** This text is only provided as a guideline and must be modified to reflect your store’s operational policies. Ensure that the content is correct before applying it to your store. **

[Insert Name of Company] Privacy Policy

[Insert Name of Company] (hereinafter as the “Company”) establishes and discloses the following Privacy Policy to protect the personal information of its users in accordance with Article 30 of the Personal Information Protect Act and handle related issues in a quick and seamless manner.

This Privacy Policy contains the following.

1. Purpose of Processing Personal Information

2. Processing and Retention Period of Personal Information

3. Collection of Personal Information and Collection Methods

4. Processing Personal Information of Children Under the Age of 14

5. Provision of Personal Information to Third Parties

6. Consignment of Personal Information Processing

7. Destruction of Personal Information and Destruction Methods

8. Rights and Obligations of Users and Legal Representatives and Exercising Those Rights

9. Measures Taken to Protect Personal Information

10. Installation, Operation, and Refusal of Automatic Personal Information Collection Device

11. Chief Privacy Officer

12. Remedies for Infringements of Rights

13. Amendments to this Privacy Policy

1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes. Personal information processed will not be used for any purpose other than the following, and if the purpose of use is changed, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

(1) Home page customer sign-ups and management

Personal information is processed for the purpose of confirming the user’s intention to sign up, identifying and authenticating the person in accordance with provision of services, maintaining and managing sign-ups, preventing unauthorized use of services, confirming the legal representative's consent when processing personal information of children under the age of 14, sending notices and notifications, and handling issues.

(2) Provision of goods or services

Personal information is processed for the purpose of providing content, making purchases and payments, sending goods or invoices, providing services, and providing customized services.

(3) Use in marketing and advertising

Personal information is processed for the purpose of providing event and advertising information, providing participation opportunities, identifying access frequency and use of services statistics.

2. Processing and Retention Period of Personal Information

(1) The Company processes and retains personal information within the agreed retention and use period when collecting personal information from the user. If the purpose of processing personal information is achieved or if the user requests to terminate the service agreement, the Company will destroy the personal information without delay. Processing and retention period of each personal information is as follows.

① Home page customer sign-ups and management: Until account deletion

② Provision of goods or services: Upon delivery of goods or services and settlement of payment

(2) However, if it is necessary to retain the personal information in accordance with provisions of related laws and regulations, the company will keep the user's information for a certain period of time as set by the following related laws and regulations.

① Records relating to contracts or withdrawal of subscription, etc.

- Reason for Retention: Act on the Consumer Protection in Electronic Commerce

- Period of Retention: 5 years

② Records relating to payments and supply of goods, etc.

- Reason for Retention: Act on the Consumer Protection in Electronic Commerce

- Period of Retention: 5 years

③ Records relating to consumer complaints or handling of disputes

- Reason for Retention: Act on the Consumer Protection in Electronic Commerce

- Period of Retention: 3 years

④ Records on displays and advertising

- Reason for Retention: Act on the Consumer Protection in Electronic Commerce

- Period of Retention: 6 months

⑤ Records of visits to services

- Reason for Retention: Protection of Communications Secrets Act

- Period of Retention: 3 months

3. Collection of Personal Information and Collection Methods

(1) Collection of Personal Information

① The Company collects the following personal information for customer sign-ups consultations, service applications, etc.

- For regular customer sign-up

Required: ID, password, name, email, mobile, date of birth, legal Representative (if under 14)

Optional: Gender

- For product orders

Required: Order information (name, email, mobile), shipping information (name, address, mobile), guest order password (if ordering as a guest)

Optional: Phone

- For Kakao Login

Required: Name

- For Naver Login

Required: ID, name, email

Optional: Nickname, date of birth

② The following information may be generated and collected during the course of service use or business processing.

- Service usage records, access logs, cookies, access IP information, payment records, suspension records, blocklist records

(2) Collection Methods

- Home page, application forms, boards, emails, events, delivery requests, phone, fax, provision from affiliates, collection through generation information tool

4. Processing Personal Information of Children Under the Age of 14

(1) When collecting personal information of children under the age of 14, the Company shall obtain consent from their legal representative and collect only essential personal information required for service.

- Required: [Personal information collected through the legal representative consent form]

(2) When collecting personal information of children under the age of 14, the Company may require the child to provide essential information, such as the name and contact information of their legal representative, and verify that the legal representative has given consent in one of the following ways.

- Have the legal representative indicate their consent on the website where the agreement is posted, and notify the legal representative by mobile phone SMS that indication of consent has been received.

- Have the legal representative indicate their consent on the website where the agreement is posted, and receive the legal representative’s credit or debit card information.

- Have the legal representative indicate their consent on the website where the agreement is posted, and verify the legal representative’s identity through mobile phone verification.

- Provide the legal representative with the agreement in writing, either directly in person, or by mail or fax, and have the legal representative sign the agreement and submit.

- Send the agreement by email and have the legal representative indicate their consent in the email and send it back.

- Call the legal representative by phone to inform them of the agreement and obtain consent, or provide them with a way to view the agreement, such as a website, and call them again by phone to obtain consent.

- Other methods of informing the legal representative of the agreement and confirm indication of consent through a manner consistent with the above.

5. Provision of Personal Information to Third Parties

(1) The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent from the user or special provisions of the law.

(2) The Company provides the following personal information to third parties.

(3) The Company may provide personal information to related organizations without the consent of the user in event of an emergency, such as a disaster, infectious disease, event or accident that poses imminent danger to life or body, or imminent loss of property, in accordance with the “Guidelines for Processing and Protecting Personal Information in Emergency Situations” as announced by the relevant government departments.

For more information, click here.

6. Consignment of Personal Information Processing

(1) The Company entrusts the following entities with the processing of personal information for seamless processing of personal information.

(2) In accordance with Article 26 of the Personal Information Protection Act, when entering into a consignment contract, the Company specifies in its contract and other documents the prohibition of processing personal information other than for the consigned tasks, technical and administrative measures to protect information, restrictions on re-consignment, management and supervision of the consignee, responsibilities such as compensation for damages, etc., and to supervise the secure processing of the personal information by the consignee.

(3) If the contents of the consigned tasks or the consignees change, the Company will disclose this through this Privacy Policy without delay.

7. Destruction of Personal Information and Destruction Methods

The Company shall destroy personal information without delay when it becomes unnecessary to retain the personal information, such as the end of the personal information retention period or the purpose of processing has been achieved.

(1) Destruction of Personal Information

① If the personal information retention period agreed to by the user has elapsed or the purpose has been achieved, but must be retained in accordance with laws and regulations, the personal information shall be moved to a separate database or retained in a different storage location.

② Personal information moved to a separate database will not be used for any purpose except as required by law.

(2) Destruction Methods

① Personal information saved as electronic files uses technical methods that destroys the data permanently.

② Personal information printed on paper is destroyed by shredding or incineration.

8. Rights and Obligations of Users and Legal Representatives and Exercising Those Rights

(1) Users and their legal representatives may exercise their rights, such as requesting to view, correct, delete, or suspend personal information processing at any time.

(2) Users and their legal representatives may view or modify their personal information by clicking “Edit information” (or “Edit customer information”), and cancel their sign-up (withdrawn consent) by clicking “Delete account” and proceeding with the verification process. Users may view, correct, or delete their account directly.

(3) Alternatively, users and their legal representatives may contact the Company’s Chief Privacy Officer in writing, phone, or email, and the Company will take action without delay.

(4) Users and their legal representatives may exercise their rights as specified under paragraph 1 through a representative, such as their legal representative or a delegated person. In such case, the user or legal representative must submit a power of attorney in the form of Appendix 11 “Notification on Personal Information Process Methods (2020-7)”.

(5) Rights of users and their legal representatives may be restricted in accordance with Article 35, Paragraph 5, and Article 37, Paragraph 2 of the Personal Information Protection Act, and requests to correct and delete personal information may be rejected if the personal information specified is subject to collection by other laws.

(6) The Company shall verify whether the person requesting to view, correct, delete, or suspend personal information processing in accordance with the user and their legal representative is indeed the user or their legitimate representative.

9. Measures Taken to Protect Personal Information

The Company takes the following measures to protect personal information.

(1) Administrative measures: Establishment and implementation of internal management plans, operation of dedicated organizations, regular employee training

(2) Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and update of security programs

(3) Physical measures: Access control to computer rooms and data storage rooms

10. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

The Company uses “cookies” to save and constantly retrieve usage information to provide users with individualized services. Cookies are small pieces of information that are sent to the user’s computer browser by the server and used to operate the website. Cookies are stored on the user’s computer hard disk.

(1) Purpose of Using Cookies

Cookies are used to provide users with optimized information by identifying visits and usage patterns, popular search terms, secure access, etc. for each service and website visited.

(2) Installation, Operation, and Refusal of Cookies

Customers can refuse to save cookies by configuring options in [Tools>Internet options>Privacy] in their web browser's settings.

However, refusal to save cookies may cause difficulties when using customized services.

11. Chief Privacy Officer

(1) The Company has designated the following person as the Chief Privacy Officer to take overall responsibility for the processing of personal information and to handle user complaints and damage relief related to the processing of personal information.

•Chief Privacy Officer

Name:

Department:

Phone:

Email:

•Privacy Manager

Name:

Phone:

Email:

(2) Users may contact the Chief Privacy Officer or Privacy Manager for all privacy-related inquiries, complaints, and damage relief that have occurred while using the Company’s services. The Company will respond to and process inquiries from users without delay.

12. Remedies for Infringements of Rights

(1) To obtain relief from personal information infringement, you may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency Personal Information Infringement Report Center. You can contact the following organizations to report or receive consultation regarding personal information infringements.

Personal Information Dispute Mediation Committee: 1833-6972 (privacy.go.kr)

Personal Information Infringement Report Center: 118 (without area code) (privacy.kisa.or.kr)

Supreme Prosecutors’ Office: 1301 (without area code) (www.spo.go.kr)

National Police Agency: 182 (without area code) (ecrm.cyber.go.kr)

(2) A person whose rights or interests have been infringed by a disposition or omission made by the head of a public institution in response to a request pursuant to the provisions of Article 35 (Inspection of Personal Information), Article 36 (Correction or Deletion of Personal Information), and Article 37 (Suspension, etc. from Managing Personal Information) of the Personal Information Act may file an administrative appeal as stipulated by the Administrative Appeals Act.

• For more information on administrative appeals, refer to the Central Administrative Appeals Commission website (www.simpan.go.kr).

13. Amendments to this Privacy Policy

This Privacy Policy shall take effect on [Month Date, Year].