privacy policy
Personal Information Processing Policy
Urban Brush Personal Information Processing Policy
Urban Brush (hereinafter referred to as the “Company”) establishes and discloses the following personal information processing guidelines in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly address any complaints related thereto.
Article 1 (Purpose of Personal Information Processing) The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following. If the purpose of use changes, the Company will take necessary measures, including obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. Website Membership Registration and Management
Personal information is processed for the following purposes: confirming intent to register, identifying and authenticating users for membership services, maintaining and managing membership status, verifying users’ identity under the limited identity verification system, preventing unauthorized use of services, verifying consent from legal representatives when processing personal information of children under the age of 14, providing various notifications, and handling complaints.
2. Provision of Goods or Services
We process personal information for the following purposes: delivery of goods, provision of services, sending of contracts and invoices, provision of content, provision of customized services, identity verification, age verification, payment and settlement of fees, and debt collection.
3. Complaint Handling
We process personal information for the following purposes: verifying the identity of the complainant, confirming the complaint, contacting and notifying for fact-finding purposes, and notifying the processing results.
Article 2 (Processing and Retention Period of Personal Information) ① The Company processes and retains personal information within the retention and use period stipulated by law or agreed to by the data subject at the time of collection.
② The processing and retention periods for each personal information are as follows:
1. Website Membership Registration and Management: Until the business/organization withdraws from the website.
However, in the following cases, until the end of the relevant period:
1) In the case of ongoing investigations or inquiries due to violations of relevant laws and regulations, until the end of such investigations or inquiries.
2) In the case of remaining creditor-debtor relationships arising from website use, until the settlement of such creditor-debtor relationships.
2. Provision of Goods or Services: Until the completion of the provision of goods or services and the completion of payment and settlement.
However, in the following cases, until the end of the relevant period:
1) Records of transactions, including labeling and advertising, contract terms and performance, in accordance with the Act on Consumer Protection in Electronic Commerce, etc.
– Records of labeling and advertising: 6 months
– Records of contracts or withdrawals, payments, and supply of goods: 5 years
– Records of consumer complaints or dispute resolution: 3 years
2) Retention of communication confirmation data pursuant to Article 41 of the Protection of Communications Secrets Act
– Subscriber telecommunications date and time, start and end times, other party subscriber number, frequency of use, and base station location tracking data: 1 year
– Computer communications, Internet log records, and access point tracking data: 3 months
Article 3 (Provision of Personal Information to Third Parties) ① The Company processes the personal information of the data subject only within the scope specified in Article 1 (Purpose of Processing Personal Information). Personal information is provided to third parties only when the information subject consents, special provisions of law, or otherwise falls under Article 17 of the Personal Information Protection Act.
Article 4 (Rights, Obligations, and Exercise Methods of the Data Subject) ① The data subject may exercise the following personal information protection-related rights against the Company at any time.
1. Request to View Personal Information
2. Request for Correction in the Event of Errors
3. Request for Deletion
4. Request for Suspension of Processing
② The rights under Paragraph 1 may be exercised by contacting the Company in writing, by phone, by email, or by facsimile (fax), and the Company will take action without delay.
③ If the data subject requests correction or deletion of personal information due to errors, etc., the Company will not use or provide the personal information until the correction or deletion is completed.
④ The rights under Paragraph 1 may be exercised through a proxy, such as the data subject’s legal representative or authorized representative. In such cases, a power of attorney in the format of Appendix 11 of the Enforcement Decree of the Personal Information Protection Act must be submitted.
⑤ The data subject shall not infringe upon the personal information or privacy of the data subject or others being processed by the Company in violation of the Personal Information Protection Act or other relevant laws.
Article 5 (Items of Personal Information Processed) The Company processes the following personal information items.
1. Website Membership Registration and Management
․General Members: Required – Username, Email Address / Optional – Name, Website
․Designer Members: Required – Name, Email Address, Username, Activity Name
2. Provision of Goods or Services
․Required – Name, ID, Password, Address, Phone Number, Email Address, Credit Card Number, Bank Account Information, etc., Payment Information
․Optional – Areas of Interest, Past Purchase History
3. The following personal information may be automatically generated and collected during the use of Internet services:
․IP Address, Cookies, MAC Address, Service Usage History, Visit History, Malicious Usage History, etc.
Article 7 (Deletion of Personal Information) ① The Company will destroy personal information without delay when it becomes unnecessary, such as when the retention period expires or the processing purpose is achieved.
② If the retention period for personal information agreed upon by the data subject has expired or the purpose of processing has been achieved, but the personal information must be retained pursuant to other laws and regulations, the personal information will be transferred to a separate database (DB) or stored in a different location.
③ The procedures and methods for destroying personal information are as follows:
1. Destruction Procedure
The Company selects personal information for which reasons for destruction have arisen and destroys the information with the approval of the Company’s Personal Information Protection Officer.
2. Destruction Method
The Company destroys personal information recorded and stored in electronic files using methods such as low-level formatting to render the records unrecoverable. Personal information recorded and stored in paper documents will be destroyed by shredding or incineration.
Article 8 (Measures to Ensure the Security of Personal Information) The Company takes the following measures to ensure the security of personal information.
1. Administrative Measures: Establishment and implementation of an internal management plan, regular employee training, etc.
2. Technical Measures: Access control for personal information processing systems, installation of an access control system, encryption of unique identification information, installation of security programs
3. Physical Measures: Access control for computer rooms, data storage rooms, etc.
Article 9 (Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices) ① The Company uses “cookies” to store and periodically retrieve usage information to provide personalized services to users.
② Cookies are small pieces of information sent by the server (http) used to operate the website to the user’s computer browser and may also be stored on the hard disk of the user’s PC.
A. Purpose of Cookie Use: Cookies are used to provide optimized information to users by identifying visits and usage patterns for each service and website visited, popular search terms, and whether or not the user has accessed a secure connection.
B. Cookie Installation/Operation and Refusal: You can refuse cookie storage by setting options in the Tools > Internet Options > Privacy menu at the top of your web browser.
c. Refusing cookie storage may result in difficulties using customized services.
Article 10 (Personal Information Protection Officer) ① The Company is responsible for overall management of personal information processing and has designated a Personal Information Protection Officer as follows to handle complaints and provide remedies for damages related to personal information processing.
▶ Personal Information Protection Officer
Name: Seo Dong-woo
Position: CEO
Contact: stylebd@gmail.com
※ You will be connected to the Personal Information Protection Department.
▶ Personal Information Protection Department
Contact: Lee Ji-ae
Contact: urbanbrushnet@gmail.com
② Data subjects may contact the Personal Information Protection Officer or the responsible department regarding any personal information protection-related inquiries, complaints, or remedies that arise while using the company’s services (or business). The company will respond and process inquiries without delay.
Article 11 (Requests for Access to Personal Information) Data subjects may request access to their personal information pursuant to Article 35 of the Personal Information Protection Act to the department below. The company will endeavor to promptly process requests for access to personal information.
▶ Personal Information Access Request Reception and Processing Department
Contact: Lee Ji-ae
Contact: urbanbrushnet@gmail.com
Article 12 (Remedies for Rights Infringement) Data subjects may contact the following organizations for remedies, consultations, etc. regarding personal information infringement.
<The organizations below are separate from the company. If you are not satisfied with the company’s own handling of personal information complaints or damage relief efforts, or if you need further assistance, please contact them.>
▶ Personal Information Infringement Reporting Center (operated by the Korea Internet & Security Agency)
– Responsibilities: Reporting personal information infringements, requesting consultation
– Website: privacy.kisa.or.kr
– Phone: (without area code) 118
– Address: 3rd Floor, Personal Information Infringement Reporting Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong) (58324)
▶ Personal Information Dispute Mediation Committee
– Responsibilities: Personal information dispute mediation applications, collective dispute mediation (civil resolution)
– Website: www.kopico.go.kr
– Phone: (without area code) 1833-6972
– Address: (03171) 4th Floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul
▶ Supreme Prosecutors’ Office Cybercrime Investigation Division: 02-3480-3573 (www.spo.go.kr)
▶ National Police Agency Cyber Safety Bureau: 182 (http://cyberbureau.police.go.kr)
Article 14 (Changes to Personal Information Processing Policy) ① This personal information processing policy shall be effective from 2