Privacy policy

Privacy Policy

CCQ Store / TORYO (hereinafter referred to as "the Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act (PIPA) to protect the personal information of users and to handle related grievances promptly and efficiently.

This Privacy Policy includes the following:

  1. Purpose of Processing Personal Information

  2. Retention and Processing Period of Personal Information

  3. Categories of Personal Information Collected and Methods of Collection

  4. Processing Personal Information of Children Under 14

  5. Disclosure of Personal Information to Third Parties

  6. Entrustment of Personal Information Processing

  7. Procedures and Methods for Destruction of Personal Information

  8. Rights and Obligations of Data Subjects and Legal Guardians

  9. Measures to Ensure the Security of Personal Information

  10. Installation and Operation of Automatic Personal Information Collection Devices (Cookies)

  11. Details of the Personal Information Protection Officer

  12. Remedies for Infringement of Rights

  13. Changes to the Privacy Policy

Section 1: Purpose of Processing Personal Information

The Company processes personal information for the following purposes. Information will not be used for purposes other than those listed below. If the purpose changes, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the PIPA.

(1) Website Registration and Management

Processing for the purpose of confirming the intention to join, identification and authentication for providing services, maintaining and managing membership status, preventing fraudulent use of services, confirming the consent of legal guardians when processing data of children under 14, and providing notices and handling grievances.

(2) Provision of Goods or Services

Processing for the purpose of providing content, processing purchases and payments, delivering goods or invoices, and providing personalised services.

(3) Marketing and Advertising

Processing for the purpose of providing event and promotional information, offering opportunities to participate, and analysing access frequency or statistics on service usage.

Section 2: Retention and Processing Period of Personal Information

(1) The Company processes and retains personal information within the period consented to by the data subject at the time of collection. Personal information is destroyed without delay upon achieving the purpose of processing or upon a user's request to terminate the service.

  • Website Membership and Management: Until the member withdraws their membership.

  • Provision of Goods or Services: Until the supply of goods/services is completed and payment is settled.

(2) Notwithstanding the above, certain information is retained for the following periods as required by relevant laws:

  • Records on contracts or withdrawal of subscriptions:

    • Legal Basis: Act on the Consumer Protection in Electronic Commerce

    • Retention Period: 5 years

  • Records on payment and supply of goods:

    • Legal Basis: Act on the Consumer Protection in Electronic Commerce

    • Retention Period: 5 years

  • Records on consumer complaints or dispute resolution:

    • Legal Basis: Act on the Consumer Protection in Electronic Commerce

    • Retention Period: 3 years

  • Records on labels and advertisements:

    • Legal Basis: Act on the Consumer Protection in Electronic Commerce

    • Retention Period: 6 months

  • Service visit records (Log data):

    • Legal Basis: Protection of Communications Secrets Act

    • Retention Period: 3 months

Section 3: Categories of Personal Information and Collection Methods

(1) Categories of Personal Information Collected

① The Company collects the following information for registration, consultation, and service application:

  • Standard Registration:

    • Required: ID, Password, Name, Email, Mobile Number, Date of Birth, (for users under 14) Legal Guardian Information.

    • Optional: Gender.

  • Placing an Order:

    • Required: Orderer details (Name, Email, Mobile), Delivery details (Name, Address, Mobile), (for non-members) Order password.

    • Optional: Landline number.

  • Social Login (Kakao/Naver):

    • Kakao: Name (Required).

    • Naver: ID, Name, Email (Required); Nickname, Birthday (Optional).

      ② During service use, information such as service usage records, access logs, cookies, IP addresses, payment records, and suspension/abuse records may be automatically generated and collected.

(2) Collection Methods

Collected via the website, written forms, message boards, email, event entries, delivery requests, telephone, fax, provision by partners, and automatic collection tools.

Section 4: Processing Data of Children Under 14

(1) When collecting data from children under 14, the Company obtains consent from their legal guardian and collects only the minimum information necessary.

(2) The Company verifies legal guardian consent through methods such as mobile SMS authentication, credit card information verification, or written consent via post/fax/email.

Section 5: Disclosure to Third Parties

The Company processes personal information only within the scope specified in Section 1. Information is disclosed to third parties only with the data subject's consent or under special legal provisions.

  • Note: Currently, no external third-party disclosure beyond standard service entrustment is active unless specified in an update.

Section 6: Entrustment of Personal Information Processing

(1) For smooth service provision, the Company entrusts the following tasks:

Trustee (Service Provider) Entrusted Task
Shopify Provision and maintenance of the shopping mall hosting system
Korea Post (Post Office) Delivery and logistics services
KG Inicis Payment processing and escrow services

(2) The Company manages and supervises these trustees to ensure the security of personal information in accordance with Article 26 of the PIPA.

Section 7: Procedures and Methods for Destruction

The Company destroys personal information without delay once it becomes unnecessary.

  • Procedures: Data for which the retention period has expired is selected and destroyed with the approval of the Protection Officer.

  • Methods: Electronic files are permanently deleted to prevent recovery; paper documents are shredded or incinerated.

Section 8: Rights of Data Subjects and Legal Guardians

Data subjects may exercise their rights to access, correct, delete, or suspend the processing of their personal information at any time. This can be done via the "Edit Profile" section or by contacting the Protection Officer via email.

Section 9: Security Measures

The Company takes the following measures to ensure security:

  1. Administrative: Internal management plans and regular staff training.

  2. Technical: Access control systems, encryption of data, and installation of security programmes.

  3. Physical: Access control for server rooms and data storage areas.

Section 10: Cookies

The Store uses 'cookies' to provide personalised services. You may refuse to store cookies through your browser settings (Tools > Internet Options > Privacy), though this may affect the availability of some tailored services.

Section 11: Personal Information Protection Officer

(1) The Company has designated the following officer to oversee personal information protection:

  • Chief Privacy Officer (CPO)

    • Name: INOK CHUNG

    • +82 502-1908-0018 

    • Email: cs@ccqstore.com

  • Privacy Department

    • Name: INOK CHUNG
  •  

    • +82 502-1908-0018 

    • Email: cs@ccqstore.com

 

Section 12: Remedies for Infringement

For dispute resolution or consultations regarding privacy infringements, please contact:

  • Personal Information Dispute Mediation Committee: 1833-6972 (privacy.go.kr)

  • Privacy Infringement Reporting Centre: 118 (privacy.kisa.or.kr)

  • Supreme Prosecutors' Office: 1301 (www.spo.go.kr)

  • National Police Agency: 182 (ecrm.cyber.go.kr)

Section 13: Changes to the Privacy Policy

This Privacy Policy shall take effect from 3 February 2026.