Privacy Policy (English Version)
General Provisions

[WEMAD] values customers’ personal information and strictly complies with relevant personal information protection laws, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection and the Personal Information Protection Act. We have established the following Privacy Policy and adhere to it faithfully. This Privacy Policy may be revised due to changes in related laws or internal company policies. Please review it regularly when visiting our website.
※ The list of entrusted service providers may change according to service adjustments or contract periods. Any changes will be announced in advance through the notice section. Short-term events will be announced individually at the time of participation.

Table of Contents

Items of Personal Information Collected and Purpose of Use

Collection of Personal Information via Cookies

Retention and Destruction of Personal Information

Provision of Personal Information to Third Parties

Outsourcing of Personal Information Processing

Access, Correction, and Withdrawal of Consent

Technical and Managerial Measures for Protection

User Responsibilities

Protection of Personal Information of Children Under 14

Personal Information Protection Department

Duty to Notify

Article 1. Items of Personal Information Collected and Purpose of Use

Customers may click the “Agree” button to consent to the Terms of Service and the collection and use of personal information during the membership registration process. Clicking “Agree” will be deemed as consent.

Information collected at the time of membership registration, ordering, and other necessary moments:

1. Membership Registration

Mandatory: ID, password, password hint question/answer, email, mobile authentication value, name, date of birth, age verification (14+)

Purpose: Identity verification at registration, service use and consultation, delivery of notices

Retention period: Until withdrawal or retention period required by law

Optional: Address, home phone, mobile phone

2. Placing an Order (Members)

Mandatory: Orderer information (name, address, mobile phone, email), recipient information (name, address, mobile phone), payment authorization information

Purpose: Product payment and delivery

Retention period: As required by law

Optional: Orderer home phone, recipient home phone, delivery message, overseas shipping information

3. Placing an Order (Non-Members)

Mandatory: Orderer information (name, address, mobile phone, email, order inquiry password), recipient information, payment authorization information

Purpose: Product payment and delivery

Retention period: As required by law

Optional: Orderer home phone, recipient home phone, delivery message

Article 2. Collection of Personal Information via Cookies
(1) What Are Cookies?

The company uses cookies—small text files sent by the website to the customer’s web browser—to store and retrieve information.

(2) Purpose of Using Cookies

Provide customized information tailored to user interests

Analyze frequency of access and visiting time to identify user preferences and improve services

Track viewed and interested products to offer personalized shopping services

(3) Cookie Operation and Rejection

Cookies identify the user’s computer but not the individual user.
Users may allow/deny cookies or require confirmation before storing them through browser settings.
However, rejecting cookies may limit the use of login-required services.

Article 3. Retention and Destruction of Personal Information
(1) Retention Period

Personal information is destroyed immediately once the purpose of collection is achieved or consent is withdrawn.

However, under relevant laws such as the Consumer Protection in Electronic Commerce Act, certain records must be retained as follows:

Contract or withdrawal records: 5 years

Payment and supply of goods records: 5 years

Consumer complaints/dispute handling: 3 years

Website visit logs (per Communications Privacy Protection Act): 1 year

(2) Destruction Procedures and Methods

Procedure: Information is moved to a separate database after use and destroyed after legal retention periods.

Methods:

Paper: shredded or incinerated

Electronic files: permanently deleted using non-recoverable methods

(3) Dormant Accounts

For members inactive for 12 months, an inactivity notice will be sent.
If no response is received, the account may be deactivated.
Dormant data is stored separately and destroyed after the legal retention period.
If the user returns, the information will be reactivated upon request.

Article 4. Provision of Personal Information to Third Parties

The company does not use personal information beyond the scope stated in Article 1 nor provide it to others, except in the following cases:

Required by investigative agencies under relevant laws

Provided in a non-identifiable form for statistics, research, or market analysis

Other lawful requests under related legislation

Article 5. Outsourcing of Personal Information Processing

The company entrusts certain tasks to provide better services:

Entrusted Task	Service Provider
Product delivery	Korea Post
System development/maintenance	Cafe24
Delivery/inventory management	Cellmate Inc., Asetech
Call center operation	Callnet Korea
Payment/Escrow service	LG Uplus
Mobile payment	KG Mobilians
Identity verification / I-PIN	NICE Information Service
Mobile phone verification	Korea Cyber Payment
Review writing, reward points	Creama Factory

※ Only the minimum required information is shared.
※ Entrusted providers may change; changes will be announced.

Article 6. Access, Correction, and Withdrawal of Consent

Customers may access or correct their information at any time via MY PAGE → My Info, or by contacting the Personal Information Manager.

Consent for collection/use/provision may also be withdrawn through the same channels.
Upon withdrawal, personal information will be deleted and the user will be notified.

Article 7. Technical and Managerial Measures for Personal Information Protection
Technical Measures

Access control for personal information systems

Encryption of important data during storage and transmission

Regular updates and checks of security programs

Firewalls and intrusion prevention systems

Managerial Measures

Verification procedures to ensure proper handling of personal data

Access rights limited to essential employees

Regular employee training

User Obligations:
Members must manage IDs, passwords, and personal data carefully.
The company is not responsible for damages caused by user negligence.

Article 8. User Responsibilities

Users must enter accurate and up-to-date information.

Users are responsible for password security.

Users must not infringe on others' privacy or post harmful information.

Violations may lead to legal penalties.

Article 9. Protection of Children Under 14

The company does not accept membership registrations from children under the age of 14 who require consent from a legal guardian.

Article 10. Personal Information Protection Department

Customer Service Center

Addr 419, Seongam-ro 330 (1580 Sangam-dong), Mapo-gu, Seoul
Tel +82-2-303-0612
Email wemadkorea@gmail.com

Additional Contacts:
KISA, Cyber Bureau of Police, Prosecutor’s Office Cyber Crimes Division, Personal Information Dispute Mediation Committee, etc.

Article 11. Duty to Notify

This policy may be amended due to government or company policy changes or technological updates.
Changes will be announced at least 7 days prior.

Announcement Date: October 24, 2017

Effective Date: November 01, 2017