ENGLISH

· The purposes of its collection and use of the user's personal information.

· The items of the user's personal information that it intends to collect.

· The period for retaining and using personal information

· The fact that the data subject is entitled to deny consent, and disadvantages, if any, resulting from the denial of consent.

· If an online store operator violates this provision by collecting and using personal information without the user's consent, a fine within the scope not exceeding 3/100 of the total sales may be imposed (Article 64-2(1) of 「Personal Information Protection Act」).

√ However, penalty surcharge not exceeding KRW 2 billion may be imposed where no sales have been made or where it is impracticable to calculate the sales (proviso to Article 64-2(1) of 「Personal Information Protection Act」).

· Except in any of the following cases, no online store operators may collect and use its users’ resident registration numbers (Article 23-2(1) of 「Act on Promotion of Information and Communications Network Utilization and Information Protection」):

√ In cases where the provider is designated as the identification service agency.

√ When a telecommunications service provider who receives and resells mobile communication services from a key communication service provider collects and uses the user's resident registration number in connection with the identification of the mobile communication service provider designated as the identity verification agency

· An online store operator shall provide a method (alternative means) of identification without using its users' resident identification numbers (Article 23-2(2) of 「Act on Promotion of Information and Communications Network Utilization and Information Protection」).

· An online store operator who collects or uses resident registration numbers in violation thereof or fails to provide a method (alternative means) of identification without using its users' resident identification numbers shall be subject to an administrative fine not exceeding KRW 30 million (Subparagraph 2 of Article 76(1) of 「Act on Promotion of Information and Communications Network Utilization and Information Protection」).

· The fact that the users' personal information is due to be transferred.

· The name (referring to the name of a legal corporation, if the business person or entity in question is a legal corporation), address, and telephone number of the person or entity to whom the personal information is to be transferred, and other contact information of that person or entity.

· The methods and procedures available, in the event that a user does not want his/her personal information to be transferred to a third party.

· A person or entity that violates the foregoing shall be punished by a fine not exceeding 10 million Won (Subparagraph 6 of Article 75(4) of the 「Personal Information Protection Act」).

· A person who fail to take necessary measures, such as destruction, even after the withdrawal of consent for the use of personal information by users of online stores shall be subject to an administrative fine not exceeding KRW 30 million (Subparagraph 23 of Article 75(2) of 「Personal Information Protection Act」).

· Any person or entity that seeks mediation of a dispute over personal information may address an application for mediation to the PICO (Article 43(1) of the 「Personal Information Protection Act」).

· When the PICO receives an application for mediation of a dispute, it may present the details thereof to the parties to a case and recommend them to reach an amicable agreement prior to mediation. Where it is deemed necessary to efficiently meditate disputes, the PICO may establish a mediation division composed of not more than five members in each category of mediation cases. The PICO shall examine a case and prepare a proposed mediation within 60 days (this period may be extended, if any unavoidable cause exists.) of the date it receives an application for mediation of a dispute. Upon preparing a proposed mediation, the PICO shall present the proposed mediation to each party without delay (Articles 40(6), 44(1), 46 and 47(2) of the 「Personal Information Protection Act」).

· If a party presented with the proposal of mediation fails to notify of his or her acceptance or denial of the proposal of mediation within 15 days from the date of receipt of such decision, he or she shall be deemed to have accepted the decision (Article 47(3) of 「Personal Information Protection Act」).

· If the PICO deems that it is inappropriate to settle a dispute by mediation of the Committee in light of the nature of the dispute or if an application for mediation has been filed for any unjust purpose, it may reject the application for mediation. In such cases, it shall notify the applicant of the grounds for its rejection of the application for mediation and other related matters (Article 48(1) of the 「Personal Information Protection Act」).

· If a party to a dispute files a lawsuit while proceedings of a case filed for mediation are still in progress, the PICO shall suspend the mediation proceedings and notify the parties thereof (Article 48(2) of the 「Personal Information Protection Act」).

· Here, “damage” includes property and mental damage. Generally, the amount of damage is set through an agreement made by the relevant parties or by the court’s judgment.