1. EODI SHOE Co., Ltd. (hereinafter referred to as the "Company") collects essential personal information with the user's consent to provide services. Personal information refers to data related to users and patients (subjects) that can be used to identify an individual, including but not limited to name, phone number, and address.
2. The Company treats users' personal information with great care and complies with the Protection of Communications Secrets Act, the Telecommunications Business Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the "Personal Information Protection Guidelines" established by the Korea Communications Commission.
3. The Company strives to protect users' rights through its Privacy Policy in accordance with relevant laws and regulations.
The Company collects only the minimum necessary personal information required to provide services upon membership registration. The collected information includes the following:
1. Collected through third-party provision: Name, Nickname, Date of Birth
– When collecting personal information of children under the age of 14, the consent of a legal guardian is verified, and identity verification is required for the guardian to exercise rights.
Recent login time, location information, IP address, device identifier, device type
(Location information is not disclosed to anyone other than the user-designated individuals.)
The Company obtains consent from members regarding the collection and use of their personal information. During the membership registration process, a consent procedure for the Privacy Policy is provided, and clicking the "Agree" button is considered as consent to the collection and use of personal information. However, in the following cases, prior consent for the collection and use of personal information may not be required:
1. When it is necessary to fulfill a contract related to the provision of information and communication services, and obtaining general consent is clearly difficult due to economic or technical reasons.
2. When it is necessary for billing and settlement related to the provision of information and communication services.
3. When there are special provisions under other laws.
1. Fulfillment of service-related contracts and implementation of service functions.
2. Member management and user protection, including identity verification, personal identification, handling complaints, notification delivery, and prevention of fraudulent use by unauthorized users.
3. Development of new services, marketing, and advertising utilization.
1. The Company does not use or provide a member’s personal information beyond the scope specified in the [Purpose of Collecting and Using Personal Information] without the member's consent, except as required by law.
2. If the Company provides personal information, it will notify the member individually via website, email, written document, or phone regarding the recipient, purpose of use, items provided, and retention period. Prior consent will be obtained, except in the following cases where personal information may be provided without the member’s consent:
⸰ When necessary for billing and settlement of service fees.
⸰ When used for statistical analysis, research, or market surveys in a form that does not identify individuals.
⸰ When required by law.
• Users may view or modify their personal information at any time through ‘My Page > Profile.’
• Users may withdraw their consent to the collection and use of personal information at any time by opting for ‘Membership Withdrawal.’
• For children under the age of 14, their legal representative has the right to view or modify the child’s personal information and withdraw consent for collection and use.
Members may withdraw their consent for the collection, use, and provision of personal information at any time after agreeing to it during registration.
Contact the company's main office number → Identity verification → Deletion
1. The Company retains members' personal information for as long as they maintain their membership.
2. If a member withdraws consent (membership termination), the collected personal information will be deleted one year after the withdrawal date, and it will not be used for any purpose except as required by specific legal provisions.
The company will destroy personal information without delay once the purpose of collection and use has been achieved, after prior notification and obtaining consent from the member. The destruction procedure and methods are as follows:
1. Destruction Procedure
⸰ Personal information entered by the member is transferred to a separate database (DB) once the purpose of collection and use is achieved. It is then stored for a certain period according to internal policies and relevant legal provisions for data protection before being irreversibly destroyed.
⸰ Personal information transferred to a separate DB will not be used for any purpose other than those mandated by law.
2. Destruction Method
⸰ Personal information stored in electronic file format is deleted using a technical method that prevents data recovery.
⸰ Personal information printed on paper is shredded or incinerated for complete destruction.
The company takes the following technical and managerial measures to ensure that members' personal information is not lost, stolen, leaked, altered, or damaged.
1. Technical Measures
⸰ Members' passwords are encrypted so that even administrators cannot access individual passwords.
⸰ Access rights are restricted for unauthorized IPs, preventing access to servers containing personal information from outside the company's internal network. Additionally, the company enforces system security measures such as blocking unauthorized ports.
⸰ All personal information, including location data, is encrypted during transmission and reception.
2. Managerial Measures
⸰ The company has designated a dedicated department with a minimal number of authorized personnel responsible for managing access to personal information.
⸰ The handover process for employees handling personal information is strictly managed to ensure security, and clear accountability is established for personal information incidents upon hiring and resignation.
• Department: LBS Business Division
Contact: 1106kiho@naver.com
This policy will take effect on September 1, 2024.