WALALAND Privacy Policy

Walaland Corporation (hereinafter referred to as the "Company") operated by Walaland (http://www.wala-land.com, hereinafter referred to as the "Site") highly values the protection of users' personal information and is always committed to its best to protect it.
The Company has established this privacy policy in accordance with related laws such as the "Personal Information Protection Law" and "Information and Communications Network Act" to protect users' personal information and rights, and to promptly and smoothly handle any grievances related to personal information.
The privacy policy of the Company is subject to change from time to time due to changes in related laws, guidelines, or the Company's internal policies. We have procedures in place for continuous improvement of our privacy policy. When revising the privacy policy, we will notify users through the Site's announcements (or individual notices). Users are encouraged to check the Site regularly.
The "Privacy Policy" of Walaland Corporation includes the following:

· Article 1 (General Provisions)
· Article 2 (Consent to the Collection of Personal Information)
· Article 3 (Purpose of Collection and Use of Personal Information)
· Article 4 (Items and Methods of Personal Information Collection)
· Article 5 (Items and Methods of Personal Information Collection)
· Article 6 (Use and Provision of Collected Personal Information to Third Parties)
· Article 7 (Access to and Correction of Personal Information)
· Article 8 (Withdrawal of Consent to Collection, Use, and Provision of Personal Information)
· Article 9 (Procedures and Methods for Destroying Personal Information)
· Article 10 (Entrustment of Personal Information Processing Tasks)
· Article 11 (Overseas Transfer of Personal Information)
· Article 12 (Technical/Administrative Measures for Personal Information Protection)
· Article 13 (Linked Sites)
· Article 14 (Posts/Articles)
· Article 15 (Installation, Operation, and Refusal of Automatic Personal Information Collection Device)
· Article 16 (Rights and Obligations of Users)
· Article 17 (Opinion Collection and Complaint Handling)
· Article 18 (Personal Information Protection Officer and Manager)
· Article 19 (Transmission of Advertising Information)
· Article 20 (Collection and Use of Behavioral Information)
· Article 21 (Notification Obligation)

Article 1 (General Provisions)

· Personal information refers to information about a living individual that can identify a specific individual based on details such as name, date of birth, gender included in the information (including information that can't identify an individual by itself but can be easily combined with other information to do so).
· The Company places great importance on the personal information of members and complies with related laws such as the "Information and Communications Network Act" and the "Personal Information Protection Law", and based on these, has established a privacy policy to do its best to protect members' rights.
· Through the personal information handling policy, the Company informs members how their provided personal information is being used, how it's utilized, and what measures are taken to protect personal information.
· The Company has made its privacy policy public on the first page of the site, ensuring members can easily access it at any time.
· The Company has procedures in place for continuous improvement of the privacy policy. When revising the privacy policy, the company assigns version numbers or the like to easily identify the revised contents.

Article 2 (Consent for Collection of Personal Information)
The Company obtains consent for the collection of personal information from members. The Company has established procedures to seek consent regarding the contents of the Company's privacy policy or terms of use related to the collection of personal information. If a member expresses consent following these procedures, it is considered an agreement to the collection of personal information.

Article 3 (Purpose of Collection and Use of Personal Information)
The company collects personal information within the minimum scope necessary for the following purposes to provide services. Personal information collected will not be used for purposes other than those listed below, and if the purpose of use changes, we intend to obtain prior consent.

Classification	Details
Member Management	Identity verification and personal identification for member services, Confirmation of member registration and withdrawal, Prevention of duplicate registration, Prevention of misuse by problematic members and prevention of unauthorized use, Recording for dispute resolution, complaint handling, and grievances, Delivery of various notifications, Prevention of service misuse and fraudulent transactions
Fulfillment of contracts and billing for goods or services provision	Membership registration for partner site products and services, confirmation of orders and receipts for products and services, Sending bills, making payments, accumulating and using reward points, Billing, collection of fees, Delivery of ordered products, customs declarations (using information necessary for customs procedures), Content provision, provision of personalized services, Notification of event winnings and delivery of prizes, Age and identity verification for financial transactions and services, Prevention of fraudulent transactions, operation of customer service centers, Providing location-based services, Recording to accumulate and reward cashback, etc.
Utilization for new service development and marketing, advertising	Providing optimized services (personalized services) to members, offering various convenience services and benefits, Development and specialization of new services (products), notification of new services and products, Analysis of access frequency, statistical analysis of service use, Service provision and advertisement based on demographic characteristics, Sending advertising information (email, SMS, DM, etc.), Providing opportunities to participate in events and operating member participation spaces, Marketing utilization for promotion of affiliated events and services, Analysis of member information for marketing and service development, Sending mobile app installation URL, surveys, etc.

Article 4 (Items and Method of Personal Information Collection)

· The company collects only the essential information necessary for providing basic services. For services tailored to individual preferences and needs, additional consent is obtained during information collection. There is no limitation in using the service even if the optional information is not provided.
· The company does not collect sensitive personal information that may infringe upon fundamental human rights (race and ethnicity, thoughts and beliefs, place of birth and domicile, political inclination and criminal records, health status, etc.). Under any circumstances, the information provided will not be used for any purpose other than what was previously specified, and it will not be disclosed externally.
· Items of Personal Information Collection
· Essential items

Collected/Used Items	Details
Name, Mobile Phone Number, Email Address, Gender	Membership registration using mobile phone number
Name, Mobile Phone Number, Email Address	Member identification, contact for contract fulfillment, provision of service-related information (announcements, verification of intention, service consultation, complaint handling, notices, etc.), satisfaction survey for service usage
Name, Mobile Phone Number, Service Usage Record, IP Address, Access Log	Prevention of fraudulent transactions
Orderer's Name, Orderer's Mobile Phone Number, Orderer's Email Address, Recipient's Name, Recipient's Contact (Phone Number, Mobile Phone Number), Delivery Address	Delivery of products and prizes (returns/refunds), verification of delivery address and contact, provision of load previously entered information function
Account Holder's Name, Bank Account Number, Credit Card Number, Card Owner's Name, Billing and Payment Record	Payment service, refund of transaction amount for purchase cancellation, preservation of electronic financial records
Recipient's Name, Recipient's Contact, Recipient's Email Address, Recipient's Address, Credit Card Number	Prevention of fraudulent transactions
English Name, Personal Customs Clearance Code	Collection for customs clearance when purchasing overseas delivery products, provision of load previously entered information function

· Optional items

Collected/Used Items	Details
Mobile Phone Number, Email Address, Address, Name	Notifications for events and shopping benefits, marketing purposes such as prize delivery
Device ID	Mobile app (APP) push service provision (purchase information notifications, shopping event and benefit notifications)

· Automatically collected items

Collected/Used Items	Details
Service Usage and Interruption Records, Access Log, Cookies, Access IP	Maintaining login status, providing differentiated information based on individual interests, analyzing frequency of access or stay duration for targeted marketing, tracking visited content for personalized service on next access, analyzing user behavior for service reorganization
Mobile Device Information	Improving mobile app (APP) performance and optimizing the user environment

· Methods of Personal Information Collection

· Website, written form, consultation board, telephone, chat, fax, event participation, delivery request
· Information collection through log analysis program, information collection by cookies
· Provided by identity verification institutions or affiliate companies
· Collected through smartphone applications

· The company may access and use the following information and functions within the user's mobile device for the mobile app service. Mandatory access items are informed and consented to during app installation or first execution, while optional access items are separately consented to when using the relevant service for the first time. Depending on the OS version, the method of obtaining consent for optional access items may differ. However, even if a member refuses, there is no restriction in using the basic service.

Mandatory	Access Item	Content
Essential	Device and App Record Permissions
Mobile device information	Error checking during app execution, usability improvement

Article 5 (Retention and Use Period of Personal Information)

· The company retains and uses the member's personal information for the period notified and agreed upon or as required by law. Once the purpose of collecting and using personal information is achieved, the retention period expires, or the member withdraws their consent, the collected personal information is destroyed so that it cannot be accessed or used.
· In accordance with the Commercial Law and related statutes, the company may retain personal information for a certain period for the purpose of verifying transaction-related rights and obligations. When retaining this information, its access and use are limited to the stated purpose, and the purpose, period, and retained personal information items must be clearly specified.

· Record of contract or withdrawal: 5 years
· Record of payment and supply of goods, etc.: 5 years
· Record of consumer complaints or dispute handling: 3 years
· Record of display/advertising: 6 months
· Site visit record: 6 months

· Introduction of personal information validity period system

· The company stores and manages the personal information of members who have not used the service for a long period (1 year) separately from other users' information.
· The period of non-use of the service is calculated based on points like login, and the information of members not using the service is stored and managed separately for a legally defined period.
· The company notifies such members of the related details 30 days before the date of separation and storage via email, etc.
· Personal information of members not using the service, which has been stored separately, is retained for a certain period according to the law and then destroyed. Personal information not destroyed will be provided again when the member requests to resume the service.

Article 6 (Use and Provision of Collected Personal Information to Third Parties)

· The company uses the member's personal information within the scope specified in the site's terms of use and the "Personal Information Handling Policy". It does not use or provide it to other individuals, companies, or institutions beyond this scope. However, exceptions are made when there is member consent or when information is requested according to a legally defined procedure. In these cases, care is taken when using or providing personal information.
· If a third-party provision task arises, the company will notify and obtain consent from members at the necessary time. Members have the right to refuse the provision of personal information to third parties. However, if you refuse to provide personal information to a third party, there may be restrictions on using the service.

Article 7 (Viewing and Correction of Personal Information)

· Members can view or correct their registered personal information at any time. Personal information can be directly accessed or corrected on the site by clicking "Modify Member Information". When a request for access or correction is made to the personal information protection officer or manager in writing, by phone, or via email, actions are taken immediately after verifying the requester's identity.
· If a member requests a correction due to an error in their personal information, the company does not use or provide the relevant personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the correction results will be immediately notified to the third party to ensure correction.

Article 8 (Withdrawal of Consent to Collection, Use, and Provision of Personal Information)

· Members can withdraw their consent related to the collection, use, and provision of personal information at any time. Consent withdrawal can be done directly on the site by clicking "Member Withdrawal", or when a request is made to the personal information protection officer or manager in writing, by phone, or via email, necessary actions for member withdrawal are taken immediately after verifying the requester's identity.
· The company takes necessary measures to ensure that the withdrawal of consent to the collection of personal information (member withdrawal) is as easy as the method of collecting the information.
· Personal information deleted or terminated at the request of a member is handled according to the retention and use period of personal information collected by the company, and measures are in place to prevent it from being accessed or used for other purposes.

Article 9 (Procedure and Method of Destroying Personal Information)

· After the purpose of using the collected personal information is achieved, the company destroys the information without delay according to the storage institution and usage period. If retention is required for a certain period according to internal policies and relevant laws, the information is destroyed after that retention period. Typically, personal information managed in electronic file form is immediately destroyed at the time of member withdrawal.
· The methods of destroying personal information are as follows: Personal information printed on paper is destroyed by shredding or incineration, or dissolved with chemicals. Personal information stored in electronic file format is destroyed using technical methods that prevent records from being restored or replayed.

Article 10 (Entrustment of Personal Information Processing Tasks)
· The company entrusts external professional companies with personal information processing tasks to provide smoother services to members as follows.

Entrusted Party	Entrusted Tasks
Our Partner Company	Payment information transmission and approval task agency
Our Partner Company	International logistics, product delivery, customs clearance task agency
Our Partner Company	Sending text messages, sending KakaoTalk notifications
Our Partner Company	Operation of the customer center and customer consultation
Selling Partner [List of Selling Partners]	Delivery of ordered products, customer consultation, and complaint handling

· Period of possession and use of personal information: until the member withdraws or the entrustment contract ends.
· Depending on some delivery types like direct shipping, delivery information is provided to the partner company that requested the sale in accordance with Article 21 of the "Act on Consumer Protection in Electronic Commerce, etc.".

· The company stipulates compliance with personal information protection-related regulations, confidentiality of personal information, prohibition of providing personal information to third parties, liability in case of an accident, entrusted period, and obligation to return or destroy personal information after processing ends, through entrusted business contracts, etc., and manages to comply with them.
· The company will promptly notify any changes in the content of entrusted tasks or the entrusted party through this personal information processing policy.

Article 11 (Transfer of Personal Information Abroad)
· The company uses overseas servers to provide smoother services and improve user convenience. We inform you about the transfer of personal information abroad as follows.

Item	Details
Recipient of the Transfer	Amazon Web Service, Inc
Country of Transfer	USA (Amazon Global Cloud service provision area)
Date and Method of Transfer	At the time of the member's initial registration, at the time of entering delivery information during ordering, Data relocation through a strengthened public network to a Global Cloud area-based Server
Transferred Items	Name, email address, mobile phone number, delivery address, personal customs clearance number
Purpose of Transfer	Providing Global Cloud service for "Wala" operation
Retention and Use Period	Until the member withdraws (immediately discarded afterward) - Exception 1: Information of members with purchase history is retained for 5 years. (Article 6 of the Act on Consumer Protection in Electronic Commerce, etc.) - Exception 2: IP is retained for 3 months (Article 15-2 of the Telecommunications Secrets Protection Act)

Article 12 (Technical/Administrative Measures for Personal Information Protection)

· The company has devised the following technical and administrative protection measures to ensure the safety of members' personal information against loss, theft, leakage, alteration, or damage.
· Technical Measures

· Members' personal information is protected by passwords, and important data is protected with separate security features by encrypting files and transmitted data or using a file lock function (Lock).
· The company is taking measures to prevent computer virus damage using antivirus programs. The antivirus program is updated regularly, and if a sudden virus appears, the antivirus is provided immediately to prevent personal information breaches.
· The company has adopted a security device (SSL or SET) that securely transmits personal information on the network using an encryption algorithm.
· We are doing our best for security using intrusion detection systems and vulnerability analysis systems for each server to protect against hacking and other external intrusions.

· Administrative Measures

· The company limits access to members' personal information to a minimum number of people. Those limited personnel include the following:
· Individuals who directly deal with users for marketing purposes
· Personal Information Protection Officer and managers who perform personal information management tasks
· Others for whom personal information processing is unavoidable for work-related reasons
· The company has established procedures necessary for accessing and managing members' personal information and ensures that its employees are aware of and comply with them. The company provides regular internal and external training on new security technology acquisition and personal information protection responsibilities to employees handling personal information.
· Personal information and general data are stored separately.
· When processing a member's personal information using a computer, the company designates a manager with access authority, assigns an ID and password to that manager, and regularly updates that password.
· The company requires new employees to sign an information protection pledge or personal information protection pledge to prevent information leaks by employees in advance and has established internal procedures to monitor compliance with the personal information processing policy and ensures their continuous implementation.
· Personal information-related handlers conduct job handovers in a secure manner, and responsibilities for personal information incidents are clearly established after joining and leaving the company.
· Measures are taken to confirm the identity of the member when concluding a service contract or providing a service that collects or provides payment-related information, such as a member's credit card number or bank payment account.
· The company is not responsible for incidents arising from a member's mistakes or the inherent risks of the Internet. Members must properly manage their ID and password and bear the responsibility for them.

Article 13 (Linked Sites)

· The company may provide members with links to other company websites or materials. In this case, the company has no control over external sites and materials and does not assume responsibility for the authenticity, usefulness, etc., of services or materials received from these sites and does not guarantee them in any way.
· If you click on a link included in the company's site and move to another site's page, the personal information policy of that site is unrelated to the company, so please review the policy of the newly visited site.

Article 14 (Posts)
· The company values members' posts and does its best to protect them from being altered, damaged, or deleted. However, this is not the case in the following situations:

· Spam-like posts (e.g., chain letters, advertisements for specific sites, advertisements directing to other sites, and links)
· Posts that spread false information to defame others and damage their reputation
· Content that discloses personal information without consent, violates the company's copyright, or infringes on the intellectual property rights of a third party, or posts irrelevant to the topic of the board
· To promote a desirable bulletin board culture, the company can delete or modify specific parts when someone's personal information is disclosed without consent.
· Content that can move to another themed board shows the path of movement to prevent misunderstandings.
· In other cases, it can be deleted after explicit or individual warnings.

· Fundamentally, all rights and responsibilities related to posts belong to the individual author. Also, information voluntarily disclosed through posts may be hard to protect, so you should carefully consider before disclosing information and use the service.

Article 15 (Details on the Installation, Operation of Automatic Personal Information Collection Devices, and Refusal of Them)

· The company uses "cookies" to provide cashback services and personalized individual services. A cookie is a tiny data package sent by a web server (http) to a member's computer browser and is stored on the member's computer hard drive. When a member accesses the site, the company can read the cookie content in the member's browser, search for additional information, and provide services without additional input such as names. The company uses cookies to identify users so that users can shop without logging in again after logging in once. Also, cookies are used to identify users as members of‘WALALAND’in its affiliate stores.
· The information that the company collects through cookies can be used for the following purposes:

· Provide information tailored to individual interests
· Analyze login frequency or duration to understand user preferences and interests, used as a basis for targeted marketing and service revision
· Track traces of interesting content to provide personalized services on the next visit
· Determine the degree of participation in various events by members and provide differentiated application opportunities
· Notify the usage period when using paid services

· Members have the option regarding the installation of cookies. At the top of the web browser, go to "Tools > Internet Options > Privacy > Advanced" to either accept all cookies, be notified when a cookie is installed, or reject all cookies. However, if a member refuses cookie installation, there may be inconveniences in using the service or difficulty in providing the service.
· Cookies expire when you close your browser or log out.

Article 16 (Rights and Obligations of Users)

· Members are urged to enter their personal information accurately in its latest state to prevent unintended accidents. The responsibility for accidents arising from the incorrect input of information lies with the member. If you input false information, including unauthorized use of someone else's information, you may lose your membership.
· Members have the right to protect their personal information, and they also have the duty to protect themselves and not infringe on others' information. Be careful not to disclose your personal information, including passwords, and be cautious not to damage others' personal information, including posts. If you fail to fulfill this responsibility and harm others' information and dignity, you may be punished under the "Information and Communications Network Promotion and Information Protection Act" and other laws.

Article 17 (Opinion Gathering and Complaint Handling)

· The company values the opinions of its members and believes that members have the right to receive sincere answers to their questions.
· The company operates customer centers and other customer consultation windows to ensure smooth communication with members. If you have any questions related to personal information, please contact the contact details below.

Customer Consultation Window for Personal Information	Details
Department	CS Operation Team
Fax	02-542-7215
Email	cs@w-a-l-a.com

· Telephone consultation is available from 10 am to 5 pm on weekdays. If you request a consultation via email, bulletin board, or fax, we will try to respond within 24 hours after receipt.
· If you need to report or consult about personal information breaches, you can contact the following institutions:

Institution	Phone Number	URL
Personal Information Breach Report Center	(No area code) 118	http://privacy.kisa.or.kr
Personal Information Dispute Mediation Committee	1833-6972	http://kopico.go.kr
Prosecutor's Office Cyber Investigation Department	(No area code) 1301	http://spo.go.kr
National Police Agency Cyber Safety Division	(No area code) 182	http://cyberbureau.police.go.kr

Article 18 (Personal Information Protection Officer and Manager)

· The company highly values the protection of member's personal information and does its best to ensure that the member's personal information is not damaged, infringed upon, or leaked. However, despite technological security measures, we are not responsible for unexpected incidents resulting in information damage due to inherent network risks such as hacking or disputes arising from user-generated content.
· To protect the personal information of members and to address complaints and inquiries related to personal information, the company has designated and operates a personal information protection officer and manager as follows.

Personal Information Protection Officer	Hyun-Seung Noh
Grievance Handling Department	Wala Customer Service
Email	cs@w-a-l-a.com

Article 19 (Sending Advertisements)

· The company does not send advertisements for commercial purposes without the prior consent of the member. However, based on Article 50 of the "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.", advertisements can be sent without prior consent in the following cases:

· In cases where, within six months, a person who has collected contact information directly from a member through a transaction relationship intends to send advertisements for commercial purposes about the same type of goods or services that they dealt with the member.

· When sending advertising information for online marketing purposes through email, etc., the company obtains prior consent from the member and ensures that the following details are easily identifiable in the subject and body:

· Subject: The word (Advertisement) is indicated in the subject line.
· Body: The sender's name, email address, phone number, and address are specified, along with a method for the member to easily indicate their refusal to receive such communications.

· When the company sends commercial advertisements to members who have agreed to receive them, other than by email, necessary measures are taken, such as indicating the sender's name.
· If a member indicates a refusal to receive or withdraws their prior consent, the company will not send advertisements for commercial purposes.

Article 20 (Collection and Use of Behavioral Information)

The company strives to provide optimized and personalized services and benefits to members based on their website visit history, search history, app usage history, etc. In addition, the company allows its partners (advertisers) to collect behavioral information such as website visit history, search history, and app usage history.

· Advertisers collecting and processing behavioral information: Google, Facebook, Naver
· Collected behavioral information items: site visit history, app usage history, search history, advertising identifiers (ADID, IDFA)
· Method of collecting behavioral information: Automatically collected and transmitted when a user visits/executes a web/app site
· How to opt-out of collecting advertising identifiers (ADID, IDFA)

· Android: Settings > Google (Google Settings) > Ads > Opt out of ad personalization
· iOS: Settings > Privacy > Advertising > Limit Ad Tracking

Article 21 (Notification Obligation)
This Personal Information Protection Policy was revised on September 1, 2023. Should there be any additions, deletions, or modifications in the content due to changes in government policies, related information protection regulations, or security technologies, we will notify through announcements at least 7 days before the revisions.
Personal Information Protection Policy Effective Date: September 1, 2023
Personal Information Protection Policy Announcement Date: August 24, 2023
Initial Personal Information Protection Policy Effective Date: January 17, 2022