Banul Personal Information Treatment Policies

Banul (hereinafter referred to as “Company”) very seriously takes into consideration protection of customers personal information, and complies with the Act Relating to Promotion of Information Communications Network and Personal Information Protection.  The Company hereby notifies customers for what uses and in what ways we use the personal information provided by customers and what measures we take to protect the personal information.  When the personal information treatment policies are amended, the Company will notify customers thereof through the website notifications (or individual notifications). 

 

Items of Personal Information to be Collected and Collection Methods

The Company collects the following personal information for purposes of providing membership services, including membership subscriptions, consultations, prevention of wrongful uses:

 

* Required items : names, IDs, passwords, e-mail addresses, addresses, mobile phone numbers, telephone numbers, IP addresses, payment records,

* Selective items : Information required by the Company to provide customized services.

 

Purpose of Collection and Use of Personal Information

The Company uses the collected personal information for the following purposes:

 

- Payment of costs incurred as a result of performing agreements on provisions of services or providing services, Provisions of the contents, purchases or cost payments, deliveries of goods or sending bills, etc., verifying identifications for financial transactions, and financial services

 

- Control of Members

To verify identifications for uses of membership services, to identify individuals, to prevent wrongful uses of bad members or unauthorized uses, to verify intents for subscriptions, to verify ages, to verify the consent of a legal representative for collecting personal information of children of not more than fourteen (14) years old, to handle civil complaints including handling grievances, to convey notifications

 

- Use for Marketing and Advertisements

To convey information for advertisements including events, to figure out contact frequencies, to obtain statistics on service uses by members

 

Retention and Use Period for Personal Information

In principle, after the purposes of collecting and using personal information have been fulfilled, the Company shall without delay destroy relevant information; provided, however, that the Company shall retain personal information for a certain period of time where it is required to do so for purposes of confirming transactions related management and rights under the provisions of relevant laws including the Commercial Code and the Act Relating to Consumer Protection in Electronic Commercial Transactions as follows: 

- Records on agreements or withdrawals of offers : five (5) years (the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc.)

- Records on payments and supplies of goods : five (5) years (the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc.)

- Records on complaints of consumers or dispute resolutions : three (3) years (the Act Relating to Protection of Consumers in Electronic Commercial Transactions, etc.)

- Where personal information has been collected for temporary purposes, such as questionnaires, events : at the time of completion of a particular questionnaire or event

- Records on verification of identification: six (6) months (the Act Relating to Information Communication Network Promotion and Personal Information Protection)

- Records on visits (log-ins) : three (3) months (the Communication Secret Protection Act)

 

Destruction Procedures and Methods for Personal Information

The Company in principle shall without delay destroy relevant information after the purposes of collecting or using personal information have been fulfilled.  The destruction procedures and methods shall be as follows:

 

- Destruction Procedures

The information entered by users for use of the services is moved to a separate database after the purposes have been fulfilled (a separate document in the case of a sheet), and destroyed after the information has been saved for a certain period of time according to the information protection reasons under the internal policies or other relevant laws (for your reference, see the retention and use period for personal information).  The personal information separately moved to a database is not used for purposes other than the purpose of being preserved unless it is so required by laws.

 

- Destruction Methods

* The personal information printed out in sheets shall be shredded by paper shredders or destroyed by way of incineration.

* The personal information saved in an electronic file format shall be deleted with the use of technical methods in which records cannot be regenerated

 

Provisions of Personal Information to Third Parties

The Company uses the personal information of users within the scope that users have consented to the “Purpose of Collecting and Using Personal Information,” but does not use the personal information of users in excess of the scope without prior consent of users or in principle does not disclose the personal information of users to the outside; provided, however, that exceptions are made in the following cases: 

- Where users have given a prior consent thereto; or
- Where there is required under the provisions of laws or requested by investigating agencies according to the procedures and methods prescribed under the laws for investigation purposes.

Delegation of Handling Personal Information

In the event that the Company handles the personal information of users by delegation to ensure smooth handling of duties, it must give users a prior notice of the persons delegated to handle the personal information (hereinafter referred to as “Delegatees”) and the content of duties delegated to handle the personal information.  Currently, the Company’s delegatees to handle personal information and the content of duties shall be as follows:

 

Persons for delegation (delegatees)

and the content of duties for delegation (delegated duties)

Logen Co, ePost

providing services for shipping goods, the shipping place, the arrival information, etc.

Connect Wave Co., ltd

Management by consignment of customer information DB system (outsourcing for data processing)

Paypal

Payments

 

Rights of Users and Legal Representatives and the Exercise Methods

 

- Users and their legal representatives may at any time inquire or change their registered personal information, and also may request terminations of applications (withdrawals of consents). 


- Users may read, correct personal information or withdraw from membership after passing an identification verification procedure by clicking on the “Change of Personal Information” (or “Change of Member Information”, etc.) in order to inquire or change the personal information of users or children of no more than fourteen (14) years old, or by clicking on the “Withdrawal from Membership” in order to terminate their membership (withdraw their consents).

 

- Otherwise, if a user contacts the personal information control manager in writing, by phone or e-mail, the Company shall take measures without delay.

 

- Where a user has requested corrections of errors in the personal information, the Company does not use or provide the personal information until the corrections are completed.  Also where the wrong personal information has been previously provided to a third party, the Company will make corrections by notifying a third party without delay of the results of corrections.

 

- The Company handles the personal information terminated or deleted upon request of users or their legal representatives as specified in the “Retention and Use Period of Personal Information,” and take measures to ensure that the personal information is not read or used for any other purposes.

 

Matters on Operation of Cookies

The Company operates cookies, etc. that frequently save and find out information of users (persons who get access).  Cookies are very small text files sent to your browser by the server used to operate the website, which are saved to your computer hard disk.  The Company uses cookies for the following purposes. 

 

- The purpose of using cookies, etc.

Performing target marketing activities and providing customized services by analyzing the access frequencies or visit hours, etc. of members and nonmembers who intend to use cookies, etc., figuring out users’ preferences and interested fields and following traces, figuring out various event participations and the number of visits, etc.

You have the option to install cookies.  Therefore, by selecting an option in your web browser, you may allow all cookies, pass confirmations whenever cookies are saved, or otherwise refuse the savings of all cookies.

 

- How to Refuse Installation of Cookies

By selecting options in your web browser, you may allow all cookies, pass through confirmations whenever cookies are saved, or otherwise refuse the savings of all cookies.

- How to Install Cookies (In case of the Internet Explorer) : Tool on the top of the web browser > Internet Option > Personal Information
- Provided, however, that if you has refused the installation of cookies, it may be difficult to provide the services.

 

Contact Information of Personal Information Control Manager and Authorized Person

The company has designated the authorized relevant department and the personal information control manager in order to protect personal information of customers and handle personal information related complaints as follows:

 

Department for Customer Service :

CS team

Telephone No. : +82-1544-1334

E-mail : info@banul.co.kr                 

Name of Personal Information Control Manager : Bokyum Kim

Telephone No. : +82-1544-1334

E-mail : plan@banul.co.kr

 

- You may report to the personal information control manger or the relevant department any complaints regarding all personal information protection incurred in using the Services of the Company. 

- The Company will promptly give sufficient answers as to the reports of users.

- If you need other reports or consultations for personal information infringements, please ask inquiries to the following institutions.

* Personal Information Dispute Mediation Committee (www.1336.or.kr / 1336)

* Information Protection Mark Certification Committee (www.eprivacy.or.kr / 02-580-0533~4)

* Internet Crime Investigation Center of Supreme Prosecutors’ Office (http://icic.sppo.go.kr / 02-3480-3600)

* Cyber Crime Investigative Service of National Police Agency (www.ctrc.go.kr / 02-392-0330)

 

Duty to Notify

The current personal information treatment policies shall be applicable from 2023.12.12.  When there is an addition, deletion, or amendment of the content, it shall be publicly announced through notifications of the homepage from at least seven (7) days before the amendment.  Also the Company has made it easy to check amendments by giving the version numbers and the date of amendment to the personal information treatment policies.

These policies shall be implemented from 2023.12.12.