WALALAND Privacy Policy
The Company has established this privacy policy in accordance with related laws such as the "Personal Information Protection Law" and "Information and Communications Network Act" to protect users' personal information and rights, and to promptly and smoothly handle any grievances related to personal information.
The privacy policy of the Company is subject to change from time to time due to changes in related laws, guidelines, or the Company's internal policies. We have procedures in place for continuous improvement of our privacy policy. When revising the privacy policy, we will notify users through the Site's announcements (or individual notices). Users are encouraged to check the Site regularly.
The "Privacy Policy" of Walaland Corporation includes the following:
· Article 1 (General Provisions)
· Article 2 (Consent to the Collection of Personal Information)
· Article 3 (Purpose of Collection and Use of Personal Information)
· Article 4 (Items and Methods of Personal Information Collection)
· Article 5 (Items and Methods of Personal Information Collection)
· Article 6 (Use and Provision of Collected Personal Information to Third Parties)
· Article 7 (Access to and Correction of Personal Information)
· Article 8 (Withdrawal of Consent to Collection, Use, and Provision of Personal Information)
· Article 9 (Procedures and Methods for Destroying Personal Information)
· Article 10 (Entrustment of Personal Information Processing Tasks)
· Article 11 (Overseas Transfer of Personal Information)
· Article 12 (Technical/Administrative Measures for Personal Information Protection)
· Article 13 (Linked Sites)
· Article 14 (Posts/Articles)
· Article 15 (Installation, Operation, and Refusal of Automatic Personal Information Collection Device)
· Article 16 (Rights and Obligations of Users)
· Article 17 (Opinion Collection and Complaint Handling)
· Article 18 (Personal Information Protection Officer and Manager)
· Article 19 (Transmission of Advertising Information)
· Article 20 (Collection and Use of Behavioral Information)
· Article 21 (Notification Obligation)
Article 1 (General Provisions)
· Personal information refers to information about a living individual that can identify a specific individual based on details such as name, date of birth, gender included in the information (including information that can't identify an individual by itself but can be easily combined with other information to do so).
· The Company places great importance on the personal information of members and complies with related laws such as the "Information and Communications Network Act" and the "Personal Information Protection Law", and based on these, has established a privacy policy to do its best to protect members' rights.
· Through the personal information handling policy, the Company informs members how their provided personal information is being used, how it's utilized, and what measures are taken to protect personal information.
· The Company has made its privacy policy public on the first page of the site, ensuring members can easily access it at any time.
· The Company has procedures in place for continuous improvement of the privacy policy. When revising the privacy policy, the company assigns version numbers or the like to easily identify the revised contents.
Article 2 (Consent for Collection of Personal Information)
The Company obtains consent for the collection of personal information from members. The Company has established procedures to seek consent regarding the contents of the Company's privacy policy or terms of use related to the collection of personal information. If a member expresses consent following these procedures, it is considered an agreement to the collection of personal information.
Article 3 (Purpose of Collection and Use of Personal Information)
The company collects personal information within the minimum scope necessary for the following purposes to provide services. Personal information collected will not be used for purposes other than those listed below, and if the purpose of use changes, we intend to obtain prior consent.
Classification | Details |
---|---|
Member Management | Identity verification and personal identification for member services, Confirmation of member registration and withdrawal, Prevention of duplicate registration, Prevention of misuse by problematic members and prevention of unauthorized use, Recording for dispute resolution, complaint handling, and grievances, Delivery of various notifications, Prevention of service misuse and fraudulent transactions |
Fulfillment of contracts and billing for goods or services provision | Membership registration for partner site products and services, confirmation of orders and receipts for products and services, Sending bills, making payments, accumulating and using reward points, Billing, collection of fees, Delivery of ordered products, customs declarations (using information necessary for customs procedures), Content provision, provision of personalized services, Notification of event winnings and delivery of prizes, Age and identity verification for financial transactions and services, Prevention of fraudulent transactions, operation of customer service centers, Providing location-based services, Recording to accumulate and reward cashback, etc. |
Utilization for new service development and marketing, advertising | Providing optimized services (personalized services) to members, offering various convenience services and benefits, Development and specialization of new services (products), notification of new services and products, Analysis of access frequency, statistical analysis of service use, Service provision and advertisement based on demographic characteristics, Sending advertising information (email, SMS, DM, etc.), Providing opportunities to participate in events and operating member participation spaces, Marketing utilization for promotion of affiliated events and services, Analysis of member information for marketing and service development, Sending mobile app installation URL, surveys, etc. |
Article 4 (Items and Method of Personal Information Collection)
· The company does not collect sensitive personal information that may infringe upon fundamental human rights (race and ethnicity, thoughts and beliefs, place of birth and domicile, political inclination and criminal records, health status, etc.). Under any circumstances, the information provided will not be used for any purpose other than what was previously specified, and it will not be disclosed externally.
· Items of Personal Information Collection
· Essential items
Collected/Used Items | Details |
---|---|
Name, Mobile Phone Number, Email Address, Gender | Membership registration using mobile phone number |
Name, Mobile Phone Number, Email Address | Member identification, contact for contract fulfillment, provision of service-related information (announcements, verification of intention, service consultation, complaint handling, notices, etc.), satisfaction survey for service usage |
Name, Mobile Phone Number, Service Usage Record, IP Address, Access Log | Prevention of fraudulent transactions |
Orderer's Name, Orderer's Mobile Phone Number, Orderer's Email Address, Recipient's Name, Recipient's Contact (Phone Number, Mobile Phone Number), Delivery Address | Delivery of products and prizes (returns/refunds), verification of delivery address and contact, provision of load previously entered information function |
Account Holder's Name, Bank Account Number, Credit Card Number, Card Owner's Name, Billing and Payment Record | Payment service, refund of transaction amount for purchase cancellation, preservation of electronic financial records |
Recipient's Name, Recipient's Contact, Recipient's Email Address, Recipient's Address, Credit Card Number | Prevention of fraudulent transactions |
English Name, Personal Customs Clearance Code | Collection for customs clearance when purchasing overseas delivery products, provision of load previously entered information function |
Collected/Used Items | Details |
---|---|
Mobile Phone Number, Email Address, Address, Name | Notifications for events and shopping benefits, marketing purposes such as prize delivery |
Device ID | Mobile app (APP) push service provision (purchase information notifications, shopping event and benefit notifications) |
Collected/Used Items | Details |
---|---|
Service Usage and Interruption Records, Access Log, Cookies, Access IP | Maintaining login status, providing differentiated information based on individual interests, analyzing frequency of access or stay duration for targeted marketing, tracking visited content for personalized service on next access, analyzing user behavior for service reorganization |
Mobile Device Information | Improving mobile app (APP) performance and optimizing the user environment |
· Website, written form, consultation board, telephone, chat, fax, event participation, delivery request
· Information collection through log analysis program, information collection by cookies
· Provided by identity verification institutions or affiliate companies
· Collected through smartphone applications
Mandatory | Access Item | Content |
---|---|---|
Essential | Device and App Record Permissions | |
Mobile device information | Error checking during app execution, usability improvement |
Article 5 (Retention and Use Period of Personal Information)
· In accordance with the Commercial Law and related statutes, the company may retain personal information for a certain period for the purpose of verifying transaction-related rights and obligations. When retaining this information, its access and use are limited to the stated purpose, and the purpose, period, and retained personal information items must be clearly specified.
· Record of contract or withdrawal: 5 years
· Record of payment and supply of goods, etc.: 5 years
· Record of consumer complaints or dispute handling: 3 years
· Record of display/advertising: 6 months
· Site visit record: 6 months
· The company stores and manages the personal information of members who have not used the service for a long period (1 year) separately from other users' information.
· The period of non-use of the service is calculated based on points like login, and the information of members not using the service is stored and managed separately for a legally defined period.
· The company notifies such members of the related details 30 days before the date of separation and storage via email, etc.
· Personal information of members not using the service, which has been stored separately, is retained for a certain period according to the law and then destroyed. Personal information not destroyed will be provided again when the member requests to resume the service.
Article 6 (Use and Provision of Collected Personal Information to Third Parties)
· The company uses the member's personal information within the scope specified in the site's terms of use and the "Personal Information Handling Policy". It does not use or provide it to other individuals, companies, or institutions beyond this scope. However, exceptions are made when there is member consent or when information is requested according to a legally defined procedure. In these cases, care is taken when using or providing personal information.
· If a third-party provision task arises, the company will notify and obtain consent from members at the necessary time. Members have the right to refuse the provision of personal information to third parties. However, if you refuse to provide personal information to a third party, there may be restrictions on using the service.
Article 7 (Viewing and Correction of Personal Information)
· Members can view or correct their registered personal information at any time. Personal information can be directly accessed or corrected on the site by clicking "Modify Member Information". When a request for access or correction is made to the personal information protection officer or manager in writing, by phone, or via email, actions are taken immediately after verifying the requester's identity.
· If a member requests a correction due to an error in their personal information, the company does not use or provide the relevant personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the correction results will be immediately notified to the third party to ensure correction.
Article 8 (Withdrawal of Consent to Collection, Use, and Provision of Personal Information)
· Members can withdraw their consent related to the collection, use, and provision of personal information at any time. Consent withdrawal can be done directly on the site by clicking "Member Withdrawal", or when a request is made to the personal information protection officer or manager in writing, by phone, or via email, necessary actions for member withdrawal are taken immediately after verifying the requester's identity.
· The company takes necessary measures to ensure that the withdrawal of consent to the collection of personal information (member withdrawal) is as easy as the method of collecting the information.
· Personal information deleted or terminated at the request of a member is handled according to the retention and use period of personal information collected by the company, and measures are in place to prevent it from being accessed or used for other purposes.
Article 9 (Procedure and Method of Destroying Personal Information)
· After the purpose of using the collected personal information is achieved, the company destroys the information without delay according to the storage institution and usage period. If retention is required for a certain period according to internal policies and relevant laws, the information is destroyed after that retention period. Typically, personal information managed in electronic file form is immediately destroyed at the time of member withdrawal.
· The methods of destroying personal information are as follows: Personal information printed on paper is destroyed by shredding or incineration, or dissolved with chemicals. Personal information stored in electronic file format is destroyed using technical methods that prevent records from being restored or replayed.
Article 10 (Entrustment of Personal Information Processing Tasks)
· The company entrusts external professional companies with personal information processing tasks to provide smoother services to members as follows.
Entrusted Party | Entrusted Tasks |
---|---|
Our Partner Company | Payment information transmission and approval task agency |
Our Partner Company | International logistics, product delivery, customs clearance task agency |
Our Partner Company | Sending text messages, sending KakaoTalk notifications |
Our Partner Company | Operation of the customer center and customer consultation |
Selling Partner [List of Selling Partners] | Delivery of ordered products, customer consultation, and complaint handling |
· Depending on some delivery types like direct shipping, delivery information is provided to the partner company that requested the sale in accordance with Article 21 of the "Act on Consumer Protection in Electronic Commerce, etc.".
· The company will promptly notify any changes in the content of entrusted tasks or the entrusted party through this personal information processing policy.
Article 11 (Transfer of Personal Information Abroad)
· The company uses overseas servers to provide smoother services and improve user convenience. We inform you about the transfer of personal information abroad as follows.
Item | Details |
---|---|
Recipient of the Transfer | Amazon Web Service, Inc |
Country of Transfer | USA (Amazon Global Cloud service provision area) |
Date and Method of Transfer | At the time of the member's initial registration, at the time of entering delivery information during ordering, Data relocation through a strengthened public network to a Global Cloud area-based Server |
Transferred Items | Name, email address, mobile phone number, delivery address, personal customs clearance number |
Purpose of Transfer | Providing Global Cloud service for "Wala" operation |
Retention and Use Period | Until the member withdraws (immediately discarded afterward) - Exception 1: Information of members with purchase history is retained for 5 years. (Article 6 of the Act on Consumer Protection in Electronic Commerce, etc.) - Exception 2: IP is retained for 3 months (Article 15-2 of the Telecommunications Secrets Protection Act) |
· Depending on some delivery types like direct shipping, delivery information is provided to the partner company that requested the sale in accordance with Article 21 of the "Act on Consumer Protection in Electronic Commerce, etc.".
· The company will promptly notify any changes in the content of entrusted tasks or the entrusted party through this personal information processing policy.
Article 12 (Technical/Administrative Measures for Personal Information Protection)
· Technical Measures
· Members' personal information is protected by passwords, and important data is protected with separate security features by encrypting files and transmitted data or using a file lock function (Lock).
· The company is taking measures to prevent computer virus damage using antivirus programs. The antivirus program is updated regularly, and if a sudden virus appears, the antivirus is provided immediately to prevent personal information breaches.
· The company has adopted a security device (SSL or SET) that securely transmits personal information on the network using an encryption algorithm.
· We are doing our best for security using intrusion detection systems and vulnerability analysis systems for each server to protect against hacking and other external intrusions.
· The company limits access to members' personal information to a minimum number of people. Those limited personnel include the following:
· Individuals who directly deal with users for marketing purposes
· Personal Information Protection Officer and managers who perform personal information management tasks
· Others for whom personal information processing is unavoidable for work-related reasons
· The company has established procedures necessary for accessing and managing members' personal information and ensures that its employees are aware of and comply with them. The company provides regular internal and external training on new security technology acquisition and personal information protection responsibilities to employees handling personal information.
· Personal information and general data are stored separately.
· When processing a member's personal information using a computer, the company designates a manager with access authority, assigns an ID and password to that manager, and regularly updates that password.
· The company requires new employees to sign an information protection pledge or personal information protection pledge to prevent information leaks by employees in advance and has established internal procedures to monitor compliance with the personal information processing policy and ensures their continuous implementation.
· Personal information-related handlers conduct job handovers in a secure manner, and responsibilities for personal information incidents are clearly established after joining and leaving the company.
· Measures are taken to confirm the identity of the member when concluding a service contract or providing a service that collects or provides payment-related information, such as a member's credit card number or bank payment account.
· The company is not responsible for incidents arising from a member's mistakes or the inherent risks of the Internet. Members must properly manage their ID and password and bear the responsibility for them.
Article 13 (Linked Sites)
· The company may provide members with links to other company websites or materials. In this case, the company has no control over external sites and materials and does not assume responsibility for the authenticity, usefulness, etc., of services or materials received from these sites and does not guarantee them in any way.
· If you click on a link included in the company's site and move to another site's page, the personal information policy of that site is unrelated to the company, so please review the policy of the newly visited site.
Article 14 (Posts)
· The company values members' posts and does its best to protect them from being altered, damaged, or deleted. However, this is not the case in the following situations:
· Spam-like posts (e.g., chain letters, advertisements for specific sites, advertisements directing to other sites, and links)
· Posts that spread false information to defame others and damage their reputation
· Content that discloses personal information without consent, violates the company's copyright, or infringes on the intellectual property rights of a third party, or posts irrelevant to the topic of the board
· To promote a desirable bulletin board culture, the company can delete or modify specific parts when someone's personal information is disclosed without consent.
· Content that can move to another themed board shows the path of movement to prevent misunderstandings.
· In other cases, it can be deleted after explicit or individual warnings.
Article 15 (Details on the Installation, Operation of Automatic Personal Information Collection Devices, and Refusal of Them)
· The information that the company collects through cookies can be used for the following purposes:
· Provide information tailored to individual interests
· Analyze login frequency or duration to understand user preferences and interests, used as a basis for targeted marketing and service revision
· Track traces of interesting content to provide personalized services on the next visit
· Determine the degree of participation in various events by members and provide differentiated application opportunities
· Notify the usage period when using paid services
· Cookies expire when you close your browser or log out.
Article 16 (Rights and Obligations of Users)
· Members are urged to enter their personal information accurately in its latest state to prevent unintended accidents. The responsibility for accidents arising from the incorrect input of information lies with the member. If you input false information, including unauthorized use of someone else's information, you may lose your membership.
· Members have the right to protect their personal information, and they also have the duty to protect themselves and not infringe on others' information. Be careful not to disclose your personal information, including passwords, and be cautious not to damage others' personal information, including posts. If you fail to fulfill this responsibility and harm others' information and dignity, you may be punished under the "Information and Communications Network Promotion and Information Protection Act" and other laws.
Article 17 (Opinion Gathering and Complaint Handling)
· The company operates customer centers and other customer consultation windows to ensure smooth communication with members. If you have any questions related to personal information, please contact the contact details below.
Customer Consultation Window for Personal Information | Details |
---|---|
Department | CS Operation Team |
Fax | 02-542-7215 |
cs@w-a-l-a.com |
· If you need to report or consult about personal information breaches, you can contact the following institutions:
Institution | Phone Number | URL |
---|---|---|
Personal Information Breach Report Center | (No area code) 118 | http://privacy.kisa.or.kr |
Personal Information Dispute Mediation Committee | 1833-6972 | http://kopico.go.kr |
Prosecutor's Office Cyber Investigation Department | (No area code) 1301 | http://spo.go.kr |
National Police Agency Cyber Safety Division | (No area code) 182 | http://cyberbureau.police.go.kr |
Article 18 (Personal Information Protection Officer and Manager)
· The company highly values the protection of member's personal information and does its best to ensure that the member's personal information is not damaged, infringed upon, or leaked. However, despite technological security measures, we are not responsible for unexpected incidents resulting in information damage due to inherent network risks such as hacking or disputes arising from user-generated content.
· To protect the personal information of members and to address complaints and inquiries related to personal information, the company has designated and operates a personal information protection officer and manager as follows.
Personal Information Protection Officer | Hyun-Seung Noh |
---|---|
Grievance Handling Department | Wala Customer Service |
cs@w-a-l-a.com |
Article 19 (Sending Advertisements)
· In cases where, within six months, a person who has collected contact information directly from a member through a transaction relationship intends to send advertisements for commercial purposes about the same type of goods or services that they dealt with the member.
· Subject: The word (Advertisement) is indicated in the subject line.
· Body: The sender's name, email address, phone number, and address are specified, along with a method for the member to easily indicate their refusal to receive such communications.
· If a member indicates a refusal to receive or withdraws their prior consent, the company will not send advertisements for commercial purposes.
Article 20 (Collection and Use of Behavioral Information)
· Collected behavioral information items: site visit history, app usage history, search history, advertising identifiers (ADID, IDFA)
· Method of collecting behavioral information: Automatically collected and transmitted when a user visits/executes a web/app site
· How to opt-out of collecting advertising identifiers (ADID, IDFA)
· Android: Settings > Google (Google Settings) > Ads > Opt out of ad personalization
· iOS: Settings > Privacy > Advertising > Limit Ad Tracking
Article 21 (Notification Obligation)
This Personal Information Protection Policy was revised on September 1, 2023. Should there be any additions, deletions, or modifications in the content due to changes in government policies, related information protection regulations, or security technologies, we will notify through announcements at least 7 days before the revisions.
Personal Information Protection Policy Effective Date: September 1, 2023
Personal Information Protection Policy Announcement Date: August 24, 2023
Initial Personal Information Protection Policy Effective Date: January 17, 2022