SKAMPY Privacy Policy

Effective Date: September 1, 2024

OldJeans Corporation (hereinafter “Company”) complies with the Personal Information Protection Act and related laws to ensure the protection of individuals’ rights and freedoms while providing SKAMPY. The Company processes and manages personal information lawfully and securely. In accordance with Article 30 of the Personal Information Protection Act, the Company provides the following privacy policy to inform data subjects about the procedures and criteria for processing personal information and to address any concerns in a timely and efficient manner.

Key Personal Information Processing Notices

For more details, please refer to the privacy policy below.

General Collection of Personal Information

Nickname, email address, profile picture

Purpose of Personal Information Processing

Identity verification, prevention of fraudulent registration and use of services, membership management and maintenance

Retention Period of Personal Information

Until account deletion

Outsourcing of Personal Information Processing

Cloud and infrastructure services

Purpose of Processing, Collection Items, Retention and Usage Period

  1. The personal information items, purposes, and retention periods the Company processes are as follows.
    2. Classification (business name) Purpose of processing Items collected Retention and use period Basis for processing
    Membership registration and management • Identification and authentication of the user
    • Maintenance and management of membership qualifications
    • Prevention of fraudulent registration and use of the service    		 Required: Email address, Select nickname: Profile photo Until withdrawal of membership Consent of the information subject
  2. The personal information processed will not be used for purposes other than those stated above. If the purpose of use changes, the Company will take necessary actions, such as obtaining separate consent from the data subject, in accordance with Article 18 of the Personal Information Protection Act.
  3. The Company processes and retains personal information within the retention and usage periods specified by laws or the period agreed upon by the data subject at the time of collection. However, in cases where the following apply, the information may be processed and retained until the reason for retention expires.
    ① If an investigation is ongoing due to a violation of laws, the information will be retained until the completion of the investigation.
    ② If there are remaining claims or obligations related to website usage, the information will be retained until settlement of those claims.
    ③ If required by law, the information will be retained for the prescribed retention period.
  1. Telecommunications Secret Protection Act: Communication fact confirmation data such as website visit records (3 months)
  2. Electronic Commerce Act: Records related to contracts or withdrawal of offers (5 years)
  3. Electronic Commerce Act: Records related to payment and supply of goods or services (5 years)
  4. Electronic Commerce Act: Records related to consumer complaints or dispute resolutions (3 years)
  5. Electronic Commerce Act: Records related to display and advertising (6 months)
  6. Information and Communications Network Act: Records related to identity verification (6 months)

Provision of personal information to third parties

  1. The company processes the personal information of the information subject only within the scope specified in the purpose of processing personal information, and Personal information is provided to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as consent, special provisions of laws, etc., and personal information of the information subject is not provided to third parties in other cases.
  2. The company may provide personal information to relevant organizations without the consent of the information subject in the event of an emergency, such as a disaster, infectious disease, an incident or accident that poses an imminent risk to life or body, or an imminent loss of property. Link

In this case, the company will provide only the minimum personal information necessary in accordance with the relevant laws and will not provide it for purposes other than those specified.

Entrustment of personal information processing work

  1. The company entrusts personal information processing work as follows for smooth personal information processing.
    2. Entrustee (Entrustee) Entrusted work Re-entrustment
    Amazon Web Services, Inc. Provision of service operating environment through AWS • Data storage

    The company entrusts personal information processing overseas as follows.

    Entrustee (Consignee) Country Location (Address) Date and Method Entrusted Items Retention and Usage Period Contact Person (Contact Information)
    Amazon Web Services, Inc. United States us-west-2 Transmitted through the server at the time of service use Email address, nickname, profile picture • Until the end of the entrustment contract
    • Until the request for destruction
    • Until the withdrawal of membership     		janpoo6427@gmail.com

    Methods, procedures, and effects of refusal to transfer personal information: The data subject may refuse the transfer of personal information overseas through the personal information department development team. However, if you refuse to transfer personal information overseas, it may be difficult to use SKAMPY services.

  2. When concluding a consignment contract, the company states in the contract or other documents matters related to prohibition of processing personal information other than the purpose of performing the consigned work, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, compensation for damages, etc. in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the consignee safely processes personal information.
  3. In the event that the content of the consigned work or the consignee changes, we will disclose it without delay through this personal information processing policy.

Destruction of Personal Information and Procedures

  1. When personal information becomes unnecessary due to the expiration of the personal information retention period or the achievement of the processing purpose, the company destroys the relevant personal information without delay.
  2. In the event that the personal information retention period agreed upon by the information subject has expired or the processing purpose has been achieved but the personal information must continue to be retained in accordance with other laws, the personal information is transferred to a separate database (DB) or stored in a different storage location.
  3. The procedures and methods for destroying personal information are as follows: Same as above.

Destruction procedure: The company selects personal information for which a reason for destruction has occurred and destroys the personal information after receiving approval from the company's personal information protection officer.

Destruction method: The company destroys personal information recorded and stored in electronic file formats so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incineration.

Rights, obligations, and exercise methods of the information subject and legal representative

  1. The information subject may exercise the rights to request access to, correction of, deletion of, or suspension of processing of personal information against the company at any time.
  2. The exercise of rights may be made to the company in writing, by e-mail, facsimile transmission (FAX), etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
  3. The exercise of rights may also be made through an agent, such as the information subject's legal representative or an authorized person. In this case, you must submit a power of attorney in the format of Appendix 11 of the “Personal Information Processing Method Notice (No. 2023-12).”
  4. Requests to view and suspend processing of personal information may limit the rights of the information subject under Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
  5. Requests for correction and deletion of personal information cannot be requested for deletion if the personal information is specified as a collection target in other laws.
  6. The company verifies whether the person making the request, such as viewing, requesting correction/deletion, or requesting suspension of processing, is the person himself or a legitimate agent in accordance with the information subject’s rights.

Safety of Personal Information Measures to ensure the safety of personal information

The company is taking the following measures to ensure the safety of personal information.

  1. Administrative measures: Establishment and implementation of internal management plan, operation of dedicated organization, regular employee training
  2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and update of security programs

Matters regarding the installation, operation and refusal of automatic personal information collection devices

The company does not use "cookies" that store and periodically retrieve the usage information of the information subject.

Matters regarding the collection, use and refusal of behavioral information

The company does not collect, use or provide behavioral information for online customized advertising, etc.

Personal information protection officer and request to view personal information

  1. The company is responsible for the overall management of personal information processing and has designated the following personal information protection officer to handle complaints and provide remedies for damages related to personal information processing.
  2. The information subject may request access to personal information in accordance with Article 35 of the Personal Information Protection Act to the department below. The company will endeavor to promptly process the information subject's request to access personal information.
    3. Category Person in charge Contact
    Personal Information Protection Officer Position/Position: CEO • Name: Lee Yujun zxcmn1224@naver.com
    Request to access personal information Department name: Development Team • Person in charge: Lee Yujun, Lee Janghee zxcmn1224@naver.com, janpoo6427@gmail.com
  3. The information subject may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that arise while using the company's services (or business) to the Personal Information Protection Officer and the department in charge. The company will promptly respond to and process inquiries from the information subject.

Methods of Redressing Rights Infringement

  1. The company guarantees the information subject's right to self-determination of personal information and strives to provide consultation and relief for damages resulting from personal information infringement. If you need to report or consult, please contact the department in charge.
  2. In order to receive relief for personal information infringement, the information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, etc. For other reports or consultations on personal information infringements, please contact the following organizations.

    3. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

  3. A person whose rights or interests have been infringed upon by a disposition or inaction by the head of a public institution in response to a request pursuant to Article 35 (Viewing Personal Information), Article 36 (Correction/Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may request an administrative appeal in accordance with the provisions of the Administrative Appeals Act.

    4. Central Administrative Appeals Commission: (without area code) 110 (www.simpan.go.kr)

Matters regarding changes to personal information processing policy

  1. This policy will be effective from September 1, 2024.