한국어English
Privacy Policy
DKX (the "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act of Korea to protect personal information of data subjects and to promptly and smoothly handle related complaints.
Article 1 (Purposes of Processing Personal Information)
The Company processes the personal information it collects for the following purposes:
- Membership Registration and Management
The Company processes personal information to: confirm intent to register; identify and authenticate individuals in connection with membership services (including identity verification under a limited identity verification system, where applicable); prevent fraudulent or unauthorized use of the Services; deliver notices and notifications; and handle complaints. - Provision of Goods or Services
The Company processes personal information to: deliver items (including products and prizes); provide services; send contracts and invoices; provide customized services; authenticate identity; process orders; process purchases, payments, and settlements; and handle customer support and warranty services. - Complaint Handling
The Company processes personal information to: verify the identity of complainants and the details of complaints; contact and notify complainants for fact-finding purposes; and communicate the results of complaint handling. - Marketing and Advertising (Only with Separate Consent)
With a data subject's separate consent, the Company may process personal information to: deliver marketing and promotional communications; deliver prizes and provide event notices; provide customized services; conduct surveys to improve service quality; and manage service-use statistics. Marketing communications will be provided only to data subjects who have separately consented to receive them. If you consent, the Company may send you promotional information, such as events, discounts, and new product information, via SMS or email. You may withdraw your consent to receive such communications at any time. - Additional Use/Provision Permitted by Law
Pursuant to Article 15(3) or Article 17(4) of the Personal Information Protection Act, the Company may use or provide personal information without the data subject's consent within a scope that is reasonably related to the original purpose of collection. In such cases, the Company considers the following factors: 1. whether the additional use/provision is related to the original purpose of collection; 2. whether, in light of the circumstances of collection or customary processing practices, the additional use/provision is reasonably foreseeable; 3. whether the data subject's interests are unfairly infringed; and 4. whether necessary measures to ensure security, such as pseudonymization or encryption, have been implemented. - Personalization of Your Experience and the Company's Platform and Communications
The Company may process personal information to personalize your experience and to tailor the Company's platform and communications, to the extent permitted by applicable laws and based on the appropriate legal basis (including consent where required). - General Research and Analytics
The Company may process personal information for general research and analytics purposes to improve its services and operations, to the extent permitted by applicable laws and based on the appropriate legal basis.
Article 2 (Personal Information Processed; Retention and Use Periods)
- Methods of Collection
The Company collects and processes personal information through the following methods:
_membership registration and service use through the Site;
_written forms, telephone, email, and event applications/entries; and
_receipt of personal information from external companies or organizations partnered with the Company, in which case the partner must obtain the data subject's consent for provision of personal information. - Categories of Personal Information and Retention Periods
The Company processes personal information as follows:
| Service | Required | Optional | Retention Period |
|---|---|---|---|
| Membership Registration and Management | ID, password, name, mobile phone number, nationality (Korean/foreign), identity verification information (CI, DI), email address, date of birth, gender | - | Until membership withdrawal; provided that after withdrawal, CI/DI, name, and mobile phone number will be retained in encrypted form for one (1) year. |
| Kakao Social Login | birthday, Kakao account (email), gender, birth year, CI (linked information), profile information (nickname/profile photo), name, Kakao account (phone number), identity verification information (Korean/foreign) | - | Until membership withdrawal |
| Naver Social Login | Naver ID, Naver email, mobile phone number, name | - | Until membership withdrawal |
| Provision of Goods or Services | ID; orderer information (name, mobile phone number, email); shipping information (name, mobile phone number, address); payment information | - | Up to 5 years after completion of delivery/provision of goods or services and settlement of payment |
| Refunds for Bank Transfer | refund account information (account holder name, bank name, account number) | - | 5 years |
| Automatically Collected Information During Use/Processing | service use records, access logs, cookies, device information | - | 3 months |
| Contact | affiliation (company name), name, email address | - | 3 years |
| Q & A | email address | - | 3 years |
- Retention with Separate Consent
Where the data subject has consented at the time of membership or service sign-up, the Company retains personal information as follows for record-keeping purposes to prevent repeated withdrawals/re-registrations or multiple ID use, and to secure records for dispute resolution related to marketing consent:
_Items collected: CI/DI, name, mobile phone number, online ID, date of birth, gender
_Retention period: retained in encrypted form for up to one (1) year after membership withdrawal. - Statutory Retention Periods Required by Applicable Law
The Company retains personal information for the periods required by applicable laws as follows:
| Category | Legal Basis | Retention Period |
|---|---|---|
| Records concerning contracts or withdrawal of offer (cancellation) | Act on Consumer Protection in Electronic Commerce, etc., Article 6 and Enforcement Decree Article 6 | 5 years |
| Records of payment and supply of goods, etc. | Act on Consumer Protection in Electronic Commerce, etc., Article 6 and Enforcement Decree Article 6 | 5 years |
| Records of consumer complaints or dispute resolution | Act on Consumer Protection in Electronic Commerce, etc., Article 6 and Enforcement Decree Article 6 | 3 years |
| Records related to labeling and advertising | Act on Consumer Protection in Electronic Commerce, etc., Article 6 and Enforcement Decree Article 6 | 6 months |
| Records of date/time of telecommunications use, start/end time, subscriber number, and frequency of use | Protection of Communications Secrets Act, Article 15-2 and Enforcement Decree Article 41 | 1 year |
| Records of computer communications, internet log records, and access-trace data | Protection of Communications Secrets Act, Article 15-2 and Enforcement Decree Article 41 | 3 months |
| Records related to identity verification | Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., Article 44-5 and Enforcement Decree Article 29 | 6 months |
| Where transaction records must be retained | Framework Act on National Taxes, Article 85-3(2) | 10 years |
The Company will retain personal information only for the required purpose and for the required period where it is obligated to do so under the Commercial Act or other applicable laws.
- Miscellaneous
_The Company does not permit membership registration by children under the age of fourteen (14) and does not process their personal information.
_If additional personal information must be collected through events or similar activities, the Company will distinguish between required and optional items, provide notice of processing and retention periods on the relevant page and/or in writing, and obtain separate additional consent.
Article 3 (Provision of Personal Information to Third Parties)
- The Company processes personal information only within the scope stated in Article 1 (Purposes of Processing). The Company provides personal information to third parties only where permitted under Articles 17 and 18 of the Personal Information Protection Act, such as with the data subject's consent or where a special provision of law applies. In all other cases, the Company does not provide personal information to third parties.
- As a general rule, the Company does not provide personal information externally. However, exceptions may apply where a special provision of law exists or where provision is unavoidable to comply with legal obligations, including the following:
1. where the data subject has provided prior consent;
2. where a legal basis exists under other laws, such as those governing information and communications networks, telecommunications business, electronic financial transactions, credit information, or electronic commerce - where the data subject or the data subject's legal representative is unable to express intent, or prior consent cannot be obtained due to unknown address, and provision is necessary to protect the urgent life, body, or property interests of the data subject or a third party.
Where the Company provides personal information to a third party for purposes other than the original purpose, the Company may impose certain restrictions (including on purpose and method of use) and may request necessary measures to ensure safe processing.
Article 4 (Third-Party Service Providers)
- The Company outsources certain personal information processing tasks as follows in order to ensure the efficient handling of personal information.
| Service Provider | Outsourced Task | |
|---|---|---|
| Vercel | AI Cloud Service | support@vercel.com |
| Cloud Service | privacy@google.com | |
| Email JS | Cloud Service | support@emailjs.com |
- When entering into outsourcing agreements, the Company specifies in written documents the matters required under Article 26 of the Personal Information Protection Act, including: prohibition of processing beyond the purpose of outsourced work; technical and administrative safeguards; restrictions on sub-outsourcing; management and supervision of the service provider; and liability, including damages. The Company supervises whether the service provider processes personal information safely.
- If the outsourced work or service provider changes, the Company will disclose such changes without considerable delays through this Privacy Policy.
Article 5 (Rights of Data Subjects; How to Exercise Rights)
- Data subjects may exercise the following rights regarding personal information protection at any time:
1. request access to personal information;
2. request correction if errors exist;
3. request deletion; and
4. request suspension of processing. - Data subjects may exercise these rights by written request, telephone, email, or facsimile (FAX), and the Company will take action without undue delay.
- If a data subject requests correction or deletion due to errors, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
- These rights may be exercised through a legal representative of the data subject or a duly authorized agent. In such cases, a prescribed power of attorney form, Appendix No. 11 Form of the Notice on Personal Information Processing Methods, must be submitted.
- The right to request access or suspension of processing may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.
- A request for deletion may not be granted where other laws expressly require collection of the personal information at issue.
- When a request is made for access, correction, deletion, or suspension of processing, the Company will verify whether the requester is the data subject or a duly authorized representative.
Article 6 (Destruction of Personal Information)
- When personal information becomes unnecessary due to expiration of the retention period or achievement of the processing purpose, the Company will destroy the relevant personal information without undue delay, or will destroy it after storing it for a certain period.
- If the Company is required to retain personal information under other laws even after the retention period consented to by the data subject expires or the processing purpose is achieved, the Company will transfer the personal information to a separate database (DB) or store it in a separate location.
- The procedures and methods of destruction are as follows:
1. Procedure: The Company selects personal information for which grounds for destruction exist and destroys it upon approval by the Company's Chief Privacy Officer (or personal information protection officer).
2. Method: Electronic files are destroyed in a manner that prevents restoration or reproduction. Paper documents are destroyed by shredding or incineration.
Article 7 (Measures to Ensure Security of Personal Information)
The Company implements the following measures to ensure the security of personal information:
- Administrative measures: establishment and implementation of internal management plans; regular employee training, etc.
- Technical measures: access control management for personal information processing systems; encryption of unique identification information; installation of security software.
- Physical measures: access control for computer rooms and document storage rooms, etc.
Article 8 (Cookies: Installation/Operation and Opt-Out)
- The Company uses cookies to store and collect usage information in order to provide customized services to data subjects.
- Cookies are small pieces of information sent by the server (HTTP) used to operate the website to the data subject's browser, and may be stored on the hard drive of the data subject's PC.
1. Purpose of cookies: Cookies are used to identify visit and usage patterns for each service and website visited by the data subject, popular search terms, whether a secure connection is used, and to provide optimized information to the data subject.
2. How to opt out: You may refuse to store cookies by adjusting settings in your web browser (e.g., Tools > Internet Options > Privacy).
3. If you refuse to store cookies, you may experience difficulty using customized services.
| Purpose of Cookie Use | Items Collected via Cookies | Retention Period |
|---|---|---|
| Support services necessary for site operation, site improvements, and targeted marketing | Access frequency, visit duration, and number of visits of Members and Non-Members | Only during site access |
| Provide differentiated information based on the data subject's interests | Level of event participation and number of visits | Only during site access |
Article 9 (Data Protection Officer / Privacy Contact)
- The Company designates the following person as the individual responsible for overseeing personal information processing and handling data subject inquiries, complaints, and remedies:
| Name | Title | |
|---|---|---|
| Daewoo Kang | Privacy Contact | daniel@dkx.kr |
- Data subjects may contact the Chief Privacy Officer (and the relevant department) regarding any questions, complaints, or requests for remedies related to personal information protection arising in connection with use of the Company's Services (or business). The Company will respond and handle such inquiries without undue delay.
Article 10 (Remedies for Infringement of Rights)
Data subjects may contact the following organizations for remedies, counseling, and other assistance regarding personal information infringement. The organizations below are separate from the Company. If you are not satisfied with the Company's handling of complaints or remedies, or if you need further assistance, please contact the relevant organization.
| Organization | Scope of Responsibilities | Website | Phone |
|---|---|---|---|
| Personal Information Infringement Report Center (operated by Korea Internet & Security Agency, KISA) | Reporting and counseling regarding personal information infringement | privacy.kisa.or.kr | (without area code) 118 |
| Personal Information Dispute Mediation Committee | Application for personal information dispute mediation and collective dispute mediation (civil resolution) | www.kopico.go.kr | (without area code) 1833-6972 |
| Supreme Prosecutors' Office – Cyber Crime Investigation Division | - | www.spo.go.kr | (without area code) 1301 |
| National Police Agency – Cyber Investigation Bureau | - | ecrm.cyber.go.kr/minwon/main | (without area code) 182 |
Article 11 (Changes and Notice of the Privacy Policy)
- This Privacy Policy may be amended due to changes in government policy, relevant information security laws, security technologies, or the Services. If the Company adds, deletes, or revises any content, the Company will provide notice through its website at least seven (7) days prior to the effective date of the amendment. However, for material changes related to data subject rights—such as collection/use of personal information or provision to third parties—the Company will provide notice at least thirty (30) days in advance on its website.
Addendum
This Privacy Policy takes effect as of January 7th, 2026.
