The privacy policy is implemented by AtomyAZA to ensure the protection of members' personal information. It includes provisions regarding the purpose of collecting personal information, and policy measures to guarantee the fundamental privacy, confidentiality, and communication rights of AtomyAZA members in efforts to prevent human rights violations resulting from information leaks.
In accordance with Article 30 of the Personal Information Protection Act, AtomyAZA has established and disclosed this privacy policy to protect the personal information of information subjects and to handle related complaints in a prompt and efficient manner. Through this privacy policy, AtomyAZA informs members about the purposes and methods of utilizing the personal information they provide, as well as the measures taken to protect personal information.
If there are any changes or revisions to AtomyAZA's privacy policy, appropriate notifications will be provided through website announcements (or individual notices). We encourage you to regularly visit the AtomyAZA website to stay updated on any changes.
Article 1 Collection and Purpose of Use of Personal Information
AtomyAZA utilizes the collected personal information for the following purposes. The personal information being processed will not be used for any purposes other than those stated below, and in the event of a change in the purpose of use, necessary measures will be taken in accordance with Article 18 of the Personal Information Protection Act, including obtaining separate consent.
Classification |
Purpose |
Personal Information Items |
Retention period |
Required Information: |
registering as a member |
Website authentication and login for service usage |
ID, Password |
30 days upon withdrawal of a member or legally required retention period |
Notification of important information related to service usage, handling of customer complaints, smooth transaction processing (order confirmation), confirmation of user's intention, establishment of communication channels for dispute resolution, provision of new information |
Mobile phone number, Email |
Identification and prevention of unauthorized usage |
Cookies, Service usage records (visit date and time, IP, records of improper usage, etc.) |
using the services |
Verification of delivery address and contact information during product shipment, happy calls, etc. |
Address, Name, Contact information (phone number, mobile phone number), Email, Order history |
*If the buyer and recipient are different, recipient's information may be collected. |
canceling/exchanging/returning items |
Verification of refund recipient's account and contact information for customer service-related purposes. |
Refund account information (Bank name, account number, account holder) |
Article 2 Methods of Personal Information Collection
- AtomyAZA collects personal information through the following methods:
- 1.Verification of identity through the registration and consultation process on the website, mobile phones, digital devices, and the application of this service.
- 2.Collection through providing benefits information within AtomyAZA, and inputting shipping information for non-members' product delivery.
- 3.Provision from entrusted business partners or affiliated companies handling personal information.
- 4.Collection of generated information through service usage record statistics.
- 5.When using the services provided by AtomyAZA through accounts from other companies (Naver, Apple, Google, Facebook, etc.), data for user identification and personal information obtained with the user's consent will only be received from the respective company and processed within the agreed-upon purpose.
Article 3 Retention and Use Period of Personal Information
During the provision of services by AtomyAZA, the member's personal information will be continuously retained by AtomyAZA and used for the purpose of providing services. However, when the purpose of collection or provision has been achieved, or when the member requests withdrawal or termination of membership in accordance with Article 7 of AtomyAZA's Terms of Service, or when the member's qualification is terminated due to grounds for disqualification, the member's information will be deleted using irreversible technical methods and processed in a manner that prevents any access or use for any purpose. However, if there is a need to retain certain data for a certain period due to the verification of rights and obligations related to transactions under relevant laws such as the Commercial Act, the data will be retained for that specific period.
Retention Items |
Retention period |
Retention Reasons |
Records related to contracts or withdrawal of subscriptions |
5 years |
Electronic Commerce Act |
Records related to website visits |
3 months |
Telecommunications Privacy Protection Act |
Records related to identity verification |
6 months |
Information and Communication Network Act |
Records related to collection, processing, and use of credit information |
3 years |
Credit Information Use and Protection Act |
※ Personal information records processed to comply with obligations stipulated in other laws may be retained for the period necessary to demonstrate such responsibility.
Article 4 Provision and Sharing of Personal Information
AtomyAZA uses members' personal information within the scope notified in the 'Collection and Purpose of Personal Information' and generally does not exceed this scope or provide members' personal information to third parties without their consent. However, exceptions may apply in the following cases
- 1.When members have given prior consent to disclosure or provision to third parties.
- 2.When required by law or when there is a request from law enforcement or supervisory authorities in accordance with the procedures and methods prescribed by law for investigation purposes.
- 3.When it is needed for fee settlement related to service provision.
- 4.When necessary for statistical compilation, market research, etc., provided that the information is processed and provided in a form that cannot identify specific individuals."
Article 5 Outsourcing of Personal Data Processing and Provision of Subcontractors
In order to improve services, AtomyAZA may entrust the collection, handling, and management of members' personal information to outsourcing companies for processing. We strictly regulate the subcontractors in accordance with relevant laws to ensure the secure management of personal information in outsourcing contracts.
- 1.AtomyAZA has entrusted the following tasks to the subcontractor for smooth business operations:
Subcontractor: Atomy Corporation
Outsourced task: Member SSL authentication and login
- 2.AtomyAZA provides personal information to the following subcontractors within a limited scope.
Assignee |
Purpose of using personal information |
Personal information to be collected |
Product suppliers [View details] |
Order processing, delivery, customer support, complaint handling, etc. |
Name, ID, contact information (phone number, mobile number), address, email address, order information, recipient information (name, phone number, mobile number, address) |
LogiFocus |
Delivery of ordered products |
Name, ID, delivery address, contact information (phone number, mobile number), order history |
KCB (Korea Credit Bureau) |
Identity verification, real-name verification |
Name, date of birth, mobile number |
Toss Payments |
Card payment, virtual account |
Name, credit card information |
KICC (Korea Information & Communication) |
Card payment |
Name, credit card information |
LG CNS |
Notification messages, SMS, LMS, MMS |
Contact information (phone number, mobile number) |
SweetTracker |
Delivery tracking and tracing services |
Courier code, tracking number |
- 3.AtomyAZA, when entering into a subcontracting agreement, explicitly specifies in the contract or other relevant documents the matters related to the prohibition of personal information processing beyond the purpose of subcontracted tasks, technical and administrative safeguards, restrictions on re-subcontracting, management and supervision of the subcontractor, liability for damages, in accordance with Article 25 of the Personal Information Protection Act. AtomyAZA also supervises whether the subcontractor handles personal information securely.
- 4.In the event of any changes in the content of the subcontracted tasks or the subcontractor, AtomyAZA will promptly disclose such changes through this privacy policy.
Article 6 Rights and Obligations of Members and the Methods of Exercising Them
- 1.Members have the following rights regarding personal information protection in accordance with relevant laws, such as the Personal Information Protection Act:
- A.Right to access personal information
- B.Right to correct or delete personal information
- C.Right to suspend the processing of personal information
- 2.Methods for exercising the rights of accessing, correcting or deleting, and suspending the processing of personal information:
- A.Email: help@atomyaza.com
- B.Phone: 1544-8844 (Customer Center)
- C.1:1 Inquiry: Submitting inquiries through the customer center board on the shopping mall website
- 3.If a member requests the correction of their personal information due to an error, AtomyAZA will not use or provide the information until the correction is completed.
- 4.If incorrect personal information has already been provided to a third party, AtomyAZA will promptly notify the third party of the correction results and take necessary measures to rectify the information.
Article 7 Withdrawal of Consent for the Collection, Use, and Provision of Personal Information
- 1.Members have the right to withdraw their consent at any time regarding the collection, use, and provision of personal information through membership registration and other processes. Members can directly withdraw their consent for the collection, use, and provision of personal information through the website's membership withdrawal menu. Additionally, members can contact the personal information management officer or designated staff to request immediate measures for membership withdrawal. If there are actions taken, such as the withdrawal of consent and the disposal of personal information, AtomyAZA will promptly notify members without delay.
- 2.AtomyAZA takes necessary measures to ensure that the withdrawal of consent (membership withdrawal) for the collection of personal information is easier than the method used for collecting personal information.
- 3.If a request is made to withdraw consent (membership withdrawal) for the collection of personal information, it may take a certain amount of time to withdraw the already provided member information. During this period, the information will not be used for marketing purposes. AtomyAZA makes every effort to promptly process the request to protect the valuable information of its members.”
Article 8 Procedure and Method for Personal Information Disposal
- 1.AtomyAZA promptly disposes of collected personal information once the purpose of its use has been achieved, in accordance with the retention and use period.
The disposal procedure, timing, and method are as follows:
- A.Disposal Procedure and Timing:
- a)Personal information entered by members for service use is disposed of without delay once the purpose of use, such as service termination, is achieved, based on internal regulations and other relevant laws and regulations related to the protection of information (refer to Article 3 for the retention and use period of personal information). Generally, if there are no information protection reasons, personal information managed in electronic file format is deleted immediately upon service termination.
- b)Members' personal information is disposed of without delay within 5 days from the expiration of the retention period.
- B.Disposal Method:
- a)Personal information printed on paper is shredded or incinerated using a shredder or dissolved with chemicals.
- b)Personal information stored in electronic file format is deleted using technical methods that prevent the recovery of records.
Article 9 Technical and Administrative Measures
- 1.Technical Measures:
AtomyAZA implements the following technical measures to ensure the security of members' personal information and prevent its loss, theft, leakage, alteration, or damage.
- A.Members' personal information is protected by passwords, and important data is safeguarded using encryption or file locking functions (lock) through separate security measures.
- B.AtomyAZA employs antivirus programs to prevent damage caused by computer viruses. The antivirus programs are regularly updated, and in the event of a sudden virus outbreak, immediate provision of the corresponding vaccine prevents the infringement of personal information.
- C.AtomyAZA adopts secure devices (SSL or SET) using encryption algorithms to safely transmit personal information over networks.
- D.To prepare for external intrusion such as hacking, AtomyAZA utilizes intrusion detection systems and vulnerability analysis systems for each server, ensuring comprehensive security.
- 2.Administrative Measures
- A.AtomyAZA restricts access to members' personal information to a minimum number of personnel. Regular internal training and external outsourced training are provided to employees who handle personal information to acquire new security technologies and fulfill obligations regarding personal information protection.
- B.At the time of employment, AtomyAZA establishes internal procedures to prevent information leaks caused by individuals by having all employees sign a security oath. These procedures also include monitoring compliance with the implementation of the personal information processing policy and the handling of employees' adherence to it.
- C.The handover process of personal information-related tasks among personnel is conducted rigorously under secure conditions. Clear responsibilities for personal information incidents are defined both during and after employees' employment.
- D.AtomyAZA does not assume responsibility for incidents resulting from user errors or the inherent risks associated with the internet. Each individual member is responsible for appropriately managing their own ID and password to protect their personal information.
- E.In the event of data loss, leakage, alteration, or damage to personal information caused by internal administrator errors or technical management incidents, AtomyAZA promptly notifies the affected members and takes appropriate measures."
Article 10 Personal Information Management Officer
AtomyAZA has appointed a Personal Information Protection Officer (management and operations) who is responsible for overseeing the handling of personal information and handling complaints and remedies related to personal information processing. If you have any inquiries, complaints, or requests regarding personal information protection-related matters that arise while using the services (or business) of AtomyAZA, you may contact the Personal Information Protection Officer or the respective department. AtomyAZA strives to provide prompt and sufficient responses to inquiries from information subjects.
Classification |
Personal Information Manager |
Personal Information Operation Manager |
Name |
Chung Yeon Shin |
Min Chan Ahn |
Affiliation |
IDS |
IDS |
Phone number |
02-1544-8844 |
02-1544-8844 |
Email |
cyshin@atomyaza.com |
mcahn@atomyaza.com |
Article 11 Remedies for Privacy Rights Violations
Information subjects can contact the following organizations for inquiries regarding personal information violations. These organizations are separate from the company, and if you need to report or consult on personal information breaches, please contact the organizations below:
- Personal Information Infringement Report Center and Dispute Resolution Committee (Operated by Korea Internet & Security Agency)
- Responsibilities: Reporting personal information breaches, requesting consultations, applying for dispute resolution
Website: privacy.kisa.or.kr
Phone: 118 (no area code needed)
- Personal Information Infringement Report Center
- Cyber Investigation Department, Supreme Prosecutors' Office (www.spo.go.kr / 1301 without area code)
- Cyber Safety Bureau, National Police Agency (cyberbureau.police.go.kr / 182 without area code)
- For other consultations related to personal information breaches or damages, you can contact the Personal Information Infringement Report Center within the Korea Internet & Security Agency (KISA) at http://privacy.kisa.or.kr or call 118.
Article 12 Installation/Operation and Rejection of Automatic Collection Devices for Personal Information
- 1.What is cookie?
- A.The company uses 'cookies' to store and retrieve user information for providing personalized and customized services.
- B.Cookie is a very small text file that is sent by the web server to the user's browser and stored on the user's hard drive. When the user visits the website again, the website server reads the contents of the cookie stored on the user's hard drive to maintain user preferences and provide personalized services.
- C.Cookies do not collect personally identifiable information automatically or actively. Users can refuse or delete the storage of such cookies at any time.
- 2.Company’s purpose of using cookies:
To remember the login IDs for the websites visited by users on AtomyAZA.
- 3.Installation/Operation and Refusal of Cookies:
- A.Users have the option to choose whether to allow cookie installation. Therefore, users can choose to allow all cookies, receive confirmation for each cookie, or refuse the storage of all cookies by adjusting the options in their web browsers.
- B.However, if users refuse to store cookies, it may cause difficulties in accessing certain services on AtomyAZA that require login.
- C.The method to specify the permission for cookie installation (in the case of Internet Explorer) is as follows:
- a)Select "Tools" from the menu and choose "Internet Options."
- b)Click on the "Privacy" tab.
- c)Set the desired "Privacy Level" for handling personal information.
Article 13 Changes to the Privacy Policy
- 1.This privacy policy is effective from 01,08, 2023.