개인정보 취급 방침

1. Processing purposes of personal information processing and processed personal information items The Company processes information processing for the purposes below. Processed personal information are not used for uses other than intended below, and should the uses of personal information change, we will perform necessary actions such as obtaining a separate consent in accordance with Article 18 of the Personal Information Protection Act.

[General information]
Data subject : Online inquirer

Processing purpose : Receiving online inquiries and inquiry feedback notifications, distribution of product samples and promotional goods
Personal information collected : Name, contact information, email, address, Website access log, IP address, cookies, MAC address
[System usage information]

The following personal information collected may be automatically generated and collected in the course of internet service usage.
2. Personal information processing and retention period
(1) The Company processes and retains the personal information within the personal information retention period pursuant to relevant laws or the period to which the data subjects had consented during collection of personal information.
(2) The information will be destroyed without delay upon fulfillment of usage purpose.

3. Provision of personal information to third parties
The company processes personal information of data subjects within the scope stipulated in Clause 1(processing purposes of personal information) and does not provide such information to other individuals or entities, Provided, that the information falls under Articles 17 and 18 of the Personal Information Protection Act, such as consent of data subjects or special stipulations in laws, the personal information may be provided to third parties.
4. Outsourcing of personal information processing
(1) The Company outsources the following personal information processing tasks for smooth performance of personal information tasks.
(2) Outsourced entity and details
Outsourced entity(consignee) : LG CNS

Details of outsourced tasks : Neoforêt e-Catalogue website management(Maintenance for personal information DB encryption security, including inquiries and requests)
(3) In accordance with Article 26 of the Personal Information Protection Act, the Company states in the contract the matters related to responsibilities, including prohibition of personal information processing for purposes other than performance of outsourced tasks, technical and administrative protective actions, restriction of re-outsourcing, management and supervision of consignee, and compensation for damages, and supervises whether the consignee safely processes personal information.

(4) Upon any amendments to details on outsourced tasks or changes to consignee, such details will be notified through this Privacy Policy without delay.

5. Rights and obligations of data subjects and exercise methods
(1) Data subjects may exercise the following personal information protection rights against the Company as prescribed in relevant laws including the Personal Information Protection Act:
① Demand to peruse personal information,

② Demand to correct errors, etc.,
③ Demand to delete, and,

④ Demand to stop processing.
(2) The rights in paragraph 1 may be exercised in writing, via telephone, electronic mail and fax, and the Company shall take actions without delay after confirming the identity of the person.
(3) When data subjects demand the correction of errors in, or deletion of, personal information, the Company shall not utilize or provide said personal information until such correction or deletion is complete.
(4) The right in paragraph 1 may be exercised through agents, such as legal agents or entrusted person, of the data subjects. In this case, power of attorney in Annex Form 11 of Enforcement Rules of the Personal Information Protection Act needs to be submitted.
(5) Data subject may not infringe personal information and privacy of data subject himself/herself or other persons that are processed by the Company by violating relevant laws, including the Personal Information Protection Act.
(6) In principle, the Company does not collect personal information of data subjects below 14 years of age. If the company is obliged to collect of personal information of a person below 14 years of age, then the Company will obtain the consent of the person’s legal agent in advance. In this case, the minimal information(name, contact number) needed for obtaining the consent can be directly collected from said person below 14 years of age without prior consent of legal agent. 6. Destruction of personal information
(1) The Company destroys personal information when it becomes unnecessary, such as expiration of personal information retention period and fulfillment of process objectives, Provided, that in the event where personal information needs to be retained continuously, said personal information shall be moved to a separate database or preserved in a separate storage.
(2) The procedures and methods of destruction of personal information are as follows.
① Destruction procedures
The Company selects personal information with reasons for destruction and destroys it with the approval of privacy protection officer of the Company.
② Destruction methods
The Company destroys personal information which is recorded and saved in electronic file format using technical methods that renders such records irreproducible, and personal information which is recorded and stored in papers by shredding with a shredder or by incineration.
7. Actions to secure safety of personal information
The Company takes following actions to secure safety of personal information.
(1) Administrative actions: Establishment and implementation of internal management plan and regular staff training, etc.;
(2) Technical actions: Management of access rights to personal information processing system, installation of access control system, encryption of unique identification information, and installation of security programs; and
(3) Physical actions: Restriction of access to data processing room and data storage room.
8. Privacy protection officer
To take overall responsibility for tasks related to personal information processing, handle complaints and relieve damages of data subjects related to personal information processing, the Company designates the following privacy protection officers.
Privacy protection officer: HYEONCHANG KIM, senior executive director(Management Support 1 Division)
Privacy protection manager: Changwook Kim, assistant manager(Marketing Team)
Contact number: 02-3485-1590
Email: kcw88912@moorim.co.kr
ts and interests
Data subjects may inquire all questions on personal information protection, complaints and relief for damages occurring during the utilization of our services(or businesses) to privacy protection officer and relevant departments. The Company will answer to the inquiries of data subjects without delay.

Any other privacy infringement reports or consultations should be inquired to the following institutions:

[Personal Information Infringement Report Center]
Report, request consultation on personal information infringement
privacy.kisa.or.kr / (Without area code) 118
(Post code 138-950) Personal Information Infringement Report Center, Korea Internet and Security Agency, 135 Jungdae-ro, Songpa-gu, Seoul
[Personal Information Dispute Mediation Committee]
Request personal mediation dispute mediation, collective dispute mediation(civil settlement)
privacy.kisa.or.kr / (Without area code) 118
(Post code 138-950) Personal Information Infringement Report Center, Korea Internet and Security Agency, 135 Jungdae-ro, Songpa-gu, Seoul
[Cybercrime Investigation Department, Supreme Prosecutor’s Office]
www.spo.go.kr / 02-3480-3573
[Cyber Terror Response Center, National Police Agency]
www.netan.go.kr / 1566-0112
10. Other matters on personal information processing and management
(1) For matters not prescribed in this Privacy Policy, the Company will follow the prescriptions of Personal Information Protection Act and Enforcement Rules thereof.
(2) The Company does not install or operate automatic collection device(cookies) in this site.
11. Amendments and announcements of privacy policy
The Privacy Policy of the Company was enacted on August 1, 2021 and any changes made under relevant laws, directives and internal regulations will be opened to the public in accordance with the methods prescribed in relevant laws.

Notice Date: july 10, 2023
Implementation Date: july 10, 2023