BRIDGE SEVEN (hereafter “Company”) shall collect and disclose the Privacy Policy as follows to protect personal information and handle related inquiries in accordance with Article 30 of the ‘Personal Information Protection Act.’

 

1. Personal Information Collected, Purpose, Handling, and Retention Period

①    The Company shall collect and use the customer’s personal information for the purposes below. The collected information shall not be used for purposes other than those listed in the table below. In case of changing the purpose, a separate consent process will be executed in accordance with Article 18 of the ‘Personal Information Protect Act.’ Additionally, the collected information shall be deleted promptly by the Company once the collection and usage of personal information has been fulfilled.

Type	Purpose	Information collected		Optional
Website sign-up and management	Sign-up/Login	Name, ID, password, email		Required
	Social media login sync	Google	ID, profile image, name, email	Required
	Social media login sync	Facebook	ID, profile image, name, email	Required
	Social media login sync	Line	ID, profile image, name, email	Required
	Social media login sync	Apple	ID, profile image, name, email	Required
Order and shipping management	Purchase/Shipping	Name, email, payment information, shipping address, postal code, phone number		Required
Product feedback and customer support management	Providing customer support and replying to customer’s feedback	Name, customer number, email		Required
Online event and promotion	Event / promotion	Name, email, phone number		Required
Others	Preventing illegal/unauthorized uses	Name, email, service use history, suspension of use history, termination of use history		Required
	Complying with the retention period of personal information	Name, email, service use history, suspension of use history, termination of use history		Required
	Service related to product recommendations	Name, email, service use history		Required
	SNS sync	SNS info such as Instagram, Kakao, Facebook, and more		Required

 

②     The Company shall collect information stated below while the customer is using the service via web or app.

Information Collected	Purpose	Retention Period
IP address, web browser cookie, connection log, connected device info (manufacturer, model, OS info, app version, UUID, IDFA, etc.) payment history, termination of use history, other service use history, customer inquiry content	- Analyzing service use history statistics - Applying a security logic for safe transaction process - Complying with legal obligation for consumer protection	Until the user withdraws account or obligated period set by the court

 

③    However, the info that needs to be retained for a certain period in accordance with legislation during the retention and usage period of personal information provided by the information provider’s consent shall be retained as follows.

Retained Info	Retention Period	Legal Grounds
Records of contract and withdrawal	5 years	Article 6 and Article 6 Paragraph 1 Subparagraph 2 of Act On The Consumer Protection In Electronic Commerce and
Records of payment and currency provision	5 years	Article 6 and Article 6 Paragraph 1 Subparagraph 3 of Act On The Consumer Protection In Electronic Commerce and
Records of customer’s complaints and dispute settlements	3 years	Article 6 and Article 6 Paragraph 1 Subparagraph 4 of Act On The Consumer Protection In Electronic Commerce and
Website browsing history	3 months	Article 12-2 of Protection Of Communications Secrets Act

 

2. Procedures and Methods for Destroying Personal Information

①    The Company shall destroy the personal information without delay if its purpose to process the personal information is achieved. Info that needs to be retained in accordance with legislation shall also be destroyed completely without any delays if the retention period in accordance with the legislation expires.

 

②    The procedures, terms, and methods for destroying the personal information are as follows.

Procedures	The Company shall select personal information that needs to be destroyed and destroy it after obtaining an approval from the person in charge of personal information.
Period	If the personal information becomes unnecessary due to the achievement of the processing of the personal information file, abolition of the relevant service, and the end of the business, the personal information shall be destroyed without any delay from the day that recognizes the processing of the personal information is no longer needed. ※ Destruction Period by Types Sign-up info: Upon withdrawal or terminated, 1 year from the last login date Payment info: On the final payment date or the period of prescription for bond expires Shipping info: When the product or service has been delivered or provided Info collected for temporary purpose such as surveys and events: When the survey or event ends
Methods	Electronic data shall be destroyed by using technical methods such as Low Level Format and Wiping to make it impossible to restore such data. Paper documents shall be shredded or incinerated.

 (*): The Company shall destroy the personal information of customers that haven’t logged in to Com2uS Store or membership check website for 1 year in accordance with Article 29 of Information and Communications Network Act and ‘Personal Information Validity Period Plan.’

 

3. Entrustment of Personal Information

In accordance with Article 26 of the Personal Information Protection Act, the Company specifies the prevention of personal information processing for other purposes than the entrusting purpose, technical and managerial safeguards of personal information, restriction of repeating entrustment, entrustment management and supervision, and liability and other responsibilities, supervision of entrusted companies to ensure the safe processing of personal information.

①    BRIDGE SEVEN entrusts the processing of personal information to the following companies.

 

Entrusted Company	Entrusted Operations	Retention and use period
CLF Co., Ltd.	An agency for domestic and overseas shipping	Until the purpose of use is achieved (according to the retention and use period of personal information) or the end of the consignment contract
EMS	domestic and overseas shipping
FEDEX	Overseas logistics delivery agency
UPS	Overseas logistics delivery agency
Shopify	Manages the shopping mall’s platform
EXIMBAY	Processes the customer’s payments
PAYPAL	Processes the customer’s payments
HIKO	Social sync login service within the Shopify platform provider
Klaviyo	Email Notification for Members
Bon Loyalty	Points earned and used

 

②    Article 26 of the Personal Information Protection Act, the Company shall immediately update this privacy statement to notify any changes to the details of entrusted operations or entrusted companies.

 

4. Sharing of Personal Information with Third Parties

①    The Company processes personal information within the scope defined in 1. Personal Information Collected, Purpose, Handling, and Retention Period and shall not process the information that exceeds the scope or provide the information to a third party or organization except for the following cases:

1)  When an investigative agency requests for a personal information in a way set by related laws for investigation purposes;

2)  When personal information is needed for statistical purposes, scientific research purposes, market research purposes, or others and provided in a format prohibiting the identification of a specific individual to the advertiser, partner, research organization, or others;

3) When receiving a request in accordance with provisions of other related laws;

4) When the business is being transferred or merged;

※    In case a member’s personal information needs to be transferred due reasons such as transfer of business, the Company shall notify the transfer of personal information in advance in accordance with procedures and methods set by related laws and grant a right to withdraw transfer of personal information to the member.

②    In case the personal information needs to be provided to a third party, the Company shall provide personal information to a third party through legal procedures such as obtaining consent from the user.

 

5. Transfer of Personal Information to Third Countries
   Your personal information may be transferred within the European Economic Area (EEA) or globally, including to countries such as South Korea and the United States, where data protection standards may not be equivalent.
   In all cases, appropriate security measures will be applied in accordance with the relevant data protection laws to safeguard personal information.

 

6. Rights and Duties of Information Providers and Exercising Those Rights

①    You can revoke consent for collection and usage of personal information by withdrawing membership and are entitled to exercise the following rights in accordance with the Personal Information Protection Act.

- To request an access to his/her personal information

- To request a correction of an error

- To request a deletion

- To request a suspension of processing

②    In case you want to exercise the rights specified in Paragraph 1, please submit a document by mail, email, or fax in accordance with Article 41 Paragraph 1 of Enforcement Decree of The Personal Information Protection Act, and the Company shall respond to the request without postponement.

③    In case you want to access or modify your personal information, please log in to the Com2uS Store and go to ‘My Info’ > ‘My Profile’ menu to access and modify personal information.

④   In case you want to withdraw membership or revoke consent to collect promotional info, please log in to the Com2uS Store and go to ‘My Info’ > ‘My Profile’ menu to withdraw membership and revoke consent to receive promotional info.

⑤    When you request modification or deletion of your personal information due to errors, the Company shall not use or provide your personal information until such modification or deletion is completed. In case an incorrect personal information has already been provided to a third party, the Company shall notify the measures taken to the third party without any delays to ensure the modification is processed properly.

⑥    You may present a legal representative or agent to exercise rights as stated in Paragraph 1. In such a case, you are required to submit a request through email or call. However, if an agent is requesting to access or modify your personal information, you are required to submit a power of attorney in accordance with Annex 11. Enforcement Ordinance of the Personal Information Protection Act.

⑦    The Company shall not collect or use personal information of a child under the age of 14.

 

7. Chief Privacy Officer & Responsible Department

The Company has designated the following persons as the Chief Privacy Officer and department responsible for responding to user inquiries regarding personal information and resolving any related complaints.

 

Personal Information Protection Officer
Name	Chihoon Lee
Position	Representative
Contact	02-2135-2876
Personal information protection officer
Department name	Management Team
Name	Chihoon Lee
Email	cs@bridge7.co.kr

 

8. Remedies for Infringement on Rights and Interests of the Information Provider

You may consult the following organizations for reports and remedies regarding the infringement on your personal information.

The organizations listed below are separate organizations from the Company. If you are not satisfied with the remedies provided or measures taken by the Company regarding your personal information or seeking for additional assistance, you may receive support from these organizations.

Personal Information Infringement Report Center (Korea Internet & Security Agency)

₋ Description: Report infringement on the personal information, request for consultation ₋ URL: privacy.kisa.or.kr ₋ Phone: 118 (without area code) ₋ Address: (58324) 9 Jinheung-gil, Naju, Jeollanam-do, 3F, Republic of Korea

Personal Information Dispute Mediation Committee

₋ Description: personal information dispute mediation, collective dispute mediation (civil resolution) ₋ URL: www.kopico.go.kr ₋ Phone: 1833-6972 (without area code) ₋ Address: (03171) 209 Sejong-daero, Jongno-gu, Government Complex Seoul, 12F, Republic of Korea

National Police Agency Cyber Bureau

URL: https://cyberbureau.police.go.kr ₋ Phone: 182 (without area code)

Supreme Prosecutor’s Office Cybercrime Investigation Department

₋ URL: www.spo.go.kr ₋ Phone: 1301 (without area code)

 

9. Amendment to the Personal Information Processing Policy

• This Policy is effective as of April 21, 2025.

 

▶ 2024-02-14 View Previous Terms