PRIVACY POLICY
‘GARUHARU. ONLILNE’ OF
ARTICLE 1. PERSONAL INFORMATION COLLECTION ITEMS AND METHODS
ARTICLE 2. PURPOSE OF COLLECTING PERSONAL INFORMATION
ARTICLE 3. PERSONAL INFORMATION RETENTION PERIOD
ARTICLE 4. DESTRUCTION OF PERSONAL INFORMATION
ARTICLE 5. CONSIGNMENT OF PERSONAL INFORMATION PROCESSING
ARTICLE 6. PROVISION OF PERSONAL INFORMATION TO THIRD PARTIES
ARTICLE 7. MEASURES TO ENSURE THE SAFETY OF PERSONAL INFORMATION
ARTICLE 8. MATTERS CONCERNING THE INSTALLATION, OPERATION AND REJECTION OF AUTOMATIC PERSONAL INFORMATION COLLECTION DEVICES
ARTICLE 9. PERSON IN CHARGE OF PERSONAL INFORMATION PROTECTION AND RELATED DEPARTMENTS
ARTICLE 10. RIGHTS AND OBLIGATIONS OF INFORMATION SUBJECTS AND LEGAL REPRESENTATIVES AND METHODS OF EXERCISING THEM
ARTICLE 11. REMEDIES FOR INFRINGEMENT OF RIGHTS
ARTICLE 12. DUTIES OF NOTIFICATION
ARTICLE 1. PERSONAL INFORMATION COLLECTION ITEMS AND METHODS
| Collection Period | Classification | Description |
|---|---|---|
| User registration | [Mandatory] Name, e-mail, mobile phone number | |
| Use of website and watching videos | [Mandatory] Usage history of cookie and service (time of visit, IP, record of illegal use) device infirmation (unique device identifier, OS version | |
| Purchase of product | General | [Mandatory] purchase record (product, price) |
| Use of credit card | [Mandatory] credit card company name, credit card number, expiration date, CVC (*It is sent to the payment consignee and is not stored within the company.) | |
| Use of bank transfer | [Mandatory] Bank name, name of depositor, account number (*It is sent to the payment consignee and is not stored within the company.) |
|
| Delivery of product | [Mandatory] Name, address, contact number | |
| Customer service | [Mandatory] Name, mobile phone number e-mail, consultation details (depends on the type of inquiry) |
|
| Refund | [Mandatory] Bank name, name of account holder, account numbet | |
| Handling of tax and public charge | [Mandatory] Name, address, resident registration number or similar |
THE COMPANY HANDLES THE FOLLOWING PERSONAL INFORMATION ITEMS.
THE COMPANY COLLECTS PERSONAL INFORMATION IN THE FOLLOWING WAYS.
1. IN THE PROCESS OF REGISTERING AS A USER AND USING THE SERVICE, THE USER AGREES TO THE COLLECTION OF PERSONAL INFORMATION AND ENTERS THE INFORMATION DIRECTLY.
2. PERSONAL INFORMATION MAY BE PROVIDED FROM EXTERNAL COMPANIES OR ORGANIZATIONS AFFILIATED WITH THE COMPANY, AND IN THIS CASE, PERSONAL INFORMATION IS COLLECTED AFTER OBTAINING CONSENT FROM THE USER TO PROVIDE PERSONAL INFORMATION FROM THE AFFILIATE.
3. DURING THE CONSULTATION PROCESS, THE PERSONAL INFORMATION OF USERS MAY BE COLLECTED THROUGH WEB PAGES, E-MAILS, FAXES, AND PHONE CALLS.
ARTICLE 2. PURPOSE OF COLLECTING PERSONAL INFORMATION
THE COMPANY COLLECTS PERSONAL INFORMATION FOR THE FOLLOWING PURPOSES. THE COLLECTED PERSONAL INFORMATION WILL NOT BE USED FOR PURPOSES OTHER THAN THE FOLLOWING.
1. USER IDENTIFICATION, IDENTITY VERIFICATION, ETC. FOR WEBSITE USER REGISTRATION AND USER MANAGEMENT, ETC.
2. PROVISION OF GARUHARU.ONLINE SERVICES AND OTHER ADDITIONAL DIRECTLY OR INDIRECTLY RELATED SERVICES, ETC.
3. TRANSACTIONS SUCH AS TUITION PAYMENT, REFUND, AND REFUND
4. RESPONSE TO INQUIRIES, COMPLAINT HANDLING, IMPROVEMENT OF USER SERVICE, ETC.
5. DELIVERY OF NOTICES FOR SERVICE OPERATION SUCH AS CHANGE OF TERMS AND CONDITIONS, SERVICE FAILURE, SERVICE USE HISTORY, PERSONAL INFORMATION USE HISTORY, ETC.
6. IDENTIFICATION AND AUTHENTICATION, MAINTENANCE AND MANAGEMENT OF USER QUALIFICATIONS, ETC. TO PREVENT ILLEGAL SIGNUP AND ILLEGAL USE
7. NOTIFICATION OF PROMOTIONS SUCH AS EVENTS
8. CONFIRMATION OF INTENTION TO PARTICIPATE IN THE EVENT, DELIVERY OF PRIZES TO EVENT PARTICIPANTS, PROCESSING OF PUBLIC AND PRIVATE TAXES, ETC.
9. ANALYZE SERVICE USAGE ENVIRONMENT THROUGH SERVICE USAGE RECORDS, ETC., TO IMPROVE SERVICE AND PROVIDE SERVICES IN CONSIDERATION OF USER CHARACTERISTICS, ETC.
ARTICLE 3. PERSONAL INFORMATION RETENTION PERIOD
IN PRINCIPLE, THE COMPANY DESTROYS PERSONAL INFORMATION WITHOUT DELAY WHEN THE PURPOSE OF COLLECTION AND USE IS ACHIEVED OR WHEN CONSENT IS WITHDRAWN OR THE USER WITHDRAWS. THIS IS FROM THE SIGNING OF THE SERVICE USE CONTRACT (WHEN A USER JOINS) TO THE TERMINATION OF THE SERVICE USE CONTRACT (INCLUDING APPLICATION FOR WITHDRAWAL AND WITHDRAWAL OF CONSENT). PERSONAL INFORMATION OF USERS NOT REUSED WITHIN THE PERIOD (ONE YEAR) DEFINED BY LAWS AND REGULATIONS IS DESTROYED OR STORED AND MANAGED SEPARATELY FROM OTHER USERS’ PERSONAL INFORMATION. HOWEVER, THE FACT THAT PERSONAL INFORMATION IS DESTROYED OR SEPARATED AND STORED AND MANAGED 30 DAYS BEFORE THE EXPIRATION OF THE PERIOD, THE DATE OF EXPIRATION OF THE PERIOD AND THE ITEMS OF THE RELEVANT PERSONAL INFORMATION CAN BE SENT BY E-MAIL, WRITING, FACSIMILE TRANSMISSION, TELEPHONE, OR SIMILAR METHODS OR BY ANY ONE OF A METHOD SIMILAR THERETO NOTIFY USERS.
HOWEVER, EXCEPTIONS ARE MADE WHEN STIPULATED IN THE RELEVANT LAWS OR WHEN CONSENT IS OBTAINED FROM THE USER.
| Information stored | Reason for storage | Storage period |
|---|---|---|
| Records on contract or subscription withdrawal, etc. | Act on Consumer Protection in Electronic Commerce, Etc. | 5 years |
| Records on payment and supply of goods | Act on Consumer Protection in Electronic Commerce, Etc. | 5 years |
| Records on consumer complaints or dispute resolution | Act on Consumer Protection in Electronic Commerce, Etc. | 3 years |
| Records on display/advertisement | Act on Consumer Protection in Electronic Commerce, Etc. | 6 months |
| Records of website visits | Communication Secret Protection Act | 3 months |
ARTICLE 4. DESTRUCTION OF PERSONAL INFORMATION
IN PRINCIPLE, WHEN THE PURPOSE OF COLLECTION AND USE OF PERSONAL INFORMATION IS ACHIEVED, THE COMPANY DESTROYS THE PERSONAL INFORMATION WITHOUT DELAY. HOWEVER, IF THE PERSONAL INFORMATION RETENTION PERIOD AGREED BY THE USER HAS ELAPSED, OR THE PERSONAL INFORMATION NEEDS TO BE KEPT IN ACCORDANCE WITH OTHER LAWS DESPITE THE ACHIEVEMENT OF THE PURPOSE OF PROCESSING, THE PERSONAL INFORMATION IS SEPARATELY STORED AND PRESERVED. THE COMPANY’S SPECIFIC PERSONAL INFORMATION DESTRUCTION PROCEDURES, DEADLINES, AND METHODS ARE AS FOLLOWS.
1. DESTRUCTION PROCEDURE
– AFTER THE PURPOSE OF COLLECTION AND USE HAS BEEN ACHIEVED, THE PERSONAL INFORMATION PROVIDED TO THE USER’S COMPANY IS TRANSFERRED TO A SEPARATE DB (IN THE CASE OF PAPER, A SEPARATE FILING CABINET), STORED FOR A CERTAIN PERIOD OF TIME IN ACCORDANCE WITH THE INTERNAL POLICY OR THE REASON FOR PRESERVATION UNDER RELEVANT LAWS AND REGULATIONS, AND THEN DESTROYED.
– PERSONAL INFORMATION TRANSFERRED TO A SEPARATE DB WILL NOT BE USED FOR ANY OTHER PURPOSE EXCEPT AS REQUIRED BY LAW.
2. DEADLINE OF DESTRUCTION
– PERSONAL INFORMATION WHOSE RETENTION PERIOD HAS ELAPSED WILL BE DESTROYED WITHIN FIVE BUSINESS DAYS FROM THE END OF THE RETENTION PERIOD.
– WHEN THE PERSONAL INFORMATION BECOMES UNNECESSARY, SUCH AS THE ABOLITION OF THE SERVICE OR THE TERMINATION OF THE BUSINESS, THE PERSONAL INFORMATION IS DESTROYED WITHIN FIVE BUSINESS DAYS FROM THE DATE ON WHICH THE PROCESSING OF PERSONAL INFORMATION IS RECOGNIZED AS UNNECESSARY.
3. DESTRUCTION METHOD
– PERSONAL INFORMATION STORED IN THE FORM OF AN ELECTRONIC FILE IS DESTROYED USING A TECHNICAL METHOD THAT CANNOT REPRODUCE THE RECORD.
– PERSONAL INFORMATION PRINTED ON PAPER IS SHREDDED WITH A SHREDDER OR DESTROYED THROUGH INCINERATION.
ARTICLE 5. CONSIGNMENT OF PERSONAL INFORMATION PROCESSING
THE COMPANY ENTRUSTS THE PROCESSING OF PERSONAL INFORMATION AS FOLLOWS FOR SMOOTH SERVICE PROVISION AND EFFECTIVE BUSINESS PROCESSING.
| Classification | Consignee | Consignment work |
|---|---|---|
| Payment | CODEM | Linking with PG company when paying |
| KGinicis | Credit card payment, direct deposit | |
| Eximbay | Global Credit card payment | |
| Data analysis | Google analytics | Data analysis processing |
| Google Webmaster | ||
| Naver Webmaster |
WHEN THE COMPANY CONCLUDES A CONSIGNMENT CONTRACT, IN ACCORDANCE WITH THE 「PERSONAL INFORMATION PROTECTION ACT」 AND 「INFORMATION AND COMMUNICATIONS NETWORK ACT」, MATTERS CONCERNING PERSONAL INFORMATION PROCESSING, TECHNICAL AND MANAGEMENT PROTECTION MEASURES, RE-ENTRUST RESTRICTIONS, MANAGEMENT AND SUPERVISION OF THE TRUSTEE, AND DAMAGES ARE SPECIFIED IN DOCUMENTS SUCH AS CONTRACTS AND SUPERVISED WHETHER THE TRUSTEE HANDLES PERSONAL INFORMATION SAFELY. IF THE CONTENTS OF THE CONSIGNMENT WORK OR THE CONSIGNEE ARE CHANGED, WE WILL DISCLOSE IT THROUGH THIS PERSONAL INFORMATION PROCESSING POLICY WITHOUT DELAY.
ARTICLE 6. PROVISION OF PERSONAL INFORMATION TO THIRD PARTIES
1. THE COMPANY USES THE USER’S PERSONAL INFORMATION ONLY WITHIN THE SCOPE SPECIFIED IN ARTICLE 2 OF THIS POLICY, ‘PURPOSE OF COLLECTING PERSONAL INFORMATION,’ AND IN PRINCIPLE, DOES NOT PROVIDE THE USER’S PERSONAL
INFORMATION TO A THIRD PARTY. HOWEVER, EXCEPTIONS ARE MADE IN THE FOLLOWING CASES.
1) WHEN THE USER AGREES TO THE PROVISION OF A THIRD PARTY FOR THE EXECUTION OF THE TRANSACTION
| Recipient | Purpose of provision | List offered | Retention and use period |
|---|---|---|---|
| The delivery company of the product purchased by the user |
Delivery of purchased products, customer consultation and complaint handling |
The recipient's name mobile phone number, and address |
3 months from the date of purchase |
2) WHEN THERE IS A REQUEST FROM AN INVESTIGATION AGENCY IN ACCORDANCE WITH THE PROCEDURES AND METHODS STIPULATED IN LAWS AND REGULATIONS FOR THE PURPOSE OF INVESTIGATION AND INVESTIGATION
2. IF THE USER CONSENTS TO THE PROVISION OF THIRD PARTY INFORMATION AND THE COMPANY PROVIDES PERSONAL INFORMATION TO A THIRD PARTY, THE USER MUST NOTIFY THE USER OF THE REQUIRED NOTICE (PERSON WHO RECEIVES PERSONAL
INFORMATION, THE PURPOSE OF USE OF PERSONAL INFORMATION BY THE PERSON WHO RECEIVES PERSONAL INFORMATION, ITEMS OF PERSONAL INFORMATION TO PROVIDE, PERIOD OF RETENTION AND USE OF THE PERSON WHO RECEIVES
PERSONAL INFORMATION) AND OBTAIN CONSENT, OR PROVIDE PERSONAL INFORMATION TO A THIRD PARTY ONLY WITHIN THE SCOPE PERMITTED BY THE RELEVANT LAWS.
ARTICLE 7. MEASURES TO ENSURE THE SAFETY OF PERSONAL INFORMATION
THE COMPANY IS TAKING THE FOLLOWING ADMINISTRATIVE / PHYSICAL / TECHNICAL MEASURES TO ENSURE THE SAFETY OF PERSONAL INFORMATION.
1. ADMINISTRATIVE ACTIONS
– SELF-AUDIT RELATED TO THE HANDLING OF PERSONAL INFORMATION, EDUCATION OF PERSONAL INFORMATION HANDLER, ESTABLISHMENT AND IMPLEMENTATION OF AN INTERNAL MANAGEMENT PLAN, ETC.
2. PHYSICAL MEASURES
– ACCESS CONTROL IN COMPUTER ROOMS OR COMMUNICATION ROOMS ETC., DOCUMENTS CONTAINING PERSONAL INFORMATION, AUXILIARY STORAGE MEDIA, ETC., ARE STORED IN A SAFE PLACE WITH A LOCKING DEVICE, ETC.
3. TECHNICAL MEASURES
– MANAGEMENT OF ACCESS RIGHTS OF PERSONAL INFORMATION PROCESSING SYSTEM, INFORMATION PROTECTION SYSTEM INSTALLATION, VACCINE PROGRAM INSTALLATION, ETC.
ARTICLE 8. MATTERS CONCERNING THE INSTALLATION, OPERATION AND REJECTION OF AUTOMATIC PERSONAL INFORMATION COLLECTION DEVICES
THE COMPANY USES ‘COOKIES’ TO STORE AND RETRIEVE USAGE INFORMATION FROM TIME TO TIME TO PROVIDE USERS WITH INDIVIDUALLY CUSTOMIZED SERVICES.
1. DEFINITION OF COOKIE
– IT IS A VERY SMALL TEXT FILE THAT THE SERVER USED TO OPERATE THE WEBSITE TRANSMITS TO THE USER’S COMPUTER AND IS STORED ON THE USER’S COMPUTER HARD DISK.
– IT IS A SMALL AMOUNT OF INFORMATION STORED IN THE USER’S TERMINAL WHEN THE USER USES THE APPLICATION SERVICE OR VISITS THE SITE AND STORES INFORMATION THAT CAN BE READ WHEN THE USER REVISITS THE SITE.
2. PURPOSE OF USE OF COOKIES
– SECURE CONNECTION
– MAINTAIN THE USER’S CONNECTION SESSION
– ANALYSIS OF USAGE/VISITING BEHAVIOR FOR SERVICES AND SITES
3. COOKIE INSTALLATION/OPERATION AND REJECTION
WHEN A USER USES THE SERVICE THROUGH THE WEB, BY SETTING THE BROWSER OPTION, ALL COOKIES CAN BE ACCEPTED, CHECKED EVERY TIME A COOKIE IS SAVED, OR ALL COOKIES CAN BE REJECTED. HOWEVER, IN THE CASE OF APPLICATIONS, THE COOKIE SETTING OPTION MAY NOT BE SUPPORTED. (※ IF YOU REFUSE TO STORE COOKIES, YOU MAY BE RESTRICTED FROM USING SOME SERVICES THAT REQUIRE LOGIN.)
4. EXAMPLE OF HOW TO REJECT COOKIES
– CHROME: AT THE TOP RIGHT OF THE BROWSER, ‘CHROME CUSTOMIZATION AND CONTROL ICON > SETTINGS > SHOW ADVANCED SETTINGS AT THE BOTTOM OF THE SCREEN > PRIVACY > CONTENT SETTINGS > COOKIES
ARTICLE 9. PERSON IN CHARGE OF PERSONAL INFORMATION PROTECTION AND RELATED DEPARTMENTS
THE COMPANY IS RESPONSIBLE FOR THE HANDLING OF PERSONAL INFORMATION AND HAS DESIGNATED A PERSON IN CHARGE OF PERSONAL INFORMATION PROTECTION AS FOLLOWS FOR HANDLING COMPLAINTS AND DAMAGE RELIEF FROM USERS RELATED TO PERSONAL INFORMATION PROCESSING. YOU CAN CONTACT THE PERSON IN CHARGE OF PERSONAL INFORMATION PROTECTION AND THE DEPARTMENT IN CHARGE OF ALL PERSONAL INFORMATION PROTECTION-RELATED INQUIRIES, COMPLAINT HANDLING, AND DAMAGE RELIEF THAT OCCURRED WHILE USING THE COMPANY’S SERVICES (OR BUSINESS). THE COMPANY WILL ANSWER AND PROCESS USERS’ INQUIRIES WITHOUT DELAY.
PERSONAL INFORMATION PROTECTION OFFICER
NAME: EUNYOUNG YUN
CONTACT: help@garuharu.online
ARTICLE 10. RIGHTS AND OBLIGATIONS OF INFORMATION SUBJECTS AND LEGAL REPRESENTATIVES AND METHODS OF EXERCISING THEM
1. THE INFORMATION SUBJECT MAY AT ANY TIME REQUEST CORRECTION, WITHDRAWAL OF CONSENT, DELETION, OR REQUEST FOR VIEWING OF THE COLLECTED INFORMATION. HOWEVER, SOME OR ALL OF THE SERVICES MAY BE RESTRICTED WHEN CONSENT IS WITHDRAWN/DELETED.
2. (INQUIRY/MODIFY/CORRECTION) YOU CAN USE THE PERSONAL INFORMATION MANAGEMENT MENU OR 1:1 CONSULTATION ON THE HOMEPAGE. IN ADDITION, IF INCORRECT PERSONAL INFORMATION HAS ALREADY BEEN PROVIDED TO A THIRD PARTY FOR A REASONABLE REASON, THE RESULT OF THE CORRECTION PROCESSING WILL BE NOTIFIED TO THE THIRD PARTY WITHOUT DELAY TO CORRECT IT.
3. (WITHDRAWAL OF CONSENT/DELETION) WITHDRAWAL OF CONSENT OR DELETION OF COLLECTED INFORMATION CAN BE REQUESTED USING A 1:1 CONSULTATION. HOWEVER, THE USE OF SOME OR ALL OF THE COLLECTED INFORMATION MAY BE RESTRICTED WHEN CONSENT IS WITHDRAWN/DELETED, AND IN THE CASE OF INFORMATION COLLECTED IN ACCORDANCE WITH OTHER LAWS, IT MAY BE DIFFICULT TO WITHDRAW CONSENT.
4. (USER WITHDRAWAL) USER CAN REQUEST THEIR WITHDRAWAL THROUGH THE ‘MY PAGE > ACCOUNT MANAGEMENT > USER WITHDRAWAL’ MENU, AND THE WITHDRAWAL WILL BE PROCESSED IMMEDIATELY UPON REQUEST.
5. (CONSULTATION/INQUIRY) RECORDING MAY BE CONDUCTED DURING CONSUMER CONSULTATION/INQUIRY, AND SEPARATE GUIDANCE IS PROVIDED THROUGH A COUNSELOR DURING RECORDING.
6. THE EXERCISE OF RIGHTS UNDER ‘1’ CAN BE PROCESSED THROUGH AN AGENT SUCH AS THE LEGAL REPRESENTATIVE OF THE INFORMATION SUBJECT OR A PERSON WHO HAS BEEN DELEGATED. IN THIS CASE, YOU MUST SUBMIT A POWER OF ATTORNEY IN ACCORDANCE WITH FORM 11 OF THE ENFORCEMENT RULE OF THE PERSONAL INFORMATION PROTECTION ACT.
7. THE COMPANY DOES NOT COLLECT PERSONAL INFORMATION FROM PERSONS UNDER THE AGE OF 14.
ARTICLE 11. REMEDIES FOR INFRINGEMENT OF RIGHTS
THE INFORMATION SUBJECT MAY APPLY FOR DISPUTE RESOLUTION OR CONSULTATION WITH THE PERSONAL INFORMATION DISPUTE MEDIATION COMMITTEE OR THE KOREA INTERNET & SECURITY AGENCY PERSONAL INFORMATION INFRINGEMENT REPORT CENTER TO RECEIVE RELIEF FROM PERSONAL INFORMATION INFRINGEMENT. IN ADDITION, PLEASE CONTACT THE FOLLOWING ORGANIZATIONS FOR OTHER PERSONAL INFORMATION INFRINGEMENT REPORTS AND CONSULTATIONS.
1. PERSONAL INFORMATION DISPUTE MEDIATION COMMITTEE: (WITHOUT AREA CODE) 1833-6972 (WWW.KOPICO.GO.KR)
2. PERSONAL INFORMATION INFRINGEMENT REPORT CENTER: (WITHOUT AREA CODE) 118 (PRIVACY.KISA.OR.KR)
3. SUPREME PROSECUTORS’ OFFICE: (WITHOUT AREA CODE) 1301 (WWW.SPO.GO.KR)
4. NATIONAL POLICE AGENCY CYBER INVESTIGATION BUREAU: (WITHOUT AREA CODE) 182 (CYBERBUREAU.POLICE.GO.KR)
ARTICLE 12. DUTIES OF NOTIFICATION
THE CURRENT PERSONAL INFORMATION PROCESSING POLICY IS EFFECTIVE FROM THE EFFECTIVE DATE, AND IF REVISION IS NECESSARY, IT WILL BE NOTIFIED THROUGH A NOTICE ON THE WEBSITE AT LEAST SEVEN DAYS IN ADVANCE SO THAT CHANGES CAN BE CONFIRMED.
EFFECTIVE DATE: 2022. 8 .19
English 
Korean