I agree to the privacy policy
J9cosmetics (hereinafter referred to as the "Company") has established and disclosed the following guidelines for processing personal information in order to protect the personal information of individuals and handle related complaints efficiently and smoothly under the Personal Information Protection Act.
**Article 1 (Purpose of Processing Personal Information)**
The company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.
1. Processing pre-booking applications for live commerce:
- Confirming reservation intentions
- Maintaining and managing membership status by providing membership services
- Preventing fraudulent use of services
- Confirming consent from legal representatives
- Handling complaints
2. Provision of goods or services:
- Delivering goods
- Providing services
- Providing content
- Providing customized services
3. Handling complaints:
- Identifying civil petitioners
- Confirming civil complaints
- Contacting and notifying relevant facts
- Notifying processing results
**Article 2 (Processing and Retention Period of Personal Information)**
① The company processes and retains personal information within the period allowed by law, including the personal information retention period, use period, or collection period from the data subject.
② The processing and retention periods for each category of personal information are as follows:
1. Live commerce progress period: Until the end of live commerce.
2. Provision of goods or services: Until the supply of goods and services is completed.
However, in the following cases, the retention period extends until the end of the relevant period:
1. Records of transactions such as marking, advertising, contract details, and implementation under the Consumer Protection Act in Electronic Commerce, etc.:
- Records of marking and advertising: June 2023 to July 2023.
- Contract or subscription withdrawal, payment, supply record of goods, etc.: 5 years.
- Records of consumer complaints or dispute settlement: 3 years.
2. Storage of communication fact confirmation data under Article 41 of the Communication Secret Protection Act:
- Subscriber telecommunication date and time, start and end time, counterparty subscriber number, frequency of use, location tracking data of origin station: 1 year.
- Computer communication, Internet log records, and access point tracking data: 3 months.
**Article 3 (Consignment of Personal Information Processing)**
① To ensure the smooth processing of personal information, the company may entrust the processing of personal information as follows:
1. Operation of a telephone consultation center:
- Recipient of the consignment (consignee): CS center
- Contents of the entrusted work: Telephone counseling, department and staff guidance, etc.
② When entering into a consignment contract, the company stipulates the prohibition of personal information processing, technical and management protection measures, restrictions on re-entrustment, and the management and supervision of the trustee. The company also ensures that the trustee handles personal information safely.
③ In case the content of the entrusted work or the trustee changes, the company will promptly disclose such changes through this personal information processing policy.
**Article 4 (Rights of Users and Legal Representatives and How to Exercise Them)**
① The data subject may exercise the following rights related to personal information protection against the company at any time:
1. Request for access to personal information.
2. Request correction of personal information if there are errors, etc.
3. Request deletion of personal information.
4. Request suspension of personal information processing.
② The rights mentioned in paragraph 1 can be exercised by the data subject through written requests, phone calls, emails, or faxes to the company, and the company will take prompt action.
③ If the data subject requests the correction or deletion of personal information errors, etc., the company will refrain from using or providing the personal information until the correction or deletion is completed.
④ The rights mentioned in paragraph 1 can also be exercised by a legal representative of the data subject or an agent authorized by the data subject. In such cases, a power of attorney must be submitted in accordance with Form 11 of the Enforcement Rules of the Personal Information Protection Act.
⑤ The data subject shall not infringe upon the personal information and privacy of themselves or any other person handled by the company in violation of related laws, such as the Personal Information Protection Act.
**Article 5 (Personal Information Items to be Processed)**
The company processes the following personal information items:
1. Homepage Shopee Live Commerce Pre-booker Information Processing:
- File: User name, phone number, email, country, shipping address.
2. Provision of goods or services:
- File: User name, phone number, email, country, shipping address.
3. During the process of using the Internet service, the following personal information items may be automatically generated and collected:
- IP address, cookie, MAC address, service usage record, visit record, defective usage record, etc.
**Article 6 (Revocation of Personal Information)**
① When personal information becomes unnecessary, such as the expiration of the personal information retention period or the fulfillment of the processing purpose, the company promptly destroys the personal information.
② If personal information needs to be preserved according to other laws and regulations, even after the data subject's agreed retention period has elapsed or the processing purpose has been achieved, the company will transfer the personal information to a separate database (DB) or store it differently.
③ The procedure and method of destroying personal information are as follows:
1. Procedure for destruction:
- The company selects personal information that has become unnecessary and destroys it with the approval of the company's personal information protection manager.
2. Method of destruction:
- Personal information recorded and stored in electronic files is destroyed using methods such as Low Level Format to prevent the reproduction of records. Personal information recorded and stored in paper documents is destroyed by shredding or incinerating them.
**Article 7 (Measures to Ensure the Safety of Personal Information)**
The company takes the following measures to ensure the safety of personal information:
1. Management measures: Establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, unique identification information, encryption, and security program installation.
3. Physical measures: Control of access to computer rooms, data storage rooms, etc.
**Article 8 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)**
① In order to provide individually customized services to users, the company uses "cookies" that store usage information and occasionally retrieves them.
② Cookies are small amounts of information sent to the user's computer browser by the server (http) used to operate the website, and they are also stored on the user's computer's hard disk.
A. Purpose of using cookies: Cookies are used to provide optimized information to users by identifying the type of visit and use of each service and website visited by users, popular search terms, security access, etc.
B. Installation, operation, and rejection of cookies: Users can refuse to save cookies by adjusting the options in the Tools > Internet Options > Privacy menu at the top of their web browser.
C. Refusing to save cookies may cause difficulties in using customized services.
**Article 9 (Personal Information Protection Officer)**
① The company is responsible for the processing of personal information, and the person in charge of personal information protection is designated as follows to handle complaints and remedy damages related to personal information processing.
② The data subject can contact the person in charge of personal information protection and the department in charge of all inquiries, complaints, and damage relief related to personal information protection that occurred while using the company's service (or business). The company will respond to and handle inquiries from the data subject promptly.
**Article 10 (Request for Personal Information Access)**
The data subject may request access to personal information from the department mentioned below under Article 35 of the Personal Information Protection Act. The company will make efforts to expedite the requests for access to personal information by the data subject.
**Article 11 (Implementation and Change of Personal Information Processing Policy)**
This personal information processing policy will be effective starting from June 23, 2023.
I have read and agree to the terms and conditions and privacy policy.