Privacy Policy
To protect your personal information, and smoothly and immediately deal with any relevant predicament, SM Brand Marketing Co. Ltd., (hereafter, “the Company”) established and discloses the following policy on handling of personal information according to the Personal Information Protection Act (PIPA). This policy applies to all services offered by the Company including services on the SMTOWN &STORE website, mobile store, and application.

1. Purpose of Collecting and Processing Personal Information
SMTOWN &STORE Online collects the following personal information to provide certain or entire services including event participation and special benefits, tailored to your interests.
(1) Personal Information the Company Collects
1) When You Register
- (Required) Name, ID, Mobile Number, E-mail Address, Age Requirement (14 or above)
- (Optional) Gender, Date of Birth

2) When You Register via Your Social Media Account (SMTOWN, Naver, Google Plus, Kakao, Facebook, Line)
- (Required) Social Media ID (such as your e-mail address, etc.), Age Requirement (14 or above)
- (Optional) Gender, Date of Birth, Country
3) When You Place an Order
- Order Information (Name, Mobile Number, E-mail Address), Shipping Information (Name, ID, Mobile Number, Address), Payment Method Details (Credit Card and Bank Account Information), Payment History, Transaction PIN (Integrated)
4) When You Place an Order as a Guest
- Order Information (Name, Mobile Number, E-mail Address, Order Tracking Password), Shipping Address (Country, Address, E-mail Address), Payment Method Details (Credit Card and Bank Account Information), Payment History, Transaction PIN (Integrated)
5) Refunds - Bank Account Information for Refunds (Name of Bank, Account No., Account Holder)
6) Automatically Generated Information
- Service Usage History, IP Address, Cookies, Date and Time of Visit, Improper Usage Record, Devise Info (Device Identifier, OS Version Number), ADID, IDFA
7) When You Participate in an Event
- Social Media Account, Name, ID, Mobile Number, E-mail Address, Date of Birth, Country
8) When You Win an Event - Name, Mobile Number, Address, Date of Birth, E-mail Address, Country
※ Event participants indicate registered customers who participate in events via social media accounts operated by the Company and the SMTOWN & STORE website.
9) To Resolve and Deal with Customer Disputes
- Name, ID, Mobile Number, E-mail Address, Consultation History

(2) Usage of Collected Personal Information
1) To Identify Individuals - Name, ID, Password, Date of Birth, Country, Mobile Number, Social Media Account Code, E-mail Address
2) To Contact Customers to Offer and Promote Services
 - Name, ID, Mobile Number, Social Media Account Code, E-mail Address
3) For Product Purchase and Delivery
- Order Information (Country Name, ID, E-mail Address, Mobile Number), Shipping Information (Country, Name, ID, E-mail Address, Mobile Number, Shipping Address), Payment Method Details (Credit Card and Bank Account Information), Payment History, Transaction PIN (Integrated)
4) To Promote Events and New Services, Conduct Marketing Activities (Including Targeted Marketing Campaigns), Send a Giveaway for an Event
- Name, ID, E-mail Address, Mobile Number, Address, Date of Birth, Country, Gender, Social Media Account Code, Cookies, ADID, IDFA
5) For Refunds (Via Bank Account)
- Bank Account Information for Refunds (Name of Bank, Account No., Account Holder)
6) To Prevent Malicious, Unauthorized Use and Preserve Records for Customer Dispute Resolution
- Service Usage Record, IP Address, Cookies, Date and Time of Visit, Improper Usage Record, Device Info (Device Identifier, OS Version Number)
7) To Resolve and Deal with Customer Disputes
- Name, ID, Mobile Number, E-mail Address, Consultation Record

2. Retention and Processing Period of Personal Information

 Your personal information is immediately disposed of by the Company when you close your account. However, if longer retention is required by any applicable law or the Company’s internal policy and you give your consent to it, the data is securely stored for a certain period of time and not used for any other purpose.
(1) The Company’s Internal Policy on Information, Purpose, and Period of Retention
1) To prevent damage by an abnormal account withdrawal: Name, ID, Password, Mobile Number, E-mail Address (Retention Period) 60 days after an inquiry for account closure is made.
2) To block illegal and improper activities for personal profit such as identity theft or frequent requests to close/deactivate one’s account to receive discount coupons and special benefits: Name, ID, E-mail Address, Connected Social Media Account Info, Social Media ID (E-mail Address) (For Customers Registered via Social Media).
(2) Other Applicable Laws
1) The Protection of Communications Secrets Act
- (Purpose) To provide information required by investigating authorities
- (Data Required) Log Data, IP, etc.
- (Retention Period) 3 Months
 2) The Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
- (Purpose) To keep record of customer complaint and dispute resolution
- (Data Required) Customer Identifier, Records on Complaint and Dispute Resolution, etc.
- (Retention Period) 3 Years - (Purpose) To keep record of contracts, subscription withdrawal, payment and provision of goods, etc.
- (Data Required) Customer Identifier, Records on Contracts and Subscription Withdrawal, etc.
- (Retention Period) 5 Years
3) The Framework Act on National Taxes
- (Purpose) To calculate the period of tax exclusion
- (Data Required) Proof of Taxes Paid, etc.
- (Retention Period) 10 Years
- (Purpose) To calculate the period of extinctive prescription for national tax collection
- (Data Required) Taxation Standards, Tax Report, etc. - (Retention Period) 5 Years
4) Value-Added Tax Act
- (Purpose) To maintain accounting records and keep transaction records, etc.
- (Data Required) VAT Invoice, Import VAT Invoice, Receipt, Added-Value Tax Report, Accounting Book, etc.
- (Retention Period) 5 Years

3. Disposal of Personal Information and Conversion to Deactivated Account
1) Disposal Process
- Once the purpose is fulfilled, your personal information is transferred to a separate database storage and disposed of after being retained for a certain period of time in accordance with applicable laws and the Company’s internal policy (See the Retention and Processing Period).
- The personal information in a separate database storage is not used for any other purpose unless otherwise required by law. Unauthorized access to the data is strictly limited.
2) Disposal Method
- Electronically stored personal information is securely disposed of and is not retrievable.
- Personal information stored on paper is shredded.
(2) In compliance with ‘the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.’, accounts with no log data for more than one year are automatically deactivated.
- You will be notified of the estimated date for deactivation via your registered e-mail 30 days before. Sign in to your account if you wish to continue to use services.
- Once your account is deactivated, your personal information is transferred to a separate database storage and securely managed. Sign in to the Company’s website if you wish to reactivate your account and resume your use of services.

4. Sharing Personal Information with Third Parties
(1) The Company does not share your personal information with third parties for any purpose other than the specified reasons for collection and use. However, your personal information can be shared with third parties in compliance with applicable laws.
(2) Despite the article (1) above, your personal information can be shared for the following reasons.
- When it is required to disclose personal information to take legal action against offences such as damage caused to others and violation of the terms and conditions of the Company.
- When personal information is shared in an unidentifiable form for statistics, academic, and market research, and email notification.
(3) The Company may share your information with third parties in the following manner.
- Receiver of personal information: YEK Glass Co., Ltd.
- Purpose of sharing and processing your information: to confirm orders for self-production items and prepare shipment
- Information the Company shares with third parties: ID, Name, Phone No., Mobile No., Shipping Address, Order Details, Payment Information
- Retention and processing period (by third parties): Service provision period

5. Outsourcing of Personal Information Handling
(1) The Company outsources certain tasks to other companies for certain services. The tasks are as follows.

 Service  Provider Task
 SIIC Inc.   Customer Support & Consultation
 Fastbox Inc.  Warehousing & Shipping
 ePost (EMS)  Product Delivery
 cafe24 Corp.  Establishment and Maintenance of Computer System, Operation, Personal Identification, Customer Support & Consultation
 KSNET Inc., KR Partners Co., Ltd.  Payment Processing  


(2) The Company regulates and supervises entrusted companies through contracts that stipulate the prohibition of unauthorized processing of personal information, technical and organizational measures for protection,
limitations on recommissioning, management and supervision of trustees, liability for damages, etc.
(3) If there is any change in entrusted service or company, the change will immediately be updated on the Privacy Policy.

6. Links to Other Websites
The Company may provide you with links to other websites or material. In this case, the Company has no control over the material and websites you access, and is not responsible or liable for relevant services received or the reliability and usability of the material.
 
7. Your Rights
(1) Users and legal representatives can always view and revise the personal information of themselves or the underage users they represent, and have a right to disagree with the Privacy Policy and close their account.
 Please note you may not be able to use certain or entire services when you or your legal representatives withdraw the consent to the Privacy Policy.
(2) See how to view your personal information below.
- To view your collected or current personal information: Sign In > ‘My Account > Edit My Profile’
(3) See how to edit your personal information and close your account (withdraw your consent) below.
- To edit your personal information: Sign In > My Account > My Profile > Edit My Profile
- To close your account (to withdraw your consent): Sign In > ‘My Account > My Profile > Edit My Profile > Close My Account’ (identity verification required)
(4) Make an inquiry, send an email, or give a call. The Company will take prompt action to address your concerns.
(5) When you make a request to correct erroneous information in your profile, the relevant personal information will not be used or provided until corrections are applied. In case incorrect information is provided to third parties, the Company will immediately notify them of the correct information and instruct them to apply to their services.
(6) The Company processes the deleted personal information and the information of closed accounts in accordance with “the Retention and Processing Period of Personal Information”. Your personal information cannot be accessed or used for any other purpose once deleted or you close your account.

8. Your Obligations
(1) You are obliged to protect your own personal information. The Company takes no responsibilities for any predicament caused by information leakage due to your negligence.
(2) When you edit your profile, you ought to enter correct information. The responsibility for any predicament due to incorrect information you enter lies with you. Users who create an account or use services with a stolen identity are subject to account withdrawal and punishment based on applicable laws.
(3) You have a right to have your personal information protected. At the same time, you are obliged to protect your own information and not violate the information of others. Exercise precautions to prevent information leakage of your personal data including your ID and password, and not to damage the personal information (including postings) of others.
(4) You are obliged to comply with any applicable law such as ‘the Personal Information Protection Act’ and ‘the Act on Promotion of Information and communications Network Utilization and Information Protection, etc.’.

9. Installation, Operation, and Refusal of Automatic Data Collection Tools (Such as Cookies) The followings are the Company’s terms and conditions for installation, operation, and refusal of automatic data collection tools.
The Company employs data collection tools such as cookies. Cookies are small text files, created by the Company’s website on your computer and stored on your hard disk.
(1) How the Company uses cookies The Company uses the collected cookies to analyze the frequency and time of your visits, figure out your interests, interests and patterns of use, and track your visits and events you participate in to provide a more personalized experience on the website.
(2) Refusal, Installation, Operation of Cookies
1) You have a right to agree to or reject cookies. You can always withdraw your consent and delete the cookies at any time.
2) Go to the settings on your browser ① to accept all cookies, ② to see cookies stored on your computer, ③ to reject all cookies. Settings vary by browser. See the following instructions for more browser-specific information.
- Internet Explorer: Go to ‘Tools’ > Select ‘Internet Options’ > Select the ‘Privacy’ tab > Select a Setting for the Internet Zone
- Chrome: Go to ‘Settings’ > Click ‘Advanced’ at the bottom > Select ‘Content Settings’ under ‘Privacy and Security’ > Control Cookies.
- Firefox: Click ‘Options’ > Select ‘Privacy & Security’ > Select ‘Use custom settings for history’ > Control Cookies  
- Safari: Select ‘Preferences’ under the ‘Safari’ menu > Select the ‘Privacy’ tab > Select an Option for Cookies and Website data
- How to reject the use of ADID/IDFA
 iOS: Settings > Advertising > Select ‘Limit Ad Tracking’
 Android: Settings > Google Settings > Ads > Untick ‘Opt Out of Interest-based Ads’
- You may not be able to use certain services or receive customized services when you reject cookies.

10. Technical/Organizational Measures to Protect Personal Information The Company establishes the following technical/organizational measures to ensure the security of your personal information when it’s processed.
(1) Password Encryption Your password is encrypted in a one-way encryption format. Only you can access and change your personal information. Take precautions to ensure your password is not disclosed to others.
(2) Protection Against Hacking
1) The Company operates the intrusion detection and firewall systems 24 hours a day in order to prevent the loss, leakage, theft, falsification, and damage of your personal information due to cyberattack and computer viruses on the Company’s network. To ensure the security of your personal information, the intrusion detection and firewall systems are operated in full duplex mode.
2) To deal with damage to personal information, important data is backed up on a regular basis while vaccine programs are employed to protect your personal information against leakage.
3) Sensitive information is encrypted for security in the course of transmission through the internet and computer networks.
4) The Company continuously makes all efforts to ensure security by employing the latest systems and professionals.
(3) Minimum Access to Personal Information and Periodic Training
1) The Company limits the number of individuals who deal with and access personal information to a minimum extent, and immediately withdraws and cancels the authority to access personal information in the event of changes in personnel.
2) Periodic trainings are provided to individuals who are in charge of managing personal information in order to remind them of the importance of personal information protection and ensure the security of your personal information.

11. Personal Information Manager and Team The Company has a professional team specialized in personal information protection and a personal information manager to deal with related complaints and inquiries.
(1) Make an inquiry to the personal information manager or team to resolve issues on personal information. The Company will try to reply to your inquiry as soon as possible.
1) Personal Information
Manager: Jun-Young Park (CEO)
- E-mail Address: responsibility@smtown.com
- Phone: +82-1661-6110
2) Personal Information
Management Team: Business Development Team
- E-mail Address: responsibility@smtown.com
- Phone: +82-1661-6110

 Please make an inquiry to the following organizations if you need to report or consult issues regarding intrusion of personal information.
- KISA (http://privacy.kisa.or.kr / +82-118)
- Cyber Crime Investigation, Supreme Prosecutors’ Office (http:// www.spo.go.kr / +82-1301)
- National Police Agency Cyber Bureau (http://cyberbureau.police.go.kr/index.do / +82-182)
- E-Commerce Mediation Committee ( https://www.ecmc.or.kr / +82-1661-5714)

12. Revisions to Personal Information Handling Policy The privacy policy stated above can be revised in compliance with government policies or the needs of the Company. Any change such the addition, removal, or amendment of regulations is notified on the Company’s website or via email 7 days before the change comes into effect. In case of a change made in Purpose of Collecting and Processing Personal Information, Sharing Personal Information with Third Parties, etc., the change is notified 30 days before the enforcement. The Company may seek your consent for changes in Purpose of Collecting and Processing Personal Information, Sharing Personal Information with Third Parties, etc. in compliance with applicable laws such as the Act on Promotion of Information and communications Network Utilization and Information Protection, etc.

 Enforcement Date: April 2, 2019



WORLD SHIPPING

PLEASE SELECT THE DESTINATION COUNTRY AND LANGUAGE :

GO
close