개인정보처리방침
Tiger Quantum Co., Ltd. Privacy Policy
Tiger Quantum Co., Ltd. (hereinafter referred to as the "Company") complies with the 「Personal Information Protection Act」 and relevant laws and regulations to protect the freedoms and rights of data subjects while operating the HARU HUGA Official Online Mall (hereinafter referred to as the "Mall").
The Company processes personal information lawfully and manages it safely. In accordance with Article 30 of the 「Personal Information Protection Act」, the Company establishes and discloses this Privacy Policy to guide data subjects through the procedures and standards for processing and protecting personal information, and to handle related grievances swiftly and smoothly.
Table of Contents
-
Purpose of Processing, Items Processed, and Retention/Use Period of Personal Information
-
Processing of Personal Information of Children Under the Age of 14
-
Destruction Procedures and Methods of Personal Information
-
Third-Party Provision of Personal Information
-
Consignment of Personal Information Processing
-
Overseas Transfer of Personal Information
-
Measures to Ensure the Safety of Personal Information
-
Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
-
Collection, Use, and Refusal of Behavioral Information
-
Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives
-
Chief Privacy Officer and Department in Charge of Privacy Grievances
-
Remedies for Infringement on Rights and Interests of Data Subjects
-
Amendments to the Privacy Policy
1. Purpose of Processing, Items Processed, and Retention/Use Period of Personal Information
The Company processes personal information within the minimum scope necessary to provide services. The processed personal information will not be used for purposes other than those specified below. If the purpose of use changes, necessary measures will be implemented, such as obtaining separate consent in accordance with relevant laws and regulations.
1-1. Personal Information Processed Without the Consent of the Data Subject
Pursuant to relevant laws and regulations, such as the conclusion/performance of a contract or compliance with legal obligations, the Company may process the following personal information without the explicit consent of the data subject.
| Legal Basis | Classification | Purpose of Processing | Items Processed | Retention & Use Period |
|
Article 15 (1) 4 of PIPA (Conclusion/Performance of Contract) |
Membership Registration & Management | Confirmation of intent to join, provision of member-only services, identification, maintenance/management of membership status, prevention of fraudulent use, delivery of announcements | Name, email address, mobile phone number, password, Member ID, date/time of registration, membership status | Until withdrawal of membership. (Or until the expiration of the period required by relevant laws) |
|
Article 15 (1) 4 of PIPA (Conclusion/Performance of Contract) |
Order & Payment Processing | Product ordering, payment approval, payment cancellation, refund, transaction history verification | Buyer's name, buyer's email address, buyer's mobile phone number, order details, payment amount, payment method, payment approval number, refund account information (if necessary) | Until the supply of goods and payment/settlement are completed. (Or until the expiration of the period required by relevant laws) |
|
Article 15 (1) 4 of PIPA (Conclusion/Performance of Contract) |
Product Delivery | Product shipping, delivery address verification, delivery status updates, return/exchange collection | Recipient's name, recipient's mobile phone number, delivery address, shipping requests, tracking number | Until delivery and return/exchange processing are completed. (Or until the expiration of the period required by relevant laws) |
|
Article 15 (1) 4 of PIPA (Conclusion/Performance of Contract) |
Non-Member Orders | Processing non-member orders, order history inquiries, payment/delivery/exchange/return processing | Buyer's name, buyer's email address, buyer's mobile phone number, password for non-member order inquiry, recipient's name, recipient's mobile phone number, delivery address, order details, payment information | Until the supply of goods and payment/settlement are completed. (Or until the expiration of the period required by relevant laws) |
|
Article 15 (1) 4 of PIPA (Conclusion/Performance of Contract) |
Customer Consultation & Grievance Handling | Inquiry response, complaint handling, exchange/return/refund guidance, dispute resolution | Name, email address, mobile phone number, order number, consultation details, consultation date/time, attached files, processing results | 3 years after completion of consultation, or until the retention period required by relevant laws |
|
Article 15 (1) 4 of PIPA (Conclusion/Performance of Contract) |
Review & Post Management | Product review composition, post management, prevention of fraudulent reviews, service quality management | Member ID, name or nickname, order history, review content, attached photos/videos, date/time of composition | Until the post is deleted or membership is withdrawn. (Or until the expiration of the period required by relevant laws) |
|
Article 15 (1) 2 of PIPA (Compliance with Legal Obligations) |
E-commerce Record Retention | Retention of records on contracts or withdrawal of subscription, payment, supply of goods, consumer complaints/dispute resolution | Records of contracts/subscription withdrawals, payment and delivery records, consumer complaints or dispute resolution records | Until the period designated by relevant laws and regulations |
|
Article 15 (1) 2 of PIPA (Compliance with Legal Obligations) |
Access Log Retention | Compliance with legal obligations such as retaining telecommunications confirmation data | Date/time of access, IP address, access logs | Until the period designated by relevant laws and regulations |
1-2. Personal Information Processed Upon Obtaining Consent from the Data Subject
The Company processes the following personal information after obtaining consent from the data subject. Data subjects have the right to refuse consent; even if they refuse, basic product purchases and service utilization are still available. However, services or benefits contingent upon such consent may be restricted.
| Legal Basis | Classification | Purpose of Processing | Items Processed | Retention & Use Period |
|
Article 15 (1) 1 of PIPA (Consent) |
Marketing Information Reception | Information on new products, events, promotions, discount coupons, brand content, customized benefits | Name, email address, mobile phone number, date of birth, gender, products of interest, purchase history, marketing reception consent status | Until withdrawal of consent or membership withdrawal |
|
Article 15 (1) 1 of PIPA (Consent) |
Personalized Service Provision | Product recommendations of interest, benefits based on purchase history, guides based on shopping cart/wishlist | Member ID, purchase history, shopping cart information, wishlist, products of interest, access and usage logs | Until withdrawal of consent or membership withdrawal |
|
Article 15 (1) 1 of PIPA (Consent) |
Event Participation & Prize Delivery | Event participation verification, winner selection, prize delivery, public taxes and utilities/withholding tax processing (if necessary) | Name, mobile phone number, email address, delivery address, SNS account name, event participation history, copy of ID or Resident Registration Number (RRN) (limited to cases requiring public taxes/utilities processing) | [OO] months after event conclusion and prize delivery. However, if retention is required by laws for tax processing, etc., until the end of such legal period. |
|
Article 15 (1) 1 of PIPA (Consent) |
Review & Content Utilization | Utilization of reviews, photos, and videos on the Company’s mall, SNS, advertisements, and product detail pages | Name or nickname, review content, photos, videos, SNS account name | Until withdrawal of consent or achievement of utilization purpose |
1-3. Information Automatically Generated and Collected During Service Utilization
The following information may be automatically generated or collected during the course of using the service.
| Classification | Items Collected | Purpose of Processing | Retention & Use Period |
| Service Usage Records | Access date/time, IP address, browser information, device information, operating system information, cookies, visited pages, click history, purchase conversion history | Ensuring service stability, preventing fraudulent use, statistical analysis, personalized service provision, ad performance analysis | Until the purpose is achieved, or until the period designated by relevant laws |
| Payment & Security Records | Payment authentication results, payment approval number, fraudulent transaction detection information | Payment processing, prevention of fraudulent payments, transaction stability assurance | Until the purpose is achieved, or until the period designated by relevant laws |
1-4. Retention Period of Personal Information Pursuant to Relevant Laws
In principle, the Company destroys personal information without delay once the purpose of processing is achieved. However, in the following cases, personal information will be retained for the periods specified by relevant laws.
| Basis of Retention | Retained Items | Retention Period |
| Act on Consumer Protection in Electronic Commerce | Records on contracts or withdrawal of subscription, etc. | 5 years |
| Act on Consumer Protection in Electronic Commerce | Records on payment and supply of goods, etc. | 5 years |
| Act on Consumer Protection in Electronic Commerce | Records on consumer complaints or dispute resolution | 3 years |
| Act on Consumer Protection in Electronic Commerce | Records on display/advertising | 6 months |
| Protection of Communications Secrets Act | Telecommunications confirmation data such as website visit records | 3 months |
| Framework Act on National Taxes, Corporate Tax Act, etc. | Tax invoices, receipts, transaction-related evidence documents | Period specified by the relevant tax law |
2. Processing of Personal Information of Children Under the Age of 14
-
In principle, the Company does not intend to collect personal information from or register children under the age of 14 as members. However, if it becomes necessary to process the personal information of a child under 14, the consent of their legal representative will be obtained.
-
To verify the consent of a legal representative, the Company may request the minimum necessary information from the child, such as the legal representative's name, mobile phone number, and email address, and will process the child's personal information only after verifying the legal representative's consent.
-
Legal representatives may request access, correction, deletion, suspension of processing, or withdrawal of consent regarding the child's personal information, and the Company will take necessary actions without delay in accordance with relevant laws.
3. Destruction Procedures and Methods of Personal Information
The Company destroys personal information without delay when it becomes unnecessary, such as upon the expiration of the retention period or the achievement of the processing purpose.
-
Destruction Procedure: The Company selects the personal information for which destruction grounds have occurred and destroys it under the verification of the Company's Chief Privacy Officer or designated manager.
-
Destruction Method for Electronic Files: Permanently deleted using a secure technical method that prevents recovery or regeneration.
-
Destruction Method for Paper Documents: Shredded using a shredder or incinerated.
-
Separate Storage: If personal information must continue to be preserved pursuant to other laws and regulations, the relevant personal information is moved to a separate database (DB) or stored in a different location.
4. Third-Party Provision of Personal Information
-
The Company processes the personal information of data subjects only within the scope of the processing purposes specified in Article 1. It does not provide personal information to third parties except with prior consent from the data subject or under special provisions of the law.
-
If the Company needs to provide personal information to third parties (such as business partners, advertising platforms, or event co-hosts) in the future, it will inform the data subject of the following matters and obtain separate consent:
-
The recipient of the personal information
-
The recipient's purpose of using the personal information
-
The items of personal information to be provided
-
The recipient's retention and use period of the personal information
-
The right to refuse consent and the disadvantages resulting from refusal
-
-
Currently, cases where the Company regularly provides personal information to third parties are as follows:
| Recipient | Purpose of Provision | Items Provided | Retention & Use Period |
| [Enter if applicable] | [e.g., Co-event operation, prize shipping, provision of affiliate benefits] | [Name, mobile phone number, email, etc.] | [Until purpose achievement or period notified upon consent] |
※ If there is no regular third-party provision, the table above can be deleted and replaced with: "The Company currently does not provide the data subject's personal information to third parties."
5. Consignment of Personal Information Processing
The Company may consign personal information processing tasks to external parties to ensure smooth service provision as follows. When concluding a consignment contract, the Company reflects necessary matters in the contract so that personal information can be safely managed in accordance with relevant laws, and manages/supervises whether the trustee processes personal information safely.
| Trustee (Consignee) | Consigned Work | Consigned Personal Information Items | Retention & Use Period |
| Shopify Inc. / Shopify International Ltd. / Shopify Affiliates | Online mall construction/operation, order management, customer data storage/management, payment/delivery integration, system operation | Member information, order information, delivery information, payment-related information, access and usage logs | Until membership withdrawal or termination of the consignment contract. (Or until the expiration of the period required by relevant laws) |
| Eximbay | Credit card payment, easy payment, account transfer, virtual account, payment cancellation, and refund processing | Order information, payment amount, payment method, payment approval number, refund account information (if necessary) | Until termination of the consignment contract or the legally mandated retention period |
| CJ Logistics | Product delivery, return/exchange collection | Recipient's name, recipient's mobile phone number, delivery address, tracking number | Until completion of delivery or termination of the consignment contract |
| Taeeun Logistics | Product inbound/outbound, packaging, dispatch, return/exchange inspection | Order information, delivery information, return/exchange information | Until termination of the consignment contract |
| [Insert Customer Consultation Solution Name] | Customer consultation, inquiry response, consultation history management | Name, email address, mobile phone number, order number, consultation details | Until [OO] months after consultation completion or termination of the consignment contract |
| Crema Review | Product review creation, display, and management | Member ID, nickname, order information, review content, photos/videos | Until membership withdrawal, post deletion, or termination of the consignment contract |
| Google LLC | Website usage analysis, advertising performance analysis | Cookies, device information, access and usage logs, event logs | In accordance with Google policies and the Company's set period |
| Meta Platforms, Inc. | Advertising performance analysis, personalized advertisement provision | Cookies, device information, access and usage logs, event logs | In accordance with Meta policies and the Company's set period |
※ If actual Shopify apps or external solutions are added, the trustee, consigned work, items processed, and retention period must be added accordingly.
6. Overseas Transfer of Personal Information
The Company may consign part of its personal information processing duties to overseas operators or store/process data on servers located overseas for Shopify-based online mall operations, cloud storage, email dispatch, and the use of advertising/analytics tools.
If an overseas transfer of personal information occurs, the Company will notify the legal basis for the overseas transfer, personal information items transferred, destination country, transfer date/time and method, recipient, purpose of use, retention and use period, method of refusing the transfer, and the disadvantages of refusal in accordance with relevant laws.
| Recipient | Destination Country | Transferred Items | Transfer Date/Time & Method | Purpose of Use | Retention & Use Period | Method of Refusal & Disadvantages |
| Shopify Inc. / Shopify International Ltd. / Shopify Affiliates | [Canada, USA, Ireland, Singapore, etc. - Finalized based on Shopify contract and admin screen] | Member information, order information, delivery information, payment-related information, access and usage logs | Transmitted via network upon service use | Online mall operation, order management, customer data storage/management, service provision, and security management | Until membership withdrawal or termination of consignment contract. (Or until expiration of legally required period) | You may refuse the overseas transfer by contacting the Chief Privacy Officer. However, refusal may restrict mall services such as membership registration, ordering, payment, and delivery. |
| Google LLC | [USA or other actual processing countries] | Cookies, device information, access and usage logs, event logs | Transmitted via network upon service use | Website usage analysis, advertising performance measurement | According to Google policies and the Company's set period | You can refuse through browser settings, ad settings, or by requesting the Company. However, personalized services or ad performance measurement may be limited. |
| Meta Platforms, Inc. | [USA or other actual processing countries] | Cookies, device information, access and usage logs, event logs | Transmitted via network upon service use | Advertising performance measurement, personalized advertisement provision | According to Meta policies and the Company's set period | You can refuse through browser settings, ad settings, or by requesting the Company. However, the provision of personalized ads may be limited. |
※ The contents above may vary depending on the actual contract structure, data processing country, DPA, and admin settings of Shopify and external solutions, and must be verified before final posting.
7. Measures to Ensure the Safety of Personal Information
The Company takes the following measures to secure the safety of personal information:
-
Administrative Measures: Establishment and implementation of internal management plans for personal information, minimizing personal information processing personnel, regular employee training, and management/supervision of trustees.
-
Technical Measures: Management of access rights to personal information processing systems, encryption of passwords, installation and renewal of security programs, retention of access logs, access control, and implementation of encrypted communications (SSL/TLS).
-
Physical Measures: Secure storage of documents and storage media containing personal information, access control to server/storage rooms, and documented disposal management.
8. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
The Company may use automatic personal information collection devices such as cookies, pixels, and SDKs to provide individual customized services and analyze service utilization behavior.
-
Meaning of Cookies: Cookies are small information files sent to the user's browser by the server operating the website, and may be stored on the user's device or browser.
-
Purpose of Using Cookies: Maintaining login status, providing shopping cart and recently viewed product functions, analyzing users' visits and usage patterns, improving services and identifying errors, recommending customized products, and measuring ad performance.
-
How to Refuse Cookie Settings: Users can refuse or delete cookie storage through browser settings. However, refusing cookies may restrict certain services such as login, shopping cart, and ordering.
-
Chrome: Settings > Privacy and Security > Third-party cookies
-
Safari: Settings > Privacy > Block all cookies
-
Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data
-
9. Collection, Use, and Refusal of Behavioral Information
The Company may collect and use online behavioral information capable of identifying and analyzing users' interests, preferences, and tendencies, such as website visit history, product view history, shopping cart history, and purchase conversion history.
| Collection Tool | Behavioral Information Collected | Purpose of Collection | Retention & Use Period |
| Google Analytics / Google Ads | Visited pages, time spent on site, click history, inflow path, purchase conversion history, device information | Service utilization analysis, ad performance measurement, site improvement | According to Google policies and the Company's set period |
| Meta Pixel | Visited pages, product views, shopping cart actions, purchase conversions, event logs | Ad performance measurement, personalized advertisement provision | According to Meta policies and the Company's set period |
Users may refuse the collection and use of behavioral information through browser settings, ad platform ad settings, blocking cookies, or requesting the Company. Refusal may restrict customized product recommendations, ad performance measurement, and some service quality improvement functions.
10. Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives
-
Data subjects may exercise the following privacy-related rights against the Company at any time:
-
Request to inspect personal information
-
Request correction in case of errors, etc.
-
Request deletion
-
Request suspension of processing
-
Request withdrawal of consent
-
-
Rights may be exercised against the Company via written documents, email, customer center, or the member information modification function within the Mall, and the Company will take action without delay in accordance with relevant laws.
-
If a data subject requests the correction or deletion of errors in personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
-
The exercise of rights may be performed through a legal representative or an authorized agent of the data subject. In this case, the Company may require a power of attorney in accordance with relevant laws.
-
The Company may verify whether the person making the request for inspection, correction, deletion, or suspension of processing is the data subject themselves or a legitimate representative.
11. Chief Privacy Officer and Department in Charge of Privacy Grievances
The Company designates a Chief Privacy Officer as follows to oversee personal information processing duties, handle complaints, and provide remedy for damages suffered by data subjects in connection with personal information processing.
| Classification | Details |
| Chief Privacy Officer | Jo-eun Lee |
| Position | Director |
| Contact | 070-8064-7020 |
| cs@haruhuga.com |
Personal information inquiries, complaints, and requests for damage relief may be directed to the following department:
| Classification | Details |
| Department in Charge | Privacy Grievances Department |
| Contact Person | Jo-eun Lee (Director) |
| Contact | 070-8064-7020 |
| cs@haruhuga.com |
12. Remedies for Infringement on Rights and Interests of Data Subjects
Data subjects may inquire with the following independent organizations for damage relief or consultations regarding personal information infringements:
-
Personal Information Infringement Report Center: 118 (without area code)
-
Personal Information Dispute Mediation Committee: 1833-6972
-
Supreme Prosecutors' Office: 1301 (without area code)
-
National Police Agency: 182 (without area code)
A data subject whose rights or interests have been infringed upon by an act or omission of the head of a public institution regarding requests for inspection, correction/deletion, or suspension of processing under the Personal Information Protection Act may file an administrative appeal.
13. Amendments to the Privacy Policy
-
This Privacy Policy shall apply from [May 27, 2026].
-
When changing the Privacy Policy, the Company will disclose the changes and effective date through the Mall's announcement board or the Privacy Policy page. Changes that significantly affect the rights or obligations of data subjects may be notified well in advance or communicated individually.
| Version | Effective Date | Key Changes |
| v1.0 | [2026.05.27] | Initial Enactment |
Customer Center Information
-
Address: 15, Toegye-ro, Jung-gu, Seoul, Republic of Korea
-
Customer Center: 070-8064-7020
-
Representative: Ji-hyun Lim
-
Business Registration Number: 241-87-03399
-
Mail-Order Business Report Number: [Omitted/To be filled]