Young & Company Inc. (the “Company”) establishes and discloses this Privacy Policy to protect the personal information of data subjects and to handle any related issues promptly and smoothly, in accordance with Article 30 of the Personal Information Protection Act.
Article 1 (Purpose of Processing Personal Information) The Company processes personal information for the following purposes. Personal information processed is not used for any purposes other than those specified below, and should any purpose change, the Company will take necessary measures, including obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
Membership Registration and Management
To confirm membership intent, provide membership-based services, verify identity, maintain and manage membership status, implement the restricted verification system, prevent fraudulent use, confirm parental consent for processing personal information of children under 14, notify, and handle complaints.
Provision of Goods or Services
For the purposes of delivering goods, providing services, sending contracts and invoices, offering customized services, verifying identity, verifying age, processing payments and settlements, and managing claims.
Complaint Resolution
For identifying complainants, verifying complaints, contacting and notifying individuals for fact-finding purposes, and delivering investigation results.
Article 2 (Processing and Retention Period of Personal Information) ① The Company retains and processes personal information within the retention and use period specified by law or agreed upon when collecting personal information from the data subject. ② The processing and retention periods for each type of personal information are as follows:
Membership Registration and Management: Until business site/organization website membership withdrawal.
However, in the following cases, until the reason ceases to exist:
Until investigations or examinations regarding violations of relevant laws are concluded.
Until any debt or credit relationships resulting from website usage are settled.
Provision of Goods or Services: Until the completion of supply and settlement of payments.
However, in the following cases, until the retention period expires:
Records related to labeling, advertising, contract content, and transaction performance as per the Act on Consumer Protection in Electronic Commerce:
Records on labeling and advertising: 6 months.
Records on contracts or withdrawals of offers, payments, supply of goods: 5 years.
Records on consumer complaints or dispute resolutions: 3 years.
Retention of communications confirmation data as per the Protection of Communications Secrets Act:
Details on telecommunications, starting and ending times, counterpart’s subscriber number, location information of transmission base stations: 1 year.
Computer communications, internet log data, IP addresses, access data: 3 months.
Article 3 (Provision of Personal Information to Third Parties) ① The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides it to third parties only when data subjects consent or when allowed under special provisions in laws, in accordance with Article 17 of the Personal Information Protection Act.
Article 4 (Entrustment of Personal Information Processing) ① To smoothly handle personal information, the Company entrusts personal information processing as follows:
Entrusted Entity: I’mWeb Co., Ltd.
Entrusted Task: System provision for shopping mall hosting services, mobile app services, marketing and affiliate services, notification messages, friend messages, and SMS service.
Entrusted Entity: Toss Payments Co., Ltd.
Entrusted Task: Payment and escrow services.
Entrusted Entity: Valex Specialized Logistics Co., Ltd.
Entrusted Task: Product delivery services.
Entrusted Entity: Sendbird Korea Co., Ltd.
Entrusted Task: Customer support services.
Entrusted Entity: Aton Co., Ltd.
Entrusted Task: Identity verification.
② The Company specifies in documents such as contracts the prohibition of personal information processing beyond the purposes of entrustment, technical and managerial protection measures, restrictions on re-entrustment, oversight of the trustee, and compensation responsibility as stipulated in Article 25 of the Personal Information Protection Act and supervises the trustee’s secure handling of personal information. ③ Changes to entrusted tasks or trustees will be disclosed through this Privacy Policy without delay.
Article 5 (Rights of Users and Legal Representatives and How to Exercise Them) ① Data subjects can exercise the following rights concerning personal information protection:
Request access to personal information.
Request corrections for errors.
Request deletion.
Request suspension of processing.
② Rights under Article 1 can be exercised by submitting requests in writing, by phone, email, or fax, and the Company will promptly act upon such requests. ③ If there is an error in or deletion request for personal information, the Company does not use or provide the information until the correction or deletion is complete. ④ Rights under Article 1 may also be exercised through an agent, such as a legal representative or delegate. A power of attorney per Form 11 of the Personal Information Protection Act enforcement rules must be submitted. ⑤ Data subjects should not infringe on the privacy and personal information of the Company or others by violating the Personal Information Protection Act or related laws.
Article 6 (Items of Personal Information Processed) The Company processes the following personal information items:
Membership Registration and Management
Required:
Optional:
Provision of Goods or Services
Required:
Optional:
Automatically Generated Personal Information during Internet Use
IP addresses, cookies, MAC addresses, service usage records, visit records, misuse records, etc.
Article 7 (Destruction of Personal Information) ① The Company promptly destroys personal information that has become unnecessary, such as due to the expiration of the retention period or achievement of processing purposes. ② In cases where other laws require the continuous retention of personal information, it will be stored separately in a different database (DB) or in a different storage location. ③ Procedures and methods for destroying personal information are as follows:
Destruction Procedure
The Company selects personal information subject to destruction and obtains approval from the Company’s Chief Privacy Officer.
Destruction Method
Personal information recorded/stored in electronic files is destroyed using methods such as low-level formatting to prevent recovery, and paper records are shredded or incinerated.
Article 8 (Measures to Ensure the Security of Personal Information) The Company takes the following measures to ensure the security of personal information:
Administrative measures: Internal management plan implementation, regular employee training.
Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identifiers, and installation of security programs.
Physical measures: Access control for computer rooms, data storage rooms, etc.
Article 9 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices) ① To provide tailored services, the Company uses cookies that store and retrieve usage information. ② Cookies are small pieces of data sent from the server (http) to the user's browser and stored on the user’s hard disk.
a. Purpose of using cookies: To provide optimal information by understanding the user's visits, usage patterns, popular search terms, security settings, etc.
b. Rejecting cookies: You can reject cookies by selecting the options in the privacy settings menu under Tools > Internet Options in your web browser.
c. Please note that rejecting cookies may affect the use of customized services.
Article 10 (Chief Privacy Officer) ① The Company designates a Chief Privacy Officer responsible for overseeing the processing of personal information and handling complaints and damage relief as follows:
▶ Chief Privacy Officer
Name: Younghoon Cha
Title: Chief Privacy Officer
Contact: cpo@youngand.company
※ Connects to the Personal Information Protection Department.
▶ Personal Information Protection Department
Department: Privacy Protection Team
Contact Person: Younghoon Cha
Contact: privacy@youngand.company
② For any inquiries, complaints, or requests regarding personal information protection, users can contact the Chief Privacy Officer and Privacy Protection Department, and the Company will respond promptly.
Article 11 (Request for Access to Personal Information) Users may request access to their personal information under Article 35 of the Personal Information Protection Act by contacting the following department, and the Company will endeavor to process requests swiftly.
▶ Department for Access to Personal Information
Department: Privacy Protection Team
Contact Person: Younghoon Cha
Contact: privacy@youngand.company
Article 12 (Remedies for Rights Infringement) For remedies and consultations on personal information violations, data subjects may contact the following organizations:
▶ Personal Information Infringement Reporting Center (operated by Korea Internet & Security Agency)
Task: Reporting and consultation on personal information violations.
Website: privacy.kisa.or.kr
Phone: 118 (no area code required)
Address: 3F, Personal Information Infringement Reporting Center, 9 Jinheung-gil, Naju-si, Jeollanam-do, 58324, Republic of Korea.
▶ Personal Information Dispute Mediation Committee
Task: Personal information dispute mediation, collective dispute mediation.
Website: www.kopico.go.kr
Phone: 1833-6972 (no area code required)
Address: 4F, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul, 03171, Republic of Korea.
▶ Supreme Prosecutors' Office Cyber Crime Investigation Unit
Phone: 02-3480-3573
Website: www.spo.go.kr
▶ National Police Agency Cyber Bureau
Phone: 182
Website: http://cyberbureau.police.go.kr
Article 13 (Effective Date of Privacy Policy) This Privacy Policy is effective as of September 9, 2024.
