Colley Privacy Policy




Colley Co., Ltd. (the “Company”) processes personal information on user consent and actively protects users’ informational autonomy.

The Company, as an information and communications service provider, is subject to and complies with the applicable laws, personal information protection provisions, and guidelines of the Republic of Korea.

The Privacy Policy refers to the guidelines with which the Company complies to protect the user’s invaluable personal information so that the user can use the services safely.

This Privacy Policy applies to Colley services (“Services”) provided by the Company.



Collection of Personal Information

The Company collects the minimum personal information required to provide the Services.

The following required personal information is collected when a user signs up for the Service or while the user uses the Services.

  • Email, ID, password, user name (nickname)

The following optional personal information is collected while the user uses the Services.

  • phone number, address, profile picture

The following optional personal information is collected when a purchase agreement is entered into.

  • Name, e-mail address, address, phone number, credit card number, bank account number (for payment by remittance)

The method to collect personal information is as follows.

  • Personal information is collected when the user agrees to the collection of personal information and enters relevant information when signing up for a service or while the user uses the Service.
  • The following personal information may be automatically created and collected while the user uses the Service:
    • IP address, cookies, MAC address, service usage record, Device information, date of visit and improper usage record, etc.

If any other collection of personal information is necessary:

  • The Company will notify such fact and obtain a consent from the user. The Company shall collect information from users only after prior notifying and obtaining consent.


Use of Personal Information

The Company establishes and discloses the following personal information handling guidelines to protect personal information in accordance with Article 30 of Privacy Act and take care of related matters quickly and properly.

The Company uses the collected information of users for the following purposes:

  • Member identification/confirm user’s intent to sign up for the service, user identification, deterring abuse of the Service
  • Identification verification, purchase and payment, shipment of products and services
  • Interactions between users
  • Development of new service, provision of diverse services, resolve inquiries or complaints and deliver notices
  • Prevention and sanction of any act that interrupts normal service operation of the Service (including account theft or abuse of service)
  • Utilizing information for marketing and advertisements, etc.
  • Provision of personalized services
  • For statistics based on service usage record, frequency of visit and service use, development of service environment to protect privacy, development of customized services, service improvement
  • For purchasing and shipping services

After pseudonymizing the collected personal information to make it impossible to identify a particular individual, the Company can process the information for purposes such as statistical, scientific research, and archiving for the public interest. At this time, the pseudonymized information shall be stored and managed separately from additional information to prevent re-identification, and necessary technical and managerial safeguards shall be taken.



Provision & Entrustment of Personal Information

In principle, the Company does not provide personal information to the outside without the consent of users. However, personal information is provided in limited circumstances if a user personally agrees to provide his/her personal information in order to use the service of an outside partner, if the Company becomes obliged to submit personal information under the relevant laws and regulations, or if an urgent risk to life or safety of users is identified.

The Company entrusts part of its work necessary to provide more convenient and better services to outside companies, stipulates the matters necessary for the entrusted party to safely process personal information, and carries out management or supervision to ensure such safe processing, in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection.

The Company shall stipulate the followings: prohibition of handling personal information with other purposes in accordance with Article 25 of Privacy Act, technical and managerial protection, restriction on reassignment, supervision on assignee, responsibilities such as compensation for damages, etc., at signing of the assignment agreement and supervise the assignee if he/she safely handles personal information.

If the details or the assignee change(s), it shall be disclosed immediately in accordance with the Privacy Policy.

Entrusted Company Entrusted Operations Retention and Usage Period of Personal Information
Amazon Web Services Inc. Data storage Until the member withdraws membership or the entrustment agreement term has expired
NICE Payments Co., Ltd Payment processing & prevention of payment misappropriation
NAVER FINANCIAL Corp. Payment processing & prevention of payment misappropriation
Malltail International Goods Delivery
Colosseum Corporation order collection, packaged delivery, transmission of Invoice
Logen Co.,Ltd Goods Delivery
Shops in ColleyShop Goods Delivery


Withdrawal Method

Users can request withdrawal through the following methods:

  • Click on [My Info]-[Settings]-[Account Info]-[Withdraw] within the app.
  • If unable to sign in to the app, click on [Login Inquiry] on the app's home screen.
  • In unavoidable circumstances where app access is not possible, please send the account information for the withdrawal to cs@colley.kr.


Destruction of Personal Information

The Company destroys users’ personal information without any delay when the user has unsubscribed from the Service.

However, if the Company has obtained separate consent from users regarding the retention period of personal information or if the laws and regulations impose duties to retain information for a certain period, personal information may be stored safely during the designated period.

The Company will obtain consent from users for the retention period of personal information at the time of their member or service subscription for the following purposes.

  • To prevent any fraudulent subscription and use, the personal information is stored for 6 months from the date of collection.
  • Personal information that fully serves its purpose of collection and use, by means such as membership cancellation, service termination, and/or expiration of the retention period of personal information approved by the user, is destroyed to an irreversible state.
  • Information required to be retained under the statutes is also destroyed to an irreversible state without delay after the expiration of the relevant period.
  • Personal information stored in electronic form is securely deleted by technical means to prevent its recovery or restoration, while written information is shredded or incinerated.
  • In order to mediate disputes between users and respond to customer inquiries, we store and destroy personal information for up to one year from the customer’s request.
  • The Company separately stores and manages or deletes the personal information of members who have not used its service for at least one year in accordance with the personal information validity period plan.

Relevant statutes, including the Act on the Consumer Protection, in Electronic Commerce, Etc., the Framework Act on Electronic Documents and Transactions, and the Protection of Communications Secrets Act, require the Company to store the information for a certain period of time under the following circumstances. The Company stores personal information during the set period under the provisions of the statutes and in no case will it ever store this information for any other purposes.

  • Act on the Consumer Protection, in Electronic Commerce, Etc.
    • Records on the contract or subscription withdrawal, etc.: Stored for 5 years
    • Records on the payment and supply of goods, etc.: Stored for 5 years
    • Records on the consumer complaints or dispute settlement: Stored for 3 years
  • Framework Act on Electronic Documents and Transactions
    • Records on the distribution of electronic documents through authorized electronic addresses: Stored for 10 years
  • Protection of Communications Secrets Act
    • Login information: Stored for 3 months

Personal information that fully serve its purpose of collection and use, by means such as membership cancellation, service termination, and/or expiration of the retention period of personal information approved by the user, is destroyed to an irreversible state.

Information required to be retained under the statutes is also destroyed to an irreversible state without delay after the expiration of the relevant period.

Personal information stored in electronic form is securely deleted by technical means to prevent its recovery or restoration, while written information is shredded or incinerated.



Rights of Users and Exercising Those Rights

  1. User may exercise his or her right such as to request the Company to inspect, correct, or delete personal information.
  2. In accordance with Article 41 (1) of Enforcement Rules to Personal Information Protection Act, the right stipulated in the Paragraph 1 can be executed in writing, by email or by fax. Then, the Company shall take an action immediately.
  3. The right stipulated in Paragraph 1 above can be executed by proxy or legal representative. In this case, a power of attorney prepared in accordance with Form 11 of Enforcement Rules to Personal information Protection Act should be submitted.
  4. Where a user requests permission to inspect his/her personal information or requests the Company to suspend handling personal information, his/her rights may be limited in the following cases under Article 35 (5) or 37 (2) of the Personal Information Protection Act.
  5. No user may request the Company to delete his/her personal information where such personal information is clearly specified as information subject to collection under any statute.
  6. Upon receipt of a request to inspect, correct, or delete personal information or a request to suspend handling personal information, the Company will verify whether the requesting person is the actual user or his/her legitimate representative.
  7. If the user is under the age of 14, the child’s legal representative has the right to view and update the child’s personal information, and to revoke his/her consent to the collection and use of the child’s personal information.


Personal Information Control Manager and Securing Safety of Personal Information

The Company has designated a personal information control manager responsible for responding to user inquiries regarding personal information and resolving related complaints.

  • Name: Kim Namhyeok
  • Title: Technical Director
  • Contact: e-mail info@colley.kr, phone number 02-543-1218

Users may contact the personal information control manager and the related department to ask matters associated with the protection of personal information, complaints and remedy. The personal information control manager shall promptly respond to these questions.

Additionally, the Company has taken the following measures to ensure safety of personal information.

  • Formulating and implementing internal management plans and implementing regular educational programs for employees, etc.
  • Restrictions on access to personal information processing system and install security programs, etc.

User may also ask for consultation and remedy for infringement of personal information from the following organizations.

  • Personal Information Infringement Report Center (privacy.kisa.or.kr / Just dial 118)
  • Cyber Crime Investigation Agency (www.spo.go.kr / Just dial 1301)
  • Korean National Police Agency Cyber Bureau (cyberbureau.police.go.kr / Just dial 182)


Application of this Privacy Policy

This Privacy Policy is applied to the Company’s Service, whereas a separate privacy policy may be applicable to services provided for payment processing by other companies.



Obligation to Notify Prior to Amendment

Users will be notified of any addition, deletion, and/or amendment to this Privacy Policy through notice by reasonable means at least 7 days prior to the scheduled amendment.

However, if an important amendment is made to the rights of users, such as the amendment to the collected items of personal information and the purposes of their use, the notification will be sent at least 30 days prior to any such amendment, and if necessary, the Company may obtain users’ consent again.