ARTICLE 1. PURPOSES FOR THE PROCESSING OF PERSONAL INFORMATION
The Company shall process personal information for the following purposes. Processed personal information shall not be used except for the following purposes, and in the event of any change to the intended use, the prior consent of the Data Subject will be obtained.
A. PERSONAL INFORMATION COLLECTED OFFLINE:
TRANSMISSION OF INFORMATION PERTAINING TO MARKETING, PRODUCTS AND SERVICES
Marketing activities directed toward customers, prospective customers, and employees of joint marketing partners, journalists and those involved in market research and product introduction, transmission of marketing and promotional materials, and acquisition and delivery of information about Company products and services.
EXECUTION AND PERFORMANCE OF CONTRACTS
Computerized management of performance of the contract, including confirmation of the parties to the contract, decision to enter into contracts, product supply, performance of contract including receipt of payment, payment for service charges such as consultation fee, etc., making business contact within the scope required to perform the contract, responding to payment defaults, processing of contract-related disputes and complaints, use as proof of execution and performance of contract; and, verification of contract performance and contract terms and payment details.
PERFORMANCE OF LEGAL AND ADMINISTRATIVE OBLIGATIONS IMPOSED ON THE COMPANY
Legal and administrative obligations including payment of corporate tax imposed on the Company by law and administrative obligations of the Company, issuance and delivery of tax filings, receipts and invoices for various taxes, including VAT.
RESPONDING TO CUSTOMER INQUIRIES
HANDLING OF RELATED CUSTOMER REQUESTS INCLUDING REPAIR OF PRODUCT DEFECTS
VERIFICATION OF COMPANY ENTRANTS, CRIME PREVENTION AND PROCUREMENT OF CONTRACTS
ADMINISTRATIVE PROCESSING OF JOB APPLICANTS AND EMPLOYEE HIRING
B. PERSONAL INFORMATION COLLECTED ONLINE:
1. Communication and notification relating to services
2. Review, investigation and response to consultation with customers and customer feedback
3. Investigation for protection of the Ralph Lauren Group and its affiliates against negligence, fraud, theft and other illegal activities
4. Notification and reporting to public authorities
5. Compliance with laws, regulations, court orders and other statutory obligations
6. Activities related to improvement of quality in Product and services (including review and development of new businesses and value-added offers)
7. Management and operational development of the Ralph Lauren Group website and stores
8. Sending of promotional materials
9. Review and implementation of customer product marketing, campaign, events, etc.
10. Market research and other research related to the Ralph Laruen group businesses (including use of personal information as reference data for marketing such as for user analytics)
11. Provision of personalized customer services, product development and specialization, consumer trend analysis, enhancement and expansion of services
ARTICLE 2. PROCESSING AND RETENTION OF PERSONAL INFORMATION
Unless personal information is required to be retained in accordance with the provisions of related statutes, personal information will be destroyed without delay, in principle, upon the customer’s membership cancellation or when the customer notifies their intention to withdraw the consent for collection of personal information or requests the deletion of personal information. For example, the period for retention of personal information based on the Commercial Code and the Act on the Consumer Protection in Electronic Commerce, etc. (the “E-Commerce Act”) are as follows, and the E-Commerce Act applies only to online transactions:
1. Business books and important documents concerning the business, including customer information: 10 years (Commercial Code)
2. Transaction receipts or similar documents containing customer information: 5 years (Commercial Act)
3. Records of labelling/advertising: 6 months (E-Commerce Act)
4. Records of contracts or subscription withdrawal: 5 years (E-Commerce Act)
5. Records of price settlement and supply of goods: 5 years (E-Commerce Act)
6. Records of consumer complaints or dispute settlement: 3 years (E-Commerce Act)
ARTICLE 3. THIRD-PARTY PROVISION OF PERSONAL INFORMATION
In principle, the Company will process personal information only within the scope specified in Article 1 of the Policy, and will not process or provide such personal information to third parties for purposes other than the intended purposes without the prior consent of the Data Subject, subject to the following exceptions:
1. Where the Data Subject has consented to providing and disclosing the personal information to a third party in advance;
2. Where the third-party provision of personal information is required or permitted by applicable laws or regulations.
The Company may provide the personal information obtained offline to the third parties specified in Appendix I, and may provide the personal information obtained online to the third parties specified in Appendix II.
ARTICLE 4. ENTRUSTMENT OF PROCESSING OF PERSONAL INFORMATION
The Company may entrust the processing of personal information to the entrustees listed in Appendix III. You will be notified of any changes to the entrustees or the entrusted tasks through the Policy.
ARTICLE 5. RIGHTS AND OBLIGATIONS OF DATA SUBJECTS AND EXERCISE OF RIGHTS
Data Subjects may exercise their rights pertaining to the protection of personal information, including such rights as request for access to, correction and deletion of, or suspension of processing of personal information in accordance with the relevant laws and regulations, including the Personal Information Protection Act. Data Subjects may exercise such rights through their legal representatives or authorized persons, in which case such legal representatives or the authorized persons will be required to submit a power of attorney in accordance with the Enforcement Decree to the Personal Information Protection Act.
With respect to the access to, correction or deletion of, or suspension of processing of the personal information, the Company may charge a fee or require payment of the postage.
ARTICLE 6. ITEMS OF PERSONAL INFORMATION PROCESSED
The items of personal information processed by the Company are as follows:
A. PERSONAL INFORMATION COLLECTED OFFLINE
1. Customer's Personal Information
Your name, occupation, date of birth, passport number, e-mail address, phone number, mobile number, and consumption / purchase history, size and customer preferences, specified visit dates; and in the case of journalists and general customers, the addresses and etc. of those who have participated in the Company's marketing events.
2. Personal Information of Employees of Trading Partner Companies
Your name, telephone number, mobile number, fax number, email address, account information of financial institutions such as bank account number, business registration number of the counterparty to the contract, such as importers, retailers, leasees, outside educators, contractors, marketing agencies, etc. (If the counterparty to the contract is a company, this will include information on the employees and directors of such company. In the case of a property owned by the family of the landlord, this will include information on the family name and relationship to the family.)
B. PERSONAL INFORMATION COLLECTED ONLINE
1. Gender and e-mail address
ARTICLE 7. DESTRUCTION OF PERSONAL INFORMATION
1. Unless we are required to retain your personal information under applicable laws or regulations, your personal information will be destroyed without delay upon cancellation of your account, upon your informing us of the withdrawal of your consent for collection of your personal information, or upon your request for destruction of your personal information.
2. Destruction of personal information by the Company will be done in a manner that ensures the data are irrecoverable using such commercially reasonable and technically feasible methods as follows:
a. Personal information in electronic file format will be deleted permanently using software to ensure that the files cannot be restored; and
b. All other written/printed documents, or other recording media will be destroyed by shredding or incineration.
3. Where the Company is required to retain the personal information without destruction, the Company will store and manage such personal information or personal information files separately from the other personal information.
ARTICLE 8. MEASURES TO SECURE PERSONAL INFORMATION SAFETY
The Company implements the technical, managerial, and physical measures necessary to ensure the safety of personal information in accordance with Personal Information Protection Act as follows:
A. ADMINISTRATIVE MEASURES
1. The Company has designated a chief privacy officer to ensure that customers’ personal information is processed in accordance with the relevant laws and regulations and to establish and implement an internal management plan for this purpose.
2. The Company has established and conducts regular data privacy protection training for the Company employees, entrustees, and those personnel engaged in direct handling of the processing of personal information.
3. The Company, through regular internal audits, verifies that adequate safeguards are in place in accordance with the internal management plans.
B. TECHNICAL MEASURES
1. The Company controls access to personal information and restricts and manages such access.
2. The Company records the management details of access to personal information and retains such records for a certain period of time.
3. The Company installs and operates an intrusion prevention/protection system in order to prevent unauthorized access to personal information. In addition, we apply a secure access-control system, including a virtual private network to control external access.
4. The Company establishes and applies password generation rules to help customers create and use safe passwords. If a customer specifies a password to access a specific part of the Company's website, the password must be kept confidential and cannot be disclosed to a third party.
5. The Company takes encryption measures required under the relevant laws when personal information such as sensitive and unique identification information is sent, received, or stored.
6. The Company installs programs to resolve software security bugs, including the operating system, and updates such programs periodically.
7. The Company does safekeeping of the information on access to the personal information processing system for a certain period of time.
C. PHYSICAL MEASURES
1. The Company implements physical protection measures such as restricting physical access to places where your personal information is kept, e.g., such places as the IT room and document archive.
ARTICLE 9. POSTED LINKS TO OTHER SITES
The Company website may post links to other sites for the convenience and provision of information for customers. The site may be operated by a company not affiliated with the Company. The linked sites may have their own privacy policies. We highly recommend that you review such privacy policies if you visit a linked site for customers. The Company assumes no responsibility with regard to the processing of personal information and information on any companies not affiliated with the Company's own website, or with respect to the use thereof. If links to other sites are posted, the Company will make commercially reasonable efforts to notify the customer that they are leaving the Company’s website and accessing a third party website.
ARTICLE 10. INSTALLATION AND OPERATION OF AUTOMATIC COLLECTION DEVICE FOR PERSONAL INFORMATION; EXERCISE OF REJECTION
Customers have a choice regarding cookies. As such, by turning on the relevant function on the web browser, you may accept all cookies or have such function send notifications whenever cookies are installed, or you may reject all cookies. However, if you refuse to install cookies, certain services of the Company may not be available to you.
You can customize your cookie setting by clicking in the following order: “Tools” at the top of the web browser → "Internet Options" tab → “Personal Information” tab.
ARTICLE 11. REMEDIES FOR INFRINGEMENT
Contact the organizations below to file reports of data privacy infringement or to seek consultation on data privacy infringement.
- Privacy Infringement Report Center (privacy.kisa.or.kr / Tel. (no area code)118)
- Cyber Crime Investigation Unit, Supreme Prosecutor’s Office (www.spo.go.kr / Tel. (no area code) 1301)
- Cyber Terror Response Center, National Police Agency (cyberbureau.police.go.kr / Tel. (no area code) 182)
ARTICLE 13. PROCESSING OF CUSTOMER FEEDBACK AND COMPLAINTS
The Data Subject may file complaints relating to data privacy with the Chief Privacy Officer or with our Customer Service Department. The Company will provide a prompt and sufficient reply in response to such complaint.
Chief Privacy Officer
Name: Inho Hwang
Position: Chief Privacy Officer
E-mail: [email protected]
Privacy Department for Online Business
Name: Andrew Hong
E-mail: [email protected]
Privacy Department for Offline Business
Department: Retail Operation
Manager: Jessica Ji
Personal Information Collected Offline
Personal Information Collected Online
Current Status of Entrusted Processing of Personal Information
This notice is effective as from September 21, 2020.