Privacy Policy

Article 1 (Purpose of Processing Personal Information)

K-MART (hereinafter referred to as the “Company”) establishes and discloses this Privacy Policy as follows in order to protect the personal information of data subjects and to promptly and smoothly handle related grievances in accordance with Article 30 of the Personal Information Protection Act.

  1. Website membership registration and management
    Personal information is processed for the purposes of confirming intention to join as a member, identification and authentication for providing membership services, maintaining and managing membership qualifications, identity verification in accordance with the limited identity verification system, preventing fraudulent use of services, confirming consent of legal representatives when processing personal information of children under 14 years of age, various notifications and announcements, and handling grievances.
  2. Provision of goods or services
    Personal information is processed for the purposes of product delivery, service provision, sending contracts and invoices, content provision, customized service provision, identity verification, age verification, payment and settlement of fees, and debt collection.
  3. Grievance handling
    Personal information is processed for the purposes of verifying the identity of civil petitioners, confirming civil petition matters, contact and notification for fact-finding investigations, and notification of processing results.

Article 2 (Processing and Retention Period of Personal Information)

  1. The Company processes and retains personal information within the period of retention and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information consented to by the data subject at the time of collecting personal information.
  2. The processing and retention period for each type of personal information is as follows:
    • Website membership registration and management: Until withdrawal from the business/organization website. However, in the following cases, until the end of the relevant reason:
      • If an investigation or inquiry is in progress due to violation of relevant laws and regulations, until the end of such investigation or inquiry
      • If there are outstanding credits or debts related to the use of the website, until the settlement of such credits or debts
    • Provision of goods or services: Until completion of supply of goods/services and completion of payment/settlement
      However, in the following cases, until the end of the relevant period:
      • Records related to transactions such as labeling/advertising, contract contents and performance in accordance with the “Act on Consumer Protection in Electronic Commerce, etc.”
        • Records related to labeling and advertising: 6 months :
        • Records of contracts or withdrawal of subscription, payment, supply of goods, etc.: 5 years :
        • Records related to consumer complaints or dispute resolution: 3 years
      • Retention of communication fact confirmation data in accordance with Article 41 of the “Protection of Communications Secrets Act”
        • Subscriber’s telecommunication date and time, start/end time, counterpart subscriber number, frequency of use, originating base station location tracking data: 1 year :
        • Computer communication, internet log record data, access location tracking data: 3 months

Article 3 (Provision of Personal Information to Third Parties)

The Company processes personal information of data subjects only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only in cases corresponding to Article 17 of the Personal Information Protection Act, such as consent of the data subject or special provisions of law.

Article 4 (Consignment of Personal Information Processing)

  1. The Company consigns personal information processing tasks as follows for smooth processing of personal information operations:
    • Delivery services
      • Consignee (Trustee): Korea Post Parcel Service
      • Content of consigned tasks: Product delivery
    • Payment services
      • Consignee (Trustee): Toss Payments
      • Content of consigned tasks: Credit card payment processing
  2. When concluding a consignment contract, the Company specifies in documents such as contracts matters related to responsibilities including prohibition of processing personal information other than for the purpose of performing consigned tasks, technical and administrative protective measures, restrictions on re-consignment, management and supervision of trustees, and compensation for damages in accordance with Article 25 of the Personal Information Protection Act, and supervises whether the trustee processes personal information safely.
  3. If the content of consigned tasks or the trustee changes, the Company will disclose such changes without delay through this Privacy Policy.

Article 5 (Rights and Obligations of Data Subjects and Methods of Exercise)

  1. Data subjects may exercise the following rights related to personal information protection against the Company at any time:
    • Request to access personal information
    • Request for correction if there are errors, etc.
    • Request for deletion
  2. Request for suspension of processing The exercise of rights under Paragraph 1 may be made to the Company through written documents, telephone, email, facsimile (FAX), etc., and the Company will take action without delay.
  3. If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
  4. The exercise of rights under Paragraph 1 may be made through an agent such as a legal representative of the data subject or an authorized person. In this case, a power of attorney in accordance with Form No. 11 attached to the Enforcement Rules of the Personal Information Protection Act must be submitted.
  5. Data subjects shall not infringe upon the personal information and privacy of themselves or others processed by the Company in violation of the Personal Information Protection Act and other related laws and regulations.

Article 6 (Items of Personal Information Processed)

The Company processes the following personal information items:

  1. Website Membership Registration and Management
    • Required items: Name, date of birth, ID, password, address, telephone number, gender, email address, I-PIN number
    • Optional items: Marital status, areas of interest
  2. Provision of Goods or Services
    • Required items: Name, date of birth, ID, password, address, telephone number, email address, I-PIN number, credit card number, bank account information and other payment information
    • Optional items: Areas of interest, past purchase history
  3. In the course of using Internet services, the following personal information items may be automatically generated and collected:
    • IP address, cookies, MAC address, service usage records, visit records, records of improper use, etc.

Article 7 (Destruction of Personal Information)

  1. The Company shall destroy personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.
  2. If personal information must continue to be preserved in accordance with other laws and regulations despite the expiration of the retention period consented to by the data subject or the achievement of the processing purpose, the relevant personal information shall be transferred to a separate database (DB) or stored in a different location.
  3. The procedures and methods for destroying personal information are as follows:
  4. 1. Destruction Procedure
    The Company selects personal information for which grounds for destruction have arisen and destroys the personal information with the approval of the Company’s Personal Information Protection Officer.
  5. 2. Destruction Method
    The Company destroys personal information recorded and stored in electronic file format using methods such as Low Level Format so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding with a shredder or incineration.

Article 8 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
  2. Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
  3. Physical Measures: Access control to computer rooms, data storage rooms, etc.

Article 9 (Personal Information Protection Officer)

  1. The Company designates a Personal Information Protection Officer as follows to take overall responsibility for matters related to personal information processing and to handle complaints and remedy damages of data subjects related to personal information processing.
    • Personal Information Protection Officer
    • Personal Information Protection Department
      • Department: General Affairs Team
        Person in charge: Kwang Sup Jeong
      • Contact: 1661-3181, [email protected]
  2. Data subjects may contact the Personal Information Protection Officer and the department in charge regarding all matters related to personal information protection, including inquiries, complaint handling, and damage remedy that arise while using the Company’s services (or business). The Company will respond to and handle inquiries from data subjects without delay.

Article 10 (Request for Access to Personal Information)

Data subjects may make a request for access to personal information in accordance with Article 35 of the Personal Information Protection Act to the department below. The Company will endeavor to ensure that requests for access to personal information by data subjects are processed promptly.

  1. Department for Receipt and Processing of Requests for Access to Personal Information

Article 11 (Remedies for Infringement of Rights and Interests)

Data subjects may inquire about damage remedy and consultation regarding personal information infringement with the following organizations:

<The organizations below are separate from the Company. If you are not satisfied with the Company’s own personal information complaint handling or damage remedy results, or if you need more detailed assistance, please contact them>

  1. Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
    • Jurisdiction: Report of personal information infringement, consultation requests
    • Website: privacy.kisa.or.kr
    • Phone: 118 (without area code)
    • Address: Korea Internet & Security Agency Personal Information Infringement Report Center, 135 Jungdae-ro, Songpa-gu, Seoul (138-950)
  2. Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
    • Jurisdiction: Application for personal information dispute mediation, collective dispute mediation (civil resolution)
    • Website: privacy.kisa.or.kr
    • Phone: 118 (without area code)
    • Address: Korea Internet & Security Agency Personal Information Infringement Report Center, 135 Jungdae-ro, Songpa-gu, Seoul (138-950)
  3. Supreme Prosecutors’ Office Cyber Crime Investigation Division: 02-3480-3573 (www.spo.go.kr)
  4. National Police Agency Cyber Terror Response Center: 1566-0112 (www.netan.go.kr)

Article 12 (Installation and Operation of Video Information Processing Devices)

The Company installs and operates video information processing devices as follows:

  1. Legal Basis and Purpose of Video Information Processing Device Installation: Facility safety and fire prevention
  2. Number of Devices Installed, Installation Location, and Recording Range: 2 devices installed in major facilities such as offices; recording range covers the entire space of major facilities
  3. Manager in Charge, Department in Charge, and Personnel with Access Rights to Video Information: Jeong Gwang-seop
  4. Video Information Recording Time, Retention Period, Storage Location, and Processing Method
    • Recording time: 24-hour recording
      Retention period: 30 days from the time of recording
    • Storage location and processing method:
    • Stored and processed in the video information processing device control room of the Development Team
  5. Method and Location for Checking Video Information: Request to the manager in charge
  6. Measures for Data Subjects’ Requests for Access to Video Information: Must apply using the Personal Video Information Access/Existence Confirmation Request Form, and access is permitted only when the data subject themselves is recorded or when clearly necessary for the life, body, or property interests of the data subject
  7. Technical, Administrative, and Physical Measures for Protection: Establishment of internal management plans, access control and limitation of access rights, application of secure storage and transmission technology for video information, retention of processing records and anti-forgery/alteration measures, preparation of storage facilities and installation of locking devices, etc.

Article 13 (Changes to Privacy Policy)

This Privacy Policy shall be effective from November 1, 2025.