Privacy
Policy
RareLee (hereinafter referred to as the "Company") values your personal information and complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection.
The Company informs you of the purpose and method of use of your personal information provided through the Personal Information Processing Policy and what measures are being taken to protect your personal information.
■ Purpose of collection and use of personal information
The Company uses the collected personal information for the following purposes.
o Contract performance and billing for service provision
Content provision, purchase and payment, product delivery or billing, financial transaction authentication and financial services
o Member management
Identification of members, personal identification, prevention of fraudulent use by bad members and prevention of unauthorized use, confirmation of intent to join, age verification, confirmation of consent of legal representative when collecting personal information of children under 14 years of age, complaint handling, notification delivery
o Service development
Service modification and development
o Use for marketing and advertising
Provision of advertising information such as events, frequency of access, or statistics on members' use of services
* However, photos that reveal the user's appearance are never used for marketing or advertising purposes.
■ Personal information items collected and collection methods
A. Personal information items collected
o The company collects the following personal information for membership registration, consultation, and service application.
- When registering as a member: Name, login ID, password, home phone number, mobile phone number, email, and in the case of members under the age of 14, the minimum personal information among the legal representative's information (name of legal representative, date of birth, gender, duplicate registration confirmation information, mobile phone number)
- When applying for a service: Date of birth, gender, payment information, and other content required when applying for consulting (photos showing the member's appearance)
o Service usage records, access logs, cookies, access IP, payment records, and records of improper use may be created and collected during the service use process or business processing.
B. Collection method
- Collection through homepage, written forms, bulletin boards, email, event application, delivery request, phone, fax, and information collection tools
■ Retention and use period of personal information
In principle, after the purpose of collecting and using personal information has been achieved, the relevant information is destroyed without delay. However, exceptions may be made in cases where it is stipulated in relevant laws or consent has been obtained from the user, and when a member withdraws, information is stored for 90 days from the withdrawal date, and until the settlement of the relevant debt-credit relationship arising from the use of the service.
■ Personal information destruction procedures and methods
In principle, the company destroys the relevant information without delay after the purpose of collecting and using personal information has been achieved. The destruction procedures and methods are as follows.
o Destruction procedures
The information entered by the member for membership registration, etc. is transferred to a separate DB (separate file in the case of paper) after the purpose has been achieved and stored for a certain period of time according to the internal policy and other information protection reasons according to relevant laws (see retention and use period) and then destroyed.
Personal information transferred to a separate DB will not be used for any other purpose than that for which it is retained, unless required by law.
o Destruction method
Personal information stored in electronic file format is deleted using a technical method that makes the record unrecoverable, and personal information recorded on paper documents or other recording media is shredded or incinerated, or the relevant portion is masked or perforated.
■ Provision of Personal Information to Third Parties
The Company does not, in principle, provide users' personal information to external parties. However, the following cases are exceptions.
o When users have given prior consent
o When there is a request from an investigative agency in accordance with the procedures and methods stipulated by law or for investigative purposes based on the provisions of the law
o When pseudonymized information is provided for statistical compilation, scientific research, public record preservation, etc.
o When necessary for billing for service provision
■ Consent to collection and use of sensitive information
The Company complies with Article 23 (Restrictions on processing sensitive information) of the Personal Information Protection Act. However, sensitive information may be processed in any of the following cases:
o In cases where the information subject is notified of the matters in Article 15, Paragraph 2 or Article 17, Paragraph 2 of the Personal Information Protection Act and consent is obtained separately from consent for the processing of other personal information
o In cases where laws specifically require or permit the processing of sensitive information
When processing sensitive information, the company will take necessary measures to ensure the security of the sensitive information, such as encryption, so that the sensitive information is not lost, stolen, leaked, forged, altered or damaged.
Respondents regarding service use have the right to refuse consent to the processing and disclosure of the above sensitive information.
■ Entrustment of collected personal information
The company operates by entrusting it to an external specialized company as follows for service implementation.
o Entrustee: [KG Inicis]
o Entrusted work: Payment, refund, provision of purchase safety service
o Retention and use period of the recipient: Service provision contract period
■ User and legal representative rights and methods of exercising them
o Users can view or modify their registered personal information at any time and may also request cancellation of membership.
o Users may refuse to have their personal information collected, and if they do not consent to the collection of personal information, they may be restricted from using some services.
o In the case of children under the age of 14, the legal representative has the right to view, edit, delete, suspend processing, and withdraw consent to the collection and use of the child's personal information.
o To view or edit personal information, click on "Change Personal Information" (or "Edit Member Information") and to cancel membership (withdraw consent), click on "Cancel Membership" and go through the identity verification process to directly view, edit, or withdraw.
o Alternatively, you may contact the Personal Information Protection Officer in writing, by phone, or by email, and we will take action without delay.
o If you request correction of errors in your personal information, we will not use or provide the relevant personal information until the correction is complete. In addition, if incorrect personal information has already been provided to a third party, we will promptly notify the third party of the results of the correction process to ensure that the correction is made. o The company processes personal information that has been terminated or deleted at the request of the user in accordance with the provisions of “Retention and Use Period of Personal Information Collected by the Company” and processes it so that it cannot be viewed or used for any other purpose.
■ Matters regarding the installation, operation, and refusal of automatic personal information collection devices
The company operates “cookies” that store and retrieve your information from time to time. Cookies are very small text files that the server used to operate the website sends to your browser and are stored on your computer hard disk.
The company uses cookies for the following purposes:
o Purpose of use of cookies, etc.
1. Target marketing and provision of personalized services through analysis of access frequency and visit time of members and non-members, identification of users" tastes and areas of interest, tracking of traces, identification of degree of participation in various events and number of visits, etc.
2. You have the option to install cookies. Therefore, you can allow all cookies, confirm each time a cookie is stored, or refuse to store all cookies by setting options in your web browser. o How to reject cookie settings
1. To reject cookie settings, you can select the option of the web browser you use to allow all cookies, confirm each time a cookie is saved, or reject all cookie storage.
2. Example of setting method (for Internet Explorer): Tools at the top of the web browser > Internet Options > Personal Information
3. However, if you reject cookie installation, there may be difficulties in providing services.
■ Measures to ensure the safety of personal information
The company is taking the following measures to prevent the personal information of the information subject from being lost, stolen, leaked, falsified/altered, or damaged.
o Establishment and implementation of an internal management plan for personal information protection, operation of a dedicated organization, regular employee training, etc.
o Access control and access authority restriction measures for personal information processing systems, installation of security programs
o Provision of storage facilities or installation of locking devices and access control for safe storage of personal information
■ Personal information complaint service
The company has designated a personal information protection officer as follows to protect customers' personal information and handle complaints related to personal information.
o Personal information protection officer
Name: Seungah Lee
Email: contact@rarelee.co.kr
o You may report any complaints related to personal information protection that occur while using the company's services to the personal information protection officer or the department in charge.
o The company will promptly and sufficiently respond to users' reports.
o If you need to report or consult about other personal information infringements, please contact the following organizations.
Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972)
Supreme Prosecutors' Office Cyber Investigation Department (spo.go.kr / Area code + 1301)
National Police Agency Cyber Safety Bureau (cyberbureau.police.go.kr / 182 without area code)
-Announcement Date: February 21, 2024
-Enforcement Date: February 21, 2024