privacy policy
Article 1 (Purpose)
1. Personal information refers to information about a living individual that can identify the individual through information contained in the information, such as name and resident registration number (even if the information alone cannot identify a specific individual, it includes information that can be easily combined with other information to identify the individual).
2. Yanolja F&B Solution Co., Ltd. (hereinafter referred to as the "Company") places great importance on protecting your personal information and complies with the Personal Information Protection Regulations of the Personal Information Protection Act. Through its Personal Information Processing Policy, the Company informs you of how and for what purpose the personal information you provide is used, as well as the measures taken to protect your personal information.
3. This Privacy Policy may be subject to change due to changes in government laws or guidelines, or to provide better service. In such cases, the Company will post notices on its website or notify users via email.
4. The company has taken steps to ensure that users can easily view the personal information processing policy at any time by disclosing it on the website's home screen or a screen linked to the home screen.
5. The company has established procedures necessary to revise the personal information processing policy to continuously improve it.
Article 2 (Consent to and Method of Collection of Personal Information)
1. The Company has established a procedure where users can click "Agree" or "Disagree" regarding the Company's consent form or Terms of Use. Clicking "Agree" is considered consent to the collection of personal information. However, the Company may collect and use personal information without consent in any of the following cases:
1) In cases where it is clearly difficult to obtain consent for personal information necessary to fulfill a contract for the provision of information and communication services due to economic or technical reasons.
2) When necessary for billing purposes for provision of information and communication services.
3) In other cases where there are special provisions in the law
4) In cases where it is clearly difficult to obtain consent for personal information necessary to perform a contract due to economic or technical reasons.
- Service usage history, IP address, access log, browser version
5) If there is a reasonable connection to the purpose of collection, there is no disadvantage to the data subject, and safety measures have been applied.
- Relevance to the original collection purpose
- The predictability of further use of personal information in light of the circumstances of collection or processing practices.
- Whether the interests of the data subject have been violated
- All necessary measures to ensure security, such as pseudonymization or encryption, are taken into consideration when making a decision.
2. When the company collects personal information, it must notify the user in advance and obtain consent, and collect personal information through the following methods.
1) When a user agrees to the collection of personal information and directly enters information during the process of registering as a member or using the service on the website.
2) When personal information is provided from affiliated services or organizations, etc.
3) In case of consultation through customer center via KakaoTalk, phone, etc.
4) In case of events held online or offline
Article 3 (Purpose of collection/use of personal information, collected items, etc.)
1. The company collects and uses the minimum amount of personal information necessary and legally processes and retains it.
1) Member
classification
Purpose of collection and use consent
항목
보유, 이용기간
필수정보
계약의 이행 및 서비스 제공, 상담·불만·민원처리, 고지·안내사항 전달, 서비스 이용실적 정보 통계·분석, 불법·부정이용방지, 신규 서비스 개발 및 서비스 개선
휴대폰 번호, 상담내용 및 상담에 필요한 개인정보, 이름(예약자에 한해 수집)
동의 철회 또는 탈퇴 시 지체 없이 파기 단, 관계법령에 따라 보존할 필요가 있는 경우 해당 법령에서 요구하는 기한까지 보관
필수정보(본인인증시)
계약의 이행 및 서비스 제공, 상담·불만·민원처리, 고지·안내사항 전달, 서비스 이용실적 정보 통계·분석, 불법·부정이용방지, 신규 서비스 개발 및 서비스 개선
이름, 전자우편주소, CI(연계정보)
동의 철회 또는 탈퇴 시 지체 없이 파기 단, 관계법령에 따라 보존할 필요가 있는 경우 해당 법령에서 요구하는 기한까지 보관
선택정보
개인맞춤형 상품 서�비스 혜택에 관한 정보 제공, 통계.분석.이용 내역 정보와의 결합 및 분석, 회사 또는 매장의 요청에 따른 정보 안내, 프로모션.이벤트 전송
Mobile phone number, name, email address
2) Affiliate stores
classification
Purpose of collection and use consent
item
Retention period
Required information
Performance of contracts and provision of services, settlement, billing, collection, consultation, complaint handling, and notification
Business information (business name, representative name, business registration number, representative contact information, email address), store information (store name (branch name), contact name, store phone number, contact information, store address), tax invoice information (contact name, email address, contact information), consultation content and personal information required for consultation, name, gender, password, mobile phone number, email address, residence, date of birth, CI (linked information)
Until the end of the contract. However, if preservation is required by relevant laws and regulations, the information will be kept until the period required by the relevant laws and regulations.
Required information (when applying for Toss payment)
Performance of contracts and provision of services, settlement, billing, collection, consultation, complaint handling, and notification
Name, email address, payer number (date of birth or business registration number), credit card number, credit card expiration date, first two digits of password
Required information (when applying for CMS automatic payment)
Performance of contracts and provision of services, settlement, billing, collection, consultation, complaint handling, and notification
account transfer
Applicant information (name, business name, contact information, mobile phone number), financial information (bank name, depositor name, account number, business registration number, depositor mobile phone number)
Apply for credit card payment
Name, mobile phone number, payer number (date of birth or business registration number), credit card number, credit card expiration date, first two digits of password, email address
Stored for 5 years after cancellation of automatic transfer application
Information held
Retention period
Legal basis
Records of contract or subscription cancellation, etc.
5 years
Act on Consumer Protection in E-commerce, etc.
Records of payment and supply of goods, etc.
5 years
Act on Consumer Protection in E-commerce, etc.
Records of consumer complaints or dispute resolution
3 years
Act on Consumer Protection in Electronic Commerce, etc.
Records of displays and advertisements
6 months
Act on Consumer Protection in E-commerce, etc.
Website visit history
3 months
Communications Secrets Protection Act
3) Member information collected and used in accordance with laws and regulations
2. We do not collect sensitive personal information (race and ethnicity, ideology and beliefs, place of origin and residence, political orientation and criminal record, medical information, etc.) that may infringe upon the fundamental human rights of users.
3. User personal information is used only for the period of service provision, starting from the time of service use. If a user requests membership withdrawal (withdrawal of consent), withdraws consent to the collection and use of provided personal information, or if the purpose of collection and use is achieved or the retention and use period expires, the user's personal information will be destroyed without delay.
1) Personal information printed on paper: Shred or incinerate.
2) Personal information stored in electronic file format: Deleted using a technical method that renders the records unreusable.
4. If a user requests to view transaction information, etc. held with the user's consent, the company will take steps to enable the user to confirm the details without delay.
5. All personal information collected by the company for service provision is transmitted to a data center located in the Seoul region of AWS (Amazon Web Services) using secure encrypted communication from the collection stage, and is stored for the retention period specified in the privacy policy. Cloud security can be verified through international certification programs acquired by AWS, and the shared responsibility document between the company and its cloud provider, AWS, can be found at this link ( https://aws.amazon.com/ko/compliance/shared-responsibility-model/ ).
Article 4 (Matters concerning the installation and operation of automatic personal information collection devices and their refusal)
1. Cookies are small pieces of information that a website sends to a member's browser (Internet Explorer, Chrome, Firefox, or other mobile browsers). The company uses "cookies" to store and periodically retrieve information about members. Cookies identify a member's computer or mobile device, but do not personally identify the member. Members also have a choice regarding cookies.
2. Example of how to set cookies
1) Internet Explorer: Tools menu at the top of the web browser > Internet Options > Privacy > Settings
2) Chrome: Settings menu at the top right of the web browser > Show advanced settings at the bottom of the screen > Content settings button under Privacy > Cookies
3) Edge: Dotted menu (...) in the upper right corner of the web browser > Settings > Update & Security > Cookies
3. The company uses cookies to provide optimized information to users, such as visits and usage patterns of the website visited by the user.
Article 5 (Consent to Provision of Personal Information to Third Parties)
1. The Company uses members' personal information within the scope specified in Article 3 (Purpose of Collection/Use of Personal Information, Collection Items, etc.) and does not use it beyond this scope or provide it to other individuals, companies, or organizations. However, the Company will provide personal information to third parties only after notifying members of the recipients of the information, the purpose of provision, the items provided, and the period of use and retention, as described below.
Recipient
Purpose of provision
Items provided
Retention and use period
Stores that have signed up for the Now Waiting service
Execution of contracts and provision of services, confirmation of user and usage information, resolution of consumer disputes such as complaint handling, and confirmation of sales statistics
(Required) Mobile phone number (e-mail address for foreigners), service usage information (when entered by user), name
Upon withdrawal of consent or withdrawal, the information will be destroyed without delay. However, if it is necessary to preserve the information in accordance with relevant laws and regulations, the information will be stored for the period required by the relevant laws and regulations.
Credit Finance Association
Check card sales and deposit information
ID, password
Until the purpose of use is achieved
2. Notwithstanding the preceding paragraph, the following cases are exceptions:
1) In cases where there are special provisions in the law or it is unavoidable to comply with statutory obligations.
2) In cases where the information subject or his/her legal representative is unable to express his/her intention or where prior consent cannot be obtained due to unknown address, etc., and it is clearly deemed necessary to protect the urgent life, body, or property interests of the information subject or a third party.
3) When necessary for billing purposes for the provision of information and communication services.
4) If there is a reasonable connection to the purpose of collection, there is no disadvantage to the data subject, and safety measures have been applied.
- Relevance to the original purpose of collection
- The predictability of additional use or provision of personal information in light of the collection circumstances or processing practices.
- Whether the interests of the data subject have been violated
- All necessary measures to ensure security, such as pseudonymization or encryption, are taken into consideration when making a decision.
Article 6 (Access and correction of personal information)
1. Users may view or correct their registered personal information at any time. To correct personal information, please contact the Personal Information Protection Officer by phone or email, and we will take action without delay.
2. If a user requests correction of errors in personal information, the personal information will not be used or provided until the correction is complete.
3. If incorrect personal information has already been provided to a third party, we will promptly notify the third party of the results of the correction process and take steps to correct the information.
Article 7 (Withdrawal of consent)
1. Members may withdraw their consent to the collection, use, and provision of personal information, provided through membership registration or other means, at any time. To withdraw consent, visit the Now Waiting website > "Confirm Consent to Collection of Personal Information and Marketing" or contact the Personal Information Protection Officer. We will take necessary measures, including deleting your personal information. If you withdraw your consent and take other measures, such as destroying your personal information, we will notify you without delay.
2. The company will take necessary measures to make it easier to withdraw consent to the collection of personal information (cancel membership) than the method used to collect personal information.
Article 8 (Technical and administrative measures for personal information protection)
1. Technical measures: When processing users' personal information, the company implements the following technical measures to ensure the security of personal information and prevent it from being lost, stolen, leaked, altered, or damaged.
1) The company uses antivirus software to prevent damage caused by computer viruses. Antivirus software is updated regularly, and in the event of a sudden virus outbreak, antivirus software is provided as soon as it becomes available, preventing personal information from being compromised.
2) The company uses a security device (SSL) that uses an encryption algorithm to safely transmit personal information over the network.
3) To prepare for external intrusions such as hacking, we are taking every precaution to ensure security by using intrusion prevention systems and vulnerability analysis systems on each server.
2. Management measures
1) The company limits access to your personal information to a minimum number of individuals. These individuals are as follows:
(1) A person who performs marketing work directly with users
(2) A person who handles customer complaints and inquiries
(3) Persons performing personal information management duties, such as personal information protection managers and staff members.
(4) Other persons for whom the processing of personal information is unavoidable for business purposes
2) We have established internal procedures to prevent information leaks in advance by requiring all employees to sign a security pledge upon joining the company, and to audit the implementation of the personal information processing policy and employee compliance.
3) The transfer of duties of personal information processors is carried out thoroughly while maintaining security, and responsibility for personal information accidents before and after employment is clearly defined.
4) We are striving to immediately correct and rectify any issues discovered by checking the implementation of the personal information processing policy and compliance of those in charge through the in-house personal information protection organization.
5) The company is not responsible for any incidents that occur due to user error or basic internet risks. Each member must properly manage their ID and password to protect their personal information and assume responsibility for doing so.
6) If personal information is lost, leaked, altered, or damaged due to an internal manager's mistake or a technical management accident, the company will immediately notify you of the fact and take appropriate measures and compensation.
Article 9 (Link Site)
The Company may provide users with links to other companies' websites or resources. In such cases, the Company has no control over these external websites and resources, and therefore cannot be held responsible for or guarantee the usefulness of the services or resources provided. If you click on a link contained within the Company and are transferred to another site, the privacy policy of that site is unrelated to the Company, so please review the policy of the site you visit.
Article 10 (Entrustment of Personal Information Processing)
The company may entrust the collection, processing, management, etc. of users' personal information to external parties to improve its services.
1. When entrusting the processing of personal information, we will notify users in advance of the entrusted agency and the fact through our website. However, when entrusting work to promote or solicit sales of goods or services, we will notify users individually via email. However, if the company is unable to notify you of the details of the entrusted work and the entrustee through written or email methods due to no fault of our own, we will post the relevant information on our website for at least 30 days.
2. In the case of entrusting the processing of personal information, we will clearly stipulate through an entrustment contract, etc., the service provider's strict adherence to instructions related to personal information protection, confidentiality of personal information, prohibition of provision to third parties, liability in case of accidents, entrustment period, return or destruction of personal information after completion of processing, etc., and keep the contents of the contract in writing or electronically.
3. The company's personal information processing agencies and the details of the entrusted work are as follows.
Trustee (sub-trustee)
Entrusted work details (sub-entrusted work details)
Kakao, Sweet Tracker Inc.
Message sending related services
KG Inicis, Korea Information & Communication Corporation, KS Net, Hyosung FMS Co., Ltd., Toss Payments Co., Ltd.
Electronic payment service
Bigsolon Co., Ltd., OnDemand Solutions Co., Ltd., E-Furniture Woodworker Co., Ltd., My Warehouse Co., Ltd., Sungwon Adpia Co., Ltd., Jooeun Information Systems Co., Ltd., BGF Post Co., Ltd.
Product delivery, product installation, returns, refunds
K-Biz Market Co., Ltd.
Service introduction consultation and installation
Link Hub
Issuance of tax invoice
Yanolja Co., Ltd., Wall & Vision (Yanolja Co., Ltd. trustee)
Customer Service
Channel Corporation, Kakao Corporation (Channel Corporation trustee)
System operation for customer consultation (chat) service
Beeple Co., Ltd.
System operation for customer consultation (chat) service
Article 11 (User Rights and Obligations)
1. Please ensure your personal information is accurate and up-to-date to prevent any unexpected accidents. You are solely responsible for any accidents resulting from inaccurate information. Entering false information, such as stealing someone else's information, may result in the loss of your membership.
2. Users have the right to have their personal information protected, but they also have a responsibility to protect themselves and not infringe on the information of others. Please be careful not to leak your personal information, including your password, and avoid damaging the personal information of others, including posts. Failure to fulfill this responsibility and damaging the information and dignity of others may result in punishment under the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and the Personal Information Protection Act.
Article 12 (Collection of opinions and handling of complaints)
1. The company values users' opinions, and users have the right to receive honest answers to their questions at all times.
2. The company operates a customer center to ensure smooth communication with users. Contact information is as follows.
[customer service center]
- Email: fnbsolution@yanolja.com
- Phone number: 1522-5954
3. If you need any other consultation regarding personal information, you may contact the company via the email address above. If you need to report or consult with a government agency, you may contact the contact information below for assistance.
1) Personal Information Infringement Report Center (http://privacy.kisa.or.kr / 118 without area code)
2) Supreme Prosecutors' Office Cyber Investigation Division (http://spo.go.kr / 1301 without area code)
3) National Police Agency Cyber Investigation Bureau (http://ecrm.cyber.go.kr / 182 without area code)
4) Personal Information Dispute Mediation Committee (http://www.kopico.go.kr / 1833-6972)
Article 13 (Personal Information Protection Manager)
The company is committed to ensuring users can safely access valuable information. In the event of an incident that violates the privacy notices provided to users, the personal information protection manager assumes full responsibility. However, despite technical measures taken, the company is not responsible for damage to information caused by unexpected incidents due to basic network risks, such as hacking, or for any disputes arising from posts made by visitors. The person responsible for processing your personal information and the person in charge are listed below, and we will respond promptly and diligently to any inquiries regarding personal information.
Personal Information Protection Manager: Kim Jeong-seop
Phone number: 1670-6463
Email address: cs_fnbsolution@yanolja.com
Article 14 (Processing of personal location information)
If the Company changes its personal information processing policy, it will notify users without delay through the notice section on the home page or a separate window, and will take steps to ensure that users can easily identify any changes at any time.
Supplementary provisions
Article 1 (Enforcement Date)
This Privacy Policy is effective from March 31, 2023.
Article 2 (Confirmation of the old personal information processing policy)
- Privacy Policy (effective May 12, 2022)
If the Company changes its personal information processing policy, it will notify users without delay through the notice section on the home page or a separate window, and will take steps to ensure that users can easily identify any changes at any time.