Innisfree global site privacy policy

Innisfree Corporation (hereinafter referred to as the "Company") values the personal information of users (hereinafter referred to as "users") of the Innisfree global shopping mall service (hereinafter referred to as the "service") provided by the Company, and endeavors to do all it can to protect the personal information of users.

The Company complies with the laws and regulations governing the protection of personal information, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection. Furthermore, the Company acts to protect users' personal information by establishing its own privacy policy and complying with it. In addition, the Company makes sure that users can easily view its privacy policy at all times by always disclosing it on the first screen of the Company's homepage. The Company's privacy policy may be changed by amendments to applicable laws and regulations or due to changes in its internal operating policies. If the Company's privacy policy is modified in any way, the changes will be notified on its homepage. The Company's privacy policy contains the following information:

  • 01 Consent to the collection of personal information and the method of collection
  • 02 Personal information items collected and purposes of collection and use
  • 03 Provision of personal information
  • 04 Consignment of personal information processing
  • 05 Personal information retention and use period, and procedure for and method of destroying personal information
  • 06 Department processing personal information protection and related complaints
  • 07 Using the automatic personal information collection system to collect personal information
  • 08 Viewing and correcting personal information, etc.
  • 09 Withdrawal of consent to the collection, use and provision of personal information
  • 10 Administrative, technical and physical measures for protection of personal information
  • 11 The rights of users and legal representatives and the method of exercising such rights
  • 12 Obligation to notify changes to the protection policy
  • 13 Governing laws

Article 1 (Consent to collection of personal information and collection method)

  • "Member" refers to a user who became a member by providing personal information to the Company for member registration.
  • "Non-member" refers to a person who uses the service provided by the Company without becoming a member of the Company's site.
  • Users may consent to collection of the user's personal information according to the Company's privacy policy by indicating whether to consent to it online or offline. If users place a mark next to 'Consent," they will be deemed to have consented to the collection of personal information.

Article 2 (Personal information items collected and purpose of collection and use)

  • The Company collects the minimum personal information necessary for the provision of the service when users become members. However, to provide high-quality customized service for users, the Company optionally collects additional personal information from users.
  • The Company will not collect sensitive personal information that may infringe basic human rights, such as information pertaining to ideology, creed, labor union membership, political views, health, sex life, medical history, religion, ethnicity and criminal records, without the explicit consent of users.
  • The personal information items that the Company collects during membership registration and the purpose of collecting and using such information are as follows:
    Classification Items collected Purpose of collection and use Use and retention period
    Mandatory Name, ID, password (P/W) Identification for service use, prevention of bad members' illegal use Until membership is cancelled See Article 5.
    Address, cell phone number, e-mail address, and whether to receive e-mail Shipping goods, securing communication channels for the delivery of notices/checking members' intention/handling complaints
    Provision of information on new services/new products/other events and shipping prizes if members consent
    Transactional information Managing shipping and membership data when users use services and purchase products
    Optional Birthdate, gender Customized services, such as the provision of beauty solutions by skin type (birthday events and events customized for gender)
    Location information Holding mobile site events customized for the weather
  • If users purchase goods or services from the Company, they must enter the following additional information for the payment and delivery of goods.
    • * By payment method
      - In the case of card payment: the minimum information necessary for payment, such as the type of card, the card number and its expiration date
    • * The contact information of senders and receivers necessary for shipping goods, such as names, addresses and phone numbers
  • The Company collects personal information in the following cases in addition to the personal information required for membership signup, and clarifies the purpose of collecting personal information and receives users' consent.
    • * In the case of customer counseling: preparing customer cards to keep records for customer counseling and dispute mediation
    • * In the case of surveys or giveaways: selectively entering personal information for statistical analysis or giveaways
    • * In the case of selecting prosumers for monitoring: filling out application forms for monitoring and prosumer activities
  • The Company collects and uses users' personal information to provide an optimal service for users as marketing data for user identification, shipping prizes and statistical analysis. Without the prior consent of the user or unless stipulated by law, the Company does not use personal information for purposes other than as specified to users in advance, or disclose it to a third party.
    Users may refuse to consent to the collection and use of personal information. However, if users refuse to consent to the collection and use of mandatory information, they cannot sign up for membership, and if they refuse to consent to the collection and use of optional information by not entering such information, membership signup is possible, but they may be restricted in the use of services and the benefits they can receive based on the optional information.

Article 3 (Provision of personal information)

  • The Company may not use users' personal information or provide it to a third party beyond the scope mentioned in Article 2 unless users have given their prior consent to it or related laws stipulate it.
  • In the following cases, however, users' personal information may be provided without users' consent.
    • * If such information is necessary to charge the fees for the services provided
    • * If personal information is processed in such a way that personal identification is impossible and provided to research organizations, survey firms and research institutes for the purpose of statistical analysis, academic research or market research
    • * If there are special regulations, such as the Personal Information Protection Act, the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., the Act on Real Name Financial Transactions and Confidentiality, the Use and Protection of Credit Information Act, the Framework Act on Telecommunications, Telecommunications Business Act, the Local Tax Act, and the Consumer Protection Act, Criminal Procedure Act.
  • Users may refuse to consent to the provision of personal information to a third party, and if they refuse to consent, they may be restricted in the use of services requiring the provision of personal information to a third party.
  • When the Company provides personal information to a foreign third party, it must notify this fact to users and receive their prior consent for it.

Article 4 (Consignment of personal information processing)

  • The Company may consign the management of users' personal information to external agencies for the purposes of service improvement and efficient data processing.
  • When consigning the processing of personal information, the Company will enter into a consignment contract and manage and supervise the protection of users' personal information to ensure that the service provider will comply with the instructions related to the protection of personal information, keep personal information confidential, and not provide personal information to a third party without users' consent.
  • The personal information consignees and the details of consignment are as shown below:
    Consignee Details
    AMOREPACIFIC Corporation Member recruitment and membership information management, execution and notification of various events and promotion, and delivery of products and free gifts
    IBM Korea Computational processing and management of personal data and sending emails
    DIGITALWORKS Operation of web systems and data management / Production of product and promotion designs
    Eximbay Payment gateway service
    ADOBE web log analytics
    ECO MARKETING Online marketing agency via social channel (facebook & google search engine)
    Smart Logistics Store, packing and delivery service
    Korea Post (K-packet, EMS)
    Pantos, DHL
    Overseas delivery service
    HANKOOK Corporation Customer claim handling and counseling service

Article 5 (Personal information retention and use period, and procedure for and method of destroying personal information)

  • The Company will retain users' personal information while they use the services provided by the Company, and use it for the provision of services, etc. Only the personal information manager and the Chief Privacy Officer or those who are designated by them can print users' digitally registered personal information as documents.
  • The Company must act immediately to fulfill user requests in the event that users request their own personal information be deleted or that their membership be cancelled, and make sure that the deleted information will be completely deleted from the disk in such a way that the records cannot be recovered, reproduced, viewed or used later.
  • In the event that the purpose of collecting or using personal information is nullified as shown below, the Company must delete all such information from the disk according to the Company's internal destruction procedure, and if personal information is printed, the Company must immediately destroy users' personal information by using a shredder.
    • * Membership signup information: when users withdrew their membership or they were expelled from membership
    • * Payment information: when payment is completed or the extinctive prescription of accounts payable expires
    • * Shipping information: when goods or services are delivered or provided
    • * Personal information collected for surveys and events: when such surveys and events end
  • Even after the purpose of collection and use is accomplished, if it is necessary to retain personal information according to the legal requirements stipulated in the Act on the Consumer Protection in the Electronic Commerce Transactions, Etc., the Personal Information Protection Act, the Commercial Act and the Framework Act on National Taxes, the Company may retain users' personal information for the permitted period, as described below:
    • * Records on contracts or withdrawal of subscription: 5 years
    • * Records on payment and supply of goods, etc.: 5 years
    • * Records on handling consumer complaints or disputes: 3 years

Article 6 (Department processing personal information protection and related complaints)

  • To protect users' personal information and handle related complaints, the Company has a department that handles personal information protection and related complaints. In addition, the Company has a Chief Privacy Officer and personal information managers who promptly handle users' inquiries and complaints regarding personal information.
    [Chief Privacy Officer]
    Name: Lee Seong-hwan, team leader
    Affiliation: Business Support Team
    [Department responsible for managing personal information]
    Responsible department: Business Support Team of Innisfree
    Phone number: [Customer call center] 080-360-0119 (toll free)
    [Business Support Team] 02-6040-7492 (Mon~Fri: 09:00~18:00, excluding holidays)
    E-mail : ksm8209@innisfree.com
    FAX: 02-2186-7108
  • If users need to report an instance of personal information intrusion or if users require a consultation regarding the use or related of personal information, they may contact the department responsible for personal information protection mentioned in Paragraph 1 above and the following.
    • - Privacy Invasion Reporting Center, Korea Internet Security Agency (privacy.kisa.or.kr/02-405-5118)
    • - e-Privacy Mark Certification Council (www.eprivacy.or.kr/02-580-0533~4)
    • - Online Service Center, Supreme Prosecutors' Office (www.spo.go.kr/minwon/02-3480-2000)
    • - Cyber Terror Response Center, National Police Agency (www.ctrc.go.kr/1566-0112)

Article 7 (Using the automatic personal information collection system to collect personal information)

  • The Company may use 'cookies (a mechanism for automatically collecting personal information, such as Internet connection information files)' for storing user information and retrieving such information when necessary. A cookie is a small token of information that the server hosting the Company's website sends to users' browsers (Safari, Internet Explorer, etc.). It is stored on the hard disks of user's computers. If users connect to a website, the Company's computer reads the cookie in the user's browser, retrieves additional information about the user from the computer, and provides a service without requiring the user to enter additional information. Cookies identify users' computers, but not the actual users.
  • The Company uses cookies to support and improve services necessary for site operation, such as for the analysis of the connection frequency of members and non-members, length of visit, and the number of visits by each user.
  • The Company will use cookies to provide differentiated opportunities to enter an event. Furthermore, it will provide differentiated information depending on users' areas of interest by analyzing users' participation in the various events hosted by the Company and the number of visits they made.
  • Users have a choice regarding whether to install cookies. Accordingly, they can choose to allow all cookies, some cookies or refuse all cookies by setting an option in the web browser.
    • 1. How to specify whether to allow cookie installation (if Internet Explorer 6.0 is used): Click [Tools] on the task bar in the Internet screen, select [Internet options] and then choose the [Personal Information Tab]; specify whether to allow cookies in the [Personal Information Protection Level].
    • 2. How to view cookies (if Internet Explorer 6.0 is used): Click [Tools] on the task bar in the Internet screen, select [Internet options] and [Settings] for the temporary Internet file in the general tab (default tab), and select [View File].

Article 8 (Viewing and correcting personal information, etc.)

  • Users can always log into the Company's website and click [Modify Member Information] to directly view or correct personal information, or users can request those who are consigned with personal information handling, such as merchants, or contact the Company's personal information protection department by phone, e-mail or in writing to request the viewing, correction, deletion or suspension of processing. The Company will take necessary actions immediately to comply with users' requests.
  • If users request that errors in personal information be corrected, the Company will not use or provide such personal information until the correction is completed. In addition, if the Company has already processed incorrect personal information, it will take measures to reflect the result of such correction immediately.
  • In the following cases, the Company may restrict the viewing and correction of personal information.
    • 1. in cases where the rights and interests of a third party are highly likely to be damaged;
    • 2. in cases where the business of the service provider is highly likely to be hindered; and
    • 3. in cases where there is a violation of the law.

Article 9 (Withdrawal of consent to the collection, use and provision of personal information)

  • Users may withdraw their consent to the collection, use and provision of personal information at any time. Users may withdraw their consent (withdraw their membership) after logging into the Company's website, or request those who are consigned with personal information handling, such as merchants, or contact the Company's personal information protection department in writing, by phone or e-mail. The Company will take necessary measures immediately at the request of users, e.g. handling users' withdrawal of membership and the destruction of personal information.
  • The Company endeavors to make the withdrawal of consent to the collection of personal information (withdrawal of membership) easier than the collection of personal information.

Article 10 (Administrative, technical and physical measures for protection of personal information)

  • The Company will establish and carry out internal management plans for the safe handling of personal information, and provide training to strengthen its capabilities in this area.
  • When handling users' personal information, the Company carries out the requisite technical measures to ensure that personal information will not be lost, stolen, leaked, altered or damaged.
  • Users' personal information is managed using the internal network that cannot be accessed or infiltrated by external networks, and the Company is using a separate security function to thoroughly protect important files, e.g. encrypting files and transmission data or using a file lock function.
  • The Company has installed an intrusion detection system in each server to prevent network intrusions, such as hacking, to guarantee the security of the internal network, and it has installed an access control system to reinforce security.
  • The Company has installed vaccine programs to prevent the infringement of personal information so that it is possible to always check whether the information systems used by personal information processing systems and personal information handlers for personal information processing have malicious programs, including computer viruses and spyware.
  • The Company limits access rights to users' personal information to a minimum number of people and has established an internal procedure for accessing and managing personal information to ensure the safety of such personal information. In addition, it has installed access control and lock systems, and it ensures that all its employees are familiar with these regulations and comply with them.
  • Transfer of duties and responsibilities between personal information handlers is done thoroughly in a secure environment, and the Company clearly stipulates the responsibility for personal information incidents when they join the Company and after they leave the Company.
  • Users must make sure their personal information is correct by checking and managing the personal information they provided to the Company, and if they use others' personal information without permission or infringe others' rights in the process of using the Internet site, they may be sanctioned by the Company, and they shall bear civil and criminal responsibility for such act.
  • The Company will not be held responsible for problems due to the leakage of personal information, such as ID, password (P/W) and resident registration number, due to users' negligence or Internet problems. Accordingly, users must thoroughly manage their IDs and passwords to protect their own personal information, and take responsibility for it. However, if users' personal information was lost, leaked, altered or damaged due to an error by the Company's internal managers or technical management accidents, the Company will immediately notify this to users, and take appropriate measures and provide compensation.

Article 11 (The rights of users and legal representatives and the method of exercising them)

  • Users and their legal representatives may exercise their rights related to the viewing, modification and change of personal information and withdrawal of membership against the Company.
  • To protect the personal information of children, the Company will collect the personal information of children under 14 years old only with the consent of their legal representatives (parents, etc.).
  • Users and their legal representatives may contact the Company by phone or in writing to exercise their rights with regard to personal information, and the Company will take necessary measures immediately.

Article 12 (Obligation to notify changes to the protection policy)

The privacy policy may be changed according to the changes in laws, policies, the Company's internal operating policies or changes in security technology. In this case, the Company will post the reason for and contents of such changes on the first page of the Company's website at least seven days before the enforcement of the modified privacy policy (if the changes to the privacy policy are disadvantageous to users, this period shall be 30 days).

Article 13 (Governing laws)

All matters concerning the interpretation, effectiveness and implementation of this privacy policy and disputes related therewith will be governed by the laws of the Republic of Korea.

[Supplementary provisions] August 27, 2014
Article 1 (Enforcement date) This policy is effective from August 27, 2014.

SIGN IN

Sign In
Email Account

Forgot your password?

SNS Account
close

FORGOT YOUR PASSWORD?

Enter your email address below and we will send you a new password within the next few minutes.

close

FORGOT YOUR PASSWORD?

Your password has been sent to you. It may take several minutes to reach your inbox.

close

MERGE YOUR ACCOUNTS

We have found an existing account with the same email address . If this is your account, please connect it with your account by logging in below.

Forgot your password?
close

MERGE YOUR ACCOUNTS

Please enter the email and password for your existing Innisfree account to connect with your old account.

Forgot your password?
close

ACCOUNTS SUCCESSFULLY MERGED

Your Innisfree account and account have been successfully merged. To edit your profile, click below.

close

EXISTING ACCOUNT

Do you have an existing account with Innisfree?


※Signing up with your SNS account will not be available from June 1, 2019 (KST).


※For existing accounts, click 'YES' to link your account and start shopping.

close