www.gentlemonster.com is owned and run by IICOMBINED Co., Ltd (hereinafter referred to as “we”, “our”, “us”) which places high value on the customer’s personal information. We respect the privacy rights of our visitors and recognize the importance of protecting the information collected about them. In the event that we revise the Privacy Policy, we will notify you through website announcement (or individual announcement).
○ This policy shall be effective from January 6, 2018.
1. Information Collection
The personal information gathered will not be processed for any purpose other than the following purposes. If any changes occur, we will inform you in advance and ensure you agree with them.
-
Membership registration and management
The personal information you provide shall be used to verify the membership registration, give various notification, and handle complaints.
-
Deal with complaints
The personal information you provide shall be used to identify individuals, verify complaints, and to contact and notify the results for an in-depth investigation.
-
Provision of services or products
The personal information you provide shall be used for shipping, providing service/contents (newsletter), sending invoice, and making payments.
-
Marketing and advertising
The personal information you provide shall be used for new service(product) development and provision of customized service, advertising information including event and offer opportunity to participate as well as understanding the frequency of access or statistics on the use of services by members.
-
Personal video record
The personal information you provide shall be used for facility security and fire prevention.
2. Current state of personal information data
- Name: Personal information file
- Items of personal information: name, email address, mobile phone number, shipping and billing address, login ID, password, credit card details, bank account details, shopping (service usage) history, accessed log, cookies, IP address, and payment history.
- Collecting methods: website, document (written form), phone/fax, shipment, and affiliates
- Grounds for retention: Personal Information Protection Act
- Period of retention: 5 years
- Related legislation:
- Records on the collection, process, and use of credit information: 3 years
- Records of consumer complaints or disputes: 3 years
- Records of payment and goods supply: 5 years
- Record of agreement or withdrawal: 5 years
3. Possession and period of use of personal information
In principle, as soon as the purpose for the collection of personal information is achieved, the applicable information shall be destroyed. If any information is needed to be kept according to the pertinent legal provisions, it shall be kept during the period specified in the related laws.
Process and retention period of each personal information is as follows.
-
Membership registration and management The personal information attained during membership registration and management is being possessed and used for 5 years from the date of agreement for the following reasons.
- Grounds for retention: Personal Information Protection Act
-
Related legislation:
- Records on the collection, process, and use of credit information: 3 years
- Records of payment and goods supply: 5 years
- Record of agreement or withdrawal: 5 years
-
Deal with complaints The personal information attained when dealing with complaints is being possessed and used for 3 years from the date of agreement for the following reasons.
- Ground for retention: Personal Information Protection Act
- Related legislation: Records of consumer complaints or disputes: 3 years
-
Provision of services or products The personal information attained for provision of service or product is being possessed and used for 5 years from the date of agreement for the following reasons.
- Grounds for retention: Personal Information Protection Act
-
Related legislation:
- Records on the collection, process and use of credit information: 3 years
- Records of payment and goods supply: 5 years
- Record of agreement or withdrawal: 5 years
-
Marketing and advertising
- The personal information attained for marketing and advertisement purpose is being processed and used for 6 months from the date of agreement for the following reasons.
- Grounds for retention: Personal Information Protection Act
- Related legislation: Records of display and advertising: 6 months
4. Provision of personal information to third-party
We shall not disclose personal information to a third party unless in accordance with Articles 17 and 18 of the Personal Information Protection Act.
We share the personal information to third party as below.
-
Logistics Company
- Purpose: Shipment
- Possession and period of use: Information shall be destroyed immediately
-
Licensed Customs Brokers
- Purpose: Export Declaration
- Possession and period of use: Information shall be destroyed immediately
5. Entrust of personal information processing
- From time to time, we may engage third party business partners to provide information about you or to collect personal information on our behalf.
- According to Personal Information Protection Act (Article 25), it prohibited from processing personal information except for the purpose of carrying out the entrusted business, technical and administrative protection measures, restriction of re-entrustment, management and supervision of the trustee, compensation for damages, etc. are specified in documents such as contracts, and the trustee supervises the handling of personal information safely.
- When there is a need to make any changes of contents in document or trustee, it shall inform about the revision through privacy policy section on the website.
6. Rights and duties of information and legal representatives may exercise the following rights as a subject of personal information.
- The information subject may exercise the rights of IICOMBINED CO., Ltd. at any time to view, modify, delete, and suspend processing of personal information.
- The exercise of the rights under Clause 1 may be made by IICOMBINED CO., Ltd. in accordance with Article 41(Clause 1) of the Enforcement Degree of the Personal Data Protection Act, by letter, e-mail or fax. IICOMBINED CO., Ltd. Shall take action without any delay.
- The exercise of the rights under Clause 1 may be done through the legal representative of the information entity or the agent who has been delegated. In this case, you must submit a power of attorney according to Form 11 of the Enforcement Regulations of the Personal Information Protection Act.
- The authority of the information subject may be restricted to view or stop handling personal information according to Article 35(Clause 5) and Article 37(Clause 2) of Personal Information Protection Act.
- The request for modification and elimination of personal information cannot be requested if it is subjected to be collected in the other statute.
- IICOMBINED CO., Ltd. confirms whether the person who requests to view, modify, delete or suspend processing is the information subject right or a legitimate agent.
7. Collection of personal information
We process the following personal information.
-
Membership registration and management
- Required Items: name, email address, mobile phone number, shipping and billing address, login ID, password, shopping (service usage) history, accessed log, cookies, IP address, and payment history.
-
Deal with complaints
- Required Items: name, email address, mobile phone number, shipping and billing address, login ID, shopping history
-
Provision of services or products
- Required Items: name, email address, mobile phone number, shipping and billing address, login ID, credit card details, bank account details, search criteria, shopping history, shopping preferences, cookies, IP address, and payment history.
-
Marketing and advertising
- Required Items: email address, search criteria, shopping history, shopping preferences, cookies, IP address, and payment history.
-
Personal video record
8.Procedure and Method of Destroying Personal Information
In principle, as soon as the purpose for the collection of personal information has been achieved, the applicable information shall be destroyed without delay.
The procedures, deadlines, and methods are specified in detail below.
-
Procedure for disposal
Information inputted is transferred to the separate database (separate documents for paper) once the purpose has been achieved. According to the protection of information pursuant to the internal policies and related laws, it shall be stored for a certain period or disposed without delay.
-
Deadline for disposal
Once the possession period of user’s personal information has been elapsed and if it is no longer in need due to achievement of goal, revocation of certain service, or business closure, etc. then it shall be disposed within 5 days from the last date of possession.
-
Method of disposal
The personal information in the form of electronic files shall be deleted in a way that it cannot technically be recovered. For those printed on paper shall either be grinded or incinerated.
9. Installation, operation, and rejection of automatic collection of personal information
We run the cookies that are designed to save and find your personal information. Basically, cookies help us remember who you are and other information about your visits which are very small text files that are used to run the website to the user’s computer browser and may be stored on the hard disk of the user’s PC.
-
Purpose of using cookies
It is used to provide optimized information by identifying the types of visits and usage of each service and website as well as popular searches and security access.
-
Installation, operation, and rejection of cookies
You may refuse to store cookies by setting up the options through Tools>Internet Options>Privacy Menu at the top of your web browser.
- Please note that if you refuse to store cookies, you may have difficulty using our customized service.
10. Personal information protection officer
-
We designated the department and administrator in charge to be responsible for the handling of personal information processing and related complaints.
Administrator in charge of personal information
- Name: TAEHO JUNG
- Position: Head of IT Department
- Email: monster849@gentlemonster.com
- You may report any inquiry regarding personal information, complaints, and damages remedies, etc. to the administrator in charge of personal information while using the services (or business), then we shall promptly respond to it.
11. Modification of privacy policy
This Privacy Policy shall be effective from the enforcement date and in the event of revision or deleting any information, it shall inform the changes through announcement at least 7 days in advance.
12. Safeguarding your personal information
We will take reasonable care to maintain appropriate safeguards to ensure the security, integrity and privacy of the information you have provided to us. We have put in place technology and security policies which are designed to protect the personal information we hold.
We also follow the security procedures that applicable privacy laws require.
-
Regular self-audit conducted
We conduct our own audits regularly (quarterly) to ensure the stability of handling personal information.
- Minimization and conduct training of employees handling personal information
Employees who deal with personal information are designated and limited to the person in charge.
- Establishment and enforcement of internal management plan
We have established and implemented internal management plan for handling personal information in the most secure way.
- Technical measures against hacking
We installed a security program to prevent leakage and damage of personal information from hacking or computer viruses, also we periodically update and check the systems that are being installed and monitored both technically and physically.
- Encryption of personal information
The personal information of the user is encrypted, stored, and managed which only the user can recognize it. Separate security function is being used, for example encrypting the file and transmit data or using the file lock function for important data.
- Keep logs record and prevent forgery
We maintain and manage the records of access through personal information processing system for at least six months and use the security function to prevent forgery, theft or loss of access records.
- Restrict access to personal information
We take necessary measures to control access to personal information through granting, modifying, and obliterating the authority to access to the database system that processes personal information. We also control unauthorized access from external by using an intrusion prevention system.
- Use locking device for document security
We keep documents with personal information and auxiliary storage media in safe place with lock.
- Access control of unauthorized persons
We have set up a separate physical storage area for personal information and operate access control procedures.