Article 1 Purpose of Processing Personal Information
apM Members Co., Ltd. (hereafter “company”) regards the personal information of members with great importance, and complies with laws related to personal information, including the “Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.”, “Personal Information Protection Act”, etc. This policy contains matters related to how the personal information that is handled by the company gets processed in order to protect the personal information of members.
The company’s privacy policy is subject to change at any time due to enactments or amendments to relevant laws or guidelines or changes to the company’s internal policies, and the necessary measures are set forth in order to continuously improve the privacy policy. In addition, if the company amends the privacy policy, the amended details shall be posted through the website or mobile app, etc. so that members can see it at any time.
Article 2 Personal Information Subject to Collection
The company collects the following personal information in order to provide seamless and efficient services.
Category | Information Collected |
Required information that is collected when registering for the service | E-mail address (ID), password |
Required information that is collected during identity verification | Name, date of birth, domestic resident/foreigner information, PIN number, mobile phone number, encrypted identity verification result value (CI), duplicate registration confirmation information (DI) (for foreigners, the passport number, passport expiration date, nationality code, and nationality are also collected) |
Required information that is collected during company verification | Company name, representative’s name, company address, company representative’s contact information, company main e-mail address, copy of business registration certificate |
Information that is created/collected during the process of service use or business management | Service usage records (usage time, usage location, apM asset transaction record, product or service purchase history), device unique ID, access log and IP information, delinquent usage record, online customer service center inquiries and responses, account deletion/cancellation record, etc. |
Article 3 Purpose of Collecting/Using Personal Information and Collection Method
1.
The company collects personal information for the following purpose. The personal information that is collected shall not be used for purposes aside from the following purposes. If the purpose of use changes, the necessary measures shall be taken for obtaining additional consent.
a.
To verify identity, user identification, member registration, member management, such as processing inquiries and complaints
b.
To provide apM Members app services, such as transmission/receipt services related to apM assets, providing service usage records, etc.
c.
To provide services according to demographic characteristics, post advertisements, analyze access frequency, improve functions, statistics related to service use, provide new services that reflect the members’ service usage tendencies, interests, and usage record analyses based on service analyses and statistics, etc.
d.
To protect members and operate services, such as restricting usage for members who violate the laws and terms and conditions, prevent and restrict unauthorized behaviors or behaviors that hinder the efficient operation of the service, including delinquent usage behaviors, preventing account theft and corrupt transactions, delivering announcements, retaining records for dispute mediation, etc.
e.
Prevent money laundering and corrupt transactions
f.
Provide event information and apM Members marketing activities
g.
Check for duplicate registrations and duplicate event participation
h.
Other provision of efficient, high-quality services
2.
The company does not unnecessarily collect sensitive personal information (race, religion, beliefs, health status, political preferences, criminal records, etc.) that may potentially infringe upon the member’s basic human rights with legal grounds.
3.
The company collects personal information through the following methods.
a.
Member registration through the mobile app, written form, event website
b.
Members’ voluntary provision of information through consultations with the customer service center
c.
Participating in events and promotional events
d.
Provided by partner companies and the companies entrusted with processing personal information
e.
Collecting information that is created through log analysis programs
Article 4 Providing Personal Information
1.
The company only uses the personal information of members within the scope that was announced in “Article 3 Purpose of Collecting/Using Personal Information and Collection Method” of these terms, and does not use information beyond this scope or provide information to other companies/institutions. Special attention shall be paid to the following subparagraphs to use and provide personal information.
a.
Partner Companies: To provide better services, the personal information of members may be provided or shared with partner companies. If personal information is provided or shared, the company will go through the process of obtaining consent from members in advance regarding who the partner companies are, the personal information that will be provided or shared, why personal information must be provided or shared, and how and until when personal information will be protected and managed. If a member does give consent to the provision of their personal information, their information shall not be provided or shared with partner companies. When a partnership changes or if the partnership ends, members shall be notified and consent shall be obtained through the same procedure.
b.
Processing Entrustment: If the processing of the members’ personal information is entrusted for more efficient work operations, the details regarding the company who is entrusted with processing tasks and the person in charge of the entrusted task shall be announced in advance.
c.
Scope of Entrusted Processing: Only if there is permission to revise or change the personal information of members.
d.
Announcement and Consent Method: The announcement shall be made through the apM Members mobile app announcements (or announced separately).
2.
The cases in any of the following subparagraphs shall be exceptions to the company’s personal information provision restrictions.
a.
If the member gave their consent in advance
b.
If there is a request from a relevant institution for investigative purposes in accordance with relevant laws
c.
If there are special regulations in the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. or other relevant laws
d.
If there are other requests in accordance with procedures that are set forth in relevant laws
e.
However, even in the case of such exceptions, if information is provided in accordance with relevant laws or at the request of an investigative institution, the facts shall be announced to the parties involved by default. An announcement may not always be possible if such is unavoidable in accordance with the law. The company shall do its best to ensure the information is not provided indiscreetly against the original purpose of collecting and using information.
f.
If personal information is required in order to fulfill an agreement related to service provision, but it is extremely difficult to obtain consent through conventional means due to electronical or technical reasons
g.
Business Takeover, Etc.: If the personal information of members must be transferred due to a business takeover, merger, inheritance, or other reason, the company shall announce the facts related to the transfer of personal information in advance in accordance with the procedure and method set forth in the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., and give members the right to withdraw their consent to the transfer of personal information.
Article 5 Provision of Personal Information to 3rd Parties
1.
The company shall only use the personal information of members within the scope that was announced in the privacy policy, and shall not use personal information beyond that scope or provide the members’ personal information to 3rd parties without the members’ prior consent.
2.
If the company provides personal information to 3rd parties, they shall obtain separate consent from the member who is the owner of the information.
Article 6 Withdrawing Consent to the Collection, Use, and Provision of Personal Information
1.
Members may withdraw their consent to the collection, use, and provision of personal information that they gave during member registration at any time. To withdraw consent, members may request a consent withdrawal (delete account) or e-mail the personal information manager, and the company shall immediately take the necessary measures, such as deleting the personal information. If the company takes measures such as discarding the member’s personal information after receiving the member’s consent withdrawal request, the company shall immediately notify the member of the facts.
2.
Even if the member deletes the apM Members app on their smartphone, this does not indicate a withdrawal of consent (account deletion). The member must make a separate request as set forth in Paragraph 1 above in order to withdraw consent (delete account).
Article 7 Personal Information Retention and Usage Period
1.
If the company received consent from the information owner in advance or if it is necessary to retain personal information in accordance with the Act on the Consumer Protection in Electronic Commerce, Etc., the company shall retain member information for the period set forth in relevant laws. In this case, the information that is retained by the company shall only be used for storage purposes, and the retention period shall be as follows.
a.
Records related to identity verification: 6 months
b.
Records related to electronic financial transactions: 5 years
c.
Records related to agreement and subscription withdrawals: 5 years
d.
Records related to payments and supply of goods, etc.: 5 years
e.
Records related to electronic prepayment methods: Until the balance is exhausted
f.
Service usage records, access logs, access IP information: 3 months
g.
Records related to materials for verifying communication facts: 12 months
h.
Records related to customer verification and suspicious transaction reports: 5 years
i.
Records related to handling consumer complaints and disputes: 3 years
j.
If other consent was obtained from the customer, until the period that the customer gave consent to: Personal information is retained for 30 days when the account is deleted with the member’s consent
Article 8 Separate Storage of Dormant Members’ Personal Information
1.
Members who have not logged into the apM Members app for 1 year or more shall be converted into dormant members. The company shall separate the personal information of dormant members for safe storage.
2.
The company shall inform members who are set to become dormant members regarding the fact that their member information will be stored separately, the date the member’s account is expected to become dormant, and the personal information that will be stored separately via e-mail, written notice, phone, or other similar method 30 days before their account becomes dormant. If the information that pertains to the notification method is missing or incorrect, an announcement on the apM Members app shall take the place of the notification.
3.
Customer rewards, e-Vouchers, coupons, and other apM assets that were issued before the member’s account became dormant shall be automatically annulled at the expiration date, and expired apM assets shall not be reissued. Dormant members may be excluded from information related to the annulment of apM assets through a written notice, e-mail, etc.
4.
If a dormant member uses apM Members services again, such as apM asset transactions, logging into the apM Members mobile app, or using customer service center consultations, the dormant account shall be restored back to a regular member account.
Article 9 Procedures and Methods for Discarding Personal Information
1.
If personal information is no longer required, such as if the retention period has passed or if the purpose of processing personal information was achieved, the company shall immediately discard the relevant information in accordance with “Article 6 Personal Information Retention and Usage Period”.
2.
Personal information that was printed on paper shall be shredded with a paper shredder or incinerated, and personal information that is stored as electronic files shall be deleted using a technical method that renders the records irrecoverable.
Article 10 Management, Processing, and Entrustment of Personal Information
1.
To improve services and perform tasks related to personal information more efficiently, the company entrusts personal information processing tasks to an external specialized company as follows. In this case, the company only provides the minimum information that is necessary to perform the company’s tasks, and the matters that are required to safely manage personal information in accordance with relevant laws are stipulated in the personal information entrustment agreement.
2.
The companies who are entrusted with the company’s personal information processing tasks and the details of those details are as follows.
Entrustment Company | Entrusted Task |
NICE Information Service | Identity verification |
Article 11 Protection of Children’s Personal Information
To protect the personal information of children under 14 years of age, the company only permits member registration and service use to users age 14 or older.
Article 12 Member Rights and How to Exercise Rights
1.
Members have the right to exercise their rights with the company related to personal information protection in the following subparagraphs at any time.
a.
Request to view personal information
b.
Request corrections in the event of an error
c.
Request deletion
d.
Request to stop processing personal information
2.
If the member exercises their rights from Paragraph 1 Subparagraph 1, they may view their member information from within the apM Members app through the Revise Information function. If the member exercises their rights from Paragraph 1 Subparagraph 1 to 4, they may send a written notice, call, or send an e-mail, etc. to the company’s personal information manager or department-in-charge.
3.
Members may exercise their rights through a legal representative or a representative who was appointed by the member. In this case, they must submit a power of attorney in accordance with Appendix 11 of the Enforcement Regulations of the Personal Information Protection Act.
4.
If the information owner requests that an error in their personal information be corrected or requests that their personal information be deleted, the company shall not use or provide the relevant personal information until the correction or deletion is completed.
5.
In the following cases, the company may deny the viewing, correction, or deletion of all or a portion of the personal information.
a.
If viewing is prohibited or restricted in accordance with the law
b.
If there is a potential threat to another person’s life or health, or if there are concerns regarding an unauthorized violation of another person’s assets or other benefits
Article 13 Technical/Systematic Measures for Personal Information Protection
1.
The company enforces the following technical measures in order to secure safety so that personal information does not get lost, stolen, leaked, forged, or damaged while processing the personal information of members.
a.
The personal information of members is protected by their ID and password. Files and transmitted data are encrypted and important data is protected through a separate security feature.
b.
The company uses a security device that safely transmits personal information over the network by using an encryption algorithm.
c.
The company has installed a firewall in preparation for external intrusions such as hacking, and uses an intrusion blocking system and vulnerability analysis system for each service to perfect the security of personal information.
d.
The company uses a vaccine program to prevent damage from computer viruses. These vaccine programs are updated regularly so that if a virus suddenly appears, the vaccine is provided as soon as it is released to prevent the infringement of personal information.
2.
The company has established the following administrative measures with respect to processing the personal information of members.
a.
The company restricts access to the personal information of members to the minimum number of people who need access according to their tasks and roles.
b.
Information leaks through human means are prevented through a security pledge that is signed by all employees when they start working at the company, and internal procedures are established in order to audit whether or not the privacy policy is being enforced and employees are in compliance.
c.
The company conducts regular personal information protection training on employees in order to practice the protection of members’ personal information and to raise awareness of the importance of personal information protection.
Article 14 Personal Information Protection Manager
The company designates a personal information protection manager as follows in order to have someone be responsible for all tasks related to processing personal information, handle complaints from information owners related to the processing of personal information, perform damage relief, etc.
1. Personal Information Protection Manager
Name | Title | E-mail |
SeongHyeon Jeon | CEO | hello@apm.fashion |
2. Department in charge of personal information protection and contact information
Department | Phone | E-mail |
Development Team | 02-6329-3300 | hello@apm.fashion |
Article 15 Relief Methods for Personal Information Infringement
1.
If a member needs damage relief consultation regarding personal information infringement, they may contact the following institutions. The following institutions are independent from the company. Please contact them if you have complaints regarding how the company processes personal information, if you are unsatisfied with the company’s damage relief results, or need more detailed assistance.
a.
Personal Information Infringement Report Center (Operated by the Korea Internet & Security Agency): Website privacy.kisa.or.kr / Phone (No area code) 118
b.
Personal Information Dispute Mediation Committee (Operated by the Korea Internet & Security Agency): Website kopico.go.kr / Phone (No area code) 1833-6972
c.
Cyber Investigation Division of the Supreme Prosecutors’ Office: Website http://spo.go.kr / Phone (No area code) 1301
d.
Korean National Police Agency Cyber Bureau: Website cyberbureau.police.go.kr / Phone (No area code) 182
Article 16 Member Precautions
1.
Members must cooperate by accurately entering their most recent personal information to prevent any disadvantageous accidents. Members shall be responsible for any accidents that occur as a result of inaccurate information that was entered by the member. Members may lose their member qualifications if they enter false information, such as by stealing another person’s information.
2.
The company shall not be held responsible for the loss, theft, leakage, forgery, or damage of personal information that occurs as a result of the member’s personal error or basic internet risks.
3.
Members have the right to receive protection of their personal information, but are obligated to protect themselves and not infringe upon another person’s information. Members shall take care not to leak their own personal information, including their password, and shall make sure not to damage another person’s personal information, including posts. If the member is unable to fulfill these obligations and damages another person’s information, they may be penalized in accordance with the Personal Information Protection Act and other relevant laws.
Article 17 Duty to Announce Before Amendment
1.
Details regarding other personal information protection including this privacy policy shall be disclosed through the apM Members app that is operated by the company, and members may view this information at any time.
2.
If content in this privacy policy is added, deleted, or revised according to changes in relevant laws, policies, or security technology, the changed privacy policy shall be announced through the announcements in the apM Members app with the reason for the change and the details of the change.
(Supplementary Provisions) This privacy policy shall take effect starting August 21, 2024.