Privacy Policy


Effective Date: 2023-09-08

COMPACT.D Company (e-commerce business, 'Company') establishes and discloses the following personal information processing guidelines in order to protect the personal information of information subjects in accordance with the Personal Information Protection Act and to promptly and smoothly handle grievances related thereto.

This Privacy Policy applies to KGUDZ Cyber Mall and related services (including mobile web or app) provided by the Company.

This Privacy Policy will be updated if there are any changes in laws or guidelines related to personal information, and may vary depending on changes in the Company's policies, so please check it from time to time when visiting the Site.


1. Purpose of use and processing of personal information

The Company collects and processes personal information for the following purposes. The personal information processed will not be used for any purpose other than the following purposes, and if the purpose of use is changed, we will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.


1) Purpose of use and processing items of personal information

① Required
a. Used for identity verification procedures for membership services and overseas shopping
- Name, ID, password, mobile phone number, email address

b. Contact for notification of contract fulfillment and change of terms and conditions, confirmation of
identity, and handling of member's complaints, etc.
- Name, ID, mobile phone number, email address, address

c. Delivery of goods and prizes (return/refund), confirmation of delivery address and contact information, and marketing analytics
- Orderer's name, recipient's name, recipient's address, phone number (home/mobile), payment record, email address
d. Prevention of fraudulent use by bad members, prevention of unauthorized use, and prevention of duplicate registration
- Name, ID, email address, address, date of visit, service usage history and device information, access logs, cookies, access IP information, payment information
e. Order, payment and delivery services
- Orderer information, purchase/cancellation/return/exchange/refund information, recipient information, payment information, invoice information, bank account information, mobile phone number, card number, cash receipt information

② Optional 
a. Payment and refund for using paid information and purchasing goods such as goods and services 
- Bank account information, credit card information

b. Marketing, such as event and shopping benefit notification information 
- Email address, mobile phone number

c. Simple registration through SNS accounts
- GOOGLE (user ID, name, email address), LINE (user ID, name, email address), KAKAO (user ID, name, email address)

d. Data to provide personalized services 
- Other optional items

2) Items collected for personal information processing

① When registering as a member
- (Required) ID, password, email address
- (Optional) Name, country, address, mobile phone number (or telephone number), date of birth, gender, nickname

② When signing up by linking an SNS account (Google, Line, Kakao)
- (Required) ID, password, and email address for each SNS account
- (Optional) Name, country, address, mobile phone number (or phone number), date of birth, gender, nickname

③ When purchasing items
  - Orderer information (name, ID, mobile phone number, email address), delivery information (name, ID, mobile phone number, country, address), payment method information such as credit card information and bank account information, information such as payment history, payment (integration) password

④ Non-member ordering item purchasers
- Orderer information (name, mobile phone number, email address), delivery information (name, mobile phone number, country, address), payment method information such as credit card information and bank account information, information such as payment history, payment (integration) password

⑤ Refunds
- Refund account or credit card information of the person to be refunded

⑥ Information automatically generated in the process of using the service
- Service use records, IP address, cookies, visit date and time, bad use records, device information (unique device identification value, OS version), ADID, IDFA

⑦ When applying for an event
- SNS account, name, ID, mobile phone number, email address, date of birth, country of event participant

⑧ When winning an event
- Event participant's SNS account, name, ID, mobile phone number, email address, date of birth, and country
*The term "event participant" refers to a member who participated in an event organized through KGUDZ Cyber Mall and SNS operated by the Company.

⑨ When handling customer disputes and conducting consultations
  - Name, ID, email address, mobile phone number, consultation history


2. Retention and use period of personal information

In principle, the Company destroys the personal information of the information subject without delay upon withdrawal of membership. However, if the information subject is notified and consented to in advance in accordance with the company's internal policy, or if it is stipulated in a separate law, it is safely stored during that period and is not used for any other purpose. In accordance with the relevant laws and regulations, the following personal information is stored as follows.

1) Records related to contract or subscription withdrawal: 5 years (Electronic Commerce Act)
2) Records related to payment and supply of goods: 5 years (Electronic Commerce Act)
3) Records related to handling consumer complaints or disputes: 3 years (Electronic Commerce Act)
4) Records related to "display" advertisements: 6 months (Electronic Commerce Act)
5) Books and documents related to all transactions prescribed by the Tax Act: 5 years (National Tax Act)
6) Records related to electronic financial transactions: 5 years (Electronic Financial Transactions Act)
7) Records related to service visits: 3 months (Protection of Communications Secrets Act)



3. Use of Personal Information for Other Purposes and Provision to Third Parties

The Company uses the personal information of the information subject within the scope notified in the "Purpose of Use and Processing of Personal Information" and does not use it beyond the scope without the prior consent of the information subject or, in principle, provide the personal information of the information subject to a third party. However, the following cases are exceptions.

1) If the information subject has consented to disclosure or provision to a third party in advance.
2) In accordance with the provisions of laws and regulations, or when requested by investigative agencies and supervisory authorities in accordance with the procedures and methods prescribed by laws and regulations for the purpose of investigation and investigation.
3) When necessary for the settlement of charges for the provision of services
4) When providing minimum delivery information to a carrier for business purposes when delivering ordered goods
5) When necessary for customs clearance


4. Consignment of personal information processing

1) The Company consigns personal information processing tasks as follows for smooth personal information processing: (Name of consignee and consignment company / details of consignment tasks)

- TOSSPAYMENT, PAYPAL / Purchase and fee payment agency
- Fastbox, CJ Logistics, Post Office Delivery, EMS, DHL, UPS, Sagawa Global / Logistics storage and delivery of ordered items, sending related invoices, etc.
- Cafe24 / Establishment and maintenance of computer system, operation, identity verification, member's support and member's consultation, etc.

2) When concluding a consignment contract, the Company specifies in documents such as contracts the prohibition of processing personal information other than for the purpose of performing consignment work, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and responsibilities such as compensation for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the consignee processes personal information safely. 

3) If the contents of the consignment work or the consignee are changed, we will disclose it through this personal information processing policy without delay.


5. Procedures and methods for destroying personal information

1) The Company shall destroy the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the purpose of processing.

2) If the personal information retention period agreed to by the information subject has elapsed or the purpose of processing has been achieved, but the personal information must continue to be preserved in accordance with other laws and regulations, the personal information shall be transferred to a separate database (DB) or preserved in a different storage location.

3) The procedures and methods for destroying personal information are as follows.

①The Company selects the personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the Company's personal information protection officer.

② The Company destroys personal information recorded and stored in the form of electronic files so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incinerating them.


6. Measures regarding the destruction of personal information of non-users

1) The Company converts users who have not used the service for one year to a dormant account and keeps their personal information separately. The separately stored personal information shall be destroyed without delay upon membership and account withdrawal.

2) At least 30 days prior to the conversion, the Company shall notify members who are scheduled to become dormant of the fact that their personal information will be kept separately, the scheduled date of dormancy, and the records of personal information to be kept separately via email, text, or other methods that can be notified to the user.

3) If you do not want to be converted to a dormant account, you can log in to the service before the conversion to a dormant account. In addition, if you log in even if you have been converted to a dormant account, you can restore your dormant account with your consent and use the normal service.


7. Rights, obligations and methods of exercise of information subjects and legal representatives

1) The information subject may exercise the right to view, correct, delete, or suspend the processing of personal information at any time.
*A legal representative must make a request for access to personal information about a child under the age of 14, and an information subject who is a minor over the age of 14 may exercise his/her rights regarding the personal information of the information subject or may exercise his/her rights through a legal representative.

However, if you withdraw your consent to the processing of personal information, you may be unavoidably restricted from using some or all of the services.

2) You can view your personal information in the following ways.
  - Viewing personal information collected and retained: You can check it through 'My Account > My Information > Member Information' after logging in.

3) You can modify your personal information and cancel your subscription (withdraw your consent) in the following ways.
 - Modify personal information: You can modify your personal information through 'My Account > My Information > Member Information' after logging in.
- Unsubscribe (withdraw consent): You can unsubscribe directly after verifying your identity through 'My Account > > My Information > Member Information > Close Account' after logging in.
Or contact the person in charge of personal information management in writing, by phone, or by email, and we will take action without delay.

4) If the information subject requests correction of errors in personal information, the Company will not use or provide the personal information until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the correction can be made.

5) The Company handles personal information that has been canceled or deleted at the request of the information subject as specified in the "Retention and Use Period of Personal Information" collected by the Company, and does not allow it to be viewed or used for any other purpose.

6) The exercise of rights may be made through an agent, such as the legal representative of the information subject or a delegated person. In this case, you must submit a power of attorney in the form of Attachment No. 11 to the "Notification on the Method of Processing Personal Information (No. 2020-7)".

7) Requests for access to personal information and suspension of processing may restrict the rights of the information subject under Article 35 paragraph 4 and Article 37 paragraph 2 of the Personal Information Protection Act.

8) A request for correction and deletion of personal information cannot be made if the personal information is specified as the subject of collection in other laws and regulations.

9) The Company shall verify whether the person who made the request, such as a request for access, a request for correction or deletion, or a request for suspension of processing, in accordance with the rights of the information subject, is the person or a legitimate representative.



8. Measures to secure the safety of personal information

The Company takes the following technical and administrative protection measures to ensure the safety of personal information when processing the personal information of the information subject.

1) The personal information of the information subject is protected by password and encrypted information. The password of the information subject is stored and managed by one-way encryption, and the confirmation and change of personal information can only be made by the person who knows the password. Therefore, please take special care not to disclose the user's password to others.

2) The Company operates an intrusion detection and intrusion prevention system 24 hours a day to prevent damages such as loss, theft, leakage, alteration, or damage to users' personal information due to intrusion into the Company's information and communication network such as hacking or viruses, and all intrusion detection systems and intrusion prevention systems are configured and operated in redundancy in case of any contingencies.

3) The Company regularly backs up important data in case of damage to personal information, and strives to prevent leakage of personal information or important data by using antivirus programs.

4) In the case of sensitive personal information, the Company applies encrypted communication in the process of sending and receiving through the information and communication network so that it can be transmitted safely.

5) The Company recognizes the importance of protecting the personal information of information subjects, and for this purpose, the Company reasonably limits the number of personal information processing employees, and the person in charge of personal information processing periodically conducts training for processing employees to do their best to protect personal information. In addition, if there is a personnel change such as retirement or change of duties of personal information processing employees, the Company immediately changes or expunges the authority to access personal information. The Company regularly checks the implementation of this policy and the compliance of relevant employees with the personal information processing policy and internal regulations, and if there are any violations, corrects or improves them and takes other necessary measures.

6) In addition to the above, the Company is continuously making efforts to secure security by introducing security systems and expanding specialized personnel.


9. Installation, operation, and rejection of automatic personal information collection devices

The Company uses 'cookies' to store and retrieve member's information from time to time in order to provide individually customized services to members. Cookies are small text files that the server used to operate the Company's website sends to the user's browser and are stored on the user's computer hard disk, which identifies the user's computer but does not personally identify the user.

1) Purpose of using cookies, etc.
The Company uses cookies for the following purposes
- To provide convenient Internet services by maintaining the service usage environment set by the user.
- To provide optimized services by analyzing users' visit and usage behavior.

2) How to refuse cookies settings
Members have the option to install cookies. Therefore, members can allow all cookies by setting options in their web browser, check each time a cookie is saved, or refuse to save all cookies. However, in order to access the Company's homepage and use the service, you must allow cookies, and if you refuse, it may be difficult to use the Company's services that require a login.
- Example of setting method
For Microsoft Edge: Settings menu on the right side of the web browser > Cookies and site permissions > Manage and delete cookies and site data
For Chrome: Settings menu on the right side of the web browser > Privacy and security > Site settings > Cookies and site data

10. Collection, Use, Provision, and Refusal of Behavioral Information

The Company does not collect, use, or provide behavioral information for online personalized advertising.


11. Personal Information Protection Officer

1) The Company designates the person in charge of personal information protection as follows to take overall management for the processing of personal information and to handle complaints and damage relief of information subjects related to the processing of personal information.

- Personal Information Protection Officer
Name: Jang Jin Seok
Position: General Manager
Contact: cs.kgudz@gmail.com
Telephone: 02-6053-0244

- Department in charge of personal information protection
Department Name: E-Commerce Business Division
Person in Charge: Jang Jin Seok
Contact: cs.kgudz@gmail.com
Telephone: 02-6053-0244

2) The information subject may contact the personal information protection officer and the department in charge for all personal information protection-related inquiries, complaints, and damage relief that occurred while using the Company's services (or business). The Company will respond to and handle inquiries from the information subject without delay.


12. Request for access to personal information

1) The information subject may make a request for access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following department. The Company will endeavor to promptly process the information subject's request for access to personal information.

- Personal Information Access Request Reception and Processing Department
Department Name: E-Commerce Business Division
Person in charge: Jang Jin Seok
Contact: cs.kgudz@gmail.com
Telephone: 02-6053-0244

2) In addition to the access request processing department in Paragraph 1, the information subject may also request access to personal information through the Ministry of the Interior and Safety's 'Personal Information Protection Comprehensive Support Portal' website (www.privacy.go.kr).


13. Remedies for infringement of rights and interests

1) The information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency's Personal Information Infringement Report Center, etc. to receive relief due to personal information infringement. In addition, please contact the following organizations for other personal information infringement reports and consultations.

- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
- Supreme Prosecutors' Office Cyber Investigation Division (spo.go.kr / 1301 without area code)
- National Police Agency Cyber Investigation Bureau (https://ecrm.cyber.go.kr/minwon/main / 182 without area code)

14. Changes to the Privacy Policy

If there are any additions, deletions, or modifications to the contents of the current Privacy Policy due to changes in laws, policies, or security technologies, we will notify you through the 'Notice' on the homepage at least 7 days before the revised Privacy Policy takes effect.

1) This Privacy Policy shall be applied from the effective date of September 8, 2023.
2) The previous Privacy Policy can be found below.
-None-