Home / Privacy Policy

Privacy Policy

Amorepacific ("the Company") respects the right to privacy of everyone using APmall service ("the Service") and endeavors at all times to protect your personal information.
  • The Company is committed to complying with the Privacy Act, Act on the Promotion of Information and Communications Network Utilization and Information Protection and all applicable privacy and personal information protection laws and corporate privacy policy to ensure that your personal information is safe with us. Moreover, the Company opens the privacy policy on the main page of the Service website for easy access. The privacy policy may be changed and updated as required by applicable laws and/or to reflect changes to information practices of the Company. The Company will notify any changes in the privacy policy through the Service website.

The privacy policy of the Company stipulates the followings:

  • Article 1) Consent to collection of personal information and method of collection
  • Article 2) Personal information to be collected, purpose of collection and use thereof
  • Article 3) Provision of personal information
  • Article 4) Delegation of personal information processing
  • Article 5) Period of retention and use of personal information, discarding procedure and method
  • Article 6) Department responsible for the protection of personal information and handling of relevant matters
  • Article 7) Automatic personal information collection tool
  • Article 8) Disclosure and correction of personal information
  • Article 9) Withdrawal of consent to collection, use and disclosure of personal information
  • Article 10) Managerial, technical and physical measures for security of personal information
  • Article 11) Right of users and their legal representative and how to exercise thereof
  • Article 12) Obligation of the Company to notify any changes to the privacy policy
  • Article 13) Governing law

Article 1 (Consent to the collection of personal information and method of collection)

  • ① Member shall refer to all registered users who have agreed to the provision of their personal information to the Company.
  • ② By giving your explicit consent, you hereby agree that your personal information will be collected by the Company either online or offline, in accordance with this privacy policy. Check the consent box to agree to collection of your personal information.

Article 2 (Personal information to be collected, purpose of collection and use thereof)

  • ① The Company collects the minimal personal information required to provide the Service when you register to be a member.
  • ② The Company shall not collect sensitive information that may be involved with the violation of human rights, including your thoughts, beliefs, membership of a labor union, political party or movement, your political view, health, sexual orientation, medical history, religion, racial origin and criminal record unless you give your explicit consent.
  • ③ The following information shall be collected by the Company for the purpose stated below:
  • Personal information to be collected Purpose of collection and use of personal information Period of retention and use of personal information
    Required Name, ID (e-mail), password To identify individuals for providing the Service and to prevent fraud and/or illegal use Until membership is withdrawn
    Purchase history To manage the history of using the Service and membership based on purchase made
    Optional Birthday, gender, skin type To provide a personalized service
    Address, phone number To provide information about the Service, the business policy of the Company and partner(s) and to send marketing communications about events
  • ④ In the case that the Company requires extra information in addition to personal information according to the Clause 3, the Company shall notify you of the purpose, information required, period of use, your right to reject and consequent disadvantages and seek consent from you.
  • ⑤ The Company shall not use personal information for the purpose stated herein and not disclose personal information to a third party unless otherwise required by applicable law and provided with your express consent.
  • ⑥ You have the right to reject to consent collection and use of personal information. However, if you reject to provide the optional information, you may not be able to use the Service to the fullest extent possible and perhaps not get all the benefits, though you can register as a member.

Article 3 (Provision of personal information)

  • ① The Company shall not use personal information for the purpose stated in the Article 2) and not disclose personal information to a third party unless otherwise required by applicable law and provided with your express consent. However, your personal information may be used without your explicit consent in the following cases:
    • 1. To calculate and settle the cost of providing the Service
    • 2. To provide for statistical data, academic research and market research in which personal information is processed to be not personally identifiable
    • 3. Required by applicable laws including the Privacy Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, Protection of Communications Secrets Act, Framework Act on National Taxes, Act on Real Name Financial Transactions and Confidentiality, Credit Information Use and Protection Act, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Act, Consumer Protection Act and Criminal Procedure Act
  • ② You have the right to reject to the consent of the provision of personal information for a third party and your refusal to this consent may restrict you from using services provided by the third party involved.
  • ③ The Company shall notify and seek your consent for disclosure of your personal information to a third party outside Korea.

Article 4 (Delegation of personal information processing)

  • ① The Company shall delegate the processing of your personal information to outside experts to improve the quality of the Service and streamline processing.
  • ② The Company shall manage and supervise the delegates to work in compliance with the delegation contract and prevent any loss and provision of personal information to a third party without your express consent, by the delegation.
  • ③ The list of the delegates and the scope of their delegated work are as in the following:
  • Delegate Scope of delegated work
    IBM Processing and management of personal information
    iShift Management and operation of e-commerce website
    EXIMBAY Payment
    Sherpa Logistics Shipment and handling related inquires
    MPC Partners Handling inquiries related to logistics
    Korea POST, DHL Shipment of products and/or gifts
    ZIN Corporation Maintenance of the delivery system
    humusOn Maintenance of bulk e-mail system
    CIZION Work involved with linking social networking websites to user account

Article 5 (Period of retention and use of personal information, discarding procedure and method)

  • ① The Company shall retain and use your personal information for the period of time required to fulfill the purpose of providing the Service. Your information registered shall not be printed by anyone other than persons responsible for the management of personal information and/or unless their approval is given.
  • ② The Company shall take prompt action upon your request to delete personal information or withdraw your membership, and your information will be completely deleted from disk in a way that the deleted information is unrestorable by any means to prevent retrieval and use afterward.
  • ③ In principle, your personal information will be deleted from the disk immediately after the purpose is fulfilled and information in print will be destroyed using a shredding machine according to the Company’s document destruction procedure, unless otherwise specified by applicable laws.
  • ④ Personal information shall be retained by the Company for a specific period of time as required by applicable laws including the Act on the Consumer Protection in Electronic Commerce, Etc, Privacy Act, Commercial Law and Framework Act on National Taxes after the purpose is achieved.
  • * Information about contract, withdrawal and the like: Five (5) years
  • * Information about payment, supply of goods and the like: Five (5) years
  • * Information about handling consumer complaint and/or disputes: Three (3) years

Article 6 (Department responsible for protection of personal information and handling relevant matters)

  • ① The Company appoints a department responsible to protect your personal information and handle related complaints. Moreover, the officer and manager responsible for management of personal information are appointed for prompt handling of queries and complaints involved with personal information.
  • [Privacy officer] [Privacy manager]
    Name: Team leader Oh Seungil Name: Team leader Oh Seungil
    Department: IT Team Department: IT Team
    E-mail: privacy@amorepacific.com E-mail: privacy@amorepacific.com
    - Address: Signature Tower, 100, Cheonggyecheon-ro, Jung-gu, Seoul, Korea
  • ② If you have concerns about your privacy infringement, contact the responsible department stated above and/or the following organizations:
    • - Privacy Infringement Reporting Center, Korea Internet & Security Agency (privacy.kisa.or.kr / 02-405-5118)
    • - Korea ePrivacy Mark Council (www.eprivacy.or.kr / 02-580-0533~4)
    • - Online Public Service Center, Supreme Public Prosecutor’s Office (www.spo.go.kr / minwon / 02-3480-2000)
    • - Cyber Terror Response Center, Korean National Police Agency (www.ctrc.go.kr / 1566-0112)

Article 7 (Automatic personal information collection tool)

  • ① The Company uses cookies (which automatically search, collects and save personal information, including the website browsing history). Cookie is a small text file sent from a server used for operation of the Service to your browser (for example, Netscape and Internet Explorer) and it’s saved in your hard disk. Once you access the Service, the Company reads cookies kept in your browser to obtain extra information from your computer and provide services without requiring you to provide further information. Cookie identifies your computer, but it is unable to personally identify you.
  • ② The Company uses cookies to, for example, analyze how often and when members and non-members access to the Service in order to provide required support and reorganize the Service, if need arises.
  • ③ The Company uses cookies to identify your participation in events, so the Company can provide a more personalized event and information that’s best suited for your interest.
  • ④ You have the option to install cookies. By enabling all options in your web browser, you can accept or reject cookies, in whole or in part.
    • 1. If you are using Internet Explorer 6.0, click [Tools] on the window, select [Internet Options], click [Privacy Tab] and then [Custom Level] to select Accept, Block or Prompt as appropriate.
    • 2. If you are using Internet Explorer 6.0, click [Tools] on the window, select [Internet Options], click [Settings] of Browsing History at [General Tab] and then [View Files].

Article 8 (Disclosure and correction of personal information)

  • ① You have the right to read and correct your personal information at any time by signing into the Service and clicking [My Account], or asking the delegates and/or the Privacy Department via written document, phone and e-mail to read, correct, remove and stop processing information. The Company will take prompt action upon your request.
  • ② The Company shall not use and disclose your information until your request for correction is fulfilled. In the event that incorrect information is used, the Company shall take corrective action in a prompt manner. However, you may be restricted from reading and correcting personal information in the following cases:
    • 1. If by doing so, it would significantly infringe on rights and interests of a third party
    • 2. If by doing so, it would cause trouble to the work of service provider involved
    • 3. If by doing so, it would violate laws

Article 9 (Withdrawal of consent to collection, use and disclosure of personal information)

  • ① You have the right to withdraw your consent to collection, use and disclosure of personal information. To withdraw your consent (membership), you can sign into the Service and withdraw your consent (membership) or send request to the delegates and/or the Privacy Department via written document, phone and e-mail. The Company shall promptly take action and destruct your personal information upon your request for withdrawal of consent.
  • ② The Company endeavors to ensure that withdrawal of consent (membership) is easier than the way personal information is collected.

Article 10 (Managerial, technical and physical measures for security of personal information)

  • ① The Company sets up a management plan for secure processing of personal information and provides training for employees.
  • ② The Company takes technical measures to prevent any loss, theft, leak, falsification and damage of your personal information in the course of processing information.
  • ③ Your personal information is managed using the intranet that’s not accessible and breakable from an external network and, moreover, extra security measures are taken, for example encryption of data transfer and file lock for tight security.
  • ④ The Company uses a firewall and an intrusion detection system installed in each server to protect the intranet from outside threats such as hacker and at the same time, enhances security using an access control system.
  • ⑤ The Company installs anti-virus program in all systems and devices used for processing of personal information to monitor and get rid of virus and malware to ensure that your personal information is safely protected.
  • ⑥ The Company allows only a minimum number of personnel to access your personal information, sets up a corporate policy for access and management of personal information as well as an access control and lock system and ensures compliance of all employees with the policy for the safety of your personal information.
  • ⑦ The Company makes sure that the transition of work involved with personal information is secure and clarifies where the responsibility lies for a privacy breach when employees join and/or leave the Company.
  • ⑧ You are obligated to check and manage your personal information provided to the Company to ensure that the information is kept accurate and up to date. You recognize that unauthorized use of personal information of others may subject you to civil/criminal liability and a penalty by the Company.
  • ⑨ The Company shall not be liable for any problem involved with leak of personal information such as ID, password and resident registration number resulting from your own fault and/or risks of the Internet. You have the obligation to manage and protect your personal information including ID and password. However, the Company shall immediately notify you of any loss, theft, leak, falsification and damage of your personal information resulted from human error by the responsible person and/or technical and managerial incident, and take appropriate measure and compensation.

Article 11 (Right of users and their legal representative and how to exercise thereof)

  • ① You and your legal representative may exercise the right to access, correct and change your personal information provided to the Company and withdraw membership.
  • ②The Company collects personal information of children under fourteen (14) years of age upon the consent of their legal representative (including parents) in order to protect their personal information.
  • ③ You and your legal representative may contact the Company for matters involved with personal information online and via phone and written document and exercise the right; the Company shall take prompt measures.

Article 12 (Obligation of the Company to notify any changes to the privacy policy)

  • The privacy policy is subject to change with changes to applicable laws, corporate policy and/or security technology. Any changes to this policy shall be notified through the main page of the Company’s website along with the reasons behind thereof at least seven (7) days before the effective date (thirty (30) days before, if changes are unfavorable to members).

Article 13 (Governing law)

  • Laws and regulations of Korea shall govern interpretation, effectiveness, enforcement of this privacy policy and resolution of any disputes rising in relation. If there is any inconsistency between different language versions of this privacy policy, the Korean version shall prevail.

  • <Supplementary Provision> October 31, 2017
  • Article 1 (Effective Date) This privacy policy shall come into effect on October 31, 2017