Privacy Policy 

Article 1 (Purpose)

SMLNS Co., Ltd. (hereinafter referred to as the "Company") establishes this Privacy Policy (hereinafter referred to as the "Policy") in order to protect the personal information (hereinafter referred to as "Personal Information") of individuals (hereinafter referred to as "Users" or "Individuals") who use the services provided by the Company (hereinafter referred to as the "Company Services"), to comply with relevant laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the "Information and Communications Network Act"), and to promptly and smoothly handle user complaints regarding the protection of their personal information.

Article 2 (Principles of Personal Information Processing)

In accordance with applicable personal information laws and this Policy, the Company may collect users’ personal information. Collected personal information may be provided to third parties only with the individual’s consent. However, if required by law or regulation, the Company may legally provide the collected personal information to third parties without the individual’s prior consent.

Article 3 (Disclosure of this Policy)

1. The Company discloses this Policy on the homepage main screen or through a linked screen so that users can easily access and review it at any time.

2. When disclosing this Policy pursuant to Paragraph 1, the Company ensures that users can easily view it by using appropriate font sizes, colors, and other visual elements.

Article 4 (Changes to this Policy)

1. This Policy may be revised in accordance with changes to relevant personal information laws, guidelines, notices, or changes to the policies or content of the government or the Company’s services.

2. When the Company revises this Policy pursuant to Paragraph 1, it shall notify users by one or more of the following methods:

   1. Posting a notice on the homepage’s main screen or in a separate pop-up window.

   2. Notifying users through written documents, fax, email, or similar methods.

3. The Company shall provide notice of the revision at least 7 days prior to the effective date of the revised Policy. However, if there is a significant change to users’ rights, the Company shall provide notice at least 30 days in advance.

Article 5 (Information for Membership Registration)

The Company collects the following information for the purpose of user registration for the Company’s services:

1. Required information: Email address, password, name, date of birth, and mobile phone number.

Article 6 (Information for Identity Verification)

The Company collects the following information for the purpose of verifying the identity of users:

1. Required information: Mobile phone number, email address, name, date of birth, gender, mobile carrier, nationality status (domestic/foreign), and encrypted user verification value (CI).

Article 7 (Information for Payment Services)

The Company collects the following information to provide payment services to users:

1. Required information: Card number, card PIN, expiration date, 6-digit date of birth (yy/mm/dd), bank name, and account number.

Article 8 (Information for Issuing Cash Receipts)

The Company collects the following information to issue cash receipts to users:

1. Required information: Name of the cash receipt recipient, date of birth of the cash receipt recipient, address of the cash receipt recipient, mobile phone number, and cash receipt card number.

2. Optional information: Business registration number, etc.

Article 9 (Information for Providing Company Services)

The Company collects the following information to provide its services to users:

1. Required information: ID, email address, name, date of birth, and contact information

2. Optional information: Name, phone number, and address (when delivering physical goods)

Article 10 (Information for Service Use and Fraud Detection)

The Company collects the following information to conduct statistics and analysis related to users’ service usage, and to detect and analyze fraudulent use. (Fraudulent use refers to acts such as repeatedly re-registering after membership withdrawal, repeatedly canceling purchases after buying products, improperly or illegally receiving economic benefits like discount coupons or event rewards provided by the company, acts prohibited by the Terms of Service, identity theft, and other illegal or improper acts.)

1. Required information: Service usage records, access location information, and device information

2. Optional information: Additional device information when using two or more devices

Article 11 (Methods of Collecting Personal Information)

The Company collects users’ personal information by the following methods:

1. When users enter their personal information on the Company’s website

2. When users enter their personal information through services other than the website provided by the Company, such as applications

3. When users enter personal information during the use of the Company’s services, such as customer center consultations or activities on bulletin boards

Article 12 (Use of Personal Information)

The Company uses personal information in the following cases:

1. When necessary for company operations, such as delivering announcements

2. To respond to user inquiries and handle complaints, aimed at improving services for users

3. To provide the Company’s services

4. To restrict use or take measures against members violating laws or company policies, including preventing and penalizing fraudulent activities that disrupt smooth service operations

5. For developing new services

6. For marketing purposes, such as informing about events and promotions

7. For demographic analysis and analyzing service visits and usage records

Article 13 (Provision of Personal Information Based on Prior Consent, etc.)

The Company may provide users’ personal information to the following third parties:

1. Logen Courier: For product delivery and collection, providing name, phone number, and address

2. KG Inicis: For payment processing, providing essential payment information such as card details

Even if the provision relationship ends or changes, prior notice and consent will be obtained.

Article 14 (Outsourcing of Personal Information Processing)

The Company outsources the processing of personal information as follows:

1. IAMWEB: Operation of the website and server management (until member withdrawal or termination of outsourcing)

Article 15 (Retention and Use Period of Personal Information)

1. The Company retains and uses the personal information of users for the period necessary to achieve the purpose of collecting and using the personal information.
2. Notwithstanding the foregoing, the Company retains records of fraudulent use of services for up to one year from the date of member withdrawal in order to prevent fraudulent registration and use, according to internal policies.

Article 16 (Retention and Use Period of Personal Information According to Laws)

The Company retains and uses personal information in accordance with relevant laws as follows:

1. Retention information and periods according to the Act on Consumer Protection in Electronic Commerce, etc.:

   1. Records of contracts or withdrawal of subscription: 5 years

   2. Records of payment and supply of goods: 5 years

   3. Records of consumer complaints or dispute resolutions: 3 years

   4. Records related to advertising and labeling: 6 months

2. Retention information and periods according to the Act on the Protection of Communications Secrets:

   1. Website log records: 3 months

3. Retention information and periods according to the Electronic Financial Transactions Act:

   1. Records of electronic financial transactions: 5 years

4. Retention information and periods according to the Act on the Protection, Use, etc. of Location Information:

   1. Records related to personal location information: 6 months

Article 17 (Principles of Personal Information Destruction)

As a general rule, the Company promptly destroys personal information when it is no longer necessary due to the achievement of the purpose of processing, expiration of the retention/use period, or other reasons.

Article 18 (Procedure for Personal Information Destruction)

1. Information entered by users for membership registration, etc., is transferred to a separate database (or, in the case of paper, to a separate filing cabinet) after the purpose of processing personal information has been achieved. It is stored for a certain period according to internal policies and other relevant laws regarding information protection (refer to retention and usage periods), and then destroyed.
2. The Company destroys personal information for which destruction reasons have arisen after obtaining approval from the person responsible for personal information protection.

Article 19 (Methods of Personal Information Destruction)

The Company deletes personal information stored in electronic file form using technical methods that make the records unrecoverable. Personal information printed on paper is destroyed by shredding with a shredder or by incineration.

Article 20 (Measures for Sending Advertising Information)

1. When the Company sends advertising information for commercial purposes via electronic transmission media, it obtains the explicit prior consent of the user. However, prior consent is not required in any of the following cases:

   1. When the Company has directly collected the contact information from the recipient through a transaction involving goods or services, and the Company sends advertising information related to goods or services of the same type within six months from the date the transaction was completed.

   2. When a telemarketer under the 「Act on Door-to-Door Sales」 verbally informs the recipient of the source of the personal information and makes a telemarketing call.

2. Notwithstanding the preceding paragraph, if the recipient indicates a refusal to receive advertising or withdraws prior consent, the Company shall not send advertising information for commercial purposes and will notify the recipient of the result of the refusal or withdrawal.

3. When sending advertising information for commercial purposes using electronic transmission media between 9:00 PM and 8:00 AM the next day, the Company must obtain separate prior consent from the recipient regardless of paragraph 1.

4. When sending advertising information for commercial purposes via electronic transmission media, the Company clearly states the following in the advertising information:

   1. Company name and contact information

   2. Details regarding how to refuse receipt or withdraw consent to receive such information

5. The Company shall not engage in any of the following actions when sending advertising information for commercial purposes via electronic transmission media:

   1. Actions that evade or obstruct the recipient’s refusal or withdrawal of consent to receive advertising information

   2. Automatically generating recipient contact information (such as phone numbers or email addresses) by combining numbers, symbols, or characters

   3. Automatically registering phone numbers or email addresses for the purpose of sending advertising information

   4. Any actions to conceal the identity of the sender or the source of the advertising transmission

   5. Any deceptive actions aimed at inducing recipients to respond for the purpose of sending advertising information

Article 21 (Protection of Children’s Personal Information)

1. The Company allows membership registration only for users who are 14 years of age or older to protect the personal information of children under the age of 14.

2. Notwithstanding paragraph 1, if the user is a child under the age of 14, the Company obtains consent for the collection, use, and provision of the child’s personal information from the child’s legal representative.

3. In the case of paragraph 2, the Company additionally collects the legal representative’s name, date of birth, gender, duplicate registration confirmation information (ID), and mobile phone number.

Article 22 (Access to Personal Information and Withdrawal of Consent for Collection)

1. Users and their legal representatives may at any time access, review, or modify their registered personal information and request withdrawal of consent for the collection of personal information.

2. To withdraw consent regarding the collection of their registration information, users and their legal representatives should contact the Company’s Personal Information Protection Officer or the person in charge via written request, telephone, or email. The Company will take prompt action without delay.

Article 23 (Correction of Personal Information, etc.)

1. Users may request correction of any errors in their personal information by contacting the Company through the methods described in the preceding article.

2. In such cases, the Company will not use or provide the personal information until the correction is completed. If the incorrect personal information has already been provided to a third party, the Company will promptly notify the third party of the correction result so that the correction can be made.

Article 24 (User’s Obligations)

1. Users must keep their personal information up to date, and are responsible for any problems caused by inaccurate information they provide.

2. In the case of membership registration using someone else’s personal information fraudulently, the user may lose their membership rights and may be subject to penalties under relevant personal information protection laws.

3. Users are responsible for maintaining the security of their email addresses, passwords, and other credentials, and may not transfer or lend them to any third party.

Article 25 (Measures Against Personal Information Leakage, etc.)

When the company becomes aware of the loss, theft, or leakage of personal information (hereinafter referred to as "leakage, etc."), it shall promptly notify the affected users of all of the following items and report the incident to the Korea Communications Commission or the Korea Internet & Security Agency:

1. The categories of personal information leaked, etc.

2. The time when the leakage, etc. occurred

3. Actions that users can take

4. Measures taken by the information and communication service provider

5. The department and contact information where users can make inquiries or seek consultation

Article 26 (Exceptions to Measures for Personal Information Leakage, etc.)

Notwithstanding the preceding article, if there is a legitimate reason such as being unable to obtain the contact information of the affected user, the company may replace the notification mentioned in the preceding article by posting it on the company’s website for at least 30 days.

Article 27 (Protection of Personal Information Transferred Overseas)

1. The company shall not enter into any international agreements that violate relevant laws such as the Personal Information Protection Act regarding the user’s personal information.

2. The company shall obtain the user’s consent before providing (including allowing access to), outsourcing processing, or storing (hereinafter referred to as "transfer") the user’s personal information overseas. However, if all matters in each subparagraph of paragraph 3 of this article are disclosed in accordance with the Personal Information Protection Act or other relevant laws, or if the user is notified by methods prescribed by Presidential Decree, such as email, the consent procedure for outsourcing processing or storing personal information may be exempted.

3. To obtain the consent referred to in paragraph 2, the company shall notify the user in advance of all of the following:

   1. The items of personal information to be transferred;

   2. The country to which the personal information is transferred, the date and method of transfer;

   3. The name of the recipient of the personal information (in case of a corporation, the name and contact information of the person responsible for information management);

   4. The purpose of use and retention/use period of the personal information by the recipient.

4. When transferring personal information overseas based on the consent obtained pursuant to paragraph 2, the company shall take protective measures in accordance with the Personal Information Protection Act, Presidential Decree, and other relevant laws and regulations.

Article 28 (Installation, Operation, and Rejection of Personal Information Automatic Collection Devices)

1. The company uses personal information automatic collection devices (hereinafter referred to as 'cookies') that store and retrieve user information from time to time in order to provide personalized services to users. Cookies are small pieces of information sent by the server (http) operating the website to the user’s web browser (including PC and mobile) and may be stored in the user’s storage space.
2. Users have the option to accept or reject cookies. Therefore, users can set their web browser options to allow all cookies, to confirm each time a cookie is stored, or to reject all cookies.
3. However, if the user refuses to accept cookies, some of the company’s services that require login may be difficult to use.

Article 29 (How to Specify Cookie Installation Permissions)

You can configure settings to allow or block cookies through your web browser’s option settings.

1. Edge: Settings menu at the top right of the web browser > Cookies and site permissions > Manage and delete cookies and site data

2. Chrome: Settings menu at the top right of the web browser > Privacy and security > Cookies and other site data

3. Whale: Settings menu at the top right of the web browser > Privacy protection > Cookies and other site data

Article 30 (Designation of the Company’s Personal Information Protection Officer)

The Company designates the following department and personnel to protect users’ personal information and handle complaints related to personal information.

Personal Information Protection Officer

1. Name: Seungmo Lim

2. Position: CEO

3. Phone: +82-2-543-9333

4. Email: admin@smlns.com

Personal Information Manager

1. Department: Customer Experience Team

2. Name: Alex Park

3. Phone: +82-2-543-9333

4. Email: admin@smlns.com

Article 31 (Remedies for Infringement of Rights and Interests)

If a data subject suffers damages due to a personal information breach, they may seek resolution or counseling from the following organizations:

1. Personal Information Dispute Mediation Committee: ☎ 1833-6972 | www.kopico.go.kr

2. KISA Personal Information Infringement Report Center: ☎ 118 | privacy.kisa.or.kr

3. Supreme Prosecutors' Office: ☎ 1301 | www.spo.go.kr

4. Korean National Police Agency (Cyber Bureau): ☎ 182 | ecrm.cyber.go.kr

The Company strives to ensure the data subject's right to control their personal information and actively supports consultation and relief in the event of personal information infringement. For inquiries or complaints, please contact the department specified in Article 30.

Under Articles 35 (Access to Personal Information), 36 (Correction or Deletion), and 37 (Suspension of Processing) of the Personal Information Protection Act, individuals whose rights or interests have been infringed by an administrative decision or omission by a public institution may file an administrative appeal in accordance with the Administrative Appeals Act.

1. Central Administrative Appeals Commission: ☎ 110 | www.simpan.go.kr

Supplementary Provision

Article 1 (Effective Date)
These Terms and Conditions shall take effect on June 18, 2025.