Note: This is a translation for informational purposes. In the event of any discrepancy or legal dispute, the original Korean text shall prevail.
Privacy Policy
Goondori Co., Ltd. (hereinafter referred to as the "Company") establishes the following Privacy Policy to protect users' personal information and to promptly and smoothly handle grievances related thereto, in accordance with relevant laws and regulations such as the "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc." and the "Personal Information Protection Act" (hereinafter referred to as "Related Laws"). The Privacy Policy is disclosed so that users can easily view it at any time, and it may be changed according to amendments in relevant laws, guidelines, notices regarding personal information, or changes in Company policy.
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes. The personal information processed by the Company will not be used for purposes other than the following. If the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the 「Personal Information Protection Act」.
1.
Membership Registration and Management
Personal information is processed for the purpose of confirming intent to sign up for membership, identification/authentication for the provision of membership services, maintenance and management of membership eligibility, prevention of fraudulent use of services, various notices/notifications, and grievance handling.
2.
Provision of Goods or Services
Personal information is processed for the purpose of product delivery, service provision, sending contracts/invoices, content provision, customized recommendation service provision, identity verification, age verification, and fee payment/settlement.
3.
Service Improvement and Analysis
Personal information is processed for the purpose of analyzing service usage, demographic analysis, and service improvement.
2. Items of Personal Information Processed
The Company collects and uses the data subject's personal information based on the following legal grounds.
1. Personal Information Items Processed Without the Consent of the Data Subject
The Company processes the following personal information items without the consent of the data subject.
1.
Simple Login (Social Login)
•
Legal Basis: Article 15, Paragraph 1, Item 4 of the 「Personal Information Protection Act」 ('Execution and performance of a contract')
•
Items Collected/Used: Connection Information (CI) provided by Google or Apple, Email
2.
Order and Payment Processing
•
Legal Basis: Article 15, Paragraph 1, Item 4 of the 「Personal Information Protection Act」 ('Execution and performance of a contract')
•
Items Collected/Used: ID, Order History, Payment Information
3.
A/S Consultation for Sold Products
•
Legal Basis: Article 15, Paragraph 1, Item 4 of the 「Personal Information Protection Act」 ('Execution and performance of a contract')
•
Items Collected/Used: ID, Phone Number, Order History
2. Personal Information Items Processed With the Consent of the Data Subject
The Company processes the following personal information items with the consent of the data subject.
1.
Provision of Customized Benefit Receiving Service
•
Legal Basis: Article 15, Paragraph 1, Item 1 of the 「Personal Information Protection Act」 ('Consent')
•
Items Collected/Used: Date of Birth, Gender, Address, Phone Number
3. Processing and Retention Period of Personal Information
1.
The Company processes and retains personal information within the personal information retention/usage period stipulated by laws or the personal information retention/usage period agreed upon when collecting personal information from the data subject.
2.
Each personal information processing and retention period is as follows:
a.
Membership Registration and Management: Until membership withdrawal. However, in the following cases, until the end of the relevant reason:
i.
If an investigation or inquiry is underway due to violation of relevant laws, until the end of the relevant investigation or inquiry.
ii.
If claims or debt relations remain due to the use of the website, until the settlement of the relevant claims or debt relations.
iii.
If sanctions (e.g., permanent suspension) are applied according to company policies such as prevention of fraudulent use and service abuse, the minimum information necessary to maintain the sanction or prevent re-registration (e.g., email address, mobile phone number, device information) is retained until the end of the sanction or until the purpose of preventing fraudulent use is achieved.
b.
Provision of Goods or Services: Until the completion of the supply of goods/services and the completion of fee payment/settlement. However, in the following cases, until the end of the relevant period:
i.
Records on contract or withdrawal of subscription, etc.: 5 years (Article 6, Paragraph 1, Item 2 of the 「Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, etc.」)
ii.
Records on payment of price and supply of goods, etc.: 5 years (Article 6, Paragraph 1, Item 3 of the 「Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, etc.」)
iii.
Records on handling consumer complaints or disputes: 3 years (Article 6, Paragraph 1, Item 4 of the 「Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, etc.」)
iv.
Records on labeling/advertising: 6 months (Article 6, Paragraph 1, Item 1 of the 「Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, etc.」)
Content | Retention Period | Personal Information Items |
Records on contract or withdrawal of subscription, payment, supply of goods, etc. | 5 Years | Purchaser Information (Customer number, Name, Mobile phone number, Email address), Product purchase/cancellation/exchange/refund information, Recipient Information (Name, Address, Mobile phone number), Payment Information (Payment method, Payment amount, Date/Time of payment, Payment approval number), Invoice number |
Records on handling consumer complaints or disputes | 3 Years | Customer number, Name, Phone number, Email address, Consultation records (including consultation content, date/time, voice recording records), Results of complaint or dispute handling |
4. Procedures and Methods for Destruction of Personal Information
1.
The Company destroys personal information without delay when the personal information becomes unnecessary, such as upon the expiration of the retention period or achievement of the processing purpose.
2.
If personal information must be preserved pursuant to other laws even though the retention period agreed upon by the data subject has expired or the processing purpose has been achieved, the relevant personal information is moved to a separate database (DB) or stored in a different location.
•
Note: Items of personal information preserved pursuant to other laws and the basis for preservation can be confirmed in the section ‘3. Processing and Retention Period of Personal Information’.
3.
The procedures and methods for destroying personal information are as follows:
a.
Destruction Procedure
The Company selects the personal information for which a reason for destruction has occurred and destroys the personal information with the approval of the Chief Privacy Officer (CPO).
b.
Destruction Method
The Company destroys personal information recorded and stored in electronic file format so that the record cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding with a shredder or by incineration.
5. Outsourcing of Personal Information Processing
1.
To provide smooth and improved services, the Company outsources personal information processing tasks as follows:
Trustee (Subcontractor) | Outsourced Task |
Mungchine | Overall delivery agency processing when applying for Goondori parcel service |
1.
When concluding an outsourcing contract, the Company specifies in documents such as the contract matters regarding the prohibition of personal information processing other than for the purpose of performing the outsourced work, technical and administrative protection measures, restrictions on re-outsourcing, management and supervision of the trustee, and liability for damages in accordance with Article 26 of the 「Personal Information Protection Act」, and supervises whether the trustee processes personal information safely.
2.
In accordance with Article 26, Paragraph 6 of the 「Personal Information Protection Act」, if the trustee re-outsources the Company's personal information processing work, the consent of the Chief Privacy Officer is obtained, and the re-trustee and the content of the re-outsourced work are disclosed through this Privacy Policy.
3.
If the contents of the outsourced work or the trustee change, we will disclose it through this Privacy Policy without delay.
6. Measures to Ensure Safety of Personal Information
In processing users' personal information, the Company takes the following measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged.
1.
Administrative Measures: Minimization of personnel handling personal information, establishment and implementation of internal management plans.
2.
Technical Measures: Storage after encryption of personal information, restriction of access rights to personal information, storage of access logs.
7. Matters Concerning the Processing of Pseudonymized Information
The Company processes collected personal information into pseudonymized information so that specific individuals cannot be identified, for purposes such as statistical compilation, scientific research, and preservation of records in the public interest, in accordance with Article 28-2 of the 「Personal Information Protection Act」, and utilizes it as follows:
Classification | Purpose of Use | Items Used | Period of Use |
Scientific Research | Service improvement through recommendation algorithm development | User behavior data | Semi-permanent |
8. Matters Concerning Installation/Operation and Rejection of Automatic Personal Information Collection Devices
The Company does not collect users' cookies.
9. Rights and Obligations of Data Subjects and Legal Representatives and Method of Exercise
1.
The data subject and legal representative may request to view, correct, or delete registered personal information (hereinafter referred to as "Exercise of Rights") at any time.
2.
The exercise of rights may be made to the Company in writing, by phone, email, fax, etc., in accordance with Article 41, Paragraph 1 of the 「Enforcement Decree of the Personal Information Protection Act」, and the Company will take action without delay.
•
The data subject can directly view and modify personal information in the app's 'Settings' at any time.
•
The data subject can request refusal or explanation of automated decisions through inquiries at any time.
3.
The exercise of rights may be done through an agent, such as the legal representative of the data subject or a person who has been delegated. In this case, a power of attorney in accordance with the form of [Annex 11] of the "Notice on Personal Information Processing Methods" must be submitted.
4.
The rights of the data subject to request access to and suspension of processing of personal information may be restricted under Article 35, Paragraph 4, and Article 37, Paragraph 2 of the 「Personal Information Protection Act」.
5.
If the personal information is specified as a collection target in other laws, the deletion of such personal information cannot be requested.
6.
The Company confirms whether the person making the request for the exercise of rights is the person themselves or a legitimate agent.
7.
The data subject may exercise their rights to the department below. The Company will reply within 10 days (without delay in case of transmission request) from the date of receiving the request for the exercise of rights from the data subject.
Department for Receipt and Processing of Personal Information Rights Exercise Requests•
Department Name: Customer Support Team
•
Contact: support@goondori.com
10. Chief Privacy Officer
1.
The Company designates a Chief Privacy Officer and a responsible department as follows to be generally responsible for tasks related to personal information processing and to handle complaints and remedial compensation for data subjects related to personal information processing.
•
Chief Privacy Officer: Ji Jun-woo
•
Department Responsible for Privacy Protection: Customer Support Team
•
Contact: support@goondori.com
2.
Data subjects may inquire about all matters regarding personal information protection, complaint handling, damage relief, etc., that occurred while using the Company's service (or business) to the Chief Privacy Officer and the department responsible for privacy protection. The Company will answer and handle inquiries from data subjects without delay.
11. Duty of Notification
1.
This Privacy Policy may be changed due to necessity such as laws, government policies, or internal company policies. In the event of any addition, deletion, or modification of contents, notice will be given through the 'Notice' section of the website at least 7 days prior to the revision. However, if there is a significant change in user rights, notice will be given at least 30 days in advance.
2.
This Privacy Policy is effective from October 1, 2025. The previous Privacy Policy before the change can be confirmed through the version selection menu at the top of the page.
•
Announcement Date: September 23, 2025
•
Effective Date: October 1, 2025