Privacy Policy of HwaJin Mall Tech Co., Ltd.
HwaJin Mall Tech Co., Ltd. (hereinafter referred to as "the Company") has established and publicly disclosed the following privacy policy to protect the personal information of data subjects and to handle related complaints swiftly and smoothly in accordance with Article 30 of the Personal Information Protection Act.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. Personal information will not be used for purposes other than those listed below, and if the purpose of use changes, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be implemented.
Membership Registration and Management on the Website
To confirm the intention to register, provide member services, verify identity, maintain and manage membership, implement the limited identity verification system, prevent unauthorized use of services, confirm the consent of legal representatives for processing the personal information of children under 14, provide various notifications, and handle complaints.
Provision of Goods or Services
To process and deliver goods, provide services, send contracts and invoices, provide content, offer personalized services, verify identity and age, process payments and settlements, and collect debts.
Handling Complaints
To verify the identity of the complainant, confirm the details of the complaint, contact and notify for fact-finding, and inform the results of the processing.
Article 2 (Processing and Retention Period of Personal Information)
The Company processes and retains personal information within the period agreed upon by the data subject at the time of collection or as required by law.
The processing and retention periods for each type of personal information are as follows:
Membership Registration and Management on the Website: Until the user withdraws from the website.
However, if the following reasons apply, until the relevant reason is resolved:
In case of an ongoing investigation or inquiry due to a violation of relevant laws, until the investigation or inquiry is completed.
If there are outstanding debts or credits related to the use of the website, until the settlement of such debts or credits.
Provision of Goods or Services: Until the goods/services are supplied and payment/settlement is completed.
However, if the following reasons apply, until the end of the relevant period:
Records related to transactions, including display/advertisement, contract details, and performance, as required by the Consumer Protection Act in E-commerce:
Records of display/advertisement: 6 months
Records of contract or withdrawal, payment, and supply of goods: 5 years
Records of consumer complaints or dispute resolution: 3 years
Retention of communication confirmation data as per the Protection of Communications Secrets Act:
Date, start and end time, subscriber number, usage, location data of the originating base station: 1 year
Internet log records, access location data: 3 months
Article 3 (Rights of Users and Legal Representatives and How to Exercise Them)
Data subjects may exercise the following rights related to the protection of personal information at any time against the Company:
Request to access personal information
Request for correction if there are errors
Request for deletion
Request to stop processing
Rights under Section 1 can be exercised by submitting a request through written communication, phone, email, or fax, and the Company will take immediate action.
If a data subject requests correction or deletion of personal information due to an error, the Company will not use or provide the information until the correction or deletion is completed.
Rights under Section 1 may also be exercised by a legal representative or an authorized agent of the data subject. In such cases, a power of attorney must be submitted as per Form No. 11 of the Enforcement Rules of the Personal Information Protection Act.
Data subjects must not infringe on the privacy or personal information of themselves or others processed by the Company in violation of the Personal Information Protection Act or other related laws.
Article 4 (Personal Information Items Processed)
The Company processes the following personal information items:
Membership Registration and Management on the Website
Required items: Name, date of birth, ID, password, address, phone number, gender, email address, i-PIN number
Optional items: Marital status, areas of interest
Provision of Goods or Services
Required items: Name, date of birth, ID, password, address, phone number, email address, i-PIN number, credit card number, bank account information, and other payment information
Optional items: Areas of interest, past purchase history
Information Automatically Collected During Internet Service Use
IP address, cookies, MAC address, service usage records, visit records, history of inappropriate use, etc.
Article 7 (Destruction of Personal Information)
The Company will destroy personal information without delay once the retention period has expired or the processing purpose has been achieved.
If personal information needs to be retained even after the retention period has expired or the processing purpose has been achieved due to other legal requirements, the information will be moved to a separate database (DB) or stored in a different location.
The procedures and methods for destroying personal information are as follows:
Destruction Procedure: The Company selects the personal information to be destroyed and obtains approval from the personal information protection officer before destruction.
Destruction Method: Personal information recorded and stored in electronic files will be destroyed using technical methods that prevent data recovery (e.g., Low-Level Format). Paper documents containing personal information will be shredded or incinerated.
Article 8 (Measures to Ensure the Security of Personal Information)
The Company takes the following measures to ensure the security of personal information:
Administrative Measures: Establishing and implementing an internal management plan, regular employee training, etc.
Technical Measures: Managing access rights to personal information processing systems, installing access control systems, encrypting unique identification information, installing security programs.
Physical Measures: Controlling access to the computer room, data storage room, etc.
Article 9 (Matters Related to the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
The Company uses cookies to provide personalized services by storing and retrieving user information.
Cookies are small amounts of information sent by the server (HTTP) used to operate the website to the user's computer browser and may be stored on the user's hard drive.
Purpose of Using Cookies: To identify users' visit and usage patterns on various services and websites, popular search terms, security login status, etc., and to provide optimized information.
Installation, Operation, and Refusal of Cookies: Users can refuse the storage of cookies by setting options in the Privacy menu of their web browser's Tools > Internet Options.
If cookies are refused, some difficulties may arise in using customized services.
Article 10 (Personal Information Protection Officer)
The Company has designated a personal information protection officer who is responsible for overseeing personal information processing and for handling complaints and remedy requests from data subjects related to personal information processing as follows:
Personal Information Protection Officer
Name: Gun Oh
Position: Planning Team
Contact: 010-5147-5012
(The contact will connect you to the personal information protection department.)
Personal Information Protection Department
Department: Planning Team
Manager: Gun Oh
Contact: 010-5147-5012
Data subjects may direct any inquiries, complaints, or requests for damage relief related to personal information protection to the personal information protection officer or department. The Company will respond promptly to such inquiries.
Article 11 (Request for Access to Personal Information)
Data subjects may request access to their personal information as stipulated in Article 35 of the Personal Information Protection Act through the department below. The Company will strive to handle requests promptly.
Department for Receiving and Processing Personal Information Access Requests
Department: Planning Team
Manager: Gun Oh
Contact: 010-5147-5012
Article 12 (Remedies for Infringement of Rights)
Data subjects may contact the following organizations for damage relief or consultation regarding personal information infringement:
Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)
Tasks: Reporting personal information infringement, applying for consultation
Website: privacy.kisa.or.kr
Phone: 118 (no area code required)
Address: 9 Jinheung-gil, Naju-si, Jeollanam-do, 3rd Floor, 58324, Personal Information Infringement Report Center
Personal Information Dispute Mediation Committee
Tasks: Applying for mediation of personal information disputes, collective dispute mediation (civil resolution)
Website: www.kopico.go.kr
Phone: 1833-6972 (no area code required)
Address: 4th Floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul, 03171
Cybercrime Investigation Division of the Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)
Cyber Safety Bureau of the National Police Agency: 182 ([http://cyberbureau.police.go.kr](http://cyberbureau.police.go.kr)
