Privacy Policy [Company Name] (hereinafter referred to as the "Company") establishes and discloses the following Privacy Policy in order to protect the personal information of data subjects and to handle related grievances quickly and smoothly in accordance with Article 30 of the Personal Information Protection Act. Article 1 (Purpose of Processing Personal Information) The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those described below, and if the purpose of use changes, necessary measures such as obtaining separate consent under Article 18 of the Personal Information Protection Act will be implemented. Homepage Membership Registration and Management Personal information is processed for purposes such as confirming the intent to join, identification and authentication for providing membership services, maintaining and managing membership qualifications, identity verification according to the implementation of the limited identity verification system, preventing unauthorized use of services, confirming consent from legal representatives when processing personal information of children under 14, various notices and notifications, and handling grievances. Provision of Goods or Services Personal information is processed for purposes such as product delivery, service provision, sending contracts and invoices, providing content, providing customized services, identity verification, age verification, payment and settlement of fees, and debt collection. Grievance Handling Personal information is processed for purposes such as verifying the identity of the complainant, confirming the complaint, contacting/notifying for factual investigation, and notifying the results of the processing. Article 2 (Processing and Retention Period of Personal Information) ① The Company processes and retains personal information within the personal information retention and use period required by law or the period agreed upon by the data subject at the time of collection. ② The processing and retention periods for each type of personal information are as follows: Homepage Membership Registration and Management: Until the user withdraws from the business/organization's website. However, in the following cases, until the conclusion of the relevant cause: If an investigation is underway due to a violation of relevant laws: Until the end of the investigation. If any claims or obligations remain from the use of the website: Until the settlement of such claims/obligations. Provision of Goods or Services: Until the completion of the supply of goods/services and the completion of payment/settlement. However, records related to transactions under the "Act on Consumer Protection in Electronic Commerce" shall be retained as follows: Records on display/advertising: 6 months Records on contract or subscription withdrawal, payment, and supply of goods: 5 years Records on consumer complaints or dispute resolution: 3 years Retention of communication confirmation data under Article 41 of the "Protection of Communications Secrets Act": Subscriber telecommunication date/time, start/end time, counterpart subscriber number, frequency of use, location data of the originating base station: 1 year Computer communication, internet log records, access point tracking data: 3 months Article 3 (Provision of Personal Information to Third Parties) ① The Company processes the personal information of data subjects only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or under special provisions of the law. ② To provide smooth services, the Company may provide personal information to third parties with the data subject's consent as follows: Recipient: [e.g., OOO Card Co., Ltd.] Recipient's Purpose of Use: [e.g., Joint events, business alliances, and issuance of affiliated credit cards] Items Provided: [e.g., Name, address, phone number, email address, payment account information] Recipient's Retention/Use Period: [e.g., During the transaction period according to the credit card issuance contract] Article 4 (Consignment of Personal Information Processing) ① The Company entrusts personal information processing tasks as follows for smooth business operations: Trustee (Consignee): I'mweb Co., Ltd. Consigned Task: Providing shopping mall hosting systems, mobile app services, marketing services, additional/affiliated services, and sending AlimTalk, FriendTalk, and SMS messages. Trustee (Consignee): [OOO PG] Consigned Task: Payment and escrow services. Trustee (Consignee): [OOO Courier Service] Consigned Task: Product delivery. Trustee (Consignee): [OOO Customer Center] Consigned Task: Customer consultation services. Trustee (Consignee): [OOO] Consigned Task: Identity verification services. [Sub-processors] Sub-processor: I'mweb → Infobip Korea Consigned Task: Sending SMS and KakaoTalk AlimTalk (informational messages). Sub-processor: I'mweb → LunaSoft Co., Ltd. Consigned Task: Sending SMS, KakaoTalk AlimTalk, and FriendTalk messages. ② When concluding a consignment contract, the Company specifies matters such as the prohibition of processing personal information for purposes other than the performance of consigned tasks, technical/managerial protection measures, restrictions on re-consignment, management/supervision of the trustee, and liability for damages in accordance with Article 25 of the Personal Information Protection Act, and supervises the trustee to ensure safe processing. Article 5 (Rights of Data Subjects and Legal Representatives and How to Exercise Them) ① Data subjects may exercise their rights related to personal information protection against the Company at any time: Request for access to personal information. Request for correction in case of errors. Request for deletion. Request for suspension of processing. ② Rights can be exercised via writing, telephone, email, or fax, and the Company will take action without delay. ③ If a data subject requests correction or deletion of errors, the Company will not use or provide the personal information until the correction or deletion is completed. Article 6 (Items of Personal Information to be Processed) The Company processes the following personal information items: Homepage Membership Registration and Management Required: [e.g., Name, date of birth, ID, password, address, phone number, gender, email, i-PIN number] Optional: [e.g., Marital status, interests] Provision of Goods or Services Required: [e.g., Name, date of birth, ID, password, address, phone number, email, payment information such as credit card number and bank account info] Optional: [e.g., Interests, purchase history] Article 7 (Destruction of Personal Information) ① The Company destroys personal information without delay when it becomes unnecessary, such as upon the expiration of the retention period or achievement of the processing purpose. ② If personal information must be preserved according to other laws despite the expiration of the retention period, it will be moved to a separate database or stored in a different location. ③ Destruction Procedure: The Company selects the personal information to be destroyed and destroys it with the approval of the Privacy Officer. ④ Destruction Method: Electronic files are destroyed so records cannot be reproduced, and paper documents are shredded or incinerated. Article 8 (Measures to Ensure the Safety of Personal Information) The Company takes the following measures to ensure safety: Administrative: Establishment and implementation of internal management plans, regular employee training. Technical: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identifiers, and installation of security programs. Physical: Access control for computer rooms and data storage rooms. Article 9 (Installation/Operation of Automatic Personal Information Collection Devices and Refusal) ① The Company uses "cookies" to store and frequently retrieve user information to provide personalized services. ② Cookies are small amounts of information sent by the server (HTTP) to the user's browser and stored on the user's PC or mobile device. ③ Users can refuse cookie storage through browser settings. However, this may cause difficulties in using customized services. Article 10 (Privacy Officer) ① The Company has designated a Privacy Officer to oversee personal information processing and handle complaints: Privacy Officer Name: [Name] Position: [Position] Contact: [Phone], [Email], [Fax] Privacy Department Department Name: [Department Name] Contact: [Phone], [Email], [Fax] Article 11 (Request for Access to Personal Information) Data subjects may request access to personal information to the following department: Department for Access Requests: [Department Name] Contact: [Phone], [Email], [Fax] Article 12 (Remedies for Infringement of Rights) Data subjects may contact the following organizations for remedies or consultations regarding personal information infringement: Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr) Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr) Supreme Prosecutors' Office: 1301 (www.spo.go.kr) National Police Agency: 182 (ecrm.police.go.kr) Article 13 (Effective Date and Changes) This Privacy Policy is effective as of [YYYY. MM. DD.].