We, B2LiNK (the “Company”), make much account of personal information of our customers using the services of the Internet site (Areum, “Areum”) operated by us. The Company’s privacy policy (this or the “Policy”) is set forth below.

Please check the Policy from time to time when you visit our website, as the Policy may be amended pursuant to changes to the applicable laws, regulations, and guidelines relating to the protection of personal information and changes in Areum’s policies. Areum’s Policy includes the following information:

1. Collection and Use of Personal Information
2. Provision and Sharing of Personal Information to or with a Third Party
3. Outsourcing of Processing of Personal Information
4. Duration of Retention and Use of Personal Information and Destruction
5. Cookies
6. Rights of Users
7. Responsibilities of Users
8. Liability on Links to Other Web Sites
9. Technical / Managerial Safeguards to Protect Personal Information
10. Privacy Officer
11. Obligation of Notification

1. Collection and Use of Personal Information

1. We collect personal information to verify the identity of our customers and confirm his/her/its intent to use our services to provide optimal custom-designed services to the customer. We collect only the minimum information necessary to help a customer to use our services when the customer first signs up to be a member. We may additionally collect information necessary for payment, delivery of goods and services, refund and the like, following customer’s use of our services.
2. We do not use the personal information for any purpose other than that set forth herein or disclose such information to any third party without the consent of the customer.
3. We collect and use personal information for the following purposes described below. However, we may, after notification, collect a business registration number, bank account information and mobile phone number information for the customer’s purchase or for the settlement of payment, if it is inevitable to collect and store it pursuant to applicable laws and regulations (including without limitation, the Framework Act of National Tax and the Electronic Financial Transactions Act).
4. Non-member

- Name, legal alien registration number, gender, date of birth, mobile phone number, password: to verify his/her/its identity for the use of our services, provide services etc.

- Business registration number.

- E-mail address, telephone number and mobile phone number: for communications to facilitate transactions, confirm his/her/its intent, handle complaints, give updates on services and notifications, etc.

- Name, address, and telephone number of a recipient: to verify the destination for delivery of goods and free gifts.

- Bank account information and mobile phone number information: to provide payment services, in case Areum provides special offers such as non-member purchase opportunity.

2. Member Who Is a Buyer

- Name, resident registration number (or legal alien registration number), gender, mobile phone number, ID, password, date of birth, connecting information (CI), duplication information (DI): to verify his/her identity for the use of our services; provide services subject to age restrictions; handle complaints, etc.

- Resident registration number: to comply with Article 6 of the e-Commerce Act addressing the preservation of transaction records

- Name of representative, business registration number, and contact number (for business): to provide services to a member that is a business operator, and so on

- E-mail address, telephone number, mobile phone number, and address: for communications to facilitate transactions, confirm his/her intent, handle complaints, give updates on services and notifications, etc.

- Name, address, and telephone number of a recipient: to verify the destination for delivery of goods and free gifts, etc.

- Bank account information and mobile phone number information: to provide payment services, etc.

3. The following information may be collected from users who use value-added services and customized services.

- If the user agrees to the collection of additional personal information.

4. Other

In the course of your using our services or transaction processing, the following information may be automatically generated and collected:

- IP address, date and time of visit, records of use of our services: to prevent unauthorized use and misuse

1. In the case of collecting personal information of a customer, the Company will collect the information with his/her consent, and will not collect information on race, origin, legal domicile of origin, religion, political disposition, criminal records, health condition and other information likely to infringe on the fundamental rights of customers, unless upon the consent of the relevant individual or required by law.
2. We may collect personal information in the following manner:1) collection on/through the Company’s homepage, in writing, by facsimile, by phone, through your contacting Areum operation team, and through your participating in an event; and 2) automatic collection through tools to collect generated information

2. Provision and Sharing of Personal Information to or with a Third Party

1. We will use customers’ personal information only for the purposes and within the scope of use identified in the “Collection and Use of Personal Information” Section above. We will not use the personal information beyond such scope without the prior consent of the relevant individual, and as a general rule, we will not provide the information to any third party, except as set out below.
2. if the relevant individual consents, in advance, to the disclosure or provision to a third party; or
3. if required by law, or if requested by the law enforcement or competent authority pursuant to the procedures and methods of due process prescribed by applicable laws and regulations for the purpose of a criminal or other investigation.
4. If placement of an order or payment is made for a transaction through services provided by the Company, we may provide the other party thereto with relevant information to help such other party to carry out the transaction (including but not limited to delivery), or to facilitate communications between the parties thereto (including but not limited to consultation), but in any event only to the extent necessary.
5. If otherwise necessary to provide personal information to a third party, we may provide or share personal information to or with a third party upon consent from customers through due process.

3. Outsourcing of Processing of Personal Information

1. We may outsource personal information processing services to third party service providers to facilitate and improve our services.
2. In relation to processing of personal information, we outsource such tasks as set out below to third-party service providers and, when executing outsourcing contracts with them, take measures necessary to ensure security in the management of personal information. Further, information processed through outsourcing arrangements is limited to the minimum information necessary to facilitate provision of our services.

4. Duration of Retention and Use of Personal Information and Destruction

As a general rule, the Company retains and uses customer’s personal information for the notified and agreed durations and once the purposes of collection and use of the personal information are achieved, it is without delay destroyed (provided, however, that the personal information will be destroyed after two (2) months from the date of termination of a shopping service user agreement (“User Agreement”). Further, the following information may be retained for such duration for such reasons as set out below:

1. Retention pursuant to applicable laws and policies of the Company

If required to retain personal information pursuant to applicable laws, including without limitation the Commercial Code, we retain user’s personal information for such duration as prescribed thereby, in which case the Company will use the information solely for the purposes of retention, and applicable durations of retention are set out below.

1. Records on contracts or withdrawal of offers and the like

- Reasons for retention: Article 6 of the e-Commerce Act; and Article 6 of the Enforcement Ordinance thereof

- Duration of Retention: 5 years

2. Records on payment settlement and supply of goods, etc.

- Reasons for retention: Article 6 of the e-Commerce Act; and Article 6 of the Enforcement Ordinance thereof

- Duration of Retention: 5 years

3. Records on processing of customer disputes and complaints

- Reasons for retention: Article 6 of the e-Commerce Act; and Article 6 of the Enforcement Ordinance thereof

- Duration of Retention: 3 years

4. Records on access

- Reasons for retention: Article 15-2 of the Communications Secrecy Protection Act; and Article 41 of the Enforcement Ordinance thereof

- Duration of Retention: 3 months

5. Records on misbehaviors in the use of services

- Reasons for retention: Retention pursuant to the Company’s policies, such as, prohibition of misbehaviors

- Duration of Retention: 5 years

1. The duration of retention / use of collected personal information will start from when the User Agreement is entered into (i.e., signing up for a membership) and end when the User Agreement is terminated (including, but not limited to, applying for closure of the account, and forcible account closure/dismissal). Further, in the case of termination of the User Agreement upon mutual agreement, the Company will without delay destroy all of your personal information other than contained in materials required to retain for a certain period for the aforementioned reasons for data retention, and will also instruct its third-party service providers to destroy the personal information provided to them for the outsourcing of data processing.

Your personal information will be destroyed without delay if the purposes of collection and use of the personal information are achieved. If printed on paper, your personal information will be destroyed by shredding or incinerating the paper documents or otherwise and, if saved in the form of electronic files, your personal information will be destroyed by technical means making the records non reproducible.

5. Cookies

1. Purpose of Use of Cookies
2. We use cookies to save and find information about the members’ accounts in order to provide personally customized services to the members. A cookie is a small text file of information about the basic setting of a website, sent by the website’s web server to the web browser of a user of the website, and it is stored in the hard disc of the computer used by you.
3. We can provide you with particular customized services that can be possible only by use of cookies.
4. We may use cookies to identify members and recognize them remaining in a log-in status.
5. Installation and Operation/maintenance of Cookies and Refusal thereof
6. You have an option to accept or refuse installation of cookies. Therefore, you can choose the options of your web browser to accept all cookies, to receive notice when cookies are installed, or to refuse all cookies.

- How to enable/disable cookies on Internet Explorer

＊ Click the Tools button, and then click Internet Options.

＊ Click the Privacy tab.

＊ Under Settings, move the slider to the top to block all cookies or to the bottom to allow all cookies, and then click OK.

2. However, if you refuse cookies, you may not be able to access certain services provided by the Company that require cookies.

6. Rights of Users

1. You may at any time access, check or correct your registered personal information at the “My Account” page of Areum. If you make a request for checking or correction of it to our Areum operation team in writing or by e-mail, we will take care of your request. Please note that ID (email address) may not be corrected. If, however, your ID (email address) has been duly changed for administrative reasons, then correction of such information may be exceptionally permissible. If correction or removal is prohibited or restricted under applicable law or regulation, fulfillment of your request may be restricted. Further, if you request correction of your personal information, the relevant personal information will not be used or provided until correction has been completed, unless provision of the information is requested pursuant to any other applicable law or regulation. As for information that was already provided to a third party, the third party will be notified of the results of correction, so that the corrected information may apply as soon as the correction process is complete.
2. You may at any time request to stop handling of your personal information at Areum; provided that in the following case, we may refuse to satisfy your request:
3. if particularly prescribed by any law or regulation, or if the handling is inevitable to perform obligations in compliance with applicable law or regulation;
4. if there is apprehension that life/body of any other person may be harmed or that the property and other interest of any other person may be unjustly infringed upon; or
5. if, without handling the personal information, it is impossible to perform a contract with the customer (such as a contract for provision of service), where the customer has not expressly made it clear that he/she / it intends to terminate the contract.)
6. You may at any time withdraw your consent to our collection, use, and provision of personal information (whether provided at the sign-up process or otherwise). The consent can be withdrawn on the web (by clicking “Close Account” at Areum), or by contacting our Areum operation team in writing, by phone, by email or otherwise. At your request, we will take necessary measures to handle withdrawal requests without delay; provided that, if required to keep in storage your personal information pursuant to applicable law, regulation or terms and conditions, handling of your withdrawal request may be restricted. In such case, you must disclose your Member ID and personally identifiable information to verify your identity. Upon closure of the account, your use of the Service may be somewhat limited or the Service in part or wholly may be unavailable to you.

7. Responsibilities of Users

You have obligations to protect your own personal information, and we are in no event responsible for any issues or problems arising out of the leak of personal information caused by your own negligence (such as, transfer, lending or loss of your ID (email address), Password, access medium, etc., leaving a PC without logging out, and the like), inherent problems in Internet (such as, vulnerability of browsers, hacking by use of such technology or method as cannot be prevented by security measures compliant with applicable laws and regulations and as controllable despite of substantial care taken by the Company to prevent the same) and the like, in each case, so long as it is not attributable to the Company.

1. You should keep your personal information up-to-date, and are solely responsible for any accidents arising out of your provision of inaccurate information.
2. If you misappropriate another’s personal and company information, including company name, business registration number, etc., when signing up for a membership or entering into a transaction to purchase goods or services, you may lose your membership and be subject to criminal sanctions under the Resident Registration Act.
3. If you intentionally generate multiple IDs to take advantage of Areum's benefits (including but not limited to promotions, Areum Points and events, which are granted per customer), you may lose your membership and be subject to civil action for business interruption.
4. You are responsible to keep your ID (email address), password etc. securely protected. You should not assign or lend any of them to a third party. You have obligations to cooperate with the Company’s request to change your passwords regularly for security purposes pursuant to the Policy.
5. After using our services, you should log out from your account and close the web browser.
6. You must comply with all laws and regulations concerning personal information, including but not limited to the IC Network Act, the Personal Information Protection Act, and the Resident Registration Act.

8. Liability on Links to Other Web Sites

We can provide you with links to another websites. However, this Policy is not applicable to such other sites’ collection of personal information.

9. Technical / Managerial Safeguards to Protect Personal Information

In handling your personal information, we take the following technical/managerial safeguards to ensure your personal information secure from loss, theft, leak, falsification or destruction:

1. Encryption of Personal Information

Your passwords will be, after one-way encryption, kept and managed, and only you who knows the passwords can check and modify your passwords. We set rules on the generation of passwords so as to prevent you from using your birthday, phone number, or any other numbers easily predictable. Your personal information, such as resident registration numbers, legal alien registration numbers, bank account numbers and credit card numbers, will be, after encrypted by safe password algorithms, kept and managed.

1. Anti-hacking Measures

To prevent leak of your personal information as a result of intrusion to our information and communications networks, such as hacking, we operate intrusion detection and firewall systems for 24 hours a day. To prevent an intrusion, all of our intrusion detection and firewall systems have duplex configuration, and for secure transmission on networks, sensitive personal information in transit is protected through encryption etc..

1. Minimization and Training of Personal Information Managers

We limit the number of our employees who handle personal information to the minimum level necessary and impress on them the importance of protection of personal data through managerial safeguards, including but not limited to their training.

1. Operation of a Separate Department particularly for the Protection of Personal Information

For the efficient protection of personal information, we operate a separate department particularly for the protection of personal information. Further we exert our efforts to correct any problem, if found, through checking items to comply with under this Policy and whether our personal information managers are in compliance with the Policy.

 

10. Privacy Officer (Areum operation team)

We exert our best efforts to help you use our services safely. You can report any complaint on privacy issues in relation to the use of our services, to our Areum operation team in charge of protection of personal information, and we will respond to your reports promptly and with sincerity.

Protection of Personal Information

• Leader of Areum Operations Name: [Seong-Won Park]
• Department: [Areum Operations]
• Title: [Team Leader of Areum Operations];
• Email: cs@Areum.io
• Tel No.: 070-5056-2642

If any other reporting or counseling is required in relation to infringement of personal information, please contact the following institutions for inquiry.

KAIT (Korea Association of Information and Telecommunication) :

• Tel No.: 02-580-0533~4
• URL : http://www.eprivacy.or.kr

SPO (Supreme Prosecutor’s Office Republic of Korea) :

• Tel No.: 02-3480-2000
• URL : http://www.spo.go.kr

11. Obligation of Notification

This Policy may be amended pursuant to the government’s policy or out of necessity of the Company. Any addition, deletion or revision of this Policy will be notified in advance on our homepage or by email at least 7 days prior to the effective date, and if it is difficult to give prior notification, it will be notified subject to availability without delay; provided that if any material term (i.e., the purpose of collection and use of personal information, the third party to which personal information will be provided, etc.) is added, deleted or revised, such addition, deletion or revision will be notified in advance at least 30 days prior to the effective date that the Policy as amended will take effect 30 days from the date of notification. In addition, in case where any content to which requires us to obtain from you a separate consent to any consent item (i.e., the collection and use of personal information, provision of personal information to a third party, etc.) under applicable law or regulation (including without limitation, the IC Network Act, etc.) is added or changed, we will obtain a separate consent from you pursuant to the applicable law or regulation.

Effective Date: April 28, 2020