FREE STANDARD SHIPPING ON ORDERS OVER US$50

Privacy Policy

ETUDE HOUSE (hereinafter referred to as the ‘Company’) values the personal information of users (hereinafter referred to as ‘users’) of the ETUDE HOUSE global shopping mall service (hereinafter referred to as ‘service’) provided by the Company, and is trying its best to protect the personal information of users.

The Company complies with the laws and regulations related to personal information protection, such as the 『Personal Information Protection Act』, the 『Act on Promotion of Information and Communications Network Utilization and Information, Etc,』, and is protecting users’ personal information by establishing its own privacy policy and complying with it. Also, the Company makes sure that users can easily view the privacy policy all the time by always disclosing it on the first screen of the Company’s homepage. The Company’s privacy policy may be changed by amendments to related laws and notifications or changes to its internal operating policies. If the Company’s privacy policy is modified, the changes will be notified on its homepage. The Company’s privacy policy contains the following information:

01 Consent to collection of personal information and collection method

02 Personal information items collected and purposes of collection and use

03 Provision of personal information

04 Consignment of personal information processing

05 Personal information retention and use period, and procedure for and method of destroying personal information

06 Department processing personal information protection and related complaints

07 Using the automatic personal information collection system to collect personal information

08 Viewing and correcting personal information, etc.

09 Withdrawal of consent to the collection, use and provision of personal information

10 Administrative, technical and physical measures for protection of personal information

11 The rights of users and legal representatives and the method of exercising them

12 Obligation to notify changes to the protection policy

13 Governing laws

Article 1 (Consent to collection of personal information and collection method)


① "Member" refers to a user who became a member by providing personal information to the Company for member registration.

② "Non-member" refers to a person who uses the service provided by the Company without becoming a member of the Company’s site, etc.

③ Users may consent to collection of users’ personal information according to the Company’s privacy policy by indicating whether to consent to it online or offline. If users place a mark next to ‘Consent,” they will be deemed to have consented to collection of personal information.


Article 2 (Personal information items collected and purpose of collection and use)


① The Company collects minimum personal information necessary for provision of service when users become members to use member service. However, to provide high-quality customized service for users, the Company optionally collects additional personal information from users.

② The Company will not collect sensitive personal information that may infringe on basic human rights, such as ideology, creed, labor union membership, political views, health, sex life, medical history, religion, ethnicity and criminal records, without the explicit consent of users. ③ The personal information items the Company collects during membership registration and the purpose of collecting and using this information are as follows:


Classification

Items collected

Purpose of collection and use

Use and retention period

Mandatory

Name, ID, password (P/W)

Identification for service use, prevention of bad members’ illegal use

Until membership is cancelled See Article 5.

Address, cell phone number, e-mail address, and whether to receive e-mail

Shipping goods, securing communication channels for delivery of notices/checking members’ intention/handling complaints Provision of information on new services/new products/other events and shipping prizes if members consent

Transactional information

Managing shipping and membership data when users use services and purchase products

Optional

Birthdate, gender

Customized services, such as provision of beauty solutions by skin type (birthday events and events customized for gender)

Location information

Holding mobile site events customized for the weather

 

④ If users purchase goods or services from the Company, they must enter the following additional information for payment and delivery of goods.

* By payment method
- In case of card payment: minimum information necessary for payment, such as type of credit card, card number and expiration date
* The contact information of senders and receivers necessary for shipping goods, such as names, addresses and phone numbers

⑤ The Company collects personal information in the following cases in addition to the personal information for membership signup for this website member, and clarifies the purpose of collecting personal information and receives users’ consent.
* In case of customers counseling: preparing customer cards to keep records for customer counseling and dispute mediation
* In case of surveys or giveaways: selectively entering personal information for statistical analysis or giveaways
* In case of selecting prosumers for monitoring: filling out application forms for monitoring and prosumer activities

⑥ The Company is collecting and using users’ personal information to provide optimal service for users as marketing data for user identification, shipping prizes and statistical analysis. Without the prior consent of the user or the regulations of related laws, the Company does not use personal information for purposes other than specified to users in advance, or disclose it to the outside.
Users may refuse to consent to the collection and use of personal information. However, if users refuse to consent to the collection and use of mandatory information, they cannot sign up for membership, and if they refuse to consent to the collection and use of optional information by not entering such information, membership signup is possible, but they may be restricted in using services and receiving benefits based on the optional information.


Article 3 (Provision of personal information)


① The Company may not use users’ personal information or provide it to a third party beyond the scope mentioned in Article 2 unless users consent to it or related laws stipulate it.

② In the following cases, however, users’ personal information may be provided without users’ consent.

* If such information is necessary for charging the fees for services provided
* If personal information is processed in such a way that personal identification is impossible and provided to research organizations, survey firms and research institutes for the purpose of statistical analysis, academic research or market research
* If there are special regulations, such as the Personal Information Protection Act, the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., the Act on Real Name Financial Transactions and Confidentiality, the Use and Protection of Credit Information Act, the Framework Act on Telecommunications, Telecommunications Business Act, the Local Tax Act, and the Consumer Protection Act, Criminal Procedure Act.

③ Users may refuse to consent to the provision of personal information to a third party, and if they refuse to consent, they may be restricted in using services requiring the provision of personal information to a third party.

④ When the Company provides personal information to a foreign third party, it must notify it to users and receive their consent.

Article 4 (Consignment of personal information processing)


① The Company may consign the management of users’ personal information to external agencies for improvement of service and efficient data processing.

② When consigning the processing of personal information, the Company will enter into a consignment contract and manage and supervise protection of users’ personal information to ensure that the service provider will comply with the instructions related to protection of personal, keep personal information confidential, and not provide personal information to a third party without users’ consent.

③ The personal information consignees and the details of consignment are as shown below:


Consignee

Details

IBM Korea

Data processing and management of personal information and sending e-mail

Amore Pacific

Member recruiting and member information management

PayGate

Payment gateway service

Foread, Postvisual, JWT

Text message service like SMS and MMS and shipping prizes

Korea Post (EMS)

shipping

Amazon AWS-SES

e-mail information for sending e-mail around the world

MPC, Serpa Logistics

customer claim handling and customer information related to shipping


Article 5 (Personal information retention and use period, and procedure for and method of destroying personal information)


① The Company will retain users’ personal information while they use the services provided by the Company, and use it for provision of services, etc. Only the personal information manager and the Chief Privacy Officer or those who are approved by them can print the digitally registered personal information of users as documents.

② The Company must take requested actions immediately if users requested that their own personal information be deleted or that their membership be cancelled, and make sure that deleted information will be completed deleted from the disk in such a way that the records cannot be recovered, reproduced, viewed or used later.

③ In case the purpose of collecting or using personal information is nullified as shown below, the Company must delete the information from the disk according to the Company’s internal destruction procedure, and if personal information is printed, the Company must immediately destroy users’ personal information by using a shredder.

* Membership signup information: when users withdrew their membership or they were expelled from membership
* Payment information: when payment is completed or the extinctive prescription of accounts payable expires
* Shipping information: when goods or services are delivered or provided
* Personal information collected for surveys and events: when such surveys and events end

④ Even after the purpose of collection and use is accomplished, if it is necessary to retain personal information according to laws like the Act on the Consumer Protection in the Electronic Commerce Transactions, Etc., the Personal Information Protection Act, the Commercial Act and the Framework Act on National Taxes, the Company may retain users’ personal information for a certain period as described below:

* Records on contracts or withdrawal of subscription: 5 years
* Records on payment and supply of goods, etc.: 5 years
* Records on handling consumer complaints or disputes: 3 years


Article 6 (Department processing personal information protection and related complaints)


① To protect users’ personal information and handle related complaints, the Company has a department that handles personal information protection business and related complaints. Also, the Company has the Chief Privacy Officer and personal information managers to promptly handle users’ inquiries and complaints about personal information.


[Business Support Team] E-mail : etudeglobal1@gmail.com

② If users need to report personal information intrusion or need consultation, they may contact the department responsible for personal information protection mentioned in Paragraph 1 above and the following.
- Privacy Invasion Reporting Center, Korea Internet Security Agency (privacy.kisa.or.kr/02-405-5118)


Article 7 (Using the automatic personal information collection system to collect personal information)


① The Company may use ‘cookies (a mechanism for automatically collecting personal information, such as Internet connection information files)’ for storing user information and finding it when necessary. A cookie is the small information that the server used for operating the Company’s website sends to users’ browsers (Netscape, Internet Explorer, etc.). It is stored on the hard disks of user’s computers. If users connect to a website, the Company’s computer reads the cookies in the users’ browsers, finds addition information of users in their computers, and provides service without the need to enter additional information like names. Cookies identify users’ computers, but not the users.

② The Company use cookies to support and improve services necessary for site operations, such as analysis of the connection frequency of members and non-members, time of their visits, and the number of visits by each user.

③ The Company will use cookies to give differentiated opportunities to enter for an event and provide differentiated information depending on users’ areas of interest by analyzing users’ participation in various events hosted by the Company and the number of visits they made.

④ Users have a choice regarding whether to install cookies. Accordingly, they can choose to allow all cookies, some cookies or refuse all cookies by setting an option in the web browser.

1. How to specify whether to allow cookie installation (if Internet Explorer 6.0 is used) Click [Tool] on the task bar in the Internet screen, select [Internet option] and [Personal Information Tab], and specify whether to allow cookies in [Personal Information Protection Level].
2. How to view cookies (if Internet Explorer 6.0 is used) Click [Tool] on the task bar in the Internet screen, select [Internet option] and [Settings] for the temporary Internet file in the general tab (default tab), and select [View File].


Article 8 (Viewing and correcting personal information, etc.)


① Users can always log into the Company’s website and click [Modify Member Information] to directly view or correcting personal information, or users can request those who are consigned with personal information handling, such as merchants, or contact the Company’s personal information protection department by phone or e-mail or in writing to request the viewing, correction, deletion and suspension of processing. The Company will take necessary actions immediately to comply with users’ requests.

② If users requested that errors in personal information be corrected, the Company will not use or provide such personal information until correction is completed. Also, if the Company has already processed wrong personal information, it will take measures to reflect the result of correction immediately.

③ In the following cases, the Company may restrict the viewing and correction of personal information.

1. in case the rights and interests of a third party are highly likely to be damaged;

2. in case the business of the service provider is highly likely to be hindered; and

3. in case laws are violated.


Article 9 (Withdrawal of consent to the collection, use and provision of personal information)


① Users may withdraw their consent to the collection, use and provision of personal information anytime. Users may withdraw their consent (withdraw their membership) after logging into the Company’s website, or request those who are consigned with personal information handling, such as merchants, or contact the Company’s personal information protection department in writing, by phone or e-mail. The Company will take necessary measures immediately at the request of users, e.g. handling users’ withdrawal of membership and destruction of personal information.

② The Company is making efforts to make withdrawal of consent to collection of personal information (withdrawal of membership) easier than collection of personal information.


Article 10 (Administrative, technical and physical measures for protection of personal information)


① The Company will establish and carry out internal management plans for safely handling personal information, and provide education.

② When handling users’ personal information, the Company is considering technical measures to ensure that personal information will not be lost, stolen, leaked, altered or damaged.

③ Users’ personal information is managed using the internal network that cannot be accessed or infiltrated by external networks, and the Company is using a separate security function to thoroughly protect important files, e.g. encrypting files and transmission data or using the file lock function.

④ The Company installed the intrusion detection system in each server to prevent intrusions like hacking to guarantee the security of the internal network, and installed the access control system to reinforce security.

⑤ The Company installed vaccine programs to prevent infringement on personal information so that it is possible to always check whether the information systems, used by personal information processing systems and personal information handlers for personal information processing, have malicious programs like computer viruses and spyware.

⑥ The Company limits the right to access to users’ personal information to a minimum number of people, established an internal procedure for accessing and managing personal information to ensure the safety of personal information, installed access control and lock systems, and make sure that its employees are familiar with these regulations and comply with them.

⑦ Transfer of duties and responsibilities between personal information handlers is done thoroughly in a secure environment, and the Company clearly stipulates responsibilities for personal information accidents when they join the company and after they leave the Company.

⑧ Users must make sure their personal information is correct by checking and managing the personal information they provided to the Company, and if they use others’ personal information without permission or infringe on others’ rights in the process of using the Internet site, they may be sanctioned by the Company, and take the civil and criminal responsibilities.

⑨ The Company will not be held responsible for problems due to leakage of personal information, such as ID, password (P/W) and resident registration number, because of users’ negligence or Internet problems. Accordingly, users must thoroughly manage their IDs and passwords to protect their own personal information, and take responsibility for it. However, if users’ personal information was lost, leaked, altered or damaged by the mistakes of the Company’s internal managers or technical management accidents, the Company will immediately notify it to users, and take appropriate measures and compensate.


Article 11 (The rights of users and legal representatives and the method of exercising them)


① Users and their legal representatives may exercise their rights related to the viewing, modification and change of personal information and withdrawal of membership against the Company.

② To protect the personal information of children, the Company will collect the personal information of children under 14 years old only with the consent of their legal representatives (parents, etc.).

③ Users and their legal representatives may contact the Company by phone or in writing to exercise their rights with regard to personal information, and the Company will take necessary measures immediately.


Article 12 (Obligation to notify changes to the protection policy)


The privacy policy may be changed according to the changes in laws, policies, the Company’s internal operating policy or changes in security technology. In this case, the Company will post the reason for and contents of such changes on the first page of the Company’s website at least seven days before the enforcement of the modified privacy policy (if the changes to the privacy policy are disadvantageous to users, 30 days).


Article 13 (Governing laws)


All matters concerning the interpretation, effectiveness and implementation of this privacy policy and disputes related therewith will be governed by the laws of the Republic of Korea.

Back to Top