Privacy policy

Article 1 (Purpose)

Namdo Market Co., Ltd. (hereinafter referred to as "Company") complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Act on Consumer Protection in Electronic Commerce, and other relevant laws to safely protect the personal information of ND CAREON+ service users and establishes and operates this Privacy Policy.

Article 2 (Purpose of Processing Personal Information)

① The Company processes collected personal information for the following purposes:

1. Member management: Used for identity verification, verification of organizational affiliation, and prevention of fraudulent use of Services.
2. Service provision: Used for product orders, payment, delivery, exchange and refund processing, and customer consultation.
3. Transaction management: Used for purchase and fee payment, settlement, and preservation of transaction records.
4. Marketing and advertising (with optional consent): Used for event notifications, customized product recommendations, and provision of advertising information.

② If the purpose of use changes, the Company shall obtain separate consent and implement necessary measures.

Article 3 (Personal Information Items Processed)

① The Company collects the minimum personal information necessary for service provision, and the items are as follows:

1. At the time of membership registration: Name, organization name, department/position (optional), email (ID), password, mobile phone number
2. At the time of order and payment: Recipient name, delivery address, mobile phone number, payment information (card company name, approval number, etc. – however, the Company does not retain original payment information)
3. Automatically collected during service use: Access IP, device information, cookies, usage records, payment records

② The Company does not collect sensitive information (information defined in Article 23 of the Personal Information Protection Act, such as race, ideology, health, etc.).

Article 4 (Period of Processing and Retention of Personal Information)

① The Company retains and uses personal information until the purpose of collection and use is achieved. However, it is retained for a certain period in accordance with relevant laws:

1. Records related to contracts, withdrawal of offers, payments, and supply of goods: Retained for 5 years.
2. Records related to consumer complaints or dispute resolution: Retained for 3 years.
3. Records related to electronic financial transactions: Retained for 5 years.
4. Website access records: Retained for 3 months.

② If necessary in accordance with laws or internal company policies, the above period may be exceeded with consent.

Article 5 (Provision of Personal Information to Third Parties)

① The Company does not, in principle, provide users' personal information to third parties. However, the following cases are exceptions:

1. When the user has given prior consent.
2. When required by investigative agencies, courts, or other relevant authorities pursuant to law.
3. Providing the name, contact information, and delivery address to sellers (Wholesale Members) to the extent necessary for product ordering and delivery operations.

② When obtaining consent for third-party provision, the Company clearly notifies the recipient, the purpose of provision, the retention period, etc.

Article 6 (Entrustment of Personal Information Processing)

① The Company entrusts the processing of personal information for the smooth provision of services.

② The main entrusted parties and the details of entrusted work are as follows:

③ When entering into an entrustment contract, the Company stipulates provisions regarding the prohibition of personal information processing, technical and administrative protective measures, restrictions on re-entrustment, management and supervision, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and manages and supervises compliance therewith.

④ If the entrusted party or the details of entrusted work change, it shall be disclosed without delay.

Article 7 (Destruction of Personal Information)

① The Company destroys the relevant personal information without delay when the retention period has expired or the purpose of processing has been achieved.

1. Electronic file format: Permanently deleted by irreversible methods.
2. Paper documents: Destroyed by shredding or incineration.

② If certain information must be retained pursuant to law, it shall be destroyed immediately upon expiration of the applicable period.

Article 8 (Rights and Obligations of Users and Methods of Exercise)

① Users may request access to, correction of, deletion of, or suspension of processing of their personal information at any time.

② Users may request withdrawal from the Service, and the Company shall delete personal information without delay, except for the period prescribed by relevant laws.

③ Users may withdraw their consent to receive marketing information at any time.

④ Users may refuse to consent to the collection, use, and provision of personal information; however, in such cases, there may be restrictions on the use of Services.

⑤ The Company guarantees the above rights through identity verification procedures and shall notify the reasons if the request is rejected for legitimate reasons.

Article 9 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

① The Company installs and operates cookies to provide customized services.

② Users may reject the storage of cookies through browser settings. However, if cookie storage is rejected, there may be restrictions on the use of some services.

③ The Company may use external analysis tools such as Google Analytics, and in such cases, the relevant details shall be announced.

Article 10 (Measures to Ensure the Safety of Personal Information)

① The Company takes the following measures to prevent personal information from being lost, stolen, leaked, forged, altered, or damaged:

1. Administrative measures: Minimization and training of employees handling personal information, establishment and implementation of internal management plans
2. Technical measures: Encryption of personal information, installation and regular inspection of security programs, retention and prevention of tampering of access records
3. Physical measures: Access control to computer rooms and data storage rooms

② In the event of a personal information breach, the Company shall carry out notification procedures in accordance with the law.

Article 11 (International Transfer of Personal Information)

① The Company does not, in principle, transfer personal information overseas.

② However, when using cloud servers or overseas advertising services (Google, Meta, etc.), the Company may transfer personal information overseas with the user's consent, and in such cases, shall provide prior notice of the country of transfer, date and time of transfer, items, retention period, etc.

Article 12 (Personal Information Protection Officer)

① The Company designates a Personal Information Protection Officer to oversee the processing of personal information and to handle user complaints and damage relief related to personal information.

• Personal Information Protection Officer: Head of Management Support Team
• Contact: cs@ndmarket.co.kr / 02-779-7070

Article 13 (Changes to the Privacy Policy)

① This Privacy Policy shall be effective from [Month] [Day], 2025.

② The Company may revise this Policy in accordance with changes in laws, policies, or internal operating guidelines, and shall provide notice at least 7 days prior to the revision.