Privacy Statement of F&F Co., Ltd.
F&F Co., Ltd. (hereinafter referred to as the “Company”) legally processes and safely manages personal information in compliance with the 「Personal Information Protection Act」 and related laws to protect the freedom and rights of information subjects. In accordance with Article 30 of the 「Personal Information Protection Act」, the following personal information processing policy is established and disclosed in order to guide information subjects on the procedures and standards for personal information processing, and to promptly and smoothly handle complaints related to this.
[index]
1. Purpose of processing personal information
2. Personal information processing and retention period
3. Items of personal information to be processed
4. Matters concerning the processing of personal information of children under the age of 14
5. Provision of personal information to third parties
6. Consignment of personal information processing
7. Personal information destruction procedure and method
8. Rights and obligations of data subject and legal representative and exercise method
9. Measures to ensure the safety of personal information
10. Matters concerning the installation, operation and rejection of automatic personal information collection devices
11. Person in charge of personal information protection and request for access to personal information
12. Remedies for Infringement of Rights and Interests
13. Changes in Privacy Policy
1. Purpose of processing personal information
The company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the 「Personal Information Protection Act」.
① Membership registration and management
- Personal information is processed for the purpose of confirming the intention to sign up as a member, identifying and verifying oneself according to the provision of membership services, maintaining and managing member qualifications, preventing illegal use of services, various notices and notifications, and grievance.
② Provision of goods or services
- Personal information is processed for the purpose of delivering goods, providing services, sending contracts and invoices, providing contents, providing customized services, self-certification, and payment.
③ Event and product information
- Personal information is processed for the purpose of various surveys to deliver advertising information such as event information and improve service quality.
2. Personal information processing and retention period
The company processes and retains personal information within the period of retention and use of personal information according to the law or within the period of retention and use of personal information consented to when collecting personal information from the information subject.
Each personal information processing and retention period is as follows.
① Membership registration and management: Until membership withdrawal
② Provision of goods or services: Until the completion of goods and services provision and payment/settlement
However, in the case of the following reasons, until the end of the relevant period
A) Transaction records in accordance with the 「Act on Consumer Protection in Electronic Commerce, Etc.」
- Record of contract or withdrawal of subscription, payment, supply of goods, etc.: 5 years
- Records on handling consumer complaints or disputes: 3 years
b) Communication confirmation data under the Protection of Communications Secrets Act
- Computer communication, Internet log record data, access location tracking data: 3 months
③ Event and product information: Until the withdrawal of consent to receive event and advertising information
3. Items of personal information to be processed
The company handles the following personal information items.
Service type | Purpose of collection/use | Item | Period of preserving and using the personal information |
Member registration and management | Discovery: Homepage/ App MLB: Homepage | [Required]: ID, password, email, personal authentication information (CI, DI), name, mobile phone number, date of birth [optional]: phone number, address | Until membership withdrawal |
Provision of goods or services | [Required]: Orderer information (name, mobile phone number, email), shipping address information (name, mobile phone number, address), payment information [optional]: phone number | Until the completion of goods and services provision and payment/settlement | |
Event and product information | [Optional]: Email, mobile phone number | Until the withdrawal of consent to receive event and advertising information |
4. Matters concerning the processing of personal information of children under the age of 14
The company guarantees the legal rights of the legal representative when collecting personal information of children under the age of 14. However, we do not collect personal information of children under the age of 14, who are difficult to obtain consent from legal representatives in reality.
5. Provision of personal information to third parties
The company processes the personal information of the information subject only within the scope specified in the purpose of processing personal information, and only when it falls under Articles 17 and 18 of the 「Personal Information Protection Act」, such as consent of the information subject and special provisions of the law. to a third party, and other than that, the personal information of the information subject is not provided to a third party.
6. Consignment of personal information processing
1) The company entrusts the following personal information processing tasks for smooth personal information processing.
Fiduciary | Consignment work |
NICE Credit Rating Information Co., Ltd. | Real name verification and identity verification service overlapping subscription confirmation information |
Logen Courier | Shipping of online orders, delivery of products and prizes |
NHN Korea Cyber Payment Co., Ltd., Naver Co., Ltd., LG CNS Co., Ltd., Kakao Pay Co., Ltd., NHN Payco Co., Ltd. | Payment agency for ordered products |
LG CNS Co., Ltd., CJ OliveNetworks Co., Ltd., KT Co., Ltd., Dawoo Technology Co., Ltd. | send message |
11st, KT Alpha Co., Ltd. | Sending mobile coupons |
C&SF Co., Ltd. | Product repair AS service |
metam | Customer service and CS handling |
Plantit Partners, Design Noble | Data analysis using personal purchase information |
Creama Co., Ltd. | Provides CRM delivery and product review solutions |
Pulgrim Co., Ltd. | Online shopping mall development and maintenance |
AWS | System operation and data storage through cloud service |
Bobos Link, Admin Noon | Online CS work |
Eximbay Co., Ltd. | MLB Global Mall PG Company |
fast box | MLB Global Mall Courier Delivery |
SK Planet Co., Ltd. | Provide product recommendation solution |
2) When concluding a consignment contract, the company prohibits processing of personal information for purposes other than the purpose of entrusted business pursuant to Article 26 of the 「Personal Information Protection Act」, takes technical and managerial protection measures, restricts re-entrustment, manages and supervises the consignee, and compensates for damages, etc. The matters are specified in documents such as contracts, and we supervise whether the trustee handles personal information safely.
3) If the contents of the entrusted business or the consignee are changed, we will disclose it through this personal information processing policy without delay.
4) In order to provide smooth service, the company entrusts the processing of personal information to overseas corporations as follows.
Fiduciary | Information management manager contact | Nation | Date and method of transfer | Item | Consignment work | Retention and use period |
SalesForce | privacy@fnfcorp.com | Japan | Transmitted through a secure network when registering as a member | ID, password, name, email, phone number, cell phone number, address, birthday, gender, marital status, wedding anniversary, customer management level | Customer mileage management | Destruction at the end of consignment contract |
7. Personal information destruction procedure and method
1) The company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing.
2) If personal information must be kept in accordance with other laws and regulations even though the personal information retention period agreed to by the information subject has elapsed or the purpose of processing has been achieved, the personal information is moved to a separate database (DB) or stored Preserve in different places.
3) The procedure and method of destroying personal information are as follows.
① Destruction procedure
- The company selects the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the person in charge of personal information protection of the company.
② Destruction method
- The company destroys personal information recorded and stored in electronic file form so that the record cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incinerating with a shredder.
4) Measures regarding destruction of personal information of non-users
① The company converts users who have not used the service for one year to dormant accounts, and keeps personal information separately. Separately stored personal information is stored for a certain period of time and then destroyed without delay.
② The company notifies members scheduled for dormancy up to 30 days before the transition to dormancy, the fact that they will be separately stored, the scheduled date of dormancy, and personal information items that are separately stored in a way that can notify users such as e-mail or text message.
③ If you do not want to switch to a human account, you can log in to the service before switching to a dormant account. In addition, even if the account has been converted to dormant, if you log in, you can use the normal service by restoring the dormant account according to the consent of the user.
8. Rights and obligations of data subject and legal representative and exercise method
1) The information subject can exercise the right to view, correct, delete, or suspend processing of personal information at any time against the company.
2) The exercise of rights can be done in writing, e-mail, fax (FAX), etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the 「Personal Information Protection Act」, and the company will take action without delay.
3) Rights can be exercised through an agent, such as a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with the “Public Notice on Personal Information Processing Methods (No. 2020-7)” Annex No. 11.
4) Request for viewing and suspension of processing of personal information may be restricted according to Article 35 Paragraph 4 and Article 37 Paragraph 2 of the 「Personal Information Protection Act」.
5) Requests for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.
6) The company checks whether the person who made the request, such as request for viewing, request for correction or deletion, or request for suspension of processing according to the rights of the information subject, is the person or a legitimate agent.
9. Measures to ensure the safety of personal information
The company takes the following measures to ensure the safety of personal information.
① Administrative measures: Establishment and implementation of internal management plan, operation of dedicated organization, regular employee training
② Technical measures: Management of access rights such as personal information processing system, installation of access control system, encryption of personal information, installation and renewal of security program
③ Physical measures: Access control in computer room, data storage room, etc.
10. Matters concerning the installation, operation and rejection of automatic personal information collection devices
1) The company uses ‘cookies’ that store and retrieve usage information from time to time to provide personalized services to users.
2) Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser, and is sometimes stored on the hard disk of the user's PC computer.
① Purpose of use of cookies: It is used to provide optimized information to users by identifying the types of visits and use of each service and website visited by the user, popular search words, security access, etc.
② Installation/Operation and Rejection of Cookies: You can refuse to save cookies by setting options in the Tools>Internet Options>Personal Information menu at the top of the web browser.
③ If you refuse to save cookies, you may experience difficulties in using customized services.
11. Person in charge of personal information protection and request for access to personal information
1) The company is responsible for overall handling of personal information processing, and has designated the person in charge of personal information protection as follows to handle complaints and damage relief of information subjects related to personal information processing.
[Personal Information Protection Officer]
Name: Young-seok Ryu
Position: Chief Information Security Officer (CISO)
2) The information subject can make a request for access to personal information pursuant to Article 35 of the 「Personal Information Protection Act」 to the following departments.
can. The company will make every effort to promptly process the personal information access request of the information subject.
[Personal Information View Request Reception/Processing Department]
Department Name: Information Security Team
Person in charge: Hwarang Kim
Contact: privacy@fnfcorp.com, Discovery Expedition: 080-820-8802, MLB: 080-807-0012
12. Remedies for Infringement of Rights and Interests
1) In order to receive relief from personal information infringement, the information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Reporting Center, etc. In addition, please contact the following organizations for reporting or consulting of other personal information infringement.
① Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
② Personal information infringement reporting center: (without area code) 118 (privacy.kisa.or.kr)
③ Supreme Prosecutor’s Office: (without area code) 1301 (www.spo.go.kr)
④ National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
2) Public institutions in response to requests under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction/Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the 「Personal Information Protection Act」 A person whose rights or interests have been infringed upon due to a disposition or omission of the Chairman may request an administrative appeal in accordance with the Administrative Appeals Act.
- Central Administrative Appeals Commission: (without an area code) 110 (www.simpan.go.kr)
13. Changes in Privacy Policy
1) This privacy policy is effective from March 27, 2023.
2) You can check the previous privacy policy below.
