3CE│STYLENANDA
Privacy Policy
General Provisions

NANDA Co., Ltd. (the “Company” or “we”) values its customers’ information and strictly complies with privacy-related laws including the Act
on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (the “Network Act”) and the Personal Information Protection Act.

We also established the following [Privacy Policy] and have observed it thus far. This Privacy Policy may be revised in alignment with privacy-related law amendment
or changes in the Company’s internal policies.

Therefore, we would like to advise our customers to check the revision status when visiting the Stylenanda website, from time to time.

* The list of delegatees may be revised as the relevant services or contractual terms change, and in such case, customers will be notified in advance through announcement.
Short-term events will be individually notified at the time of participation.


Article 1 Personal Information to Be Collected and Purpose of Use

We established procedures where customers can click on the “I agree” button to consent to the terms and conditions of membership,
and personal information to be collected and used, when signing up for the website.
When customers click on the “I agree” button, they will be deemed to have consented to the collection and use of their personal information


Information collected during sign-up and order process
Classification Collection time Mandatory/optional Items to be collected Purposes Retention period
Member During sign-up Mandatory ID, password and email address Membership status confirmation, use of service, consultation on service and delivery of announcement Until cancellation of membership
or expiration of statutory retention period
During simplified sign-up Mandatory Facebook: name and password
Apple : email address
Simplified log-in through connection with SNS and a third account
When placing orders Mandatory Information on orderer (last name, first name, address, zip code, telephone number, cellphone number and email address) and payment approval information Payment and delivery of products ordered
Non-member Not eligible to place orders


* In addition to the foregoing, when customers use consultation channels for inquiries or join events,
the Company may also collect their personal information upon their separate consent to the personal information to be collected, and the purpose and retaining period thereof.

* The Company may collect and use personal information if there is any special provision in the Network Act or other laws.


Article 2 Collection of Personal Information by Cookies

(1) What is a cookie?
The Company uses “cookies” which store and find customers’ information from time to time.
Cookies are small pieces of text files that are sent by a website to customers’ computer browsers (e.g., Internet Explorer).

(2) Purpose of using cookies
-To provide differentiated information according to individuals’ interest
-To analyze users’ access frequency or time and identify their preferences and interest for targeted marketing and service improvement
-To provide customized shopping services by tracking customers’ shopping list and items that they have looked around with interest

(3) Operation and rejection of cookies
Cookies are stored in users’ computer hard disks and only identify users’ computers, not the individual users.
In addition, through web browser settings, customers may allow/refuse all cookies or require confirmation whenever they are stored.
However, if you refuse the storage of cookies, you may not use certain services which require log-in.
* Methods to refuse cookie settings (on Internet Explorer): choose the desired options by accessing [Tools] on the upper side of the web browser > [Internet Options] > [Privacy] > [Advanced].

(4) Permission to access mobile apps and purpose.

Access Permission Purpose of Access Android iOS
Device and app records Statistics, sending push notifications, checking error information Mandatory Mandatory
Photos/Media/Files Reading or saving files when uploading photo reviews or posts Mandatory Optional
Shopping mall notification service Provision of benefits, including events, new products and discounts Optional Optional
Camera Taking photos and videos - Optional
Article 3 Retention/Use Period, and Destruction of Personal Information

(1) Personal information of customers will be destroyed without delay if the purpose of collection and use of personal information is achieved
(e.g., membership cancellation) or at users’ request for consent withdrawal.
However, if it is necessary to retain personal information for a certain period of time to identify transaction-related rights
and obligations based on applicable laws and regulations such as the Act on the Consumer Protection in Electronic Commerce, Etc.
as follows, personal information will be retained for such period of time.

A. Article 6 of the Act on the Consumer Protection in Electronic Commerce, Etc.
-Records on contracts or withdrawal of subscription: five years
-Records on payments and provision of goods: five years
-Records on customer complaints or dispute resolution: three years
-Records on labels and advertisements: six months

B. Article 15-2 of the Protection of Communications Secrets Act
-Records on visits (logs): three months

C. Article 22 of the Electronic Financial Transactions Act
-Records on electronic financial transaction: five years

D. Other applicable laws and regulations

(2) The Company destroys personal information as follows:

A. Destruction procedures

(i) Upon achieving the purpose, personal information entered during sign-up procedures, etc.
shall be transferred to a separate DB (in the case of printouts, separate documentation),
which will be stored for a certain period of time as stipulated under the internal guidelines and other applicable laws and regulations and then destroyed.

(ii) This personal information will not be used beyond the retaining purposes thereof, unless otherwise required by laws.

B. Destruction methods

(i) Personal information printed on paper will be shredded by a shredder or destroyed through incineration.

(ii) Personal information stored in electronic forms will be deleted using a technical method that renders the information irrevocable.

(3) Pursuant to Article 29 (2) of the Network Act, the Company notifies dormant members (members who have not used services for the last 12 months) of the loss of membership,
and if the dormant members remain unresponsive by the deadline specified in the notification, they may lose their membership.

In this case, personal information of the dormant members will be stored and managed separately from other members’ personal information,
and such separately stored personal information will be destroyed when the statutory retention period expires.

At users’ request, their personal information, if has yet to be destroyed, will be provided again when they resume using the services.


Article 4 Provision of Personal Information to a Third Party

(1) The Company will not use or provide to any third party its customers’ personal information beyond the notified scope.

(2) However, exceptions apply as below:

A. Where requested by relevant authorities for investigation purposes pursuant to applicable laws and regulations

B. Where providing information to advertisers, partners or research groups in a form that cannot identify a certain individual for statistics,
academic research or market research purposes C. Where required by procedures prescribed by other applicable laws and regulations

Even when we have to provide our customers’ personal information as requested above,
we will use our best efforts to prevent indiscriminate provision of customers’
information against the initial purposes of the collection and use of personal information.


Article 5 Delegation of Personal Information Processing

The Company entrusts personal information processing to outside specialized companies as below to improve its work efficiency and
thereby provide better services and ensure customers’ greater convenience.

Delegated services Delegatees
Delivery of products ordered Pantos
Building and maintenance of computer system, CS service Cafe 24
Service for delivery/stock management system Sellmate, Asetec
Payment service Eximbay, PayPal
Product review, provision of accumulated reward points Crema Factory
Customer management based on the analysis of customer and purchase data Link Bricks

* Information is shared with the delegatees to the minimum extent possible to achieve the initial purposes of delegation.
Also, personal information is selectively provided to the delegatees as per customers’ service requests.

* The list of delegatees may be revised as the relevant services or contractual terms change, and in such case,
customers will be notified in advance through announcement. Short-term events will be individually notified at the time of participation.


Article 6 Access and Correction of Personal Information and Withdrawal of Consent

(1) You may access or correct your registered personal information at any time by clicking on the “My info” menu of “MY PAGE”
that appears on the start page of the website, or by contacting a privacy officer in writing, via phone or email.
Upon your request, the privacy officer will immediately take necessary measures.

(2) You may withdraw your consent to the collection, use and provision of personal information that you granted during sign-up procedures, etc. at any time.

This can be done by clicking on the “My info” menu of “MY PAGE” that appears on the start page of the website, or by contacting a privacy officer in writing,
via phone or email, who. Upon your request, the privacy officer will immediately take necessary measures including deletion of personal information.

If the Company has destroyed your personal information upon your withdrawal of consent, it will notify you accordingly without delay.


Article 7 Technical and Managerial Measures to Protect Personal Information

(1) Your personal information is basically protected by your ID and password.
The Company takes the following technical and managerial measures while processing your information,
to ensure that your personal information is not leaked, falsified or damaged and thereby remains safe.

(i) Technical measures

-The Company controls unauthorized access from outside by managing access rights to its personal information processing system, etc.
The Company safely stores and manages important data through encryption or other measures before the data is stored or transmitted.
-The Company regularly updates and inspects its security programs to prevent any personal information from being leaked or damaged by hacking or malicious codes.
-The Company adopts security system to safely transmit personal information on its network (e.g., for payment).
-To prevent any leakage of personal information caused by hacking or other reasons,
the Company controls unauthorized access from outside by using intrusion prevention system (i.e., firewall)
and strives to have as many technical instruments as possible to ensure systemic security.

(ii) Managerial measures

-When handling the personal information of members (e.g., upon their request for passwords),
the Company makes every effort to verify their identity in the best possible manner and ensure that the information is safely processed.
-The Company grants the right to access personal information only to persons who manage personal information
(e.g., chief privacy officer) and persons who inevitably need to process personal information for business purposes.
The Company always emphasizes compliance with privacy policies by providing regular training to employees who process personal information.

(2) In addition to the Company’s foregoing efforts, you should also be careful not to expose or leak your personal information
(e.g., ID, password, or resident registration number) on the Internet or to others.

The Company shall not be held responsible for any leakage of personal information
(e.g., ID, or password) if it is attributable to your negligence or reckless care.

(3) Therefore, please make sure that you keep your ID and password to yourself and frequently change the password.
It is advisable to use a difficult password comprised of a combination of English alphabets and numbers which is not easily conceivable by others.

(4) Please also be advised that you log out immediately after using the Company’s services and close the web browser.

These procedures become more important when you share your computer with others or use it at public places to ensure the security of your personal information.


Article 8 Users’ Obligations

(1) Please accurately enter your up-to-date personal information to prevent unexpected accidents.
You shall be responsible for any accidents that occur from entering inaccurate information.
You may also be disqualified from membership or suspended from using the Company’s website in case you enter false information, such as other persons’information.

(2) You shall be responsible for the security of your ID and password related to your personal information.
The Company in no way directly asks users for passwords, so please be cautious not to leak your password to others.

(3) Your personal information is entitled to protection, but at the same time, you also have the obligation to
protect yourself and not to infringe on other persons’ information. Please be cautious not to damage other persons’ personal information, including their posts.

(4) If you fail to fulfil the above responsibilities and damage other persons’ information,
you may be subject to punishment pursuant to relevant laws and regulations. In particular, extra caution is required when you go online at public places.


Article 9 Personal Information of Children

The Company's sites and services are not directed to, and we do not knowingly collect personal information form, children whose personal information may only be processed upon the consent of their guardians pursuant to the Privacy Law and related laws of the country in which they reside. If we determine upon collection that a user is under this age, we will not use or maintain his/her Personal Information without the parent/guardian's consent. If we become aware that we have we have unknowingly collected personally identifiable information from a child, we will make reasonable efforts to delete such information from our records. If you believe that we might have any information from or about a child, please contact us.


Article 10 Sending Marketing Information

-The Company does not send marketing information with commercial purposes to customers without the customer's prior consent.
-When the Company intends to send commercial marketing information to a customer as a part of the Company's customer-oriented marketing activities, such as providing information on new products or events, the Company obtains the customer's prior consent for receiving marketing information and ensures that the customer can easily notice that the information sent by the Company is marketing information for any medium of communication.
-When sending marketing information to customers, the Company complies with the applicable laws and regulations.


Article 11 Privacy Department

To protect members’ personal information and handle complaints related to personal information,
the Company has designated relevant departments and the chief privacy officer as follows:

-Department for Customer Service: CS Team in Korea
-Telephone: 0502-707-8888
-Email: privacy@stylenanda.com
-Chief Privacy Officer : Han Kwan Hyun



 If you find it necessary to report privacy issues or consult in relation to personal information infringement,
 please contact the Personal Information Infringement Report Center of the Korea Internet & Security Agency (“KISA”).
 Moreover, if you have suffered monetary or mental damage due to personal information infringement, you may request damage relief to the Personal Information Dispute Mediation Center of KISA.

 -Cyber Security Keeper [https://cyberbureau.police.go.kr / Tel.: (no area code) 182]
 -Cyber Bureau of the National Police Agency [https://cyberbureau.police.go.kr / Tel.: (no area code) 182]
 -Cyber Investigation Division of the Supreme Prosecutors’ Office [https://spo.go.kr / Tel.: (no area code) 1301]
 -Personal Information Infringement Report Center (operated by KISA) [https://privacy.kisa.or.kr / Tel.: (no area code) 118]
 -Personal Information Dispute Mediation Committee (operated by KISA) [https://www.kopico.go.kr / Tel.: 02-1833-6972]


Article 12 Obligation to Notify

Provisions in this Privacy Policy may be added, deleted or modified in accordance with the policies of the government or the Company or changes in security technologies.
In this case, the Company will notify customers via the “Notice” menu on its website seven days earlier.

This Privacy Policy became effective on the following dates:

-Date of publication: July 18, 2022
-Effective Date: July 25, 2022

LANGUAGE

Please select your preferred language.