Privacy Policy
2026-06-19
1. Purpose of Processing
i-Aurora co., Ltd. (the "Company") processes personal information for the following purposes and does not use it for any other purpose:
- Membership: identity verification, maintaining membership, preventing misuse of the service
- Provision of goods and services: purchase and payment, delivery and voucher (QR) issuance, performance of contracts
- Customer support: handling inquiries and complaints, sending notices
- Marketing (with consent): information on events, benefits, and new services
2. Items of Personal Information Collected
| Category | Items | Method |
|---|---|---|
| Sign-up (required) | Email, password (stored encrypted) | Entered by user at sign-up |
| Purchase & payment | Orderer name, contact, payment information (processed by PG), payment history | Entered by user at checkout |
| Delivery (if applicable) | Recipient name, shipping address, contact | Entered by user at order |
| Automatically generated | IP address, cookies, service usage logs, device/browser information | Collected automatically during use |
The Company does not collect sensitive information such as beliefs or political views. Payment details such as card numbers are processed by the payment gateway (PG); the Company receives only the payment result.
3. Retention Period
The Company processes and retains personal information within the period required by law or consented to by the data subject.
| Item | Period | Basis |
|---|---|---|
| Member information | Until withdrawal of membership | Service agreement |
| Records on contracts or withdrawal of subscription | 5 years | E-Commerce Act |
| Records on payment and supply of goods | 5 years | E-Commerce Act |
| Records on consumer complaints or disputes | 3 years | E-Commerce Act |
| Access logs | 3 months | Protection of Communications Secrets Act |
4. Provision to Third Parties
As a rule, the Company does not provide personal information to third parties. It does so only within the minimum necessary scope where the user has consented in advance (e.g., providing information to an accommodation provider to book a hotel/accommodation package) or where required by law.
5. Outsourcing of Processing
The Company may outsource certain tasks—such as payment processing (PG), delivery, and cloud infrastructure—for smooth service provision. In doing so, the Company supervises the trustees to handle personal information safely in accordance with the Personal Information Protection Act. Specific trustees and outsourced tasks are disclosed in this policy and updated upon change.
6. Rights of the Data Subject
Data subjects may at any time request access to, correction, deletion, or suspension of processing of their personal information through My Page or the customer center. The Company takes the necessary measures without delay upon such request.
7. Destruction of Personal Information
When personal information becomes unnecessary—due to the lapse of the retention period or achievement of the purpose—the Company destroys it without delay. Electronic files are permanently deleted by irrecoverable means, and printed materials are shredded or incinerated.
8. Security Measures
- Administrative: establishment and implementation of an internal management plan, regular staff training
- Technical: access control for the processing system, access-control systems, password encryption, transport encryption (SSL/TLS)
- Physical: access control to server rooms and data storage areas
9. Cookies
The Company may use cookies to provide tailored services. Users may refuse cookies through their browser settings, though some services may then be restricted.
10. Privacy Officer
The Company designates a Privacy Officer who is responsible for overseeing personal information processing and handling complaints and remedies.
- Privacy Officer: Kim Hye-kyung
- Contact: cs@i-aurora.co.kr / 1588-3073
11. Remedies for Infringement
Data subjects may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee (+82-1833-6972), the Personal Information Infringement Report Center (118), the Supreme Prosecutors’ Office (1301), or the National Police Agency (182).
12. Duty to Notify
This Privacy Policy is effective as of 2026-06-19. Where its contents change due to laws, policies, or security technology, the Company will announce the changes through the Mall at least 7 days before they take effect.
