** This sample template is provided to support online shopping mall operation and may require modification depending on the type of business. Before applying the following to your shopping mall, please check the management details of your shopping mall and carefully use and apply. **
_______roro.el______ Co., Ltd. (hereinafter referred to as the "Company") values the personal information of customers and complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection.
The Company informs you of the purpose and method of using the personal information provided by users to the company and what measures are being taken to protect personal information by specifying the privacy policy as follows.

■ Collected personal information and method of collection a.
Information we collect
• The company collects the following information for membership registration, consultation, and service application.
o When signing up for membership: name, date of birth, gender, ID, password, home phone number, mobile phone number, e-mail, legal representative information of subscribers under the age of 14 o When applying for service: address, payment
information
• Information collected in the process of using or processing online services: usage records, access logs, cookies, access IP information, payment records, bad usage information, etc.
o How personal information is collected
• Personal information is collected through the homepage, letter, bulletin board, e-mail, event application, delivery request, telephone, fax, and generated data collection tool.

■ Collect and use of personal information
The company collects personal information for the following purpose and use.
• Provides services according to the contract implementation and the payment system according to the contract
Securities, and financial services according to delivery, payment, etc. according to shipping, payment, payment, etc.
• Members management
For the use of membership service for use of membership service, confirmation, confirm whether or notification, etc. for the use of membership, complaints, complaints, etc.
• marketing and promote marketing and promotions
Statistics statistically identifies the site access frequency and usage frequency and usage frequency of advertisements....

■ Retention and use period of personal information
In principle, after the purpose of collecting personal information is achieved, the information is destroyed without delay. However, it will be retained for the period specified for the following reasons:

A. Retention of information according to internal policies of the company
Even if a member cancels his/her membership, he/she may retain his/her personal information for 00 years from the date of termination to resolve disputes that may arise later and to comply with the demands of laws and regulations. To prevent the recurrence of illegal use by rogue members, the regulatory agency

B. Basis for personal information retention under relevant laws and regulations
Where it is deemed necessary to retain personal information pursuant to the provisions of relevant statutes, such as the Consumer Protection Act in Electronic Commerce, etc., it shall be prescribed in the following subparagraphs: The Company shall do the following for a certain period of time as prescribed by relevant laws and regulations.
• Records concerning the withdrawal of contracts or subscriptions, etc.;
o Purpose of Holding: Consumer Protection Act in Electronic Commerce, etc.
o Retention period: 5 years
• Records of payment settlement and supply of goods, etc.
o Purpose of Holding: Consumer Protection Act in Electronic Commerce, etc.
o Retention period: 5 years
• Records concerning the handling of consumer complaints or disputes
o Purpose of Holding: Consumer Protection Act in Electronic Commerce, etc.
o Retention period: 3 years
• Logging records
o Purpose of possession: Communications Secret Protection Act
o Retention period: 3 months

■ Procedures and methods for destroying personal information
In principle, it is destroyed immediately after the purpose of collecting personal information is achieved. The procedure and method of destruction are as follows.
• Revocation procedure
In accordance with internal policies and reasons for information protection under relevant laws, personal information is transferred to a separate database (DB) after achieving its purpose (separate filing box for paper), and then discarded after a certain period of time. Personal information transferred to a separate DB is not used for any other purpose except in the case of law.
• Destruction method
Use technical methods to stop copying personal information stored in electronic form.
■ disclosure of personal information
In principle, the company does not disclose the user's personal information to the outside world except in the following cases.
• User's informed consent
• Where it is required by an investigative agency for investigative purposes in accordance with laws and regulations or in accordance with procedures prescribed by laws and regulations.

■ Consignment of collected personal information
The company entrusts the personal information collected to the following specialized companies to provide services.
• Trustee: [Delivery company name]
• Consignment details: [Delivery company consignment details]

•  Consignee: [Name of payment gateway provider]
• Details of consignment: [Payment gateway provider’s consignment details]

•  Consignee: View Supplier list
• Details of consignment: [Details of consignment]
 
■ The rights of users and legal representatives and methods of exercising those rights
• The user may view or edit his/her personal information and request to terminate membership at any time.
• To view or edit a user’s personal information, click on ‘Edit Personal Information’ (or ‘Edit Member Information’) and to cancel subscription (terminate membership) click on ‘Terminate Membership.’ Upon clicking, you’ll be directed to an identification process before you can directly access, correct, or cancel membership.
• User may contact the chief privacy officer by letter, telephone or email, and necessary actions will be taken.
• Should a user request corrections on errors of personal information, the Company shall not use or provide any personal information until a correction is made. In addition, if the wrong personal information has already been provided to a third party, the Company shall immediately notify them so that a proper correction can be made.
• If personal information is canceled or deleted upon request of user, the Company will comply with the terms specified under “Period of possession and utilization of personal information,” and prohibit disclosure or use for any other purposes. 

■ Install, manage and deny operation of device for automatic collection of personal information
The Company uses ‘cookies’ that frequently save and retrieve your information. A cookie is a very small text file that the server, used to operate the Company’s website, sends to your browser. The file is saved in the hard disk of your computer.
The Company uses cookies for the following purposes:
• Use and purpose of cookies
o To analyze the frequencies of a member and non-member’s visit, understand user’s preferences and interests and track user’s footprints, and carry out target marketing and provide customized service by checking level of participation in various events and number of visits.
o You have the right of choice in regards to the installation of cookies. Accordingly, you may allow all cookies by modifying your cookie settings, go through a confirmation process whenever a cookie is saved, or refuse to have all cookies saved.
• Settings to reject establishment of cookies
o To reject establishment of cookies, select options on your web browser and change your settings to allow all cookies, go through a verification process before saving cookies, or reject to save all cookies.
o Example (For Internet Explorer)
- Go to ‘Tools’ located on the top of Web Browser > Internet Options > Privacy
o However, there may be certain difficulties in using the services if you reject the installment of cookies. 

■ Civil services with respect to personal information
To protect your personal information and deal with complaints related to personal information, the Company has appointed the following department and chief privacy officer.
• Principal Privacy Officer
Name:
Department:
Phone Number:
E-mail:

• Chief Privacy Officer
Name:
Department:
Phone Number:
E-mail:

• You may report any personal information protection-related complaints that occur while using the company's services to the person in charge of personal information protection or the department in charge.
• The company will give you a prompt and sufficient response to your report.
• If you need to consult or report other personal information infringement, please contact the institution below.
o Personal Information Infringement Reporting Center (privacy.kisa.or.kr / 118)
o Cybercrime Investigation Team of the Supreme Prosecutors' Office (www.spo.go.kr / 02-3480-2000)
o National Police Agency Cyber Investigation Unit (www.spo.go.kr) ctrc.go.kr/ 182)

■ obligation to notify
The company will announce the revision of the personal information handling policy through a notice on the website (or individual notice).
• This personal information processing policy applies from 2021Y.