** Provided to assist with the management of online shopping malls, this sample template may require amendments depending on the type of business. Before applying the following content to your shopping mall, check the management details of your mall and use and apply with discretion. **
■ Personal information collected and the means of collection A. Information we collect • The Company collects the following data for the purpose of membership sign-ups, consultations, and service applications. o When signing up for membership: Name, birthday, gender, ID, password, home phone number, mobile number, e-mail, legal representative information for subscribers under the age of 14. o When applying for services: Address, payment information • Information collected through use of online services or the processing process: use record, access log, cookies, connecting IP information, payment record, unruly use, and others.
B. Means of collecting personal information • Personal information is collected through the website, letter, message boards, e-mail, event entries, delivery request forms, phone, fax, and generated data collection tool.
■ Purpose of collection and use of personal information The Company collects personal information for the following purposes and use. • Provision of services obligated by fulfillment of contract and the payment that follows Supply content, purchase and payment, delivery of goods, billing statements and others, user verifications for financial transactions and financial services. • Member management Identify user to access members-only services, verify user, prevent unauthorized use, check membership subscription, validate age, confirm consent/agreement from legal representative for users under the age of 14, handle complaints and civil affairs, and deliver notices. • Marketing and promotional use Delivery of events and unsolicited advertisements; gain a statistical understanding of the members’ frequency of access to and use of site.
■ Period of possession and utilization of personal information As a general rule, once the personal data has fulfilled the purposes for which they were collected, they are to be immediately discarded. Except for the following that will be retained for certain periods for reasons noted below.
A. Information held according to the Company’s internal policies Even when a member has canceled his/her membership, the member’s personal information may be retained for 00 years from the date of cancelation in order to resolve future disputes, to cooperate with the requests of law enforcement agencies, and to prevent the recurrence of fraudulent uses by unruly members.
B. Grounds for holding personal information according to applicable statutes If retention of personal information is deemed necessary to operate in accordance to the provisions of relevant laws and regulations, including the Act on Consumer Protection in Electronic Commerce, then they will be held in possession by the Company for a certain period of time set by the relevant laws as noted below. • Records related to contracts or withdrawal of subscription: o Purpose of possession: Act on Consumer Protection in Electronic Commerce o Possession period: 5 years • Records related to payment and supply of goods o Purpose of possession: Act on Consumer Protection in Electronic Commerce o Possession period: 5 years • Records related to consumer complaints or dispute settlement o Purpose of possession: Act on Consumer Protection in Electronic Commerce o Possession period: 3 years • Records of log o Purpose of possession: Protection of Communications Secrets Act o Possession period: 3 months
■ Procedures and methods of discarding personal information As a general rule, once the personal data has fulfilled the purposes for which they were collected, they are immediately discarded. The procedure and method to discard is detailed below. • Discarding procedure Following the cause for information protection according to the internal policies or related statutes, once the personal data has fulfilled the purposes they will be transferred to a separate database(DB) (or filed separately in a folder if in paper form), then it will be discarded after a certain period of time. Personal information that is transferred to a separate DB will not be used for any other purposes except in the case of the law. • Discarding method Use technical method to stop reproduction of personal information saved in electronic form. ■ Disclosing personal information As a general rule, the Company shall not disclose user’s personal information to any external party except for the cases below. • Prior consent from user • Following the legislation rule or when law enforcement agencies require such information for investigative purposes during the process as prescribed by the law.
■ Consignment of collected personal information For the provision of services, the Company consigns collected personal information to specialized companies detailed below. • Consignee: [Name of delivery company] • Details of consignment: [Delivery company’s consignment details]
• Consignee: [Name of payment gateway provider] • Details of consignment: [Payment gateway provider’s consignment details]
■ The rights of users and legal representatives and methods of exercising those rights • The user may view or edit his/her personal information and request to terminate membership at any time. • To view or edit a user’s personal information, click on ‘Edit Personal Information’ (or ‘Edit Member Information’) and to cancel subscription (terminate membership) click on ‘Terminate Membership.’ Upon clicking, you’ll be directed to an identification process before you can directly access, correct, or cancel membership. • User may contact the chief privacy officer by letter, telephone or email, and necessary actions will be taken. • Should a user request corrections on errors of personal information, the Company shall not use or provide any personal information until a correction is made. In addition, if the wrong personal information has already been provided to a third party, the Company shall immediately notify them so that a proper correction can be made. • If personal information is canceled or deleted upon request of user, the Company will comply with the terms specified under “Period of possession and utilization of personal information,” and prohibit disclosure or use for any other purposes.
■ Civil services with respect to personal information To protect your personal information and deal with complaints related to personal information, the Company has appointed the following department and chief privacy officer. • Principal Privacy Officer Name: Department: Phone Number: E-mail:
• You may report all complaints related to privacy protection, in using the Company’s service, to the chief privacy officer or the department in charge. • The Company shall provide prompt and sufficient answers to your report. • For further consultation or report on other privacy infringements, contact the following the following agencies. o Privacy Rights Violation Complaint Center (privacy.kisa.or.kr / 118) o Cybercrime Investigation Department, Supreme Prosecutor’s Office (www.spo.go.kr / 02-3480-2000) o Cyber Bureau, National Police Agency (www.ctrc.go.kr/ 182)