Personal Information handing policy

COLLER LIMITED (hereinafter referred to as "company") is endeavoring to safely protect personal information of members, and complies with legal regulations related to personal information such as "the law regarding the promotion of information and communication network use and protection of information" and "personal information protection law", and guidelines enacted by related institutions such as Korea Communications Commission and Ministry of Public Administration and Security.
The company shall, in the personal information handling policy, introduce how personal information provided by members is used and what measures are taken to protect personal information.
The content of personal information handling policy may be changed according to change in laws and regulations or to provide better service. In this case, the company shall announce by website announcement or email. Personal information handling policy is stated in gothic letters on the bottom of first page of website.

1. Collection and Purpose of Using Personal Information

A. The company collects the minimum amount of information as mandatory for smooth order process of items and service goods after membership subscription, and to provide convenient and beneficial customized information to members such as shipping goods and transaction of payment.
B. The company shall not collect personal information that may prominently breach basic human rights of members such as race, ethnic group, beliefs and creed, origin and place of family register, political leanings and criminal record and health state.
C. The company shall collect the following personal information of members.
  1) Member
  - Essential information: ID, name, mobile phone number, email, body size
  - Selective information: Interested region, photo, account number, address
  - Others: Transaction information, service record, access log, cookies, access IP
  * For overseas shipping products, based on customs law, resident registration number shall be collected limited to buyers.
  D. Collected personal information shall be used in the following purposes.
  - Name, mobile phone number: Personal identification procedure for service use
  - Transaction information: Conservation of record based on related laws, statistical data for marketing, statistical data for marketing analysis service such as commercial zone analysis at partner company
  - Email, mobile phone number: contact for execution of agreement, information on shipping progress, delivery of announcement, introduction to new service/event, smooth communication route for resolution of customer inquiries and complaints, customer satisfaction survey, marketing event such as customer interview, shipment of goods
  - Interested region, body size
  - Service record, customized service
- Account number: refund
E. The company shall collect personal information via membership subscription, 1:1 board, product inquiry board and consultation via customer center.

2. Period of Possession and Use of Personal Information

The company shall, after the purpose of collection and use of personal information have been achieved, dispose of the relevant personal information without delay. However, if it needs to be preserved according to internal policy and related laws, the company shall store the personal information for a period set by related laws.
A. Internal Policy (Abusive Use Record)
  - Reason for preservation: Need for personal authentication to previously purchased product (preservation based on company policy to eliminate abuse)
  - Preservation period: 6 months
B. Need for preservation based on laws such as commercial law
  1) Record on agreement or cancellation of contract
  - Basis for preservation: law of customer protection in e-commerce
  - Preservation period: 5 years
  2) Record on supply of bill payment and goods
  - Basis for preservation: law of customer protection in e-commerce
  - Preservation period: 5 years
  3) Record on customer complaint and dispute management
  - Basis for preservation: law of customer protection in e-commerce
  - Preservation period: 3 years
  4) Record on personal identification
  - Basis for preservation: the law regarding the promotion of information and communication network use and protection of information
  - Preservation period: 6 months
  5) Website visiting record
  - Basis for preservation: Protection of communications secrets act
  - Preservation period: 3 years
C. In case of separate agreement of member, it shall be stored until the period of separate agreement.

3. Disposal Procedure and Method of Personal Information

In principle, once the purpose of collection and use of personal information are achieved, personal information of member shall be disposed without delay.
A. Disposal Procedure
- Information entered by member for membership subscription shall be moved to a separate DB after achievement of purpose (separate document box in case of paper document) and stored for a set period according to information protection based on internal policy and other related laws (refer to period of possession and use) and then disposed.
- Personal information moved to separate DB shall not be used for any other purpose except by legal cause.
B. Disposal method
- Personal information printed in paper shall be disposed by shredding or burning.
- Personal information saved by electronic file shall be deleted by technical method preventing renewal of record.

4. Provision of Personal Information to Third Party

A. The company may only use personal information of member within the range announced by "purpose of collection and use of personal information" in personal information handling policy or defined by service use agreement, and may not use over the above range or provide to third party. However, in the following cases, personal information may be used and provided to third party.
① When users have agreed in advance
② In case of request by investigation institution according to legal regulation or procedure and method for investigation purpose set by law
B. The company, to provide purchased product, shall provide personal information as below.
Provided to
Purpose of provision
Provided information
Period of possession and use
Manufacturer
Production of purchased product
Body size
3 months from provision of product
Shipping company
Shipment of purchased product
Name, mobile phone number, address
3 months from provision of product
5. Consignment of handling personal information

A. The company shall regulate and manages to comply with laws related with personal information protection, confidentiality of personal information, liability for accident, consignment period, and obligation to dispose personal information after completion of process by agreement of consignment work.
B. The company, for provision of better service, consigns the personal information as below.
Consignee
Consigned work
Shipment
KG Inicis
Safe number / Electronic transaction
Customer consultation by internet/phone

6. Rights of Members and How to Execute Rights

A. Members can view or edit personal information registered at anytime, and cancel agreement for using personal information by unsubscribing.
B. To view/edit personal information, member can check out on the [personal information] menu in [my page] in website, and request to view/edit/unsubscribe by contacting personal information manager in writing, by phone or email.
C. If the member requested for correction of error in personal information, the corresponding personal information shall not be used or provided until the correction has been made. The company shall handle personal information terminated or deleted by request of member according to as stated in Article 2, and shall not be viewed or used. Also, if wrong personal information has already been provided to third party, it shall make sure correction is made without delay by announcing the corrected processing result to third party.
D. Membership subscription can be made only for over 14 years of age. According to collection and use of personal information, the personal information of child less than 14 years of age who requires agreement of legal representative shall not be collected. This policy has been enacted since March 22, 2013, and the personal information of a child less than 14 years of age who joined membership before then shall be collected only if the consent of legal representative has been gained.

7. Obligation of member

A. Members have the obligation to protect one's own personal information, and for leakage of personal information due to negligence of oneself or internet problem shall not be liable to the company.
B. Members shall enter accurate personal information up to date. Members are liable for any problem caused by inaccurate entering of information, and in case of joining membership or using service by stealing other's personal information can lead to loss of membership and punishment according to personal information related laws.
C. Members also have the right to be protected of personal information and obligation to protect oneself and not to breach information of others. Be careful that personal information including password is not leaked and be cautious not to damage personal information of others including posts.
D. You must comply with laws related to personal information such as 'the law regarding the promotion of information and communication network use and protection of information' and 'personal information protection law'.
8. Link sites

The company may provide link to website or data of other companies. In this case, as the company has no control over external website or data, it cannot be responsible or guarantee the usefulness of service or data provided by it. When moving to the page of other website from the link provided by the company, as the personal information handling policy of the relevant website is not related with the company, please review the policy of the website visiting for the first time.

9. Installation, operation and refusal of personal information automatic collection device (cookies, etc.)

A. The company, in order to provide appropriate and useful service to members, can frequently save information of members and use 'cookies'. Cookies are small text files sent from server used to operate the company website to computer of members, which is saved onto the hard disc of member's computer. Members can decide whether to use cookies.
B. How to refuse cookies
- Members can allow all cookies, ask for confirmation whenever cookies are saved or refuse all cookies to be saved by setting the option of web browser. However, if saving of cookies is refused, please be minded that part of service use that requires log in may be restricted.
- How to set installation and refusal of cookies (for Internet Explorer)
1) Select [Internet Option] from [Tools] menu
2) Click on [Personal Information]
3) Click [Advanced]
4) Select whether to allow cookies

10. Technological/administerial protection measures for personal information

The company, in order to protect personal information of members, has adopted the following protection measures.
A. Encoding Password
Your password is coded before being saved and managed. Password is known only by member itself, and can only be checked and changed by the member itself who knows the password. Therefore, take extra caution not to disclose password to others.
B. Be prepared against hacking and computer virus
The company, in order to prevent leakage or damage of personal information of members due to hacking or computer virus, is taking necessary security measures, and works hard to provide all possible technical ways to obtain enhanced security measures.
C. Restirction and education of personal information handler
The company restricts the staff handling personal information to minimum and checks the execution and compliance of this policy by frequently training related staff.

11. Personal information protection manager

In order to protect personal information and process complaints related with personal information, the company employs personal information manager and customer service managing department. For inquiries related to personal information of members, please contact customer service managing department or personal information protection manager below.
[Customer Service]
Department: Customer satisfaction team
Phone number: 3976-4166
Email: support@stripes.hk
[Personal information protection manager]
Name: Hyunsuk Lee
Affiliation/Position: Engineering/team leader
Email: tech@stripes.co.kr

For report or consultation on other breach of personal information, please inquire at the institutions below
Personal Information Dispute Mediation Committee (www.1336.or.kr / 1336)
Information Security Mark & Certification Committee(www.eprivacy.or.kr / 02-580-0533~4)
Supreme Prosecutor's Office of Online Criminal Center(icic.sppo.go.kr / 02-3480-3600)
National Police Agency Cyber Terror Response Center(www.ctrc.go.kr / 02-392-0330)
12. Amendment of Personal Information Handling Policy and its Announcement

In case the current personal information handling policy is added, deleted or modified, it will be announced on website or by email 7 days prior to execution, and if advance announcement is not available, it can be announced without delay. This policy shall be enforced from the below enforcement date.
- Enforcement date: March 22, 2013