Privacy Policy

2026-06-19

1. Purpose of Processing

i-Aurora co., Ltd. (the "Company") processes personal information for the following purposes and does not use it for any other purpose:

  • Membership: identity verification, maintaining membership, preventing misuse of the service
  • Provision of goods and services: purchase and payment, delivery and voucher (QR) issuance, performance of contracts
  • Customer support: handling inquiries and complaints, sending notices
  • Marketing (with consent): information on events, benefits, and new services

2. Items of Personal Information Collected

CategoryItemsMethod
Sign-up (required)Email, password (stored encrypted)Entered by user at sign-up
Purchase & paymentOrderer name, contact, payment information (processed by PG), payment historyEntered by user at checkout
Delivery (if applicable)Recipient name, shipping address, contactEntered by user at order
Automatically generatedIP address, cookies, service usage logs, device/browser informationCollected automatically during use

The Company does not collect sensitive information such as beliefs or political views. Payment details such as card numbers are processed by the payment gateway (PG); the Company receives only the payment result.

3. Retention Period

The Company processes and retains personal information within the period required by law or consented to by the data subject.

ItemPeriodBasis
Member informationUntil withdrawal of membershipService agreement
Records on contracts or withdrawal of subscription5 yearsE-Commerce Act
Records on payment and supply of goods5 yearsE-Commerce Act
Records on consumer complaints or disputes3 yearsE-Commerce Act
Access logs3 monthsProtection of Communications Secrets Act

4. Provision to Third Parties

As a rule, the Company does not provide personal information to third parties. It does so only within the minimum necessary scope where the user has consented in advance (e.g., providing information to an accommodation provider to book a hotel/accommodation package) or where required by law.

5. Outsourcing of Processing

The Company may outsource certain tasks—such as payment processing (PG), delivery, and cloud infrastructure—for smooth service provision. In doing so, the Company supervises the trustees to handle personal information safely in accordance with the Personal Information Protection Act. Specific trustees and outsourced tasks are disclosed in this policy and updated upon change.

6. Rights of the Data Subject

Data subjects may at any time request access to, correction, deletion, or suspension of processing of their personal information through My Page or the customer center. The Company takes the necessary measures without delay upon such request.

7. Destruction of Personal Information

When personal information becomes unnecessary—due to the lapse of the retention period or achievement of the purpose—the Company destroys it without delay. Electronic files are permanently deleted by irrecoverable means, and printed materials are shredded or incinerated.

8. Security Measures

  • Administrative: establishment and implementation of an internal management plan, regular staff training
  • Technical: access control for the processing system, access-control systems, password encryption, transport encryption (SSL/TLS)
  • Physical: access control to server rooms and data storage areas

9. Cookies

The Company may use cookies to provide tailored services. Users may refuse cookies through their browser settings, though some services may then be restricted.

10. Privacy Officer

The Company designates a Privacy Officer who is responsible for overseeing personal information processing and handling complaints and remedies.

  • Privacy Officer: Kim Hye-kyung
  • Contact: cs@i-aurora.co.kr / 1588-3073

11. Remedies for Infringement

Data subjects may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee (+82-1833-6972), the Personal Information Infringement Report Center (118), the Supreme Prosecutors’ Office (1301), or the National Police Agency (182).

12. Duty to Notify

This Privacy Policy is effective as of 2026-06-19. Where its contents change due to laws, policies, or security technology, the Company will announce the changes through the Mall at least 7 days before they take effect.