Privacy Policy
Agabang & Company Co., Ltd. (hereinafter referred to as the “Company”) complies with the Personal Information Protection Act and related laws to protect the freedom and rights of data subjects. The Company processes personal information lawfully and safely. In accordance with Article of the Personal Information Protection Act, this Privacy Policy is established and disclosed to provide data subjects with information on the procedures and standards for personal information processing, and to ensure that any related complaints are handled promptly and smoothly.
Article (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The processed personal information shall not be used for any purpose other than those stated below, and in the event of a change in the purpose of use, the Company shall obtain separate consent in accordance with Article of the Personal Information Protection Act or take other necessary measures.
Membership Registration and Management
Personal information is processed to verify the intent to sign up for membership, identify and authenticate individuals for the provision of membership services, maintain and manage membership status, prevent fraudulent use of services, restrict the use of services by children under the age of , send various notices and notifications, and handle customer inquiries or complaints.
Provision of Goods or Services
Personal information is processed for purposes including product delivery, service provision, issuance of contracts and invoices, content delivery, personalized service provision, identity and age verification, payment and settlement of fees, and collection of claims.
Article (Processing and Retention Period of Personal Information)
➀ The Company processes and retains personal information within the period of retention and use permitted by law, or within the period consented to by the data subject when collecting personal information.
➁ The specific processing and retention periods for each type of personal information are as follows:
➁ The specific processing and retention periods for each type of personal information are as follows:
Website Membership Registration and Management
Retention Period: Three () months after withdrawal from the website.
Records of fraudulent membership use (e.g., improper use of points/mileage, identity theft): One () year.
However, in the following cases, personal information will be retained until the relevant reason no longer exists:
(a) When an investigation or inquiry is in progress for a violation of applicable laws, until such investigation or inquiry is completed.
(b) When any debt or credit relationship resulting from website use remains unresolved, until the relevant settlement is completed.
Records of fraudulent membership use (e.g., improper use of points/mileage, identity theft): One () year.
However, in the following cases, personal information will be retained until the relevant reason no longer exists:
(a) When an investigation or inquiry is in progress for a violation of applicable laws, until such investigation or inquiry is completed.
(b) When any debt or credit relationship resulting from website use remains unresolved, until the relevant settlement is completed.
Provision of Goods or Services
Retention Period: Until the completion of product/service delivery and payment/settlement.
However, in the following cases, information shall be retained until the relevant period expires:
(a) Records related to display and advertisement, contracts, and performance of transactions under the Act on the Consumer Protection in Electronic Commerce, Etc.
- Records of display and advertisement: Six () months
- Records of contracts, cancellations, payments, and product/service delivery: Five () years
- Records of consumer complaints or dispute resolutions: Three () years
(b) Communication data under the Protection of Communications Secrets Act:
- Subscriber telecommunications date/time, start/end time, counterparty subscriber number, frequency of use, and originating base station location tracking data: One () year
- Computer communications, Internet log data, and access tracking data: Three () months
However, in the following cases, information shall be retained until the relevant period expires:
(a) Records related to display and advertisement, contracts, and performance of transactions under the Act on the Consumer Protection in Electronic Commerce, Etc.
- Records of display and advertisement: Six () months
- Records of contracts, cancellations, payments, and product/service delivery: Five () years
- Records of consumer complaints or dispute resolutions: Three () years
(b) Communication data under the Protection of Communications Secrets Act:
- Subscriber telecommunications date/time, start/end time, counterparty subscriber number, frequency of use, and originating base station location tracking data: One () year
- Computer communications, Internet log data, and access tracking data: Three () months
Article (Items and Methods of Collecting Personal Information)
➀ When a user registers for membership, the Company collects the minimum necessary personal information required to provide various services and ensure smooth customer consultation. The items collected are divided into mandatory and optional categories as follows:
Integrated Members
(a) Mandatory items: Name, gender, date of birth, ID, password, mobile phone number, and e-mail address.
(b) Optional items: Address, marketing information consent, child information (expected date of birth, date of birth, name/gender), preferred store, and recommender ID.
(b) Optional items: Address, marketing information consent, child information (expected date of birth, date of birth, name/gender), preferred store, and recommender ID.
Simple Sign-Up Members (Kakao / Naver)
(a) Mandatory items: Name, gender, date of birth, e-mail address, mobile phone number, and address.
(b) Optional items: Marketing information consent.
(b) Optional items: Marketing information consent.
Simple Payment Channel Members (Naver Pay / Samsung Wallet)
(a) Mandatory items: Name, gender, date of birth, e-mail address, mobile phone number, and address.
(b) Optional items: Marketing information consent.
(b) Optional items: Marketing information consent.
➁ For non-members, the Company may collect the following information to process A/S (after-service), C/S (customer service) requests, or for prize delivery in event promotions: Name, phone number, and address.
➂ During service use or business processing, information such as IP address, cookies, visit date and time, service usage records, and point usage history may be automatically generated and collected.
➃ The Company may additionally collect personal information as necessary when providing specific services to members, in which case separate consent shall be obtained.
➄ Methods of collecting personal information are as follows:
➂ During service use or business processing, information such as IP address, cookies, visit date and time, service usage records, and point usage history may be automatically generated and collected.
➃ The Company may additionally collect personal information as necessary when providing specific services to members, in which case separate consent shall be obtained.
➄ Methods of collecting personal information are as follows:
(a) Website, written forms, telephone, inquiry boards, e-mail, event participation, delivery requests, A/S and C/S applications.
(b) Provision from partner companies.
(c) Collection through automated data collection tools.
(b) Provision from partner companies.
(c) Collection through automated data collection tools.
Article (Consignment of Personal Information Processing)
The Company entrusts the processing of personal information to external service providers to ensure smooth service delivery and convenience for members. When executing a consignment agreement, the Company stipulates necessary provisions to ensure safe management of personal information in accordance with relevant laws and regulations.
Consigned Company / Consigned Work
CJ OliveNetworks Co., Ltd. / Sending notifications via KakaoTalk, SMS, and e-mail
APEX Co., Ltd. / Product and event prize delivery, logistics services, customer guidance, and customer service (CS)
Lotte Global Logistics Co., Ltd. / Product delivery and logistics operations
NICE Information Service Co., Ltd. / Mobile phone verification for identity confirmation
Toss Payments / Payment processing for purchased goods
Naver Financial Corp. / Payment processing for purchased goods
CEO Soft / Information system development and maintenance
CRIMA Factory Co., Ltd. / Review management and promotional notifications
Daou Technology Inc. / Order aggregation and courier system integration
NHN Commerce Corp. / Provision of shopping mall solutions
Design Textbook / Information system development and maintenance
MComplus Co., Ltd. / Operation of mobile membership payment services
SGU Co., Ltd. / ERP system development and maintenance
DataRise Co., Ltd. / Provision of personalized information based on user behavior; SMS, KakaoTalk, and e-mail messaging
Cafe Co., Ltd. / Shopping mall platform service
Comdex Co., Ltd. / Information system development and maintenance
Retention and Use Period: Until membership withdrawal or termination of the consignment agreement.
CJ OliveNetworks Co., Ltd. / Sending notifications via KakaoTalk, SMS, and e-mail
APEX Co., Ltd. / Product and event prize delivery, logistics services, customer guidance, and customer service (CS)
Lotte Global Logistics Co., Ltd. / Product delivery and logistics operations
NICE Information Service Co., Ltd. / Mobile phone verification for identity confirmation
Toss Payments / Payment processing for purchased goods
Naver Financial Corp. / Payment processing for purchased goods
CEO Soft / Information system development and maintenance
CRIMA Factory Co., Ltd. / Review management and promotional notifications
Daou Technology Inc. / Order aggregation and courier system integration
NHN Commerce Corp. / Provision of shopping mall solutions
Design Textbook / Information system development and maintenance
MComplus Co., Ltd. / Operation of mobile membership payment services
SGU Co., Ltd. / ERP system development and maintenance
DataRise Co., Ltd. / Provision of personalized information based on user behavior; SMS, KakaoTalk, and e-mail messaging
Cafe Co., Ltd. / Shopping mall platform service
Comdex Co., Ltd. / Information system development and maintenance
Retention and Use Period: Until membership withdrawal or termination of the consignment agreement.
Article (Provision of Personal Information to Third Parties)
➀ The Company processes personal information only within the scope specified in the purpose of processing and provides it to third parties only in cases permitted under Articles and of the Personal Information Protection Act, such as when consent is obtained from the data subject or when required by law.
➁ For the provision of services, the Company may provide personal information to third parties within the minimum necessary scope, upon obtaining consent from the data subject in accordance with Article () () of the Personal Information Protection Act.
➁ For the provision of services, the Company may provide personal information to third parties within the minimum necessary scope, upon obtaining consent from the data subject in accordance with Article () () of the Personal Information Protection Act.
Recipient: Designskin Co., Ltd.
Purpose of Provision: Marketing, advertisement, provision of benefits, and A/S consultation.
Items Provided: Name, e-mail, mobile phone number, address.
Retention and Use Period: Until membership withdrawal.
Purpose of Provision: Marketing, advertisement, provision of benefits, and A/S consultation.
Items Provided: Name, e-mail, mobile phone number, address.
Retention and Use Period: Until membership withdrawal.
Article (Procedures and Methods for Destruction of Personal Information)
The Company destroys personal information in the following manner once the purpose of processing has been achieved.
Destruction Procedures
Information entered by a member for purposes such as membership registration is transferred to a separate database (or stored in a separate physical file for paper documents) after the purpose has been achieved. It is then retained for a certain period in accordance with internal policies and related laws (see retention period above) before being destroyed. Such personal information is not used for any purpose other than that for which it is retained, except as required by law.
Destruction Methods
Personal information printed on paper is shredded or incinerated.
Personal information stored in electronic file formats is deleted using technical methods that render the data irrecoverable.
Personal information stored in electronic file formats is deleted using technical methods that render the data irrecoverable.
Article (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
➀ The Company uses “cookies” to store and retrieve user information in order to provide personalized and customized services.
➁ A cookie is a small text file sent by the web server operating the website to the user’s browser and stored on the user’s computer hard disk. When the user revisits the website, the server reads the cookie to maintain the user’s settings and provide customized services.
➂ Cookies do not automatically or actively collect personally identifiable information, and users may refuse or delete cookies at any time.
➃ Users have the option to allow or reject cookie storage. Users may set their web browser to allow all cookies, confirm each time cookies are stored, or reject all cookies entirely.
➄ Example of how to manage cookie settings (for Internet Explorer):
➁ A cookie is a small text file sent by the web server operating the website to the user’s browser and stored on the user’s computer hard disk. When the user revisits the website, the server reads the cookie to maintain the user’s settings and provide customized services.
➂ Cookies do not automatically or actively collect personally identifiable information, and users may refuse or delete cookies at any time.
➃ Users have the option to allow or reject cookie storage. Users may set their web browser to allow all cookies, confirm each time cookies are stored, or reject all cookies entirely.
➄ Example of how to manage cookie settings (for Internet Explorer):
(a) Select [Tools] → [Internet Options].
(b) Click the [Privacy] tab.
(c) Adjust the Privacy Settings level according to preference.
(b) Click the [Privacy] tab.
(c) Adjust the Privacy Settings level according to preference.
Article (Technical and Managerial Measures for Protecting Personal Information)
The Company takes the following technical and managerial measures to ensure the security of personal information and to prevent loss, theft, leakage, alteration, or damage.
➀ Password Encryption
User account passwords are encrypted and stored securely so that only the user knows them. Verification and modification of personal information are possible only by the individual who knows the password.
➁ Technical Protection Measures
(a) The Company strives to prevent personal information leakage or damage due to hacking, computer viruses, or similar incidents.
(b) The Company regularly backs up data to prevent loss and uses up-to-date antivirus programs to safeguard members’ information and data.
(c) The Company also uses encrypted communication channels to securely transmit personal information over networks.
(b) The Company regularly backs up data to prevent loss and uses up-to-date antivirus programs to safeguard members’ information and data.
(c) The Company also uses encrypted communication channels to securely transmit personal information over networks.
➂ Managerial Protection Measures
Only authorized personnel have access to personal information. Each authorized employee is assigned a unique password that is regularly updated, and regular training is provided to ensure compliance with this Privacy Policy.
Article (Personal Information Protection Officer)
The Company designates the following personnel to manage personal information protection and handle user complaints related to personal information. The Company will respond promptly and faithfully to all inquiries.
Personal Information Protection Officer
Name: Yoo Cheong-hyun
Department: DX Strategy & Planning Division
Position: Head of Division
E-mail: privacy@agabang.com
Department: DX Strategy & Planning Division
Position: Head of Division
E-mail: privacy@agabang.com
Personal Information Manager
Name: Lee Dong-ho
Department: IT Operations Team
E-mail: privacy@agabang.com
Department: IT Operations Team
E-mail: privacy@agabang.com
If you need to report or consult about personal information infringement, you may also contact the following institutions:
Personal Information Infringement Report Center: privacy.kisa.or.kr / ☎
Supreme Prosecutors’ Office Cyber Crime Division: www.spo.go.kr / ☎
Korean National Police Agency Cyber Bureau: ecrm.cyber.go.kr / ☎
Personal Information Dispute Mediation Committee: www.kopico.go.kr / ☎ -
Supreme Prosecutors’ Office Cyber Crime Division: www.spo.go.kr / ☎
Korean National Police Agency Cyber Bureau: ecrm.cyber.go.kr / ☎
Personal Information Dispute Mediation Committee: www.kopico.go.kr / ☎ -
Article (Rights and Obligations of Users and Legal Representatives)
Members and their legal representatives may view or modify their registered personal information at any time. If they do not agree with the Company’s processing of personal information, they may withdraw consent or request to cancel their membership (withdrawal). However, in such cases, service use may be restricted.
To view or modify personal information, go to “Edit Personal Information” (or “Modify Member Information”). To withdraw consent or cancel membership, click “Withdraw Membership” and follow the identity verification process. You may also contact the Personal Information Protection Officer by mail, phone, or e-mail for prompt assistance.
If a user requests correction of personal information errors, the Company will not use or provide such information until the correction is complete. If incorrect information has already been provided to a third party, the Company will immediately notify the recipient of the correction so that it can be applied.
Personal information deleted or terminated upon user or legal representative request will be processed and retained in accordance with the “Retention and Use Period of Personal Information” and will not be viewed or used for any other purpose.
How to Withdraw Membership
Access the website → Log in → My Page → My Information → Click “Withdraw Membership.”
Access the website → Log in → My Page → My Information → Click “Withdraw Membership.”
Article (Duty of Notice)
➀ The Company posts this Privacy Policy and other detailed information about personal information protection on the homepage’s main screen, so that users can easily review it at any time. Since the contents of this Privacy Policy may change, users are encouraged to check it whenever visiting the site.
➁ If the Company amends this Privacy Policy, the notice of revision will be announced on the website notice board (or individually, if necessary) at least seven () days before the effective date.
➁ If the Company amends this Privacy Policy, the notice of revision will be announced on the website notice board (or individually, if necessary) at least seven () days before the effective date.
Article (Amendment of the Privacy Policy)
➀ This Privacy Policy shall take effect on June , .
➁ Previous versions of this Privacy Policy can be found in the list provided at the top of this page.
➁ Previous versions of this Privacy Policy can be found in the list provided at the top of this page.
