Privacy Policy
<United Borders Inc.> (hereinafter “Hanpoom,” ‘www.hanpoom.com’) establishes the following privacy policy in accordance with the Personal Information Protection Act to safeguard users’ personal data and rights, and to ensure prompt handling of any related complaints.
Hanpoom will notify users of any amendments to this privacy policy through website announcements or individual notices.
○ This policy is effective from December 2, 2022.
Article 1: Purpose of Processing Personal Information
Hanpoom processes personal information for the following purposes. The collected data will not be used for any other purposes, and prior consent will be obtained if the processing purpose changes.
1. Membership Registration and Management
Hanpoom processes personal information to confirm membership intent, authenticate users for membership services, maintain membership status, perform identity verification under the limited identity verification system, prevent unauthorized service use, issue notices, handle complaints, and preserve records for dispute resolution.
2. Provision of Goods or Services
Hanpoom processes personal information for product shipping, service delivery, invoice issuance, content distribution, personalized service provision, identity verification, age verification, and payment processing.
3. Use for Marketing and Advertising
Hanpoom processes personal information for the development of new services/products, delivery of tailored services, distribution of event and promotional information, provision of participation opportunities, targeted advertising based on demographic characteristics, service effectiveness evaluation, access frequency analysis, and compilation of usage statistics.
Article 2: Personal Information File Status
1. File Name: Hanpoom Privacy Policy
2. Personal Information Items: Email, mobile phone number, home address, landline number, password, login ID, gender, date of birth, name, credit card information, bank account information, service usage history, access logs, cookies, IP address information, payment records
3. Collection Methods: Website, written forms, phone/fax, promotional events, delivery requests, partner-provided data, automated data collection tools
4. Legal Basis: For service improvement and customer satisfaction
5. Retention Period: Until 30 days after membership withdrawal
(Note: Personal information may be retained for a certain period as required by relevant laws—such as the Act on Consumer Protection in Electronic Commerce—to verify transactional records.)
- Non-member Information: Until the business purpose is fulfilled
6. Applicable Laws:
1) Records on the collection, processing, and use of credit information: 3 years
2) Records on consumer complaints or dispute resolution: 3 years
3) Records on payment and delivery of goods: 5 years
4) Records on contracts or subscription withdrawals: 5 years
5) Records on advertising and display: 6 months
Article 3: Retention and Use Period of Personal Information
Hanpoom processes and retains personal information within the retention and use period required by law or within the period agreed upon at the time of collection with the data subject’s consent.
The specific retention and use periods for each category of personal information are as follows.
1. <Website Membership Registration and Management>
Personal information related to <Website Membership Registration and Management> is retained and used from the date of consent for collection and use until <30 days after membership withdrawal> for the stated purposes.
a. Legal Basis: For service improvement and customer satisfaction
b. Member information collected and used under the following laws:
1) Records on the collection, processing, and use of credit information: 3 years
2) Records on consumer complaints or dispute resolution: 3 years
3) Records on payment and supply of goods: 5 years
4) Records on contracts or subscription cancellations: 5 years
5) Records on advertising and display: 6 months
Article 4: Provision of Personal Information to Third Parties
Hanpoom provides personal information to third parties only with the user’s consent or as permitted under Articles 17 and 18 of the Personal Information Protection Act.
Hanpoom currently shares personal information with third parties as follows:
Recipient | Items Provided | Retention & Usage Period |
United Borders Inc. | Email, mobile phone number, home address, landline number, password, login ID, gender, date of birth, name, national ID number, credit card information, bank account details, service usage history, access logs, cookies, IP address, payment records | Until withdrawal of consent under the Hanpoom Terms of Service or 30 days after membership termination |
Article 5: Outsourcing of Personal Information Processing
1. To ensure efficient handling of personal data, Hanpoom outsources the following processing tasks:
Service Provider (Delegate) | Delegated Services | Delegation Period |
Shopify Payment | Payment processing services | Until membership withdrawal or termination of the outsourcing agreement or service (processing is outsourced only when the user uses the relevant service) |
Amazon Pay | ||
PayPal | ||
Apple Pay | ||
Meta Pay | ||
Google Pay | ||
DHL | Product and promotional item delivery, customs clearance processing | |
UPS | ||
FedEx | ||
HL International Co., Ltd. | ‘Super Fresh’ product ordering and international shipping services | |
Amazon Web Services (AWS Korea) | Provision of cloud IT infrastructure services | |
Meta (Facebook) | Provision of personalized services, distribution of event and promotional information, and participation opportunities | |
Klaviyo | Critical notification and promotional email delivery services | |
Channel Corporation Co., Ltd. | Infrastructure for customer support | |
Kakao Corp. |
2. The status of transferring personal information to overseas vendors for service provision is as follows.
Recipient (Data Controller Contact) | Personal Information Transferred | Transfer Purpose | Transfer Method | Destination Country | Retention & Usage Period |
UNITED BORDERS INC | Email, mobile phone number, home address, home phone number, password, login ID, gender, date of birth, name, national ID number, credit card details, bank account information, service usage records, access logs, cookies, IP address, and payment history | Service provision, customer verification, and customs clearance processing | Transferred via network at the time of purchase | United States, South Korea, Australia, New Zealand, Hong Kong, Singapore, and Taiwan | Destroyed once the purpose of providing goods or services is fulfilled |
3. When entering into an outsourcing agreement, Hanpoom specifies in contracts and other documents—pursuant to Article 25 of the Personal Information Protection Act—that personal information may only be processed for delegated tasks. These documents also outline technical and administrative safeguards, restrictions on re-delegation, oversight of service providers, and liability for damages. Hanpoom further monitors its service providers to ensure personal information is handled securely.
4. If the scope of outsourced tasks or the identity of a service provider changes, Hanpoom will promptly update this Privacy Policy and notify users accordingly.
Article 6: Rights and Duties of Data Subjects and Their Legal Representatives and How to Exercise Them
1. Data subjects may at any time exercise their rights to access, correct, delete, or suspend the processing of their personal information.
2. To exercise the rights in paragraph 1, data subjects may submit a written request, an email, or a fax in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and Hanpoom will respond without delay.
3. To exercise the rights under paragraph 1, the data subject may do so through a legal representative or an authorized agent. In this case, a power of attorney must be submitted using the form prescribed in Attachment 11 of the Enforcement Rules of the Personal Information Protection Act.
4. The right to request access or suspension of personal information processing may be restricted under Article 35 (5) and Article 37 (2) of the Personal Information Protection Act.
5. Requests for correction or deletion of personal information cannot be fulfilled if other laws require that information to be retained.
6. When a request for access, correction, deletion, or suspension is made, Hanpoom will verify that the requester is either the data subject or a duly authorized representative.
Article 7: Categories of Personal Information Processed
Hanpoom processes the following categories of personal information:
1. <Use for Marketing and Advertising>
a. Required items: email, mobile phone number, gender, date of birth, name, hobbies, service usage history, access logs, cookies, IP address information, payment records
b. Optional items: email, mobile phone number, home address, login ID, hobbies, service usage history, access logs, cookies, IP address information, payment records
2. <Website Membership Registration and Management>
a. Required items: email, mobile phone number, home address, landline number, password hint and answer, password, login ID, gender, date of birth, name, hobbies, physical characteristics, credit card information, bank account information, service usage history, access logs, cookies, IP address information, payment records
b. Optional items: email, mobile phone number, home address, landline number, password hint and answer, password, login ID, gender, date of birth, name, hobbies, physical characteristics, credit card information, bank account information, service usage history, access logs, cookies, IP address information, payment records
Article 8: Destruction of Personal Information
In principle, Hanpoom will promptly destroy personal information once the purpose of processing has been fulfilled. The procedures, deadlines, and methods for destruction are as follows.
1. Destruction Procedure
User-provided information is transferred to a separate database (or to separate documents for paper records) and stored according to internal policies and applicable laws for a specified period, after which it is immediately destroyed. Any personal information transferred to the database will not be used for other purposes unless required by law.
2. Destruction Period
If the retention period has expired, personal information will be destroyed within five days of the end of the retention period. If the processing purpose has been achieved, the service is discontinued, or the business is terminated—rendering the personal information unnecessary—it will be destroyed within five days of that determination.
3. Destruction Method
Electronic files are destroyed using technical methods that render recovery impossible.
Printed documents containing personal information are shredded or incinerated.
Article 9: Installation, Operation, and Opt-Out of Automated Data Collection Devices
1. Hanpoom uses cookies—small data files that store usage information and are retrieved as needed—to provide personalized services.
2. A cookie is a small piece of information sent by the web server (HTTP) to the user’s browser and may be stored on the user’s local hard drive.
a. Purpose of cookies: Cookies help Hanpoom understand site and service visit patterns, popular search terms, secure connection status, and other usage behavior to deliver optimized content to users.
b. Installation, operation, and refusal of cookies: Users can disable cookie storage via their browser’s Tools > Internet Options > Privacy settings.
c. Disabling cookies may limit access to personalized services.
Article 10: Data Protection Officer
1. Hanpoom oversees all personal data processing and has appointed the following Data Protection Officer to handle data subject complaints and rights requests:
Data Protection Officer | Data Protection Department |
Name: Jihoon Park Contact: 02-6267-2249 Email: privacy@hanpoom.com | Department: Operations Contact: 02-6267-2249 Email: privacy@hanpoom.com |
2. Data subjects may direct any inquiries regarding personal data protection, complaint handling, or compensation claims arising from their use of Hanpoom’s services or business to the Data Protection Officer or the responsible department. Hanpoom will respond and address such inquiries without delay.
Article 11: Amendments to the Privacy Policy
1. This Privacy Policy is effective from the date of implementation. Any additions, deletions, or modifications required by law or policy will be announced via website notice at least seven days before they take effect.
Article 12: Security Measures for Personal Information
Hanpoom implements the following technical, administrative, and physical measures in accordance with Article 29 of the Personal Information Protection Act to ensure the security of personal data:
1. Regular Internal Audits
To safeguard personal data, Hanpoom conducts internal security audits on a quarterly basis.
2. Minimization and Training of Personnel Handling Personal Information
Hanpoom designates specific employees to handle personal data and limits their number, ensuring secure management through targeted training.
3. Establishment and Implementation of an Internal Management Plan
Hanpoom develops and enforces an internal management plan to guarantee the safe processing of personal information.
4. Technical Measures Against Hacking and Malware
Hanpoom installs security programs, conducts regular updates and inspections, and locates systems in controlled areas to prevent personal data breaches or damage from hacking or computer viruses through both technical and physical controls.
5. Encryption of Personal Information
User passwords and other sensitive data are encrypted and securely stored so that only the user can access them. Critical data is additionally protected using features such as file encryption or file-lock mechanisms.
6. Storage and Tamper-Proofing of Access Records
Access logs for the personal data processing system are retained and managed for at least six months, with security measures in place to prevent unauthorized alteration, theft, or loss.
7. Access Restriction to Personal Information
Hanpoom controls access to the database systems that process personal data by granting, modifying, or revoking user permissions as needed. An intrusion prevention system is also used to block unauthorized external access.
8. Use of Locked Storage for Document Security
Paper documents and backup storage media containing personal information are kept in secure, locked facilities.
9. Physical Access Control for Unauthorized Persons
Physical storage locations for personal information are separated and managed under strict access control procedures.
Article 13: Personal Information Access Requests
1. Data subjects may submit requests to access their personal information under Article 35 of the Personal Information Protection Act to the department below. Hanpoom will make every effort to process access requests promptly.
▶ Department Handling Access Requests
Data Protection Department |
Department: Operations Contact: 02-6267-2249 Email: privacy@hanpoom.com |
2. Data subjects may also submit access requests via the Ministry of the Interior and Safety’s “Personal Information Protection Comprehensive Support Portal” at www.privacy.go.kr.
▶ Ministry of the Interior and Safety Personal Information Protection Comprehensive Support Portal → Personal Information Civil Complaints → Request for Access (I-PIN required for identity verification)
Article 14: Remedies for Rights Violations
The following independent agencies are separate from United Borders Inc. (hereinafter “Hanpoom,” “www.hanpoom.com”). If you are unsatisfied with Hanpoom’s internal complaint handling or require further assistance, please contact one of these organizations:
▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
– Responsibilities: reporting personal data breaches, consultation services
– Website: privacy.kisa.or.kr
– Phone: 118 (no area code required)
– Address: 3rd Floor, Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do, 58324
▶ Personal Information Dispute Mediation Committee
– Responsibilities: dispute mediation requests, collective dispute mediation (civil resolution)
– Website: www.kopico.go.kr
– Phone: 1833-6972 (no area code required)
– Address: 4th Floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul, 03171
▶ Supreme Prosecutors’ Office Cybercrime Investigation Division: 02-3480-3573 (www.spo.go.kr)
▶ National Police Agency Cyber Bureau: 182 (http://cyberbureau.police.go.kr)
Article 15: Installation and Operation of Video Information Processing Devices
Hanpoom installs and operates video information processing devices as described below.
1. Legal Basis & Purpose of Installation: To manage Hanpoom’s information security
2. Number of Devices, Installation Location, and Recording Range
– Number of devices: 1
– Installation location: Office
– Recording range: Near the server
3. Responsible Officers, Departments, and Authorized Accessors of Video Information: Yohan Lee, Jihoon Park, Jihoon Park
4. Recording Hours, Retention Period, Storage Location, and Processing Method
– Recording hours: 24/7
– Retention period: 1 year from the date of recording
– Storage location & processing method: Cloud server
5. How and Where to Review Video Information: Accessible on the cloud
6. Data Subject Requests for Video Information Review: Requests must be submitted using the “Personal Video Information Access & Existence Verification” form. Access is permitted only when the data subject appears in the footage or if it is clearly necessary to protect the subject’s life, physical safety, or property.
7. Technical, Administrative, and Physical Measures for Protecting Video Information
Article 16: Personalized Advertising
1. To provide online personalized advertising and deliver optimized services and benefits, the company collects and uses behavioral information—such as users’ website and app visit history, search history, and purchase history—as follows:
Behavioral Information Collected | User’s website and app visit history, search history, purchase history, other online activity data, advertising identifiers |
Method of Collection | Automatically collected when the user visits the website or app |
Purpose of Collection | To deliver interest-based personalized advertising |
Retention and Subsequent Processing | Stored for 2 years from the date of collection, then deleted |
How Users Can Exercise Control Rights | – Via web browser settings: 1) Internet Explorer: Tools → Internet Options → Privacy → Advanced → Allow/Block 2) Chrome: Settings → Privacy and Security → Cookies and Other Site Data → Cookie settings 3) Edge: Settings → Cookies and Site Permissions → Cookies and Site Data → Cookie settings |
User Remedies | Contact: Operations Department, 02-6267-2249, privacy@hanpoom.com |
※ Google Analytics is used to collect and process behavioral information.
2. The company allows the following personalized advertising providers to collect behavioral information:
- Recipients of behavioral information: Facebook, Google, Kakao, Naver
- Types of behavioral information provided: website/app visit history, search history, purchase history, and other online activity data
- Purpose of use: to provide personalized advertising based on user interests
Become an Affiliate