Personal Information Policy

Shapl Co., Ltd. ("SHAPL") complies with the Act in Personal Information Protection in the relevant laws and regulations, including the Act on Protection of Communications Secrets, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., that are applicable to information and communications service providers to follow. SHAPL will be committed to protect users' rights and interests by establishing a personal information policy as stipulated in relevant laws.

SHAPL's Personal Information Policy is described as follows.

Article 1 General Provisions

① "Personal information" refers to information about an individual in a form of a code, text, voice, sound, and image that can identify an individual with a name, resident registration number, etc. (including those information that cannot identify a particular individual, but can be combined with other information to identify it).

② SHAPL gives great importance to the protection of users' personal information and complies with personal information protection-related laws and a subordinate statute including the 「Act on Personal Information Protection」 and 「Act on Promotion of Information and Communications Network Utilization and Information Protection」.

③ SHAPL will inform with what purpose and method the personal information provided by users is used on this Personal Information Policy and what measures SHAPL takes to protect personal information. SHAPL releases the ‘Personal Information Policy’ on its website.

④ SHAPL sets the procedures necessary to revise the personal information policy for continuous improvement, and may revise the personal information policy to meet the SHAPL's needs and to respond to social changes.

Article 2 Items of collecting personal information and its methods

① Users may access most of SHAPL contents without subscription, but if they want to use the service as an uploading user or purchasing user, they should input the following information.

1. Mandatory entry 

- Uploading user : name, e-mail address, password, nickname, phone number (mobile phone), date of birth, nationality, photo

- Purchasing user: name, home address (delivery address), e-mail address, password, phone number (mobile phone)

2. Optional entry 

- Information for payment and receiving design royalty fee, such as credit card information, bank account, and mobile phone number. 

- Users may select and provide additional information as an optional entry at the time of subscription.

3. Service use process and its business

- Personal information collected during its processing: latest access date, access IP information, cookies, purchase log, event log

4. Non-subscriber

- The information of non-subscriber will not be used for any purpose, and SHAPL protects the personal information of non-subscriber at the same level as purchasing users and uploading user s.

5. Personal information of children under the age of 14

- SHAPL does not accept subscription for children under the age of 14 who is requested the consent of a legal representative.

② SHAPL collects personal information in the following ways.

1. Website, written form, fax, telephone, customer service bulletin board, e-mail (e-mail), delivery request

2. Provided by partner companies

3. Collect information generated by log analysis program

③ Consent to collect personal information 

1. SHAPL has prepared a process in which users agree to SHAPL's Personal Information Policy and Terms of Use by clicking a button. When users click the button, they will be deemed to have agreed to the Personal Information Policy and Terms of Use of SHAPL.

Article 3 Purpose of Collection and Use of personal information

① SHAPL collects the minimum necessary personal information for the following purposes.

1. ID, password, name, date of birth: used for identification to use service

2. E-mail address (receiving newsletter or not): Securing a smooth communication method such as delivering notices, confirming customers intentions, managing complaints, etc., and providing the latest information such as new services, new products or event information

3. Address, phone number: Securing the correct delivery address for delivering products

4. Other optional items: information required to offer customized services

5. Statistics on user's service use: develop business-related statistical data and develop new service 

6. Marketing and advertisement purpose

Article 4 Sharing and Provision of Personal Information

① SHAPL will not provide customers' personal information to third parties nor use them for purposes other than those stated in Article 3, Purpose of Collection and Use of Personal Information, except with the customer's prior consent or as stipulated by law.

② In order to provide convenience to customers or to improve services, personal information of customers may be provided to or shared with third parties in the following cases.

1. Customer prior consent 

2. When there is a request from an investigation agency in accordance with the provisions of laws and regulations or the procedures and methods stipulated in laws and regulations for the purpose of investigation

3. In the case of providing personal information, SHAPL will go through the process of asking for customers’ consent in which customers will be notified about the matters necessary to obtain the customer's consent in writing, by e-mail, by phone, etc., including a third party to whom personal information is provided, the items of the personal information to be provided, the purpose of providing personal information, how and when the provided personal information is protected and managed, matters prior agreed by the customer, and the customer’s right not-to-consent, and the method of expressing customer’s opinion, etc. SHAPL will not provide information to third parties if the customer does not consent.

Article 5 Consignment of Personal Information

① SHAPL entrusts the minimum amount of personal information for service provision, customer service, and service payment.

1. CJ Korea Express, Post Office, DHL: Service provision such as product delivery and delivery location/destination information

2. Toss Pay, Paypal: send payment information, payment agency 

3. SureM: SMS, MMS, etc. text message service

4. Korea Corporation: Partial service of customer center, management of customer service and order information 

② When SHAPL concludes the consignment contract, it will specifically state the liabilities in documents such as the contract document in accordance with Article 25, Act on Personal Information Protection, including matters concerning prohibition of processing of personal information other than for the purpose of consigned tasks, technical and administrative measures for protection, restrictions on re-consignment, management and supervision of consignees, indemnity, etc. SHAPL supervises if personal information is safely managed and controlled by the consignees. 

③ If the contents of the consigned work or the consignee is changed, SHAPL will notify it through this personal information policy without undue delay.

Article 6 Period of retention and use of personal information

① The user's personal information is disposed when the purpose of collecting or receiving personal information is achieved as follows.

1. Subscription information: When subscription is withdrawn or expelled from subscription

2. Payment and design royalties payment information: When the full payment is completed or the terms of raised claim expired

3. Delivery information: When goods or services are delivered or provided

4. Data collected for temporary purposes such as surveys and events: When the survey or event is completed

② Notwithstanding the principle of immediate disposal of personal information when the above purpose is achieved, when it is necessary to retain it for a certain period of time for reasons such as verification of transaction-related rights and obligations as follows, it will be retained for a certain period of time based on the provisions of relevant laws such as 「Act on Consumer Protection in Electronic Commerce, Etc.」 and 「Framework Act on National Taxes」.

1. Records on contract or subscription withdrawal, etc.: 5 years

2. Records on payment and supply of goods: 5 years

3. Records on consumer complaints or dispute resolution: 3 years

4. History of visiting website: 3 months

③ If the user requests to view the transaction information held by the user with the consent of the user, SHAPL shall take measures so that users can view and check without delay.

Article 7 Policy on Long-Term Inactive Customer’s Personal Information 

① The personal information of customers (long-term inactive users) who have not used SHAPL for one year will be segregated and safely managed, and the applicable customers will be notified via e-mail address at least 30 days prior to the date of segregated storage. Separately retained personal information is stored for 5 years and then disposed without delay. However, if it deems necessary to continue to store in accordance with the relevant laws such as the Act on Protection of Communications Secret and the Consumer Protection Act in Electronic Commerce, etc., the customer's personal information is retained for the period specified in the relevant acts. 

② Users who do not want to switch to an inactive account, log in to the service before switching to an inactive account. Also, even if the account has been changed to an inactive account, when log in, inactive account will be returned to normal account according to the user's consent for using the normal service.

Article 8 Procedure and Method of Disposing Personal Information 

① SHAPL, in principle, disposes the information without undue delay when the purpose of collecting and using personal information is achieved. Disposal procedures and methods are as follows.

1. Disposal procedure

- The information provided by the user for subscription, etc. is stored for a certain period of time and then disposed in accordance with the SHAPL internal policy and other information protection regulations as specified in the relevant laws and regulations (refer to Article 6, Period of Retention and Use of Personal Information) after the purpose is achieved. This personal information will not be used for any other purpose other than retention as required by law.

2. Disposal method

- Personal information printed on paper: shredded with a shredder or disposed by incineration

- Personal information stored in the form of an electronic file: Deleted by a technical method that cannot be reproduced

② If the retention period of the personal information has elapsed, it will be disposed within 5 days from the end of the retention period. When the personal information becomes unnecessary due to reasons including the purpose of processing personal information is achieved, the abolition of the applicable service, or the termination of the business, the personal information will be disposed within 5 days from the date on which the processing of personal information is deemed unnecessary.

Article 9 Rights and Obligations of Customers

① Rights of customers

1. Users may view or modify their subscribed personal information at any time. If they wish to view and modify personal information, click My Page on the homepage and view or modify, or contact the person in charge of personal information administration in writing/e-mail/facsimile or by phone. User’s identity will be verified before appropriate measures will be taken without delay. 

2. If any requests are made by the user in the preceding paragraph, SHAPL will not use the personal information until it responds to the request within the time specified in the statutes and completes the corrective actions. However, with justifiable reasons for not being able to respond within the applicable period, the users will be notified of the delay and its reason, and if the reason is solved, the response will be immediately made without delay.

3. Users may withdraw the consent to the collection, use and provision of personal information at any time. To withdraw consent, move to My Page on the homepage to click for deleting, or contact the person in charge of personal information administration in writing/e-mail/facsimile or by phone, user’s identity will be verified before appropriate measures (delete personal information) without delay. However, for withdrawal of the consent online sites, all data is deleted except for the purchase history which is required for preparing statistical data.

4. The legal representative of users who are under the age of 14 may exercise all of the above rights.

② Customer Obligations

The customer is obliged to protect his/her personal information, and SHAPL will not be liable to the following cases; customer's negligence such as the transfer, rental, or loss of ID (e-mail address), password and access medium, etc. or leave the seat while logged in, and/or problems raised by leakage of personal information due to issues of the Internet that beyond the SHAPL’s control, including hacking byh a method or technology that cannot be blocked by security measures established by SHAPL according to related laws

Customers are obliged to keep their personal information up to date, and the customer is solely responsible for any problems caused by the customer's inaccurate information provided. Subscription is made by stealing other people's personal information or payment by stolen ID, etc. may result in disqualifications and penalties in accordance with related laws. Customers are responsible for securing their ID and password, and should not transfer or rent them to a third party. In accordance with SHAPL's Personal Information Policy, customers are obligated to cooperate with periodic activities for security.

Article 10 Matters concerning the Installation/Operation and Rejection of Automatic Personal Information Collecting Device

① Cookies

1. SHAPL uses 'cookies' to store and retrieve information about users. Cookies are small bits of information that websites send to your computer browser. When a user accesses the website, SHAPL's computer reads the contents of the cookie in the user's browser, finds the user's additional information on the user's computer, and provides services without additional input such as users’ name, etc. Cookies identify your computer, but do not personally identify you.

2. SHAPL uses the user's personal information collected through cookies that provide users' information and retrieve them from time to time to provide customized services to users. By analyzing which service are visited, shopping cart history, access time to service and frequency, and information generated or provided (input) in the course of using the service, we aim to provide services (including advertisements) tailored to customers' preference and interests.

3. Users have the option to install cookies or not. Therefore, the user may accept all cookies in the web browser options, or confirm each time a cookie is saved, or refuse to save all cookies.

- For Internet Explorer: Select [Internet Options] from the [Tools] menu → click [Personal Information] → click [Advanced] → select whether to allow cookies

- For Safari: Select [Preferences] from [Safari] in the menu bar at the top left of MacOS → Go to [Security] in the [Preferences] window and select whether to allow cookies

② Personalized advertising

SHAPL collects and uses 'cookies' from web browsers and advertisement identifiers (ADIDs) from mobile apps In order to provide customized advertisements to customers,

SHAPL automatically collects history of customer service use through cookies and advertisement identifiers and provides them to Facebook and Google. Facebook and Google use this data to provide personalize ads. The cookies and advertising identifiers that SHAPL collects are not linked to any other personal information and do not identify an individual person. In addition, Facebook and Google do not identify an individual person by using the information provided by SHAPL.

Article 11 Technical/Administrative Protection Measures for Personal Information

SHAPL exercises its best effort to safely manage users' personal information, and protects personal information exceeding the level required by the Act on Personal Information Protection. In addition, SHAPL complies with the regulations on technical and administrative measures in accordance with the 「Personal Information Protection Act」 and 「Act on Promotion of Information and Communications Network Utilization and Information Protection」.

① Technical Measures

SHAPL takes the following technical measures to enhance stability in managing users' personal information so that it will be protected against loss, stolen, leak, alteration and/or damages of personal information 

1. Critical data such as passwords among users' personal information is encrypted and stored, and personal information is safely stored in a safe area in which a double firewall is established. In addition, personal information is transmitted and received safely over the network through encrypted communication.

2. In order to prevent leakage of user's personal information, SHAPL adapts a device that blocks intrusion from outside, and installs an intrusion detection system in each server to monitor potential intrusion 24 hours a day.

3. The personal information manager stores and manages the access records to the personal information processing system, and regularly checks the access data to prevent exploitation, misuse, loss, forgery, falsification, etc. of personal information, and the access data of personal information manager are safely stored to prevent forgery, falsification, theft, or loss of such records.

4. Data are frequently backed up to react against damages of personal information, and the latest anti-virus program is used to prevent leakage or damage to users' personal information or data.

② Administrative Measures

1. SHAPL authorizes only the person in charge of personal information to manage the personal information and assigns a separate password for this work, which will be updated regularly and execute training from time to time for the person in charge giving importance on the criticality of the compliance with Personal Information policy.

2. Handover tasks of personal information managers is performed in a strictly secure environment, and responsibility and liabilities for personal information related incident/accidents when joining and/or leaving the company are specifically established. 

3. Users should not disclose their ID and password to others, and make sure to log in to the website and use the service and surely log out. Under any circumstances, SHAPL will not responsible for any problems caused by the leakage of personal information due to the user's own negligence or problems on the Internet.

4. In the event that personal information is lost, leaked, altered, or damaged due to an internal manager's mistake or an incident in technical management, SHAPL will immediately notify the user and seek appropriate countermeasures and compensation.

③ In the event that the customer suffers damages due to SHAPL's intentional act or negligence when using the SHAPL service, SHAPL seeks for compensation for damages in accordance with the relevant laws. However, SHAPL shall not be liable for any damage caused by a natural disaster or force majeure equivalent to natural disaster, that is, under a certain circumstances in which SHAPL is not able to provide the service, or damage caused by unavailability of the service due to the user's intentional acts or negligence.

Article 12 Contact to Personal Information Manager and the Person in Charge

① SHAPL designates personal information manager as follows to protect users' personal information and to be in charge of managing complaints and inquiries related to personal information.

 [Personal information manager]

1. Name: Jin Chang-soo

2. Phone: 1670-9840

3. E-mail address: SHAPL@shapl.com

② The information subject may file a request for access to his/her personal information in accordance with Article 35 of the Act on Personal Information Protection to the following contact.

SHAPL will exercise every effort to promptly process the information subject's request for access to personal information.

[Contact for accessing personal information]

1. Name: Son Jeong-mo

2. Phone: 1670-9840

3. E-mail address: SHAPL@shapl.com

③ Should you have a file to report or consult on other issues, such as personal information infringement, please contact the following organizations.

1. Personal Information Infringement Report Center (privacy.kisa.or.kr / 118. no area code)

2. Information Protection Mark Certification Committee (www.eprivacy.or.kr / 02-580-0534)

3. Advanced Criminal Division, Supreme Prosecutors' Office (www.spo.go.kr / 02-3480-2000)

4. Cyber Security Bureau, National Police Agency (cyberbureau.police.go.kr / 182 no area code)

Article 13 Obligation to Notify

The current personal information (management) policy was revised on December 29, 2021, and if any additions, deletions, or modifications are made to be in line with the government policy or security technology, it shall be notified on the website at least 7 days prior to the revision of current personal information.