HanaBio Food PRIVACY POLICY

Founded in 2009, the company has been focusing on developing fertilizers used for organic farming
and biofood to stabilize its business. With constant investment in technology,
the company has become one of the leading companies in the industry.

PRIVACY POLICY

CHAPTER 1. PURPOSE OF COLLECTION AND USE OF PERSONAL INFORMATION

  • The company handles personal information for the following purposes: Personal information being processed is not to be used for purposes other than what is specified below. In case the purpose of use undergoes change, the company shall take any necessary measures such as obtaining separate consent according to relevant Acts.

    Category Purpose
    Signup Confirmation of members’ intention for signup, user identification/personal identification, management of membership qualification, contact for the purpose of notifying contract fulfillment and changes in terms and conditions, confirmation of intention and managing grievance settlement, prevention of wrongful use, prevention of unauthorized use, service provision and contract fulfillment, services use/consultation/inquiry, establishment of efficient communication channels such as customer inquiries, provision of personalized member services, provision of site-based services, etc.
    Provision of Goods and Services Product delivery, provision of services, transmission of request of contract document, provision of contents, provision of personalized services, personal identification, age verification, payment and expense settlement, refund, etc.
    Marketing and Advertisement Analyzing the number of visits to the website or member’s usage statistics Delivery of advertising information such as promotional events

CHAPTER 2. PERSONAL INFORMATION TO BE COLLECTED AND METHODS OF COLLECTION

  • The company collects and processes the following items of personal information:

    Purpose Category Personal Information Method of Collection
    Required Optional
    Signup Signup Name, ID, password, mobile phone number, email Address Website
    Provision of Goods and Services Member's order Member's payment information, recipient's name/mobile phone number/address - Website, email, written form, FAX, customer services via online and telephone consultation, entry to an event
    Non-member order Ordering person’s name/mobile phone number/email/payment information, recipient's name/mobile phone number/address -
    Cancellation and Refund Account holder, name of bank, bank account number -
    Bulk Order Inquiry Name, contact, email -
    Partnership Inquiry Applicant’s email, manager’s name, manager’s contact, manager’s email -

    ※ When using the company’s services, information such as service usage records, number of visits, records of abnormal usage, IP address, cookies, MAC address, mobile device information (app version, OS version), ADID/IDFA (advertising identifier), etc. may be automatically generated and collected.
    ※ Items collected may differ depending on the event being held; therefore, separate consent is to be requested for application and the relevant data shall be deleted as soon as the purpose is attained.

CHAPTER 3. USAGE AND RETENTION OF PERSONAL INFORMATION

  • (1) The company only retains and uses personal information within the period of time permitted by law or the consent provided by the users.
    (2) The processing and retention period of each personal information is as follows:
    1) Website member signup and management: information (ID, mobile phone number) is to be destroyed after thirty (30) days of retention starting from the date of withdrawal, and information concerning provisions of goods and services is to be destroyed after a designated retention period in accordance with relevant laws.
    However, the retention period may differ in the following cases:
    - Retains until the investigation ceases if a criminal investigation is underway due to violation of relevant Acts and subordinate statutes,
    - Retains until the settlement has been made if there are unsettled issues concerning credit and debt
    2) Rule of expiration of personal information (dormant account policy): pursuant to Article 29 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., personal information of a user with no record of service usage for a period of over one (1) year shall be stored and managed separately (diversion to dormant account) from other regular users. The company notifies the user via email, etc. thirty (30) days prior to the diversion to dormant account, and separately stored personal information is not to be used or provided unless relevant legal regulations provide otherwise.
    3) Provision of goods and services: the retention period terminates when supply of goods and services and all payments are settled
    - Non-member order: destroy after five (5) years of retention from the date of business purpose attainment
    - Bulk order inquiry: destroy after thirty (30) days of retention from the date of completion of inquiry
    - Partnership inquiry: destroy after ninety (90) days of retention from the date of completion of inquiry
    However, this shall not apply to the following cases and retention period terminates once the designated period of time terminates:

    Target Relevant Laws and Provisions Retention Period
    Record of contract or cancellation of subscription, etc. Act on the Consumer Protection in Electronic Commerce, etc Five (5) years
    Record of payment of price and supply of goods, etc Five (5) years
    Record of consumer grievance or dispute settlement Three (3) year
    Record of identification Act on Promotion of Information and Communications Network Utilization and Information Protection, etc Six (6) months
    Internet access record, access location tracing data Protection of Communications Secrets Act Three (3) months

CHAPTER 4. PROCEDURES AND METHODS FOR THE DESTRUCTION OF PERSONAL INFORMATION

  • (1) The company shall destroy personal information without delay when the personal information becomes unnecessary owing to the expiry of the retention period, attainment of the purpose of processing the personal information, etc.
    (2) In such cases where other Acts and subordinate statutes mandates the company to retain personal information collected under users' consent regardless of the expiry of the retention period or attainment of the purpose of processing, the personal information should be transferred to a separate database (DB) or separately retained in another retention location. Separately retained personal information is not to be used for purposes other than retention purposes unless provided by relevant Acts.
    (3) The procedures and methods of destroying personal information shall be as follows:
    1) Destruction process
    - The company selects personal information subject to destruction for appropriate reasons, and destroys it following approval from the company’s privacy officer.
    2) Methods of destruction
    - The company destroys personal information recorded or retained through digitalized form by preventing recovery and revival using methods such as Low Level Format, etc. Personal information retained in paper form is to be destroyed by shredding with a grinder or destroyed by incineration.

CHAPTER 5. PROVISION OF PERSONAL INFORMATION TO A THIRD PARTY

  • The company handles personal information only within the limits confined by written clauses provided at the time of the collection, and the provision of personal information to a third party is only available given that user’s consent is present or other Acts specify otherwise.

CHAPTER 6. RIGHTS OF USERS AND LEGAL REPRESENTATIVES AND HOW TO EXERCISE SUCH RIGHTS

  • (1) Users may at any time exercise their rights related to personal information through any of the following requests:
    1) Request for access to personal information
    2) Request for correction in such cases of misinformation, etc.
    3) Request for deletion
    4) Request to suspend the processing
    (2) Users may exercise their rights through the website under the menu “Change Personal Information”, “Membership Withdrawal” or through a written document, phone call, email, facsimile (FAX), etc. to the company, and the company shall act immediately without delay.
    (3) If the users request correction or erasure of misinformation, etc. found in their personal information, the company, until completing correction or erasure does not use or provide the said personal information.
    (4) Users may exercise their rights through an agent such as a legal representative or a delegated person, etc. In such cases, a letter of delegation shall be presented.
    (5) Users shall not violate relevant Acts and subordinate statutes concerning the protection of personal information and shall not infringe personal information and privacy of themselves or another person that is handled by the company.

CHAPTER 7. INSTALLATION AND OPERATION OF AN AUTOMATIC COLLECTION TOOL FOR PERSONAL INFORMATION AND THE DENIAL THEREOF

  • (1) The company uses “cookies,” an access information of storage and repeated usage, for the purpose of providing individual users with personalized services.
    (2) Cookies, necessary for website operation, is a small amount of information being sent from the server to the user’s computer browser and it may be stored inside the hard disk of the user’s PC.
    1) Purpose for use of cookie: Analyzes the user’s access to services and sites and the usage thereof, popular search terms, the use or disuse of secure access, etc. and provides the user with optimized information based on the analyzed data.
    2) The installation, operation, and denial of cookie: the user has the right to select whether or not to install cookies, which is possible by adjusting options in the web browser, whether to permit or deny all cookies or may request confirmation every time before a cookie is stored. The permission to install or deny cookie could be done as follows:
    - Internet Explorer: Go to Tools Menu > Internet Options > Privacy Tab > Privacy Policy Level Settings
    - Chrome: Go to Settings Menu > Advanced > Personal Information - Contents Settings > Cookies and Other Site Date Settings
    - Firefox: Go to Option Menu > Personal Information > History - User-defined Settings > Cookie Level Settings
    - Safari: Go to Configuration Settings Menu > Personal Information Tab > Cookie and Website Data Level Settings
    3) Difficulties may arise when using personalized services if the storage of cookies is denied.

CHAPTER 8. PERSONALIZED ONLINE ADVERTISEMENT SERVICES

  • The company allows for personalized online advertisement service providers to collect user’s behavioral information as follows:
    1) Advertisement service providers that collect and process behavioral information: Google, Facebook, Amplitude, Lucidworks, Kakao, Branch (TUNE), Criteo
    2) Method of collecting behavioral information: Automatic collection and transmission of data whenever the user visits the company’s website or runs the application

CHAPTER 9. TECHNICAL AND MANAGERIAL SAFEGUARDS OF PERSONAL INFORMATION

  • The company takes the following measures to ensure the safety of personal information:
    1) Managerial measures: Establishment and execution of internal managerial plan, personnel education on a regular basis, etc.
    2) Technical measures: Access permissions control on personal information processing system, installation of access control system, encryption of personally identifiable information, installation of security program, etc.
    3) Physical measures: Access control of computer information center, data archives, etc.

CHAPTER 10. PRIVACY OFFICER

  • (1) The company designates a privacy officer who comprehensively takes charge of processing personal information and handling grievances and remedial compensations. The officer is designated as follows:

    Privacy Officer Personal Information Complaint Division
    Name: Hyemin Lee
    Position: Assistant manager
    Phone: +82-31-662-7811
    Email: hanabiot@hanmail.net
    Department: Marketing/Planning

    (2) Users may inquire to the privacy officer or person in charge whenever matters of personal information protection, grievance, remedial compensation, etc. arise in the course of using the company’s services. The company will without delay answer and process the inquiry of the user.

CHAPTER 11. REMEDIAL MEASURES TO INFRINGEMENT ON RIGHTS AND INTERESTS

  • (1) Users may seek relief and consultation to the infringement of personal information by contacting the agencies below:
    ※ Since the agencies below are not affiliated with the company, please contact these agencies for help when the company fails to satisfy users in dealing with a grievance of personal information and remedial compensation or if the user seeks further aid.
    (2) Please contact the agencies mentioned below to report or consult matters that arise from the infringement of personal information.

    Contact Us Contact Website
    Personal Information Infringement Report Center (without area code) 118 privacy.kisa.or.kr
    Personal Information Dispute Mediation Committee 1833-6972 www.kopico.go.kr
    Cyber Investigation Division of the Supreme Prosecutor’s Office (without area code)1301 www.spo.go.kr
    Cyber Bureau of the National Police Agency (without area code) 182 www.police.go.kr/www/security/cyber.jsp

CHAPTER 12. AMENDMENT OF PRIVACY POLICY AND NOTIFICATION THEREOF

  • The amendment and contents of this Privacy Policy will be announced on the website or notified through email at least seven (7) days prior to the amendment. However, if a significant change of contents affects the right or duty of the user, a notification will be provided at least thirty (30) days prior to the enforcement date.
    - Announcement date: January 20, 2021
    - Enforcement date: January 5, 2021