privacy policy

Qoo10 Pte. Ltd. (hereinafter referred to as the 'Company') establishes and discloses the following personal information handling policy in order to protect the personal information of the information subject in accordance with Article 30 of the 「Personal Information Protection Act」 and to promptly and smoothly handle related grievances.

If there is a change in laws or guidelines related to personal information and the company's policy changes, the privacy policy may be updated.

The privacy policy contains the following information.

1. Article 1 (Purpose of processing personal information)
2. Article 2 (Processing and Retention Period of Personal Information)
3. Article 3 (Provision of Personal Information to Third Parties)
4. Article 4 (Consignment of Personal Information Processing)
5. Article 5 (Rights and Duties of Information Subjects and Legal Representatives and Method of Exercising them)
6. Article 6 (Creating items of personal information to be processed)
7. Article 7 (Destruction of personal information)
8. Article 8 (Measures to ensure the safety of personal information)
9. Article 9 (Matters concerning installation, operation and rejection of automatic personal information collection devices)
10. Article 10 (Personal Information Protection Officer)
11. Article 11 (Standards for Judgment of Additional Use and Provision)
12. Article 12 (Request for Access to Personal Information)
13. Article 13 (Remedies for Infringement of Rights)
14. Article 14 (Change of Personal Information Handling Policy)

○ This Privacy Policy is effective from May 12, 2022.

Article 1 (Purpose of processing personal information)

The company processes personal information for the following purposes. The personal information being processed is not used for purposes other than Article 6 (Creating items of personal information to be processed). If the purpose of use is changed, measures such as obtaining separate consent in accordance with Article 18 of the 「Personal Information Protection Act」 will be implemented.

Article 2 (Processing and Retention Period of Personal Information)

1. ① Qoo10 collects and uses personal information as in Article 6 (Creating items of personal information to be processed).The period of retention and use of collected personal information is from the signing of the service use contract (membership registration) to the termination of the service use contract (including application for withdrawal and ex officio withdrawal).

2. ② Qoo10 processes and retains personal information within the retention of personal information in accordance with laws and regulations.
   Each personal information processing and (obligatory) retention period in accordance with laws and regulations is as follows.

   Personal information processing and (obligatory) retention period

   Retention information	Retention period	Grounds of Law
   Records on payment and supply of goods	5 years	Article 6 of the Consumer Protection Act in e-commerce
   Records on contract or withdrawal of subscription	5 year
   Records on handling consumer complaints or disputes	3 year
   Records on display and advertisement	6 month
   Records of Electronic Financial Transactions	5 year	Article 22 of the Electronic Financial Transactions Act
   Website and app visit history	3 month	Communication Secret Protection Act Article 15-2
   Records on the collection, processing and use of credit information	3 year	Article 20 of the Act on the Use and Protection of Credit Information

3. ③ If the use contract is still in effect after the above mandatory retention period, the information is kept until the end of the use contract.If it is necessary to withdraw the information beyond the mandatory retention period, the user can request the withdrawal through Article 12 (Request for Access to Personal Information).

Article 3 (Provision of Personal Information to Third Parties)

1. ① The company processes personal information only within the scope specified in Article 1 (Purpose of processing personal information). Personal information is provided to third parties only if it falls under Articles 17 and 18 of the 「Personal Information Protection Act」, such as the consent of the information subject and special provisions of the law.

2. ② The company provides personal information to third parties as follows

   Providing personal information to third parties

   recipient	Offer	Purpose of provision	Retention and period of use
   -	-	-	-
   -	-	-	-

Article 4 (Consignment of Personal Information Processing)

1. ① The company entrusts the following personal information processing tasks for smooth personal information processing.

   Consignment of personal information processing business

   consignee	Consignment work	Retention and period of use
   -	-	-
   -	-	-

2. ② In accordance with Article 26 of the Personal Information Protection Act, the company stipulates in the documents such as prohibition of processing personal information, technical and managerial protection measures, re-entrust restrictions, management and supervision of trustees, and compensation. Supervise whether the trustee handles personal information safely.
3. ③ If the contents of the consigned work or the consignee is changed, we will disclose it through this personal information processing policy without delay.

Article 5 (Rights and Duties of Information Subjects and Legal Representatives and Method of Exercising them)

1. ① The subject of information can exercise the right to view, correct, delete, and suspend processing of personal information at any time with respect to the company.
2. ② The exercise of rights pursuant to Paragraph 1 can be used by the company in writing, e-mail, fax, etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the 「Personal Information Protection Act」, and the company will take action without delay.
3. ③The exercise of rights pursuant to Paragraph 1 can be done through an agent, such as a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in the form of Attachment No. 11 of the “Personal Information Handling Method Notice (No. 2020-7)”.
4. ④ The rights of the information subject may be restricted in accordance with Article 35 (4) and Article 37 (2) of the 「Personal Information Protection Act」.
5. ⑤ The request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
6. ⑥ The company confirms whether the person who made the request, such as a request for reading, correction or deletion, or request for suspension of processing, is the person or a legitimate agent according to the right of the information subject.

Article 6 (Creating items of personal information to be processed)

1. ① The company is processing the following personal information category.
   
   1) customer/seller

   Personal information category

   	purpose	category
   customer/ seller	sign up	(Required) Email, name, password, date of birth, gender (optional) Mobile phone number, ID, withdrawal account, Q account password
   	Order, payment, delivery service	Name, mobile phone number, phone number, address, email, credit card information for card payment, bank account information for bank transfer, simple payment account information for simple payment, Q-coin password for Q-coin payment, Q account password for Qmoney payment , personal customs clearance code
   	Email or ID, find a password	Name, gender, date of birth, mobile phone number, email address
   	SNS login	Google, Facebook, Line, KakaoTalk, Apple account
   	Non-member order, payment and delivery service	Name, mobile phone number, phone number, address, email, credit card information for card payment, bank account information for bank transfer, simple payment account information for simple payment, personal customs clearance code.
   	Other access information	Service usage history, access logs, cookies, access IP information
   seller	Seller member service provision, etc.	Company name, contact person name, ID, email, phone number, mobile phone number, address, URL for reference (optional)
   	Sales payment settlement, etc.	Bank account information, business license number or resident registration number, company name, email, phone number, address.

Article 7 (Destruction of personal information)

1. ① The company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or achievement of the purpose of processing.
2. ② The company notifies the user in advance of the personal information of the user who has not used the company's service for one year, and destroys or separates the personal information and stores and manages it.
3. ③ If personal information must be continuously preserved according to other laws, the personal information is moved to a separate database (DB) or stored in a different storage location.
4. ④ Separately stored personal information is completely destroyed in a safe manner after five years without the requirements of other laws and regulations.

5. ⑤ The procedures and methods for personal information destruction are as follows.

   1. 1. Destruction procedure
      The company selects personal information where the reason for destruction occurs and destroys personal information with the approval of the company's personal information protection manager.

   2. 2. Destruction method
      Information in the form of electronic files uses a technical method that cannot reproduce records.
      Personal information printed on paper is shredded with a shredder or destroyed through incineration.

Article 8 (Measures to ensure the safety of personal information)

The company is taking the following measures to ensure the safety of personal information.

1. 1. Conduct regular self-audits
   To ensure the stability of personal information handling, we conduct regular (quarterly) self-audits.

2. 2. Minimize and train personal information management staff
   We are implementing measures to manage personal information by designating employees who handle personal information and limiting them to the person in charge.

3. 3. Establishment and implementation of internal management plan
   We have established and implemented an internal management plan for safe handling of personal information.

4. 4. Technical measures to prepare for hacking, etc
   The company has installed a security program to prevent leakage and damage of personal information caused by hacking or computer viruses. In addition, periodic updates and inspections are performed, the system is installed in an area where access is controlled from outside, and it is monitored and blocked technically and physically.

5. 5. Encryption of personal information
   The user's personal information is stored and managed after the password is encrypted, so only the user can know it. Sensitive data uses separate security features such as encrypting files and transmission data or using a file lock function.

6. 6. Storage of access records and prevention of forgery
   Records accessed to the personal information processing system are kept and managed for at least one year. We use security features to prevent forgery, theft, and loss of access records.

7. 7. Restricting access to personal information
   We take necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and use an intrusion prevention system to control unauthorized access from outside.

8. 8. Using Lockers for Document Security
   Documents containing personal information are stored in a safe place with locks such as secondary storage media.

9. 9. Access control for unauthorized persons
   A separate physical storage place where personal information is stored is established and operated for access control procedures are established.

Article 9 (Matters concerning installation, operation and rejection of automatic personal information collection devices)

1. ① The company uses 'cookie' to store and retrieve usage information from time to time to provide individual customized services to users.

2. ② Cookies are small amounts of information that the server (http) used to run the website sends to the user's computer browser, and are sometimes stored on the user's hard disk in the user's PC computer.

   
   
   1. 1. Purpose of use of cookies: It is used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by the user, popular search terms, and whether or not secure access is available.
   2. 2. Installing and operating and rejecting cookies: You can refuse to save cookies by setting the options in the Tools>Internet Options>Personal Information menu at the top of the web browser.
   3. 3. If you refuse to store cookies, you may experience difficulties in using customized services.

Article 10 (Personal Information Protection Officer)

1. ① The company is responsible for overall handling of personal information, and has designated a person in charge of personal information protection as follows to handle complaints and damage relief from information subjects related to personal information processing.

   • ▶ Personal Information Protection Officer
   • - Department:Compliance Part
   • - Name :Way Siong TAN
   • - Contact : +65-6571-6463
   • - Email :privacy@qoo10.com
   • - FAX : +65-6735-3487
   
   

   ※ Connect to your privacy department

   • ▶ Department:Compliance Part
   • - Department :Security Division
   • - Manager :이승완
   • - Contact :+82-02-6004-8679
   • - Email:bangrip@qoo10.com
   • - FAX : +82-02-501-9717
2. ② Users can inquire about personal information protection related inquiries, complaint handling, damage relief, etc., to the person in charge of personal information protection and the department in charge while using the company service (or business). The company will respond and process inquiries without delay

Article 11 (Standards for Judgment of Additional Use and Provision)

In accordance with Article 15 (3) and 17 (4) of the Personal Information Protection Act, the company may additionally use and provide personal information without the consent of the information subject in consideration of the matters under Article 14-2 of the Enforcement Decree of the Personal Information Protection Act. There is.
Therefore, in order for the company to use and provide additional information without the consent of the information subject, the following matters have been considered.

• - Whether the purpose of additional use and provision of personal information is related to the original purpose of collection.
• - Whether there is any predictability of additional use or provision in light of the circumstances in which personal information was collected or processing practices.
• - Whether the additional use or provision of personal information unreasonably infringes on the interests of the information subject.
• - Whether measures necessary to secure safety, such as pseudonymization or encryption, have been taken.
• - FAX : +82-02-501-9717

※ The criteria for judging considerations for additional use and provision are prepared and disclosed by the business operator/group autonomously determined by themselves.

Article 12 (Request for Access to Personal Information)

Information subjects can view personal information through MyQoo10 on the Qoo10 site, and for information that cannot be directly checked through the Qoo10 website or app, please contact the Qoo10 Customer Center(1:1 Contact Chat, help@qoo10.com ).

Article 13 (Remedies for Infringement of Rights)

The information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency Personal Information Infringement Report Center, etc. In addition, for other personal information infringement reports and consultations, please contact the following organizations.

1. 1. Personal Information Dispute Mediation Committee : (without a country code) 1833-6972 (www.kopico.go.kr)
2. 2. Personal Information Infringement Report Center : (without a country code 118 (privacy.kisa.or.kr)
3. 3. Supreme Public Prosecutors' Office : (without a country code) 1301 (www.spo.go.kr)
4. 4. ㅖublic prosecutor's office : (without a country code) 182 (ecrm.cyber.go.kr)

Article 14 (Change of Personal Information Handling Policy)

1. ① This privacy policy is effective from 12 May 2022.

2. ② The previous privacy policy can be found below.

   
   

- 2018.09.01 ~ 2022.05.11 apply