Cafe24 Privacy Policy

General Provisions

Cafe24 Corp. (the "Company") places special importance on the protection of members' personal information and shall comply with the privacy protection provisions of relevant laws.
The Company has established this personal information protection policy (the "Personal Information Protection Policy") in order to protect the personal information of its members (the "Member(s)"), and such policy is posted on the homepage to ensure the Members are aware the personal information provided to the Company is used for the prescribed purposes and the precautionary measures taken by the Company.
The Company's Personal Information Protection Policy includes the following:

1. 1. Categories of personal information collected and methods of collection
2. 2. Purpose of collecting and use of personal information
3. 3. Period of retention and use of personal information
4. 4. Sharing and providing of personal Information
5. 5. Method and procedure of destruction of personal information
6. 6. Rights of the Members and method of exercise
7. 7. Matters related to children
8. 8. Matters concerning the installation/operation of automatic collection of personal information and details regarding refusal of such collection
9. 9. Cross-border data transfer
10. 10. Technical/administrative measures related to personal information protection
11. 11. Questions and comments
12. 12. Duty to inform

1. Categories of personal information collected and methods of collection

The Company collects personal information related to its services in various methods.

1. (1) Categories of personal information collected
   1. ① The Company collects the following personal information for account registration, service application, and customer consultation. Note that the Company also allows users to register a Cafe24 account by linking an account they created for a social networking platform (e.g., Facebook, Google, etc.). In this case, the Company will request that such users consent to the collection of the email address used for the relevant social media account. While other service providers might announce that additional information is collected when linking a social media account, such as the user's public profile, the Company does not collect such additional information.
      1. a. When joining as the Member

         ID, Password, Country Code, Mobile Phone, E-mail

      2. b. When applying for specific services

         Company-related information (company name, representative’s name and gender, business address / phone number / fax number / email address, homepage address, shopping mall name, shopping mall URL, business type and business item), manager-related information (manager name, date of birth, gender, address, Email address, phone number, fax number, mobile number)

   2. ② The following information may be generated and collected in the process of using the service or conducting the business.

      Service usage record, access log, cookies, access IP information, payment record, usage discontinue record, a record of misuse

2. (2) Personal information collection method
   The Company collects personal information in the following methods:
   • - The Members’ joining through the website and written form
   • - Customer consultation and service use management through telephone, fax, and consultation board
   • - Event (Giveaway) application, delivery request
   • - Offer from affiliates
   • - Collection through information collection tool

2. Purpose of collecting and use of personal information

The Company uses the collected personal information for the following purposes:

1. (1) Management of the Members

   Identity verification, personal identification, prevention of unauthorized use, confirmation of subscription, restriction on the number of subscriptions, record keeping for dispute settlement, and complaint handling, etc.

2. (2) Enforcement of service contract provisions and settlement of charges for service provision

   Providing services and content, shipping goods or invoices, verifying identity, purchasing and paying bills, collecting fees.

3. (3) New service development, marketing, and advertising

   Development and specialization of new services (products), provision and advertisement of services according to demographic characteristics, identification of access frequency, statistics on the Members' service use, and delivery of advertising information such as events.

3. Period of retention and use of personal information

As a standard practice, information collected are destroyed without delay after the personal information is used for its purpose. However, the following information shall be retained for the period specified for the reasons detailed below:

1. (1) Reasons for information retention under the Company's internal policy

   Even if the Members withdraw its membership, the Company shall keep the Members’ information for the following reasons for its reliable provision of services and to prevent the fraudulent use of the services.

   1. ① Record of fraudulent/misuse (including personal information of the persons misusing the information)
      • - Reason for retention: Prevention of fraudulent and misuse of the service and prevention of rejoining of fraudulent/misused member.
      • - Retention period: 1 year.
   2. ② Reasons for retention of information pursuant to relevant laws

      If it is necessary to preserve/retain according to the relevant laws and regulations, the Company shall keep the Members’ information for a certain period of time.

4. Sharing and providing of personal Information

The Company shall use the personal information of the Members within the scope set for the purpose of collection and use, and will not use or exceed the scope or share / provide the personal information outside the scope. Howeve, the following cases are considered exceptions:

1. (1) If the Member agrees in advance to provide or share with a third party
2. (2) When there is a request from an investigative agency pursuant to the provisions of the law or for the purpose of investigation, in accordance with the procedures and methods prescribed by the law, such as the Personal Information Protection Act
3. (3) When cooperation with the Company's subsidiaries and other trusted partners is required to facilitate the service, including customer service and handling of complaints

5. Method and procedure of destruction of personal information

The Company shall destroy the information without delay after the information is used for the purpose of collection.
Destruction procedures and methods are as follows:

1. (1) Destruction and separate storage procedures
   1. ① The information entered by the Members for joining the membership is transferred to a separate DB (database) or section (a separate storage space within the database) and is achieved and stored separately (in case of paper, a separate cabinet). The information is retained and destroyed after a certain period of time depending on the reason for the information retention (see retention and usage period) according to internal policy and other related laws.
   2. ② Personal information transferred to a separate DB or section will not be used for any purpose other than the reason for retention, unless required by the law.
2. (2) Destruction method
   1. ① Personal information printed on paper is destroyed by shredding or incineration.
   2. ② Personal information stored in the form of an electronic file is deleted using a method that cannot reproduce the record.
3. (3) Destruction of personal information of Members not in use

   If there is no service access and login history for more than 180 days, the account may be disabled. Data such as the Member’s information of the user account, usage record of additional services, the Member information of the shopping mall, etc. will be kept separately, and the stored data will be deleted after a certain period of storage according to the internal policy and other related laws.

6. Rights of the Members and method of exercise

1. (1) The Member may view or modify his / her registered personal information at any time and may request to cancel (withdrawal of consent) his / her subscription.
2. (2) To view and modify the Member's personal information, the Member may click "Modify the Member Information" or click "Withdraw membership" (to withdraw the consent), and go through the verification process and directly read, correct or withdraw. The Member may also contact the Company in writing, by phone, email, or on the bulletin board, and the Company will take action without delay.
3. (3) If the Member requests correction of an error on personal information, the personal information will not be used or provided until the correction is made. In addition, if incorrect personal information has already been provided to a third party, the Company will promptly notify the third party of the result of the correction.

7. Matters related to children

1. (1) The Company does not provide the use of the services or the platform to a minor (the definition of a minor may vary under the laws of each country).
2. (2) The Company shall not intentionally collect or store personal information of minors on the platform or other services.
3. (3) The Member confirms and warrants that you are not a minor and understand and agree to the terms of this privacy policy. A minor may only use the platform with the consent of one’s legal representative.

8. Matters concerning the installation/operation of automatic collection of personal information and details regarding refusal of such collection

The Company uses the 'cookies' and frequently store and retrieve the Member's information in order to provide the Members with customized services. The cookies are small text files that are sent to your browser by the server used to run the Company's website and are stored on your computer's hard disk. The Member’s computer may be identified but not the identity of the Member.

1. (1) Purpose of using the cookies

   The Company uses the cookies for the following purposes:

   • - Provide convenient internet service by maintaining the service use environment set by the user
   • - Provide optimized service by analyzing users' visit and usage behavior
2. (2) How to refuse the use of the cookies

   The Members may opt not to use the cookies. Therefore, the Member may change the web browser setting to always allow the use of the cookies, prompt every time when a cookie is saved, or refuse to save any cookies. However, in order to access the Company's homepage and use the service, the use of the cookies must be allowed, and a Member refusal to use the cookies may lead to difficulty in using the Company's service that requires a login.

   • - Example of changing the setting
     1. ① For Internet Explorer: Tools menu at the top of the web browser > Internet Options > Privacy > Advanced
     2. ② For Chrome: Settings menu on the right side of the web browser > Show advanced settings at the bottom of the screen > Privacy and security > Site settings > Cookies and site data
3. (3) Google Analytics Guide

   The Company uses Google Analytics, a web analytics service provided by Google. Google Analytics uses cookies to help websites analyze how the users use our site. The information generated by cookies in connection with the users' use of the website is transmitted and stored on Google’s U.S. servers.
   Unless expressly opted out, by using the site, the user consents to the use of Google cookies and all information generated by Google Analytics.
   If you do not want Google to process your information, you can opt-out through the Google site.
   More information about the privacy of Google Analytics can be found in the Analytics Help.

9. Cross-border data transfer

The Members’ personal information may be stored and processed in the country where the Company's facilities are located. By using this website, the user consents to the transmission of information outside your country of residence. The Company will take appropriate steps to protect the Members’ privacy in accordance with applicable laws, but data protection and other laws in the countries where the user’s information may be transferred may differ.

10. Technical/administrative measures related to personal information protection

1. (1) The Member's personal information is primarily protected by the Member's ID and password, and the Company shall ensure that personal information is not disclosed, tampered with or damaged in processing the Member's personal information in order to ensure safety. The following technical and managerial measures are in place.
   1. ① Technical measures
      1. a. The password for the Member account is stored encrypted so the user is the only one who has access to the information. Therefore, the person who is aware of the ID and password may check and correct the personal information that requires an account login.
      2. b. The Company backs up its data from time to time in preparation for the loss of personal information and uses the latest antivirus program to prevent the Members' personal information or data from being leaked or damaged by computer viruses.
      3. c. The Company employs security measures to securely transmit personal information over the network in case of incidences such as making payments.
      4. d. The Company uses intrusion prevention system (firewall) to control unauthorized access from outside to prevent the leakage of information by hacking, etc., and strives to equip all possible technical devices to secure systemic security.
   2. ② Administrative measures
      1. a. When the Company handles personal information by requesting the password of the Member, the Company shall confirm, in the best way possible and makes every effort to ensure, that the information is processed safely.
      2. b. The Company restricts access to personal information to those who perform personal information management tasks such as personal information protection officers and those who have to process other personal information, and compliance with the Information Protection Policy is always emphasized with frequent education.
2. (2) In addition to the Company's efforts described above, the Member shall use caution not to expose his / her personal information such as ID and password on the Internet or to others. The Company shall not be responsible for any personal information such as ID and password leaked due to the negligence or neglect of the Member.
3. (3) Therefore, the Member's ID and password should be used only by the user, and it is recommended to change the password frequently, and the password should be a combination of letters and numbers that is difficult for others to predict.
4. (4) It is also recommended to log out and close the web browser after using the service. In particular, if the computer is shared with others or used it in a public place, this process is necessary for the security of one’s personal information.

11. Questions and comments

You are welcome to contact us for any privacy complaints arising out of your use of the Company's services. The Company will promptly and fully respond to the Member's inquiries.

• TEL : 028-3939-0181
• E-mail : support@cafe24corp.vn
• Opening Hours: 8:00~12:00 / 13:00~17:00 / Mon ~ Fri (excluding national holidays)

12. Duty to inform

If there are any additions, deletions, or modifications to the current Personal Information Protection Policy due to changes in laws, policies or security technologies, such change will be announced on the Company’s website at least 7 days prior to the date of implementation.

Appendix

1. ① Ngày công bố: 2021.05.O3
2. ② Effective Date: 2021.O5.10