Privacy Policy

F&F (hereinafter referred to as the "Company") complies with the Personal Information Protection Act and relevant laws and regulations to lawfully process and securely manage personal information, ensuring the protection of individuals' rights and freedoms. In accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses this Privacy Policy to inform individuals about the procedures and standards for personal information processing and to promptly and efficiently handle related concerns.

 

Table of Contents

  1. Purpose, Types, and Retention Period of Personal Information
  2. Procedures and Methods for the Destruction of Personal Information
  3. Provision of Personal Information to Third Parties
  4. Additional Use and Provision of Personal Information
  5. Entrustment of Personal Information Processing
  6. Matters Concerning the Collection and Transfer of Personal Information Overseas
  7. Measures for Ensuring the Security of Personal Information
  8. Installation, Operation, and Rejection of Automated Data Collection Devices
  9. Collection, Use, Provision, and Rejection of Behavioral Information
  10. Details on the Collection and Use of Behavioral Information by Third Parties through Automated Means and the User's Right to Refuse Such Collection
  11. Rights and Obligations of Data Subjects and Their Legal Representatives & Exercise Methods
  12. Personal Information Protection Officer and Personal Information Access Requests
  13. Remedies for Data Subjects
  14. Voluntary Measures Specified by the Data Controller Regarding Personal Data Processing Standards and Safeguards
  15. Changes to the Privacy Policy

 

1. Purpose, Types, and Retention Period of Personal Information

The Company collects and processes the minimum necessary personal information with the data subject's consent for the following purposes. Personal information collected is not used for purposes other than those specified below. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

Purpose of Processing Personal Information

Items of Personal Information Collected

Retention Period

Membership Registration and Management

Website General Registration
[Required]
Email
[Optional]
Last Name, First Name

Until Membership Withdrawal

Provision of Goods and Services

[Required]
Order Information: Last Name, First Name, Mobile Phone Number, Email
Shipping Information: Last Name, First Name, Mobile Phone Number, Shipping Address
Payment Information : Last Name, First Name, Phone number, Shipping Address, E-mail

5 Years
(per Article 6 of the E-Commerce Act Enforcement Decree) for transaction-related data.

Customer Support
(Providing assistance through 1:1 inquiries)

[Required]
Email
[Optional]
Name, Mobile Phone Number

3 Years after consultation ends
(Article 6 of the E-Commerce Act Enforcement Decree)

 

2. Procedures and Methods for the Destruction of Personal Information

  1. The Company promptly destroys personal information when the retention period expires, the processing purpose is achieved, or the information is no longer needed.
  2. The procedures and methods for the destruction of personal information are as follows:
    ① Destruction Procedure
    - The Company selects personal information subject to destruction and, upon approval from the Personal Information Protection Officer, securely deletes the data.
    ② Destruction Method
    - Personal information stored in electronic files is permanently deleted in a way that prevents recovery.
    - Personal information recorded on paper is shredded or incinerated to ensure complete destruction.
  3. If the retention period agreed upon by the data subject has expired or the processing purpose has been achieved, but the information must be retained under other legal provisions, the Company will store it separately in a designated database (DB) or in a different storage location.

Retained Information

Retention Period

Relevant Laws and Regulations

Records on Payment and Supply of Goods and Services

5 Years

「Act on the Consumer Protection in Electronic Commerce, etc.」

Records on Contracts and Order Cancellations

5 Years

Records on Consumer Complaints or Dispute Resolution

3 Years

Records on Advertisements and Marketing

6 Years

Records on Electronic Financial Transactions

5 Years

「Electronic Financial Transactions Act」

Records on Website and App Visits

3 Years

「Protection of Communications Secrets Act」

Information for Tax and Public Charges Payment

5 Years

「Income Tax Act」

 

3. Provision of Personal Information to Third Parties

The Company processes personal information only within the scope specified for processing purposes. Personal information is provided to third parties only in cases where the data subject's consent, special provisions of the law, or conditions specified in Articles 17 and 18 of the Personal Information Protection Act apply. Apart from these cases, the Company does not disclose personal information to third parties.

 

4. Additional Use and Provision of Personal Information

In accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act, and Article 14-2 of its Enforcement Decree, the Company may use or provide personal information without the data subject's consent if the following conditions are met:

  1. Whether it is related to the original purpose of collection
  2. Whether additional use or provision is reasonably foreseeable based on the circumstances of collection or processing practices
  3. Whether it unfairly infringes on the data subject's rights and interests
  4. Whether necessary measures, such as pseudonymization or encryption, have been taken to ensure security

If additional use or provision of personal information occurs continuously, the Company will disclose the criteria used for evaluation and ensure compliance with these standards.

 

5. Entrustment of Personal Information Processing

  1. The Company entrusts personal information processing tasks to third parties to facilitate efficient processing. The details of entrusted tasks are as follows:

    Entrusted Parties

    Entrusted Tasks

    Shopify

    Online Shopping Mall Platform Provider

    Logen Logistics

    Order and Prize Delivery

    MXN Commerce USA, INC

    Order Payment and Settlement Processing

    boboslink

    Customer Support and CS Handling

    Fastbox

    International Shipping and Delivery

    Channel Corporation

    Online Chat Support and Marketing Message Delivery

  2. When entering into an entrustment contract, the Company complies with Article 26 of the Personal Information Protection Act by specifying in contracts or other documents the prohibition of processing personal information beyond the scope of the entrusted tasks, the implementation of technical and managerial security measures, restrictions on sub-entrustment, oversight and supervision of the entrusted party, and liability for damages. The Company also monitors and supervises entrusted parties to ensure the secure processing of personal information.
  3. If there are any changes to the entrusted tasks or entrusted parties, the Company will disclose such changes promptly through this Privacy Policy.

 

6. Matters Concerning the Collection and Transfer of Personal Information Overseas

F&F transfers personal information overseas under the following conditions:

  1. Legal Basis for Cross-Border Transfer:
    In accordance with Article 28-8(1)(3) of the Personal Information Protection Act of Korea (Outsourcing or storage of personal information overseas for contract fulfillment)
  2. Personal Information Transferred:
    - Basic Account Information: Name, email address, phone number
    - Order and Payment Details: Shipping address, billing address, payment method
    - (Note: Shopify does not store complete payment information)
    - Device and Usage Data: IP address, browser type, device information, cookies, and browsing behavior
    - Customer Interactions: Support inquiries, messages, and order history
  3. Country, Timing, and Method of Transfer:
    - Countries:
    Canada - Location of Shopify headquarters
    United States - Where some infrastructure and service providers are based
    Depending on third-party apps and integrations, data may pass through or be processed in other jurisdictions.
    - Timing:
    Transfer of personal information begins as soon as the user interacts with the store (e.g., browsing, account creation, checkout)
    and continues throughout the use of the store and related services (e.g., order processing, marketing, customer support).
    Transfers may occur in real-time or periodically depending on the nature of the activity.
    - Method:
    All data is securely transmitted using encryption protocols such as TLS (Transport Layer Security).
    Shopify maintains strict security measures during the transmission and storage of personal information to comply with international standards.
  4. Recipient's Name and Contact Information:
    - Name: Shopify Inc.
    - Address: Shopify Commerce Singapore Pte. Ltd.
    - Attn: Data Protection Officer
    77 Robinson Road, #13-00 Robinson 77, Singapore 068896
    - Email: privacy@shopify.com
  5. Purpose of Use and Retention Period by the Recipient:
    - Purpose: To provide the e-commerce platform, process orders and payments, track deliveries, and manage customer relations
    - Retention Period: Until the termination of the contract or until the period required under relevant laws and regulations
  6. How to Refuse Transfer, Procedures, and Consequences:
    - How: Users may request to refuse cross-border data transfers by contacting the Data Protection Officer via email or through the customer service center
    - Procedure: Upon confirmation of the request, the result will be communicated to the user
    - Consequences: Refusal of overseas transfer may result in limitations on the use of services

 

7. Measures to Ensure the Security of Personal Information

The Company takes the following measures to ensure the security of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, operation of a dedicated security team, and regular employee training.
  2. Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, and installation and regular updates of security programs.
  3. Physical Measures: Access control to data centers, server rooms, and document storage areas.

 

8. Installation, Operation, and Rejection of Automated Data Collection Devices

  1. The Company uses cookies to store and retrieve user information to provide personalized services.
  2. Cookies are small pieces of data sent by a web server (HTTP) to a user's computer browser and may be stored on the user's PC hard drive.
    ① Purpose of Cookie Usage : Cookies are used to optimize user experience by analyzing website visits, user preferences, search trends, and security settings.
    ② How to Allow or Block Cookies
    ▶ Managing Cookies in Web Browsers
    - Chrome: Browser Settings → Privacy & Security → Clear Browsing Data
    - Edge: Browser Settings → Cookies and Site Permissions → Manage and Delete Cookies and Site Data
    ▶ Managing Cookies in Mobile Browsers
    - Chrome: Mobile Browser Settings → Privacy & Security → Clear Browsing Data
    - Safari: Device Settings → Safari → Advanced → Block All Cookies
    - Samsung Internet: Mobile Browser Settings → Browsing Data → Clear Browsing Data
    ③ Disabling cookies may affect the availability of personalized services.

 

9. Collection, Use, Provision, and Rejection of Behavioral Information

  1. The Company uses cookies and other automated data collection tools to process behavioral information in a non-identifiable manner in order to provide data subjects with optimized, personalized services, benefits, and online targeted advertisements during their use of the services.

    Types of Behavioral Information Collected

    Methods of Behavioral Information Collection

    Purpose of Behavioral Information Collection

    Retention and Usage Period & Subsequent Processing of Information

    Website/App Visit History
    Search History
    Purchase History

    Automatically Collected Upon Website and App Visit/Execution

    Providing Personalized Product Recommendation Services Based on User Interests and Preferences

    2 years from the date of collection

  2. The Company provides behavioral information as follows.

    Advertising Service Providers Collecting and Processing Behavioral Information

    Types of Behavioral Information Collected and Processed

    Purpose of Use by the Recipient

    Retention and Usage Period

    Google

    User's basic information (age, gender, region, device information),visit history (referral source, visited pages, time spent),search history, and purchase history

    Provision of personalized advertisements

    540 days from the date of collection

    META(Facebook, instagram)

    User's basic information (age, gender, region, device information),visit history (referral source, visited pages, time spent),search history, and purchase history

    Provision of personalized advertisements

    180 days from the date of collection

    TikTok

    User's basic information (age, gender, region, device information),visit history (referral source, visited pages, time spent),search history, and purchase history

    Provision of personalized advertisements

    390 days from the date of collection

  3. Data subjects can enable or disable online targeted advertising by changing their cookie settings in their web browser. However, modifying cookie settings may affect the availability of certain services, such as automatic login on websites.

▶ Blocking/Allowing Personalized Ads via Web Browsers

(1) Chrome

① How to delete cookies stored in your web browser:
Click the “⋮” icon at the top right of Chrome and select Settings.
On the left panel, click Privacy and Security, then select Clear browsing data to choose which data to delete.

② How to block third-party cookies in your web browser:
Click the “⋮” icon at the top right of Chrome and select Settings.
On the left panel, click Privacy and Security, then select Third-party cookies and choose to Block third-party cookies.

③ How to block all cookie storage in your web browser:
Click the “⋮” icon at the top right of Chrome and select New Incognito Window.
In incognito mode, browsing history, cookies, site data, and form inputs are not saved on your device.

(2) Edge

① How to delete cookies stored in your web browser:
Click the “…” icon at the top right of Edge and select Settings.
On the left panel, click Cookies and site permissions, then select Manage and delete cookies and site data to remove all cookies and site data.

② How to block third-party cookies in your web browser:
Click the “…” icon at the top right of Edge and select Settings.
On the left panel, click Privacy, search, and services, then under the Tracking prevention section, select your preferred level (Balanced or Strict).
Alternatively, go to Cookies and site permissions → Manage and delete cookies and site data, and select Block third-party cookies.

③ How to block all cookie storage in your web browser:
Click the “…” icon at the top right of Edge and select New InPrivate Window.
In InPrivate mode, browsing history, cookies, site data, and form inputs are not saved on your device.

(3) Contact for Behavioral Information Inquiries

If you have any questions regarding behavioral information, or wish to exercise your right to opt out or file a complaint, please contact us using the information below.

▶ Department in Charge of Personal Information Protection
Department Name: Information Security Team

Person in Charge : Won-jun-seok

Contact : 02-520-0020, privacy@fnfcorp.com

 

10. Details on the Collection and Use of Behavioral Information by Third Parties through Automated Means and the User's Right to Refuse Such Collection

When a data subject visits or uses the website, the Company allows third parties to collect behavioral information through automated tools such as third-party cookies and advertising identifiers for the purpose of providing efficient services, advertising, and marketing.
The behavioral information collected by third parties from the Company's website includes the following:

Name of the Collection Tool

Type of Collection Tool

Third-Party Data Collector

Behavioral Information Collected by Third Parties

Purpose of Collection

Google Analytics4

JavaScript Injection via GTM (Google Tag Manager)

Google

User behavioral data such as website visits, page views, and e-commerce activities

Statistical analysis of service usage

Google Tag Manager

JavaScript Injection via GTM (Google Tag Manager)

Google

User behavioral data such as website visits, page views, and e-commerce activities

Statistical analysis of service usage

Facebook, instagram pixel

JavaScript / Pixel

Meta(Facebook, instagram)

User behavioral data such as website visits, page views, and e-commerce activities

Serving interest-based personalized advertisements

Google Ads

JavaScript

Google

User behavioral data such as website visits, page views, and e-commerce activities

Serving interest-based personalized advertisements

TikTok pixel

JavaScript / Pixel

TIkTok

User behavioral data such as website visits, page views, and e-commerce activities

Serving interest-based personalized advertisements

How to Allow or Block Behavioral Information Collected by Third Parties

Data subjects can control whether behavioral information is collected by third parties through browser settings such as cookie preferences.

▶ On Web Browsers

(1) Chrome

① How to block third-party cookies:
Click the “⋮” icon at the top right of Chrome and select Settings.
Go to Privacy and security on the left panel, then click Third-party cookies, and choose the Block third-party cookies option.

② How to block all cookies (incognito mode):
Click the “⋮” icon at the top right of Chrome and select New Incognito Window.
In Incognito mode, browsing history, cookies, site data, and form inputs are not saved on your device.

(2) Microsoft Edge

① How to block third-party cookies:
Click the “…” icon at the top right of Edge and go to Settings.
In the left menu, click Privacy, Search, and Services, and in the Tracking prevention section, choose a prevention level (Balanced or Strict).
Alternatively, go to Cookies and site permissions → Manage and delete cookies and site data, and enable Block third-party cookies.

② How to block all cookies (InPrivate mode):
Click the “…” icon at the top right and select New InPrivate Window.
In this mode, browsing history, cookies, and form data will not be saved.

▶ On Mobile Browsers

(1) Chrome (Android Devices)

① How to block third-party cookies:
Open the Chrome app, tap the “⋮” icon at the top right, and go to Settings.
Tap Site settings → Third-party cookies, and choose to block them.
To allow exceptions, tap Add site exception and enter the desired site URL.

② How to block all cookies (Incognito mode):
Open Chrome and tap the “⋮” icon, then select New Incognito Tab.
In Incognito mode, browsing history, cookies, and site data are not stored.

(2) Safari (iOS Devices)


Open Settings on your device, scroll to and tap Safari.
Tap Advanced, then enable Block All Cookies.

(3) Samsung Internet

① How to block third-party cookies:
Open the Samsung Internet app, tap the “≡” icon at the bottom, and go to Privacy.
Under Privacy dashboard, tap Smart anti-tracking, and select Always.

② How to block all cookies (Secret mode):
Tap the Tabs icon at the bottom of the Samsung Internet app, then tap Turn on Secret mode, and press Start.
In Secret mode, no browsing history, cookies, or site data will be saved.

 

11. Rights, Obligations, and Exercise Methods of the Data Subject and Legal Representatives

  1. The data subject can exercise the rights to access, correct, delete, stop processing, or withdraw consent regarding personal information at any time.
  2. To exercise these rights, the data subject may submit the required form via written request or email as per Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act. The Company will take prompt action in response to such requests.
    - The data subject can also view, modify, or delete their shipping address directly at any time by accessing MY PAGE > My Information on the website.
  3. The rights may also be exercised through a legal representative or an authorized agent. In such cases, a power of attorney as per Form 11 of the "Notice on Personal Information Processing Methods (2023-12)" must be submitted.
  4. Requests for access and stopping processing of personal information may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.
  5. Requests for correction and deletion of personal information cannot be made if the information is mandated to be collected under other laws.
  6. The Company will verify the identity of the individual making the request for access, correction, deletion, or processing stop to ensure it is the rightful data subject or their legitimate representative.

 

12. Personal Information Protection Officer and Access Requests

  1. The Company has appointed a Personal Information Protection Officer to oversee personal information processing and address any concerns or complaints regarding the processing of personal information.
    Information Protection Officer]
    Name: Ryu Young-seok
    Position: Chief Privacy Officer (CPO)
    E-mail : privacy@fnfcorp.com
    Contact : +82 2 520 0020
  2. Data subjects can submit access requests regarding personal information to the following department, and the Company will strive to handle such requests promptly.
    [Personal Information Access Request Department]
    Department: Information Security Team
    E-mail : privacy@fnfcorp.com
    Contact : +82 2 520 0020

 

13. Remedies for Data Subjects

If you believe that your personal data has been misused, you may contact the data protection authority in your country of residence or file a complaint with our Data Protection Officer ([privacy@fnfcorp.com]).

Additionally, data subjects may file complaints or report privacy violations to the following external organizations:
· Personal Information Infringement Report Center (KISA): https://privacy.kisa.or.kr, +82-118
· Personal Information Protection Commission (PIPC): https://www.pipc.go.kr, +82-1833-6972

Country/Region

Data Protection Authority

Website

Cambodia

(N/A)

Cambodia: While there is currently no independent data protection authority, personal data matters fall under the jurisdiction of the Ministry of Post and Telecommunications. (www.mptc.gov.kh)

Indonesia

Kominfo

www.kominfo.go.id

Malaysia

JPDP

www.pdp.gov.my

Myanmar

MoTC

www.motc.gov.mm

Philippines

NPC

www.privacy.gov.ph

Singapore

PDPC

www.pdpc.gov.sg

Vietnam

Department of Cybersecurity and High-tech Crime Prevention (A05 under MPS) / Ministry of Information and Communications (MIC)

www.mic.gov.vn

 

14. Voluntary Measures Specified by the Data Controller Regarding Personal Data Processing Standards and Safeguards

To enhance awareness of personal data protection and foster a culture of privacy within the company, we are implementing the following voluntary protection activities:
Operation of Personal Data Protection Campaigns
We conduct internal campaigns to raise awareness of personal data protection. These include posting informational posters and internal notifications targeting all employees to emphasize the importance of safeguarding personal information.

 

15. Changes to the Privacy Policy

This Privacy Policy will be effective from August 13, 2025.