Privacy Policy
BRIDGE SEVEN (hereafter “Company”) shall collect and disclose the Privacy Policy as follows to protect personal information and handle related inquiries in accordance with Article 30 of the ‘Personal Information Protection Act.’
1. Personal Information Collected, Purpose, Handling, and Retention Period
① The Company shall collect and use the customer’s personal information for the purposes below. The collected information shall not be used for purposes other than those listed in the table below. In case of changing the purpose, a separate consent process will be executed in accordance with Article 18 of the ‘Personal Information Protect Act.’ Additionally, the collected information shall be deleted promptly by the Company once the collection and usage of personal information has been fulfilled.
|
Type |
Purpose |
Information collected |
Optional |
|
|
Website sign-up and management |
Sign-up/Login |
Name, ID, password, email |
Required |
|
|
Social media login sync |
|
ID, profile image, name, email |
Required |
|
|
Social media login sync |
|
ID, profile image, name, email |
Required |
|
|
Social media login sync |
Line |
ID, profile image, name, email |
Required |
|
|
Social media login sync |
Apple |
ID, profile image, name, email |
Required |
|
|
Order and shipping management |
Purchase/Shipping |
Name, email, payment information, shipping address, postal code, phone number |
Required |
|
|
Product feedback and customer support management |
Providing customer support and replying to customer’s feedback |
Name, customer number, email |
Required |
|
|
Online event and promotion |
Event / promotion |
Name, email, phone number |
Required |
|
|
Others |
Preventing illegal/unauthorized uses |
Name, email, service use history, suspension of use history, termination of use history |
Required |
|
|
Complying with the retention period of personal information |
Name, email, service use history, suspension of use history, termination of use history |
Required |
||
|
Service related to product recommendations |
Name, email, service use history |
Required |
||
|
SNS sync |
SNS info such as Instagram, Kakao, Facebook, and more |
Required |
||
② The Company shall collect information stated below while the customer is using the service via web or app.
|
Information Collected |
Purpose |
Retention Period |
|
IP address, web browser cookie, connection log, connected device info (manufacturer, model, OS info, app version, UUID, IDFA, etc.) payment history, termination of use history, other service use history, customer inquiry content |
- Analyzing service use history statistics - Applying a security logic for safe transaction process - Complying with legal obligation for consumer protection |
Until the user withdraws account or obligated period set by the court |
③ However, the info that needs to be retained for a certain period in accordance with legislation during the retention and usage period of personal information provided by the information provider’s consent shall be retained as follows.
|
Retained Info |
Retention Period |
Legal Grounds |
|
Records of contract and withdrawal |
5 years |
Article 6 and Article 6 Paragraph 1 Subparagraph 2 of Act On The Consumer Protection In Electronic Commerce and |
|
Records of payment and currency provision |
5 years |
Article 6 and Article 6 Paragraph 1 Subparagraph 3 of Act On The Consumer Protection In Electronic Commerce and |
|
Records of customer’s complaints and dispute settlements |
3 years |
Article 6 and Article 6 Paragraph 1 Subparagraph 4 of Act On The Consumer Protection In Electronic Commerce and |
|
Website browsing history |
3 months |
Article 12-2 of Protection Of Communications Secrets Act |
2. Procedures and Methods for Destroying Personal Information
① The Company shall destroy the personal information without delay if its purpose to process the personal information is achieved. Info that needs to be retained in accordance with legislation shall also be destroyed completely without any delays if the retention period in accordance with the legislation expires.
② The procedures, terms, and methods for destroying the personal information are as follows.
|
Procedures |
The Company shall select personal information that needs to be destroyed and destroy it after obtaining an approval from the person in charge of personal information. |
|
Period |
If the personal information becomes unnecessary due to the achievement of the processing of the personal information file, abolition of the relevant service, and the end of the business, the personal information shall be destroyed without any delay from the day that recognizes the processing of the personal information is no longer needed. ※ Destruction Period by Types Sign-up info: Upon withdrawal or terminated, 1 year from the last login date Payment info: On the final payment date or the period of prescription for bond expires Shipping info: When the product or service has been delivered or provided Info collected for temporary purpose such as surveys and events: When the survey or event ends |
|
Methods |
Electronic data shall be destroyed by using technical methods such as Low Level Format and Wiping to make it impossible to restore such data. Paper documents shall be shredded or incinerated. |
(*): The Company shall destroy the personal information of customers that haven’t logged in to Com2uS Store or membership check website for 1 year in accordance with Article 29 of Information and Communications Network Act and ‘Personal Information Validity Period Plan.’
3. Entrustment of Personal Information
In accordance with Article 26 of the Personal Information Protection Act, the Company specifies the prevention of personal information processing for other purposes than the entrusting purpose, technical and managerial safeguards of personal information, restriction of repeating entrustment, entrustment management and supervision, and liability and other responsibilities, supervision of entrusted companies to ensure the safe processing of personal information.
① BRIDGE SEVEN entrusts the processing of personal information to the following companies.
|
Entrusted Company |
Entrusted Operations |
Retention and use period |
|
CLF Co., Ltd. |
An agency for domestic and overseas shipping |
Until the purpose of use is achieved (according to the retention and use period of personal information) or the end of the consignment contract |
|
FEDEX |
Overseas logistics delivery agency |
|
|
Shopify |
Manages the shopping mall’s platform |
|
|
EXIMBAY |
Processes the customer’s payments |
|
|
PAYPAL |
Processes the customer’s payments |
|
|
HIKO |
Social sync login service within the Shopify platform provider |
② Article 26 of the Personal Information Protection Act, the Company shall immediately update this privacy statement to notify any changes to the details of entrusted operations or entrusted companies.
4. Sharing of Personal Information with Third Parties
① The Company processes personal information within the scope defined in 1. Personal Information Collected, Purpose, Handling, and Retention Period and shall not process the information that exceeds the scope or provide the information to a third party or organization except for the following cases:
1) When an investigative agency requests for a personal information in a way set by related laws for investigation purposes;
2) When personal information is needed for statistical purposes, scientific research purposes, market research purposes, or others and provided in a format prohibiting the identification of a specific individual to the advertiser, partner, research organization, or others;
3) When receiving a request in accordance with provisions of other related laws;
4) When the business is being transferred or merged;
※ In case a member’s personal information needs to be transferred due reasons such as transfer of business, the Company shall notify the transfer of personal information in advance in accordance with procedures and methods set by related laws and grant a right to withdraw transfer of personal information to the member.
② In case the personal information needs to be provided to a third party, the Company shall provide personal information to a third party through legal procedures such as obtaining consent from the user. The Company shall provide personal information as follows through legal procedures such as obtaining consent from the user to proceed with transactions.
|
Category |
Details |
|
Recipient of personal information |
Com2uS |
|
Recipient’s purpose of using personal information |
Information analysis for marketing purposes, promotions, and developing products based on the IP of Com2uS |
|
Personal information provided |
Name, phone number, email address (username), order information (order number, ordered product, order cancel/exchange/return info) |
|
Recipient’s retention and usage duration |
Until the service has been provided |
5. Rights and Duties of Information Providers and Exercising Those Rights
① You can revoke consent for collection and usage of personal information by withdrawing membership and are entitled to exercise the following rights in accordance with the Personal Information Protection Act.
- To request an access to his/her personal information
- To request a correction of an error
- To request a deletion
- To request a suspension of processing
② In case you want to exercise the rights specified in Paragraph 1, please submit a document by mail, email, or fax in accordance with Article 41 Paragraph 1 of Enforcement Decree of The Personal Information Protection Act, and the Company shall respond to the request without postponement.
③ In case you want to access or modify your personal information, please log in to the Com2uS Store and go to ‘My Info’ > ‘My Profile’ menu to access and modify personal information.
④ In case you want to withdraw membership or revoke consent to collect promotional info, please log in to the Com2uS Store and go to ‘My Info’ > ‘My Profile’ menu to withdraw membership and revoke consent to receive promotional info.
⑤ When you request modification or deletion of your personal information due to errors, the Company shall not use or provide your personal information until such modification or deletion is completed. In case an incorrect personal information has already been provided to a third party, the Company shall notify the measures taken to the third party without any delays to ensure the modification is processed properly.
⑥ You may present a legal representative or agent to exercise rights as stated in Paragraph 1. In such a case, you are required to submit a request through email or call. However, if an agent is requesting to access or modify your personal information, you are required to submit a power of attorney in accordance with Annex 11. Enforcement Ordinance of the Personal Information Protection Act.
⑦ The Company shall not collect or use personal information of a child under the age of 14.
6. Chief Privacy Officer & Responsible Department
The Company has designated the following persons as the Chief Privacy Officer and department responsible for responding to user inquiries regarding personal information and resolving any related complaints.
|
Personal Information Protection Officer |
|
|
Name |
Chihoon Lee |
|
Position |
Representative |
|
Contact |
02-2135-2876 |
|
Personal information protection officer |
|
|
Department name |
Management Team |
|
Name |
Hyunkyung Jang |
|
|
twinpul@bridge7.co.kr |
7. Remedies for Infringement on Rights and Interests of the Information Provider
You may consult the following organizations for reports and remedies regarding the infringement on your personal information.
The organizations listed below are separate organizations from the Company. If you are not satisfied with the remedies provided or measures taken by the Company regarding your personal information or seeking for additional assistance, you may receive support from these organizations.
|
Personal Information Infringement Report Center (Korea Internet & Security Agency) |
|
₋ Description: Report infringement on the personal information, request for consultation ₋ URL: privacy.kisa.or.kr ₋ Phone: 118 (without area code) ₋ Address: (58324) 9 Jinheung-gil, Naju, Jeollanam-do, 3F, Republic of Korea |
|
Personal Information Dispute Mediation Committee |
|
₋ Description: personal information dispute mediation, collective dispute mediation (civil resolution) ₋ URL: www.kopico.go.kr ₋ Phone: 1833-6972 (without area code) ₋ Address: (03171) 209 Sejong-daero, Jongno-gu, Government Complex Seoul, 12F, Republic of Korea |
|
National Police Agency Cyber Bureau |
|
URL: https://cyberbureau.police.go.kr ₋ Phone: 182 (without area code) |
|
Supreme Prosecutor’s Office Cybercrime Investigation Department |
|
₋ URL: www.spo.go.kr ₋ Phone: 1301 (without area code) |
8. Amendment to the Personal Information Processing Policy
- This Policy is effective as of June 21, 2024.