Privacy Policy | Ralph Lauren

PRIVACY POLICY

Ralph Lauren Korea Limited (the “Company”) has adopted this Privacy Policy (the “Policy”) to protect the rights of the data subjects (the “Data Subject”) and for smooth processing of their personal information pursuant to the “Personal Information Protection Act” and such other relevant laws and regulations pertaining to the protection of personal information.

ARTICLE 1. PURPOSES FOR THE PROCESSING OF PERSONAL INFORMATION

The Company shall process personal information for the following purposes. Processed personal information shall not be used except for the following purposes, and in the event of any change to the intended use, the prior consent of the Data Subject will be obtained.

A. PERSONAL INFORMATION COLLECTED OFFLINE:

  1. TRANSMISSION OF INFORMATION PERTAINING TO MARKETING, PRODUCTS AND SERVICES

    Marketing activities directed toward customers, prospective customers, and employees of joint marketing partners, journalists and those involved in market research and product introduction, transmission of marketing and promotional materials, and acquisition and delivery of information about Company products and services.

  2. EXECUTION AND PERFORMANCE OF CONTRACTS

    Computerized management of performance of the contract, including confirmation of the parties to the contract, decision to enter into contracts, product supply, performance of contract including receipt of payment, payment for service charges such as consultation fee, etc., making business contact within the scope required to perform the contract, responding to payment defaults, processing of contract-related disputes and complaints, use as proof of execution and performance of contract; and, verification of contract performance and contract terms and payment details.

  3. PERFORMANCE OF LEGAL AND ADMINISTRATIVE OBLIGATIONS IMPOSED ON THE COMPANY

    Legal and administrative obligations including payment of corporate tax imposed on the Company by law and administrative obligations of the Company, issuance and delivery of tax filings, receipts and invoices for various taxes, including VAT.

  4. RESPONDING TO CUSTOMER INQUIRIES
  5. HANDLING OF RELATED CUSTOMER REQUESTS INCLUDING REPAIR OF PRODUCT DEFECTS
  6. VERIFICATION OF COMPANY ENTRANTS, CRIME PREVENTION AND PROCUREMENT OF CONTRACTS
  7. ADMINISTRATIVE PROCESSING OF JOB APPLICANTS AND EMPLOYEE HIRING

B. PERSONAL INFORMATION COLLECTED ONLINE:

1. Communication and notification relating to services

2. Review, investigation and response to consultation with customers and customer feedback

3. Investigation for protection of the Ralph Lauren Group and its affiliates against negligence, fraud, theft and other illegal activities

4. Notification and reporting to public authorities

5. Compliance with laws, regulations, court orders and other statutory obligations

6. Activities related to improvement of quality in Product and services (including review and development of new businesses and value-added offers)

7. Management and operational development of the Ralph Lauren Group website and stores

8. Sending of promotional materials

9. Review and implementation of customer product marketing, campaign, events, etc.

10. Market research and other research related to the Ralph Laruen group businesses (including use of personal information as reference data for marketing such as for user analytics)

11. Provision of personalized customer services, product development and specialization, consumer trend analysis, enhancement and expansion of services

ARTICLE 2. PROCESSING AND RETENTION OF PERSONAL INFORMATION

Unless personal information is required to be retained in accordance with the provisions of related statutes, personal information will be destroyed without delay, in principle, upon the customer’s membership cancellation or when the customer notifies their intention to withdraw the consent for collection of personal information or requests the deletion of personal information. For example, the period for retention of personal information based on the Commercial Code and the Act on the Consumer Protection in Electronic Commerce, etc. (the “E-Commerce Act”) are as follows, and the E-Commerce Act applies only to online transactions:

1. Business books and important documents concerning the business, including customer information: 10 years (Commercial Code)

2. Transaction receipts or similar documents containing customer information: 5 years (Commercial Act)

3. Records of labelling/advertising: 6 months (E-Commerce Act)

4. Records of contracts or subscription withdrawal: 5 years (E-Commerce Act)

5. Records of price settlement and supply of goods: 5 years (E-Commerce Act)

6. Records of consumer complaints or dispute settlement: 3 years (E-Commerce Act)

ARTICLE 3. THIRD-PARTY PROVISION OF PERSONAL INFORMATION

In principle, the Company will process personal information only within the scope specified in Article 1 of the Policy, and will not process or provide such personal information to third parties for purposes other than the intended purposes without the prior consent of the Data Subject, subject to the following exceptions:

1. Where the Data Subject has consented to providing and disclosing the personal information to a third party in advance;

2. Where the third-party provision of personal information is required or permitted by applicable laws or regulations.

The Company may provide the personal information obtained offline to the third parties specified in Appendix I, and may provide the personal information obtained online to the third parties specified in Appendix II.

ARTICLE 4. ENTRUSTMENT OF PROCESSING OF PERSONAL INFORMATION

The Company may entrust the processing of personal information to the entrustees listed in Appendix III. You will be notified of any changes to the entrustees or the entrusted tasks through the Policy.

ARTICLE 5. RIGHTS AND OBLIGATIONS OF DATA SUBJECTS AND EXERCISE OF RIGHTS

Data Subjects may exercise their rights pertaining to the protection of personal information, including such rights as request for access to, correction and deletion of, or suspension of processing of personal information in accordance with the relevant laws and regulations, including the Personal Information Protection Act. Data Subjects may exercise such rights through their legal representatives or authorized persons, in which case such legal representatives or the authorized persons will be required to submit a power of attorney in accordance with the Enforcement Decree to the Personal Information Protection Act.

With respect to the access to, correction or deletion of, or suspension of processing of the personal information, the Company may charge a fee or require payment of the postage.

ARTICLE 6. ITEMS OF PERSONAL INFORMATION PROCESSED

The items of personal information processed by the Company are as follows:

A. PERSONAL INFORMATION COLLECTED OFFLINE

1. Customer's Personal Information

Your name, occupation, date of birth, passport number, e-mail address, phone number, mobile number, and consumption / purchase history, size and customer preferences, specified visit dates; and in the case of journalists and general customers, the addresses and etc. of those who have participated in the Company's marketing events.

2. Personal Information of Employees of Trading Partner Companies

Your name, telephone number, mobile number, fax number, email address, account information of financial institutions such as bank account number, business registration number of the counterparty to the contract, such as importers, retailers, leasees, outside educators, contractors, marketing agencies, etc. (If the counterparty to the contract is a company, this will include information on the employees and directors of such company. In the case of a property owned by the family of the landlord, this will include information on the family name and relationship to the family.)

B. PERSONAL INFORMATION COLLECTED ONLINE

1. Gender and e-mail address

ARTICLE 7. DESTRUCTION OF PERSONAL INFORMATION

1. Unless we are required to retain your personal information under applicable laws or regulations, your personal information will be destroyed without delay upon cancellation of your account, upon your informing us of the withdrawal of your consent for collection of your personal information, or upon your request for destruction of your personal information.

2. Destruction of personal information by the Company will be done in a manner that ensures the data are irrecoverable using such commercially reasonable and technically feasible methods as follows:

a. Personal information in electronic file format will be deleted permanently using software to ensure that the files cannot be restored; and

b. All other written/printed documents, or other recording media will be destroyed by shredding or incineration.

3. Where the Company is required to retain the personal information without destruction, the Company will store and manage such personal information or personal information files separately from the other personal information.

ARTICLE 8. MEASURES TO SECURE PERSONAL INFORMATION SAFETY

The Company implements the technical, managerial, and physical measures necessary to ensure the safety of personal information in accordance with Personal Information Protection Act as follows:

A. ADMINISTRATIVE MEASURES

1. The Company has designated a chief privacy officer to ensure that customers’ personal information is processed in accordance with the relevant laws and regulations and to establish and implement an internal management plan for this purpose.

2. The Company has established and conducts regular data privacy protection training for the Company employees, entrustees, and those personnel engaged in direct handling of the processing of personal information.

3. The Company, through regular internal audits, verifies that adequate safeguards are in place in accordance with the internal management plans.

B. TECHNICAL MEASURES

1. The Company controls access to personal information and restricts and manages such access.

2. The Company records the management details of access to personal information and retains such records for a certain period of time.

3. The Company installs and operates an intrusion prevention/protection system in order to prevent unauthorized access to personal information. In addition, we apply a secure access-control system, including a virtual private network to control external access.

4. The Company establishes and applies password generation rules to help customers create and use safe passwords. If a customer specifies a password to access a specific part of the Company's website, the password must be kept confidential and cannot be disclosed to a third party.

5. The Company takes encryption measures required under the relevant laws when personal information such as sensitive and unique identification information is sent, received, or stored.

6. The Company installs programs to resolve software security bugs, including the operating system, and updates such programs periodically.

7. The Company does safekeeping of the information on access to the personal information processing system for a certain period of time.

C. PHYSICAL MEASURES

1. The Company implements physical protection measures such as restricting physical access to places where your personal information is kept, e.g., such places as the IT room and document archive.

ARTICLE 9. POSTED LINKS TO OTHER SITES

The Company website may post links to other sites for the convenience and provision of information for customers. The site may be operated by a company not affiliated with the Company. The linked sites may have their own privacy policies. We highly recommend that you review such privacy policies if you visit a linked site for customers. The Company assumes no responsibility with regard to the processing of personal information and information on any companies not affiliated with the Company's own website, or with respect to the use thereof. If links to other sites are posted, the Company will make commercially reasonable efforts to notify the customer that they are leaving the Company’s website and accessing a third party website.

ARTICLE 10. INSTALLATION AND OPERATION OF AUTOMATIC COLLECTION DEVICE FOR PERSONAL INFORMATION; EXERCISE OF REJECTION

The Company may use sessional/permanent cookies and/or web beacons on specific websites of the Company. A "cookie" is a file which saves the history of the customer’s access to the Company’s website and informs the Company of such information. The use of cookies allows the Company to track a customer’s website preferences and to change the Company's website based on the customer’s preferences. Cookies also make it possible to measure the Company's website usage.

When the customer accesses the Company's website, we can use cookies to obtain such information as frequency of access, connection time, event participation, etc., and we can provide targeted marketing services and customized services by analyzing such data.

Customers have a choice regarding cookies. As such, by turning on the relevant function on the web browser, you may accept all cookies or have such function send notifications whenever cookies are installed, or you may reject all cookies. However, if you refuse to install cookies, certain services of the Company may not be available to you.

You can customize your cookie setting by clicking in the following order: “Tools” at the top of the web browser → "Internet Options" tab → “Personal Information” tab.

ARTICLE 11. REMEDIES FOR INFRINGEMENT

Contact the organizations below to file reports of data privacy infringement or to seek consultation on data privacy infringement.

  • Privacy Infringement Report Center (privacy.kisa.or.kr / Tel. (no area code)118)
  • Cyber Crime Investigation Unit, Supreme Prosecutor’s Office (www.spo.go.kr / Tel. (no area code) 1301)
  • Cyber Terror Response Center, National Police Agency (cyberbureau.police.go.kr / Tel. (no area code) 182)

ARTICLE 12. AMENDMENT OF PRIVACY POLICY

This Privacy Policy may be amended in accordance with the relevant laws and regulations, guidelines and operating policies of the Company, and any such amendments will be disclosed in accordance with the method prescribed under the relevant laws and regulations.

ARTICLE 13. PROCESSING OF CUSTOMER FEEDBACK AND COMPLAINTS

The Data Subject may file complaints relating to data privacy with the Chief Privacy Officer or with our Customer Service Department. The Company will provide a prompt and sufficient reply in response to such complaint.

Chief Privacy Officer

Name: Inho Hwang
Position: Chief Privacy Officer
Telephone: 080-566-1199
E-mail: [email protected]

Privacy Department for Online Business

Name: Andrew Hong
Contact: 080-566-1199
E-mail: [email protected]

Privacy Department for Offline Business

Department: Retail Operation
Manager: Jessica Ji
Telephone: 080-566-1199

Appendix I

Personal Information Collected Offline

Recipient (Contact) Purpose of Use by the Recipient Items Provided Period of Retention and Use
Ralph Lauren Asia Pacific Limited (Hong Kong) Marketing, recording and analysis of relevant information, order tracking, and return status reporting Name, telephone number, e-mail address, address, and date of birth When you close your account.
Ralph Lauren Corporation
(The United States)
Same as above Same as above Same as above
Ralph Lauren Corporation Japan (Japan) Same as above Same as above Same as above

Appendix II

Personal Information Collected Online

Recipient (Country, Contact) Date and method of transfer Purpose of Use by the Recipient Items Provided Period of Retention and Use
Ralph Lauren Asia Pacific Limited
(Hong Kong)
[email protected]
Transmission through network at the time of service use Management of customer database for customer analysis Name, address, telephone number, cell-phone number, date of birth, sex, e-mail address, password When you close your account.
Ralph Lauren Corporation
(The United States)
[email protected]
Same as above Same as above Same as above Same as above

Appendix III

Current Status of Entrusted Processing of Personal Information

Emfoplus Co., Ltd/td> SMS/MMS vendor
Saerom Co., Ltd. Knitted clothing repair
Star Co., Ltd. Accessory repair
Kugil Co., Ltd. Zipper repair
Piaenpi Co., Ltd. Color repair
Nama Advertising Business Related to Marketing Data Transmission
Maillink (Maillink) Business Related to Marketing Text Messages
AWS (Amazon Web Services) Website hosting and management
Salesforce Marketing Cloud E-Mail marketing and Sales Promotion to Customers
Omniture Analysis of Consumption Behavior and Sending of E-mails Welcoming Newly Registered Clients
PCCW Solutions Construction and Management of Customer Support System

This notice is effective as from September 21, 2020.