Privacy Policy
MORRIS Co., Ltd. hereinafter referred to as the “Company” complies with applicable laws and regulations related to personal information,
including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and the Personal Information Protection Act.
The Company has established this Privacy Policy to protect the rights and interests of users.
Through this Privacy Policy, the Company informs users how their personal information is used, for what purposes it is used, and what measures the Company takes to protect personal information.
If this Privacy Policy is amended, the Company will notify users through website announcements or individual notices.
including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and the Personal Information Protection Act.
The Company has established this Privacy Policy to protect the rights and interests of users.
Through this Privacy Policy, the Company informs users how their personal information is used, for what purposes it is used, and what measures the Company takes to protect personal information.
If this Privacy Policy is amended, the Company will notify users through website announcements or individual notices.
1. Items of Personal Information Collected and Collection Methods
A. Items of Personal Information Collected
The Company collects the following personal information for membership registration, non-member purchases, consultation,
prevention of misuse, and other purposes.
* Required items: Name, ID, password, date of birth, gender, email address, IP address
* Optional items: Information required by the Company to provide personalized services
B. Collection Methods
When users register as members to use the Company’s membership services, the Company collects essential information online for the provision of such services.
The Company may also request users to provide personal information selectively for statistical analysis, prize delivery, or other purposes during surveys or events conducted within the service.
However, the Company does not collect sensitive personal information that may infringe upon users’ basic human rights, such as race, ethnicity, ideology, beliefs, place of origin, domicile of origin, political orientation, criminal records, health status, or sexual life. If the collection of such information is unavoidable, the Company will obtain prior consent from users.
The Company collects the following personal information for membership registration, non-member purchases, consultation,
prevention of misuse, and other purposes.
* Required items: Name, ID, password, date of birth, gender, email address, IP address
* Optional items: Information required by the Company to provide personalized services
B. Collection Methods
When users register as members to use the Company’s membership services, the Company collects essential information online for the provision of such services.
The Company may also request users to provide personal information selectively for statistical analysis, prize delivery, or other purposes during surveys or events conducted within the service.
However, the Company does not collect sensitive personal information that may infringe upon users’ basic human rights, such as race, ethnicity, ideology, beliefs, place of origin, domicile of origin, political orientation, criminal records, health status, or sexual life. If the collection of such information is unavoidable, the Company will obtain prior consent from users.
2. Purpose of Collection and Use of Personal Information
A. Development of New Services
The Company may develop more useful services based on the personal information provided by users. When developing new services or expanding content,
the Company may use personal information provided by existing users to e ciently prioritize services to be developed and to reasonably select and provide
content that users may need.
B. Member Management
Personal information is used for identity veri cation, personal identi cation, prevention of unauthorized use by abusive
members, prevention of unauthorized access, con rmation of intent to register, age veri cation, con rmation of consent from
legal guardians when collecting personal information of children under the age of 14, handling complaints and other civil
inquiries, and delivery of notices.
C. Marketing and Advertising
Personal information may be used to provide information on new services and events, provide customized services, o er
services and advertisements based on demographic characteristics, analyze access frequency, and compile statistics on
members’ use of services.
The Company may develop more useful services based on the personal information provided by users. When developing new services or expanding content,
the Company may use personal information provided by existing users to e ciently prioritize services to be developed and to reasonably select and provide
content that users may need.
B. Member Management
Personal information is used for identity veri cation, personal identi cation, prevention of unauthorized use by abusive
members, prevention of unauthorized access, con rmation of intent to register, age veri cation, con rmation of consent from
legal guardians when collecting personal information of children under the age of 14, handling complaints and other civil
inquiries, and delivery of notices.
C. Marketing and Advertising
Personal information may be used to provide information on new services and events, provide customized services, o er
services and advertisements based on demographic characteristics, analyze access frequency, and compile statistics on
members’ use of services.
3. Retention and Use Period of Personal Information
In principle, the Company destroys users’ personal information without delay once the purpose of collecting and using the
personal information has been achieved. However, the following information is retained for the periods speci ed below for the
stated reasons.
A. Retention Based on the Company’s Internal Policy
* Records of misuse: Prevention of misuse
* Retention period: 1 year from the date of misuse
B. Retention Based on Applicable Laws
* Records concerning contracts or withdrawal of subscriptions: 5 years Act on the Consumer Protection in Electronic Commerce, etc.
* Records concerning payment and supply of goods or services: 5 years Act on the Consumer Protection in Electronic Commerce, etc.
* Records concerning consumer complaints or dispute resolution: 3 years Act on the Consumer Protection in Electronic Commerce, etc.
* Records concerning visits/logs: 3 months Protection of Communications Secrets Act
personal information has been achieved. However, the following information is retained for the periods speci ed below for the
stated reasons.
A. Retention Based on the Company’s Internal Policy
* Records of misuse: Prevention of misuse
* Retention period: 1 year from the date of misuse
B. Retention Based on Applicable Laws
* Records concerning contracts or withdrawal of subscriptions: 5 years Act on the Consumer Protection in Electronic Commerce, etc.
* Records concerning payment and supply of goods or services: 5 years Act on the Consumer Protection in Electronic Commerce, etc.
* Records concerning consumer complaints or dispute resolution: 3 years Act on the Consumer Protection in Electronic Commerce, etc.
* Records concerning visits/logs: 3 months Protection of Communications Secrets Act
4. Procedures and Methods for Destroying Personal Information
Users’ personal information is destroyed without delay once the purpose of collecting and using the personal information has
been achieved, in accordance with the following procedures and methods.
A. Destruction Procedure
Information entered by users for the use of services is transferred to a separate database after the purpose has been achieved, or to a separate document storage box
in the case of paper documents.
The information is then stored for a certain period in accordance with internal policies and other applicable laws and regulations,
as described in the retention and use period section, before being destroyed.
Personal information transferred to a separate database is not used for any purpose other than retention, unless required by law.
B. Destruction Method
* Personal information printed on paper: Shredded or incinerated
* Personal information stored in electronic le format: Deleted using technical methods that prevent the records from being restored
been achieved, in accordance with the following procedures and methods.
A. Destruction Procedure
Information entered by users for the use of services is transferred to a separate database after the purpose has been achieved, or to a separate document storage box
in the case of paper documents.
The information is then stored for a certain period in accordance with internal policies and other applicable laws and regulations,
as described in the retention and use period section, before being destroyed.
Personal information transferred to a separate database is not used for any purpose other than retention, unless required by law.
B. Destruction Method
* Personal information printed on paper: Shredded or incinerated
* Personal information stored in electronic le format: Deleted using technical methods that prevent the records from being restored
5. Provision of Personal Information to Third Parties
The Company provides users’ personal information to third parties within the scope noti ed or speci ed and consented to at the time of membership registration, as follows.
* Recipient: ㈜○○○ * Purpose of provision: Development of new services and use for marketing/advertising
* Items provided: ID, name, email address, mobile phone number for the development of new services and use for marketing/advertising
* Retention and use period: Until membership withdrawal In principle, users’ personal information is not provided to external parties except as stated above. However, exceptions may apply in the following cases.
* When users have given prior consent
* When required by law or when requested by investigative authorities in accordance with procedures and methods prescribed by law for investigation purposes
* Recipient: ㈜○○○ * Purpose of provision: Development of new services and use for marketing/advertising
* Items provided: ID, name, email address, mobile phone number for the development of new services and use for marketing/advertising
* Retention and use period: Until membership withdrawal In principle, users’ personal information is not provided to external parties except as stated above. However, exceptions may apply in the following cases.
* When users have given prior consent
* When required by law or when requested by investigative authorities in accordance with procedures and methods prescribed by law for investigation purposes
6. Outsourcing of Personal Information Processing
The Company outsources the processing of personal information for the smooth provision of services. In accordance with
applicable laws and regulations, the Company stipulates necessary matters in outsourcing agreements to ensure that personal
information is managed safely.
The current outsourced personal information processors and the details of their duties are as follows.
Listed in the order of: outsourced company, entrusted duties, personal information items, retention and use period.
* [Name of delivery company]: Product delivery / - / Until termination of contract
* Korea Center Co., Ltd.: Operation of customer information database system, IT outsourcing / - / Until termination of contract
* [Name of identity veri cation agency]: Identity veri cation / - / Until termination of contract
* KSNET Co., Ltd.: Payment-related services / - / Until termination of contract
The current outsourced personal information processors and the details of their duties are as follows.
Listed in the order of: outsourced company, entrusted duties, personal information items, retention and use period.
* [Name of delivery company]: Product delivery / - / Until termination of contract
* Korea Center Co., Ltd.: Operation of customer information database system, IT outsourcing / - / Until termination of contract
* [Name of identity veri cation agency]: Identity veri cation / - / Until termination of contract
* KSNET Co., Ltd.: Payment-related services / - / Until termination of contract
7. Rights of Users and Legal Guardians and How to Exercise Them
A. Users and legal guardians may view or modify their own registered personal information, or the personal information of children
under the age of 14, at any time. They may also request membership withdrawal or withdrawal of consent.
B. To view or modify personal information, users may log in and select “Change Personal Information” or “Edit Member Information” on My Page. To withdraw membership or withdraw consent, users may click “Membership Withdrawal” and complete the identity veri cation process to directly view, correct, or withdraw their information. Users may also contact the Personal Information Management O cer in writing, by phone, or by email, and the Company will take action without delay.
C. If a user requests correction of errors in personal information, the Company will not use or provide the relevant personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the correction can be made.
D. Personal information terminated or deleted at the request of users or legal guardians is processed in accordance with “3. Retention and Use Period of Personal Information” and is handled so that it cannot be viewed or used for any other purpose.
B. To view or modify personal information, users may log in and select “Change Personal Information” or “Edit Member Information” on My Page. To withdraw membership or withdraw consent, users may click “Membership Withdrawal” and complete the identity veri cation process to directly view, correct, or withdraw their information. Users may also contact the Personal Information Management O cer in writing, by phone, or by email, and the Company will take action without delay.
C. If a user requests correction of errors in personal information, the Company will not use or provide the relevant personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the correction can be made.
D. Personal information terminated or deleted at the request of users or legal guardians is processed in accordance with “3. Retention and Use Period of Personal Information” and is handled so that it cannot be viewed or used for any other purpose.
8. Use of Cookies
The Company uses cookies and similar technologies that store and retrieve user information from time to time in order to provide personalized and customized services.
A cookie is a small text le sent to the user’s browser by the server used to operate the Company’s website. Cookies are stored on the hard disk of the user’s computer.
A. Purpose of Using Cookies
Cookies are used to analyze users’ access frequency and visit times, identify users’ preferences and interests, track usage patterns, determine participation in events and number of visits, and provide targeted marketing and customized services.
B. Installation and Operation of Cookies
Users have the right to choose whether to allow cookies. Users may congure their web browser settings to allow all cookies, con rm each time a cookie is stored, or refuse the storage of all cookies.
C. How to Refuse Cookie Settings
Users may refuse cookie settings by selecting the options in their web browser. Users may allow all cookies, con rm each time a cookie is stored, or refuse the storage of all cookies. However, if users refuse the installation of cookies, there may be di culties in providing certain services.
Example of settings for Internet Explorer: Tools at the top of the web browser > Internet Options > Privacy
A cookie is a small text le sent to the user’s browser by the server used to operate the Company’s website. Cookies are stored on the hard disk of the user’s computer.
A. Purpose of Using Cookies
Cookies are used to analyze users’ access frequency and visit times, identify users’ preferences and interests, track usage patterns, determine participation in events and number of visits, and provide targeted marketing and customized services.
B. Installation and Operation of Cookies
Users have the right to choose whether to allow cookies. Users may congure their web browser settings to allow all cookies, con rm each time a cookie is stored, or refuse the storage of all cookies.
C. How to Refuse Cookie Settings
Users may refuse cookie settings by selecting the options in their web browser. Users may allow all cookies, con rm each time a cookie is stored, or refuse the storage of all cookies. However, if users refuse the installation of cookies, there may be di culties in providing certain services.
Example of settings for Internet Explorer: Tools at the top of the web browser > Internet Options > Privacy
9. Technical and Administrative Measures for Personal Information Protection
A. Technical Measures
The Company takes the following technical measures to ensure the security of users’ personal information and prevent loss, theft, leakage, alteration, or damage.
* Users’ personal information is protected through encryption. However, despite the Company’s encryption and protection measures, personal information may be unintentionally lost, stolen, or leaked during internet use in public places or similar environments. Therefore, users must not disclose, lend, or provide their personal information to others and must responsibly manage their personal information to prevent unauthorized collection through phishing or other social engineering methods. The Company is not responsible for any loss, theft, leakage, phishing, or disclosure of personal information caused by such circumstances.
* Users’ personal information is basically protected by passwords. Files and transmitted data are encrypted, and important data is protected through separate security functions.
* The Company uses antivirus software that automatically updates with the latest information to prevent damage caused by computer viruses. Dedicated personnel monitor protection measures 24 hours a day. In the event of virus intrusion, an alarm is automatically sent to the operator and automatic treatment is performed.
* The Company uses security devices such as SSL or SET to safely transmit personal information over networks using encryption algorithms. * The Company operates intrusion detection and prevention systems 24 hours a day to prevent leakage of users’ personal information caused by hacking or other intrusions into the Company’s information and communications network.
B. Administrative Measures
The Company recognizes the importance of protecting users’ personal information and takes the following administrative measures, including limiting the number of employees who handle personal information.
* The Company provides regular internal training and outsourced training to employees who handle personal information
regarding new security technologies and personal information protection obligations. * The Company requires all new employees to submit a security pledge to prevent information leakage by personnel.
The Company has established internal procedures to monitor compliance with this Privacy Policy and employee obligations, and to correct or improve any violations identi ed. Work handovers involving personal information handlers are conducted thoroughly under secure conditions, and responsibility for personal information incidents is clearly dened after employment and resignation. * Personal information and general data are stored separately on separate servers and are not stored together.
* Computer rooms and data storage rooms are designated as specially protected areas, and access is controlled.
* The Company is not responsible for incidents caused by individual users’ mistakes or the inherent risks of the internet. Each user is responsible for properly managing their own ID and password to protect their personal information.
The Company takes the following technical measures to ensure the security of users’ personal information and prevent loss, theft, leakage, alteration, or damage.
* Users’ personal information is protected through encryption. However, despite the Company’s encryption and protection measures, personal information may be unintentionally lost, stolen, or leaked during internet use in public places or similar environments. Therefore, users must not disclose, lend, or provide their personal information to others and must responsibly manage their personal information to prevent unauthorized collection through phishing or other social engineering methods. The Company is not responsible for any loss, theft, leakage, phishing, or disclosure of personal information caused by such circumstances.
* Users’ personal information is basically protected by passwords. Files and transmitted data are encrypted, and important data is protected through separate security functions.
* The Company uses antivirus software that automatically updates with the latest information to prevent damage caused by computer viruses. Dedicated personnel monitor protection measures 24 hours a day. In the event of virus intrusion, an alarm is automatically sent to the operator and automatic treatment is performed.
* The Company uses security devices such as SSL or SET to safely transmit personal information over networks using encryption algorithms. * The Company operates intrusion detection and prevention systems 24 hours a day to prevent leakage of users’ personal information caused by hacking or other intrusions into the Company’s information and communications network.
B. Administrative Measures
The Company recognizes the importance of protecting users’ personal information and takes the following administrative measures, including limiting the number of employees who handle personal information.
* The Company provides regular internal training and outsourced training to employees who handle personal information
regarding new security technologies and personal information protection obligations. * The Company requires all new employees to submit a security pledge to prevent information leakage by personnel.
The Company has established internal procedures to monitor compliance with this Privacy Policy and employee obligations, and to correct or improve any violations identi ed. Work handovers involving personal information handlers are conducted thoroughly under secure conditions, and responsibility for personal information incidents is clearly dened after employment and resignation. * Personal information and general data are stored separately on separate servers and are not stored together.
* Computer rooms and data storage rooms are designated as specially protected areas, and access is controlled.
* The Company is not responsible for incidents caused by individual users’ mistakes or the inherent risks of the internet. Each user is responsible for properly managing their own ID and password to protect their personal information.
10. Personal Information Management O cer
The Company makes its best e orts to ensure that users can safely use quality information. If an incident occurs that violates the
matters noti ed to users regarding the protection of personal information, the Company assumes full responsibility.
However, despite technical security measures, the Company is not responsible for damage to information caused by unexpected incidents arising from inherent network risks, such as hacking, or for disputes related to posts written by visitors.
The o cer responsible for handling users’ personal information is listed below and will respond promptly and sincerely to inquiries related to personal information.
Personal Information Management Officer
Name: Kwon Juhyun
Tel: 1800-9972
Email: ju4523@morris.co.kr
However, despite technical security measures, the Company is not responsible for damage to information caused by unexpected incidents arising from inherent network risks, such as hacking, or for disputes related to posts written by visitors.
The o cer responsible for handling users’ personal information is listed below and will respond promptly and sincerely to inquiries related to personal information.
Personal Information Management Officer
Name: Kwon Juhyun
Tel: 1800-9972
Email: ju4523@morris.co.kr
11. Customer Service for Personal Information Inquiries
The Company has designated and operates the following department responsible for handling personal information protection
complaints in order to protect customers’ personal information and handle complaints related to personal information.
Department Responsible for Personal Information Protection Complaints
Name: Walter Yu
Tel: +82-2-6956-8900
Email: morris_sales@morris.co.kr
Users may report any personal information protection-related complaints arising from the use of the Company’s services to the Personal Information Management O cer or the responsible department.
The Company will provide prompt and su cient responses to users’ reports.
For other reports or consultations regarding personal information infringement, please contact the following organizations.
* Personal Information Dispute Mediation Committee
www.1336.or.kr / 1336
* Information Security Mark Certi cation Committee
www.eprivacy.or.kr / 02-580-0533~4
* Supreme Prosecutors’ O ce Internet Crime Investigation Center
http://icic.sppo.go.kr / 02-3480-3600
* National Police Agency Cyber Terror Response Center
www.ctrc.go.kr / 02-392-0330
Department Responsible for Personal Information Protection Complaints
Name: Walter Yu
Tel: +82-2-6956-8900
Email: morris_sales@morris.co.kr
Users may report any personal information protection-related complaints arising from the use of the Company’s services to the Personal Information Management O cer or the responsible department.
The Company will provide prompt and su cient responses to users’ reports.
For other reports or consultations regarding personal information infringement, please contact the following organizations.
* Personal Information Dispute Mediation Committee
www.1336.or.kr / 1336
* Information Security Mark Certi cation Committee
www.eprivacy.or.kr / 02-580-0533~4
* Supreme Prosecutors’ O ce Internet Crime Investigation Center
http://icic.sppo.go.kr / 02-3480-3600
* National Police Agency Cyber Terror Response Center
www.ctrc.go.kr / 02-392-0330
12. Duty of Noti cation
A. The Company makes this Privacy Policy and other detailed matters concerning personal information protection available on the
rst page of the service website so that users can easily view them at any time.
B. If important details are added, deleted, or amended due to changes in laws, policies, or security technologies, the Company will notify users of the reason for and details of such changes through the service website before the amended Privacy Policy takes e ect.
C. The contents of this Privacy Policy may be changed from time to time, so users are advised to check it whenever they visit the service website.
This Privacy Policy is e ective as of July 28, 2015.
B. If important details are added, deleted, or amended due to changes in laws, policies, or security technologies, the Company will notify users of the reason for and details of such changes through the service website before the amended Privacy Policy takes e ect.
C. The contents of this Privacy Policy may be changed from time to time, so users are advised to check it whenever they visit the service website.
This Privacy Policy is e ective as of July 28, 2015.