Chapter 1 General principles
1. personal information means information about a living individual that allows the individual to be identified, such as by the name contained in the information (including information that can be readily combined with other information to identify a specific individual, even if the information alone does not allow the individual to be identified).
2. The Company will inform you of the purpose and method of using the personal information you provide through the personal information handling (processing) policy and what measures are being taken to protect your personal information.
3. the Company has established procedures necessary to revise the Personal Information Handling (Processing) Policy in order to continuously improve the Personal Information Handling (Processing) Policy. In addition, when we revise the Privacy Policy, we assign a version number so that members can easily recognize the revisions.

Chapter 2 What personal information we collect and how we collect it
1. We collect personal information through the following methods to provide members with identification, point accumulation and payment services, and various convenient services.
– Collected information: Name, date of birth, gender, login ID, password, password question and answer, home phone number, home address, mobile phone number, email, service usage history, access logs, access IP information, payment history
– Personal information collection method: Homepage (membership registration), written form
2. what we do if you enter false information
– Members are responsible for ensuring the accuracy and legality of their information. If you violate this and enter false information in various ways, such as stealing other people’s information, we may report you to the relevant laws and regulations, and you may be forced to withdraw from the service.
3. members are solely responsible for any losses or problems caused by personal information they voluntarily disclose, and are aware that personal information posted in public spaces may be collected and used by others without authorization, which may result in unwanted harm.

Chapter 3 Purpose of Collection and Use of Personal Information
We use the personal information we collect for the following purposes
– To fulfill the contract for the provision of the Service and to settle charges for the provision of the Service Provide content, make purchases and payments, deliver goods or send invoices, etc.
– Manage members
– Verification of identity, personal identification, age verification, confirmation of legal representative’s consent when collecting personal information of children under 14 years of age, and delivery of notices when using membership service
– Use for marketing and advertising, development and specialization of new services (products), delivery of advertising information such as events, and provision of services and publication of advertisements based on demographic characteristics
– Understanding the frequency of access or statistics about a member’s use of the Service

Chapter 4 Providing and Sharing Personal Information
As a general rule, we do not provide your personal information to outside parties. However, the following exceptions apply
– When users have given their prior consent, in accordance with the provisions of laws and regulations, or when required by law enforcement agencies in accordance with the procedures and methods prescribed by laws and regulations for the purpose of investigation.

Chapter 5 Outsourcing the processing of personal information collected
The Company consigns personal information as follows to provide and improve services, and stipulates the necessary matters to ensure that personal information is safely managed in consignment contracts in accordance with relevant laws and regulations.
The details of Hwasa’s personal information trustee and consignment are as follows.
───────────────────────────────────
Custodians: What they do
───────────────────────────────────
CU Convenience Store Home Delivery: Product Delivery
───────────────────────────────────
CJ Logistics : Product Delivery
───────────────────────────────────
KG Innisys: Payment, purchase safety service, etc.
───────────────────────────────────

Chapter 6 Procedures and methods for destroying personal information
In principle, the Company destroys the information without delay after the purpose of collecting and using personal information is fulfilled.
The destruction process and methods are as follows
– Destruction Procedures
The information you enter for membership, etc. is transferred to a separate DB (separate filing cabinet in case of paper) after the purpose is fulfilled and stored for a certain period of time (see Retention and Usage Period) in accordance with the internal policy and other relevant laws and regulations, and then destroyed.
Personal information moved to a separate DB will not be used for any purpose other than that for which it was retained, unless required by law.

Chapter 7 Rights of Users and Their Legal Representatives and How to Exercise Them
Users and their legal representatives may view or modify their personal information or that of their children under the age of 14 at any time, and may request termination of their registration.
To view or modify personal information of users or children under the age of 14, you can click “Change Personal Information” (or “Modify Member Information”), and to cancel membership (withdraw consent), you can click “Withdraw Membership” to view, modify, or withdraw directly after going through the identity verification procedure. Alternatively, you can contact our Privacy Officer in writing, by phone or email, and we will act without delay.
If you request that we correct an error in your personal information, we will not use or provide that personal information until we have completed the correction.
In addition, if incorrect personal information has already been provided to a third party, we will notify the third party of the results of the correction process without delay so that the correction can be made.
‘RKRN’ handles personal information that has been terminated or deleted at the request of the user or legal representative as specified in the “Retention and Use Period of Personal Information Collected by ‘RKRN'” and does not allow the user to view or use it for any other purpose.

Chapter 8 Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
We use “cookies” and other technologies that store and retrieve information about you from time to time.
A cookie is a very small text file that is sent to your browser by the server used to operate the ‘RKRN’ website and is stored on your computer’s hard disk. The Company uses cookies for the following purposes
Purpose of using cookies, etc.
Provide targeted marketing and personalization, such as knowing how many visits you’ve made.
You have a choice about the installation of cookies. Accordingly, you can accept all cookies, confirm each time a cookie is stored, or refuse to store all cookies by setting options in your web browser.
* Installing and rejecting cookies
You have a choice about the installation of cookies. Therefore, you can set options in your web browser to accept all cookies, confirm each time a cookie is stored, or refuse to store all cookies.
However, if you refuse to store cookies, you may have difficulty using some services that require you to log in.
How to specify whether to allow cookies to be installed (for Internet Explorer)
(1) Select [Internet Options] from the [Tools] menu
(2) Click [Privacy
(3) Click [Advanced
(4) Select whether to accept cookies
* How to specify whether to allow cookies to be installed (for Safari)
(1) Select [Safari] ->[Preferences] in the top left menu bar of MacOS
(2) In the [Preferences] window, go to [Security] and select whether or not to accept cookies

Chapter 9 Privacy complaint services
In order to protect your personal information and handle complaints related to personal information, the Company has designated the relevant personal information manager as follows.
Tel: 02-3280-7348
Email: hello@rkrn.kr
Name of Personal Information Manager : Minsoo Park

You may report any complaints related to personal information protection arising from the use of the Company’s services to the person in charge of personal information management or the department in charge.
We will provide you with a prompt and complete response to your report.
If you need to report or consult about other privacy violations, please contact the following organizations.
1.Individual Dispute Resolution Board (www.1336.or.kr/1336)
2.Information Security Mark Certification Council (www.eprivacy.or.kr/02-580-0533~4)
3.Supreme Prosecutors’ Office Internet Crime Investigation Center (http://icic.sppo.go.kr/02-3480-3600)
4.National Police Agency Cyber Terrorism Response Center (www.ctrc.go.kr/02-392-0330)

Chapter 10 Technical and institutional controls to protect privacy
1. technical measures
In handling members’ personal information, the Company takes the following technical measures to ensure the reliability of personal information so that it is not lost, stolen, leaked, altered or damaged.
A. Members’ personal information is protected by a password, and sensitive data is protected by separate security features, such as encrypting files and transmitted data or using file locks.
I. We take steps to protect ourselves from being harmed by computer viruses by using antivirus programs. Antivirus programs are updated regularly, and in the event of a sudden virus outbreak, we provide vaccines as soon as they become available to protect your privacy.
c. We use a security device (SSL or SET) that uses cryptographic algorithms to securely transmit personal information over the network.
l. To prevent external intrusions such as hacking, we use intrusion prevention systems and vulnerability analysis systems for each server to ensure security.
2. administrative measures
We limit access to your personal information to a minimum number of people, which may include
Those who conduct marketing directly to you
Persons who perform personal information management duties, such as the personal information manager and person in charge
Others who are required to handle personal information for their business
We provide regular in-house and outsourced training to our employees who handle personal information on acquiring new security skills and our obligations to protect personal information.
We have internal procedures in place to prevent information leakage by people through the security pledge of personal information handlers when they join the company, and to monitor the implementation of the personal information protection policy and compliance by employees.
We have a secure and thorough handover process for personal information handlers, and we clarify responsibilities for personal information incidents upon joining and leaving the organization.
We do not mix personal and general data and keep them separate.

Chapter 11 Sending Advertising Information
We will not send you for-profit commercial communications against your express opt-out.
When the Company transmits advertising information for online marketing, such as product information, by e-mail, etc. in accordance with the provisions of the Information and Communication Network Act, the Company takes measures to ensure that members can easily recognize the following items in the subject line and body line.
A. Subject line: Displays the phrase (ad) in the subject line.
I. Body field: Specify the name of the sender, email address, phone number, and address where the user can easily indicate their opt-out, including how the user can opt-out.
Displays “(Adult Ads)” when sending information that is harmful to young people, such as
A. If any of the following are represented in the body of an email in the form of symbols, text, images, or sound (including by technical means that make it easy for the recipient to determine the content of the email even if it is not directly represented in the body of the email), the email includes
In the subject line of that email, display the phrase “(Adult Ad)”.
– Sexually explicit or pornographic material that appeals to the sexual desires of youth (defined as anyone under the age of 19), including
Things that can cause predatory or criminal impulses in youth
Stimulating or glorifying any form of violence, including sexual assault, and substance abuse
Determined and notified as harmful media for juveniles under the Youth Protection Act
I. In the body of a commercial e-mail for commercial purposes, if the e-mail announces an Internet homepage that contains content falling under each of the items in paragraph 4, display the phrase “(adult advertising)” in the subject line of the e-mail.

Chapter 12 Duty to notify
The current Privacy Policy was revised on August 9, 2021, and any additions, deletions, or modifications to the contents due to changes in government policy or security technology will be notified on the homepage at least 7 days prior to the revision.