Uniict(hereinafter referred to as the “Company”) establishes and discloses this Personal Information Processing Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly handle related complaints and inquiries.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those stated below. If the purpose of use is changed, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. Membership registration and management on the website
The Company processes personal information for purposes including confirming the intent to register as a member, identifying and authenticating individuals in connection with the provision of membership services, maintaining and managing membership status, verifying identity under the limited identity verification system, preventing fraudulent use of services, confirming whether a legal guardian has consented when processing personal information of children under the age of 14, delivering notices and notifications, and handling complaints.
2. Provision of goods or services
The Company processes personal information for purposes including shipping products, providing services, sending contracts and invoices, providing content, providing customized services, identity verification, age verification, payment processing and settlement, and debt collection.
3. Handling complaints
The Company processes personal information for purposes including verifying the identity of complainants, confirming complaint details, contacting and notifying for fact-finding investigations, and notifying the results of handling.
Article 2 (Processing and Retention Period of Personal Information)
① The Company processes and retains personal information within the period of retention and use prescribed by applicable laws, or within the period of retention and use agreed upon by the data subject at the time of collection.
② The processing and retention periods for each category are as follows.
1. Membership registration and management on the website: Until the member withdraws from the business/organization website
However, if any of the following applies, until the relevant reason is resolved:
1) If an investigation or inquiry is underway due to a violation of applicable laws, until such investigation or inquiry is completed
2) If claims and debts arising from website use remain outstanding, until settlement of such claims and debts is completed
2. Provision of goods or services: Until completion of supply of goods/services and completion of payment/settlement
However, if any of the following applies, until the end of the relevant period:
1) Records related to transactions under the Act on the Consumer Protection in Electronic Commerce, etc., such as labeling/advertising, contract contents, and performance
- Records on labeling/advertising: 6 months
- Records on contracts or withdrawal of subscription, payments, and supply of goods: 5 years
- Records on consumer complaints or dispute resolution: 3 years
2) Retention of confirmation data on communications facts under Article 41 of the Protection of Communications Secrets Act
- Date and time of telecommunications by subscriber, start/end time, counterparty subscriber number, number of uses, base station location tracking data of outgoing calls: 1 year
- Computer communications, internet log records, access location tracking data: 3 months
Article 3 (Provision of Personal Information to Third Parties)
① The Company processes the data subject’s personal information only within the scope stated in Article 1 (Purpose of Processing Personal Information). The Company provides personal information to third parties only when it falls under Article 17 or Article 18 of the Personal Information Protection Act, such as where the data subject has consented or where special provisions exist in law. Otherwise, the Company does not provide the data subject’s personal information to third parties.
② For smooth service provision, the Company may provide personal information to third parties within the minimum necessary scope with the data subject’s consent in accordance with Article 17(1)1 of the Personal Information Protection Act in the following cases:
- Recipient of personal information:
- Purpose of use by recipient:
- Items of personal information provided:
- Retention and use period by recipient:
Article 4 (Entrustment of Personal Information Processing)
① The Company entrusts personal information processing 업무 as follows for smooth handling of personal information:
- Entrusted work details
- Trustee (Processor): I'mweb Co., Ltd. - Details of entrusted work: Provision of systems for shopping mall hosting services, mobile app services, marketing services and additional/partner services, and agency services for sending AlimTalk, FriendTalk, and SMS messages, etc.
- Trustee (Processor): OOO PG
- Details of entrusted work: Payment and escrow services
- Trustee (Processor): OOO Courier
- Details of entrusted work: Product delivery services
- Trustee (Processor): OOO Customer Center
- Details of entrusted work: Customer support services
- Trustee (Processor): OOO
- Details of entrusted work: Identity verification services
- **Sub-processor(s)**
- **Sub-processor (Trustee): I'mweb Co., Ltd. → Infobip LLC**
- **Details of entrusted work: Sending SMS messages and KakaoTalk AlimTalk (informational messages)**
- **Sub-processor (Trustee): I'mweb Co., Ltd. → LunaSoft Co., Ltd.**
- **Details of entrusted work: Sending SMS messages and KakaoTalk AlimTalk (informational messages) and FriendTalk**
② When entering into an entrustment agreement, the Company specifies in writing (e.g., contract documents) matters such as prohibition of processing personal information beyond the purpose of performing entrusted work, technical and managerial safeguards, restrictions on sub-entrustment, supervision and management of the trustee, and liability such as compensation for damages, in accordance with Article 25 of the Personal Information Protection Act. The Company supervises whether the trustee processes personal information safely.
③ If the entrusted work or trustee changes, the Company will disclose such changes without delay through this Privacy Policy.
Article 5 (Rights of Data Subjects and Legal Guardians, and How to Exercise Them)
① Data subjects may exercise the following rights related to personal information protection against the Company at any time:
1. Request access to personal information
2. Request correction if there are errors, etc.
3. Request deletion
4. Request suspension of processing
② The rights under Paragraph 1 may be exercised against the Company in writing, by phone, by email, by facsimile (FAX), etc., and the Company will take action without delay.
③ If a data subject requests correction or deletion due to errors, etc., the Company will not use or provide the relevant personal information until the correction or deletion is completed.
④ The rights under Paragraph 1 may be exercised through a representative such as the data subject’s legal guardian or an authorized person. In such cases, a power of attorney in the form prescribed in Appendix Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
⑤ Data subjects must not infringe upon personal information and privacy of themselves or others that the Company is processing in violation of applicable laws such as the Personal Information Protection Act.
Article 6 (Items of Personal Information Processed)
The Company processes the following items of personal information.
1. Membership registration and management on the website
Required items:
Optional items:
2. Provision of goods or services
Required items:
Optional items:
Article 7 (Destruction of Personal Information)
① The Company destroys personal information without delay when it becomes unnecessary due to the expiration of the retention period, achievement of the processing purpose, etc.
② If the retention period agreed upon by the data subject has expired or the processing purpose has been achieved but the Company must continue to retain personal information under other laws, the Company stores such personal information by transferring it to a separate database (DB) or by changing the storage location.
③ The procedures and methods for destruction of personal information are as follows.
1. Destruction procedure
The Company selects the personal information to be destroyed when a reason for destruction occurs and destroys it upon approval by the Company’s Chief Privacy Officer.
2. Destruction method
The Company destroys personal information recorded and stored in electronic file form in a manner that prevents the records from being reproduced, and destroys personal information recorded and stored in paper documents by shredding or incineration.
Article 8 (Measures to Ensure the Security of Personal Information)
The Company takes the following measures to ensure the security of personal information.
1. Administrative measures: Establishment and implementation of internal management plan, regular employee training, etc.
2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, etc., installation of security programs
3. Physical measures: Access control to computer rooms, data storage rooms, etc.
Article 9 (Installation/Operation and Refusal of Automatic Personal Information Collection Devices)
① The Company uses “cookies” that store and retrieve usage information from time to time in order to provide customized services to users.
② Cookies are small pieces of information sent by the server (http) used to operate the website to the user’s computer browser, and they are stored on users’ PCs or mobile devices.
③ Data subjects may set options in their web browser to allow or block cookies. However, refusal to store cookies may cause difficulties in using customized services.
▶ Allow/Block cookies in web browsers
- Chrome: Browser Settings > Privacy and security > Clear browsing data
- Edge: Browser Settings > Cookies and site permissions > Manage and delete cookies and site data
▶ Allow/Block cookies in mobile browsers
- Chrome: Mobile browser Settings > Privacy and security > Clear browsing data
- Safari: Mobile device Settings > Safari > Advanced > Block All Cookies
- Samsung Internet: Mobile browser Settings > Delete browsing data > Delete browsing data
④ In the course of using the service, the Company collects and uses information such as visits and usage patterns regarding each service and website visited by the user, popular search terms, and whether a secure connection is used, to provide information optimized for users.
Article 10 (Chief Privacy Officer)
① The Company designates the following person as the Chief Privacy Officer responsible for overseeing personal information processing, and for handling complaints and providing remedies related to personal information processing.
▶ Chief Privacy Officer
Name: OOO
Position: OOO
Contact: , ,
※ You will be connected to the department in charge of personal information protection.
▶ Department in charge of personal information protection
Department: OOO Team
Contact: , ,
② Data subjects may contact the Chief Privacy Officer or the responsible department regarding any inquiries, complaints, or remedies related to personal information protection arising while using the Company’s service (or business). The Company will respond and handle such inquiries without delay.
Article 11 (Request for Access to Personal Information)
Data subjects may request access to personal information pursuant to Article 35 of the Personal Information Protection Act through the department below. The Company will endeavor to ensure that requests for access to personal information are processed promptly.
▶ Department responsible for receiving/processing requests for access to personal information
Department: OOO
Contact: , ,
Article 12 (Remedies for Infringement of Rights/Interests)
Data subjects may contact the following institutions for remedies, counseling, etc. regarding personal information infringement.
1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors’ Office: (without area code) 1301 (www.spo.go.kr)
4. National Police Agency: (without area code) 182 (ecrm.police.go.kr/minwon/main)
Article 13 (Effective Date and Changes to this Privacy Policy)
This Privacy Policy is effective as of 2023. 12. 01.
