A promise by a trustworthy company that is
making a more beautiful world
A promise by a trustworthy company that is
making a more beautiful world
A value that promotes true beauty
Management ethics is what AMOREPACIFIC keeps.
이 약관은 『개인정보보호법』 기타 관련 법률에 의하여 감사실(이하 감사실)이 제공하는 서비스(이하 "서비스")의 이용 조건, 절차 그리고 이용자규칙에 관한 사항 등을 규정함을 목적으로 합니다.
이 약관에 규정되지 않은 사항이 관련법령에 규정되어 있는 경우 그 규정에 따라 적용될 수 있습니다.
이 약관에서 사용하는 용어의 정의는 다음과 같습니다.
감사실은 관련 법률 및 감사실이 정하는 개인정보취급방침에 정한 바에 따라 이용자의 개인정보를 보호하기 위하여 노력합니다.
감사실은 이용자가 본 서비스를 통하여 게시, 게재, 전자메일 또는 달리 전송한 내용물에 대하여 책임을 지지 않으며, 다음 각호의 1에 해당한다고 판단되는 경우에 사전 통지 없이 삭제할 수 있습니다.
감사실은 이용자가 다음 각호의 1에 해당하는 행위를 하였을 경우 사전통지 없이 서비스 이용을 중지시킬 수 있습니다.
서비스 이용과 관련하여 발생한 분쟁에 대해 소송이 제기될 경우 원고 소재지의 법원을 관할법원으로 합니다.
[부칙] 이 약관은 2012년 1월 04일부터 시행합니다.
AMOREPACIFIC Co. Ltd. (hereafter "Company") considers the private information of the user using Service provided by Company very important. Therefore, Company makes its best efforts to protect the user's private information.
Company complies with 『Private Information Protection Law』, 『Law regarding Information Network Use Promotion and Information Protection and etc. 』 and all regulations relevant to the private information protection. Company establishes its own private information handling policy additionally and follows the policy to provide better protection of the private information of users. Also, Company opens the private information handling policy to public all the time in the front page of Company's website as a part of its measure for users' convenience in reading the policy.
Company's Private Information Policy is subjected to change according to any revision of relevant law or notification or any change of the internal operation policy. In case of any revision of Company's Private Information Policy, the revised items is announced though the website.
Company's Private Information Policy contains the following items.
1. Internal Audit (ethics.amorepacific.com)
Service Classification | Collected Items | The Purpose of Collection and Use | The Periods of Use and Holding |
Report | Name(anonymous), Mobile Phone No, E-mail Address, Contents of Report | To communicate the processing of the collected information To manage information submitted | Until one year from report |
④ The user may deny to agree regarding the collection and the use of private information. And in case of denial, the user may be restricted for use of the service provided by a third party.
2. Internal Audit
Consignee | The Consigned Responsibility |
GROVESOFT Co. Ltd. | Site’s Management and Computer Process |
① To protect users' private information and handle complains related to the private information, Company assigns a department to handle the private information protection and related problems. Also, a private information manger and a private information management staff are assigned to process users' inquiries and complains regarding the private information as soon as possible.
[Private Information Manager]
Name: Lee Sang Ho Vice President
Department: AMOREPACIFIC Internal Audit
Telephone No.: 82-2-879-3274(Mon.~Fri. : 09:00~18:00 Except Holidays)
[The Department Responsible for Private Information Management]
Responsible Department | Internal Audit Team |
Telephone No | 82-2-879-4111 |
ethics@amorepacific.com |
② The user may make inquires not only to Paragraph 1's Private Information Protection Department of Company, but also to following institutions when consultation is required due to an occurrence of intrusion to own private information or its concern.
- Private Information Violation Report Center, Korea Internet and Security Agency (privacy.kisa.or.kr/82-2-405-5118)
- Information Protection Mart Certification Committee (www.eprivacy.or.kr/82-2-580-0533~4)
- Online Complaint Office, Supreme Prosecutor's Office (www.spo.go.kr/minwon/82-2-3480-2000)
- Cyber Terror Response Center, The National Policy Agency (www.ctrc.go.kr/1566-0112)
This policy's content may change according to any change in the law & policy and Company's internal operation policy or the security technology. In case of a change, Company will announce the cause and content of change on the front page of Company's website at least seven days (if the change is disadvantageous users, 30 days) prior to the changed policy enforcement.
Article 1 (Effective Date) This policy is implemented from January 2, 2014
Article 1 (Effective Date) This policy is implemented from April 2, 2014
AMOREPACIFIC Co. Ltd. (hereafter "Company") considers the private information of the user using Service provided by Company very important. Therefore, Company makes its best efforts to protect the user's private information.
Company complies with 『Private Information Protection Law』, 『Law regarding Information Network Use Promotion and Information Protection and etc. 』 and all regulations relevant to the private information protection. Company establishes its own private information handling policy additionally and follows the policy to provide better protection of the private information of users. Also, Company opens the private information handling policy to public all the time in the front page of Company's website as a part of its measure for users' convenience in reading the policy.
Company's Private Information Policy is subjected to change according to any revision of relevant law or notification or any change of the internal operation policy. In case of any revision of Company's Private Information Policy, the revised items is announced though the website.
Company's Private Information Policy contains the following items.
1. Internal Audit (ethics.amorepacific.com)
Service Classification | Collected Items | The Purpose of Collection and Use | The Periods of Use and Holding |
Report | Name(anonymous), Mobile Phone No, E-mail Address, Contents of Report | To communicate the processing of the collected information To manage information submitted | Until one year from report |
④ The user may deny to agree regarding the collection and the use of private information. And in case of denial, the user may be restricted for use of the service provided by a third party.
2. Internal Audit
Consignee | The Consigned Responsibility |
GROVESOFT Co. Ltd. | Site’s Management and Computer Process |
① To protect users' private information and handle complains related to the private information, Company assigns a department to handle the private information protection and related problems. Also, a private information manger and a private information management staff are assigned to process users' inquiries and complains regarding the private information as soon as possible.
[Private Information Manager]
Name: Lee Sang Ho Vice President
Department: AMOREPACIFIC Internal Audit
Telephone No.: 82-2-879-3274(Mon.~Fri. : 09:00~18:00 Except Holidays)
[The Department Responsible for Private Information Management]
Responsible Department | Internal Audit Team |
Telephone No | 82-2-879-4111 |
ethics@amorepacific.com |
② The user may make inquires not only to Paragraph 1's Private Information Protection Department of Company, but also to following institutions when consultation is required due to an occurrence of intrusion to own private information or its concern.
- Private Information Violation Report Center, Korea Internet and Security Agency (privacy.kisa.or.kr/82-2-405-5118)
- Information Protection Mart Certification Committee (www.eprivacy.or.kr/82-2-580-0533~4)
- Online Complaint Office, Supreme Prosecutor's Office (www.spo.go.kr/minwon/82-2-3480-2000)
- Cyber Terror Response Center, The National Policy Agency (www.ctrc.go.kr/1566-0112)
This policy's content may change according to any change in the law & policy and Company's internal operation policy or the security technology. In case of a change, Company will announce the cause and content of change on the front page of Company's website at least seven days (if the change is disadvantageous users, 30 days) prior to the changed policy enforcement.
Article 1 (Effective Date) This policy is implemented from January 2, 2014
Article 1 (Effective Date) This policy is implemented from April 2, 2014
Amorepacific Corporation (hereinafter “the Company”) establishes and discloses the following privacy policies to protect personal information pursuant to Article 30 of the Personal Information Protection Act and handle related grievances promptly and smoothly.
The company is doing its best to protect personal information as well as the rights and interests of the information subject, and collects and uses personal information based on the relevant statutes or the consent of information subject for business processes.
The company processes and retains personal information within the period of possession and use of personal information under the relevant statutes or agreed by information subjects.
The company shall provide the information to a third party only if the information subject agrees or if the Personal Information Protection Act permits, such as for the provisions of the law. Otherwise, the company cannot use or provide the customer’s personal information to third parties beyond the notified scope.
The company entrusts the processing of personal information to a specialized institution for smooth personal information processing, wherein the company clearly stipulates compliance with the relevant laws, the prohibition of providing personal information to third parties, as well as liability, and strives to protect personal information by signing and securing the details of the contract.
The information subject may exercise his/her right to view, correct, delete, or stop the processing of personal information from the company at any time by himself/herself, his/her legal representative, or a delegated person. Then, the company will take immediate action against the request for rights, except as otherwise provided for by law.
The information subject and a legal representative may exercise their rights by contacting the company using the Internet, telephone, or written documents in relation to personal information, and the company shall take the necessary measures without delay.
The company processes personally identifiable information, address, contact, etc. with the consent of the information subject or under the law for Amorepacific Group’s business, such as providing services to customers and managing its executive personnel and employees.
When personal information becomes unnecessary, such as the expiration of the period of personal information retention or the achievement of processing purposes, the company shall destroy such personal information without delay so that it cannot be reproduced or restored. If the law requires preservation, the information should be moved to a separate DB to minimize access.
To ensure the safety of personal information, the company implements the following measures and manages it strictly.
The company uses “Cookie,” which stores information and frequently calls to provide users with personalized service and convenience. Moreover, the user can set/stop of cookies on the web browser.
The company is in charge of handling personal information and appoints a person in charge of personal information protection as follows to handle complaints and damage relief related to personal information processing as well as respond to and handle inquiries from the information subject without delay.
* Personal Information Security Officer: Information Technology Div. Cho Young-gil
When the company changes its privacy policy, it continuously discloses the timing of the change and the changed contents and compares the changes before and after so that the information subject can easily check them.
• 2020.07.10 (Enforcement Date) This policy will take effect on 10 July 2020.
Amorepacific Corporation (hereinafter “the Company”) establishes and discloses the following privacy policies to protect personal information pursuant to Article 30 of the Personal Information Protection Act and handle related grievances promptly and smoothly.
The company is doing its best to protect personal information as well as the rights and interests of the information subject, and collects and uses personal information based on the relevant statutes or the consent of information subject for business processes.
The company processes and retains personal information within the period of possession and use of personal information under the relevant statutes or agreed by information subjects.
The company shall provide the information to a third party only if the information subject agrees or if the Personal Information Protection Act permits, such as for the provisions of the law. Otherwise, the company cannot use or provide the customer’s personal information to third parties beyond the notified scope.
The company entrusts the processing of personal information to a specialized institution for smooth personal information processing, wherein the company clearly stipulates compliance with the relevant laws, the prohibition of providing personal information to third parties, as well as liability, and strives to protect personal information by signing and securing the details of the contract.
The information subject may exercise his/her right to view, correct, delete, or stop the processing of personal information from the company at any time by himself/herself, his/her legal representative, or a delegated person. Then, the company will take immediate action against the request for rights, except as otherwise provided for by law.
The information subject and a legal representative may exercise their rights by contacting the company using the Internet, telephone, or written documents in relation to personal information, and the company shall take the necessary measures without delay.
The company processes personally identifiable information, address, contact, etc. with the consent of the information subject or under the law for Amorepacific Group’s business, such as providing services to customers and managing its executive personnel and employees.
When personal information becomes unnecessary, such as the expiration of the period of personal information retention or the achievement of processing purposes, the company shall destroy such personal information without delay so that it cannot be reproduced or restored. If the law requires preservation, the information should be moved to a separate DB to minimize access.
To ensure the safety of personal information, the company implements the following measures and manages it strictly.
The company uses “Cookie,” which stores information and frequently calls to provide users with personalized service and convenience. Moreover, the user can set/stop of cookies on the web browser.
The company is in charge of handling personal information and appoints a person in charge of personal information protection as follows to handle complaints and damage relief related to personal information processing as well as respond to and handle inquiries from the information subject without delay.
* Personal Information Security Officer: Information Technology Div. Cho Young-gil
When the company changes its privacy policy, it continuously discloses the timing of the change and the changed contents and compares the changes before and after so that the information subject can easily check them.
• 2020.07.10 (Enforcement Date) This policy will take effect on 10 July 2020.
Amorepacific Corporation (hereinafter “Company”) values the personal information of data subjects (hereinafter “Users”) who use the services provided by the Company and is making every effort to protect it.
The Company complies with all personal information protection laws and regulations, including the “Personal Information Protection Act” and the “Act on Promotion of Information and Communications Network Utilization and Information Protection.” It has separately established and adheres to its own Personal Information Handling Policy to further protect users’ personal information. Additionally, the Company always discloses its Personal Information Handling Policy on the main page of the Company’s website to ensure that users can easily access it at any time.
The Company’s Personal Information Handling Policy may be modified according to changes in relevant laws and notices or internal operational policies. The website will announce changes if the Company’s Personal Information Handling Policy is revised.
The Company’s personal information protection policy includes the following contents:
Category | Category | Collection Items | Purpose of Collection | Retention and Use Period |
Reporting | Optional | Name (can be anonymous), telephone number, email address | Securing communication channels for processing reports and sending results, managing report details | 6 months from the date of receipt of the report |
Workplace Harassment / Sexual Harassment Reports | Required | Name and affiliation | Verification of reporter, management of report details | 6 months from the date of receipt of the report |
Optional | Telephone number, email address | Securing communication channels for processing reports and sending results, managing report details | 6 months from the date of receipt of the report |
④ IP addresses, cookies, visit time, service usage records, and records of inappropriate use may be automatically generated and collected during online service use or business processing.
⑤ When using online services (including mobile), information about the device (device model, operating system, browser, MAC ADDRESS, etc.) may be collected for user verification and service provision and to prevent fraudulent use. Additionally, mobile carrier information may be collected and used to provide PUSH services (only with customer consent), application version upgrades, and other services specific to mobile service characteristics.
⑥ In cases where the Company provides services other than those specified in paragraph 3, such as donation activities, prize events, or other services, the Company may collect and use personal information necessary for providing the service. In such cases, the Company will obtain separate consent from users after clearly stating all items, purposes, periods, right of refusal, and disadvantages upon refusal by relevant laws.
⑦ In addition to collecting personal information for service provision under paragraphs 3 and 4, the Company may collect personal information in the following cases. It will notify users of the processing purpose and items when collecting personal information:
* During customer consultation: Name, contact information (wired/wireless phone numbers, work/home addresses, email), age, etc., are collected to handle inquiries/complaints and notify processing results, and are retained for 3 years
⑧ Users may refuse to consent to collecting and using personal information. However, if users refuse the collection and use of personal information, there may be limitations on service use and benefit provision.
Processor | Outsourced Tasks |
GROVE SOFT Co., Ltd. | Site operation and data processing |
Kyndryl Korea Co., Ltd. | Electronic processing and management of personal information |
MEGAZONE CLOUD Co., Ltd. | Electronic processing and management of personal information |
Processor | Sub-processor | Sub-outsourced Tasks |
MEGAZONE CLOUD Co., Ltd. | Amazon Web Service Inc | Electronic processing and management of personal information |
* Website visit records: 3 months
① The Company has designated a department responsible for personal information protection and related grievance handling to protect users’ personal information and address complaints about personal information. In addition, the Company has appointed a personal information management officer and a personal information management person in charge of promptly handling inquiries and complaints regarding users’ personal information.
Category | Personal Information Protection Officer | Personal Information Protection Manager |
Name | Mr. Seung-il Oh | Mr. Kwang-bok Lee |
Department | Information Security Center | Information Security Center |
Email Address | PRIVACY@AMOREPACIFIC.COM | PRIVACY@AMOREPACIFIC.COM |
Phone Number | 080-023-5454 (toll-free) (Mon-Fri: 09:00-18:00, excluding holidays) |
② When users need consultation due to the occurrence or concern of infringement regarding their personal information, they can contact not only the Company’s personal information protection department mentioned in paragraph 1 but also the following institutions:
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972 without area code)
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- Supreme Prosecutors’ Office Cyber Investigation Division (www.spo.go.kr / 1301 without area code)
- National Police Agency Cyber Investigation Bureau (ecrm.cyber.go.kr / 182 without area code)
This policy may be amended according to changes in laws, policies, internal operational policies of the Company, or security technologies, and in such cases, we will promptly notify the reasons and content of the changed policy on the first page of the Company’s website.
Amorepacific Corporation (hereinafter “Company”) values the personal information of data subjects (hereinafter “Users”) who use the services provided by the Company and is making every effort to protect it.
The Company complies with all personal information protection laws and regulations, including the “Personal Information Protection Act” and the “Act on Promotion of Information and Communications Network Utilization and Information Protection.” It has separately established and adheres to its own Personal Information Handling Policy to further protect users’ personal information. Additionally, the Company always discloses its Personal Information Handling Policy on the main page of the Company’s website to ensure that users can easily access it at any time.
The Company’s Personal Information Handling Policy may be modified according to changes in relevant laws and notices or internal operational policies. The website will announce changes if the Company’s Personal Information Handling Policy is revised.
The Company’s personal information protection policy includes the following contents:
Category | Category | Collection Items | Purpose of Collection | Retention and Use Period |
Reporting | Optional | Name (can be anonymous), telephone number, email address | Securing communication channels for processing reports and sending results, managing report details | 6 months from the date of receipt of the report |
Workplace Harassment / Sexual Harassment Reports | Required | Name and affiliation | Verification of reporter, management of report details | 6 months from the date of receipt of the report |
Optional | Telephone number, email address | Securing communication channels for processing reports and sending results, managing report details | 6 months from the date of receipt of the report |
④ IP addresses, cookies, visit time, service usage records, and records of inappropriate use may be automatically generated and collected during online service use or business processing.
⑤ When using online services (including mobile), information about the device (device model, operating system, browser, MAC ADDRESS, etc.) may be collected for user verification and service provision and to prevent fraudulent use. Additionally, mobile carrier information may be collected and used to provide PUSH services (only with customer consent), application version upgrades, and other services specific to mobile service characteristics.
⑥ In cases where the Company provides services other than those specified in paragraph 3, such as donation activities, prize events, or other services, the Company may collect and use personal information necessary for providing the service. In such cases, the Company will obtain separate consent from users after clearly stating all items, purposes, periods, right of refusal, and disadvantages upon refusal by relevant laws.
⑦ In addition to collecting personal information for service provision under paragraphs 3 and 4, the Company may collect personal information in the following cases. It will notify users of the processing purpose and items when collecting personal information:
* During customer consultation: Name, contact information (wired/wireless phone numbers, work/home addresses, email), age, etc., are collected to handle inquiries/complaints and notify processing results, and are retained for 3 years
⑧ Users may refuse to consent to collecting and using personal information. However, if users refuse the collection and use of personal information, there may be limitations on service use and benefit provision.
Processor | Outsourced Tasks |
GROVE SOFT Co., Ltd. | Site operation and data processing |
Kyndryl Korea Co., Ltd. | Electronic processing and management of personal information |
MEGAZONE CLOUD Co., Ltd. | Electronic processing and management of personal information |
Processor | Sub-processor | Sub-outsourced Tasks |
MEGAZONE CLOUD Co., Ltd. | Amazon Web Service Inc | Electronic processing and management of personal information |
* Website visit records: 3 months
① The Company has designated a department responsible for personal information protection and related grievance handling to protect users’ personal information and address complaints about personal information. In addition, the Company has appointed a personal information management officer and a personal information management person in charge of promptly handling inquiries and complaints regarding users’ personal information.
Category | Personal Information Protection Officer | Personal Information Protection Manager |
Name | Mr. Seung-il Oh | Mr. Kwang-bok Lee |
Department | Information Security Center | Information Security Center |
Email Address | PRIVACY@AMOREPACIFIC.COM | PRIVACY@AMOREPACIFIC.COM |
Phone Number | 080-023-5454 (toll-free) (Mon-Fri: 09:00-18:00, excluding holidays) |
② When users need consultation due to the occurrence or concern of infringement regarding their personal information, they can contact not only the Company’s personal information protection department mentioned in paragraph 1 but also the following institutions:
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972 without area code)
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- Supreme Prosecutors’ Office Cyber Investigation Division (www.spo.go.kr / 1301 without area code)
- National Police Agency Cyber Investigation Bureau (ecrm.cyber.go.kr / 182 without area code)
This policy may be amended according to changes in laws, policies, internal operational policies of the Company, or security technologies, and in such cases, we will promptly notify the reasons and content of the changed policy on the first page of the Company’s website.