doota 로고

Privacy Policy

The Doosan Retail Business Division (tentative name, hereinafter referred to as "Company") considers the personal information of users who use the Doota Mall "homepage" and "Doota Mall Membership Web Site" very important, and strives to protect all information provided by the members. Accordingly, the "Company" complies with the personal information protection regulations and the personal information protection guidelines in the related laws and regulations that the information and communication service providers must comply with, such as the Personal Information Protection Act, the law regarding the promotion of information, communication network use, and protection of information. The personal information processing policy of the "Company" contains the following contents.

1. Scope of Collection of Personal Information
  • ① ‘Company’ collects personal information of the member by lawful and fair means.
  • ② "Company" collects personal information by dividing required items and optional items. In cases where it is necessary to collect unique identification information only when permitted by law, separate agreements are received separating it from general personal information.
  • ③ The collected personal information shall be limited to the minimum information necessary to provide the service and sensitive personal information which can cause violation of basic human rights (such as race, religion, ideology, native place, hometown, political orientation and criminal record, health and sex life) shall not be collected.
  • ④ "Company" does not collect resident registration number unless it is permitted by law.
2. Purpose of Processing Personal Information
"Company" shall process personal information for the following purposes (for the purpose of processing by items, refer to 3. Items of personal information and purpose of use). The personal information being processed is not used for purposes other than the following, and if the purpose of use is changed, we will implement necessary measures such as obtaining agreement in accordance with Article 18 of the Personal Information Protection Act.
  • ① Homepage, membership registration and management
    The personal information shall be processed for the purpose of confirming intention of membership, authenticating identity based on the provision of membership service, maintaining membership, checking identity based on the Limited Identity Verification System, preventing illegal use of services, notifications, and notification of processing results, etc.
  • ② Handling of complaints
    The personal information shall be processed for the purpose of confirming the identity of the complainant, confirming the contents of complaint, notification for the investigation, and notification of processing results, etc.
3. Items of Personal Information and Purpose of Use
  • ① "Company" uses the personal information collected through the homepage, membership sign up process, and events to develop more useful service for members.
  • ② "Company" collects personal information for the following purposes.

    Regular member Required The encrypted identification number (CI), duplicate registration confirmation information (DI), i-PIN information *Use for identification process and duplicate membership confirmation for the use of membership service
    ID, password, name, gender, date of birth, phone/cell phone number (Korean resident), email address, address (Korean resident), country (foreigner) * Used for identification process for the use of membership service
    * Ensure smooth communication for items such as membership benefits, change of terms, notification, confirmation of one’s will, complaint handling, developing new services, providing customized services, ads, and creating statistics on service usage
    Optional Telephone number (foreigner), address (foreigner), occupation Provide customized services, ads, and create statistics on service usage
    Optional Consent to receive service and marketing information (Whether agreeing to receive SMS, whether agreeing to receive TM), Mail address (Whether agreeing to receive mail) * Used for marketing and publicity through SMS, eDM, DM, TM for Doota Mall products (including duty free shops), promotions, and events
    * Provide convenience of service (offer gifts and discount coupons)
    Information generated / collected by automatic collection devices during service use or business processing Service visit history, service use history, access log, suspension history, withdrawal history. Prevention of fraudulent membership or illegal use and prevention of unauthorized use, statistical analysis and research for marketing, event planning/management, benefits, and service development

    • The following personal information items can be automatically created and collected during the process of using the website.
    • Service use history, visit history, inquiry call history, etc.

4. Handling of Personal information and Retention Period
  • ① "Company" will process and retain the personal information collected until the request for membership withdrawal, and if the member requests withdrawal, the collected personal information will be processed immediately so that it can not be viewed or used. However, in the case of a member, it will be retained for 30 days to prevent unfairly receiving benefits such as discount coupons, points, event benefits, etc. provided by the "Company" by repeatedly re-signing up and withdrawing, etc. and to prevent the act of stealing names through this process.
  • ② However, if there is a need to preserve the information longer in accordance with laws and regulations, such as Commercial Laws, transaction details and minimum basic information can be retained during the period prescribed by laws and regulations. We retain the personal information for the promised retention period by notifying the member in advance or by obtaining consent individually. In this case, "Company" shall use the information only for the purpose of holding, and the retention period is as follows.
    A. Logging, IP, etc.
    • ㆍ Reason for retention: At least 3 months in accordance with the Protection of Communications Secrets Act
    • ㆍ Retention period : 3 months
  • ③ However, in accordance with the relevant laws and regulations, "Company" will destroy personal information of the user who has not re-logged in within the period of validity (12 months after the last log-in) immediately after the expiration of the validity period or keep it separately. This information shall be sent 30 days in advance to the personal information holder and the membership may be lost if a member does not sign in within the specified time limit. In this case, except for CI, information such as user's service use and points will be destroyed or deleted. CI and personal information are kept separate for homepage registration history management. Separately stored information can be destroyed immediately upon request by the customer and preserved in accordance with relevant laws and regulations.
5. Procedures and Methods of Destroying Personal Information
'' Company '' will terminate the information without delay in accordance with the retention period and period of use after the purpose of collecting and using personal information is achieved according to the principle of timely destruction. The specific procedures for destroying personal information, the due date, and the method are as follows.
  • ① Destruction procedure: The information entered for membership registration is stored after a certain period of time according to the reason for information protection after the purpose has been accomplished according to the internal policy and other relevant laws and regulations before destruction.
  • ② Destruction period: The personal information of the member shall be destroyed within 5 days from the end of the retention period when the period of holding the personal information has passed and the personal information becomes unnecessary, such as through attaining the purpose of processing personal information, abolishing the relevant service, or end of business, and the personal information shall be destroyed within five days from the day when it is considered that processing of personal information is unnecessary.
  • ③ Destruction method
    A. Printed and written personal information, etc.: Shredding or incineration
    B. Electronic file format: Permanently delete in a way that cannot be restored
6. Collection of Personal Information by Cookies
  • ① '' Company '' operates a 'cookie' that stores member’s information and finds it from time to time. A cookie is a small amount of information that a website sends to member’s computer browser (Chrome, Internet Explorer, etc.). When you log-in to the website, the server of the "company" will read the content of the cookie on your browser and find additional information from your computer to provide services. This cookie information will be used to provide you with useful and customized services. However, cookie information can identify your computer, but does not identify individual members.
  • ② You can choose whether or not to use these cookies. You can allow all cookies through your web browser's option settings, check each time a cookie is saved, or refuse to save all cookies. However, if you refuse to store cookies, you may not be able to use some services that require login.
7. Personal Information Protection for Children Under 14 years of age
"Company" does not collect personal information of children under the age of 14, and membership is not possible.
8. Personal Information Subcontractor and Business Contents
"Company" entrusts some services to professional service companies in order to maintain and manage member’s services, provide customer consultation, and other services. A subcontractor cannot use personal information beyond the purpose for which it has been entrusted. In addition, the "Company" conducts regular monitoring and supervision to ensure that such personal information is not unlawfully used among subcontractors. "Company" will notify the member in advance if a subcontractor is entrusted for part of the business. Personal information subcontractors are as follows.
List of personal information subcontractors
Trustee Handling consignment
Doosan Information and Communication Co., Ltd. Information processing and maintenance
Seoul Credit Evaluation Co., Ltd. Personal authentication through I-pin/cell phone
SK Planet Delivering Syrup Wallet Services(Membership card issue, providing information about accumulation/use/check of point, marketing information, etc.)
MCOM Delivering Syrup Wallet Services(Membership card issue, providing information about accumulation/use/check of point, marketing information, etc.)
Kakao Pay Kakao Pay membership service delivery service (Membership card issue, providing information about accumulation/use/check of point, marketing information, etc.)
Theman Customer counseling and membership management (point accumulation) Information processing
Oricom Management of SNS consigned operations and shipment of prizes
Humuson Co.,Ltd. Message delivery via SMS, LMS, MMS and E-mail, etc.
9. Provide Personal Information to Third Parties
"Company" shall treat the personal information only within the scope specified in Article 2 (Purpose of Processing Personal Information), and the personal information can be provided to the third party only when it complies with Articles 17 and 18 of the Personal Information Protection Act, consent and special provisions of law.
Provided companies (Alliance) Purpose of provision Provided item Period of provision
SK Planet Delivering Syrup Wallet Services Name of member, Cellphone number, gender, CI value, Address Service Operating Period
MCOM Delivering Syrup Wallet Services Name of member, Cellphone number, gender, CI value, Address Service Operating Period
Kakao Pay Kakao Pay membership service delivery service Name of member, Cellphone number, gender, CI value Service Operating Period
10. Rights of Information Holder and Exercise of Rights
As a personal information holder, a member may exercise the following rights.
  • ① Members can view or modify their personal information at any time from 'Doota Mall' My Page> Member Information '.
  • ② Members can withdraw their consent to collect and use personal information at any time by ‘withdrawing their membership’.
  • ③ If a member requests correction of an error of personal information, that information will not be used or provided until the correction is completed. Also, if wrong personal information has already been provided to a third party, we will notify the third party without delay and correct the processing result.
11. Measures to Ensure the Stability of Personal Information
In accordance with Article 29 of the Personal Information Protection Act, the "Company" adopts the technical, administrative, and physical measures necessary to ensure stability as follows.
  • ① Minimization of personnel handling personal information
    To protect personal information, the authority of the person who handles personal information is minimize
  • ② Regular education for personnel handling personal information
    Regular education is conducted to raise awareness of personal information protection.
  • ③ Regular internal inspection
    Regular in-house inspections are conducted to ensure the safety of handling personal information.
  • ④ Establishment and implementation of internal management plan
    We have established an internal management plan for the safe handling and management of personal information.
  • ⑤ Encryption of personal information
    The personal information and passwords of members are stored and managed in an encrypted form and are securely managed using separate security functions.
  • ⑥ Technical measures against hacking, etc.
    "Company" installs a security program and periodically updates/inspects to prevent leakage and damage of personal information caused by hacking or computer viruses, installs the system in an area controlled from outside and technically and physically monitors and blocks access.
  • ⑧ Storing of access log and forgery
    We maintain and manage records of access to personal information processing / handling systems for at least six months, and we use security features to prevent forgery and theft of access logs.
  • ⑨ Using a lock for document security
    We keep documents with personal information and auxiliary storage media in safe place and locked.
  • ⑩ Access control to unauthorized persons
    We have set up a separate physical storage area for personal information and set up access control procedures.
However, 'Company' is not responsible for any personal mistakes made by members or the basic risks of the Internet.
12. Handling of Personal Information Related Complaints
  • ① If you think that 'Company' did not follow the personal information processing policy, please notify the personal information manager or person in charge below. We will promptly review any issues you may have identified, and if necessary, we will try to take action as soon as possible. The ‘Company’ collects your opinions regarding your personal information and has prepared all the procedures and methods to handle your complaints.
  • ② Also, if you need to report or consult regarding infringement of personal information, please contact the Korea Information Security Agency (KISA) privacy information violation report center. If you suffer financial or mental harm from infringement of personal information, you can apply for a compensation for damage to the Personal Information Dispute Mediation Committee. If you need consultation on other personal information, you can contact the privacy information violation report center, the Internet Crime Investigation Center of the Supreme Prosecutors' Office, and the Cyber Terrorism Center of the National Police Agency.

    Privacy information violation report center

    Internet Crime Investigation Center of the Supreme Prosecutors' Office

    Cyber Terrorism Center of the National Police Agency
13. Personal Information Protection Officer
In order to protect the personal information of the member and to handle complaints related to personal information, the ‘Company’ has people in charge of personal information management. If you have any questions about personal information, please contact the personal information manager/ person in charge. We will respond promptly and faithfully to your inquiries.
Personal information manager
  • - Name: Yun Ju Man
  • - Department: Doosan corp. Business Management
  • - Position: Vice President
  • - Email:
  • - Telephone: 02-3398-3724

Person in charge of personal information
  • - Name: Kang Kye Won
  • - Department: Doosan corp. Information Security Team
  • - Position: General Manager
  • - Email:
  • - Telephone: 02-3398-1444
14. Restriction of Delivery of Advertising Information
  • ① We do not send advertising information for commercial purposes against user wishes for blocking purposes.
  • ② When sending advertising information by e-mail for online marketing such as information on product information, take steps to make it easier for users to find out in the title and body of the e-mail as follows.
    • A. The title of the e-mail: The word (newsletter) shall be displayed in Korean without a space at the beginning of the title, followed by the main content of the e-mail body.
    • B. The body of the e-mail: Specify the name, e-mail address, telephone number, and address of the sender to whom the user is allowed to express their wish to block. Specify in English and Korean how to express one’s wish to block.
  • ③ If sending harmful information to young people (adult advertisement), display the following phrase.
    • A. If one of the following items in the content is expressed in the form of code, text, image, or sound, the phrase "(Adult advertisement)" shall be displayed in the title of the e-mail. (Even if the body of the e-mail does not contain it directly, but if there are technical measures to make it easier for the recipient to check the contents, it falls under adult advertisement)
      • - Suggestive or obscene things that stimulate sexual desire for adolescents (people under the age of 19)
      • - Things that can cause violence or an impulse of crime for adolescents
      • - Things stimulating or beautifying the abuse of drugs and various forms of violence, including sexual violence
      • - Decided/declared as harmful media for adolescents by the Juvenile Protection Act
    • B. If advertising an Internet Web site that deals with one of the above items in the advertising e-mail content, "(Adult advertisement)" shall be displayed in the title of the email.
15. Notification Due to Policy Modification
  • ① This personal information policy is disclosed on the first page of our homepage so that members can always see it easily.
  • ② If there is any additional deletion or modification of the content due to a change in the statute or security technology, we will inform you of the reason and details of the change through the website 30 days before implementation of the changed personal information processing policy. When changing any other content, we will notify you of the reason and details of the change at least one week prior to enforcement.
  • ③ The contents of this personal information processing policy may be changed from time to time, so please check this every time you visit the "Homepage".

[Supplementary provision] 1. (Date of Enforcement) This personal information processing policy will be enforced on Nov. 2, 2018.