Privacy policy

Article 1 (Purpose)

Namdo Market Co., Ltd. (hereinafter "Company") establishes and operates this Personal Information Protection Policy to safely protect the personal information of users of the ND CAREON+ service while complying with applicable laws such as the "Personal Information Protection Act," "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.," and "Consumer Protection in Electronic Commerce Act."

Article 2 (Purpose of Personal Information Processing)

① The Company processes collected personal information for the following purposes.

1. Member Management: Used for identity verification, verification of institutional affiliation, and prevention of fraudulent use of services.
2. Service Provision: Used for product orders, payments, shipping, exchange and refund processing, and customer consulting.
3. Transaction Management: Used for purchase and payment processing, settlement, and retention of transaction records.
4. Marketing and Advertising (with selective consent): Used for event notices, personalized product recommendations, and provision of advertising information.

② If the purpose of use changes, the Company shall obtain separate consent and take necessary measures.

Article 3 (Items of Personal Information Processed)

① The Company collects only the minimum personal information necessary to provide services, and the items are as follows.

1. Upon Member Registration: Name, organization name, department/position (optional), email (ID), password, mobile phone number
2. At the time of Order and Payment: Recipient name, shipping address, mobile phone number, payment information (card company name, authorization number, etc. – provided that the Company does not retain original payment information)
3. Automatically Collected During Service Use: Access IP, device information, cookies, usage history, payment history

② The Company does not collect sensitive information (race, ideology, health, and other information specified in Article 23 of the Personal Information Protection Act).

Article 4 (Processing and Retention Period of Personal Information)

① The Company retains and uses personal information until the purpose of collection and use is achieved. However, it is retained for a certain period in accordance with applicable laws.

1. Records related to contract withdrawal, payment, and supply of goods: Retained for 5 years.
2. Records related to consumer complaints or dispute resolution: Retained for 3 years.
3. Records related to electronic financial transactions: Retained for 5 years.
4. Website access logs: Retained for 3 months.

② If necessary in accordance with laws or the Company's internal policies, the Company may retain information beyond the above periods with consent.

Article 5 (Third Party Provision of Personal Information)

① The Company shall not provide users' personal information to third parties in principle. However, the following cases are exceptions.

1. Provided if the user has given prior consent.
2. Provided upon request from relevant authorities such as investigative agencies and courts in accordance with applicable laws.
3. Name, contact information, and shipping address are provided to sellers (wholesale members) within the scope necessary for product ordering and shipping operations.

② The Company clearly informs the recipient of information, the purpose of provision, and retention period at the time of obtaining third party provision consent.

Article 6 (Outsourcing of Personal Information Processing)

① The Company outsources personal information processing tasks to provide smooth service.

② The main service providers and details of outsourced services are as follows.

③ In accordance with Article 26 of the Personal Information Protection Act, the Company establishes outsourcing contracts that include provisions regarding prohibition of personal information processing, technical and administrative protective measures, restrictions on re-outsourcing, management and supervision, and liability for damages, and manages and supervises compliance with such provisions.

④ When a service provider or outsourced services details change, the Company discloses such changes without delay.

Article 7 (Destruction of Personal Information)

① The Company shall destroy personal information without delay when the retention period expires or the purpose of processing is achieved.

1. Electronic file format: Permanently deleted by irreversible means.
2. Paper documents: Destroyed by shredding or incineration.

② If any part of the information must be retained in accordance with applicable laws, it shall be destroyed immediately after the expiration of the retention period.

Article 8 (User Rights and Obligations and Methods of Exercise)

① Users may request access, correction, deletion, or suspension of processing of their personal information at any time.

② Users may request service withdrawal, and the Company shall delete personal information without delay, except as provided by applicable laws.

③ Users may withdraw consent to receiving marketing information at any time.

④ Users may refuse to consent to the collection, use, or provision of personal information; however, this may result in restrictions on service use.

⑤ The Company guarantees the above rights through identity verification procedures and notifies the user of the reasons for any justified refusal.

Article 9 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

① The Company installs and operates cookies to provide customized services.

② Users may refuse to store cookies through browser settings. However, refusing to store cookies may result in restrictions on the use of some services.

③ The Company may use external analysis tools such as Google Analytics, and the Company shall notify users of such use.

Article 10 (Measures to Ensure Security of Personal Information)

① The Company takes the following measures to prevent personal information from being lost, stolen, disclosed, forged, altered, or damaged.

1. Administrative Measures: Minimization of personal information processing staff and training, establishment and implementation of internal management plans
2. Technical Measures: Encryption of personal information, installation and regular inspection of security programs, retention of access logs and prevention of tampering
3. Physical Measures: Access control to computer rooms and data storage facilities

② The Company shall follow notification procedures prescribed by applicable laws in the event of personal information disclosure.

Article 11 (Overseas Transfer of Personal Information)

① The Company does not transfer personal information overseas in principle.

② However, when using cloud servers or overseas advertising services (Google, Meta, etc.), the Company may transfer information overseas with user consent, and shall notify users in advance of the transfer country, transfer date and time, items, and retention period.

Article 12 (Personal Information Protection Officer)

① The Company designates a Personal Information Protection Officer to oversee and take responsibility for personal information processing operations and to handle user complaints and provide remedies for damages related to personal information.

• Personal Information Protection Officer: Head of Management Support Team
• Contact: cs@ndmarket.co.kr / 02-779-7070

Article 13 (Changes to the Personal Information Processing Policy)

① This Personal Information Protection Policy shall be effective from [DATE], 2025.

② The Company may amend this Policy due to changes in applicable laws, policies, or internal operational policies, and shall provide notice at least 7 days prior to such amendment.