Privacy Policy

ONCHO (hereinafter referred to as the 'Company') establishes and discloses the following personal information processing guidelines in order to protect the personal information of information subjects and to handle complaints related to it promptly and smoothly in accordance with Article 30 of the Personal Information Protection Act. do.

Article 1 (Purpose of processing personal information)
The company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Homepage member registration and management
Confirmation of intention to sign up for membership, identification/authentication by provision of membership service, maintenance/management of membership, identification by implementation of limited identification system, prevention of illegal use of services, consent of legal representative when processing personal information of children under the age of 14 Personal information is processed for the purpose of confirmation, various notices/notifications, grievance handling, etc.

2. Provision of goods or services
Personal information is processed for the purposes of delivery of goods, provision of services, delivery of contracts and invoices, provision of contents, provision of customized services, identification, age verification, payment and settlement of charges, and debt collection.

3. Grievance Handling
Personal information is processed for the purpose of verifying the identity of the complainant, confirming complaints, contacting and notifying for fact-finding, and notifying processing results.

Article 2 (Processing and retention period of personal information)
① The company processes and retains personal information within the period of retention and use of personal information according to the law or within the period of use and retention of personal information consented to when collecting personal information from the information subject.
② Each personal information processing and retention period is as follows.

1. Homepage membership registration and management: Until business/organization website withdrawal
However, in the case of the following reasons, until the end of the reason
1) If an investigation or investigation is in progress due to a violation of related laws, until the end of the investigation or investigation
2) In the case of remaining bonds and debts due to the use of the website, until the settlement of the bonds and debts


2. Provision of goods or services: Until the completion of supply of goods or services and completion of payment or settlement
However, in the case of the following reasons, until the end of the relevant period
1) Records on transactions, such as indications and advertisements, contract details and performance, in accordance with the 「Act on Consumer Protection in Electronic Commerce, Etc.」
- Records on display and advertisement: June
- Record of contract or withdrawal of subscription, payment, supply of goods, etc.: 5 years
- Records on handling consumer complaints or disputes: 3 years
2) Storage of communication confirmation data in accordance with Article 41 of the Protection of Communications Secrets Act
- Subscriber telecommunication date and time, start/end time, subscriber number of the other party, frequency of use, originating base station location tracking data: 1 year
- Computer communication, Internet log records, access location tracking data: 3 months


Article 3 (Provision of personal information to third parties)
① The company processes the personal information of the information subject only within the scope specified in Article 1 (Purpose of processing personal information), and personal information is only processed when it falls under Article 17 of the Personal Information Protection Act, such as the consent of the information subject and special provisions of the law. provided to third parties.
② The company provides personal information to third parties as follows.
- Person who receives personal information: The card company or payment company that the customer pays for
-Purpose of use of personal information of recipients: For smooth delivery of ordered products such as payment processing, service progress, and delivery
- Provided personal information items: name, address, phone number, e-mail address, card payment account information
- Possession and use period of the recipient: During the transaction period according to the order


Article 4 (Consignment of personal information processing)
① When the company uses a consignment company for smooth personal information processing, the company will describe the personal information processing task as follows.

1. Operation of the telephone consultation center
- Consignee (consignee): OOO CS Center
- Details of entrusted tasks: telephone consultation response, department and employee guidance, etc.

② When concluding a consignment contract, the company stipulates responsibilities such as prohibition of handling personal information for purposes other than the purpose of entrusted business, technical and managerial protection measures, restrictions on re-entrustment, management and supervision of the trustee, compensation for damages, etc. in accordance with Article 25 of the Personal Information Protection Act. etc., and supervise whether the trustee handles personal information safely.
③ If the contents of the entrusted business or the consignee are changed, we will disclose it through this personal information processing policy without delay.

Article 5 (Rights of users and legal representatives and how to exercise them)

① The information subject can exercise the following personal information protection rights against the company at any time.
1. Request to view personal information
2. Request for correction in case of errors
3. Deletion request
4. Request for suspension of processing
② The exercise of rights under Paragraph 1 can be done in writing, by phone, e-mail, fax, etc. to the company, and the company will take action without delay.
③ If the information subject requests correction or deletion of personal information errors, etc., the company will not use or provide the personal information until the correction or deletion is completed.
④ The exercise of rights pursuant to Paragraph 1 can be done through an agent, such as a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with Attachment No. 11 of the Enforcement Rules of the Personal Information Protection Act.
⑤ The information subject shall not infringe on the personal information and privacy of the information subject or others handled by the company in violation of related laws such as the Personal Information Protection Act.


Article 6 (Items of personal information to be processed)
The company handles the following personal information items.

1. Homepage member registration and management
Required items: email address, password
Optional items: address, contact number, name

2. Provision of goods or services
Required items: Payment information such as name, password, address, phone number, email address, credit card number, bank account information
Optional items: field of interest, past purchase history

3. The following personal information items may be automatically generated and collected in the process of using the Internet service.
IP address, cookie, MAC address, service use record, visit record, bad use record, etc.

Article 7 (Destruction of personal information)
① The company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing.
② If personal information must be kept in accordance with other laws and regulations despite the expiration of the personal information retention period agreed to by the information subject or the achievement of the purpose of processing, the personal information is moved to a separate database (DB) or stored in a storage location. otherwise preserved.
③ The procedure and method of destroying personal information are as follows.
1. Destruction procedure
The company selects the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the person in charge of personal information protection of the company.
2. Destruction method
The company destroys personal information recorded and stored in the form of electronic files using methods such as low-level format so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding with a shredder or incinerating. do.

Article 8 (Measures for Ensuring Safety of Personal Information)
The company takes the following measures to ensure the safety of personal information.
1. Administrative measures: establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: Management of access rights such as personal information processing system, installation of access control system, unique identification information
encryption, security program installation
3. Physical measures: Access control for computer rooms, data storage rooms, etc.

Article 9 (Matters Regarding the Installation, Operation and Rejection of Automatic Personal Information Collection Devices)
① The company uses 'cookies' that store and retrieve usage information from time to time to provide individually tailored services to users.
② Cookies are a small amount of information that the server (https) used to run the website sends to the user's computer browser, and is sometimes stored on the hard disk of the user's computer.
go. Purpose of use of cookies: It is used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by the user, popular search words, secure access, etc.
me. Installation, Operation and Rejection of Cookies: You can refuse to save cookies by setting options in your web browser.
all. If you refuse to save cookies, you may experience difficulties in using customized services.


Article 10 (Person in charge of personal information protection)
① The company is responsible for overall handling of personal information, and has designated the person in charge of personal information protection as follows to handle complaints and damage relief of information subjects related to personal information processing.

▶ Person in charge of personal information protection
Name: Joo Hwan Lee
Contact: 050-6908-8888, a@oncho.kr
※ You will be connected to the person in charge of personal information protection.

② The information subject can inquire about all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's service (or business) to the person in charge of personal information protection and the department in charge. The company will respond to and process inquiries from information subjects without delay.


Article 11 (Personal information access request)
The information subject can request to view personal information in accordance with Article 35 of the Personal Information Protection Act to the following departments. The company will make efforts to promptly process the request for access to personal information of the information subject.

▶ Person in charge of receiving and processing personal information access requests
Name: Joo Hwan Lee
Contact: 050-6908-8888, a@oncho.kr

Article 12 (Remedy for Infringement of Rights and Interests)
The information subject can inquire about damage relief and consultation for personal information infringement to the following organizations.

▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Responsible tasks: reporting personal information infringement, requesting consultation
- Website: privacy.kisa.or.kr
- Phone: (without area code) 118
- Address: (58324) 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong) 3rd floor Personal Information Infringement Reporting Center

▶ Personal Information Dispute Mediation Committee
- Jurisdiction: personal information dispute mediation application, collective dispute mediation (civil settlement)
- Website: www.kopico.go.kr
- Phone: (without area code) 1833-6972
- Address: (03171) 4th floor, Government Complex Seoul, 209, Sejong-daero, Jongno-gu, Seoul

▶ Supreme Prosecutor’s Office Cyber Crime Investigation Team: 02-3480-3573 (www.spo.go.kr)
▶ National Police Agency Cyber Security Bureau: 182 (http://cyberbureau.police.go.kr)


Article 13 (Enforcement and change of personal information processing policy)
This Privacy Policy is effective as of December 2022. X.