[CANMART] Personal Information Treatment Policies
[CANMART] (hereinafter referred to as “Company”) very seriously takes into consideration protection of customers’ personal information, and complies with the Act Relating to Promotion of Information Communications Network and Personal Information Protection. The Company hereby notifies customers for what uses and in what ways we use the personal information provided by customers and what measures we take to protect the personal information. When the personal information treatment policies are amended, the Company will notify customers thereof through the website notifications (or individual notifications).
■ Items of Personal Information to be Collected and Collection Methods
The Company collects the following personal information for purposes of providing membership services, including membership subscriptions, consultations, prevention of wrongful uses:
■ Personal information items collected
- Option: Delivery message
- Option: Delivery message
The following personal information items can be automatically generated and collected during the Internet service use process.
- IP Address, Cookies
○Personal information collection method
The company collects personal information through membership, counseling, and service applications.
○Retention period: When withdrawing from membership or legal obligation retention period
■ Purpose of Collection and Use of Personal Information
The Company uses the collected personal information for the following purposes:
- Payment of costs incurred as a result of performing agreements on provisions of services or providing services, Provisions of the contents, purchases or cost payments, deliveries of goods or sending bills, etc., verifying identifications for financial transactions, and financial services
- Control of Members
To verify identifications for uses of membership services, to identify individuals, to prevent wrongful uses of bad members or unauthorized uses, to verify intents for subscriptions, to verify ages, to verify the consent of a legal representative for collecting personal information of children of not more than fourteen (14) years old, to handle civil complaints including handling grievances, to convey notifications
- Use for Marketing and Advertisements
Developing and specializing in new services (products), To convey information for advertisements including events, Providing services and publishing advertisements according to demographic characteristics, to figure out contact frequencies, to obtain statistics on service uses by members
■ Retention and Use Period for Personal Information
In principle, after the purposes of collecting and using personal information have been fulfilled, the Company shall without delay destroy relevant information; provided, however, that the Company shall retain personal information for a certain period of time where it is required to do so for purposes of confirming transactions related management and rights under the provisions of relevant laws including the Commercial Code and the Act Relating to Consumer Protection in Electronic Commercial Transactions as follows:
- Records on agreements or withdrawals of offers : five (5) years (the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc.)
- Records on payments and supplies of goods : five (5) years (the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc.)
- Records on complaints of consumers or dispute resolutions : three (3) years (the Act Relating to Protection of Consumers in Electronic Commercial Transactions, etc.)
- Records on visits (log-ins) : three (3) months (the Communication Secret Protection Act)
- Where personal information has been collected for temporary purposes, such as questionnaires, events : at the time of completion of a particular questionnaire or event
■ Destruction Procedures and Methods for Personal Information
The Company in principle shall without delay destroy relevant information after the purposes of collecting or using personal information have been fulfilled. The destruction procedures and methods shall be as follows:
A. Destruction procedure
- In principle, users' personal information shall be destroyed without delay when the purpose of collecting and using personal information is achieved.
- Personal information of users who have not been used for a year shall be stored separately from other users' personal information based on Article 39-6 of the Personal Information Protection Act. The user shall be notified of the destroyed, separated, and stored 30 days before the expiration of the period.
B. Destruction Methods
* The personal information printed out in sheets shall be shredded by paper shredders or destroyed by way of incineration.
* The personal information saved in an electronic file format shall be deleted with the use of technical methods in which records cannot be regenerated
■ Provisions of Personal Information to Third Parties
In principle, the company does not provide users' personal information outside. However, exceptions are made in the following cases.
- Where users have given a prior consent thereto; or
■ Delegation of Handling Personal Information
1. When the user's personal information is entrusted, the company discloses the contents of the entrusted person (hereinafter referred to as the "consignee") and the entrusted person's personal information in accordance with the relevant laws and regulations.
ο Matters concerning the prohibition of processing of personal information other than the purpose of performing consignment tasks
ο Matters concerning the technical/administrative protection measures for personal information
ο Other matters prescribed by Presidential Decree as follows for the safe management of personal information
-Purpose and scope of consignment work
-Restrictions on reconsignment
-Matters concerning measures to ensure stability, such as restricting access to personal information
-Matters concerning supervision, such as checking the management status of personal information held in connection with consignment work
-Matters concerning liability for damages, etc. in the event of a breach of obligations to be observed by the "trustee" pursuant to Article 26 (2)
■ Consignees who receive personal information handling consignments and their duties are as follows.
- DHL: Providing services such as product delivery/arrival information, etc.
- Korea Center Co., Ltd.: Management by consignment of customer information DB system (outsourcing for data processing)
- Sellmate Co., Ltd.: Using delivery/ logistics management service and inventory management system
- PayPal : Payments
- alipay : Payments
■ Rights of Users and Legal Representatives and the Exercise Methods
Users can inquire or modify their personal information that is registered at any time and can also request the cancellation of their subscription.
For the user's personal information inquiry and modification, "Change of personal information" (or withdrawal of consent) can be accessed, corrected, or withdrawn directly after the identification process.
Or if you contact the person in charge of personal information protection in writing, by phone, or by e-mail, we will take care of it without delay.
If you have requested correction for errors in personal information, you will not use or provide such personal information until the correction is completed.
In addition, if wrong personal information is already provided to a third party, we will notify the third party of the correction processing result without delay so that the correction can be made.
Canmart processes personal information terminated or deleted at the request of the user or legal representative as specified in "The retention and use of personal information collected by Canmart" and is not available for other purposes.
■ Matters concerning the installation and operation of an automatic personal information collection device, and its refusal
- The purpose of using cookies, etc.
You have the option to install cookies. Therefore, by selecting an option in your web browser, you may allow all cookies, pass confirmations whenever cookies are saved, or otherwise refuse the savings of all cookies.
- How to Refuse Installation of Cookies
By selecting options in your web browser, you may allow all cookies, pass through confirmations whenever cookies are saved, or otherwise refuse the savings of all cookies.
- How to Install Cookies (In case of the Internet Explorer) : Tool on the top of the web browser > Internet Option > Personal Information
* Example of setting method (for Internet Explorer)
: Tools at the top of the web browser> Internet Options> Personal Information
■ Contact Information of Personal Information Control Manager and Authorized Person
The company has designated the authorized relevant department and the personal information control manager in order to protect personal information of customers and handle personal information related complaints as follows:
- You may report to the personal information control manger or the relevant department any complaints regarding all personal information protection incurred in using the Services of the Company.
- The Company will promptly give sufficient answers as to the reports of users.
- If you need other reports or consultations for personal information infringements, please ask inquiries to the following institutions.
* Personal Information Dispute Mediation Committee (www.1336.or.kr / 1336)
* Information Protection Mark Certification Committee (www.eprivacy.or.kr / 02-580-0533~4)
* Internet Crime Investigation Center of Supreme Prosecutors’ Office (http://icic.sppo.go.kr / 02-3480-3600)
* Cyber Crime Investigative Service of National Police Agency (www.ctrc.go.kr / 02-392-0330)
■ Duty to Notify
The current personal information treatment policies shall be applicable from [2021.08.27]. When there is an addition, deletion, or amendment of the content, it shall be publicly announced through notifications of the homepage from at least seven (7) days before the amendment. Also the Company has made it easy to check amendments by giving the version numbers and the date of amendment to the personal information treatment policies.
These policies shall be implemented from [2021.08.27].
Article 25 (Jurisdiction and Governing Laws)
① Any lawsuit relating to electronic commercial transactions incurred between the Company and users shall be brought to a competent court of jurisdiction under the Civil Procedural Code.
② Any lawsuit for electronic commercial transactions brought between the Company and users shall be governed by the Korean laws.
■ Measures to ensure the stability of personal information
The company is taking technical, administrative and physical measures necessary to ensure the safety of personal information protection as follows.
(1) Establishment and implementation of an internal management plan The company establishes and implements an internal management plan in accordance with the ‘Standards for ensuring the safety of personal information.’
(2) Minimizing the designation of personal information handlers and training We minimize the designation of personal information handlers and conduct regular training.
(3) Restriction of access to personal information Access to personal information is controlled by granting, changing, or canceling access rights to the database system that processes personal information, and unauthorized access from outside by using an intrusion prevention system and detection system. Access is controlled, and when a personal information handler accesses the personal information processing system from outside through an information and communication network, a virtual private network (VPN) is used. In addition, we record the details of authorization, change or expungement, and keep the records for at least 3 years.
(4) Storage of access records and prevention of forgery and falsification Records of access to the personal information processing system (web logs, summary information, etc.) are kept and managed for at least 6 months, and access records are managed to prevent forgery, theft, or loss. .
(5) Encryption of personal information User's personal information is encrypted and stored and managed. In addition, we use separate security functions such as encrypting and using important data during storage and transmission.
(6) Technical measures against hacking, etc. The company installs a security program to prevent leakage and damage of personal information due to hacking or computer viruses, and installs a UTM equipment system that can control access from outside through periodic updates and inspections. And are technically and physically monitored and blocked.
(7) Access control for unauthorized persons We have established a separate physical storage place for the personal information system that stores personal information, and established and operated access control procedures for this.