Pun on Art Inc. Personal Information Treatment Policy

Article 1. Collection Items and Purpose of Utilization of Personal Information

Article 2. Agreement on Collection of Personal Information

Article 3. Terms of Utilization and Possession of Personal Information

Article 4. Inspection, Renewal, Correction or Deletion of Personal Information

Article 5. Withdrawal of Agreement and Destruction of Personal Information

Article 6. Provision of Collected Personal Information to the Third Party and Trustee

Article 7. Matters Requiring Member’s Awareness for Protection of Personal Information

Article 8. Collection and Protection of Personal Information of Non-member Customers

Article 9. Rights and Exercise of Rights of Users and Legal Representatives

Article 10. Operation and Utilization of Cookies

Article 11. Links

Article 12. Technical and Administrative Measures for Protection of Personal Information

Article 13. Personal Information Contained in Posting

Article 14. Matters Regarding the Process of Suggestions and Grievances on Personal Information

Article 15. Department, Name and Contact Information of Chief Privacy Officer

Article 16. Notification of Changes in the Policy, etc.

Article 17. Jurisdiction

Put on Art Inc. (www.Putonart.com, hereinafter “Company”) shall comply with the applicable legislations including “Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.” and shall do its best to protect your personal information. Company shall inform you about the purposes and methods of using your personal information and the measures for protection of personal information through disclosing its Personal Information Treatment Policy (hereinafter “policy”). The policy may be subject to changes due to the amendments in applicable legislations or internal policies, and the members shall often check it when registering for the membership or using our website.

Definitions

The definitions of the terms used in our Personal Information Treatment Policy are as follows.

“Put on Art” means a virtual place of business where Company has established to provide users with goods or services through information and communication facilities including computers, and also means the business operators who operate the cybermall.
“Put on Art Website (hereinafter “website”)” means an internet website which Company makes and operates to provide various information and services for the users who registered as members of Company.
“Put on Art members (hereinafter “member”) means a member or the whole membership who registered for the membership with the agreement on providing personal information and received ID.
“Non-members” means a person who uses the services provided by Company without registering for the membership.
“Users” means the members and non-members who access the website and use the services provided by Company.

Article 1. Collection Items and Purpose of Utilization of Personal Information

The term “personal information” means information that pertains to a person, including the full name, resident registration number, etc., by which the individual in question can be identified (including information by which the individual in question cannot be identified but can be identified through simple combination with other information).
Company collects the minimally essential personal information necessary for providing our services when customers register for membership. The purpose of collecting customer’s personal information is to provide the optimal services to our customers through our website and to selectively provide more useful information based on the personal information he or she has provided.
Company shall not utilize our customer’s personal information for other than the purposes previously specified or shall not disclose it to a third party without his or her prior consent.
Company shall collect the following personal information according to the applicable legislation or for the purposes as follows.

(1) All members

a. Mandatory Items

– Name, cellphone number, e-mail address, ID, password: for the purposes including identifying users

– E-mail address, contact information: contacting and informing on the management of membership information

– IP Address, date of visit, record of service usage (automatically generated personal information): preventing illegal use, preventing unauthorized usage, preserving records for grievance mediation, etc.

b. Selective Items

– I-PIN information, CI, DI: identifying users for order and payment

– Address, contact information, name/phone number/cellphone number/address of addressee: delivering goods or prize, collecting credits, etc.

– Contact information, whether the user receives SMS, e-mail, mail, TM: contacting and informing on fulfillment of the contract, inviting users to join the promotions on Company’s services (including discount coupons, goods at bargain price, point benefit, advertisement for promotion)

– Bank account number, name of the owner of the account, name of the back, cellphone number: providing payment services

– Birth date, wedding anniversary, nickname: providing customized advertisement and services for user’s convenience, sending special coupons for anniversaries, and providing affiliated services for service improvement

– Resident registration number: ‘preservation, etc. of transaction records’ according to Article 6 of Act on the Consumer Protection in Electronic Commerce, etc.

– Individual customs clearance number: processing of customs clearance of the goods directly delivered from foreign countries

– Cash receipt card number: issuing cash receipts

(2) Seller Members

– Name of CEO, name of business operator/corporate registration number/mail-order business registration number in case of business operator: Confirming the intent of registering for membership and providing the services for seller members, etc.

– Resident registration number in case of individuals and individual business: ‘preservation, etc. of transaction records’ according to Article 6 of Act on the Consumer Protection in Electronic Commerce, etc.

Company shall not collect sensitive information which has the possibility of violating user’s basic human rights (race or ethnic group, ideology or principles, birthplace or legal domicile, political inclination or criminal records, health status or sex life, etc.).
Collection method: Website (registration of membership)

Article 2. Agreement on Collection of Personal Information

Company shall arrange the procedures for users to either click on “Agree” or “Disagree” button for choosing whether to agree on our Agreement on Personal Information Utilization and the Terms and Conditions. If a user click on “Agree” button, the personal information he or she entered shall be saved in our customer database and the user shall be deemed to agree on the utilization of his or her personal information according to the purposes stated above the “Agree” button.

Article 3. Terms of Utilization and Possession of Personal Information

According to Act on Promotion of Information and Communication Network Utilization, Etc., the resident registration numbers which Company possessed within two years from the date of enforcement of the Act, August 18th, 2012, shall be destroyed, and the personal information of users who did not use our website for the past one year before August 18th, 2015 shall be either destroyed or separately preserved. If the user has separately designated the terms of possession of his or her personal information or if there is a need to preserve the information based on the applicable legislations, we shall preserve the information with the existing safety control.
Your personal information shall be destroyed in case of accomplishing the purposes of collection or utilization of personal information. Provided, That if there is a need for preservation according to the applicable legislations, the information shall be separately preserved for the minimum terms regulated in the applicable legislations and be used only for the purpose of preservation.

– If you request for separate terms for preservation, your personal information shall be preserved for the designated terms (the terms, however, cannot be designated for less than the minimum preservation terms stated in the legislations). In addition, the minimum personal information shall be separately preserved for 60 days after withdrawal of membership for the purpose of preventing and responding to illegal or expedient acts including using names illegally in order to ensure the safety and to prevent any damages of customers.

– In case of personal information entered when registering for the membership, Company shall specific the purpose and terms of possession, and the personal information items for possession and shall ask for your agreement in advance when you withdraw your membership or you are dismissed from membership.

(1) Records on contract or withdrawal of offer, etc.: 5 years

(2) Records on payment and supply of goods, etc.: 5 years

(3) Records on customer’s complaint or grievance mediation: 3 years

(4) Records on mark, advertisement: 6 months

(5) Records on website access: 3 months

(6) Records for prevention of illegal use: 60 days

In case you request inspection of transaction information, etc. which we possess with your agreement, we shall take measures for immediate inspection and confirmation after necessary identification process.

Article 4. Inspection, Renewal, Correction or Deletion of Personal Information

You may inspect or correct your registered personal information at any time. You may inspect or correct your personal information by yourself through clicking “Membership information>Inquiry/Revision of membership information” after logging in our website or if you send a written request, call, or write an e-mail to our privacy officer or the person in charge of complaint for inspection or correction, we shall take immediate measures.
If you request correction on the errors in personal information, we shall not utilize or provide relevant personal information until correction is completed.
If we have already provided the third party with the incorrect personal information, we shall take measures to correct it by immediately notifying the result of correction to the third party.

Article 5. Withdrawal of Agreement and Destruction of Personal Information

You may withdrawal your agreement on collection, utilization, and provision of personal information though membership registration, etc. at any time. You may withdraw the agreement on collection, utilization, and provision of personal information by clicking “e-Customer Service Center>Withdrawal of Membership” after logging in our website, and if you send a written request, call, or write an e-mail to the person in charge of complaints regarding personal information for withdrawal, the person in charge shall take immediate measures including deletion of personal information.

Provided, That in case of member ID, re-registering for membership with the same ID shall not be permitted in order to fulfill the responsibility of preservation of member’s transaction information during the preservation terms regulated in the applicable legislations and for provision of stable services.

Certain amount of time shall be needed for withdrawal of membership information which was already provided, and Company shall not utilize the information for marketing during the time needed for the process. Company shall do its best for prompt process to protect your valuable information.

Article 6. Provision of Collected Personal Information to the Third Party and Trustee

Company shall not utilize or provide customer’s personal information to other persons, companies or institutions beyond the scope informed in “Collection Items and Purpose of Utilization of Personal Information” unless there is a customer’s consent or it is required by the regulations of the applicable legislations.
In case of transaction through services provided by Company, the relevant information necessary for fulfilling the transaction including delivery shall be provided to the parties within the necessary scope as follows.

The third party provided with personal information

Purpose of utilization of personal information

Items of personal information for provision

Terms of preservation and utilization

Sellers who are legally registered at our website

Confirming the offer, fulfillment of transaction, customer counseling, grievance mediation including As

Name, ID, address, phone number, cellphone number, addressee information

Until accomplishing the purpose of utilization of personal information (Provided, That in case there is a need of preservation according to the applicable legislations or there is a previous consent, the information may be preserved for the designated terms.)

Company shall state the matters regarding prohibition of personal information process other than for the purposes of conducting entrusted business, measures for technical and administrative protection, restriction on re-entrustment, management and supervision on the trustee, and compensation for damages on the document including the agreement, etc. when Company concludes an entrustment agreement with a trustee, and shall supervise whether the trustee processes personal information safely.
In case Company shall provide customer’s personal information to a third party, Company shall either conduct a procedure for customer’s consent or a separate procedure for consent when registering for membership on the matters including the third party provided with customer’s personal information, the third party’s purpose of utilization of personal information, items of personal information provided, the terms of possession and utilization of personal information by the third party. Company shall not provide or share personal information which a customer does not consent. A customer may withdraw his or her consent on the provision of personal information at any time.
Company may provide customer’s personal information without his or her consent exceptionally in the following cases.
(1) If there are special regulations in the applicable legislations including Criminal Procedure Act, Act on Real Name Financial Transactions and Confidentiality, Credit Information use and Protection Act, Framework Act on Telecommunications, Telecommunications Business Act, Radio Waves Act, Local Tax Act, Act on Consumer Protection, Back of Korea Act, etc.

(2) If personal information is provided in a format where a specific person cannot be identified for making statistics, academic studies or market research.

(3) Company shall, however, do its best not to provide the personal information indiscreetly against the initial purpose of collection and utilization when providing the information according to the applicable legislations or the request of investigative agencies under such exceptional circumstances.

Article 7. Matters Requiring Member’s Awareness for Protection of Personal Information

Users are required to enter their latest personal information correctly in order to prevent any unexpected accidents. Users shall be responsible for any accidents caused by incorrect entry of information and they may lose membership if they enter false information including unauthorized use of other’s information
Users have a duty to protect themselves and not to violate other’s information as well as a right to protection of their personal information. Please be careful not to leak any of your personal information including password and not to damage other’s personal information including postings. If a user fails to fulfill this duty and damage other’s information or dignity, he or she may be punished according to 『Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.』

* A person who uses a third person’s resident registration number improperly shall be punishable by imprisonment with labor for not more than three years, or by a fine not exceeding ten million won.

※ Reference: Resident Registration Act Article 37 (Penalty Provisions) (Enforcement Date: 2011. 8. 31)

Article 8. Collection and Protection of Personal Information of Non-member Customers

Non-members as well as members may purchase the goods or services provided by Company. Company shall request only the personal information necessary for delivery and payment in case of non-member orders. The information of the payer and recipient which a non-member entered shall be used exclusively for payment and delivery and shall never be used for any other purposes.

Article 9. Rights and Exercise of Rights of Users and Legal Representatives

Users and their legal representatives may inspect or correct the registered personal information of their or their legal representatives at any time, and may request for withdrawal of membership.
Users or their legal representatives may inspect, correct personal information or withdraw their membership on their own by clicking on ‘MY PAGE > MY INFO’ and conducting the identification procedure.
If users and their legal representatives contact Company’s chief privacy officer in writing, phone calls or e-mails, we shall conduct the necessary measures after confirming the requests.
If a user requests correction on the errors in personal information, Company shall not utilize or provide relevant personal information until correction is completed. In case Company has already provided the incorrect personal information to a third party, Company shall immediately notify the result of correction to the third party for a prompt correction.
Company shall process the personal information withdrawn or deleted due to the requests from users or their legal representatives according to “Article 3 Terms of Utilization and Possession of Personal Information” and shall not inspect or utilize the information for the purposes other than those specified in Article 3.

Article 10. Operation and Utilization of Cookies

Company shall operate cookies like many other websites. ‘Cookie’ saves and frequently finds out your information. Also, it is a small quantity of information composed of texts with the size smaller than 4KB which is transmitted through your computer browser (including Netscape, Internet Explorer, etc.) by a website.
When you access our website, Company’s computer reads the contents of the cookies from your browser and may provide the services for you by finding additional information from your computer without you entering additional information including name.
You may choose whether to receive all or parts of cookies at “Tools>Internet Option>Personal Information>Personal Information Setting” at the top of your web browser by setting the degree of receiving from “permitting every cookie-low-medium-medium high-high-blocking every cookie.” In case you refused to receiving cookies or changed the setting to deletion, you may enter your ID or password again when you access to certain parts of the website.
Company shall operate cookies for users’ convenience, and shall not collect information other than IDs. The collected ID may be utilized for the purposes including target marketing, etc. Cookies are expired when users close their browsers or log out.

Article 11. Links

Company may provide members with links to other company’s websites or data. In such cases, Company does not have any control over the outside websites or data, and does not take responsibility or vouch for authenticity, usefulness, etc. of services or data provided by such websites. In case a user goes over to the page of other websites by clicking the link included in our website, he or she needs to review the policy of the website since its personal information treatment policy is irrelevant to that of Company.

Article 12. Technical and Administrative Measures for Protection of Personal Information

Technical measures: Company shall secure the safety of personal information by arranging technical measures as follows in order to prevent loss, theft, leak, falsification, damage of personal information in the course of processing your personal information.
(1) Your personal information is protected by password, and important data is protected by separate security features through encrypting the file or transferred data or lock-down feature.

b. Company takes measures to prevent damages caused by compute virus using antivirus program. Antivirus program is periodically updated and it prevents personal information from violation by providing necessary vaccine immediately if a virus appears unexpectedly.

c. Company has adopted security devices (SSH) which can transfer personal information safely on network using encryption algorithm.

d. Company is doing its best to procure security by using firewall system and analysis system for weak spots to prepare against outside invasion including hacking.

Administrative measures: Company shall minimize the number of employees who have the access to your personal information. The minimum employees are as follows.
The minimum employees include employees who conduct marketing business on users directly, employees who conduct management of personal information including privacy officer and person in charge, and other employees who inevitably handle personal information on business.
We conduct periodic in-house and entrusted education to the employees handling personal information on acquiring new security technology and obligation to protect personal information.
We prevent any information leak by people in advance by requiring every employee to submit secrecy declaration when they join our company, and has in-house procedures to monitor the duties and compliance of employees of the personal information treatment policy.
Transition of the staffs handling personal information is conducted with thorough security and we clarify who is responsible for any accidents regarding personal information after joining/resigning from our company.
We do not mix personal information and general data and storages personal information in a separate server.
Computer room and storage room are set as specially protected areas and access is controlled.
Company shall not be responsible when it does not have intention or negligence for any personal information leak caused by user’s own negligence or internet problems. Each user shall properly manage ID and password in order to protect his or her personal information, and shall be held responsible for any relevant incidents.
In case of loss, leak, falsification or damage of personal information caused by a mistake of in-house manager or technical and administrative accident, Company shall notify the fact to you and shall look for proper measures and compensation.
Company shall destroy personal information as follows in order to protect customer’s personal information from any damages caused by personal information leak.
a. Personal information printed on paper shall be destroyed by shredder or incineration.

b. Personal information saved as a form of electronic file shall be destroyed using technical methods which make it impossible to regenerate the information.

Article 12. Personal Information Contained in Posting

Our company values customer’s postings and shall protect the postings from falsification, damage, deletion. However, postings may be deleted after explicit or individual warnings in the following cases.

– Spam postings (ex: chain letters, fortune-making mails)

– Postings defaming another buy publicly alleging false facts with the purpose of slandering the person

– Postings disclosing personal information of another without his or her consent

– Postings violating copyright, etc. of a third party

Our company may delete specific parts or replace them with symbols in case of postings disclosing personal information of another without his or her consent in order to encourage desirable posting culture and to protect personal information.

Article 14. Matters Regarding the Process of Suggestions and Grievances on Personal Information

Company shall appoint the manager in charge of membership to conduct the business of receiving your suggestions and grievance mediation regarding personal information.
Company values your suggestions and you have the right to receive a faithful response to your inquiry at any time.
Company shall operate the complaint adjustment center for smooth communication with you and the contact information is as follows.
[Complaint Adjustment Center]

– E-mail: info@putonart.com

– Phone number: 010-9963-2075

– Address: #1209, 43, Yeouiseo-ro, Yeongdeungpo-gu

Helpline is available from 10:00~18:00 on weekdays.
Inquiries through e-mail, fax or mail shall be responded within 24 hours after submission. Provided, That in case of after hours, weekends or holidays, Company shall make it a rule to process your inquiry on the following day.
In case you need counseling for other matters regarding personal information, you may ask for more information to Personal Information Violation Center, e-privacy mark certification commission, Internet Crime Investigation Center of Supreme Prosecutors’ Office, Cyber Terror Response Center of Korean National Police Agency, etc.

* Personal Information Violation Center

– Phone number: 02) 118

– URL: http://www.118.or.kr

* Cyber Terror Response Center of Korean National Police Agency

– Phone number: 02-393-9112

– URL : http://www.ctrc.go.kr/

* Internet Crime Investigation Center of Supreme Prosecutors’ Office

– URL: http://www.spo.go.kr/minwon/center/report/minwon24.jsp

– e-mail : cybercid@spo.go.kr

Article 15. Department, Name and Contact Information of Chief Privacy Officer

Company shall do its best to enable you to use high-quality information safely. Our chief privacy officer shall be held fully responsible for any accidents caused by violations of matters previously informed to you regarding the protection of personal information. Despite our technical complementary measures, however, in case of information damage caused by unexpected accidents due to the fundamental risks on network including hacking, our chief privacy officer shall not be responsible for it. The chief privacy officer handling your personal information is as follows and shall respond to your inquiries regarding personal information promptly and faithfully.

◑ Chief Privacy Officer of Put on Art, Inc.

Name: Tae In Kim

Department: Department of SiteOps

E-mail: info@putonart.com

Phone number: 010-5363-4699

Article 16. Notification of Changes in the Policy, etc.

This Personal Information Treatment Policy shall enter into force on July 1st, 2017. In case there are additions, deletions or corrections of the policy, they shall be notified through announcement on our website 7 days prior to the enforcement date, they shall be notified through announcement on our website and e-mail 30 days prior to the enforcement date in case the changes are especially important. Provided, That Company shall ask for your consent in case collection and utilization of personal information, provision of personal information to a third party, and etc. are changed. In addition, the version number, the date of announcement of changes, and enforcement date shall be given to the Personal Information Treatment Policy for you to easily recognize whether it has been amended.

Article 17. Jurisdiction

In case of a dispute over the differences in interpretation between the terms and conditions and the translated version, the Korean terms and conditions shall have precedence over the other. Korean law shall be the governing law in the interpretation of the service use contract between Company and a user, interpretation of transaction between a buyer and a seller, and the competent court.