Chat with us

Recommended keywords

Trending searches

  1. 1SKIN1004
  2. 2Retinal
  3. 3Dr.Althea
  4. 4Retinol Apmoule
  5. 5Centellian24
  1. 6Purito
  2. 7Genabelle
  3. 8ELROEL
  4. 9moev
  5. 10lilyeve

Privacy and Security

StyleKorean.com (hereinafter referred to as the "Company" or "StyleKorean") values the protection of users' personal information and complies with applicable laws and regulations, including the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the General Data Protection Regulation (GDPR).
The Company implements technical and administrative safeguards to prevent loss, theft, leakage, alteration, or damage of users' personal information and strives to manage such information securely.
This Privacy Policy explains the types of personal information collected by the Company, the purposes of use and processing, the retention and use period, and users' rights and how to exercise them.
Article 1. Purpose of Processing Personal Information
1. The Company collects only the minimum personal information necessary to provide its services. If additional personal information is required to offer personalized services based on users’ preferences and interests, the Company will obtain prior consent.
2. Members may refuse consent for optional items without restriction on basic service use; however, some features may be limited. Non-members may refuse consent to the collection and use of personal information, but this may restrict product purchases and service use.
3. The Company does not collect sensitive personal information, including race or ethnicity, religion or philosophical beliefs, country of origin, political opinions, criminal records, health or medical information, or sexual orientation. However, in the course of providing global services, if information classified as “Sensitive Personal Information” under the definitions of local laws (e.g., CPRA) is processed, the Company complies with the protective measures required by such laws. Specific details regarding such processing are clearly provided in the country-specific notices (e.g., Article 8) of this Privacy Policy.
Classification Purpose of Use Details of Information Collected
Mandatory Member Management - Verification of intent to register and confirmation of consent
- User identification and account authentication
- Maintenance and management of membership status
- Prevention of fraudulent use and unauthorized access
- Provision of notices, announcements, and customer communications
- Handling of customer inquiries and complaints
Contract Performance and Service Operation - Processing of product orders, payments, deliveries, returns and refunds
- Performance of contracts for purchase agreements and service provision
- Customer support related to transactions and services
- Processing of payment information related to the purchase of goods or services
- Entrustment of personal information processing in connection with service use and information processing
Optional Marketing and Personalized Services - Provision of personalized services, convenience, and benefits based on user preferences and characteristics
- Delivery of event, promotion, and marketing information (with prior consent)
- Analysis of service usage and marketing trends at an individual or group level
- Improvement of products, services, and user experience
Other Event Participation and Promotion Management - Provision of information related to events and promotions
- Support for event participation through the website, email, social media, and other channels
Service Usage Data and Operational Analysis - Analysis of user interests and service usage patterns
- Service improvement through statistical analysis and internal research
- Prevention of fraudulent transactions and abnormal usage
- Retention of records for dispute resolution and compliance with legal obligations
Article 2 (Categories of Personal Information Processed)
The Company collects and processes the following personal information for the provision of its services.
(1) Categories of personal information processed without the consent of the data subject
(2) Categories of personal information processed with the consent of the data subject
Personal information processed in accordance with Article 15(1)1 and Article 22(1)7 of the Personal Information Protection Act
Classification Method of Collection Items Collected and Processed
Mandatory At the Time of Membership Registration - Mandatory items: Name, date of birth, ID, password, email, address, phone number (mobile and home), address
- Optional items: Nickname, profile image
During Product Order, Payment, Delivery, and Refund (Members) - Delivery information: Name, contact number, address, email address
- Payment information: Payment method details
- Transaction information: Order and refund history
During Product Order, Payment, Delivery, and Refund (Non-Members) Delivery information: Name, contact number, address, email address Payment information: Payment method details Transaction information: Order and refund history
When Submitting Customer Inquiries or Complaints Personal information necessary to process inquiries Details of customer inquiries and consultation records
Optional With Consent for Service Improvement and Usage Analysis Name, date of birth, ID, email address, phone number, address Payment methods, order and refund history Customer inquiry records Curation information based on service usage records and purchase history Personalized information voluntarily provided by the user or generated during service use, such as skin type, skin concerns, and preferred categories
Other Automatically Collected During Service Use Access logs, IP address, cookies, browser type, and device information
2. Legal Basis for Processing Personal Information
The Company processes personal information based on the following legal grounds:
  • The data subject’s explicit consent
  • Necessity for the performance of a contract and the provision of services
  • Compliance with legal obligations under applicable laws and regulations
  • The Company’s legitimate interests, including the prevention of fraudulent use, enhancement of security, ensuring service stability, and improvement of services
Article 3 (Personal Information of Children)
  • The Company does not process personal information of children under the age of 14 (or under the age of 16 for residents of the EEA and California, USA, or under the minimum age prescribed by the laws of the country of residence).
Article 4 (Entrustment of Personal Information Processing)
Article 5 (Notice on Overseas Transfer of Personal Information)
The Company transfers personal information overseas to ensure the smooth provision of services. In accordance with Article 28-8(2) of the Personal Information Protection Act and other applicable laws and regulations, details regarding overseas transfers are provided below.
Data subjects may refuse the overseas transfer of their personal information; however, refusal may restrict the use of certain services, such as payment processing, delivery, personalized services, and the provision of advertisements.
If a data subject does not wish for their personal information to be transferred overseas, they may withdraw from membership through My Page > Account Settings > Membership Withdrawal. Membership withdrawal is at the user's discretion.
1. Legal Basis for Overseas Transfer
Article 28-8(1)3 of the Personal Information Protection Act
(Where entrustment or storage of personal information is necessary for the performance of a contract)
The data subject's explicit consent
2. Status of Overseas Transfer of Personal Information
① Overseas Transfer Related to Payment Processing and Contract Performance
Recipient
(Data Processor)		 Transferred Personal Information Purpose of Transfer Country of Transfer Timing and Method of Transfer Retention / Use Period
PayPal Name, address, billing address, shipping address, email address, IP address, payment information. Payment processing and application of Seller Protection policies
International payment processing		 United States Transferred via network at the time of service use Until the purpose of transfer is fulfilled
Eximbay Republic of Korea
Klarna Sweden
VTPAY Republic of Korea
Apple Pay payment tokens Payment approval and settlement
Payment authentication processing
Provision of Buy Now, Pay Later (BNPL) services		 United States Until the purpose of transfer is fulfilled
AMEX United States
Adyen Payment processing and acquiring services Risk management EU Until termination of the contract
② Overseas Transfer Related to Delivery Services
Recipient
(Data Processor)		 Transferred Personal Information Purpose of Transfer Country of Transfer Timing and Method of Transfer Retention / Use Period
DHL Name, address, contact information, shipping information, email address, and personal customs clearance number International express delivery
International shipping
International customs clearance coordination
Global shipping solutions
Overseas shipping agency services
Customs duty payment agency services		 United States Transferred via network upon shipment request Retained until delivery is completed
FedEx United States
UPS United States
Aramex UAE
Parxl Singapore
③ Overseas Transfer Related to Service Operations, Analytics, and Marketing
Recipient
(Data Processor)		 Transferred Personal Information Purpose of Transfer Country of Transfer Timing and Method of Transfer Retention / Use Period
Amazon Web Services (AWS) Personal information collected and generated during service use Server operations and data storage United States Transferred via network upon service use Retained until membership withdrawal or withdrawal of consent
Google Analytics Encrypted member identification information and usage records Analysis of service usage statistics United States Transferred via network upon service use Retained until membership withdrawal or withdrawal of consent
Amplitude Encrypted member identification information and usage records User behavior analysis United States Transferred via network upon service use For 30 days after membership withdrawal
Braze Encrypted member identification information and usage records CRM management and delivery of personalized messages United States Transferred via network upon service use Retained until membership withdrawal or withdrawal of consent
Google Encrypted member identification information and usage records Provision of advertisements and behavioral analysis United States Transferred via network upon service use Retained until membership withdrawal or withdrawal of consent
META (Instagram, Facebook) Encrypted member identification information and usage records Provision of advertisements and behavioral analysis United States Transferred via network upon service use Retained until membership withdrawal or withdrawal of consent
Criteo Encrypted member identification information and usage records Provision of personalized advertisements United States Transferred via network upon service use Retained until membership withdrawal or withdrawal of consent
Salesforce Encrypted member identification information and usage records CRM management and delivery of personalized messages United States Transferred via network upon service use Retained until membership withdrawal or withdrawal of consent
Mailchimp Encrypted member identification information and usage records CRM management and delivery of personalized messages United States Transferred via network upon service use Retained until membership withdrawal or withdrawal of consent
FingerPush Encrypted member identification information and usage records CRM management and delivery of personalized messages United States Transferred via network upon service use Retained until membership withdrawal or withdrawal of consent
Article 6 (Retention, Processing Period, and Destruction of Personal Information)
1. The Company shall promptly destroy personal information once the purpose of collection and use has been fulfilled, or within 30 days from the date of membership withdrawal.
However, if applicable laws require the retention and processing of personal information for a certain period, or in the following cases, the Company shall securely retain such personal information for the required period and use it only within the scope of the stated purpose:
  • Where investigations or inquiries are in progress due to violations of applicable laws: Until such investigations or inquiries are completed
  • Where rights and obligations arising from the use of services remain outstanding: Until such rights and obligations are settled.
2. Notwithstanding Paragraph 1, personal information that the Company is required to retain under applicable laws shall be retained until the end of the applicable period as follows:
① Act on Consumer Protection in Electronic Commerce, etc.
  • Records related to contracts or withdrawal of subscription: 5 years
  • Records related to payment and supply of goods or services: 5 years
  • Records related to consumer complaints or dispute resolution: 3 years
  • Records on display and advertising: 6 months
② Protection of Communications Secrets Act
  • Computer communications log records: 3 months (The most recent access date is excluded for the purpose of verifying service usage periods.)
③ Framework Act on National Taxes
  • Books and evidentiary documents regarding all transactions: 5 years
3. In order to minimize potential loss or damage caused by repeated membership withdrawal and re-registration, and to enable account reactivation upon the user's request, personal information that is not subject to statutory retention obligations shall be destroyed immediately upon membership withdrawal.
The minimum information necessary for preventing re-registration abuse and protecting accounts may be retained for a limited period and then destroyed.
4. The procedures and methods for the destruction of personal information are as follows:
① Destruction Procedure
The Company selects personal information for which a reason for destruction has arisen and destroys such personal information upon approval by the Company's Chief Privacy Officer.
② Destruction Methods
  • Personal information recorded and stored in electronic file formats: Securely deleted using technical methods that render the data irrecoverable
  • Personal information printed on paper: Destroyed by shredding or incineration
Article 7 (Additional Notice for California Residents)
(California Consumer Privacy Act, CPRA)
This Article applies to users who reside in the State of California and explains how StyleKorean collects, uses, and shares personal information, as well as the rights of users, in accordance with the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (CPRA).
This notice is based on the Company's personal information processing activities during the current period and the preceding twelve (12) months.
1. Categories of Personal Information Collected
StyleKorean may collect and process the following categories of personal information:
  • Identifiers
    :Name, email address, IP address, account identifiers, and similar information
  • Commercial Information
    :Purchase, order, payment, and refund history; shopping cart records
  • Characteristics of Protected Classifications
    :Age, gender, and other characteristics protected under U.S. or California law
  • Internet or Other Electronic Network Activity Information
    :Website visit history, search activity, click activity, and usage logs
  • Geolocation Data
    :City- or country-level location information
  • Audio, Electronic, or Visual Information
    :Call recordings related to customer service inquiries
  • Inferences
    :Profile information reflecting purchasing tendencies, interests, and preferred categories
※ For detailed information regarding specific data elements collected and their sources, please refer to the sections titled "Personal Information Collected" and "Purposes of Use" in this Privacy Policy. In principle, each category of personal information is destroyed without delay upon the achievement of the purpose of collection or upon membership withdrawal. However, where retention is required by applicable laws, the information is retained for the period prescribed by such laws. Specific retention periods for each item can be found in Article 6.
2. Categories of Recipients of Personal Information (Past 12 Months)
StyleKorean has disclosed personal information to the following categories of recipients for business purposes:
Categories of Personal Information Categories of Recipients
Identifiers Advertising and marketing partners; data analytics providers; payment processors; logistics and delivery partners; customer support partners; cloud service providers; security and system maintenance providers
Commercial Information Payment processors; logistics and delivery partners; customer support partners; fraud prevention partners
Characteristics of Protected Classifications Advertising and marketing partners; customer feedback platforms
Internet or Other Electronic Network Activity Information Advertising and marketing partners; data analytics providers; cloud service providers
Geolocation Data Advertising and marketing partners; data analytics providers
3. Rights of California Residents
California residents have the following rights:
① Right to Know/Access
California residents may request information regarding the personal information that StyleKorean has collected, used, or shared.
② Right to Correct
California residents may request the correction of inaccurate personal information.
③ Right to Delete
Unless an exception applies under applicable laws, California residents may request the deletion of personal information collected and retained by StyleKorean.
④ Right to Opt-Out of Sale or Sharing
  • StyleKorean does not sell personal information in exchange for monetary or other valuable consideration.
  • However, StyleKorean may share personal information with advertising partners for the purpose of providing personalized advertising, which may constitute cross-context behavioral advertising under applicable laws.
  • Users have the right to opt out of such sharing at any time.
⑤ Right to Limit Use and Disclosure of Sensitive Personal Information
  • StyleKorean may collect sensitive personal information, including IDs, passwords, and payment information provided by users, for the provision of services. Users have the right to request that StyleKorean limit the use and disclosure of their sensitive personal information if it is used or disclosed beyond what is necessary to provide the services (e.g., product delivery, payment processing).
⑥ Right to Non-Discrimination
California residents shall not be discriminated against for exercising any of the rights described above.
Article 8 (Additional Notice for Residents of the European Economic Area (EEA))
(General Data Protection Regulation, GDPR)
This Article applies to residents of the European Economic Area (EEA). StyleKorean processes personal information based on the following legal grounds in accordance with the GDPR.
1. Legal Bases for Processing Personal Information
  • Consent of the data subject
  • Performance of a contract with the user
  • Compliance with legal obligations
  • Protection of the vital interests of the data subject or another natural person
  • Legitimate interests of StyleKorean
    (provided that such interests do not override the fundamental rights and freedoms of the data subject)
2. Rights of EEA Residents
EEA residents have the following rights:
① Right of Access
The right to obtain confirmation as to whether personal information concerning them is being processed and whether such processing is lawful.
② Right to Data Portability
The right to receive a copy of personal information in an electronic format and to request its transfer to another service provider.
③ Right to Rectification
The right to request correction of inaccurate personal information.
④ Right to Erasure (Right to be Forgotten)
The right to request the erasure of personal information when conditions for erasure under the GDPR are met.
⑤ Right to Withdraw Consent
The data subject has the right to withdraw consent at any time regarding processing based on consent.
⑥ Right to Restriction of Processing
The right to request restriction of processing in the following cases:
  • Where the accuracy of personal information is contested
  • Where processing is unlawful and the data subject requests restriction instead of deletion
  • Where personal information is required for legal claims
  • Where a balancing of legitimate interests and the data subject's rights is required
⑦ Right to Object
The right to object to processing for legitimate interests or direct marketing purposes.
⑧ Right not to be Subject to Automated Decision-making
The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects the data subject.
⑨ Right to Lodge a Complaint
The right to lodge a complaint regarding the processing of personal information with the supervisory authority of the Member State of the data subject's habitual residence, place of work, or place of the alleged infringement.
3. Designation of EU Representative
The Company has designated a representative to handle inquiries regarding personal information protection for EEA residents as follows:
  • Representative Name: Sungwoon Kim
  • Address: Powstańców Śląskich 7a, 53-332 Wrocław
  • Email: jasonkim@siliconii.net
4. Cookies
For EEA residents, analytical cookies and marketing/advertising cookies (excluding cookies essential for service provision) or similar technologies are used only with the user's prior consent. Users may change or withdraw their consent to the use of cookies at any time through the methods described in Article 9. Such withdrawal applies only to processing after the withdrawal and does not affect processing that has already occurred.
5. Basis for Overseas Transfer for EEA Residents
When personal information of EEA residents is transferred to a third country outside the Republic of Korea or the European Union, the Company transfers personal information based on one of the following lawful bases in accordance with GDPR Chapter V:
  • Transfer to a country with an Adequacy Decision or to an organization within the US participating in the EU-US Data Privacy Framework (DPF);
  • Execution of Standard Contractual Clauses (SCCs) approved by the European Commission (applying additional technical and administrative safeguards such as encryption, access control, and internal management procedures if necessary); or
  • Where the user's explicit consent has been obtained, or where the transfer is necessary for the performance of a contract with the user (e.g., shipping of goods, payment processing).
Article 9 (Operation of Automatic Data Collection Devices and Opt-Out)
1. Operation of Automatic Data Collection Devices (Cookies)
StyleKorean uses cookies to provide more personalized services to users.
Cookies are small text files stored on a user's device (PC, smartphone, tablet, etc.) during website use, allowing the website to recognize the user upon return visits.
Information collected through cookies does not include personally identifiable information. Cookies may be deleted when the browser is closed or the user logs out.
Collected cookie information is used for the following purposes:
  • Analysis of service usage frequency, visit times, user interests and preferences, and event participation
  • Provision of personalized services and product recommendations tailored to user preferences
  • Analysis of user behavior patterns for service improvement and enhancement of the user environment
Users may choose to allow all cookies, receive notifications when cookies are set, or block all cookies.
■ How to Block Cookies by Browser
① Internet Explorer (IE 11)
  • Open Internet Explorer and select "Tools" (gear icon)
  • Click "Internet Options"
  • Select the "Privacy" tab → Advanced
  • Set cookie blocking or allowance
② Microsoft Edge
  • Open Edge and click "..." in the upper right corner → Settings
  • Select "Privacy, search, and services"
  • Choose a tracking prevention level
  • Scroll down and set "Send 'Do Not Track' requests"
③ Chrome
  • Click ":" in the upper right corner → Settings
  • Select "Privacy and security" → Site settings
  • Select "Cookies and site data"
  • Enable "Block third-party cookies"
■ Mobile Cookie and Tracking Opt-Out
  • iOS: Settings > Privacy & Security > Tracking → Turn off "Allow Apps to Request to Track"
  • Android: Settings > Google > Ads → Reset advertising ID / Opt out of personalized ads
※ Menu paths and names may vary depending on device and OS version.
2. Use of Web Analytics Tools
StyleKorean uses web analytics tools such as Google Analytics to analyze website usage records for service improvement and optimization of the user experience.
No personally identifiable information is processed during this process, and Google's handling of information is governed by Google's Privacy Policy.
Users who do not wish to use Google Analytics may opt out by installing the browser add-on provided at the links below:
  • Chrome: Google Analytics Opt-out Browser Add-on
  • Internet Explorer and other browsers: Same add-on available
Google Analytics opt-out and privacy information:
Article 10 (Collection, Use, Provision, and Opt-Out of Behavioral Information)
1. The Company collects and uses behavioral information generated during service use to analyze users' interests and tendencies, and to provide personalized services.
2. The Company collects behavioral information as follows:
  • Legal basis: Article 15(1)(4) of the Personal Information Protection Act
Categories of Behavioral Information Collected Method of Collection Purpose of Collection Retention and Use Period / Subsequent Processing
Login and sign-up access records, product view history, items added to cart, order and purchase completion records Automatically collected and transmitted during website/app use Analysis of customer activity and provision of personalized recommendations Retained until membership withdrawal and then destroyed
3. The Company may allow the following online customized advertising providers to collect and process behavioral information:
  • Advertising providers that collect and process behavioral information
    Google Ads, META(Instagram, Facebook), Twitter, Snapchat, TikTok, Amazon Ads, Criteo
  • Method of collection
    Automatically collected and transmitted during website and app usage
  • Categories of behavioral information collected and processed
    Web/app visit history, search history, purchase history
  • Retention and use period
    Until membership withdrawal or termination of the relevant contract
If users do not wish to have their behavioral information collected or to receive customized advertisements, they may opt out through the links below:
4. Contact for Behavioral Information Requests:
  • Chief Privacy Officer: Jaewon Kim (jaewon@siliconii.net)
  • Contact: StyleKorean Customer Service Center
Article 11 (Provision of Personal Information to Third Parties)
The Company provides personal information to third parties only with the user's consent or where permitted by the Personal Information Protection Act or other applicable laws.
Article 12 (Measures to Ensure the Security of Personal Information)
The Company implements the following technical, administrative, and physical safeguards to prevent loss, theft, leakage, forgery, alteration, or damage of personal information.
1. Technical Safeguards
  • Personal information is protected by passwords, and sensitive information is encrypted when stored.
  • Security programs are installed and regularly updated to protect personal information from external threats such as computer viruses, malware, and hacking.
  • Encrypted communication technologies (e.g., SSL) are applied to ensure secure transmission of personal information.
  • Security monitoring, vulnerability assessments, intrusion prevention, and detection systems are regularly operated to identify and respond to suspicious activities.
2. Administrative Safeguards
  • Access to personal information is restricted to the minimum number of personnel necessary for business operations, and regular security training is provided to employees handling personal information.
  • Access rights are granted, modified, and revoked in accordance with internal management procedures, and misuse or abuse of access rights is periodically reviewed.
  • Compliance with personal information protection laws is continuously monitored through internal audits and inspections.
  • When personal information processing is outsourced, the Company thoroughly supervises and manages service providers.
3. Physical Safeguards
  • Access control procedures are implemented for areas where personal information is stored, such as data centers and document storage rooms, ensuring that only authorized personnel may enter.
Article 13 (Chief Privacy Officer)
1. The Company appoints a Chief Privacy Officer to oversee personal information processing and to handle complaints, inquiries, and remedies related to personal information protection, as follows:
2. Users may contact the Chief Privacy Officer or the relevant department regarding any inquiries, exercise of rights, complaints, or remedies related to personal information protection arising from the use of the Company's services.
Article 14 (Reporting and Consultation on Personal Information Infringement)
If consultation or reporting related to personal information infringement is required, assistance may be obtained from the following institutions:
※ These institutions are independent from the Company and provide general consultation related to personal information infringement.
Article 15 (Amendment of the Privacy Policy)
1. The Company may amend this Privacy Policy in accordance with changes in applicable laws or services. Any revisions or updates will be announced on the Company's website. In the case of material changes, prior notice will be provided at least seven (7) days in advance.
2. This Privacy Policy shall take effect as of January 1, 2026.
3. Previous versions of the Privacy Policy may be reviewed below: