MS EMPIRE INC. (hereinafter referred to as the "Company") complies with the Personal Information Protection Act and related laws to protect the freedom and rights of the information subject. The Company processes and manages personal information lawfully and securely. In accordance with Article 30 of the Personal Information Protection Act, this privacy policy is established and disclosed to guide the procedures and standards for personal information processing and to address related grievances promptly and smoothly.
-
Article 1 (General Provisions)
- 1. The Company makes its privacy policy easily accessible to information subjects by publishing it on its website.
- 2. This policy is subject to change at any time due to government guidelines or changes in the Company's policy.
- 3. In case of amendment of this policy, the new policy will be notified on the website. Information subjects are encouraged to visit and check regularly for the protection of their valuable personal information.
-
Article 2 (Purpose of Collection, Items Collected, Retention and Period of Use)
- 1. The Company may process personal information without the consent of the information subject in cases of legal compliance, contract fulfillment, etc.
- 2. The Company processes personal information with the consent of the information subject, who can request withdrawal of consent at any time.
Category Processing Items Purpose Retention Period Online Membership Registration Required: ID, Password, Name, Mobile Phone Number, Date of Birth, Gender Membership registration, identity verification, provision of membership services, handling complaints, notification of notices Until withdrawal Optional: Email, Landline Phone Number Marketing information (events, promotions, etc.) Online Product/Service (Purchase/Payment/Delivery/Refund) Required: Name, Mobile Phone Number, Email, Delivery Address, Card Company Name, Card Number, Depositor Name, Account Number, Account Holder, Bank Name, Connected Information (CI) Product purchase, payment, delivery, refund processing, complaint handling 5 years after withdrawal or order Online Merchant Management Required: Company Name, Business Registration Number, Password, Business Type, Industry, Representative Name, Head Office Address, Logistics Address, Account Number, Contact Information, Email, Mail Order Business Report Number Service provision and notification to merchants, receipt of settlement payments 5 years after contract termination Online 1:1 Inquiry Required: Name, Contact Information, Email Customer inquiries and service improvement 5 years after consultation ※ Regardless of the retention period for each collected information, if there is an ongoing investigation or inquiry due to a violation of laws, the information will be retained until the end of the investigation.
※ Personal information items may be automatically generated and collected during the use of internet services.
(IP address, cookies, service usage records, visit records, bad usage records, etc.) -
Article 3 (Provision of Personal Information to Third Parties)
- 1. The Company processes personal information within the scope specified in Article 2 and provides it to third parties only with the consent of the information subject or under special legal provisions.
-
2. The Company provides collected information with the consent of the information subject as follows:
Recipient Purpose Personal Information Provided Retention and Usage Period Merchants Provision of ordered products and services, contract fulfillment, customer consultation, and complaint handling Name, Mobile Phone Number, Email, Address, Recipient Information (if different from buyer: Name, Address, Mobile Phone Number, Phone Number) 5 years after contract termination - 3. In case of emergencies such as disasters, infectious diseases, imminent threats to life/body, or severe property loss, the Company may provide personal information to relevant authorities without the consent of the information subject, following the emergency personal information processing and protection guidelines announced by government agencies.
-
Article 4 (Criteria for Additional Use and Provision)
- 1. In accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act and Article 14-2 of the Enforcement Decree of the same Act, the Company may use or provide personal information without the consent of the information subject.
-
2. The Company has considered the following in using or providing personal information without consent:
-
a. Whether it is for providing better services or realizing equivalent positive values to the information subject.
※ Especially in cases of realizing the value of providing integrated benefits such as additional platform usage rights. - b. Whether the purpose of additional use or provision is related to the original purpose of collection.
- c. Whether there is a reasonable expectation for additional use or provision considering the circumstances of collection or processing practices.
- d. Whether the additional use or provision unfairly infringes upon the interests of the information subject.
- e. Whether necessary measures such as anonymization or encryption have been taken to ensure security.
-
a. Whether it is for providing better services or realizing equivalent positive values to the information subject.
- 3. If personal information is used or provided additionally as per paragraph 1, it will be added to the third-party consent items in Article 3 and notified.
-
Article 5 (Consignment of Personal Information Processing)
-
1. The Company entrusts personal information for more efficient and improved service provision as follows:
Trustee Entrusted Tasks Jongbu CNS Co., Ltd. Platform development and service operation, message transmission, data storage, infrastructure provision PAYPLE Payment processing (credit card, direct bank transfer, account transfer, etc.) - 2. When entering into an entrustment contract, the Company specifies in the contract or other documents, in accordance with Article 26 of the Personal Information Protection Act, matters related to the prohibition of processing personal information for purposes other than the entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages, and supervises the trustee to ensure the safe processing of personal information.
- 3. If the content of the entrusted tasks or the trustee changes, it will be announced in this policy.
-
1. The Company entrusts personal information for more efficient and improved service provision as follows:
-
Article 6 (Destruction of Personal Information)
- 1. The Company destroys personal information without delay when it becomes unnecessary, such as upon the expiration of the retention period or achievement of the processing purpose.
- 2. If the retention period agreed upon by the information subject has expired or the processing purpose has been achieved, but the personal information must be retained according to other laws, the information will be transferred to a separate database (DB) or stored in a different location.
-
3. The procedure and method of personal information destruction are as follows:
- 1. Destruction Procedure: The Company selects personal information for which a reason for destruction has occurred and destroys the information upon approval from the Company's personal information protection officer.
- 2. Destruction Method: Personal information stored in electronic file format is destroyed in a way that prevents its recovery, and personal information recorded and stored on paper is destroyed by shredding or incineration.
-
Article 7 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
- 1. The Company uses 'cookies' to store and frequently retrieve usage information to provide individualized services to users.
-
2. Cookies are small pieces of information sent by the server used to operate the website to the user's computer browser and may be stored on the hard disk of the user's PC.
- a. Purpose of Cookie Use: Cookies are used to understand each service and website visited by users, popular search terms, secure connection status, etc., to provide optimized information to users.
- b. Installation, Operation, and Refusal of Cookies: Users can refuse to store cookies by setting options in the Internet Options > Privacy menu at the top of the web browser.
- c. If cookie storage is refused, there may be difficulties in using customized services.
-
Article 8 (Notification of Personal Information Validity Period)
- 1. The Company converts the accounts of online information subjects who have not used the service for 1 year into dormant status and stores their personal information in a separate database (DB) or different storage location.
- 2. In the case of paragraph 1, the fact of separate storage and the contents of personal information items are notified by a feasible method 30 days before the conversion to dormant status.
-
Article 9 (Rights and Obligations of Information Subjects and Legal Representatives and Methods of Exercise)
- 1. Information subjects can exercise their rights to request access, correction, deletion, or suspension of processing of personal information to the Company at any time.
- 2. The rights mentioned in paragraph 1 can be exercised through written, electronic mail, facsimile (FAX), etc., in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take immediate action.
- 3. The rights exercise mentioned in paragraph 1 can be done through a legal representative of the information subject or a delegated person. In this case, a power of attorney in accordance with the form in Annex 11 of the Personal Information Protection Act Enforcement Rule must be submitted.
- 4. The right to request access and suspension of processing of personal information may be restricted under Article 35(5) and Article 37(2) of the Personal Information Protection Act.
- 5. Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
- 6. When an information subject requests access, correction, deletion, or suspension of processing, the Company verifies whether the requester is the information subject or a legitimate representative.
-
Article 10 (Measures to Ensure the Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information.
- 1 Administrative Measures: Establishment and implementation of internal management plans, regular checks on changes in related laws and policies.
- 2 Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs.
- 3 Physical Measures: Access control for computer rooms, data storage rooms, etc.
-
Article 11 (Personal Information Protection Officer and Department for Personal Information Access Request)
The Company has designated a personal information protection officer and department responsible for handling tasks related to personal information processing, handling complaints from information subjects, and remediation. Requests for access to personal information under Article 35 of the Personal Information Protection Act can be made as follows.
-
1. You can report all personal information protection-related complaints that occur while using the Company's services to the personal information protection department.
Personal Information Protection Officer Personal Information Protection Department Myoungsoo Choi / 031-978-0924 (privacy@kgoodsshop.com)
-
1. You can report all personal information protection-related complaints that occur while using the Company's services to the personal information protection department.
-
Article 12 (Remedies for Rights Infringement)
-
1. Information subjects can apply for dispute resolution or consultation, etc., to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc., for remedies for personal information infringement. For other reports and consultations on personal information infringement, please contact the following institutions:
- 1. Personal Information Dispute Mediation Committee: 1833-6972 (without area code) (www.kopico.go.kr)
- 2. Personal Information Infringement Report Center: 118 (without area code) (privacy.kisa.or.kr)
- 3. Supreme Prosecutors' Office: 1301 (without area code) (www.spo.go.kr)
- 4. National Police Agency: 182 (without area code) (ecrm.cyber.go.kr)
- 2. If an individual's rights or interests are infringed due to the disposition or inaction of the head of a public institution under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction·Deletion of Personal Information), and Article 37 (Suspension of Processing, etc.) of the Personal Information Protection Act, they may file an administrative appeal in accordance with the Administrative Appeals Act.
▶ Central Administrative Appeals Commission: 110 (without area code) (www.simpan.go.kr)
-
1. Information subjects can apply for dispute resolution or consultation, etc., to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc., for remedies for personal information infringement. For other reports and consultations on personal information infringement, please contact the following institutions:
-
Article 13 (Changes to the Personal Information Processing Policy)
This personal information processing policy applies from November 1, 2021.