According to the legislation of the Republic of Korea, this Policy defines the regulations of Nayuta Korea (hereinafter referred to as the Company) as to the processing of personal data and information about the progressed requirements for the personal data safety by the Company. This Policy applies towards all personal data posted through the Website that the Company receives or may receive from the User. This Policy is an integral part of the Company’s internal document defining the Company’s general policy as to the processing of personal data and disclosing general information about the progressed requirements for the personal data safety by the Company.
1. GENERAL REGULATIONS
1.1. The following terms and definitions have the following values for the purposes of this Policy:
“Personal data”is any information related to an individual (subject of personal data) identified or determined according to such information, including his last name, first name, patronymic, year, month, date and place of birth, address, e-mail, telephone number, family, social and property status, education, profession, income, and other information. For the purposes of this Policy, personal data is comprehended as information that the User provides about himself when using the Website, as well as information that is automatically transmitted to the Company during the use of the Website using the software set up on the User’s device, including IP address, cookie data, information about the User’s browser, equipment specifications and software used by the User, date and time of access to the Website, addresses of the Website requested pages and other similar information. Besides, personal data for the purposes of this Policy also includes information about the User, the processing of which is provided for in the User Agreement managing the use of the Website. So, the personal data is referred to as confidential information according to the current and applicable legislation of the Republic of Korea.
“Company”– Nayuta Korea (business number 368-87-01207, address: 3 floor, DAPLAZA, 928, Aenggogae-ro, Namdong-gu, Incheon, Republic of Korea, tel.: (82) 7087495000, FAX: (82) 7076206755) performs the processing of personal data, as well as determines the purposes of processing personal data, scope of personal data to be processed, actions (operations) performed with personal data.
“User”– any individual or legal entity agreed to the terms and conditions set out in the User Agreement by performing the specific actions referred to in it, aimed at using the Website.
“Website”is a software package posted on the Internet at the following address: www.nayutamall.com and its subdomains which is like an Internet platform for posting Company information. The Website includes, but is not restricted to a set of information, texts, graphic elements, design, images, photos and videos, and other results of intellectual activity, as well as computer programs contained in an information system guaranteeing the availability of such information on the Internet at the above address.
“User Agreement”is an agreement between the User (Customer) and the Company managing the use of the Website. This document is a civil contract concluded between the User and the Company at the time of the beginning of the use of the Website, unless otherwise specified in the Agreement itself.
“Information system of personal data”, ”Information system”is a set of personal data of the User contained in databases belonging to the Company and guaranteeing its processing by information technologies and technical means. The Information system of personal data is an integral part of the information system managing and supporting the Site.
“User”is any individual (subject of personal data) who can provide the Company with his personal data or receive personal data of other Users during the use of the Website.
“Processing of personal data”is actions (operations) with personal data, including collection, recording, arrangement, accumulation, storage, refinement (updating, modification), extraction, use, connection (disclosure, provision, access), depersonalization, blocking, deletion, and destruction.
“Automated processing of personal data”is the processing of personal data using computer technology.
“Non-automated processing of personal data”, “Processing of personal data without the use of automation tools”is the processing of personal data contained in the information system of personal data or extracted from such a system when such actions with personal data as the use, refinement, disclosure, destruction of personal data as to each of the subjects of personal data are carried out with the direct participation of a person.
“Personal data disclosure”is an action aimed at the personal data connection to a particular group of persons (personal data connection) or at the disclosure of personal data to an indefinite group of persons.
“Making available personal data”is an action aimed at personal data connection to a particular person or a particular group of persons.
“Blocking of personal data”is a suspension of the personal data processing (except in cases when the processing is necessary to refine the personal data).
“Destruction of personal data”is an action whereby it is impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the material media bearing the personal data are destroyed.
“Depersonalization of personal data”is an action whereby it is impossible to determine the identity of personal data to a specific subject without the use of additional information.
“Use of personal data”– actions (operations) with personal data committed for the purpose of making decisions, making transactions or other actions having legal implications for the subjects of personal data or otherwise affecting their rights and freedom or the rights and freedom of other persons.
“Publicly available personal data”means personal data to which access by general public is granted with the consent of the subject or, is not subject to the requirement of confidentiality in accordance with the legislation.
“Confidentiality of personal data”is a mandatory requirement for a person who has received access to personal data to prevent their disclosure without the consent of the subject or other legal cause.
“Cookie”, “cookie” files is a small piece of data sent by the Site webserver and stored on the User’s device. “Cookie” files contain small pieces of text and are used to store information about the operation of browsers. They allow you to store and receive identification information and other information on computers, smartphones, phones and other devices.Other technologies are used for the same purpose, including data stored by browsers or devices, device-related identifiers, and other software. All of these technologies are referred to as “cookie” files in this Policy.
“IP-address”is a number from the numbering resource of the data connection network based on the IP protocol (RFC 791), which uniquely determines the subscriber terminal (computer, smartphone, tablet, other device) or communications that are part of the information system and belong to the User when providing telematics communication services, including Internet access.
Terms and definitions used in this Policy, can be used as singular or plural depending on the context, the spelling of terms can be used with both uppercase letter and lowercase one.
1.2. This Policy has been developed in accordance with the legislation of the Republic of Korea and defines the procedure and conditions for the processing of personal data by the Company, including the procedure for the personal data connection to third parties, the specifics of non-automated processing of personal data, the procedure for access to personal data, the personal data safety system, the procedure for organizing internal control and liability for violations in the processing of personal data, as well as other issues.
1.4. The Company has the right to amend this Policy without the User’s consent.
1.5. This Policy applies to all processes for the personal data processing performed using the Website without the use of automation tools. The Company does not control and is not liable for websites owned by third parties to which the User can click on links posted on the Site.
2. PURPOSES OF PERSONAL DATA COLLECTION
2.1. The Company processes only those personal data that are necessary for the use of the Website or the performance of Agreements and Contracts with the User, except in cases of where the legislation of the Republic of Korea provides for the mandatory storage of personal information for a period specified by law.
2.2. When processing personal data, the Company does not integrate databases containing personal data, the processing of which is carried out for inconsistent purposes.
2.3. The Company processes the User’s personal data for the following purposes:
2.3.1. Display in the statistical information posted by the User, messages, requests for the purchase of goods and services, other information identifying the User and contact information for communication with interested parties;
2.3.2. Identification of the User when using the Website, registering the User on the Website, signing up for an account, as well as when entering into Agreements, Contracts, making transactions and other actions using the Website in the relationship between the User and the Company;
2.3.3. Providing the User with personalized information when using the Website, including in the form of news, information about new services offered by the Company with the appropriate consent of the User;
2.3.4. Communication with the User, including through sending notifications, requests and information related to the use of the Website, the performance of Agreements, Contracts, transactions with the Company, as well as processing requests from the User;
2.3.5. Identification of the User’s location to guarantee safety, prevent account fraud, and provide the User with information services appropriate to their location;
2.3.6. Validation and integrity of the personal data provided by the User;
2.3.7. Improving the quality of the Website, the convenience level of its use, improving the Website, developing new services and offers for the User;
2.3.8. Performing statistical and other research on the use of the Website based on depersonalized data;
2.3.9. The compliance with the mandatory requirements of the legislation of the Republic of Korea.
3. LEGAL CAUSES OF PERSONAL DATA PROCESSING
3.1. The Company processes the User’s personal data in accordance with the current and applicable legislation of the Republic of Korea.
3.2. The processing of the User’s personal data is performed based on and in compliance with the User Agreement managing the use of the Website and other Contracts signed between the User and the Company using the Website.
3.3. The processing of the User’s personal data is also performed based on his consent to such processing, expressed directly when using the Website by clicking on the appropriate button or by marking the indicator of the appropriate check-box. The term of such consent of the User is specified in its text.
4. SCOPE AND CATEGORIES OF PERSONAL DATA PROCESSED, CATEGORIES OF PERSONAL DATA SUBJECTS
4.1. The personal data allowed to be processed in accordance with this Policy and provided by Users by filling in the appropriate input boxes when using the Website may include the following information:
4.1.1. Last name, first name and patronymic;
4.1.3. Mobile number;
4.1.5. Post address;
4.1.6. Information about the represented legal entity;
4.1.7. Information about the bank card (number, expiration date, first and last name of the cardholder), e-wallet;
4.1.8. Bank account details.
4.2. The personal data allowed to be processed in accordance with this Policy and automatically connected to the Company during the use of the Website using the software set up on the User’s device may include the following information:
4.2.1. IP-address of the User’s device;
4.2.2. “Cookie” files data;
4.2.3. Information about the User's browser;
4.2.4. Technical specifications of the device and software used by the User;
4.2.5.Date and time of access to the Website;
4.2.6. The addresses of the requested Website pages;
4.2.7. Geographic coordinates of the User’s location.
4.3. According to this Policy, the Company processes personal data of the User belonging to the following categories of personal data subjects:
4.3.1. Individuals and legal entities using the Site without registration in accordance with the User Agreement;
4.3.2. Individuals and legal entities using the Website with registration in accordance with the User Agreement.
5. TERMS AND PROCEDURES FOR THE PERSONAL DATA PROCESSING
5.1. The Company processes the User’s personal data without notifying the authorized agency to safe the rights of personal data subjects.
5.2. The Company processes the User’s personal data using the information system of personal data without the use of automation tools in accordance with the current and applicable legislation or other regulatory legal acts of the Republic of Korea, which sets requirements for guaranteeing the personal data safety during their processing and for observing the rights of personal data subjects. Such actions with personal data, such as the use, refinement, disclosure, destruction of personal data as to the User, are performed with the direct participation of the Company’s employees in accordance with the specifics of the applicable legislation.
5.3. The Company processes and stores the User’s personal data for a period determined in accordance with the User Agreement of the Website.
5.4. As to the User’s personal data, its confidentiality is stored, except in cases of voluntary provision by the User of information about himself for general public accsess. When using the Website, the User agrees that a particular part of his personal data may become public.
5.5. The Company has the right to share the User’s personal data with third parties in the following cases:
5.5.1. There is the User’s consent to such actions expressed in accordance with the User Agreement of the Website;
5.5.2. The connection is necessary for the User to use a certain functionality of the Website (for example, for authorization through social media accounts) or for the performance of a particular Agreement, Contract or transaction with the User;
5.5.3. The connection is provided for by the law of the Republic of Korea or other applicable legislation for the purposes of the procedure prescribed by legislation;
5.5.4. If the rights to the Website are transferred, the personal data must be connected to the Customer at the same time as all obligations to comply with the terms of this Policy in relation to the personal data received by the Customer are transferred;
5.5.5. If it is necessary to defense the rights and legit interests of the Сompany or third parties, when the User violates this Policy or the User Agreement of the Website;
5.5.6. In other cases provided for by legislation.
5.6.The Company informs the User about this fact in case of loss or unauthorized disclosure of personal data.
5.7. The Company takes the necessary organizational and technical efforts to safe the User’s personal data from unauthorized or accidental access, destruction, modification, blocking, copying, disclosure, as well as from other illegal actions of third parties.
5.8. The Company, together with the User, takes all necessary efforts to prevent losses or other negative effects caused by the loss or unauthorized disclosure of the User’s personal data.
5.9. The Operator has the right to transfer personal data to the agencies of inquiry and investigation, other authorized agencies on the causes provided for by the current legislation of the Republic of Korea.
5.10.When collecting personal data, the Company records, systematizes, accumulates, stores, refines (updates, changes), extracts User’s personal data that are citizens of the Russian Federation, using databases located on the territory of the Russian Federation.
5.11. The Company terminates the processing of the User’s personal data, the processing of which is performed with their consent, when the User’s consent to their processing expires or when the User’s consent to the processing of his personal data is overturned, as well as in case of determining the illegal processing of personal data or liquidation of the Company.
6. PROCEDURE FOR COLLECTING PERSONAL DATA USING “COOKIE” FILES AND COUNTERS
6.1. The “cookie” files connected from the Company to the User’s device and from the User to the Company may be used by the Company to achieve the purposes of processing personal data in accordance with this Policy.
6.2. The User agrees that his devices and software used to work with the Website may have the function of forbidding operations with “cookie” files for both any and certain sites and applications, as well as the function of deleting previously received “cookie” files (for example, private browser mode).
6.3. The Company has the right to set a requirement for the User’s device about the mandatory authorization of accepting and receiving “cookie” files.
6.4. The structure of the “cookie” file, its content and technical parameters are determined by the Company and may change without prior notice to the User.
6.5. The counters posted on the Website by the Company can be used by the Company to analyze “cookie” files and collect personal data about the use of the Website in order to improve the quality of the Website, the convenience level of their use, and improve the Website. The technical parameters of the counters are defined by the Company and may change without prior notice to the User.
7. ACCESS TO PERSONAL DATA
7.1. Only employees of the Company who are authorized to work with the User’s personal data by virtue of their official duties on the basis of the corporates authorized to work with personal data, which is approved by the Company, have the right to access the User’s personal data.
7.2. The list of employees who have received access to personal data is supported by the Company in an up-to-date form.
7.3. The access to the User’s personal data by third parties who are not employees of the Company without the User’s consent is forbidden, except in cases of the legislation of the Republic of Korea.
7.4. The access of the Company’s employee to the User’s personal data is terminated from the date of the employment termination or from the date of the employee’s loss of the access to the User’s personal data owing to a change in job duties, position or other circumstances in accordance with the Policy in the Company. In case of the employment termination, all storage media with the User’s personal data, which were at the disposal of the dismissed employee of the Company, are transferred to a higher-ranking employee in accordance with the procedure established by the Company.
8. UPDATING, RECTIFICATION, DELETION AND DESTRUCTION OF PERSONAL DATA
8.1. The User can change, update, top up or delete the personal data provided to them or part of it at any time using the website interface.
8.2. If the Company independently identifies the fact of incomplete or incorrect personal data of the User, the Company takes all possible efforts to update the personal data and make appropriate corrections.
8.3. If it is impossible to update incomplete or incorrect personal data of the User, the Company takes efforts to delete them.
8.4. If the illegality of the User’s personal data processing is identified, its processing is terminated by the Company, and the personal data is subject to deletion.
8.5. If the Website interface is not functional or the Website is not functional enough to change, update, top up or delete personal data by the User, as well as in any other cases, the User has the right to request in writing from the Company to refine his personal data, block or destroy them if the personal data is incomplete, outdated, incorrect, illegally received or not necessary for the indicated purpose of processing.
8.6. The Company makes the necessary changes to the personal data that is incomplete, incorrect or irrelevant within a period not more than seven working days from the date of providing the User with information confirming that the personal data is incomplete, incorrect or irrelevant.
8.7. The Company destroys the User’s personal data illegally received or not necessary for the declared purpose of processing within a period not more than seven working days from the date of submission by the User of information confirming that such personal data is illegally received or not necessary for the declared purpose of processing.
8.8. The Company informs the User about the changes made and the efforts taken and takes reasonable efforts to notify the third parties to whom the personal data of this User has been transferred.
8.9. The User’s rights to change, update, top up or delete personal data may be restricted in accordance with the requirements of the legislation. In particular, such restrictions may provide for the Company’s responsibility to store the personal data changed, updated, topped up or deleted by the User for a period defined by the legislation and to transfer such personal data in accordance with the established procedure to the state authorities.
9. RESPONSES TO USER REQUESTS FOR ACCESS TO PERSONAL DATA
9.1. The User has the right to receive information from the Company relating to the processing of their personal data, including information containing:
9.1.1. Confirmation of the personal data processing by the Company;
9.1.2. Legal causes and purposes of personal data processing;
9.1.3. Purposes and methods of personal data processing used by the Company;
9.1.4. The Company name and its address, information about persons (except for employees of the Company) who have access to personal data or to whom personal data may be disclosed based on a Contract with the Company or upon the relevant law;
9.1.5. The processed personal data relating to the appropriate User, the source of its receipt, unless a different procedure for the submission of such data is provided for by the relevant law;
9.1.6. The terms of personal data processing, including the terms of its storage;
9.1.7. The procedure for the User to apply the rights provided for by the applicable legislation of the Republic of Korea on the personal data safety;
9.1.8. Information about the earned or intended cross-border data transmission;
9.1.9. Name or last name, first name, patronymic and address of the person who processes personal data on behalf of the Company, if the processing is or will be assigned to such a person;
9.1.10. Other information provided by the applicable legislation of the Republic of Korea.
9.2. The Company donates the opportunity to get informed about the personal data processed and stored in the Company’s information system at the User’s request or within thirty days from the date when the User receives a written request.
9.3. If the Company rejects to provide information about the availability of personal data about the User or personal data to the User when he addresses or receives the request, the Company provides a substantiated response in writing, which is the basis for such refusal, within a period not exceeding thirty days from the date when the User addresses or from the date of his request receipt.
10. INFORMATION ABOUT THE REQUIREMENTS IN PROGRESS FOR THE PERSONAL DATA SAFETY
10.1. The personal data safety during its processing in the information system is provided by the personal data safety system, which neutralizes the actual risks identified in accordance with the requirements of the applicable legislation of the Republic of Korea.
10.2. The personal data safety system used by the Company includes legal, organizational, technical and other efforts to guarantee the personal data safety, which are determined including the actual risks to the personal data safety and the information technologies used in the information systems.
10.3.If the User is registered on the Website, a combination of the User’s login and password is used for authorization in the account, the User is responsible for his privacy. In order to safe the confidentiality of the User’s personal data, the Company may use the system of linking the account to the mobile number used for the purpose of restoring access to the account in situations where the User has lost his login or password. In this case, the User is responsible for the validity of the mobile number assigned to the Company.
10.4. For the purpose of personal data as to which the User's consent to its processing by third parties has been granted, the Company has the right to involve another person on the terms and subject to the conditions of the Contract, who guarantees the personal data safety during its processing in the information system.
10.5. When processing personal data in the Company’s information system, it provides:
10.5.1. Taking measures aimed at preventing unauthorized access to the User’s personal data and / or transferring them to persons who do not have the right to access such information;
10.5.2. Detection of unauthorized access to personal data in a timely manner;
10.5.3. Avoiding the impact on the technical means involved in the processing of personal data, as a result of which their functioning may be offended;
10.5.4. The functionality of immediate personal data restoration, modified or destroyed as a result of unauthorized access to them;
10.5.5. Regular monitoring to guarantee the personal data safety level.
10.6. The Company uses technical means and software for the processing and safety of personal data, as well as maintains a log of personal data safety tools.
10.7. The Company maintains a log of register and storage of removable media containing personal data.
10.8. The technical means guaranteeing the functioning of the personal data information system are placed in the Company.
10.9. All employees working with personal data, as well as related to the operation and maintenance of the personal data information system, are informed about the requirements of this Policy, as well as the Company’s internal documents regulating the procedure for working with personal data.
10.10. The Company has organized a process of training the employees on the use of personal data safety tools operated by the Company. The training is provided to employees who have constant access to personal data, and employees related to the operation and maintenance of the personal data information system and personal data safety tools.
10.11. According to the Company’s internal documents, the employees are obliged to immediately inform the relevant official of the Company about the loss, damage or shortage of information medium containing personal data, as well as about attempts of unauthorized disclosure of personal data, its causes and conditions.
11. PERSONAL DATA PROCESSING CONSENT
11.1. The User resolves on providing his personal data and consents to their processing freely, at his own will and in his own interest.
11.2. The personal data processing consent provided by the User is specific, informed and deliberate.
11.3. The personal data processing consent is provided by the User in the electronic document form signed with a simple electronic signature (login and password) in accordance with the User Agreement managing the use of the Website.
11.4. The personal data processing consent may be revoked by the User in accordance with the procedure established by legislation.
12. THE FINAL PROVISIONS
12.1. The first use of the Website by the User means that the User agrees to the terms of this Policy. If the User does not agree with the terms of this Policy, the use of the Website must be immediately terminated.
12.2. The law of the Republic of Korea applies to this Policy and to the relations between the User and the Operator arising in connection with the application of this Policy.
12.3. This Policy is always public domain on the Company’s Website at the following link: ………………….
12.4. The User has the right to send all suggestions or questions about this Policy to the Company’s User support service using the form for sending electronic messages posted on the Company’s Website at: ……………………..