This Privacy Policy applies to the users of the services of (주)선스킨코스메틱 (hereinafter referred to as the "Company"). The Company establishes and discloses these guidelines on the processing of personal information in accordance with Article 30 of the Personal Information Protection Act, in order to protect the personal information of the data subjects and to quickly and smoothly handle related complaints.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following. If the purpose of use changes, necessary measures will be implemented, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. Homepage Membership Registration and Management Processing for confirmation of membership registration intent, identification/authentication for providing membership services, maintenance and management of member qualifications, identity verification under the restricted identity verification system, prevention of illegal or unauthorized service use, checking consent from a legal guardian when processing personal information of children under 14, various notifications/announcements, and handling of inquiries.
2. Provision of Goods or Services Processing for delivery of goods, provision of services, sending of contracts/invoices, customized content, identity verification, age verification, fee payment and settlement, and debt collection.
3. Handling of Complaints Processing for verification of complainant identity, confirmation of complaints, contact/notification for fact-finding investigations, and notification of processing results.
Article 2 (Processing and Retention Period of Personal Information)
(1) The Company processes and retains personal information within the personal information retention and use period prescribed by laws or agreed upon when collecting personal information from data subjects. (2) The processing and retention periods for each type of personal information are as follows:
1. Homepage Membership Registration and Management: Until membership withdrawal However, in the following cases, until the termination of the relevant cause: 1) If an investigation or inquiry is underway due to violation of relevant laws, until the completion of such investigation or inquiry 2) If any debt or credit relationship remains in connection with the use of the website, until the settlement of such relationship
2. Provision of Goods or Services: Until the completion of goods/services supply and fee settlement However, in the following cases, until the expiration of the relevant period: 1) Records on transactions under the Act on the Consumer Protection in Electronic Commerce, etc. - Records on display/advertising: 6 months - Records on contract or withdrawal of subscription, payment, and supply of goods: 5 years - Records on consumer complaints or dispute handling: 3 years 2) Preservation of communication confirmation data under the Protection of Communications Secrets Act - Date and time of subscriber telecommunications, start/end time, counterpart subscriber number, usage frequency, outgoing base station location tracking data: 1 year - Computer communication or internet log files, connection location tracking data: 3 months
Article 3 (Provision of Personal Information to Third Parties)
(1) The Company processes data subjects' personal information only within the scope specified in Article 1. The Company provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the data subject or special provisions of the law, and does not otherwise provide personal information to third parties. (2) The Company does not currently provide personal information to third parties. If third-party provision becomes necessary for seamless service in the future, we will obtain prior consent and provide only the minimum necessary information.
Article 4 (Entrustment of Personal Information Processing)
(1) The Company entrusts the processing of personal information as follows for smooth personal information business operations:
| Trustee | Details of Entrusted Work |
|---|---|
| Cafe24 Corp. | Provision of shopping mall hosting systems, data storage and server infrastructure |
| Payment Gateway (PG) | Payment and escrow services |
| Courier & Delivery Services | Product shipping and return/exchange collection |
| Identity Verification Agencies | Member registration and identity verification |
(2) When concluding an entrustment contract, the Company specifies matters concerning responsibilities such as the prohibition of processing personal information other than for the purpose of performing entrusted work, technical/managerial protective measures, restrictions on re-entrustment, management/supervision of the trustee, and compensation for damages in documents like contracts in accordance with Article 25 of the Personal Information Protection Act, and supervises whether the trustee processes personal information safely. (3) If the content of the entrusted work or the trustee changes, we will disclose it through this Privacy Policy without delay.
Article 5 (Rights of Data Subjects and Legal Representatives and How to Exercise Them)
(1) The data subject may exercise their rights related to personal information protection against the Company at any time: 1. Request for access to personal information 2. Request for correction in case of errors 3. Request for deletion 4. Request for suspension of processing (2) The exercise of rights under paragraph (1) may be made through writing, telephone, email, fax, etc., and the Company will take action without delay. (3) If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed. (4) The exercise of rights under paragraph (1) may be done through a representative, such as a legal representative of the data subject or a person who has been delegated. In this case, a power of attorney must be submitted. (5) Data subjects shall not violate the Personal Information Protection Act and other relevant laws to infringe upon their own or others' personal information and privacy processed by the Company.
Article 6 (Items of Personal Information Processed)
The Company processes the following personal information items:
1. Homepage Membership Registration and Management - Required: ID, Name, Password, Address, Mobile Phone Number, Email, Date of Birth, Gender, IP Address, Date of Registration (Legal Guardian's details for applicants under 14) - Optional: Marketing opt-in, Interests
2. Provision of Goods or Services - Required: Name, Email, Mobile Phone Number, Address, Order Details, Payment Information (Credit card number / Bank account details), Shipping Information
Article 7 (Destruction of Personal Information)
(1) The Company destroys personal information without delay when the personal information becomes unnecessary, such as the expiration of the retention period or achievement of the processing purpose. (2) If personal information must be continuously preserved under other laws despite the expiration of the retention period agreed upon by the data subject or achievement of the processing purpose, the personal information is moved to a separate database (DB) or stored in a different location. (3) The procedure and method of personal information destruction are as follows: 1. Destruction Procedure The Company selects personal information for which destruction reasons have occurred and destroys it under the approval of the Company's privacy officer. 2. Destruction Method The Company destroys personal information recorded and stored in electronic file format so that the records cannot be reproduced, and paper documents are shredded or incinerated.
Article 8 (Measures to Secure Personal Information Safety)
The Company takes the following measures to secure the safety of personal information: 1. Administrative Measures: Verification of internal management plans, regular staff training, etc. 2. Technical Measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs 3. Physical Measures: Access control of server rooms, data archive rooms, etc.
Article 9 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
(1) The Company uses 'cookies' that store and retrieve usage information from time to time to provide users with personalized services. (2) Cookies are small amounts of information sent by the web server (HTTP) to the user's computer browser and are stored on the user's PC or mobile device. (3) Data subjects can allow or block cookies through browser option settings. However, if cookies are blocked, there may be difficulties in using personalized services.
▶ Cookie settings in Web Browsers - Chrome: Settings > Privacy and security > Clear browsing data - Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data
▶ Cookie settings in Mobile Browsers - Chrome: Settings > Privacy and security > Clear browsing data - Safari: Settings > Safari > Advanced > Block All Cookies - Samsung Internet: Settings > Personal data > Delete browsing data
(4) The Company collects and uses information to optimize services by tracking the visit and usage patterns, popular search terms, and secure connections of websites and services visited by the user.
Article 10 (Privacy Officer)
(1) The Company designates a privacy officer to oversee and take overall responsibility for personal information processing and handle complaints and damage remedies:
▶ Privacy Officer Name: 손연희 Title: Privacy Officer Contact: 080-919-8583, sunskin45880@naver.com
▶ Privacy Department Department: Customer Support Team Contact: 080-919-8583, sunskin45880@naver.com
(2) Data subjects can contact the privacy officer and department for all inquiries, complaints, and remedies regarding personal information protection that arise while using the Company's services. The Company will respond and take action without delay.
Article 11 (Request for Access to Personal Information)
Data subjects can make requests for access to personal information under Article 35 of the Personal Information Protection Act to the following department. The Company will make efforts to handle requests quickly.
▶ Department for Receiving/Processing Requests for Access Department: Customer Support Team Contact: 080-919-8583, sunskin45880@naver.com
Article 12 (Remedies for Rights Infringement)
Data subjects can contact the following institutions for inquiry and consultation regarding damage remedies and counseling for personal information infringement: 1. Personal Information Dispute Mediation Committee: (toll-free) 1833-6972 (www.kopico.go.kr) 2. Personal Information Infringement Report Center: (toll-free) 118 (privacy.kisa.or.kr) 3. Supreme Prosecutors' Office: (toll-free) 1301 (www.spo.go.kr) 4. National Police Agency: (toll-free) 182 (ecrm.police.go.kr)
Article 13 (Implementation and Amendment of Privacy Policy)
This Privacy Policy shall take effect on May 29, 2026.