Effective Date: April 9, 2025
Sunbagel Co., Ltd. (hereinafter referred to as the ‘Company’) considers users’ personal information very important and handles it safely and lawfully in accordance with the Personal Information Protection Act and other relevant laws.
This Privacy Policy is established and disclosed based on the consent to personal information collection provided by brands and affiliate creators during consultation and contract with the Company regarding K-beauty content services.
This policy contains the following:
The personal information collected by the Company from users is as follows:
| Collection Timing | Collection Method | Collected Items |
|---|---|---|
| Consultation | Website and telephone consultation | Business name/name, telephone number, mobile phone number, email address, website address |
| Contract signing | Electronic or paper contracts | Name, mobile phone number, date of birth, business registration number, email address, bank name, account number |
| Affiliate Creator registration | Website | Name, activity name, email, phone number, social media accounts, field of activity |
| Other | Automatic collection | Cookies, access IP, access environment, access time, service usage records |
The Company collects only the minimum personal information necessary for the following purposes:
The Company does not use the collected information for purposes other than those above or disclose it externally without user consent.
The Company does not provide personal information to external parties without user consent in principle.
The collected personal information is used within the scope of purposes consented to by you and is not used beyond the scope of consent or disclosed or provided externally.
However, personal information is provided only when users directly consent to provide personal information to use external partner services, when the Company is obligated to submit personal information in accordance with relevant laws, or when an urgent danger to the user’s life or safety is identified and needs to be resolved.
The Company outsources some services to professional companies to provide enhanced services.
The Company takes necessary measures to ensure that personal information is safely managed in accordance with relevant laws when outsourcing, and only the minimum personal information necessary for the respective tasks is delivered to the outsourcing agencies.
| Contractor | Outsourced Task |
|---|---|
| [Email service provider] | Email delivery |
| [SMS service provider] | SMS delivery |
| [Messaging service provider] | Messaging service operation |
| [Cloud service provider] | Data storage |
| [Customer service system provider] | Customer service system provision |
In principle, the Company destroys personal information without delay once the purpose of collection and use of the user’s personal information has been achieved.
However, if separate consent for the retention period of personal information is obtained from the user, or if laws require retention of information for a certain period, personal information is safely stored during that period.
| Retention Basis | Retention Records | Retention Period |
|---|---|---|
| Communication Privacy Protection Act | Personal information related to service use (login records) | 3 months |
| Consumer Protection Act in Electronic Commerce | Records on contracts or subscription withdrawals | 5 years |
| Consumer Protection Act in Electronic Commerce | Records on payment and supply of goods | 5 years |
| Consumer Protection Act in Electronic Commerce | Records on consumer complaints or dispute resolution | 3 years |
| Prevention of improper use (Company internal policy) | Improper use records (poor or abnormal use records): Mobile phone number, email address, IP, log records | 1 year |
The procedure and method for destroying personal information are as follows:
Destruction Procedure Information provided by users for service use is moved to a separate DB (separate documents for paper) after the collection purpose has been achieved, and is then either stored for a certain period according to internal policies and other relevant laws or destroyed immediately. At this time, personal information moved to a separate DB is not used for other purposes except as required by law.
Destruction Method
Users or legal representatives can exercise their rights related to the protection of their own personal information or that of children under 14 to the Company at any time.
Users or legal representatives may request withdrawal of consent or membership cancellation if they do not agree with the Company’s processing of personal information. However, in this case, it may be difficult to use parts or all of the service.
To view or modify personal information, users can request it through the Company’s customer center, verify their identity, and then check and correct their personal information.
To cancel membership, users can apply for cancellation after going through the identity verification process by requesting it through the Company’s customer center, and the Company will process it immediately according to relevant laws.
If a user requests correction of errors in personal information, the Company will not use or provide that personal information until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction result without delay to ensure that corrections are made.
The Company uses ‘cookies’ that store and periodically recall information about users to provide customized services and more prompt service provision.
Definition of Cookies A cookie is a small record information file that the server stores on the user’s hard disk when visiting a website. When a user visits the website later, the website server reads the contents of the cookie stored on the user’s hard disk to maintain the user’s environment settings and provide customized services. Cookies do not automatically or actively collect information that identifies individuals, and users can refuse or delete such cookies at any time. However, if you refuse to store cookies, some services may be difficult to use.
How to Refuse Cookie Settings Users can set the options of the web browser they use to allow or refuse all cookies, or to go through verification each time cookies are stored.
The Company makes the following technical and administrative efforts to protect users’ personal information:
Encryption of Personal Information Important information such as users’ passwords is encrypted, stored, and managed, and confirmation and modification of personal information are only possible by the user.
Measures Against Hacking, etc. The Company operates a 24-hour intrusion blocking system to control unauthorized access from outside to prevent users’ personal information from being leaked or damaged by hacking or malicious code, and makes efforts to prevent systems from being infected with malicious code or viruses by installing anti-virus programs. In addition, data is regularly backed up to prepare for damage to personal information, and personal information is safely transmitted over the network through encrypted communication, etc. Furthermore, the Company strives to equip itself with the maximum technical methods for safer handling of personal information.
Minimization and Education of Personal Information Handling Employees The Company restricts the number of employees handling personal information to a minimum and conducts regular education for relevant employees to raise awareness of the importance of the Privacy Policy.
Operation of Dedicated Organization for Personal Information Protection The Company operates a dedicated department for personal information protection and strives to immediately correct and rectify any issues found by checking the implementation of the Privacy Policy and compliance of personal information handlers.
Users can inquire about all personal information-related inquiries, complaints, etc. that occur during the use of the Company’s services to the Personal Information Protection Officer or responsible department. The Company strives to provide prompt and sincere answers and processing to users’ inquiries.
[Chief Privacy Officer]
Tae-yong Mun, CEO
Phone number: 82+10-3136-3991
Email address: mun.taeyong@sunbagel.com
[Privacy Manager]
Seoung-ung Yang, Team Leader
Phone number: 82+10-4977-3867
Email address: yang.cooper@sunbagel.com
For other reports or consultations about personal information infringement, please contact the following institutions:
The Company may provide links to other websites to users. However, these linked websites are not subject to the Company’s Privacy Policy, so when moving to external websites through these links, please review the policies of those services.
In case of changes to the Privacy Policy, the Company will notify users through notices on the website or email at least 7 days before the implementation date of the revised Privacy Policy.
Announcement Date: April 9, 2025
Effective Date: April 9, 2025