Privacy Policy for THE BLACK LABEL Online Store

THE BLACK LABEL Inc. (the "Company") hereby establishes and implements this Privacy Policy in accordance with the Personal Information Protection Act of the Republic of Korea (the "PIPA") to protect the rights of data subjects using the Company's online store (the "Store"). This Privacy Policy shall be made readily accessible at all times in the Store, enabling the user of the Store (the "User") to understand how their personal information is processed by the Company, as well as the protective measures the Company has established to secure such information.

  • Purposes of Processing Personal Information
  • Items of Personal Information and Retention Periods
  • Personal Information of Children Under Age 16
  • Provision of Personal Information to Third Parties
  • Entrustment of Personal Information Processing
  • Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
  • Destruction of Personal Information
  • Rights of User
  • Security Measures for Personal Information
  • Personal Information Protection Officer
  • Remedies for Infringement of Rights and Interests
  • Amendment to Privacy Policy

Article 1. Purposes of Processing Personal Information

The Company processes the User's personal information for the following purposes. The Company does not process personal information for any purposes other than those specified herein. In the event of any changes to the purposes of processing, the Company shall take all necessary measures, including obtaining separate prior consent from the User.

  • Membership Registration and Management
    To verify the intent of membership registration or withdrawal, to manage and maintain membership eligibility, to prevent unauthorized access to services, and to issue notices.
  • Provision of Purchase Services
    To verify the User's identity, to accept purchase orders, to enter into sales agreements, to process payments, and to deliver goods.
  • Return of Goods and Refund of Payments
    To accept requests for return of goods and refund of payments, to process the return of goods, and to refund payments.
  • Complaint Resolution and Service Improvement
    To address complaints, including acknowledging and resolving the complaints, and communicating the outcome to the complainant, to establish plans for service improvement, and to maintain records related to dispute resolution.

Article 2. Items of Personal Information and Retention Periods

The items of personal information processed by the Company, as well as the corresponding retention and usage periods are as follows:

Purpose of Processing Item of Personal Information Retention and Usage Period
Membership Registration and Management [Mandatory Items]: Name, date of birth, gender, nationality, email address (ID), and password Until the User withdraws from membership (provided that personal information required to be retained under applicable laws or regulations shall be retained until the later of: (i) the expiration of the statutory retention period; or (ii) the date of membership withdrawal)
Provision of Purchase Services [Mandatory Items]: Identity verification information (name, email address), buyer information (name, address, mobile telephone number, country code, email address), recipient information (name, address, mobile telephone number, country code, email address), and payment information (credit card or debit/check card information, bank account information (bank name, account number, account holder))

[Optional Items]: Home telephone number, and country code 		Until the User withdraws from membership (provided that personal information required to be retained under applicable laws or regulations shall be retained until the later of: (i) the expiration of the statutory retention period; or (ii) the date of membership withdrawal)
Return of Goods and Refund of Payments [Mandatory Items]: Buyer information (name, address, mobile telephone number, country code, email address), recipient information (name, address, mobile telephone number, country code, email address), and payment information (credit card or debit/check card information, bank account information (bank name, account number, account holder))

[Optional Items]: Home telephone number, and country code 		Until the User withdraws from membership (provided that personal information required to be retained under applicable laws or regulations shall be retained until the later of: (i) the expiration of the statutory retention period; or (ii) the date of membership withdrawal)
Complaint Resolution and Service Improvement [Mandatory Items]: Name, mobile telephone number, country code, email address, and access and activity log information (including IP information, computer and mobile device information, log history, history of service usage and payment, and history of change in User information) Until the User withdraws from membership (provided that personal information required to be retained under applicable laws or regulations shall be retained until the later of: (i) the expiration of the statutory retention period; or (ii) the date of membership withdrawal)

The items of personal information that the Company is obligated to retain under applicable laws and regulations, along with the respective retention periods, are as follows:

Item of Personal Information Legal Basis for Retention Retention Period
Access IP information, access and activity log history Article 15-2 of the Protection of Communication Secrets Act of the Republic of Korea Three (3) months from the date of creation of the information
Records of agreements, records of exercising the consumer right of revocation Article 6 of the Act on the Consumer Protection in Electronic Commerce of the Republic of Korea Five (5) years from the date of creation of the information
Records of payments and provision of goods/services Five (5) years from the date of creation of the information
Records of resolving consumer complaints or dispute Three (3) years from the date of creation of the information
Books and records of all transactions, as required by applicable tax laws Article 85-3 of the Framework Act on National Taxes of the Republic of Korea and Article 144 of the Framework Act on Local Taxes of the Republic of Korea The periods specified in Article 85-3 of the Framework Act on National Taxes of the Republic of Korea and Article 144 of the Framework Act on Local Taxes of the Republic of Korea

Article 3. Personal Information of Children Under Age 16

  • The Company does not process personal information of children under the age of sixteen (16).
  • In the event that the Company becomes aware that it has inadvertently processed personal information of children under the age of sixteen (16), it shall promptly destroy such personal information and notify the children or their legal representatives thereof.

Article 4. Provision of Personal Information to Third Parties

The Company does not provide the User's personal information to any third party, except under the following circumstances:

  • (i) The User has provided prior consent;
  • (ii) The Company is obligated to provide the personal information of the User to third parties pursuant to applicable laws or regulations;
  • (iii) It is deemed necessary by the Company to protect the User from imminent danger to their life or safety; or
  • (iv) Any of the circumstances set forth in Article 17, Paragraph 1 or Article 18, Paragraph 2 of the PIPA.

Article 5. Entrustment of Personal Information Processing

The Company entrusts the processing of personal information to the following trustees to facilitate efficient processing and improve service quality.

Trustee Entrusted Work
Cafe 24 Co., Ltd. Operation of IT system, identity verification, customer service
GenesisNest Corp. Establishment, maintenance, and management of IT system
SmileShark Co., Ltd. Establishment, maintenance, and management of AWS server system
Fastbox Corp. Storage, delivery and return of goods
NHNKCP Co., Ltd. Payment
Eximbay Co., Ltd. Payment
SIIC Co., Ltd. Customer service
  • In the event that the Company enters into an entrustment agreement with a trustee, the Company specifies the following in such agreement or similar documents: (i) the prohibition on processing personal information for purposes other than the performance of the entrusted work; (ii) the technical and administrative measures to be implemented for the protection of personal information; (iii) restrictions on re-entrustment; (iv) the monitoring and supervision of the trustee; (v) the trustee's liability for damages; and (vi) any other matters prescribed in Article 26, Paragraph 1 of the PIPA. The Company supervises the trustee to ensure the secure processing of personal information.
  • In the event that the trustee re-entrusts the processing of entrusted personal information to a third party, the trustee obtains the Company's prior consent in accordance with Article 26, Paragraph 6 of the PIPA.
  • The Company shall promptly disclose any additions or changes to the trustee or the entrusted work in this Privacy Policy.

Article 6. Installation, Operation, and Refusal of Automatic Personal Information Collection Device

  • The Company uses "cookies" to store and retrieve the User's information to provide personalized services and enhance User convenience. Cookies are small pieces of information sent by the server operating the website/mobile website to the User's browser, which are then stored on the User's computer or mobile device.
  • The User may adjust cookie settings on their website/mobile website browser to allow or block cookies. However, if cookies are disabled, personalized services may not be available.

    • Allow/Block Cookies in Website Browsers

    Chrome: Browser Settings > Privacy and Security > Clear Browsing Data

    Edge: Browser Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data


    Allow/Block Cookies in Mobile Website Browsers

    Chrome: Mobile Browser Settings > Privacy and Security > Clear Browsing Data

    Safari: Mobile Device Settings > Safari > Advanced > Block All Cookies

    Samsung Internet: Mobile Browser Settings > Clear Browsing History > Delete Browsing Data

Article 7. Destruction of Personal Information

  • The Company shall promptly destroy personal information when it is no longer necessary, including when the retention period has expired, or the purposes of processing have been accomplished.
  • The procedures and methods for the destruction of personal information are as follows:

    - Destruction Procedure: The Company selects personal information subject to destruction and proceeds with destruction after obtaining approval from the Personal Information Protection Officer.

    - Destruction Method: Personal information in electronic form is destroyed using technical methods that render it irretrievable. Personal information in physical form is destroyed by shredding or incineration.

  • In the event that the Company is required to retain personal information pursuant to applicable laws or regulations, even after the expiration of the retention period consented to by the User or the accomplishment of the processing purposes, the Company transfers such personal information to a separate database (DB) or stores it in a different location.

Article 8. Rights of User

  • The User may exercise their rights stipulated under applicable laws or regulations, including the right to request inspection, modification, deletion, or cessation of processing of their personal information, as well as the right to withdraw consent, at any time via written notice, email, fax, or other methods.
  • The User may exercise the above rights through their authorized representative, in which case the power of attorney must be submitted to the Company.
  • The User's request for inspection of, and cessation of processing of personal information may be restricted or denied in accordance with Article 35, Paragraph 4, and Article 37, Paragraph 2 of the PIPA.
  • The User may not exercise the right to request deletion of their personal information to the extent that the Company is required to retain such information pursuant to applicable laws or regulations.
  • The Company verifies whether the User's rights are exercised by the User themselves or their authorized representative.

Article 9. Security Measures for Personal Information

In accordance with Article 29 of the PIPA, the Company implements the following technical, administrative, and physical measures to ensure the secure processing of personal information:

  • Technical Measures

    - The User's personal information is protected by password and encryption, and separate security protocols, including encryption of files and data transmissions, are implemented to safeguard important data.

    - The Company implements protective measures, including the use of antivirus programs and software that are regularly updated, to prevent damage from computer viruses.

    - The Company implements an intrusion detection and firewall system, which are monitored and managed twenty-four (24) hours a day, to prevent the leakage or damage of the User's personal information caused by hacking, viruses, and other cyber threats.

  • Administrative Measures

    - The Company implements an internal management plan to ensure the secure processing of the User's personal information.

    - The Company grants access to the User's personal information only to a minimum number of authorized personnel.

    - The Company conducts regular training sessions for officers and employees who process the User's personal information to ensure they are up to date with security technologies and legal obligations regarding data protection of personal information.

    - All officers and employees processing the User's personal information are required to submit security pledges. The Company has established internal procedures to prevent information leakage and to monitor compliance with this Privacy Policy.

    - The transfer of responsibilities among officers and employees processing the User's personal information is conducted under secure conditions. The Company clearly defines accountability for any personal information breaches that occur during the onboarding and offboarding of its staff.

  • Physical Measures

    - The User's personal information is stored separately from other data.

    - The Company has designated specific areas as data centers or data storage rooms and restricts access to such areas.

Article 10. Personal Information Protection Officer

The Company designates the following individual as its Personal Information Protection Officer, responsible for supervising the processing of personal information, addressing User complaints, and providing remedies. The User may contact either the Personal Information Protection Officer or the Personal Information Protection Manager regarding any matters related to the processing of their personal information that may arise while using the Store.

Classification Name Position / Department Email Address Telephone Number
Personal Information Protection Officer Kyung-In Jung CEO contact@theblacklabel.com +82 1551-0391
Personal Information Protection Manager Chang-Hoon Lee Director / Business Strategy Development contact@theblacklabel.com +82 1551-0391

Article 11. Remedies for Infringement of Rights and Interests

If the User is not satisfied with the Company's response to a complaint or remedy, or if a dispute arises between the Company and the User, the User may contact the following institutions in the Republic of Korea to seek assistance.

Institution Website Telephone Number (only available in the Republic of Korea)
Personal Information Infringement Report Center https://privacy.kisa.or.kr 118
Personal Information Dispute Mediation Committee https://www.kopico.go.kr 1833-6972
Cybercrime Investigation Division of the Supreme Prosecutors' Office https://www.spo.go.kr 1301
Cyber Security Division of the National Policy Agency https://cyber.go.kr 182

Article 12. Amendment to Privacy Policy

  • This Privacy Policy shall take effect as of April 14, 2025.
  • If any amendments are made to this Privacy Policy, the Company shall disclose the amendment history in an appropriate manner.