[CANMART] Personal Information Treatment Policies
[CANMART] (hereinafter referred to as “Company”) very seriously takes into consideration protection of customers’ personal information, and complies with the Act Relating to Promotion of Information Communications Network and Personal Information Protection. The Company hereby notifies customers for what uses and in what ways we use the personal information provided by customers and what measures we take to protect the personal information. When the personal information treatment policies are amended, the Company will notify customers thereof through the website notifications (or individual notifications).
■ Items of Personal Information to be Collected and Collection Methods
The Company collects the following personal information for purposes of providing membership services, including membership subscriptions, consultations, prevention of wrongful uses:
■ Personal information items collected
The following personal information items can be automatically generated and collected during the Internet service use process.
- IP Address, Cookies
○Personal information collection method
The company collects personal information through membership, counseling, and service applications.
○Retention period: When withdrawing from membership or legal obligation retention period
■ Purpose of Collection and Use of Personal Information
The Company uses the collected personal information for the following purposes:
- Payment of costs incurred as a result of performing agreements on provisions of services or providing services, Provisions of the contents, purchases or cost payments, deliveries of goods or sending bills, etc., verifying identifications for financial transactions, and financial services
- Control of Members
To verify identifications for uses of membership services, to identify individuals, to prevent wrongful uses of bad members or unauthorized uses, to verify intents for subscriptions, to verify ages, to handle civil complaints including handling grievances, to convey notifications
- Use for Marketing and Advertisements
Developing and specializing in new services (products), To convey information for advertisements including events, Providing services and publishing advertisements according to demographic characteristics, to figure out contact frequencies, to obtain statistics on service uses by members
■ Retention and Use Period for Personal Information
In principle, after the purposes of collecting and using personal information have been fulfilled, the Company shall without delay destroy relevant information; provided, however, that the Company shall retain personal information for a certain period of time where it is required to do so for purposes of confirming transactions related management and rights under the provisions of relevant laws including the Commercial Code and the Act Relating to Consumer Protection in Electronic Commercial Transactions as follows:
- Records on agreements or withdrawals of offers : five (5) years (the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc.)
- Records on payments and supplies of goods : five (5) years (the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc.)
- Records on complaints of consumers or dispute resolutions : three (3) years (the Act Relating to Protection of Consumers in Electronic Commercial Transactions, etc.)
- Records on visits (log-ins) : three (3) months (the Communication Secret Protection Act)
- Where personal information has been collected for temporary purposes, such as questionnaires, events : at the time of completion of a particular questionnaire or event
■ Destruction Procedures and Methods for Personal Information
The Company in principle shall without delay destroy relevant information after the purposes of collecting or using personal information have been fulfilled. The destruction procedures and methods shall be as follows:
A. Destruction procedure
- In principle, users' personal information shall be destroyed without delay when the purpose of collecting and using personal information is achieved.
- If personal information is to be preserved in accordance with other laws and regulations even though the period of personal information retention agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information is transferred to a separate DB.
B. Destruction Methods
- The personal information printed out in sheets shall be shredded by paper shredders or destroyed by way of incineration.
- The personal information saved in an electronic file format shall be deleted with the use of technical methods in which records cannot be regenerated.
■ Measures concerning the destruction, etc. of personal information of non-users
Users who have not used the service for one year will switch to a dormant account and keep their personal information separately. The company informs dormant members of the fact that they are separately stored 30 days before the transition to dormant, the scheduled date of dormant, and the personal information items that are separately stored to users by e-mail, text, etc. If you do not want to switch to a dormant account, you can log in to the service before switching to a dormant account. In addition, even if it has been converted to a dormant account, if you log in, you can restore the dormant account with the consent of the user to use the normal service.
■ Delegation of Handling Personal Information
1. The company entrusts the processing of personal information for smooth processing of personal information.
ο Matters concerning the prohibition of processing of personal information other than the purpose of performing consignment tasks
ο Matters concerning the technical/administrative protection measures for personal information
ο Other matters prescribed by Presidential Decree as follows for the safe management of personal information
-Purpose and scope of consignment work
-Restrictions on reconsignment
-Matters concerning measures to ensure stability, such as restricting access to personal information
-Matters concerning supervision, such as checking the management status of personal information held in connection with consignment work
-Matters concerning liability for damages, etc. in the event of a breach of obligations to be observed by the "trustee" pursuant to Article 26 (2)
2. Consignees who receive personal information handling consignments and their duties are as follows.
- DHL: Providing services such as product delivery/arrival information, etc.
- Korea Center Co., Ltd.: Management by consignment of customer information DB system (outsourcing for data processing)
- Sellmate Co., Ltd.: Using delivery/ logistics management service and inventory management system
- PayPal : Payments
- Eximbay : Payments
- CREMA Co., Ltd : Establish/maintain/maintain bulletin board systems and mileage systems, send DMs, manage product size information, and manage size recommendation fit
■ Rights of Users and Legal Representatives and the Exercise Methods
The company only allows membership if they are 14 years of age or older, and in principle, does not collect personal information of children under 14 years of age who need consent from legal representatives to collect and use personal information. However, if the consent of the legal representative is obtained, personal information of users under the age of 14 may be collected and used.
Users can inquire or modify their personal information that is registered at any time and can also request the cancellation of their subscription.
The exercise of rights can also be done through an agent, such as a legal representative of the information subject or a delegated person. In this case, you must submit a power of attorney in accordance with attached Form 11 of the "Notification on How to Process Personal Information (No. 2020-7)."
To inquire and modify the user's personal information, you can modify the information in "My Page > Information Modification" or "Member Information" after logging in, and to cancel the subscription (withdrawal), click "Member Withdrawal" in "My Page > Information" or "Member Information" to view, correct, or withdraw.
Or if you contact the person in charge of personal information protection in writing, by phone, or by e-mail, we will take care of it without delay.
If you have requested correction for errors in personal information, you will not use or provide such personal information until the correction is completed.
In addition, if wrong personal information is already provided to a third party, we will notify the third party of the correction processing result without delay so that the correction can be made.
Canmart processes personal information terminated or deleted at the request of the user or legal representative as specified in "The retention and use of personal information collected by Canmart" and is not available for other purposes.
■ Matters concerning the installation and operation of an automatic personal information collection device, and its refusal
- The purpose of using cookies, etc.
You have the option to install cookies. Therefore, by selecting an option in your web browser, you may allow all cookies, pass confirmations whenever cookies are saved, or otherwise refuse the savings of all cookies.
- How to Refuse Installation of Cookies
By selecting options in your web browser, you may allow all cookies, pass through confirmations whenever cookies are saved, or otherwise refuse the savings of all cookies.
- How to Install Cookies (In case of the Internet Explorer) : Tool on the top of the web browser > Internet Option > Personal Information
* Example of setting method (for Internet Explorer)
: Tools at the top of the web browser> Internet Options> Personal Information
■ Measures to ensure the stability of personal information
The company is taking technical, administrative and physical measures necessary to ensure the safety of personal information protection as follows.
(1) Establishment and implementation of an internal management plan The company establishes and implements an internal management plan in accordance with the ‘Standards for ensuring the safety of personal information.’
(2) Minimizing the designation of personal information handlers and training We minimize the designation of personal information handlers and conduct regular training.
(3) Restriction of access to personal information Access to personal information is controlled by granting, changing, or canceling access rights to the database system that processes personal information, and unauthorized access from outside by using an intrusion prevention system and detection system. In addition, we record the details of authorization, change or expungement, and keep the records for at least 3 years.
(4) Storage of access records and prevention of forgery and falsification Records of access to the personal information processing system (web logs, summary information, etc.) are kept and managed for at least 6 months, and access records are managed to prevent forgery, theft, or loss. .
(5) Encryption of personal information User's personal information is encrypted and stored and managed. In addition, we use separate security functions such as encrypting and using important data during storage and transmission.
(6) Technical measures against hacking, etc. The company installs a security program to prevent leakage and damage of personal information due to hacking or computer viruses, and installs a UTM equipment system that can control access from outside through periodic updates and inspections. And are technically and physically monitored and blocked.
(7) Access control for unauthorized persons We have established a separate physical storage place for the personal information system that stores personal information, and established and operated access control procedures for this.
■ Contact Information of Personal Information Control Manager and Authorized Person
In order to protect the customer's personal information and handle requests for personal information access and complaints related to personal information, the company designates the relevant department and the person in charge of personal information protection as follows:
- You may report to the personal information control manger or the relevant department any complaints regarding all personal information protection incurred in using the Services of the Company.
- The Company will promptly give sufficient answers as to the reports of users.
- If you need other reports or consultations for personal information infringements, please ask inquiries to the following institutions.
* Personal Information Dispute Mediation Committee (https://www.kopico.go.kr/)
* Personal Information Infringement Reporting Center (www.eprivacy.or.kr / 02-580-0533~4)
* Internet Crime Investigation Center of Supreme Prosecutors’ Office (http://www.spo.go.kr)
* Cyber Crime Investigative Service of National Police Agency (https://ecrm.police.go.kr/minwon/main)
■ Duty to Notify
The current personal information treatment policies shall be applicable from [2022.06.23]. When there is an addition, deletion, or amendment of the content, it shall be publicly announced through notifications of the homepage from at least seven (7) days before the amendment. Also the Company has made it easy to check amendments by giving the version numbers and the date of amendment to the personal information treatment policies.
These policies shall be implemented from [2022.06.23].
Article 25 (Jurisdiction and Governing Laws)
① Any lawsuit relating to electronic commercial transactions incurred between the Company and users shall be brought to a competent court of jurisdiction under the Civil Procedural Code.
② Any lawsuit for electronic commercial transactions brought between the Company and users shall be governed by the Korean laws.