damda.Com Company Limited ("the Company") discloses its privacy policy ("Privacy Policy") as follows, which was established to protect its members’ personal information and handle process-related grievance quickly under Article 27.2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and Article 30 of the Personal Information Protection Act.

 

 

Article 1 (Purpose of Use and Collection of Personal Information)

The Company processes only necessary and minimal personal information for the purposes listed in the table below. The Company does not use the collected personal information for purposes other than the following purposes. If the purpose of processing changes, the Company will take necessary measures, such as obtaining separate consent under the applicable laws.

Particular

Purpose

Sign-up

Confirmation of membership intent, identification of users, maintenance and management of membership, contact for notification of agreement fulfillment and change of terms and conditions, handling customer grievances such as complaints, prevention of illegal use, service provision and agreement fulfillment, customized member service provision, location-based service provision

Provision of goods and services and performance of the agreement

Provision of services to facilitate transactions between users, provision of contents, product delivery, financial services and authentication, sending agreements and bills, payment and settlement of fees, prevention of illegal transactions

Marketing and advertisement

Provision of customized services to members, provision of services according to statistics on the use of members’ services, identification of web page access frequency, information on new goods or services, delivery of advertising information such as events, operation of member participation spaces

 

Article 2 (Items and Purpose of Use and Collection of Personal Information)

① The Company collects and uses the following information items.

Particular

Purpose of Collection

Items to be Collected

Mandatory

Optional

Individual

Buying Members

Identification, provision of age-limited services, notifying agreement fulfillment and changes in the terms and conditions, verification of the member’s intent, handling of customer grievance and complaints

Name, ID, password, mobile phone number, e-mail address

Gender, date of birth, postal address

Order placing, payment, and delivery service provision

Name, telephone (mobile) number, bank account information for mobile payment

Cash receipt information for whose requesting a cash receipt

Development of new services, provision and marketing customized services, statistics, and survey on service usage

 

Gender, date of birth, mobile phone number, e-mail address

Operation of the integrated services, including user verification, whether the member is the principal, age verification, and prevention of illegal use (* Finding ID/PW and browsing adult products, etc.)

Name, date of birth, mobile phone number, CI/DI, I-PIN authentication results, mobile carrier, whether the member is a local or foreigner, service usage records, device information

Gender

Customs clearance for goods delivered abroad

Name in English, personal customs code

Date of birth

Linkage with damda Cash and damda Point

 

Name, ID, CI/DI, mobile phone number

Selling Members

Issuance of tax bills under Article 32 of the Value-Added Tax Act

Name, contact number, resident registration number, address

 

Delivery of payments and provision of payment services

Name, contact number, business registration number, credit card information, bank account information (account holder and account number)

 

Provision of selling-related services

Name, mobile phone number, address

 

Provision of special services provided by damda to its selling members

   

Companies

Buying Members

Provision of corporate member services, prevention of duplicate sign-up

ID, password, name of the legal representative, name of the person in charge, business registration number

Contact number of the business and the person in charge, CI/DI, e-mail address

 

Order placing, payment, and delivery service provision

Trade name, name of the person in charge, contact number of the business and the person in charge, address, bank account information (account holder and account number)

Cash receipts information for those who request a cash receipt

Development of new services, provision and marketing customized services, statistics, and survey on service usage

 

Name of the legal representative, Contact number of the business and the person in charge, e-mail address

Operation of the integrated services, including user verification, whether the member is the principal, and preventing illegal use (* Finding ID/PW and browsing adult products, etc.)

Name of the legal representative, name of the person in charge, business registration number, contact number of the business and the person in charge, CI/DI, I-PIN authentication results, service usage records, device information

 

Customs clearance for goods delivered abroad

Corporate customs code

 

Linkage with damda Cash and damda Point

 

Name of the legal representative, name of the person in charge ID, CI/DI, contact number of the business and the person in charge

Selling Members

Issuance of tax bills under Article 32 of the Value-Added Tax Act

Name of the legal representative, name of the person in charge, business registration number, contact number of the business and the person in charge, corporate registration number, CI/DI

 

Delivery of payments and provision of payment services

Name of the legal representative, name of the person in charge, business registration number, contact number of the business and the person in charge, credit card information, bank account information

 

Provision of selling-related services

Name of the legal representative, name of the person in charge, contact number of the business and the person in charge, address

 

Provision of special services provided by damda to its selling members

   

 

② The Company obtains additional consent from the user when it collects additional personal information through affiliates to provide related services.

③ The Company may collect, store, combine, or analyze the information automatically created while the users use the Company’s services, including the service usage record (IP address, cookie, MAC address, access record, record of inadequate use) and mobile device information (App or OS versions).

④ The Company collects personal information after obtaining consent from the data subject unless provided otherwise in the applicable laws and regulations. The Company does not collect sensitive information, such as race, origin, domicile, thoughts and beliefs, political opinions, criminal record, and health unless provided otherwise in the applicable laws and regulations or upon the user’s consent.

⑤ The Company allows users to sign up for members over the age of 14 and does not collect personal information from children under the age of 14 who require the Company to obtain the consent of a legal representative for collecting and using their personal information. However, if the legal representative's consent is obtained, the Company may collect and use the personal information of users under the age of 14.

⑥ The Company collects personal information in the following methods:

  1. On its website, through documents/fax/telephone or users’ provision at the customer center or events; or
  2. Automatically using a tool that automatically collects created information.

⑦ When collecting personal information, the Company follows the procedure by which users can consent to collecting (1) minimum ‘mandatory’ items necessary for the service use and (2) ‘optional’ items for other purposes separately. The Company does not refuse to provide services because the user does not consent to provide optional items.

 

Article 3 (Period of Retention and Use and Destruction of Personal Information)

① In principle, the Company retains and uses users’ personal information for a period as noticed or agreed and destructs it without delay when the purpose of its collection and use has been achieved or users request. However, the Company may retain personal information for a certain period as required by law as follows:

Applicable Law

Purpose

Items to be Collected

Retention Period

Protection of Communications Secrets Act

To provide to an investigation agency that has received a court warrant

Log record and IP

3 months

Act on the Consumer Protection in Electronic Commerce, Etc.

To record consumer complaints or dispute settlement

Consumer identification information and dispute handling records

3 years

To record payments and goods supply

Consumer identification information and agreement/application withdrawal records

5 years

To record agreement/application withdrawals

Framework Act on National Taxes

To calculate the national tax exclusion period

National tax evidence

10 years

To calculate the extinctive prescription of national tax collection

Tax base and tax report data

5 years

Value-Added Tax Act

To disclose books, tax bills, import tax bills, and receipts

VAT base and VAT report data

5 years

Electronic Financial Transaction Act

To check electronic transaction records

Electronic financial transaction records and information on the counterparties

5 years

 

② The Company retains records of illegal transactions (name, ID, CI/DI, mobile phone number, e-mail address, date of birth, etc.) for one year to prevent illegal transactions.

③ The retention period of the collected personal information begins at the time of sign-up and ends upon the termination of the service use agreement. However, for any of the following reasons, the retention period shall end when the respective reason is resolved:

  1. Until the investigation for the breach of law is completed; or
  2. Until the claims and debts arising from the website usage are settled.

④ The Company destructs:

  1. Hard copies of personal information by shredding with a pulverizer or incinerating it; or
  2. Personal information stored in electronic files using a technological method that makes the information not restorable.

⑤ If there is no record of the member’s service usage for a year, the member is notified in advance that his/her information is stored separately under the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. However, if necessary to preserve it by law, such as the laws listed in Paragraph 1, it is retained for the period specified in the relevant laws.

 

Article 4 (Provision of Personal Information to Third Party)

① The Company uses the member’s personal information within the scope notified in Article 1 (Purpose of Use and Collection of Personal Information) and does not use it beyond the scope or provide it to a third party without the member's prior consent. However, exceptions are made in the following cases:

  1. Where the member has consented to the disclosure or provision to a third party;
  2. It is required by law or required by a criminal investigation agency under the statutory procedures and methods for crime investigation;
  3. It is necessary for settling fees or goods supply.

② If it is necessary to provide personal information to a third party for other reasons, the Company may do so through legitimate procedures such as obtaining the members’ consent.

③ The Company may provide personal information to the following recipients as shown in the table below through legitimate procedures such as obtaining the member’s consent if necessary for the member’s transaction fulfillment:

 

Recipients of Information

Items to be Provided

Purpose of Use of Recipient

Period of Retention and Use

Sellers

[Sellers list]

ID, name, telephone number, mobile number, delivery address, e-mail address (if selected), customs code (if selected), date of birth (if selected)

Handling the tasks necessary for the agreement fulfillment (information and communications service agreement, electronic transaction agreement (mail order), including product/giveaway/service delivery(transmission), product installation, returns, refunds, and customer counseling

1 month upon the termination of the buying service

Competent tax office

Buyer’s information (address, name, date of birth), date of order, order quantity, the purchase amount

Obtaining quarterly details on mail orders for alcoholic beverages under the National Tax Service Notice

Up to 4 months

 

④ Members may refuse to consent to the provision of personal information to a third party and may withdraw their consent at any time. Users may sign up for membership and use some services even if they refuse to consent, but the use/provision of services provided by third parties may be restricted.

⑤ The Company will notify the members of changes in the ‘provision of personal information to a third party’ on its website or individually.

 

Article 5 (Consignment of Personal Information Processing)

① The Company hires the following contractors to process personal information effectively.

 

Contractor

Tasks Consigned

KCP Co., Ltd., LG U+ Co., Ltd., NICE Information Service, KCB Co., Ltd

User identification (real name/account authentication, mobile authentication, I-PIN, duplicate sign-up, linkage information, credit card authentication)

KCP Co., Ltd., KG Mobilians Co., Ltd., LG U+ Co., Ltd., KCP Co., Ltd., NICE I&T, PayPal Pte Ltd, Tencent & Tenpay

Payment processing (mobile and credit card payments)

KCP Co., Ltd., BC Card, Kookmin Card,

Payment processing for credit cards issued overseas

CJ Logistics Corp.

Return, exchange, collection services

CVS Net Co., Ltd.

CV-pick-up delivery services

LG U+ Co., Ltd.

Provision of virtual number services

LG CNS

Provision of good-purchase-related Kakao Talk notice service

EMS, SF Express, DHL

International delivery services

 

 

 

② When outsourcing personal information processing to a third party, the Company effects such outsourcing through a document stating (1) the prevention of personal information processing for other purposes than the outsourced purpose, (2) technical and managerial safeguards of personal information, (3) the prevention of re-outsourcing of personal information processing, (4) supervision and management of the outsourcee, and (5) the compensation for damages. The Company ensures that the outsourcees process personal information safely.

③ The Company will disclose through this Privacy Policy without delay if the tasks consigned or the contractors are changed.

 

Article 6 (Access to or Rectification of Personal Information)

① Members may exercise the following rights regarding the personal information protection, at any time, against the Company subject to the applicable laws or the Company’s terms and conditions:   

  1. Access to personal information;
  2. Make corrections to personal information;
  3. Delete personal information;
  4. Make suspension of the processing; and,
  5. Withdraw membership.

② Members may exercise the above rights using the “Change Personal Information” menu on the Company’s website or in writing, by telephone, e-mail or fax, and the Company will take immediate action thereto.

③ If a member requests correction or deletion of personal information, the Company will not use or provide the personal information until the correction or deletion is completed. However, if the member had provided incorrect personal information, the Company will notify a third party of the result of the correction process so that the correction can be made.

④ Members may exercise their rights under Paragraph 1 through their legal representative or other delegated representative. In this case, a power of attorney must be submitted using the form provided in Attachment 11 of the Enforcement Rule of the Personal Information Protection Act.

⑤ Members shall not violate their or others’ personal information and privacy handled by the Company by breaching the laws on personal information, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., the Personal Information Protection Act, and the Resident Registration Act.

⑥ The Company assumes no liability for any problem caused by leakage of personal information due to the member’s carelessness, attacks that cannot be blocked with security measures under the relevant laws,  or Internet problems (such as intrusion using hacking techniques) beyond the Company’s reasonable control.

 

※ Members shall use the “Membership Withdrawal” function on the Company’s website or contact the customer center (02-2252-6767) to withdraw their membership as their account remain active even if they delete the app on the smartphone.

 

Article 7 (Collection of IDFA when Using Mobile App)

① ADID/IDFA is an identifier for mobile app users and is collected to provide user-specific services or measure the effectiveness of advertising to provide ads in a better environment.

② The Company requests its members to permit the Company’s access to members’ smartphone apps mandatorily or optional to provide customized services to the members. Members can directly reject the request using the “Setup” menu on the device or change the permission.

 

※ The app store provides details on changing app permissions.

 

Article 8 (Installation, Operation, and Rejection of Auto Personal Information Collection Devices)

① The Company uses cookies that save the information used on the Internet site it operates to provide personalized services. Cookies are tiny text files that the server uses to run the Company’s website sent to the user’s browser and stored on the user’s computer hard disk.

② The Company may use cookies for the following purposes:

  1. To identify the member and maintains his/her login status;
  2. To analyze the access frequency and visit time of members and non-members, identify members’ tastes and interests, and use them as measures such as target marketing and service reorganization;
  3. To provide personalized service to the re-visiting members by tracking the contents they viewed with interest; and,
  4. To provide optimized information to the members by identifying popular search terms and security access

③ Members can choose to accept all cookies, verify that cookies are stored every time, or refuse to store all cookies by setting options in a web browser. However, if the member refuses to store cookies, it may difficult to use some services that require logging in. 

④ Cookies expire after a day or when the cookie browser is closed or logged out. Members can delete them using “‘Delete Cookies” on the browser.

 

※ To set the option of installing cookies on Internet Explorer:

- [Tools] -> Internet Options.

- Click on [Privacy Options].

- Set the [Personal Information Level].

 

Article 9 (Responsibility for Linked Sites)

The Company may provide the members with links to other websites. However, this Privacy Policy does not apply to the linked websites’ collection of personal information.

 

Article 10 (Securing Safety of Personal Information)

The Company provides the following measures necessary to secure the safety of its members’ personal information:

  1. Technical Measures
  2. Members’ personal information is protected by a password. Additional security features, such as encryption or the lock function for files and transmitted data, are also used when storing important data.
  3. The Company uses anti-virus programs to prevent damage caused by computer viruses. The vaccine programs are updated periodically. The Company provides the vaccine as soon as it is released for a new and sudden virus emergence to protect personal information from being infringed.
  4. The Company applies a security device (SSL or SET) to transmit personal information on the network using cryptographic algorithms safely.
  5. The Company uses intrusion prevention and vulnerability analysis systems for each server to prepare for external intrusions such as hacking and makes every effort to ensure security.
  6. Administrative Measures
  7. The Company limits the number of personnel handling personal information to a minimum and raises the awareness of the importance of privacy by training the related personnel periodically on security technology and the duty of protecting personal information.
  8. The Company demands a security pledge from a new personal information handler to prevent information leakage in advance. It has established internal procedures to monitor the implementation and compliance with the Privacy Policy.
  9. The transfer of work by personal information handlers is carried out thoroughly while security is maintained, and the Company has clarified the personal information handler’s responsibility for personal information accidents that arise after their joining or leaving the Company.

 

  1. Physical Measures
  2. The Company runs a department dedicated to personal information protection to effectively protect personal information and strives to promptly correct any problems by checking the personal information handler’s compliance with the Privacy Policy.
  3. The Company keeps personal information separate from general data.
  4. The Company controls access to personal information by setting the computer room and data storage room as specially protected areas.

 

Article 11 (Privacy Officer)

① The Company has appointed the following Privacy Officer to supervise the handling of personal information and handle members’ complaints and remedy for damages related to personal information processing:

Privacy Officer: Hae-san Lee

E-mail address: cs@damda.com

Telephone: +82-02-2252-6767

Fax: +82-02-3298-9898

② Members can contact the Privacy Officer for any questions, complaints, or remedies for damages relating to personal information protection. The Company will give them an answer as soon as possible to the member’s inquiries.  

 

Article 12 (Remedy for Infringement on Members’ Rights)

Members can contact the following organizations for remedies and consultation for personal information infringement.  

 

※ The following organizations are independent of the Company. Any member not satisfied with the Company’s complaint handling and remedial procedures or requiring further help can contact the following organizations.

 

  1. Personal Dispute Mediation Committee

Telephone: 1833-6972

URL: http://www.kopico.go.kr

  1. Personal Information Infringement Reporting Center

Telephone: 118

URL: http://privacy.kisa.or.kr

  1. High-Tech and Financial Crimes Investigation Division, Supreme Prosecutors’ Office

Telephone: 1301

URL: http://www.spo.go.kr

  1. National Police Cyber Security Agency

Telephone: 182

URL: http://cyberbureau.police.go.kr

 

Article 13 (Duty of Notification)

The provisions in this Privacy Policy may be added, deleted, or modified due to changes in related laws and guidelines or by Company’s needs. In this case, the Company will notify its members of such additions, deletions, and modifications at least seven days (30 days in case of material changes) before the amendment’s effect on the Company’s website or by e-mail. If such prior notification is difficult, the Company will notify the Members of such amendment after the amendment’s effect without delay. All amendments will be implemented seven days after the notification unless otherwise notified.

 

 

Date of Notification: June 1, 2021

Date of Enforcement: June 8, 2020

 

Please contact the Privacy Officer or the person in charge if you have any comments or complaints regarding the Company’s measures for personal information protection. The Company is committed to handling such matters quickly and accurately.

 

Telephone: +82-02-2252-6767

E-mail address: cs@damda.com