Privacy Policy

PRIVACY POLICY



Article 1 (Purpose)

The following Privacy Policy(hereinafter referred to as ‘this Policy’) is established to protect the information(hereinafter referred to as ‘Personal Information’) of individuals(hereinafter referred to as ‘Users’ or ‘Individuals’) who use the services(hereinafter referred to as ‘Company Services’) that Halalroad Inc.(hereinafter referred to as ‘the Company’) aims to provide by abiding by relevant legislations including the Personal Information Protection Act and the Act on Promotion of Utilization of Information and Communications Network , and to quickly and smoothly process concerns related to the protection of the personal information of service users.


Article 2 (Principles of Personal Information Handling)

The Company may collect the Personal Information of Users following legislations related to Personal Information and this Policy, and the collected Personal Information may be provided to 3rd parties only in the cases where there is consent from the Individual. However, in the case that the company is legally compelled due to the stipulations of legislation etc., the Company may provide the Personal Information of Users to a 3rd party without the prior consent of the Individual.


Article 3 (Disclosure of this Policy)

① The Company shall disclose this Policy in the initial screen of the Company homepage or on a linked screen from the initial screen, so that the User can examine this Policy easily at any time.

② When the Company discloses this Policy in accordance with Paragraph 1, it shall use font sizes and colors that allow Users to easily examine this Policy.


Article 4 (Changes to this Policy)

① This Policy may be amended following changes in legislation, guidelines, and notifications related to Personal Information, or changes in the policy or content of the government or Company service.

② In the event the Company amends this Policy in accordance with Paragraph 1, it shall be notified utilizing one of the following methods.

1. A method of notification through the notifications section on the initial screen of the internet homepage operated by the Company or through a separate window

2. A method of notification to the User through writing, facsimile, electronic mail or other similar methods

③ For the notification in Paragraph 2, the Company shall notify amendments to this Policy at least 7 days prior to the implementation date of the amendment. However, in the event there are important changes to User rights, notification must occur at least 30 days prior.


Article 5 (Scope of Personal Information Collection)

The Company shall collect the minimum amount of Personal Information that is required to provide Company Services to the User.


Article 6 (Information for Membership Registration)

The Company shall collect the following information for membership registration of the User to the Company Services.

1. Required information Customer: E-mail, password, surname, given name, mobile phone number Vendor: E-mail, password, surname, given name, store(store name, address, phone number, operating hours)

2. Optional information Customer: Gender, birthdate, address, nationality, SNS log-in information Vendor: Gender, birthdate, address, nationality, SNS log-in information


Article 7 (Information for Identity Verification)

The Company shall collect the following information for identity verification of the User.

1. Required information Mobile phone number, e-mail address, name, password

2. Optional information Birthdate, gender, identity verification information(CI, DI), mobile service provider, I-Pin information(When using I-Pin), whether the User is a Korean/foreigner


Article 8 (Information for Legal Representative Consent)

In the case the consent of a legal representative is required, the Company shall collect the following information for legal representative consent.

1. Required information Guardian name, guardian birthdate, guardian gender, guardian mobile phone number, country of residence

2. Optional information Whether the guardian is a Korean/foreigner, guardian mobile service provider information, guardian I-Pin information


Article 9 (Information for Payment Services)

The Company shall collect the following information from the User to provide payment services of the Company.

1. Required information Credit card number, credit card password, expiration date, CVC, 4DBC, e-mail, surname, given name

2. Optional information Birthdate


Article 10 (Information for the Provision of Company Services)

The Company shall collect the following information to provide Company Services to the User.

1. Required information E-mail, password, surname, given name, mobile phone number, country of residence

2. Optional information Profile picture, gender, birthdate, address, SNS log-in information (When providing tangible goods) Name, mobile phone number, address, birthdate (When providing mobile goods) Mobile phone number, birthdate (When processing tax and public utilities charges) Name, resident registration number, mobile phone number, address, e-mail address

※ Company Services : In addition to Company Services in accordance to the Company’s user agreement, there are also services including marketing or event management for the provision of Company Services, and service usage environment for the security and privacy of the User etc.


Article 11 (Information to check for service usage and unlawful usage)

The Company shall collect the following information to check for service usage and unlawful usage by the User.

1. Required information Service usage record, cookies, connection location information, device information, device browser information

※ Unlawful usage : Refers to illegal or cheating acts such as re-registration after membership withdrawal, acts of gaining economic benefit through illegal or cheating methods such as gaining discount coupons or event benefits provided by the company though repeated product purchase and purchase cancellation, acts restricted by the user agreement etc., identity theft etc. The collected information may be used for statistics or analysis on Company Service usage.


Article 12 (Personal Information Collection Method)

The Company shall collect the Personal Information of the User through the following methods.

1. The method where the User inputs their Personal Information on the Company homepage

2. The method where the User inputs their Personal Information through services other than the homepage provided by the Company such as applications etc.

3. The method where the User who has received an e-mail sent under the Company name responds to this e-mail

4. The method where the User inputs the information in the process of using Company Services including customer center consultation, activity on bulletin boards etc.


Article 13 (Usage of Personal Information)

The Company shall use Personal Information in each of the following cases.

1. The case it is required for the operation of the Company such as delivery of notifications etc.

2. The case it is used to improve services to the User including responses to usage queries, handling of complaints etc.

3. The case it is used to provide Company Services

4. The case it is used for development of new services

5. The case it is used for marketing such as the provision of event information

6. The case it is used for demographic analysis, service visit and usage information analysis

7. The case it is used for the formation of relationships between users based on Personal Information and interests

8. The case it is used for usage restriction of members who violate laws and Company agreements, the prevention and restrictions on acts that impair the smooth operation of services including unlawful usage


Article 14 (Restriction on provision of Personal Information to 3rd parties)

The Company shall use Personal Information within the scope notified through the collection/usage purpose of Personal Information and cannot use the information in a way which exceeds the scope of the collection/usage purpose of Personal Information or provide the information to a 3rd party without prior consent by the User.


Article 15 (Provision of Personal Information following prior consent etc.)

① Despite the restriction on provision of Personal Information to 3rd parties, the Company can provide Personal Information to a 3rd party in the case the User has disclosed it beforehand or in the case they have agreed to the following.

A. Provision of customer name, e-mail information to Company host for luggage storage and retrieval

B. Provision of host store address, location, store name, phone number to Company customer for luggage storage and retrieval

② In the case there is a change in the relationship for provision to a 3rd party in the previous paragraph, or in the case the relationship for provision to a 3rd party has ended, notification and consent shall be gained from the User through the same procedure.


Act 16 (Provision of Personal Information following legislation etc.)

The Company may collect/use the Personal Information of Users without the consent of the User in any of the following cases.

1. The case when it is clearly difficult to receive standard consent for Personal Information required for the execution of contracts related to the provision of information communications services due to economic/technical reasons

2. The case when bill settlement regarding the provision of information communications services is required

3. In the case there are special regulations regarding the provison of personal information in legislation


Article 17 (Entrustment of Personal Information Processing)

① The Company is entrusting Personal Information in the following manner for smooth service provision and efficient operations.

1. Entrusting Personal Information handling during the [Personal Information Usage Period] to [Inicis],[Eximbay][PayPal]for [global credit card payment, messenger payment, China/Japan/South East Asia specialized payment]

② The Company constantly supervises and monitors whether the entrusted companies are safely handing the entrusted Personal Information, and when the entrustment has been concluded it makes the entrusted companies immediately destroy the Personal information their have.


Article 18 (Storage and usage period of Personal Information)

① Regarding the Personal Information of Users, the Company stores and uses the Personal Information for the period to achieve the purpose of Personal Information collection/usage.

② Despite the previous paragraph, the Company shall store unlawful usage records for a maximum of 1 year from the time of membership withdrawal to prevent illegal registration and usage following internal company guidelines.


Article 19 (Storage and usage period of Personal Information in accordance with legislation)

In accordance with related legislation, the Company shall store and use Personal Information as followings.

1. Storage and usage period following the Act on the Consumer Protection in Electronic Commerce, etc.

- Records regarding execution of the agreement or withdrawal of subscriptions etc.: 5 years

- Records regarding payments and provision of goods etc.: 5 years

- Records regarding consumer complaints or dispute resolution : 3 years

- Records regarding display/advertisement : 6 months

2. Storage information and storage period following the Protection of Communications Secrets Act

- Website log record data : 3 months

3. Storage information and storage period following the Electronic Financial Transactions Act

- Records on electronic financial transactions : 5 years

4. Act on the Protection, Use, Etc, of Location Information

- Records on personal location information : 6 months


Article 20 (Principle on destruction of Personal Information)

In principle, in the case Personal Information is no longer required due to achieve of the purpose of Personal Information processing of the User, elapsing of storage/usage period etc., the Company shall destroy the relevant information without delay.


Article 21 (Handling of Personal Information of service non-users)

① In principle, for the Personal Information of Users who have not used the Company Services for 1 year, the Company shall provide prior notice and destroy or separately store the Personal Information. ② The Personal Information of long-term non-use Users shall be separated and stored safety, and notification to the relevant Users shall be delivered to the electronic mail address at least 30 days prior to the date of separate storage processing by the Company.

③ In the case that long-term non-use Users wish to continue using services before being separated into the separate non-user DB, they can log-in to the Website(hereinafter this term shall include the ‘mobile app’).

④ When long-term non-use Users log-in to the Website, they can restore their account following the consent of the User.

⑤ The Company shall destroy the separately stored Personal Information without delay after storage for 4 years.


Article 22 (Personal Information destruction procedure)

① The information the User has inputted for membership registration, after it has achieved the Personal Information handling purpose, shall be moved to a separate DB(separate filing cabinet in the case of paper) and stored for a certain period following the reason for information protection in accordance with internal policy and other related legislation (refer to storage and usage period) before being destroyed.

② The Company shall destroy Personal information of which a cause for destruction has occurred following the approval procedure of the Personal Information Supervisor.


Article 23 (Personal Information destruction method)

The Company shall delete the Personal Information that is stored in electronic file format using a technical method that does not allow restoration, and Personal Information that is printed out into paper shall be destroyed through shredded using a shredder or incineration etc.


Article 24 (Advertising information transmission measures)

① In the case the Company transmits advertising information for commercial purposes using electronic medium, it must receive clear prior consent from the User. However, prior consent does not need to be received in any of the following cases below

1. In the case the Company has collected contact information directly from the recipient during transactional relationships for goods etc., the case where the Company aims to transmit advertising information for commercial purposes within 6 months from the date the transaction has been concluded regarding the same goods etc. that the Company has processed, and the recipient has transacted

2. The case when an authorized phone salesperson has informed the recipient on the collection source of Personal Information by voice and has cold-called in accordance with the 「Act on Door-to-door Sales etc.」

② Despite the previous paragraph, in the event the recipient has expressed their intent to refuse receipt or in the event they withdraw their prior consent, the Company shall not transmit advertising information for commercial purposes, and they shall inform the recipient of the results of receipt refusal and receipt consent withdrawal processing.

③ In the case the Company transmits advertising information for commercial purposes using electronic medium from the time after 9PM to 8AM the next day, it must receive separate prior consent from the recipient despite paragraph 1.

④ In the event the Company transmits advertising information for commercial purposes using electronic medium, it shall clearly state the following items in the advertising information. 1. Company name and contact information 2. Matters related to receipt refusal or withdrawal of receipt consent shall be shown

⑤ In the event the Company transmits advertising information for commercial purposes using electronic medium, it shall not conduct any of the following actions.

1. Actions to avoid/hinder the receipt refusal or withdrawal of receipt consent by the recipient

2. Actions to automatically create the contact information of recipients including phone numbers, e-mail addresses by combining numbers, symbol, or characters

3. Actions to automatically register phone numbers or e-mail addresses for the purpose of transmitting advertising information for commercial purposes

4. Various actions to hide the identity of the advertising information transmitter or to hide the source of transmission

5. Various actions to induce responses by deceiving the recipient for the purpose of transmitting advertising information for commercial purposes


Article 25 (Protection of Personal Information of children)

① For the protection of the Personal Information of children under the age of 14, the Company shall limit membership registration to Users over the age of 14.

② In the event the User is a child under the age of 14, despite paragraph 1, the Company shall receive consent on the collection, usage, provision etc. of the Personal Information of that child from the legal representative of the child.

③ In the case of paragraph 2, the Company shall additionally collect the name, date of birth, duplicate registration confirmation information(ID), mobile phone number etc. of the legal representative.


Article 26 (Withdrawal of Personal Information collection consent etc.)

① The User or a legal representative can view or modify their own registered Personal Information at any time, they can also request a withdrawal of their consent for the collection of Personal Information.

② In order for the User or a legal representative to withdraw their consent for the collection of their Personal Information, they can contact the Personal Information Protection Supervisor or person in charge through writing, telephone, or e-mail and the Company shall take action without delay.


Article 27 (Changes to Personal Information etc.)

① The User can make a request to the Company through the methods in the above article for the correction of errors in Personal Information.

② In the event of the previous Paragraph, the Company shall not use or provide Personal Information until the correction has been completed, and in the case the incorrect Personal Information has already been provided to a 3rd party, it will inform them without delay to allow the corrections to be made.


Article 28 (Obligations of Users)

① The User must ensure that their Personal Information is up to date, and the responsibility for any issues that occur due to inaccurate information inputted by the User shall remain with the User.

② In the case of membership registration using illegal usage of another person’s Personal Information, this can lead to loss of User status or punishments according to related Personal Information protection legislation.

③ The User has the obligation to maintain security of their e-mail address, password etc., and they may not lend or transfer this to a 3rd party.


Article 29 (Personal Information management by the Company)

Regarding the handling of Personal Information of the User, the Company is considering the following technical/managerial protection measures to ensure security to prevent the loss, theft, leakage, falsification, damage etc. of Personal Information.


Article 30 (Handling of deleted information) For the Personal Information canceled or deleted due to a request from the User or a legal representative, the Company shall handle it following the stipulations shown in the storage and usage period of the Personal Information collected by the Company, and it is handled in a manner that does not allow to be viewed or used for any other use.


Article 31 (Encryption of passwords) The User’s password is stored and managed using uni-directional encryption, and the viewing and changing of Personal Information is only possible by oneself who knows the password.


Article 32 (Provisions to prepare for hacking etc.)

① The Company is doing its utmost to prevent the leaking or damaging of the Personal Information of Users through intrusions in to the information communications network such as hacking, computer viruses etc.

② The Company is preventing the leaking or damaging of the Personal Information or data of Users by using the latest vaccine programs.

③ The Company is ensuring that in the case of sensitive Personal Information (is collected or stored), that the Personal Information is able to be transmitted safely through the network using encrypted communication etc.


Article 33 (Minimization of Personal Information handling, and training)

The Company limits the personnel related to the handling of Personal Information to a minimum, and it is emphasizing adherence to legislation and internal policies through managerial actions such as training of people handling Personal Information etc.


Article 34 (Operation of a department exclusively for Personal Information Protection)

The Company operates a department exclusively for Personal Information protection, and it checks whether items in the Privacy Policy and the person in charge are being adhered to, in the case a problem is discovered it endeavors to do its best to immediately solve and rectify the issue.


Article 35 (Measures regarding Personal Information leakage etc.)

① When the Company discovers the fact that Personal Information has been lost/stolen/leaked(hereinafter referred to as ‘leak etc.’), it must inform the User of all the item below without delay and report to the Korean Communications Commission or the Korea Internet & Security Agency.

1. The Personal Information items that have been leaked etc.

2. The timing of the leak etc.

3. Measures that the User can take

4. Response measures of the information communication service provider etc.

5. Department and contact information where the User can apply for consultation etc.


Article 36 (Exceptions to the measures regarding Personal Information leakage etc.)

Despite the previous article, in the case the Company has a justifiable reason, such as not being able to know the contact information of the User, the Company make take the action of replacing the notification of the above article through the method of display on the Company homepage for over 30 days


Article 37 (Right for the User to choose to install cookies)

① The User has the right to choose to install cookies. Therefore, the User can set the options on the web browser to allow all cookies, to confirm each time a cookie is saved, or to refuse the saving of all cookies.

② However, in the case the saving of cookies is refused, there may be difficulties in using some services of the Company which require log-in.


Article 38 (Method to set Cookie installation allowance)

The method to set whether to allow the installation of cookies(in the case of Internet Explorer) is as follows.

A. Select [Internet Options] from the [Tools] menu.

B. Click the [Personal Information tab].

C. Set the setting in [Advanced] settings.


Article 39 (Designation of a supervisor and person responsible for Personal Information protection by the Company)

The Company has designated the following related department and Personal Information protection supervisors to protect the Personal Information of Users and to handle complaints related to Personal Information.

A. Personal Information Protection Supervisor

- Name: Dongseong Kim

- Telephone: 070-8288-6836

- E-mail: [email protected]


Article 40 (Handling of User Complaints)

The User can report all complaints related to Personal Information protection that occurs during the use of Company Services to the Personal Information protection supervisor. The Company will provide sufficient responses quickly to the reports by the User.


Article 41 (Consultation to institutions by Users)

Users who require reporting or consultation regarding other Personal Information infringements can consult the following institutions.

▶ Privacy Information Protection Portal (operated by the Ministry of Security and Public Administration)

- Responsibilities : Report cases of Personal Information infringement, consultation requests

- Homepage : privacy.kisa.or.kr

- Telephone : (without area code) 118

- Address : (58324) 3rd Floor, 9 Jinheung-gil, Naju city, Jeonnam(301-2 Bitgaram-dong)

▶ Personal Information Dispute Mediation Committee

- Responsibilities : Receive application of Personal Information dispute mediation, collective dispute mediation

- Homepage : www.kopico.go.kr

- Telephone : 1833-6972 - Address : (03171) 4th Floor, Government Complex Seoul, 209 Sejong Daero, Jongno-gu, Seoul

▶ Cyber Division, the Ministry of Scientific Investigation at the Supreme Prosecutors’ Office: 02-3480-2000 (www.spo.go.kr)

▶ Cyber Bureau at the National Policy Agency: (without area code) 182 (cyberbureau.police.go.kr) Supplementary Provisions This Policy shall be effective as of October 10, 2019.


User Consent The following person has understood the contents of this Policy and shall substitute consent regarding the collection and provision to 3rd parties of their Personal Information through the action of making a check mark in the consent section of this Policy.