Privacy Policy

CTK Privacy Policy

CTK Co., Ltd. (hereinafter referred to as the 'company') complies with all private information protection related laws and regulations including 『Private information protection act』, 『Act on promotion of information and communications network utilization and information protection, etc.』 and protects private information of the user by establishing and complying with a separate Privacy Policy of the company. Further, the company discloses the Privacy Policy at the main page of the company’s homepage so that the user can read and understand it.

The company’s Privacy Policy is subject to change according to the change of the laws or notification or the change of the internal operation policy. If the Privacy Policy is changed, the changed matters shall be notified through the homepage.

The company’ private information protection policy contains the following contents.

[Definition of terms]

- “Personal information” means information about a living individual, and information that can identify the individual by the name, date of birth, etc. contained in the information (even if the information alone cannot identify a specific individual, it includes information that can be easily combined with other information for investigation).

- The company collects personal information of members by the following methods.

1. Items of personal information to be collected and collection method

2. For the purpose of collecting and using personal information, it shall be used within the range notified, and if the range is exceeded or changed, the consent of the user shall be obtained in advance. The same applies to changes in the retention and usage period of personal information, provision to third parties, and changes in the contents at the time of outsourcing. All major changes shall be notified to the user and shall be consented by the method of internet site, written document, telephone, email, etc.

- In the procedure for membership registration, etc., if the "Agree" button for receiving commercial advertisements via e-mail, mobile phone, etc. is clicked, it is confirmed to have agreed to receive commercial advertising information.

 

Article 1 Items of personal information to be collected and collection method

The company collects personal information by the following items and collection methods.

1. Collection items: ID and password, name, address, postal code, telephone number, mobile phone number, email address, whether or not promotion mail is received, country, business registration number, company name, bank account information, credit card information, bad usage record, access date and time, service usage record, PC IP and cookie

2. When registering as a member, the company presents the required fields and optional fields. The applicant for membership services must fill in the required fields to use the membership services provided by the company. However, even if the applicant does not enter this in the optional fields, there are no restrictions on the use of the membership service. The member who wishes to use the paid service must enter items such as bank account information and credit card information within the range necessary for payment of the usage fee, which is used for the purpose of payment of usage slips. 

1. Homepage membership registration and management

Required fields: Name, email (ID), password, country, phone number, email address, country, date of birth, company or brand name , Business Type

Optional fields : Website , phone number

 

2. Goods or services provision

Required fields: Address, name, company name, phone number, email address, business registration number, payment information (account transfer: bank name, account holder name, depositor name / credit card payment: Information for settlement charges such as card company name, card number)

 

3. Collection method: Homepage (member registration)

The company shall not use the entered information for any other purpose other than the purpose of publicizing it to the user in advance, and shall not disclose it to the outside.

 

Article 2 Purpose of collecting and using personal information

The purpose of collecting and using personal information collected by the company is as follows.

1. It is used for fulfillment of contracts related to service provision, settlement of fees associated with service provision, purchase of goods and settlement of fees, delivery of goods or delivery of invoices, and personal authentication of financial transactions. The company does not unnecessarily disclose the personal information of the user without the prior consent of the user, and uses the collected information as follows.

2. Member management

It is used for identification of the user by using the service, provision of age restriction service, complaint processing such as grievance processing, securing smooth communication route such as transmission of notification matters, resetting when password is lost, record keeping for dispute mediation resolution, prevention of unlawful use by a bad member and unauthorized use, and confirmation of overlapped subscription.

3. Use for new services and marketing

It is used to guide new services and event information, provide custom-made services, create analytical materials according to demographic characteristics, provide services, and post advertisements.

 

Article 3 Retention and usage period of personal information

In principle, the company shall destroy the personal information without delay after the purpose of collecting and using it has been achieved.

However, the following information shall be retained during the specified period for the following reasons.

- Retention items: ID and password, name, date of birth, address, phone number, mobile phone number, SMS reception, email address, newsletter reception, access date and time, PC specification information, service usage record, legal representative information, PC IP

- Basis for retention: Purpose for consumer complaint and dispute resolution at the time of membership withdrawal: 90 days

- Website visit record: 3 years

- Until the period of consent, if the consent of the customer is obtained: 30 days at the time of withdrawal of the member with the consent of the member

Even if the purpose of collection or provision is achieved, if it is necessary to store it in accordance with the provisions of laws and regulations such as the act on the consumer protection in electronic commerce, etc., personal information protection act, commercial act, and framework act on national taxes, the personal information can be retained for a certain period of time as follows.

Information to be retained

Basis for retention

Retention period

Record of contract or withdrawal of contract application

Act on the consumer protection in electronic commerce, etc.

5 years

Record of payment and supply of goods, etc.

Act on the consumer protection in electronic commerce, etc.

5 years

Record of electronic financial transactions exceeding 10,000 won per transaction

Electronic financial transactions act

5 years

Records of consumer complaints or dispute resolution

Act on the consumer protection in electronic commerce, etc.

3 years

Record of electronic financial transactions of 10,000 won or less per transaction

Electronic financial transactions act

1 year

Records related to identity verification

Act on promotion of information and communications network utilization and information protection, etc.

6 months

 

Article 4 (Consignment of personal information processing)

Regarding the processing of personal information, the company outsources the business to the following consignment affiliated companies and stipulates the necessary matters so that personal information is safely managed at the time of consignment contract according to the related laws and regulations.

Company name

Details under consignment

CJ Logistics

ACI Worldwide

Leos International

Simple Postage, Inc.

CTK USA

Collection of ordered product delivery information and delivery service provision

NHN KCP

Payment agency service (PG)

 

Article 5 Provision and sharing of personal information

In principle, the company does not provide the personal information of users to the outside. However, the following cases are exceptions.

1. When the user agrees in advance

2. When it is necessary for payment of charges associated with service provision

3. When it is based on the related laws and regulations such as the framework act on telecommunications and the telecommunications business act or there is a request from an investigative agency according to the procedures and methods specified in the laws and regulations for the purpose of investigation

 

2. Matters concerning the member's management of personal information

- The member can withdraw his/her consent to collect personal information by clicking "My Profile> Delete Account" on the company homepage or by writing, telephone, or email to the person in charge of personal information management. After confirming the identity of the person, the company shall take measures such as destroying the personal information unless the law provides different provisions. However, if personal information is destroyed due to withdrawal from the membership, the related information generated and accumulated by the member while using the company's services may be destroyed at the same time.

- The member can request viewing and correction of his/her personal information through the member information modification page on the company's homepage, in which case the company shall take necessary measures.

- If the member's agent requires viewing or correction by visiting in person, the company may check if the person is the true agent of the member, in which case the company can request to present an evidence of agent relationship.

- If there is a valid reason for refusing to view all or part of the personal information or request correction of the member's personal information, the company shall notify the member without delay and explain the reason.

- Since the change of required fields such as name, date of birth, email address, etc., provided by the member at time of subscription are matters that can cause service errors provided by the company, the company can request a separate procedure to the relevant member for the change of required fields of the member for smooth and stable services.

 

Article 6 Matters concerning the installation and operation of the automatic personal information collection device and its refusal

The company operates 'cookies (access information files)' that store and search for member information at any time in order to provide customized services for each member.

The company identifies the member's computer in connection with the operation of the cookies, but does not personally identify the member.

- The member has the right to choose "cookies". The member can allow all cookies, go through a confirmation each time a cookie is saved or refuse the save of all cookies by selecting [Tools]> ]Internet Option]> [Security]> [User Defined Level] in the web browser. However, if the member refuses to store all cookies, he/she is able to use the services provided by the company using cookies.

 

Article 7 Technical / management protection measures for personal information

1. When processing the personal information of the member, the company takes technical measures to ensure safety so that the personal information may not be lost, stolen, leaked, altered or damaged.

2. The member's personal information is encrypted and can only be confirmed by the person himself/herself, and the personal information can be confirmed and changed only by the person himself/herself.

3. The company enables the secure transmission of personal information over the network through encrypted communication.

4. The company does its best to prevent the leakage or damage of member's personal information due to hacking or computer viruses.

5. The company regularly backs up personal information in case of emergency situation, and uses a vaccine program to take steps to prevent damage from computer viruses.

6. The company makes continual efforts to enhance security through measures such as access control to the system, authority management, and inspection of vulnerabilities.

7. The company limits the access authority to the member's personal information to the minimum number of people, and provides regular education to the staff who handle personal information.

8. The company confirms whether the department in charge of personal information protection business complies with the Privacy Policy and internal regulations, and makes efforts to correct any problems found immediately.

9. The company shall not be held responsible for any problems caused by leakage of personal information such as ID, password, date of birth, etc. due to negligence of the member or problems on the Internet.

 

Article 8 Compliant handling service regarding personal information

The company has designated the related department and the personal information manager as follows in order to protect the personal information of customers and handle complaints about personal information.

Personal information protection officer

Name

Email

Tel.

Kyle Park

kspark@ctkcosmetics.com

02-6283-7220

 

You can report any complaints related to the protection of personal information that occur when using the services of the company to the person in charge of personal information management or the department in charge. The company shall promptly provide sufficient answers to the user's report.

If you need to report or consult regarding other infringement of personal information, please contact the following organizations.

- Personal Information Infringement Reporting Center (http://www.cyberprivacy.or.kr, Tel. 1336)

- Personal Information Dispute Mediation Committee (http://www.kopico.or.kr, Tel. 1336)

- Information Protection Mark Certification Committee (http://www.privacymark.or.kr, Tel. 02-580-0533)

- National Police Agency (http://www.police.go.kr)

 

Article 9 Subscription by a person under the age of 14

1. The company does not accept membership of children under the age of 14 who require the consent of a legal agent due to the Personal information protection act and contractual issues on the B2B service platform.

2. Any member who wants to join the company's homepage must enter his/her legal date of birth and check the'14 years old and over' field. The company does not take any responsibility for any legal problems due to entering false information.

 

Article 10 Retention period and destruction of personal information

1. The company shall destroy the user's personal information without delay when the purpose of use is achieved and the user's service cancellation request is made. However, this does not apply if it is necessary to save it according to the provisions of laws and regulations.

2. The company converts the user who does not use the services for one year into a dormant account according to the 'personal information validity period system' and stores personal information separately. The company informs the user of the fact that the member will be separately stored by 30 days before the conversion to dormant account, the scheduled dormant date, and the personal information items to be separately stored by email, SMS, App push, etc. However, if the information regarding the notification means is absent or incorrect, it shall be substituted with the contents of the Privacy Policy and destruction or separate store can be notified afterwards when logging in. Personal information stored separately shall be destroyed without delay after being stored for 4 years.

3. If the member does not wish to convert to a dormant account, the member needs to log in to the service before converting to a dormant account. In addition, even if the account is converted to a dormant account, when logging in, the dormant account can be restored and normal services can be used with the consent of the user.

4. In principle, the company destroys the personal information of the user in a way that cannot be reproduced once the retention period of the user's personal information has passed and the purpose of use is achieved. The electronic file format is safely deleted using a technical method that cannot be recovered or reproduced, and the printed personal information on paper is shredded or incinerated for destruction.

 

Article 14 Obligation to notify

If there are any additions, deletions or amendments of the contents of the Privacy Policy due to changes in the legal policy or security technology, it shall be notified of the reason for the change and the content through the homepage or notified by e-mail before the changed Privacy Policy is implemented.

 

- Supplementary Provisions -

Enforcement date: (V2)It shall be enforced from 2022.01.31