Go to main
uk (0)

Політика конфіденційності

Privacy Policy

Privacy Policy

Lotte Chemical Corporation (hereinafter referred to as the "Company") collects, uses, and otherwise processes personal information in compliance with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other relevant laws. This Privacy Policy has been prepared based on the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, and applies to all cases in which the Company processes personal information.

The Company highly values the personal information provided by data subjects to use its services and is committed to protecting personal information. The Company's Privacy Policy may change due to enactment or amendment of laws, changes in government policy, or changes in internal company policy. Therefore, any changes are posted on the website so that data subjects can easily review them.

The Privacy Policy contains the following:

  1. Purpose of Processing Personal Information
  2. Items of Personal Information Processed and Collection Methods
  3. Period of Processing and Retention of Personal Information
  4. Provision of Personal Information to Third Parties
  5. Outsourcing of Personal Information Processing
  6. Overseas Transfer of Personal Information
  7. Rights of Data Subjects (Users) and Legal Representatives and How to Exercise Them
  8. Installation and Operation of Automatic Personal Information Collection Devices and How to Refuse Them
  9. Destruction of Personal Information
  10. Measures to Ensure the Security of Personal Information and Technical/Administrative Measures
  11. Collection of Opinions and Handling of Complaints Regarding Personal Information
  12. Personal Information Protection Officer
  13. Changes to the Privacy Policy

1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes. Personal information is not used for purposes other than those listed below, and if the purpose changes, prior consent will be obtained.

A. Service Response
Handling product complaints, preserving records for dispute resolution, sales response

B. Service Provision
Sample delivery as requested, fulfillment of service provision, various surveys to improve service quality

C. Marketing
The Company uses collected personal information to provide customized services, offer event participation opportunities, and provide information about its services and products

D. Civil Complaint Handling
Requests for access, correction, or suspension of processing of personal information; consultation requests; various reports

E. Partner Health Counseling Management
For management purposes when special circumstances occur during work at our business sites

F. Provision of Product Transportation Information
Providing information related to the shipment and transportation of products ordered by customers

G. Site Visitor Management
For the purpose of information protection and safety management, managing external visitor entry records and visitor pass issuance logs

H. Staron Membership Registration

I. Online Whistleblowing (Report Reception)
Receiving reports of violations of ethical management by the Company and its employees, unfair or unjust acts, workplace harassment, and other matters for management improvement

2. Items of Personal Information Processed and Collection Methods

A. The Company collects and retains personal information only based on legal provisions and the consent of data subjects. The main personal information collected and retained by the Company is as follows:

  • Customer Response (Sample Orders, Contact Us, Newsletter): Required items (name, email, contact number), Optional items (company name, department/position, address)
  • Partner Health Counseling: Required items (name, affiliated company), Optional items (weight, blood sugar, blood pressure, InBody results)
  • Transportation Information: Driver's name, contact number (mobile phone number)
  • System Usage Information: Logs of website access, IP addresses, cookies, MAC addresses, and other access records
  • Online Whistleblowing: Real-name reports (name, phone number, email), Anonymous reports (email)

B. The Company collects personal information through the following methods:

  • Customer Response: Submission through direct entry of personal information on the website
  • Transportation Information: Provided through consent of data subjects for the purpose of issuing system accounts
  • Online Whistleblowing: Submission through direct entry of personal information on the website
  • System Access Records: Generated information collection tools

3. Period of Processing and Retention of Personal Information

The Company destroys personal information without delay when the purpose of processing has been achieved, when the retention period agreed upon at the time of collection has expired, when the period required by relevant laws has expired, or when requested by the data subject. The retention periods required by the Act on Consumer Protection in Electronic Commerce are as follows:

A. Records of consumer complaints or dispute resolution: 3 years
B. Records of display/advertising: 6 months
C. Records of contracts or withdrawal of subscriptions: 5 years
D. Records of payment and supply of goods: 5 years
E. Website visit records: 3 months
F. Sales Portal System personal information retention period (Membership Registration/Transportation Information): 5 years

  • Membership Registration: Retained for 5 years from the date of consent for personal information collection at the time of registration
  • Transportation Information: Retained for 5 years from the date of product transportation

4. Provision of Personal Information to Third Parties

The Company does not provide collected personal information to third parties without the consent of data subjects, except in the following cases:

A. When there are special provisions in law or when it is unavoidable to comply with legal obligations
B. When the data subject or their legal representative is unable to express their intention or cannot give prior consent due to unknown address, etc., and it is clearly recognized as necessary for the urgent life, body, or property interests of the data subject or a third party
C. When required by investigative agencies or other state authorities, and when the Company has a legal obligation to provide personal information

5. Outsourcing of Personal Information Processing

A. The Company outsources the processing of personal information of data subjects as follows for the purpose of providing services:

Website Maintenance and Data Management Services

  • Outsourcees: Lotte Data Communication Corporation, Motion I, Samsung SDS, Webricks
  • Outsourced Work: Personal information processing related to website maintenance and data management

Outsourcing of Personal Information Processing for Product Order/Transportation: Transportation companies contracted with the Company

Company names: Seopyeong, Woojin Logistics, Yullim, Jeil Cargo, Seosan Transportation, Yujin, Yuseong TNS, Shindonga Transportation, Daeryun Sangwoon, Dongteuk, Shinyoung Transportation, Boseong

Outsourced Work: Work for product transportation and accompanying personal information processing
Outsourced Personal Information Items: Name, mobile phone number, email of product order customers

Visitor Management at Our Sites

  • Outsourcees: Lotte Mulsan, S-Tech, Union Industries, People & People, C-Tech, Seowoon SM
  • Outsourced Work: Processing of access by customers, visitors, partner staff, and video information

B. When outsourcing the processing of personal information, the Company manages outsourced personal information processing tasks by entering into outsourcing contracts that impose obligations such as prohibition of processing personal information for purposes other than the outsourced work, technical/administrative protection measures, security measures, restrictions on re-outsourcing, supervision of outsourcees, and confidentiality, to ensure that personal information is safely managed.

C. If outsourcees or the contents of outsourced work change, this will be disclosed without delay through website postings and this Privacy Policy.

6. Overseas Transfer of Personal Information

The Company outsources the storage and management of its data to Salesforce, the system platform provider. The details of overseas transfer of personal information are as follows:

A. Recipient of Personal Information
Salesforce Inc. (Personal information processing inquiries: 1-800-667-6389)

B. Items of Personal Information Transferred

  • At the time of membership registration and changes to member information (transportation drivers): Name, user mobile phone number
  • Transportation Information: Driver's name, mobile phone number
  • System Usage Information: Logs of website access, IP addresses, cookies, MAC addresses, and other access records

C. Country of Transfer, Date of Transfer, Method of Transfer

  • Member Information: USA/Japan, at the time of membership registration and changes to member information, transmission via dedicated network
  • Transportation Information: USA/Japan, when system users upload order details, transmission via dedicated network

D. Purpose of Use, Retention, and Use Period of the Recipient

  • Purpose of Use: Provision of system platform services to the Company, product purchase customers, product transportation companies, etc.
  • Retention and Use Period: For member information, 5 years from the date of consent for personal information collection and use or from the last date of product transportation. For order information, 5 years from the date of contract conclusion. However, if the mandatory retention period under relevant laws is longer than the above period, retention will be until that period.

7. Rights of Data Subjects (Users) and Legal Representatives and How to Exercise Them

A. Data subjects may at any time request access, correction, deletion, suspension of processing, or withdrawal of consent regarding their registered personal information. To request access, correction, deletion, suspension of processing, or withdrawal of consent for personal information, please contact the personal information protection management department in writing, by phone, or by email. After identity verification, action will be taken without delay.

B. If a data subject requests correction of an error in personal information, the personal information will not be used or provided until the correction is completed. Also, if incorrect personal information has already been provided to a third party, the result of the correction will be promptly notified to the third party so that the correction can be made.

C. The exercise of rights under paragraph A may be done through a legal representative of the data subject or an authorized representative. In this case, a power of attorney must be submitted in accordance with Form No. 11 attached to the Enforcement Rules of the Personal Information Protection Act.

D. When the Company receives requests for access, correction/deletion, or suspension of processing in accordance with the rights of data subjects, the Company verifies whether the person making the request is the data subject themselves or a legitimate representative.

E. Pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act, the rights of data subjects regarding access to and suspension of processing of personal information may be restricted.

F. If the Company has an obligation to collect personal information of data subjects in accordance with other laws, correction and deletion of personal information may be restricted.

G. Data subjects are requested to enter their personal information accurately and keep it up to date in order to prevent unforeseen incidents. The data subject is responsible for any incidents caused by inaccurate information entered by the data subject. Entering false information, such as identity theft, may result in legal violations.

H. Data subjects have the right to have their personal information protected, as well as the obligation to protect themselves and not infringe on others' information. Please be careful not to disclose your personal information and not to damage others' personal information, including in posts. Failure to fulfill these responsibilities and damage to others' personal information and dignity may result in punishment under relevant laws.

I. In principle, the Company does not collect personal information of minors. When personal information of minors must be collected for business purposes, prior consent from the legal representative will be obtained, and the information will be destroyed without delay when the purpose of collection and use is achieved or the retention period agreed upon at the time of collection expires.

8. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

A. Purpose of Cookie Use
The Company uses 'cookies' that store and frequently retrieve user information to provide individualized customized services to users. Cookies are small amounts of information sent by the server (http) operating the website to the user's computer browser, and may also be stored on the hard disk of the user's PC computer. Cookies are used to provide users with optimized information by identifying visit and usage patterns, popular search terms, and security access status of each service and website visited by the user.

B. Method of Installing/Operating and Refusing Cookies
You can refuse to store cookies by setting the options in the Tools > Internet Options > Privacy menu at the top of your web browser.

9. Destruction of Personal Information

In principle, when the retention period of personal information has expired or the processing purpose has been achieved, the Company destroys the personal information without delay. However, this does not apply when retention is required by law.

A. Destruction Procedure: Personal information is stored for a certain period in accordance with internal policies and other relevant laws, and then destroyed or deleted.

B. Destruction Method: Personal information printed on paper is shredded by a shredder or incinerated, and personal information stored in electronic file form is deleted using methods that prevent record reproduction or restoration.

C. Separate Storage of Personal Information: If personal information must continue to be retained under other laws even after the retention period agreed upon by the user has expired or the processing purpose has been achieved, the storage location of the personal information is changed and stored separately from other personal information.

10. Measures to Ensure the Security of Personal Information and Technical/Administrative Measures

In accordance with the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Company takes the following technical, administrative, and physical measures necessary to ensure security:

A. Establishing and implementing internal management plans for the safe processing of personal information.
B. Restricting access to personal information: Taking necessary measures for access control to personal information by granting, changing, and revoking access rights to the database system that processes personal information.
C. Minimizing and training employees handling personal information: Implementing measures to manage personal information by designating employees handling personal information and limiting them to those in charge.
D. Encryption of personal information: Personal information is stored and managed in encrypted form.
E. Storage and prevention of forgery/alteration of access records: Access records are stored and managed for at least 1 year, and managed to prevent forgery/alteration, theft, or loss.
F. Technical measures against hacking: To prevent leakage and damage of personal information due to hacking or computer viruses, the Company installs security programs, periodically updates/inspects them, and installs systems in areas with controlled access from outside, monitoring and blocking technically/physically.
G. Use of locking devices for document security: A separate physical storage location for the personal information system holding personal information is maintained, and access control procedures have been established and operated for it.
H. Regular self-audits: Regular self-audits are conducted to ensure the security of personal information handling.

11. Collection of Opinions and Handling of Complaints Regarding Personal Information

The Company collects opinions from data subjects regarding personal information protection and has prepared all procedures and methods to handle complaints. Data subjects may report complaints by phone or email by referring to the contact information of the personal information protection officer and management department specified in Article 12 below, and the Company will provide prompt and sufficient responses to data subjects' reports. Alternatively, complaints may be filed with the following organizations established and operated by the government:

  • Personal Information Infringement Report Center (http://privacy.kisa.or.kr, 118 without area code)
  • Personal Information Dispute Mediation Committee (http://www.kopico.go.kr, 02-1833-6972)
  • Cyber Investigation Department, Supreme Prosecutors' Office (http://www.spo.go.kr, 1301 without area code)
  • National Police Agency Cybercrime Reporting System (https://ecrm.police.go.kr/minwon/main, 182 without area code)

12. Personal Information Protection Officer

To protect personal information, handle matters related to personal information, and receive and respond to complaints from customers who have provided personal information, the Company has the following customer service representative, personal information protection officer, and person in charge:

Personal Information Protection Officer: Head of Digital Innovation Division
Personal Information Protection Management Department: PI Team
Contact (Phone: 02-829-4523, Email: seungha-lee@lotte.net)

13. Changes to the Privacy Policy

This Privacy Policy applies from the effective date, and if there are additions, deletions, or corrections of changes pursuant to laws and policies, notice will be given through announcements at least 7 days before the effective date of the changes whenever possible.

Supplementary Provisions

  1. Complete revision of the Privacy Policy
    Effective date: October 22, 2007
  2. Partial revision and supplementation of the Privacy Policy
    Effective date: July 25, 2013
  3. Partial revision and supplementation of the Privacy Policy and separation into Privacy Policy and Personal Information Handling Policy
    Effective date: August 24, 2015
  4. Complete revision of the Privacy Policy (Integrating the Handling Policy under the Information and Communications Network Act and the Privacy Policy under the Personal Information Protection Act into one Privacy Policy as in this policy. Revision of personal information outsourcing information)
    Effective date: January 1, 2018
  5. Partial revision of the Privacy Policy
    Effective date: August 1, 2020
  6. Partial revision of the Privacy Policy
    Effective date: October 25, 2021
  7. Partial revision of the Privacy Policy
    Effective date: November 15, 2022
  8. Partial revision of the Privacy Policy (Reflecting amendments to the Enforcement Decree of the Personal Information Protection Act)
    Effective date: December 15, 2023
  9. Partial revision of the Privacy Policy
    Effective date: February 27, 2025

Personal Information Infringement Report Center (http://privacy.kisa.or.kr, 118 without area code)
Personal Information Dispute Mediation Committee (http://www.kopico.go.kr, 1833-6972)
Cyber Investigation Department, Supreme Prosecutors' Office (http://www.spo.go.kr, 1301 without area code)
National Police Agency Cybercrime Reporting System (https://ecrm.police.go.kr, 182 without area code)