Privacy Policy

Effective Date: April 10, 2025

This Privacy Policy applies to personal information collected and processed by Double D Co., Ltd. (“the Company”) in accordance with Article 30 of the Personal Information Protection Act of Korea.

The Company is committed to protecting users’ personal information and handling complaints related to privacy quickly and properly.

This Privacy Policy includes the following:

1. Purpose of Processing Personal Information

2. Retention and Use Period of Personal Information

3. Categories of Personal Information Collected and Collection Methods

4. Handling of Personal Information of Children Under the Age of 14

5. Disclosure of Personal Information to Third Parties

6. Entrustment of Personal Information Processing

7. Destruction of Personal Information

8. Rights and Responsibilities of Users and Legal Representatives

9. Measures to Ensure the Security of Personal Information

10. Use of Automated Collection Tools (Cookies)

11. Data Protection Officer

12. Remedies for Violation of Rights

13. Changes to this Privacy Policy

 

1. Purpose of Processing Personal Information

The Company collects and processes personal information for the following purposes. We do not use personal information for any purpose other than those described below. If there is a change in the purpose of use, we will take necessary actions, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

(1) Membership Registration and Management

To verify membership intent, provide membership-based services, identify and authenticate users, maintain and manage user accounts, prevent unauthorized use, verify legal guardian consent for users under age 14, send notifications, and handle user inquiries or complaints.

(2) Provision of Goods and Services

To provide content, process payments, deliver products or invoices, and offer customized services.

(3) Marketing and Advertising

To provide promotional information and event opportunities, analyze access frequency, and collect statistical data on user service usage.

 

2. Retention and Use Period of Personal Information

(1) General Retention Period

The Company retains and uses personal information within the period agreed upon at the time of collection. When the purpose of processing is fulfilled or the user requests service termination, the information will be promptly deleted.

• Membership Registration and Management: Until membership is canceled

• Provision of Goods or Services: Until delivery of goods/services is completed and payment is finalized

(2) Exceptions Based on Applicable Laws

Even after the purpose of collection has been fulfilled, certain information may be retained in accordance with relevant laws and regulations:

• Records of contracts or subscription withdrawals

• Legal Basis: Act on Consumer Protection in Electronic Commerce

• Retention Period: 5 years

• Records of payment and supply of goods/services

• Legal Basis: Act on Consumer Protection in Electronic Commerce

• Retention Period: 5 years

• Records of consumer complaints or dispute resolution

• Legal Basis: Act on Consumer Protection in Electronic Commerce

• Retention Period: 3 years

• Records of advertising and labeling

• Legal Basis: Act on Consumer Protection in Electronic Commerce

• Retention Period: 6 months

• Service access logs

• Legal Basis: Protection of Communications Secrets Act

• Retention Period: 3 months

3. Categories of Personal Information Collected and Collection Methods

(1) Categories of Personal Information Collected

The Company collects the following types of personal information for purposes such as membership registration, customer inquiries, and service use:

A. When signing up for membership:

• Required: Username, password, full name, email address, mobile phone number, date of birth

• (For users under 14: legal guardian's information)

• Optional: Gender

B. When placing an order:

• Required: Order information (name, email, mobile phone number), shipping information (name, address, mobile phone number), password for guest order tracking

• Optional: Landline phone number

C. When using social login:

• Kakao Login

• Required: Name

• Naver Login

• Required: Username, name, email address

• Optional: Nickname, date of birth

D. Automatically collected during service use:

• Service usage records, access logs, cookies, IP address, payment history, suspension history, record of misuse

(2) Methods of Collection

The Company collects personal information through the following means:

• Website (including sign-up forms, order pages, and inquiry boards)

• Written forms

• Email, telephone, fax

• Participation in events or promotions

• Delivery request forms

• Affiliates

• Automated data collection tools (e.g., cookies)

4. Handling of Personal Information of Children Under the Age of 14

(1) Collection with Legal Guardian Consent

The Company does not knowingly collect personal information from children under the age of 14 without the consent of a legal guardian. When such information is collected, it is limited to the minimum necessary to provide the relevant service.

• Required information: [Personal information collected through the legal guardian consent form — to be specified as applicable]

(2) Verification of Guardian Consent

The Company verifies the consent of a legal guardian by one of the following methods:

• Posting the consent terms on the website and requiring the guardian to confirm consent, followed by SMS notification to the guardian’s mobile phone

• Requiring the guardian to confirm consent via a credit or debit card check

• Verifying the guardian's identity through mobile authentication after indicating consent on the website

• Sending a written consent form to the guardian via mail or fax, to be signed and returned

• Sending the consent form by email and receiving the signed response via email

• Providing the consent terms over a phone call and obtaining confirmation through a follow-up call

• Any other method that reasonably confirms the legal guardian’s identity and intent to consent

5. Disclosure of Personal Information to Third Parties

(1) General Policy

The Company processes personal information only within the scope specified in Section 1 (Purpose of Processing Personal Information). Personal information is disclosed to third parties only with the data subject’s prior consent or when permitted under applicable laws, including Articles 17 and 18 of the Personal Information Protection Act of Korea.

(2) Emergency Situations

In accordance with the “Emergency Guidelines for the Handling and Protection of Personal Information” jointly issued by relevant Korean government agencies, the Company may provide personal information to related authorities without prior consent in urgent situations, including:

• Natural disasters

• Infectious disease outbreaks

• Events posing serious threats to life, health, or safety

• Property loss due to accidents or emergencies

6. Entrustment of Personal Information Processing

(1) Entrusted Service Providers

The Company entrusts certain tasks involving personal information to third-party service providers in order to facilitate service delivery:

• Cafe24 Corp.: Provides website hosting and system maintenance services

• CJ Logistics: Handles product shipping and delivery

• Toss Payments: Processes payments and electronic transactions

(2) Protection Measures

In accordance with Article 26 of the Personal Information Protection Act, the Company includes the following provisions in all entrustment agreements:

• Personal data may not be processed for purposes other than those entrusted

• Technical and administrative safeguards must be implemented

• Subcontracting of tasks is restricted

• The Company supervises the entrusted service provider to ensure compliance

• Liability for damages is clearly stated in case of a breach

(3) Updates to Entrustment

Any changes to the scope of entrusted services or to the service providers will be promptly disclosed through updates to this Privacy Policy.

7. Destruction of Personal Information

The Company promptly destroys personal information when it becomes unnecessary—such as after the retention period has expired or the intended purpose of processing has been fulfilled.

(1) Destruction Procedure

• If personal information must be retained under other laws despite the expiration of the retention period or fulfillment of processing purpose, it will be transferred to a separate database (DB) or stored in a separate location.

• Any personal information moved to a separate DB or location will not be used for any other purpose unless required by law.

(2) Destruction Methods

• Personal information in electronic form will be permanently deleted using technical methods that make recovery impossible.

• Printed documents containing personal information will be shredded or incinerated.

8. Rights and Responsibilities of Users and Legal Representatives

(1) User Rights

Users (data subjects) may exercise the following rights at any time regarding their personal information:

• Request to view, correct, delete, or suspend the processing of their personal information

(2) How to Exercise Rights

• To view or edit your personal information, log in and go to “Edit Profile” or “Account Settings.”

• To withdraw consent or delete your account, click “Delete Account” and follow the identity verification process.

• Alternatively, you may contact the Data Protection Officer by email, phone, or in writing, and we will respond without delay.

(3) Rights Exercised by Representatives

• Legal representatives or authorized agents may exercise rights on behalf of users. In this case, a power of attorney form (based on Korea’s official format No. 11 of the 2020-7 Privacy Guidelines) must be submitted.

(4) Limitations

• Requests to view or suspend personal information may be restricted in accordance with Articles 35(4) and 37(2) of the Personal Information Protection Act.

• Requests to correct or delete information may be denied if the data is required by law to be retained.

(5) Identity Verification

The Company will verify whether the requester is the actual user or an authorized representative when processing such requests.

9. Measures to Ensure the Security of Personal Information

The Company takes the following technical, administrative, and physical measures to ensure the security and protection of personal information:

(1) Administrative Measures

• Establishment and implementation of an internal management plan

• Operation of a dedicated team responsible for personal data protection

• Regular training for employees on privacy and data handling

(2) Technical Measures

• Management of access rights to personal information systems

• Implementation of access control systems

• Encryption of sensitive data

• Installation and regular updates of security software

(3) Physical Measures

• Restricted access to IT server rooms and document storage facilities

10. Use of Automated Collection Tools (Cookies)

To provide personalized services, the Company uses cookies—small data files stored on the user’s computer by the web server and retrieved as needed.

(1) Purpose of Cookies

Cookies are used to understand user behavior on the site, such as:

• Pages visited and usage patterns

• Popular search terms

• Whether secure connections are used

• This information helps optimize your browsing experience.

(2) Managing and Rejecting Cookies

You can manage or refuse cookies through your browser settings.

For example, you may go to:

Settings > Privacy > Cookies in your browser to block cookie storage.

Please note that disabling cookies may limit your ability to use certain personalized services on the website.

11. Data Protection Officer

The Company has designated the following individual as the Data Protection Officer (DPO), who is responsible for overseeing the handling of personal information, addressing user inquiries, and managing complaints and dispute resolution:

• Name: Minjae Huh

• Affiliation: Double D Co., Ltd.

• Phone: +82-10-9506-5606

• Email: hello@nupip.co.kr

You may contact the DPO at any time with questions or concerns related to your personal information. The Company will respond promptly and in good faith to all inquiries.

12. Remedies for Violation of Rights

If you believe your personal information has been compromised, you may seek assistance or dispute resolution through the following organizations in Korea:

• Personal Information Dispute Mediation Committee

• Phone: 1833-6972 | Website: https://www.privacy.go.kr

• Korea Internet & Security Agency (KISA) - Personal Information Infringement Center

• Phone: 118 | Website: https://privacy.kisa.or.kr

• Supreme Prosecutors' Office – Cyber Crime Division

• Phone: 1301 | Website: https://www.spo.go.kr

• Korean National Police Agency – Cyber Bureau

• Phone: 182 | Website: https://ecrm.cyber.go.kr

In addition, under Articles 35 (Access), 36 (Correction and Deletion), and 37 (Suspension of Processing) of the Personal Information Protection Act, if your rights are violated by the decision or inaction of a public agency, you may file an administrative appeal in accordance with the Administrative Appeals Act.

For more information on how to file an appeal, please visit the Central Administrative Appeals Commission: https://www.simpan.go.kr