ARTICLE 1 General Rules
1. “Personal information” means an information concerning a living person by which the relevant person may be identified on the basis of his/her name, etc. contained in the information (it includes information which cannot identify the specific individual by itself but can identify that individual by easily combining with other information).
2. Box o’ Bliss (all online stores operated by Box o’ Bliss, Inc.; hereinafter referred to as “the Company”) makes much account of personal information of our customers and doing our best to protect user rights by complying with the provisions concerning protection of personal information under any applicable law including the 『Privacy Protection Act』 and the 『Act on Promotion of Information and Communications Network Utilization and Information Protection』
ARTICLE 2 Collection of Personal Information and Purpose of Use
1. The Company collects user information to provide identification of oneself, mileage or reward points and payment service, and various convenient services. The purpose and method of collection of personal information are as follows.
1) Required information(mandatory) or purpose of collection in registration
Collected information: E-mail address(used as a sign-in account), name, password
Purpose of collection: To contact in case of identification of oneself and service provision
Duration of retention: 30 days after membership withdrawal
2) Collected information and purpose of collection whilst using the service or ordering/inquiring procedures
A. Collected information when accessing to the service(mandatory)
Collected information : Service utilization record, access log, cookie, accessed IP information (Mobile device) Mobile device identification number mobile device OS information, telecommunication companies
Purpose of collection : Provision to online shopping mall services excluding services for orders
Duration of retention : Until the purpose of collection is achieved
B. Information possible to be collected when placing an order, making payment, and product shipping (mandatory)
Collected information: Address, name, contact number, recipient/contact number, payment record, inactivation record, transaction information Payment method information(bank account information, credit card information), etc.
Purpose of collection : Order and receipt for items or service products, making payment, exact delivery of ordered products Personal identification to deal with complaints, analysis aiming on service improvement
Duration of retention : Until the purpose of collection is achieved
3) Marketing-purpose collection of information and collection purpose (optional)
Collected information: E-mail, name, address, agreement in receiving marketing action, gender, date of birth
Purpose of collection: Data utilization for event/service promotion marketing, securement of accurate shipping destination for gift delivery, Provision of information on services and events by the Company(e-mail, etc.) Identification for customer service center inquiries, etc.
Duration of retention : Until the withdrawal of agreement
2. The Company’s action for provision of false information
Members must assure the accuracy and legitimacy of one’s own information. If this is violated and false information is provided through whichever method such as stealing other’s information, the Company has the right to report the member according to the related act and may withdraw the member without one’s permission.
3. Responsibilities on loss or issues occurred to individual members due to voluntary exposure of personal information is entirely on individuals. Be in full aware of the possibility of unauthorized utilization by collection of others when published on public spaces, and unwanted damage may occur.
4. Collection method of personal information
The Company’s homepage, inquiry board, telephone, participating in events, generating information collection through log analysis program, information collection through “cookie”
ARTICLE 3 Provision and Sharing of Personal Information
1. When registered as a member of Box o’ Bliss, one can purchase products operated by the Site.
2. The Company will not provide customer’s personal information to a third party without any prior agreement.
3. If member’s personal information is provided or shared, separate agreement is required after notification through the website, e-mail, and others covering information on to whom the information is provided, who is sharing the information, which information is provided or shared, what the purpose of provision or sharing is, duration of retention and utilization, etc.
4. Unless otherwise prescribed by law, provision of personal information without the member’s permission is allowed.
ARTICLE 4 Handling Entrustment of Collected Personal Information
1. The Company operates personal information handling tasks by entrusting to the following outsourcing companies to implement services.
Third-party Service Providers
Building and managing the computerized system Customer service
Box o’ Bliss Inc.
Transmission of payment information, payment agency services
KR Partners Inc.
Service provision of product shipping, shipping location / arrival information
[Sales Parners] : Dariconsulting co.,ltd, Jaimdang Corp, Manna CEA Inc, Swanicoco Inc
* Duration of retention and utilization of personal information: Until the date of withdrawal or termination of consignment contract
* Depending on certain types of delivery such as direct shipping, shipping information will be provided to affiliates, which requested sales, according to Article 21 of Electronic Commerce Consumer Protection Act.
2. Except for cases where customers have made agreement in advance or in accordance with related legislations, the Company will not utilize customer’s personal information beyond the bounds of specified range notified on the agreement nor provide it to others or other companies/institutions. However, if customer’s inquiries or complaints are concluded to be related with affiliates carried by the Company’s stores, customer’s personal information and inquiries can be provided to the corresponding affiliates for a prompt service.
ARTICLE 5 Period of Retention, Utilization, and Destruction of Personal Information
1. The Company immediately destroys personal information of members once the collection purpose or provision purpose is achieved.
(However, member registration information is destroyed with “30 days of grace period” from the date of withdrawal request due to the purpose of handling member’s inquiries, temporary postponement of reward points, etc.) It is retained for a certain period of time when there is a need of retention according to related legislation such as the Commercial Law for reasons regarding approval of transaction related management duty relations as follows.
A. Records related to contracts or withdrawal of subscription : 5 years
B. Records related to payment and supply of goods : 5 years
C. Records related to consumer complaints or dispute settlement : 3 years
2. Personal information destruction method is as follows.
A. Personal information printed on paper: Shred by paper shredder or incinerate
B. Personal information saved in digital file formats: Deletion by technical methods which makes the record irretrievable
ARTICLE 6 Method to Browse and Correct Personal Information, Withdraw Membership and Agreement
1. Members can browse of update enlisted personal information or withdraw membership whenever it is desired.
A. Homepage : After logging in, click 『My Information』 to browse and update personal information or withdraw
B. Immediate measures will take action when one contacts the Chief Manager of Personal Information.
2. When the member requests the correction of error in personal information, the company does not use or provide that personal information until the correction is completed. Moreover, in case the company has already provided the wrong personal information to third parties, the company will take measures to correct relevant information by notifying third parties with the corrected result without delay.
3. The Company handles deleted or withdrawn personal information by the member’s request according to the period of retention and utilization of personal information collected by the Company, and is restricted when attempted to be browsed or used with other purposes.
ARTICLE 7 Administration and Utilization of Cookie
1. The Company may use ‘cookie’ to provide customized service. ‘Cookie’ is a small data bundle sent from the HTTP server to the user’s browser, and is stored in the member’s computer hard drive. Cookie identifies your computer, but not you as an individual.
A. To analyze access frequency and duration of visit of members and non-members as well as understand user’s preference and field of interest to utilize as an index of target marketing and service improvement.
B. To provide customized service on subsequent shopping by tracking the information on purchased products and browsed products. Expires when cookie browser shuts down or logged out. Cookies expire after a day, and can be deleted through browser ‘delete cookie’.
* Installation of cookies and refusal thereof
You have an option to accept or refuse installation of cookies. Therefore, you can choose the options of your web browser to accept all cookies, to receive notice when cookies are installed, or to refuse all cookies.
However, if you refuse storage of cookies, you may not be able to access certain services that require log-in.
How to enable/disable cookies (For Internet Explorer)
(1) Select [Internet Option] from the [Tools] menu
(2) Click [Privacy]
(3) Click [Advance]
(4) Select whether to enable/disable cookies
How to enable/disable cookies (For Safari)
(1) At the upper left bar or MacOS, select [Safari] -> [Settings]
(2) Move to [Security] tab within the [Settings] window and select whether to enable/disable cookies
C. It is used as a data to provide customized information depending on each individual’s field of interest and to provide differentiated entry opportunities in reference to the number of visits and degree to participation of members in events held by the Company.
D. Members have an option to accept or refuse installation of cookies. Therefore, members can choose the options of one’s web browser to accept all cookies, to receive notice when cookies are installed, or to refuse all cookies.
E. Storage of cookie may be refused by members, but in this case normal web services may not be accessed.
ARTICLE 8 Chief Privacy Officer
1. To protect personal information of members and handle complaints and inquiries regarding personal information, the Company operates related department and chief privacy officer as the following.
[Person in Charge of Personal Information]
Chief Privacy Officer(CPO)
Department of Privacy Protection / Position
2. Please inquire the organizations listed below when reports or consultations from other privacy infringement issues are required.
e-Privacy Mark Certification Committee (www.eprivacy.or.kr / +82-2-580-0534)
Supreme Prosecutors’ Office Cyber Crime Investigation Department (http://www.spo.go.kr / +82-2-3480-2000)
Korean National Police Agency Cyber Bureau (http://cyberbureau.police.go.kr / +82-2-392-0330)
ARTICLE 9 Technical and Institutional Measures to Protect Personal Information
1. Technical measures
In handling personal information of member, the Company seeks for technical measures to secure safety as the following in order to make personal information not to be lost, stolen, leaked, falsified, or damaged.
A. The member’s personal information is protected by the password and the important data is protected through another security functions by using encryption of files and data to transmit or by using file-locking functions.
B. The Company takes measures using vaccine program to prevent damages by computer viruses. The vaccine program is updated regularly and when the virus appears suddenly, the violation of personal information is prevented by providing vaccine program as soon as it is updated.
C. The Company adopts security system (SSL or SET) which can transmit personal information safely on the network using encryption algorithm.
D. As preparation for foreign invasion such as hacking and others, the company makes full preparation in security by using firewall system and vulnerability analysis system in every server.
2. Managing measures
The Company restricts the access authority to the member’s personal information as minimum personnel. Those minimum personnel are as follows.
Persons who perform the direct marketing task which is targeting members
Persons who perform personal information management task such as chief privacy officer and personnel.
Other persons who inevitably deal personal information owing to the business
The Company carries out regular in-company education and commissioned education outside the company for the personnel who deal with personal information to acquire new security technology and to learn obligation of personal information protection.
When employed to the company, security pledge is required of the personal information handling personnel to prevent information leakage beforehand, and internal procedure is arranged to observe whether the personnel abides by the information protection policy.
Duty succession of personnel handling personal information is held under strict security, and subject or responsibility when personal information incident occurs is stated clear in case of employment and resignation.
Personal information and general data are stored individually.
ARTICLE 10 Transmission of Advertising Information
The Company does send advertising information for profit-making against the member’s clear intention to unsubscribe.
ARTICLE 11 Obligation of Notice