PRIVACY POLICY

TRISTATE PRIVACY POLICY


Tristate International SA (hereinafter "the Company") processes personal information lawfully and manages it securely in compliance with the relevant applicable data protection legislations and related laws and regulations to protect the freedom and rights of data subjects. Accordingly, we establish and disclose the following Privacy Policy to inform data subjects of the procedures and standards for the processing and protection of personal information and to ensure that related issues are handled promptly and smoothly. 

1. Purpose of Processing Personal Information and Retention Period

We process personal information for the following purposes. The personal information being processed will not be used for any purpose other than that listed below. Should the purpose change and a consent is required, we will take necessary measures, such as obtaining separate consent. 

 

(1) Process orders and ancillary services 

We use users' personal information to process their orders (i.e. collect personal information in order to allow GF Fashion to proper provide purchased goods) and all ancillary services. Without users' personal information, we cannot process orders. 

 

(2) Store Account Registration 

We process your personal information to enable you to create a store account, regardless of whether you purchase products from the store. You may also create an account when visiting our offline stores. 

 

(3) Product Inventory and Availability Notification 

Upon your explicit request, we process your personal information to provide information regarding the stock and availability of requested products in the store.  

 

(4) Providing After-Sales Service to Comply with Product Warranty Laws and Regulations 

We use your personal information to manage repair procedures for products purchased in the store, in accordance with applicable laws and the store's general terms and conditions of sale. 

 

(5) Administrative Management 

We process your personal information for accounting, administrative, and tax purposes directly related to our business activities, as required by relevant laws and regulations. 

 

(6) Providing Customer Support 

We may process your personal information to provide support when you request assistance while using products purchased from the Store. We may also process such personal information to assist you when you inquire about products not purchased from the Store or request information about our products. 

 

(7) Prevention and Control of Illegal Acts, and Protection and Exercise of Rights 

Within the scope permitted by relevant laws and regulations, we may process your personal information to prevent or control intellectual property infringement (e.g., counterfeiting of our and/or our partners' trademarks), theft (including possible credit card duplication and theft during events or promotions), or other illegal activities, and to protect and exercise our rights. 

 

(8) Newsletter Subscription 

If the user consents, by entering their email address to subscribe to the newsletter, we may provide information or promotional notices about products and services offered by the store via email or other electronic means of communication (e.g., WhatsApp). 

 

(9) Marketing Information Provision and Preference-Based Product Recommendations 

If the user consents, we may process the user's personal information to improve our approach to the user and our customer base as a whole, and to send personalized emails. This is to enhance our understanding of how customers use our services, enabling us to make more appropriate decisions regarding services, advertising, products, and content, and to provide the user with a more personalized user experience. 

 

(10) Participation in Surveys 

With the user's prior consent, we may send surveys to analyze opinions voluntarily provided by users through surveys related to customer center inquiries or purchases made in the store.  


2. Items of Personal Information Processed and Retention Period

(1) Items of Personal Information Processed Without the Data Subject's Consent 

1) Process orders and ancillary services 

  • Legal Basis: activities required by the applicable law 
  • Items Collected and Used: ID, Purchaser Information (Name, Contact Information, Email Address), Recipient Information (Name, Address, Contact Information, Email Address), Order Details, Payment Information, Invoice Number 
  • Retention Period: for the time necessary to process orders or for a different period required by the relevant applicable law.  

2) Store Account Registration 

  • Legal Basis: fulfillment of a data subject’s request 
  • Items Collected and Used: Name, Email Address, Gender, Date of Birth, telephone number 
  • Retention Period: For the duration of the account's validity. However, the account will be deactivated if 24 months have passed since the user's last login date or the last activity date within the account. 

3) Product inventory and availability information 

  • Legal Basis: fulfillment of a data subject’s request 
  • Items Collected and Used: Email Address 
  • Retention Period: Until user request processing is completed 

4) Provision of After-Sales Service for Compliance with Product Warranty Laws 

  • Legal Basis: 'Compliance with Legal Obligations' 
  • Items Collected and Used: Name, ID, Email Address, Contact Information, Purchase History 
  • Retention Period: Until the expiration of the warranty period under relevant laws and regulations 

5) Administrative Management 

  • Legal Basis: Compliance with Legal Obligations 
  • Items Collected and Used: Name, ID, Email Address, Address, Contact Information, Order History, Payment Information 
  • Retention Period: As required by relevant laws and regulations 

6) Providing Customer Center Support 

  • Legal Basis: fulfillment of customer request 
  • Items Collected and Used: Name, ID, Email Address, Address, Contact Information, Order History, Payment Information, Consultation Records, Results of Complaint or Dispute Resolution 
  • Retention Period: for the time necessary to provide customer support or for a different period required by the relevant applicable law. 

7) Prevention and Control of Illegal Acts and Protection and Exercise of Rights 

  • Legal Basis: Legitimate Interests 
  • Items Collected and Used: Name, email address, gender, date of birth, order history, payment information 
  • Retention Period: The period reasonably necessary to exercise our rights from the time we become aware of the illegal act or its potential occurrence 

 

(2) Personal Information Items Processed with the Data Subject's Consent 

1) Newsletter Subscription 

  • Legal Basis: Consent 
  • Items Collected and Used: Email address, name and surname  
  • Retention Period: 24 months from the date of collection 

2) Marketing Information Provision and Preference-Based Product Recommendations 

  • Legal Basis: Consent 
  • Items Collected and Used: Name, Email Address, Gender, Date of Birth, Access Logs, Device Information, IP Address, Website Usage History, Advertising Identifier 
  • Retention Period: 12 months from the date of collection 

3) Survey Participation 

  • Legal Basis: Consent 
  • Items Collected and Used: Name, ID, Email Address, Purchase History 
  • Retention Period: Period necessary to process opinions provided by users participating in the survey 


3. Procedures and Methods for Disposing of Personal Information

The Company promptly destroys personal information when it is no longer necessary, such as upon expiration of the retention period or achievement of the processing purpose. 

The procedures and methods for destroying personal information are as follows. 

(1) Destruction Procedure: Destroy or anonymized after internal review and approval procedures. 

(2) Destruction Method: Personal information recorded and stored in electronic file format is destroyed or anonymized in a manner that prevents its reproduction.  

4. Matters Concerning the Provision of Personal Information to Third Parties

To provide services smoothly, we provide personal information to third parties in the following cases, obtaining the data subject's consent in accordance with Article 17(1)(1) of the Personal Information Protection Act.

Recipient Purpose of Provision Items Provided Retention and Use Period
GF Fashion Co., Ltd. Providing purchased products and services, providing information related to orders and payments ID, buyer information (name, contact number, email address), recipient information (name, address, contact number, email address), order details, payment information Until the completion of product/service supply and payment/settlement
To provide after-sales service for compliance with product warranty laws and regulations Name, ID, email address, contact information, purchase history Until the expiration of the warranty period under relevant laws and regulations
Providing customer center consultations Name, ID, email address, address, contact information, order details, payment information, consultation records, complaint or dispute resolution results Until completion of consultation and user request processing
5. Outsourcing of Personal Information Processing

To ensure smooth processing of personal information, our company entrusts the following personal information processing tasks to third parties.

Entity Entrusted (Consignee) Entrusted Tasks
Adyen N.V. Processing of online payments and related transaction activities.
Salesforce Commerce Cloud
Salesforce, Inc. 		Management of the e-commerce platform, including order processing and customer account data.
Salesforce Order Management
Salesforce, Inc. 		Management and processing of customer orders, including order fulfillment and related customer data.
Salesforce Service Cloud
Salesforce, Inc. 		Customer relationship management and customer support services, including the handling of customer requests and related personal data.
Salesforce Service Cloud
Salesforce, Inc. 		Management and execution of marketing communications and campaigns, including the processing of contact data.
Zenkraft Limited Provision and management of shipping and logistics automation services, including the processing of shipment-related data.
PricewaterhouseCoopers Business Services S.r.l. Technical support, system integration, and website development and maintenance activities, which may involve access to personal data.
Skylabs Srl Technical support, system integration, and website development and maintenance activities, which may involve access to personal data.

When entering into an agreement, we specify in the contract or other documents matters concerning the prohibition of processing personal information for purposes other than performing the consigned tasks, technical and administrative protective measures, restrictions on sub-processing, liability for damages, etc.,.
Should the content of the entrusted tasks or the contractor change, we will disclose this information promptly through this Privacy Policy.

6. Cross-border Transfer of Personal Information

We transfer personal information collected from users overseas as described below. We provide the following notice regarding overseas transfers. Refusal of cross-border transfer will result in the inability to use the service. If you do not wish for cross-border transfer, you may withdraw your membership via the website

Legal Basis Item Details
Personal Information Protection Processing Entrustment / Storage Items of Personal Information to be Transferred All personal information listed in the items of personal information being processed
Country of Transfer Potentially personal data may be transfer to this country where Salesforce has offices and sub-processors: Italy, US, Canada, Argentina, Brazil, Mexico, Chile, Ireland, Austria, Belgium, Denmark, Finland, France, Germany, Netherlands, Norway, Portugal, Spain, Switzerland, Sweden, UK, Israel, UAE, Morocco, South-Africa, Australia, New Zeland, China, India, Indonesia, Japan, Singapore, Thailand.
Transfer Timing and Method Immediately upon service use / Remote transmission via dedicated network
Recipient Salesforce, Inc.
Purpose of Use Storage and management of personal information
Retention and Use Period of Personal Information Subject to the processing and retention period of personal information
Personal Information Protection Processing Entrustment / Storage Items of Personal Information to be Transferred Address, name, surname, telephone number, email address
Country of Transfer Potentially personal data may be transfer to this country where Zenkraft has offices and sub-processors: US, UK, Germany, Ireland, Ukraine, Poland.
Transfer Timing and Method Immediately upon service use
Recipient Zenkraft Limited
Purpose of Use Storage and management of personal information
Retention and Use Period of Personal Information Subject to the processing and retention period of personal information
Personal Information Protection Processing Entrustment / Storage Items of Personal Information to be Transferred Identification and contact data, payment and transaction data, and fraud prevention–related data necessary to process online payments and prevent fraudulent transactions.
Country of Transfer Potentially personal data may be transfer to this country where Adyen has offices and sub-processors: Brazil, Mexico, Australia, Canada, Japan, Singapore, UAE, India, US, UK, Netherlands, Spain, Italy, Germany, France, China, Poland, Sweden, Czech Republic, Malaysia, Belgium.
Transfer Timing and Method Immediately upon service use
Recipient Adyen N.V.
Purpose of Use To process payments, manage transactions, prevent fraud, and ensure payment security and compliance.
Retention and Use Period of Personal Information Subject to the processing and retention period of personal information
Personal Information Protection Processing Entrustment / Storage Items of Personal Information to be Transferred All personal information listed in the items of personal information being processed
Country of Transfer Italy
Transfer Timing and Method Immediately upon service use
Recipient Pricewaterhouse Coopers Business Services S.r.l.
Purpose of Use Technical support, system integration, and website development and maintenance activities
Retention and Use Period of Personal Information Subject to the processing and retention period of personal information
Personal Information Protection Processing Entrustment / Storage Items of Personal Information to be Transferred All personal information listed in the items of personal information being processed
Country of Transfer Italy
Transfer Timing and Method Immediately upon service use
Recipient Skylabs Srl
Purpose of Use Technical support, system integration, and website development and maintenance activities
Retention and Use Period of Personal Information Subject to the processing and retention period of personal information
7. Matters Concerning Measures to Ensure the Security of Personal Information

We implement the following measures to ensure the security of personal information. 

  • Administrative Measures: Establishing and implementing internal management plans, conducting regular employee training, operating dedicated organizations 
  • Technical Measures: Management of access rights to personal information processing systems, installation of access control systems and other related protective measures, internet network blocking measures, retention and inspection of access logs, installation and updating of security programs, vulnerability assessment and remediation of personal information processing systems 
  • Physical Measures: Access control for computer rooms, data storage rooms, etc.; secure storage of documents and auxiliary storage media in locked facilities; safety measures against disasters; control of auxiliary storage media removal and entry 


8. Matters concerning the installation, operation, and refusal of automated personal information collection devices

(1) Automatic Personal Information Collection Devices Installed and Operated
We use 'cookies' to store and periodically retrieve usage information in order to provide individual services and convenience to data subjects. For detailed information, please refer to our Cookie Policy.
Cookies are small pieces of information sent by the server (http) used to operate the website to the data subject's browser. They are stored in the data subject's computer or mobile device and are automatically transmitted from the data subject's browser to the server when accessing the website.
Data subjects can configure settings such as accepting or blocking cookies through their browser options.

(2) Collection, Use, Provision, and Refusal of Behavioral Information
We process behavioral information by identifying individuals using cookies to provide optimized personalized services, benefits, and online tailored advertisements to data subjects during the service usage process.

Legal Basis Items Collected Collection Method Purpose of Collection Retention and Use Period
(Consent) Access logs, device information, IP address, website usage history, advertising identifier Automatically collected when visiting or using the website Providing products and offers tailored to user preferences depending on each cookie – please see our cookie policy

We collect only the minimum behavioral information necessary for optimized personalized services and benefits, online personalized advertising, etc., and do not collect sensitive behavioral information that may infringe on an individual's rights, interests, or privacy, such as ideology, beliefs, or medical history.
Data subjects can block or allow personalized ads in bulk by changing their web browser's cookie settings. However, changing cookie settings may restrict access to certain services, such as automatic website logins.
We collect and use advertising identifiers for personalized advertising. Data subjects can block or allow personalized ads in apps by changing settings on their mobile devices.

9. Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives

Data subjects may request access, transfer, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information from us at any time (hereinafter referred to as "Exercise of Rights"). 

Exercise of Rights may be made to the Company in writing, by email, internet, etc and the Company shall take action without delay. 

Exercise of Rights may also be done through an agent, such as the data subject's legal representative or an authorized delegate. In such cases, a power of attorney. 

The data subject's right to request access to personal information and the suspension of its processing may be restricted. 

If the personal information is explicitly subject to collection under other laws or regulations, the deletion of such personal information cannot be requested. 

We will verify whether the person exercising the rights is the data subject themselves or a legitimate representative. 

The data subject may exercise their rights by writing at the address below. We will respond within 10 days (or without delay in the case of a transmission request) from the date we receive the request to exercise rights from the data subject. 

Email: privacy@eu.tristateww.com 


10. Personal Information Protection Department

Our company has designated the following Personal Information Protection Department to oversee all matters related to personal information processing, handle complaints from data subjects regarding personal information processing, and provide remedies for damages. 

Personal Information Protection Department 

Data subjects may contact the Personal Information Protection Department regarding all inquiries, complaint handling, and damage relief related to personal information protection arising from the use of our services. We will respond to and handle data subjects' inquiries without delay. 

11. Changes to the Privacy Policy

We may revise this Privacy Policy. If such changes occur, we will notify users in accordance with relevant laws and regulations and post the revised Privacy Policy on our website. The revised policy will include an effective date and version number different from those shown below. Please visit the site regularly to review the latest content. 


Version Update Date: February 9, 2026 



CONSENT TO THE PROVISION OF PERSONAL INFORMATION TO A THIRD PARTY

If you wish to purchase products from the Store, Tristate International SA provides the minimum necessary personal information to the transaction seller (GF Fashion Co., Ltd.) for the purpose of facilitating smooth communication between the seller and the user, as well as order fulfillment, delivery, and customer support, as set out below. 

1. Recipient of personal information: GF Fashion Co., Ltd. 

2. Purpose of provision and items of personal information provided 

1) Provision of purchased products and services; provision of information related to orders and payments 

  • Items provided: ID, purchaser information (name, contact number, email address), recipient information (name, address, contact number, email address), order details, payment information, invoice number 
  • Retention period: Until completion of the supply of products and services and completion of payment and settlement; provided, however, that where any of the following circumstances apply, until the end of the relevant period 

2) Provision of after-sales services to comply with product warranty–related laws and regulations 

  • Items provided: Name, ID, email address, contact information, purchase history 
  • Retention period: Until the expiration of the warranty period prescribed under applicable laws and regulations 

You have the right to refuse consent to the provision of the above personal information; however, if you refuse to provide consent, you will not be able to purchase products from the Store. 



GF FASHION PRIVACY POLICY

GF Fashion Co., Ltd. (hereinafter referred to as "the Company") processes personal information lawfully and manages it securely in compliance with the Personal Information Protection Act and related laws and regulations to protect the freedom and rights of data subjects. Accordingly, pursuant to Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following Privacy Policy to inform data subjects of the procedures and standards for processing and protecting personal information and to ensure prompt and smooth resolution of related issues. 

1. Purpose of Processing Personal Information and Retention Period

We process personal information for the following purposes. The personal information being processed will not be used for any purpose other than that listed below. Should the purpose of use change, we will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act. 

 

(1) Providing purchased products and services, and order and payment-related information on  

We use your personal information to process your orders, confirm purchases, manage delivery of purchased products, and handle all related services. Without your personal information, we cannot manage or process your orders.  

 

(2) Providing after-sales service to comply with laws and regulations related to product warranties 

We use your personal information to manage the return and/or repair procedures for products purchased from the store in accordance with applicable laws and the store's general terms and conditions of sale. 

 

(3) Administrative Management 

We process your personal information for accounting, administrative, and tax purposes directly related to our business activities, as required by relevant laws and regulations. 

 

(4) Providing Customer Center Support 

We may process your personal information to provide support when you request assistance while using products purchased from our store. We may also process such personal information to assist you when you inquire about products not purchased from our store or request information about our products. 

 

(5) Prevention and Control of Illegal Acts and Protection and Exercise of Rights 

We may process your personal information within the scope permitted by relevant laws and regulations to prevent or control intellectual property infringement (e.g., counterfeiting of our and/or our partners' trademarks), theft (including possible credit card cloning and theft that may occur during events or activities), or other illegal acts, and to protect and exercise our rights.  

2. Items of Personal Information Processed and Retention Period

1) Provision of purchased goods and services, and information related to orders and payments 

  • Legal Basis: Article 15(1)(4) of the 「Personal Information Protection Act」 ('Conclusion and Performance of a Contract') 
  • Items Collected and Used: ID, Purchaser Information (Name, Contact Information, Email Address), Recipient Information (Name, Address, Contact Information, Email Address), Order Details, Payment Information, Invoice Number 
  • Retention Period: Until completion of product/service supply and payment/settlement. However, for the following reasons, until the end of the relevant period: 
  • Records related to contracts or subscription cancellations: 5 years (Article 6, Paragraph 1, Item 2 of the Enforcement Decree of the Consumer Protection Act in Electronic Commerce, etc.) 
  • Records related to payment and supply of goods: 5 years (Article 6, Paragraph 1, Item 3 of the Enforcement Decree of the Consumer Protection Act in Electronic Commerce, etc.) 
  • Records concerning consumer complaints or dispute resolution: 3 years (Article 6, Paragraph 1, Item 4 of the Enforcement Decree of the Consumer Protection Act in Electronic Commerce, etc.) 
  • Records related to labeling and advertising: 6 months (Article 6, Paragraph 1, Item 1 of the Enforcement Decree of the Consumer Protection Act in Electronic Commerce, etc.) 

2) Provision of after-sales service to comply with laws and regulations related to product warranties 

  • Legal basis: Article 15(1)(4) of the Personal Information Protection Act ('Conclusion and performance of a contract') 
  • Items Collected and Used: Name, ID, Email Address, Contact Information, Purchase History 
  • Retention Period: Until the expiration of the warranty period under relevant laws and regulations 

3) Administrative Management 

  • Legal Basis: Article 15(1)(2) of the Personal Information Protection Act ('Compliance with Legal Obligations') 
  • Items Collected and Used: Name, ID, Email Address, Address, Contact Information, Order History, Payment Information 
  • Retention Period: As stipulated by the following statutes and other relevant laws 
  • Books and supporting documents for all transactions as stipulated in each tax law: 5 years after the statutory reporting deadline (Article 85-3(2) of the Framework Act on National Taxes) 
  • Books of account prepared using the double-entry bookkeeping system and related important supporting documents, expenditure supporting documents: 5 years after the statutory filing deadline (Article 112, Article 116(1) of the 「Corporation Tax Act」) 
  • Accounting books, tax invoices, import tax invoices, receipts: 5 years after the statutory reporting deadline (Value-Added Tax Act, Article 71, Paragraph 3) 

4) Providing customer service consultations 

  • Legal Basis: Article 15(1)(4) of the Personal Information Protection Act (Conclusion of Contract/Performance') 
  • Items Collected and Used: Name, ID, Email Address, Address, Contact Information, Order Details, Payment Information, Consultation Records, Complaint or Dispute Resolution Results 
  • Retention Period: 3 years (Article 6(1)(4) of the Enforcement Decree of the Consumer Protection Act in Electronic Commerce, etc.) 

5) Prevention and control of illegal acts, and protection and exercise of rights 

  • Legal Basis: Article 15(1)(6) of the Personal Information Protection Act ('Legitimate Interests') 
  • Items Collected and Used: Name, email address, gender, date of birth, order history, payment information 
  • Retention Period: The period reasonably necessary to exercise our rights from the time we become aware of the illegal act or its potential occurrence 
3. Procedures and Methods for Destruction of Personal Information

We promptly destroy personal information when it is no longer necessary, such as upon expiration of the retention period or achievement of the processing purpose. 

If personal information must be retained under other laws or regulations even after the retention period agreed upon with the data subject has expired or the processing purpose has been achieved, we will store such personal information in a separate database (DB) or at a different storage location. 

The procedures and methods for destroying personal information are as follows. 

(1) Destruction Procedure: Destroy after internal review and approval procedures in accordance with our internal policies and relevant laws and regulations. 

(2) Destruction Method: Personal information recorded and stored in electronic file format is destroyed in a manner that prevents its reproduction. Personal information recorded and stored on paper documents is destroyed by shredding or incineration. 

4. Outsourcing of Personal Information Processing

To ensure smooth processing of personal information, we entrust the following personal information processing tasks to third parties.

Entity Entrusted (Consignee) Entrusted Tasks
CJ Korea Express Co., Ltd. Product delivery

When entering into a consignment agreement, we specify in the contract or other documents matters concerning the prohibition of processing personal information beyond the purpose of performing the consigned work, technical and administrative protective measures, restrictions on re-consignment, management and supervision of the consignee, liability for damages, etc., in accordance with Article 26 of the Personal Information Protection Act. We supervise whether the consignee processes personal information safely.
Pursuant to Article 26(6) of the Personal Information Protection Act, we obtain our consent when a consignee re-consigns our personal information processing tasks. We disclose the details of the re-consignee and the re-consigned tasks through this Privacy Policy.
Should the content of the entrusted tasks or the entrusted party change, we will disclose this information promptly through this Privacy Policy.

5. Matters Concerning Security Measures for Personal Information

We take the following measures to ensure the security of personal information. 

  • Administrative Measures: Establishing and implementing internal management plans, conducting regular employee training, operating dedicated organizations 
  • Technical Measures: Management of access rights to personal information processing systems, installation of access control systems and other related protective measures, internet network blocking measures, encryption of personal information, retention and inspection of access logs, installation and updating of security programs, vulnerability assessment and remediation of personal information processing systems 
  • Physical Measures: Access control for computer rooms and data storage rooms, secure storage of documents and auxiliary storage media in locked facilities, safety measures against disasters, control of auxiliary storage media removal and entry 
6. Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives

Data subjects may request access, transmission, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information from the Company at any time (hereinafter referred to as "Exercise of Rights"). 

Exercise of Rights may be made to the Company in writing, by telephone, email, fax, internet, etc., in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company shall take action without delay. 

Exercise of Rights may also be done through an agent, such as the data subject's legal representative or a person authorized by the data subject. In such cases, a power of attorney in the format specified in [Appendix 11] of the "Notice on Personal Information Processing Methods" must be submitted. 

The data subject's right to request access to personal information and the suspension of processing may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act. 

If the personal information is explicitly subject to collection under other laws or regulations, deletion of such personal information cannot be requested. 

We will verify whether the person exercising the rights is the data subject themselves or a legitimate representative. 

The data subject may exercise their rights with the department below. We will respond within 10 days (or without delay in the case of a transmission request) from the date we receive the request to exercise rights from the data subject. 

  • Department Name: CP Business Division 
  • Address: 2F, 18-2, Dosan-daero 45-gil, Gangnam-gu, Seoul, 06021 (Sinsa-dong) 
  • Phone: +82 02-1833-8634 
  • Email: cpcompany@fgf.co.kr 
7. Personal Information Protection Officer

Our company has designated a Personal Information Protection Officer as follows to oversee all matters related to personal information processing and to handle complaints and provide remedies for damages related to personal information processing. 

(1) Personal Information Protection Officer 

  • Name: Kang Chun-Bae 
  • Position: General Manager, IT Team 
  • Contact: cbkang@fgf.co.kr / 02-3381-3563 

(2) Personal Information Protection Department 

  • Department Name: CP Business Division 
  • Address: 2F, 18-2, Dosan-daero 45-gil, Gangnam-gu, Seoul, 06021 (Sinsa-dong) 
  • Phone: +82 02-1833-8634 
  • Email: cpcompany@fgf.co.kr 

Data subjects may contact the Personal Information Protection Officer and the Personal Information Protection Department regarding all inquiries, complaint handling, and damage relief related to personal information protection arising from the use of our services. We will respond to and handle data subjects' inquiries without delay. 

8. Changes to the Privacy Policy

We may revise this Privacy Policy. In such changes occur, we will notify users in accordance with relevant laws and regulations and post the revised Privacy Policy on our website. The revised policy will include an effective date and version number different from those indicated below. Please visit the site regularly to review the latest content. 


Version Update Date: February 9, 2026