Reveauty TeamEffective Date: April 9, 2025
Sunbagel Co., Ltd. (hereinafter referred to as the ‘Company’) considers users’ personal information very important and handles it safely and lawfully in accordance with the Personal Information Protection Act and other relevant laws.
This Privacy Policy is established and disclosed based on the consent to personal information collection provided by brands and affiliate creators during consultation and contract with the Company regarding K-beauty content services.
This policy contains the following:
- Personal Information Collected
- Purpose of Collection and Use of Personal Information
- Provision and Outsourcing of Personal Information
- Destruction of Personal Information
- Rights of Users and Legal Representatives
- Operation of Cookies and Methods of Rejection
- Technical and Administrative Measures for Personal Information Protection
- Personal Information Protection Officer and Department
- Responsibility for Linked Sites
- Notification Obligation of Privacy Policy
1. Personal Information Collected
The personal information collected by the Company from users is as follows:
| Collection Timing | Collection Method | Collected Items |
|---|---|---|
| Consultation | Website and telephone consultation | Business name/name, telephone number, mobile phone number, email address, website address |
| Contract signing | Electronic or paper contracts | Name, mobile phone number, date of birth, business registration number, email address, bank name, account number |
| Affiliate Creator registration | Website | Name, activity name, email, phone number, social media accounts, field of activity |
| Other | Automatic collection | Cookies, access IP, access environment, access time, service usage records |
2. Purpose of Collection and Use of Personal Information
The Company collects only the minimum personal information necessary for the following purposes:
- To use personal information for smooth consultation when requesting consultation about services.
- To use personal information for member management, including verification of brand and affiliate creator registration intent, identity verification, user identification.
- To use personal information for user protection and service operation, including measures to restrict users who violate laws and terms of use, prevention of improper use, prevention of account theft, notification of matters such as terms amendments, preservation of records for dispute resolution, and handling of complaints.
- To use personal information to provide information related to services in use (content production status, content performance reports, etc.) via email and text messages.
- To use personal information to discover new service elements and improve existing services, such as demographic analysis, analysis of service visit and usage records, and provision of customized services based on interests.
- To use personal information for marketing and promotional purposes, such as providing event information and participation opportunities, and providing advertising information.
The Company does not use the collected information for purposes other than those above or disclose it externally without user consent.
3. Provision and Outsourcing of Personal Information
The Company does not provide personal information to external parties without user consent in principle.
The collected personal information is used within the scope of purposes consented to by you and is not used beyond the scope of consent or disclosed or provided externally.
However, personal information is provided only when users directly consent to provide personal information to use external partner services, when the Company is obligated to submit personal information in accordance with relevant laws, or when an urgent danger to the user’s life or safety is identified and needs to be resolved.
The Company outsources some services to professional companies to provide enhanced services.
The Company takes necessary measures to ensure that personal information is safely managed in accordance with relevant laws when outsourcing, and only the minimum personal information necessary for the respective tasks is delivered to the outsourcing agencies.
| Contractor | Outsourced Task |
|---|---|
| [Email service provider] | Email delivery |
| [SMS service provider] | SMS delivery |
| [Messaging service provider] | Messaging service operation |
| [Cloud service provider] | Data storage |
| [Customer service system provider] | Customer service system provision |
4. Destruction of Personal Information
In principle, the Company destroys personal information without delay once the purpose of collection and use of the user’s personal information has been achieved.
However, if separate consent for the retention period of personal information is obtained from the user, or if laws require retention of information for a certain period, personal information is safely stored during that period.
| Retention Basis | Retention Records | Retention Period |
|---|---|---|
| Communication Privacy Protection Act | Personal information related to service use (login records) | 3 months |
| Consumer Protection Act in Electronic Commerce | Records on contracts or subscription withdrawals | 5 years |
| Consumer Protection Act in Electronic Commerce | Records on payment and supply of goods | 5 years |
| Consumer Protection Act in Electronic Commerce | Records on consumer complaints or dispute resolution | 3 years |
| Prevention of improper use (Company internal policy) | Improper use records (poor or abnormal use records): Mobile phone number, email address, IP, log records | 1 year |
The procedure and method for destroying personal information are as follows:
Destruction Procedure Information provided by users for service use is moved to a separate DB (separate documents for paper) after the collection purpose has been achieved, and is then either stored for a certain period according to internal policies and other relevant laws or destroyed immediately. At this time, personal information moved to a separate DB is not used for other purposes except as required by law.
Destruction Method
- Information in electronic file form is deleted using technical methods that make recovery impossible.
- Personal information printed on paper is destroyed by shredding or incineration.
5. Rights of Users and Legal Representatives
Users or legal representatives can exercise their rights related to the protection of their own personal information or that of children under 14 to the Company at any time.
Users or legal representatives may request withdrawal of consent or membership cancellation if they do not agree with the Company’s processing of personal information. However, in this case, it may be difficult to use parts or all of the service.
To view or modify personal information, users can request it through the Company’s customer center, verify their identity, and then check and correct their personal information.
To cancel membership, users can apply for cancellation after going through the identity verification process by requesting it through the Company’s customer center, and the Company will process it immediately according to relevant laws.
If a user requests correction of errors in personal information, the Company will not use or provide that personal information until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction result without delay to ensure that corrections are made.
6. Operation of Cookies and Methods of Rejection
The Company uses ‘cookies’ that store and periodically recall information about users to provide customized services and more prompt service provision.
Definition of Cookies A cookie is a small record information file that the server stores on the user’s hard disk when visiting a website. When a user visits the website later, the website server reads the contents of the cookie stored on the user’s hard disk to maintain the user’s environment settings and provide customized services. Cookies do not automatically or actively collect information that identifies individuals, and users can refuse or delete such cookies at any time. However, if you refuse to store cookies, some services may be difficult to use.
How to Refuse Cookie Settings Users can set the options of the web browser they use to allow or refuse all cookies, or to go through verification each time cookies are stored.
- For Chrome Select the icon in the upper right corner of the web browser > Select [Settings] > Select [Show advanced settings] at the bottom of the screen > Click the [Content settings] button in the Privacy section > Set directly in the cookies section
- For Safari Preferences > Privacy > Set in the Cookies and Website Data section
- For Firefox Click the menu button in the upper right corner of the browser > Options > Privacy & Security > Set in the Cookies and Site Data section
7. Technical and Administrative Measures for Personal Information Protection
The Company makes the following technical and administrative efforts to protect users’ personal information:
Encryption of Personal Information Important information such as users’ passwords is encrypted, stored, and managed, and confirmation and modification of personal information are only possible by the user.
Measures Against Hacking, etc. The Company operates a 24-hour intrusion blocking system to control unauthorized access from outside to prevent users’ personal information from being leaked or damaged by hacking or malicious code, and makes efforts to prevent systems from being infected with malicious code or viruses by installing anti-virus programs. In addition, data is regularly backed up to prepare for damage to personal information, and personal information is safely transmitted over the network through encrypted communication, etc. Furthermore, the Company strives to equip itself with the maximum technical methods for safer handling of personal information.
Minimization and Education of Personal Information Handling Employees The Company restricts the number of employees handling personal information to a minimum and conducts regular education for relevant employees to raise awareness of the importance of the Privacy Policy.
Operation of Dedicated Organization for Personal Information Protection The Company operates a dedicated department for personal information protection and strives to immediately correct and rectify any issues found by checking the implementation of the Privacy Policy and compliance of personal information handlers.
8. Personal Information Protection Officer and Manager Contact Information
Users can inquire about all personal information-related inquiries, complaints, etc. that occur during the use of the Company’s services to the Personal Information Protection Officer or responsible department. The Company strives to provide prompt and sincere answers and processing to users’ inquiries.
[Chief Privacy Officer]
Tae-yong Mun, CEO
Phone number: 82+10-3136-3991
Email address: mun.taeyong@sunbagel.com
[Privacy Manager]
Seoung-ung Yang, Team Leader
Phone number: 82+10-4977-3867
Email address: yang.cooper@sunbagel.com
For other reports or consultations about personal information infringement, please contact the following institutions:
- Personal Information Infringement Report Center, Personal Information Dispute Mediation Committee (privacy.kisa.or.kr / 118 without area code)
- Cyber Investigation Division, Supreme Prosecutors’ Office (www.spo.go.kr / 02-3480-3571)
- Cyber Security Bureau, National Police Agency (cyberbureau.police.go.kr / 182)
9. Responsibility for Linked Sites
The Company may provide links to other websites to users. However, these linked websites are not subject to the Company’s Privacy Policy, so when moving to external websites through these links, please review the policies of those services.
10. Notification Obligation of Privacy Policy
In case of changes to the Privacy Policy, the Company will notify users through notices on the website or email at least 7 days before the implementation date of the revised Privacy Policy.
Announcement Date: April 9, 2025
Effective Date: April 9, 2025
