Privacy Policy

BRIDGE SEVEN (hereafter “Company”) shall collect and disclose the Privacy Policy as follows to protect personal information and handle related inquiries in accordance with Article 30 of the ‘Personal Information Protection Act.’

1. Personal Information Collected, Purpose, Handling, and Retention Period

    ①    The Company shall collect and use the customer’s personal information for the purposes below. The collected information shall not be used for purposes other than those listed in the table below. In case of changing the purpose, a separate consent process will be executed in accordance with Article 18 of the ‘Personal Information Protect Act.’ Additionally, the collected information shall be deleted promptly by the Company once the collection and usage of personal information has been fulfilled.

    Type

    Purpose

    Information collected

    Optional

    Website sign-up and management

    Sign-up/Login

    Name, ID, password, email

    Required

    Social media login sync

    Google

    ID, profile image, name, email

    Required

    Social media login sync

    Facebook

    ID, profile image, name, email

    Required

    Social media login sync

    Line

    ID, profile image, name, email

    Required

    Social media login sync

    Apple

    ID, profile image, name, email

    Required

    Order and shipping management

    Purchase/Shipping

    Name, email, payment information, shipping address, postal code, phone number

    Required

    Product feedback and customer support management

    Providing customer support and replying to customer’s feedback

    Name, customer number, email

    Required

    Online event and promotion

    Event / promotion

    Name, email, phone number

    Required

    Others

    Preventing illegal/unauthorized uses

    Name, email, service use history, suspension of use history, termination of use history

    Required

    Complying with the retention period of personal information

    Name, email, service use history, suspension of use history, termination of use history

    Required

    Service related to product recommendations

    Name, email, service use history

    Required

    SNS sync

    SNS info such as Instagram, Kakao, Facebook, and more

    Required

     

        The Company shall collect information stated below while the customer is using the service via web or app.

    Information Collected

    Purpose

    Retention Period

    IP address, web browser cookie, connection log, connected device info (manufacturer, model, OS info, app version, UUID, IDFA, etc.) payment history, termination of use history, other service use history, customer inquiry content

    - Analyzing service use history statistics

    - Applying a security logic for safe transaction process

    - Complying with legal obligation for consumer protection

    Until the user withdraws account or obligated period set by the court

     

    ③    However, the info that needs to be retained for a certain period in accordance with legislation during the retention and usage period of personal information provided by the information provider’s consent shall be retained as follows.

    Retained Info

    Retention Period

    Legal Grounds

    Records of contract and withdrawal

    5 years

    Article 6 and Article 6 Paragraph 1 Subparagraph 2 of Act On The Consumer Protection In Electronic Commerce and

    Records of payment and currency provision

    5 years

    Article 6 and Article 6 Paragraph 1 Subparagraph 3 of Act On The Consumer Protection In Electronic Commerce and

    Records of customer’s complaints and dispute settlements

    3 years

    Article 6 and Article 6 Paragraph 1 Subparagraph 4 of Act On The Consumer Protection In Electronic Commerce and

    Website browsing history

    3 months

    Article 12-2 of Protection Of Communications Secrets Act

     2. Procedures and Methods for Destroying Personal Information

    ①    The Company shall destroy the personal information without delay if its purpose to process the personal information is achieved. Info that needs to be retained in accordance with legislation shall also be destroyed completely without any delays if the retention period in accordance with the legislation expires.

     

    ②    The procedures, terms, and methods for destroying the personal information are as follows.

    Procedures

    The Company shall select personal information that needs to be destroyed and destroy it after obtaining an approval from the person in charge of personal information.

    Period

    If the personal information becomes unnecessary due to the achievement of the processing of the personal information file, abolition of the relevant service, and the end of the business, the personal information shall be destroyed without any delay from the day that recognizes the processing of the personal information is no longer needed.

    ※ Destruction Period by Types

    Sign-up info: Upon withdrawal or terminated, 1 year from the last login date

    Payment info: On the final payment date or the period of prescription for bond expires

    Shipping info: When the product or service has been delivered or provided

    Info collected for temporary purpose such as surveys and events: When the survey or event ends

    Methods

    Electronic data shall be destroyed by using technical methods such as Low Level Format and Wiping to make it impossible to restore such data.

    Paper documents shall be shredded or incinerated.

     (*): The Company shall destroy the personal information of customers that haven’t logged in to Com2uS Store or membership check website for 1 year in accordance with Article 29 of Information and Communications Network Act and ‘Personal Information Validity Period Plan.’

    3.  Entrustment of Personal Information

    In accordance with Article 26 of the Personal Information Protection Act, the Company specifies the prevention of personal information processing for other purposes than the entrusting purpose, technical and managerial safeguards of personal information, restriction of repeating entrustment, entrustment management and supervision, and liability and other responsibilities, supervision of entrusted companies to ensure the safe processing of personal information.

    ①    BRIDGE SEVEN entrusts the processing of personal information to the following companies.

     

    Entrusted Company

    Entrusted Operations

    Retention and use period

    CLF Co., Ltd.

    An agency for domestic and overseas shipping

    Until the purpose of use is achieved (according to the retention and use period of personal information) or the end of the consignment contract

    FEDEX

    Overseas logistics delivery agency

    Shopify

    Manages the shopping mall’s platform

    EXIMBAY

    Processes the customer’s payments

    PAYPAL

    Processes the customer’s payments

    HIKO

    Social sync login service within the Shopify platform provider

     

    ②    Article 26 of the Personal Information Protection Act, the Company shall immediately update this privacy statement to notify any changes to the details of entrusted operations or entrusted companies.

     4. Sharing of Personal Information with Third Parties

    ①    The Company processes personal information within the scope defined in 1. Personal Information Collected, Purpose, Handling, and Retention Period and shall not process the information that exceeds the scope or provide the information to a third party or organization except for the following cases:

    1)  When an investigative agency requests for a personal information in a way set by related laws for investigation purposes;

    2)  When personal information is needed for statistical purposes, scientific research purposes, market research purposes, or others and provided in a format prohibiting the identification of a specific individual to the advertiser, partner, research organization, or others;

    3) When receiving a request in accordance with provisions of other related laws;

    4) When the business is being transferred or merged;

    ※    In case a member’s personal information needs to be transferred due reasons such as transfer of business, the Company shall notify the transfer of personal information in advance in accordance with procedures and methods set by related laws and grant a right to withdraw transfer of personal information to the member.

    ②    In case the personal information needs to be provided to a third party, the Company shall provide personal information to a third party through legal procedures such as obtaining consent from the user. The Company shall provide personal information as follows through legal procedures such as obtaining consent from the user to proceed with transactions.

    Category

    Details

    Recipient of personal information

    Com2uS

    Recipient’s purpose of using personal information

    Information analysis for marketing purposes, promotions, and developing products based on the IP of Com2uS

    Personal information provided

    Name, phone number, email address (username), order information (order number, ordered product, order cancel/exchange/return info)

    Recipient’s retention and usage duration

    Until the service has been provided
    (shall be retained until the period set by related laws)

     5. Rights and Duties of Information Providers and Exercising Those Rights

    ①    You can revoke consent for collection and usage of personal information by withdrawing membership and are entitled to exercise the following rights in accordance with the Personal Information Protection Act.

    - To request an access to his/her personal information

    - To request a correction of an error

    - To request a deletion

    - To request a suspension of processing

    ②    In case you want to exercise the rights specified in Paragraph 1, please submit a document by mail, email, or fax in accordance with Article 41 Paragraph 1 of Enforcement Decree of The Personal Information Protection Act, and the Company shall respond to the request without postponement.

    ③    In case you want to access or modify your personal information, please log in to the Com2uS Store and go to ‘My Info’ > ‘My Profile’ menu to access and modify personal information.

      In case you want to withdraw membership or revoke consent to collect promotional info, please log in to the Com2uS Store and go to ‘My Info’ > ‘My Profile’ menu to withdraw membership and revoke consent to receive promotional info.

    ⑤    When you request modification or deletion of your personal information due to errors, the Company shall not use or provide your personal information until such modification or deletion is completed. In case an incorrect personal information has already been provided to a third party, the Company shall notify the measures taken to the third party without any delays to ensure the modification is processed properly.

    ⑥    You may present a legal representative or agent to exercise rights as stated in Paragraph 1. In such a case, you are required to submit a request through email or call. However, if an agent is requesting to access or modify your personal information, you are required to submit a power of attorney in accordance with Annex 11. Enforcement Ordinance of the Personal Information Protection Act.

    ⑦    The Company shall not collect or use personal information of a child under the age of 14.

     6. Chief Privacy Officer & Responsible Department

    The Company has designated the following persons as the Chief Privacy Officer and department responsible for responding to user inquiries regarding personal information and resolving any related complaints. 

     

    Personal Information Protection Officer

    Name

    Chihoon Lee

    Position 

    Representative

    Contact

    02-2135-2876

    Personal information protection officer

    Department name

    Management Team

    Name

    Hyunkyung Jang

    Email

    twinpul@bridge7.co.kr

     

     7. Remedies for Infringement on Rights and Interests of the Information Provider

    You may consult the following organizations for reports and remedies regarding the infringement on your personal information.

    The organizations listed below are separate organizations from the Company. If you are not satisfied with the remedies provided or measures taken by the Company regarding your personal information or seeking for additional assistance, you may receive support from these organizations.

    Personal Information Infringement Report Center (Korea Internet & Security Agency)

    ₋ Description: Report infringement on the personal information, request for consultation

    ₋ URL: privacy.kisa.or.kr

    ₋ Phone: 118 (without area code)

    ₋ Address: (58324) 9 Jinheung-gil, Naju, Jeollanam-do, 3F, Republic of Korea

    Personal Information Dispute Mediation Committee

    ₋ Description: personal information dispute mediation, collective dispute mediation (civil resolution)

    ₋ URL: www.kopico.go.kr

    ₋ Phone: 1833-6972 (without area code)

    ₋ Address: (03171) 209 Sejong-daero, Jongno-gu, Government Complex Seoul, 12F, Republic of Korea

    National Police Agency Cyber Bureau

    URL: https://cyberbureau.police.go.kr

    ₋ Phone: 182 (without area code)

    Supreme Prosecutor’s Office Cybercrime Investigation Department

    ₋ URL: www.spo.go.kr

    ₋ Phone: 1301 (without area code)

     8. Amendment to the Personal Information Processing Policy

    • This Policy is effective as of June 21, 2024.