Privacy Policy


SPEXTRUM (hereafter Company) shall collect and disclose the Privacy Policy as follows to protect personal information and handle related inquiries in accordance with Article 30 of the ‘Personal Information Protection Act.’

  1. Personal Information Collected, Purpose, Handling, and Retention Period
  • The Company shall collect and use the customer’s personal information for the purposes below. The collected information shall not be used for purposes other than those listed in the table below. In case of changing the purpose, a separate consent process will be executed in accordance with Article 18 of the ‘Personal Information Protect Act.’ Additionally, the collected information shall be deleted promptly by the Company once the collection and usage of personal information has been fulfilled.
Type Purpose Inforamation collected Optional
Website sign-up and management Sign-up/Login Name, ID, password, email Required
Social media login sync Google ID, profile image, name, email Required
Social media login sync Facebook ID, profile image, name, email Required
Social media login sync Line ID, profile image, name, email Required
Social media login sync Apple ID, profile image, name, email Required
Order and shipping management Purchase/Shipping Name, email, payment information, shipping address, postal code, phone number Required
Product feedback and customer support management Providing customer support and replying to customer’s feedback Name, customer number, email Required
Online event and promotion Event / promotion Name, email, phone number Required
Others Preventing illegal/unauthorized uses Name, email, service use history, suspension of use history, termination of use history Required
Complying with the retention period of personal information Name, email, service use history, suspension of use history, termination of use history Required
Service related to product recommendations Name, email, service use history Required
SNS sync SNS info such as Instagram, Kakao, Facebook, and more Required

  • The Company shall collect information stated below while the customer is using the service via web or app.

Information Collected

Purpose

Retention Period

IP address, web browser cookie, connection log, connected device info (manufacturer, model, OS info, app version, UUID, IDFA, etc.) payment history, termination of use history, other service use history, customer inquiry content

- Analyzing service use history statistics

- Applying a security logic for safe transaction process

- Complying with legal obligation for consumer protection

Until the user withdraws account or obligated period set by the court

 

  • However, the info that needs to be retained for a certain period in accordance with legislation during the retention and usage period of personal information provided by the information provider’s consent shall be retained as follows.

Retained Info

Retention Period

Legal Grounds

Records of contract and withdrawal

5 years

Article 6 and Article 6 Paragraph 1 Subparagraph 2 of Act On The Consumer Protection In Electronic Commerce and

Records of payment and currency provision

5 years

Article 6 and Article 6 Paragraph 1 Subparagraph 3 of Act On The Consumer Protection In Electronic Commerce and

Records of customer’s complaints and dispute settlements

3 years

Article 6 and Article 6 Paragraph 1 Subparagraph 4 of Act On The Consumer Protection In Electronic Commerce and

Website browsing history

3 months

Article 12-2 of Protection Of Communications Secrets Act

 

  1. Procedures and Methods for Destroying Personal Information

 The Company shall destroy the personal information without delay if its purpose to process the personal information is achieved. Info that needs to be retained in accordance with legislation shall also be destroyed completely without any delays if the retention period in accordance with the legislation expires.

 The procedures, terms, and methods for destroying the personal information are as follows.

Procedures

The Company shall select personal information that needs to be destroyed and destroy it after obtaining an approval from the person in charge of personal information.

Period

If the personal information becomes unnecessary due to the achievement of the processing of the personal information file, abolition of the relevant service, and the end of the business, the personal information shall be destroyed without any delay from the day that recognizes the processing of the personal information is no longer needed.

 Destruction Period by Types

Sign-up info: Upon withdrawal or terminated, 1 year from the last login date

Payment info: On the final payment date or the period of prescription for bond expires

Shipping info: When the product or service has been delivered or provided

Info collected for temporary purpose such as surveys and events: When the survey or event ends

Methods

Electronic data shall be destroyed by using technical methods such as Low Level Format and Wiping to make it impossible to restore such data.

Paper documents shall be shredded or incinerated.

 (*): The Company shall destroy the personal information of customers that haven’t logged in to SPEXTRUM’s official online mall or membership check website for 1 year in accordance with Article 29 of Information and Communications Network Act and ‘Personal Information Validity Period Plan.’

 

  1. Entrustment of Personal Information

In accordance with Article 26 of the Personal Information Protection Act, the Company specifies the prevention of personal information processing for other purposes than the entrusting purpose, technical and managerial safeguards of personal information, restriction of repeating entrustment, entrustment management and supervision, and liability and other responsibilities, supervision of entrusted companies to ensure the safe processing of personal information.

  • SPEXTRUM entrusts the processing of personal information to the following companies.

 

Entrusted Company

Entrusted Operations

Retention and use period

Samsung SDS

An agency for overseas shipping

Until the purpose of use is achieved (according to the retention and use period of personal information) or the end of the consignment contract

FEDEX

Overseas logistics delivery agency

KEN Company

An agency for domestic shipping

Shopify

Manages the shopping mall’s platform

EXIMBAY

Processes the customer’s payments

PAYPAL

Processes the customer’s payments

HIKO

Social sync login service within the Shopify platform provider

 

  • Article 26 of the Personal Information Protection Act, the Company shall immediately update this privacy statement to notify any changes to the details of entrusted operations or entrusted companies.

 

  1. Sharing of Personal Information with Third Parties

 The Company processes personal information within the scope defined in 1. Personal Information Collected, Purpose, Handling, and Retention Period and shall not process the information that exceeds the scope or provide the information to a third party or organization except for the following cases:

1) When an investigative agency requests for a personal information in a way set by related laws for investigation purposes;

2) When personal information is needed for statistical purposes, scientific research purposes, market research purposes, or others and provided in a format prohibiting the identification of a specific individual to the advertiser, partner, research organization, or others;

3) When receiving a request in accordance with provisions of other related laws;

4) When the business is being transferred or merged;

 In case a member’s personal information needs to be transferred due reasons such as transfer of business, the Company shall notify the transfer of personal information in advance in accordance with procedures and methods set by related laws and grant a right to withdraw transfer of personal information to the member.

 In case the personal information needs to be provided to a third party, the Company shall provide personal information to a third party through legal procedures such as obtaining consent from the user. The Company shall provide personal information as follows through legal procedures such as obtaining consent from the user to proceed with transactions.

Category

Details

Recipient of personal information

Com2uS

Recipient’s purpose of using personal information

Information analysis for marketing purposes, promotions, and developing products based on the IP of Com2uS

Personal information provided

Name, phone number, email address (username), order information (order number, ordered product, order cancel/exchange/return info)

Recipient’s retention and usage duration

Until the service has been provided
(shall be retained until the period set by related laws)

 

  1. Rights and Duties of Information Providers and Exercising Those Rights
  • You can revoke consent for collection and usage of personal information by withdrawing membership and are entitled to exercise the following rights in accordance with the Personal Information Protection Act.

- To request an access to his/her personal information

- To request a correction of an error

- To request a deletion

- To request a suspension of processing

  • In case you want to exercise the rights specified in Paragraph 1, please submit a document by mail, email, or fax in accordance with Article 41 Paragraph 1 of Enforcement Decree of The Personal Information Protection Act, and the Company shall respond to the request without postponement.
  • In case you want to access or modify your personal information, please log in to the SPEXTRUM online mall and go to ‘My Info’ > ‘My Profile’ menu to access and modify personal information.
  • In case you want to withdraw membership or revoke consent to collect promotional info, please log in to the SPEXTRUM online mall and go to ‘My Info’ > ‘My Profile’ menu to withdraw membership and revoke consent to receive promotional info.
  • When you request modification or deletion of your personal information due to errors, the Company shall not use or provide your personal information until such modification or deletion is completed. In case an incorrect personal information has already been provided to a third party, the Company shall notify the measures taken to the third party without any delays to ensure the modification is processed properly.
  • You may present a legal representative or agent to exercise rights as stated in Paragraph 1. In such a case, you are required to submit a request through email or call. However, if an agent is requesting to access or modify your personal information, you are required to submit a power of attorney in accordance with Annex 11. Enforcement Ordinance of the Personal Information Protection Act.
  • The Company shall not collect or use personal information of a child under the age of 14.
  1. Chief Privacy Officer & Responsible Department

 The Company has designated the following persons as the Chief Privacy Officer and department responsible for responding to user inquiries regarding personal information and resolving any related complaints.

 

Chief Privacy Officer

 

Name

Tsunho Wang

Position

CEO

Phone

02-777-5660

Department In Charge of Protecting Personal Information

 

Department Name

MD Department

Person In Charge

Sooah Kim

Email

cs_com2us_store@spextrum.net


 

  1. Remedies for Infringement on Rights and Interests of the Information Provider
  • You may consult the following organizations for reports and remedies regarding the infringement on your personal information.

The organizations listed below are separate organizations from the Company. If you are not satisfied with the remedies provided or measures taken by the Company regarding your personal information or seeking for additional assistance, you may receive support from these organizations.

Personal Information Infringement Report Center (Korea Internet & Security Agency)

 Description: Report infringement on the personal information, request for consultation

 URL: privacy.kisa.or.kr

 Phone: 118 (without area code)

 Address: (58324) 9 Jinheung-gil, Naju, Jeollanam-do, 3F, Republic of Korea

Personal Information Dispute Mediation Committee

 Description: personal information dispute mediation, collective dispute mediation (civil resolution)

 URL: www.kopico.go.kr

 Phone: 1833-6972 (without area code)

 Address: (03171) 209 Sejong-daero, Jongno-gu, Government Complex Seoul, 12F, Republic of Korea

National Police Agency Cyber Bureau

URL: https://cyberbureau.police.go.kr

 Phone: 182 (without area code)

Supreme Prosecutor’s Office Cybercrime Investigation Department

 URL: www.spo.go.kr

 Phone: 1301 (without area code)

 

  1. Amendment to the Personal Information Processing Policy