Joya Schuhe Industry Co., Ltd. (hereinafter referred to as “the Company”) shall protect the personal information of users and swiftly and properly manage all grievances related to the personal information in compliance with Article 30 of the Personal Information Protection Act. In this regard, the company shall set forth and introduce the personal information policy as follows:
Article 1 (Purpose of Personal Information Processing)
The Company shall process the personal information for the following purposes. The company shall not use the personal information for purposes other than the followings. If the purpose of the use of personal information changes, the Company shall take appropriate actions such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. Homepage Membership Registration and Management
The Company shall process the personal information for the following purposes: confirmation of membership registration, identification and verification of users under the provision of membership service, retention and management of membership, identification according to the enforcement of the identification system, prevention of illegal use of services, consent from a legal representative of children aged under 14 when proceeding their personal information and notifications and grievance procedures, etc.
2. Provision of Goods and Services
The Company shall process the personal information for the purpose of delivering goods, providing services, sending contracts and invoices, providing contents and customized services, verifying identity and age, and for payment, settlement, and debt collection.
The Company shall process the personal information to identify the complainant and the complaints, to contact the complainant for fact-finding and notifying the results of handling the complaints.
Article 2 (Processing and Retention Period of Personal Information)
① The Company shall process and retain personal information within the period of retention and use of personal information in accordance with legislations or the period of retention and use of personal information agreed upon when collecting personal information from a user.
② The processing and retention period of each personal information is as follows.
Homepage membership registration and management:until a business or an organizationwithdraws from the homepage. However, it is processed and retained until the end of cases for the followings:
1) Until the investigation is completed if an investigation due to the violation of related laws is in progress
2) Until the settlement of the bonds and debts in the event that the bonds and debts relationship remains due to the use of the homepage
Provision of goods or services: Until the completion of supply of goods and services, payment of fees, and settlement.However,it is processed and retained until the end of the period for the following cases:
1) Records on transactions such as indications, advertisements, contract details and implementation in accordance with the 「Consumer Protection Act in Electronic Commerce, etc.」
- Records on display and advertisement: 6 months
- Records of contract or subscription withdrawal, payment, and supply of goods: 5 years
- Records on consumer complaints or dispute settlement: 3 years
2) Storage of communication confirmation data pursuant to Article 41 of the 「Communication Secret Protection Act」
- Subscriber telecommunication date and time, start/end time, other party's subscriber number, frequency of use, and location tracking data of the sending base station: 1 year
- Computer communication, Internet log record data, access point tracking data: 3 months
Article 3 (Providing Personal Information to a Third Party)
The Company shall process personal information of a user only within the range specified in Article 1 (Purpose of Personal Information Processing). The Company shall provide a third party with personal information only when it falls under Article 17 of the Personal Information Protection Act, such as the consent of the information user and special provisions of the law.
Article 4 (Consignment of Personal Information Processing)
① The Company entrusts personal information processing tasks as follows for proper processing of personal information:
CJ Korea Express: logistics and delivery service
NHN Korea Cyber Payment (KCP): Payment service (including authentication of a refund account and processin of credit card payment)
NICE Evaluation Information Co., Ltd.: Self-certification
② When entering into a consignment contract, the Company shall provide for the matters related to liability such as prohibition of processing of personal information other than the purpose of performing consignment business, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and compensation for damages according to Article 25 of the Personal Information Protection Act. Etc., and oversees whether the trustee handles personal information safely.
③ If the contents of the consignment business or the consignee change, we will disclose it through this personal information processing policy without delay.
Article 5 (Rights of Users and Legal Representatives and How to Exercise the Rights)
① The information subject can exercise the following rights related to personal information protection at any time to the company.
- Request toviewpersonal information
- Requestto correct information if any error is found
- Requestto delete if necessary
- Request to stop processing
② The exercise of rights pursuant to Paragraph 1 can be made by writing, phone call, e-mail, fax, etc., to the Company and the Company will take action without delay.
③ If the information subject requests correction or deletion of errors in personal information, the company shall not use nor provide the personal information until the correction or deletion is completed.
④ The exercise of rights pursuant to Paragraph 1 can be done through an agent such as a legal representative of the information subject or a person who has been delegated. In this case, a power of attorney must be submitted in accordance with the form of Attachment 11 of the Enforcement Regulations of the Personal Information Protection Act.
⑤ The information subject must not infringe on the personal information and privacy of the information subject or others handled by the company in violation of related laws such as the Personal Information Protection Act.
Article 6 (Personal Information Items to be Processed)
The Company processes the following personal information items.
- Homepage membership registration and management
Required items: <Name, date of birth, ID, password, address, phone number, gender, email address, IPIN number>
Optional items: <areas of interest>
- Provision of Goods or Services
Required items: <Payment information such as name, date of birth, ID, password, address, phone number, email address, IPIN number, credit card number, bank account information, etc.>
Optional items: <areas of interest, purchase history>
- In the process of using the Internet service, the following personal information items may be automatically generated and collected.
IP address, cookie, MAC address, service use record, visit record, bad use record, etc.
Article 7 (Destruction of Personal Information)
- The Company shall destroy personal information without delay when it becomes unnecessary because the retention period of personal information is expired or the Company has achieved the purpose of processing the personal information.
- If the personal information must be kept in accordance with other laws and regulations despite the retention period of it agreed by the information subject has elapsed or the purpose of processing it has been achieved, the personal information may be transferred to a separate database (DB) or the storage location for archive.
- The procedure and method of destroying personal information is as follows.
Article 8 (Securing Safety of Personal Information)
The company takes the following measures to ensure the safety of personal information.
- Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
- Technical measures: management of access rightstopersonal information processing system, installation of access control system, encryption of unique identification information, installation of security programs
Physical measures:control access to acomputer room, data storage room, etc.
Article 9 (Installation, Operation and Refusal of Automatic Personal Information Collection Device)
① The Company shall use ‘cookies’ that store and retrieve use information from time to time in order to provide customized services to users.
② Cookies are a small amount of information sent to the user's computer browser by the server (http) that is used to operate the website, and may be stored on the hard disk of the user's PC computer.
- Installation, operation and rejection of cookies: You can refuse to store cookies by setting options in the Tools> Internet Options> Personal Information menu at the top of the web browser.
- All. If you refuse to store cookies, you may experience difficulties in using customized services.
Article 10 (Person in Charge of Personal Information Protection)
① The Company has designated the person in charge of personal information protection to take full responsibility for the handling of personal information and to deal with complaints and relief from damages of information subjects related to personal information processing.
▶ Personal Information Protection Officer
▶ Department in charge of personal information protection
② The information subject may contact the person or the department in charge of personal information protection for inquiries related to personal information, complaints handling, damage relief, etc. that occurred while using the company's service (or business). The company shall answer and handle inquiries from the information subject without delay.
Article 11 (Request to view personal information)
The information subject can request the following department to view personal information pursuant to Article 35 of the Personal Information Protection Act. The company will endeavor to expedite the request for access to personal information from the information subject.
▶ Responsible department for personal information access request reception and processing
Article 12 (Remedy for Infringement of Rights and Interests)
▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
▶ Personal Information Dispute Mediation Committee
▶ Supreme Prosecutors' Office Cyber Crime Investigation Division: 02-3480-3573 (www.spo.go.kr)
Article 13 (Enforcement and Modification of Personal Information Processing Policy)