Privacy Policy
1. General Provisions
① KTOWN4U Co.,Ltd. (herein after referred to as “the Company”) regards the privacy of users as highly important and complies with the personal information protection regulations under relevant laws such as 「Personal Information Protection Act」, 「Act on Promotion of Information and Communications Network Utilization and Information Protection」, 「Protection of Communications Secrets Act.」
② "The Company" mandatorily notifies and obtains consent from all users prior to collection and use of user personal information, and does not collect, use, or provide users' personal information without former consent. However, if you refuse to provide consent, access to all or some parts of the related services may be restricted.
2. Purpose of Collection and Use of Personal Information
"The Company" processes personal information for the following purposes. The use of personal information will be limited to the purposes listed below, and will require additional consent or other necessary measures in case of change in purpose of use.
| Type | Purpose | Items |
|---|---|---|
| Sign Up | Ktown4u online platform usage,mileage accumulation and usageProvision of information related to the use of Ktown4u online platform services (notification delivery,. service-related inquiry response, complaint/grievance response, etc.) Age verification (14 and above) | (Mandatory) Email(ID), Password, Name, Date of Birth |
| Service | Order, Delivery, Returns, AS | (Mandatory) Orderer name, Recipient name, Delivery address, Mobile number |
| Payment | Payment, Refund | (Mandatory)Bank account information, Payment information |
3. Outsourcing of Personal Information Processing
"The Company" outsources the following personal information processing tasks to external parties to ensure better service provision, customer convenience, and business operations.
| Purpose of Outsourcing | Service Provider |
|---|---|
| Ktown4u Database Operations Support | Bespin Global Database Managed Service |
| Payment Gateway | KGINICIS CO.,LTD, Toss Payments, Alipay, Alipay+, Wechatpay, Eximbay, ICB |
| Email Service | Stibee |
| SMS Service | Luna Soft, TasOn |
| Customer Service (CS) Support | Channel Corp., Ltd. |
| Product Delivery | Korea: CJ Logistics, Lotte Global Logistics Corporation Overseas: BROS CARGO INTERNATIONAL, YTO Express, EMS, SAGAWA, DHL, UPS, ACI, DOORA LOGISTIC, SF EXPRESS (AIR) |
| Data Storage and Infrastructure Management | Amazon Web Services, Inc |
4. Provision of Personal Information to Third Parties
"The Company" does not provide personal information to third-party organizations without customer consent or as permitted by legal regulations and personal information protection laws.
5. Transfer of Personal Information Abroad
"The Company" transfers personal information abroad as outlined below for purposes such as enhanced user convenience. Users may refuse the collection and transfer of the personal information abroad. However, refusal to consent may result in limitations on service access.
| Transferred Items | Transfer Method | Receiving Country and Company | Purpose of Transfer | Retention and Usage Period |
|---|---|---|---|---|
| IPDevice ID Device Model NameOS Information Service Usage Information Visit History | Regularly transferred through information network system during the service provision process | U.S. Google Inc. Google LLC privacy team googlekrsupport@google.com | User behavior analysis and promotion target identification Application functionality improvement | Until membership cancellation Until termination of service contract |
6. Retention and Use Period of Personal Information
"The Company" retains and uses customers' personal information for the period during which notice and consent have been received. Upon fulfillment of personal information collection purpose, end of retention period, or withdrawal of consent, collected personal information is destroyed. However, personal information may be retained for a period as specified below if prior consent has been obtained or if required by relevant laws. In cases of consent or account withdrawal, the information will be stored separately.
| Retained Items | Retention Period | Relevant Laws |
|---|---|---|
| Service Usage Records, Access Logs,Access Ip Information, Cookies | 3 Months | Protection of Communications Secrets Act |
| Records Related to Display/Advertisements | 6 Months | Act on the Consumer Protection in Electronic Commerce |
| Records of Consumer Complaints or Dispute Resolution | 6 Months | |
| Records related to contracts or withdrawal of offers | 5 Years | |
| Records on Payment and Supply of Goods and Services | 5 Years |
7. Procedures and Methods for the Destruction of Personal Information
① "The Company" promptly destroys personal information upon fulfillment of personal information collection purpose, end of retention period, or withdrawal of consent in accordance with "6. Retention and Use Period of Personal Information."
② Personal Information printed on paper is destroyed by shredding or incineration, and personal information stored in electronic file format is deleted using technical methods that prevent its recovery
.
8. User Rights and Procedures for Exercising Them
① Users may at any time access or modify their registered personal information and may also request membership cancellation. To find/edit personal information, users can use the 'Personal Information Update' (or "Account Management," etc.), and to cancel membership or delete account information, users can select "Delete Account" in "My Account" page.
② If a user requests correction of errors in their personal information, the information will not be used nor provided until the correction in completed. Additionally, if incorrect personal information have already been provided to a third party, "the Company" will promptly notify the third party of the correction and ensure that the necessary updates are made.
③ Personal information terminated or deleted at users' request will be handled in accordance with the provisions outline in "6. Retention and Use Period of Personal Information" and will not be accessed or used for any other purposes.
9. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
① Operation of Cookies
A. "The Company" website uses cookies for user authentication purposes.
B. Cookies are small data files sent by an HTTP server to a user's browser, which help confirm the legitimacy of the user between internet web pages and the users' computers.
C. "The Company" website utilizes cookies to identify ID related information, in order to provide more suitable and useful services to users.
D. Users can choose whether to accept cookies. By changing the settings in their web browser, users can allow all cookies, prevent cookies from being stored, or refuse all cookie storage. However, refusal of cookies may result in inability to access services that require login.
② Methods for Refusing Cookie Collection
- Edge : Menu > Settings > Cookies and site permissions
- Chrome : Menu > Settings > Privacy and security
- Safari : Safari : Preferences > 'Prevent cross-site tracking' and 'Block all cookies'
10. Technical and Managerial Measures for Protecting Personal Information
① Technical Measures
A. "The Company" is equipped with server and network security systems.
B. "The Company" uses a web firewall and takes best measures to protect users' personal information.
C. Users' personal information is encrypted for storage and management in accordance with legal standards. Files and transmitted data are also encrypted.
D. "The Company" regulates access to personal information through permission grant, update, and revoke of access rights to the personal information processing system.
E. Access logs to the personal information processing system are managed in accordance with relevant laws and regulations, and security systems are used to prevent forgery, tampering, theft, and loss of these logs.
② Managerial Measures
A. "The Company" operates its services with a certification for information security management from an external professional institution, ensuring the secure protection of personal data.
B. "The Company" restricts access to personal data to a minimal number of authorized personnel.
C. "The Company" has established internal regulations to ensure that employees can familiarly adhere to the guidelines and procedures for accessing and managing personal data. Regular training on data protection is also conducted.
D. "The Company" has developed and implemented an internal management plan to ensure the secure handling of personal data.
11. Personal Information Security Officer and Personnel
① Chief Personal Information Security Officer
- Name: Lee. hang kyu Director
- Department: Department of Management Support
- 이메일: Ktown4u@ktown4u.com
② Personal Information Security Manager
- Name: Nam. Gwangmu Manager
- Department: General Management Team
- Email: Ktown4u@ktown4u.com
12. Supplementary Provisions
In the event of changes to this privacy policy, 'The Company' will notify users through the platform's announcement section at least 7 days prior to the effective date. For significant changes impacting user rights or obligations, notice will be provided at least 30 days in advance.
