BOSU Co., Ltd. (hereinafter "the Company") complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other related laws of the Republic of Korea. The Company hereby establishes and discloses the following Privacy Policy to safeguard the personal information of its users.
This Policy applies to personal information collected and used on the website operated by the Company (shuganyuan.co.kr).
The Company processes personal information for the following purposes. The personal information processed will not be used for purposes other than those stated below, and if the purpose of use is changed, necessary measures such as obtaining separate consent will be taken in accordance with Article 18 of the Personal Information Protection Act.
| Purpose | Details |
|---|---|
| Customer inquiries and complaint handling | Receipt, processing, response, and result notification regarding product purchase inquiries, product questions, and other customer inquiries |
| Purchase support | Verification of passport information and purchase history management for overseas customers |
| Service improvement and statistics | Understanding service usage and improving service quality through statistical analysis |
The Company collects and processes the following personal information. Items marked with an asterisk (*) are mandatory; others are optional.
| Collection Channel | Mandatory Items | Optional Items |
|---|---|---|
| Customer inquiry (common) |
Name, contact (phone number or SNS account), email address, inquiry type, subject, inquiry content | — |
| Product purchase inquiry |
Name in English (as on passport), passport number, product name | — |
| Product inquiry (purchasers) |
Name in English (as on passport), passport number, purchase date, product name | — |
| Auto-collected during service use |
— | Access IP address, browser type, visit date and time, cookies |
The Company processes and retains personal information within the retention and use period required by law or agreed upon at the time of collection from the data subject.
| Item | Retention Period | Legal Basis |
|---|---|---|
| Customer inquiry records | 3 years from completion of inquiry | Consumer complaint handling and dispute resolution (Act on the Consumer Protection in Electronic Commerce) |
| Passport information (passport number, English name) | Destroyed immediately after inquiry handling is complete (or up to 1 year maximum) | Destroyed without delay after the purpose of purchase verification is fulfilled |
| Service access logs | 3 months | Protection of Communications Secrets Act |
The Company processes personal information only within the scope specified in Article 1 (Purposes of Processing), and does not provide it to third parties without the data subject's consent.
Exceptions apply in the following cases:
To facilitate smooth service delivery, the Company may entrust certain personal information processing tasks to external parties. When outsourcing, the Company defines compliance with personal information protection laws, confidentiality, prohibition of third-party transfer, liability in case of incidents, and other matters through written agreements, and supervises performance accordingly.
The Company destroys personal information without delay when the retention period has expired or the purpose of processing has been achieved, except where retention is required by relevant laws.
Destruction Procedure: Personal information eligible for destruction is identified and destroyed with the approval of the Privacy Officer.
Destruction Method:
Data subjects (users themselves) may exercise the following rights against the Company at any time:
These rights may be exercised in writing, by telephone, or by email, and the Company will respond without delay.
If a data subject requests correction or deletion of errors in their personal information, the Company will not use or provide such information until the correction or deletion is complete.
These rights may also be exercised through a legal representative or an authorized agent. In such cases, a letter of authorization in the form prescribed by the "Notice on Personal Information Processing Methods" Schedule 11 must be submitted.
Pursuant to Article 29 of the Personal Information Protection Act, the Company takes the following technical, administrative, and physical measures to ensure security:
The Company's website may use cookies to provide personalized services to users. Cookies are very small text files sent by the server operating the website to the user's browser, and they are stored on the user's computer hard drive.
Purpose of Use: Cookies are used to understand visit and usage patterns of services and websites visited, popular search terms, and whether secure connections are used, in order to provide optimized information to users.
Installation, Operation, and Refusal of Cookies: Users have the right to choose whether to install cookies. Users may set their browser options to allow all cookies, confirm each time a cookie is stored, or refuse all cookies.
The Company designates the following Privacy Officer to take overall responsibility for personal information processing and to handle complaints and remedies related to personal information processing of data subjects.
Data subjects may contact the Privacy Officer regarding all privacy-related inquiries, complaint handling, and damage remedies arising from the use of the Company's services. The Company will respond and process the data subject's inquiries without delay.
Data subjects may apply for dispute resolution or consultation with the following organizations to seek remedies for personal information infringement. These organizations are independent of the Company; please contact them if you are not satisfied with the Company's own complaint handling and remedy results, or if you need more detailed assistance.
| Organization | Function | Contact |
|---|---|---|
| Personal Information Dispute Mediation Committee | Application for personal information dispute mediation | +82-1833-6972 / www.kopico.go.kr |
| Personal Information Infringement Report Center (KISA) |
Report and consultation on personal information infringement | +82-118 / privacy.kisa.or.kr |
| Supreme Prosecutors' Office Cybercrime Investigation Unit | Criminal complaints related to personal information | +82-2-3480-3573 / www.spo.go.kr |
| National Police Agency Cyber Bureau | Criminal reports related to personal information | +82-182 / cyberbureau.police.go.kr |
This Privacy Policy is effective from the date of enforcement. If there are additions, deletions, or revisions due to changes in laws or policies, the changes will be announced via the notice board at least 7 days before the date of enforcement.
However, if there are material changes affecting the rights of users, notice will be given at least 30 days in advance.