Colley Co., Ltd. (the “Company”) processes personal information on user consent and actively protects users’ informational autonomy.
The Company, as an information and communications service provider, is subject to and complies with the applicable laws, personal information protection provisions, and guidelines of the Republic of Korea.
The Privacy Policy refers to the guidelines with which the Company complies to protect the user’s invaluable personal information so that the user can use the services safely.
This Privacy Policy applies to Colley services (“Services”) provided by the Company.
The Company collects the minimum personal information required to provide the Services.
The following required personal information is collected when a user signs up for the Service or while the user uses the Services.
The following optional personal information is collected while the user uses the Services.
The following optional personal information is collected when a purchase agreement is entered into.
The method to collect personal information is as follows.
If any other collection of personal information is necessary:
The Company establishes and discloses the following personal information handling guidelines to protect personal information in accordance with Article 30 of Privacy Act and take care of related matters quickly and properly.
The Company uses the collected information of users for the following purposes:
After pseudonymizing the collected personal information to make it impossible to identify a particular individual, the Company can process the information for purposes such as statistical, scientific research, and archiving for the public interest. At this time, the pseudonymized information shall be stored and managed separately from additional information to prevent re-identification, and necessary technical and managerial safeguards shall be taken.
In principle, the Company does not provide personal information to the outside without the consent of users. However, personal information is provided in limited circumstances if a user personally agrees to provide his/her personal information in order to use the service of an outside partner, if the Company becomes obliged to submit personal information under the relevant laws and regulations, or if an urgent risk to life or safety of users is identified.
The Company entrusts part of its work necessary to provide more convenient and better services to outside companies, stipulates the matters necessary for the entrusted party to safely process personal information, and carries out management or supervision to ensure such safe processing, in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection.
The Company shall stipulate the followings: prohibition of handling personal information with other purposes in accordance with Article 25 of Privacy Act, technical and managerial protection, restriction on reassignment, supervision on assignee, responsibilities such as compensation for damages, etc., at signing of the assignment agreement and supervise the assignee if he/she safely handles personal information.
If the details or the assignee change(s), it shall be disclosed immediately in accordance with the Privacy Policy.
Entrusted Company | Entrusted Operations | Retention and Usage Period of Personal Information |
---|---|---|
Amazon Web Services Inc. | Data storage | Until the member withdraws membership or the entrustment agreement term has expired |
NICE Payments Co., Ltd | Payment processing & prevention of payment misappropriation | |
NAVER FINANCIAL Corp. | Payment processing & prevention of payment misappropriation | |
Malltail | International Goods Delivery | |
Colosseum Corporation | order collection, packaged delivery, transmission of Invoice | |
Logen Co.,Ltd | Goods Delivery | |
Shops in ColleyShop | Goods Delivery |
Users can request withdrawal through the following methods:
The Company destroys users’ personal information without any delay when the user has unsubscribed from the Service.
However, if the Company has obtained separate consent from users regarding the retention period of personal information or if the laws and regulations impose duties to retain information for a certain period, personal information may be stored safely during the designated period.
The Company will obtain consent from users for the retention period of personal information at the time of their member or service subscription for the following purposes.
Relevant statutes, including the Act on the Consumer Protection, in Electronic Commerce, Etc., the Framework Act on Electronic Documents and Transactions, and the Protection of Communications Secrets Act, require the Company to store the information for a certain period of time under the following circumstances. The Company stores personal information during the set period under the provisions of the statutes and in no case will it ever store this information for any other purposes.
Personal information that fully serve its purpose of collection and use, by means such as membership cancellation, service termination, and/or expiration of the retention period of personal information approved by the user, is destroyed to an irreversible state.
Information required to be retained under the statutes is also destroyed to an irreversible state without delay after the expiration of the relevant period.
Personal information stored in electronic form is securely deleted by technical means to prevent its recovery or restoration, while written information is shredded or incinerated.
The Company has designated a personal information control manager responsible for responding to user inquiries regarding personal information and resolving related complaints.
Users may contact the personal information control manager and the related department to ask matters associated with the protection of personal information, complaints and remedy. The personal information control manager shall promptly respond to these questions.
Additionally, the Company has taken the following measures to ensure safety of personal information.
User may also ask for consultation and remedy for infringement of personal information from the following organizations.
This Privacy Policy is applied to the Company’s Service, whereas a separate privacy policy may be applicable to services provided for payment processing by other companies.
Users will be notified of any addition, deletion, and/or amendment to this Privacy Policy through notice by reasonable means at least 7 days prior to the scheduled amendment.
However, if an important amendment is made to the rights of users, such as the amendment to the collected items of personal information and the purposes of their use, the notification will be sent at least 30 days prior to any such amendment, and if necessary, the Company may obtain users’ consent again.