointed for prompt handling of queries and complaints involved with personal information.
[Privacy officer] [Privacy manager] Name: Team leader Oh Seungil Name: Team leader Oh Seungil Department: IT Team Department: IT Team E-mail: firstname.lastname@example.org E-mail: email@example.com - Address: Signature Tower, 100, Cheonggyecheon-ro, Jung-gu, Seoul, Korea
- ② If you have concerns about your privacy infringement, contact the responsible department stated above and/or the following organizations:
- - Privacy Infringement Reporting Center, Korea Internet & Security Agency (privacy.kisa.or.kr / 02-405-5118)
- - Korea ePrivacy Mark Council (www.eprivacy.or.kr / 02-580-0533~4)
- - Online Public Service Center, Supreme Public Prosecutor’s Office (www.spo.go.kr / minwon / 02-3480-2000)
- - Cyber Terror Response Center, Korean National Police Agency (www.ctrc.go.kr / 1566-0112)
Article 7 (Automatic personal information collection tool)
- ④ You have the option to install cookies. By enabling all options in your web browser, you can accept or reject cookies, in whole or in part.
- 1. If you are using Internet Explorer 6.0, click [Tools] on the window, select [Internet Options], click [Privacy Tab] and then [Custom Level] to select Accept, Block or Prompt as appropriate.
- 2. If you are using Internet Explorer 6.0, click [Tools] on the window, select [Internet Options], click [Settings] of Browsing History at [General Tab] and then [View Files].
Article 8 (Disclosure and correction of personal information)
- ① You have the right to read and correct your personal information at any time by signing into the Service and clicking [My Account], or asking the delegates and/or the Privacy Department via written document, phone and e-mail to read, correct, remove and stop processing information. The Company will take prompt action upon your request.
- ② The Company shall not use and disclose your information until your request for correction is fulfilled. In the event that incorrect information is used, the Company shall take corrective action in a prompt manner. However, you may be restricted from reading and correcting personal information in the following cases:
- 1. If by doing so, it would significantly infringe on rights and interests of a third party
- 2. If by doing so, it would cause trouble to the work of service provider involved
- 3. If by doing so, it would violate laws
Article 9 (Withdrawal of consent to collection, use and disclosure of personal information)
- ① You have the right to withdraw your consent to collection, use and disclosure of personal information. To withdraw your consent (membership), you can sign into the Service and withdraw your consent (membership) or send request to the delegates and/or the Privacy Department via written document, phone and e-mail. The Company shall promptly take action and destruct your personal information upon your request for withdrawal of consent.
- ② The Company endeavors to ensure that withdrawal of consent (membership) is easier than the way personal information is collected.
Article 10 (Managerial, technical and physical measures for security of personal information)
- ① The Company sets up a management plan for secure processing of personal information and provides training for employees.
- ② The Company takes technical measures to prevent any loss, theft, leak, falsification and damage of your personal information in the course of processing information.
- ③ Your personal information is managed using the intranet that’s not accessible and breakable from an external network and, moreover, extra security measures are taken, for example encryption of data transfer and file lock for tight security.
- ④ The Company uses a firewall and an intrusion detection system installed in each server to protect the intranet from outside threats such as hacker and at the same time, enhances security using an access control system.
- ⑤ The Company installs anti-virus program in all systems and devices used for processing of personal information to monitor and get rid of virus and malware to ensure that your personal information is safely protected.
- ⑥ The Company allows only a minimum number of personnel to access your personal information, sets up a corporate policy for access and management of personal information as well as an access control and lock system and ensures compliance of all employees with the policy for the safety of your personal information.
- ⑦ The Company makes sure that the transition of work involved with personal information is secure and clarifies where the responsibility lies for a privacy breach when employees join and/or leave the Company.
- ⑧ You are obligated to check and manage your personal information provided to the Company to ensure that the information is kept accurate and up to date. You recognize that unauthorized use of personal information of others may subject you to civil/criminal liability and a penalty by the Company.
- ⑨ The Company shall not be liable for any problem involved with leak of personal information such as ID, password and resident registration number resulting from your own fault and/or risks of the Internet. You have the obligation to manage and protect your personal information including ID and password. However, the Company shall immediately notify you of any loss, theft, leak, falsification and damage of your personal information resulted from human error by the responsible person and/or technical and managerial incident, and take appropriate measure and compensation.
Article 11 (Right of users and their legal representative and how to exercise thereof)
- ① You and your legal representative may exercise the right to access, correct and change your personal information provided to the Company and withdraw membership.
- ②The Company collects personal information of children under fourteen (14) years of age upon the consent of their legal representative (including parents) in order to protect their personal information.
- ③ You and your legal representative may contact the Company for matters involved with personal information online and via phone and written document and exercise the right; the Company shall take prompt measures.
Article 13 (Governing law)
- <Supplementary Provision> October 31, 2017