Personal Information Handling and Processing Policy

Personal Information Handling and Processing Policy

Musinsa Co., Ltd. (hereinafter referred to as the ‘Company’) regards the protection of users’ personal information with high importance. Accordingly, the Company complies with the personal information protection regulations of the relevant laws and regulations that information and communications service providers must comply with in accordance with relevant laws such as the “Personal Information Protection Act” and the “Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.” Through this personal information protection policy, the Company provides information about the purpose and method of the use of the personal information provided by the users and what measures are taken to protect the personal information. The Company's personal information processing policy contains the following contents.

1. Collection and use of personal information

The Company has a procedure in which users can select “I agree” or “I do not agree” in regard to the consent to collection and use of personal information, and users may refuse to consent to the provision of personal information, but in this case, the Company’s service use may be restricted.

Collection Items
Purpose
Method
Method of Storage
Name, E-mail address, Contact
Inquiries related to About MUSINSA
When a user contacts the Musinsa customer center (1544-7199) for suggestions and inquiries related to About MUSINSA
Destroyed immediately after the achievement of purpose
Generation Information
Visitor management
Access information, log records, etc.

2. Provision and consignment of personal information to third parties

The Company uses users' personal information within the scope notified in 'Collection and use of personal information', and does not use it beyond the scope of the purpose of the collection and use of personal information or, in principle, disclose the user's personal information to third parties without the user's prior consent. However, exceptions are made in the following cases.First, when there is users’ prior consent to disclosure.Second, when it is judged in good faith that it is required by other laws (Ex. When there is a government agency request based on due process in accordance with relevant laws, etc.)

3. Matters concerning the installation/operation and rejection of automatic personal information collection devices

The Company uses users' personal information within the scope notified in 'Collection and use of personal information', and does not use it beyond the scope of the purpose of the collection and use of personal information or, in principle, disclose the user's personal information to third parties without the user's prior consent. However, exceptions are made in the following cases.First, when there is users’ prior consent to disclosure.Second, when it is judged in good faith that it is required by other laws (Ex. When there is a government agency request based on due process in accordance with relevant laws, etc.)

1) Company’s purpose of using cookies: Analyze user access frequency and time of visit, etc.
2) Installation/operation and rejection of cookies - The user has the right to choose to install cookies. Therefore, the user can accept all cookies in the setting option of the web browser, check each time a cookie is saved, or refuse to save all cookies.
- Here's how to designate whether to allow the installation of cookies.

A. For Internet Explorer
Tool Menu at the top of the web browser > Internet Option > Privacy > Setting
B. For Chrome
Settings menu on the right side of the web browser > Show advanced settings at the bottom of the screen > Settings button for personal information content > Cookies

4. Technical and administrative measures to protect personal information

In handling users' personal information, the Company takes the following technical/administrative measures to ensure security so that personal information is not lost, stolen, leaked, altered or damaged.

1) Countermeasures against hacking
The Company has a system installed in an area where outside access is controlled to prevent leakage or damage to users' personal information through hacking or malicious code. It uses the latest vaccine program to prevent leakage or damage to users' personal information or data. In addition, an intrusion prevention system is used to control unauthorized access from the outside. It strives to be systematically equipped with all possible technical devices to ensure security.
2) Minimization and training of personal information handlers
The Company limits the number of employees handling personal information to a minimum and reduces the risk of personal information leakage. In addition, it established systematic standards for the generation and change of passwords and access rights for the database system that stores personal information and the system that processes personal information, and conducts on-going inspections. In addition, there is regular training and campaigns on personal information protection obligations and security for all employees who handle personal information.

5. Personal information destruction procedure and method

The Company destroys users' personal information without delay when the purpose of collection and use is achieved, and the destruction procedure and method are managed according to the following standards.Personal information that has achieved the purpose of collection and use of personal information, such as reaching the personal information retention period agreed by the user, is destroyed in a way so that it cannot be reproduced. Information for which preservation obligations are imposed by law is also destroyed without delay after the relevant period has elapsed in a way so that it cannot be reproduced.For electronic file types, technical methods are used to safely delete them so that they cannot be recovered or reproduced, and printed materials are destroyed by shredding or incineration.

6. Information on the manager and department in charge of personal information protection

The Company has the following manager and department to protect users' personal information and to process personal information-related grievances.

7. Obligation to change and notify personal information policy

In the event of changes to this personal information policy, the Company will notify the time of change and enforcement, and the changed content through a pop-up window (or individual notice) on the website at least 7 days prior to the revision. However, if there is a significant change in user rights, such as collection and use of personal information or provision to a third party, it will be notified at least 30 days in advance.

  • Announcement date : June 7, 2022
  • Effective date : June 7, 2022