Privacy Policy
Effective Date: May 31, 2025
KRISTINCOMPANY Co., Ltd. (hereinafter referred to as “the Company”) operates the ‘ShoeCatch’ service in compliance with relevant laws, including the Personal Information Protection Act (PIPA). This Privacy Policy explains how we collect, use, and safeguard your personal information while addressing your concerns promptly and transparently.
1. Collection and Use of Personal Information
The Company collects only the minimum necessary personal information to deliver and enhance its services.
For Registered Users
| Purpose | Required Information | Optional Information | Retention Period |
|---|
| Registration and Identification | Email, Password | - | Until account deletion |
| Google Account Integration | Email | - | Until account deletion |
| Customer Support & Feedback | Name, Email, Phone, Role | Organization Scale | Until account deletion or per legal requirements |
| ShoeCatch Service Operations & Announcements | Name, Email, Phone, Company, Role | | Until account deletion |
For Non-Members
| Purpose | Required Information | Optional Information | Retention Period |
|---|
| Consent History Verification | Name, Email, Consent Logs | - | 3 years from consent date |
| Customer Support and Feedback | Name, Email, Phone, Role | Organization Scale | 3 years from consent date |
Marketing & Events
| Purpose | Required Information | Optional Information | Retention Period |
|---|
| Notifications & Advertising | Name, Email, Phone, Company, Role | Organization Scale | Until withdrawal of consent |
Payments
| Purpose | Required Information | Retention Period |
|---|
| Payment Processing & Refunds | Credit Card Info, Account Info | Until account deletion or per laws |
Notice Regarding Personal Information Processing Without Consent
1.
We do not collect sensitive personal data.
2. Processing of Sensitive Information
The Company does not process sensitive information, such as data related to race, religion, or health.
3. Information of Children Under 14 Years of Age
The Company’s services are not designed for children under 14, and the Company does not knowingly collect their personal data.
4. Use of Cookies and Automated Collection Devices
The Company uses cookies and automated collection devices to provide personalized services and improve the overall user experience.
Purpose of Automated Data Collection
1.
Legal Compliance
a.
Retaining access logs as required by law.
2.
Service Improvement
a.
Using behavioral analytics to enhance user experience.
3.
Fraud Prevention
a.
Monitoring logs to prevent misuse.
Notice Regarding Automated Personal Information Collection and Opt-Out Methods
1.
The Company collects and analyzes behavioral information using the following tools. The information collected does not directly identify specific individuals.
2.
Installation, Operation, and Opt-Out Methods for Automated Personal Information Collection Devices: You can opt out of cookie storage or behavioral information collection using the methods below. However, changing cookie settings may affect certain services such as automatic website login.
a.
Blocking/Allowing Personalized Ads Through Web Browsers
(1)
Internet Explorer (Internet Explorer 11 for Windows 10)
•
Go to Tools > Internet Options > Privacy > Advanced Settings to block or allow cookies.
(2)
Microsoft Edge
•
Access Settings > Privacy, Search, and Services > Tracking Prevention. Adjust settings as needed.
(3)
Chrome Browser
•
Go to Settings > Privacy and Security > Cookies and Other Site Data. Enable 'Block third-party cookies'.
b.
Other
(1)
The Company collects only minimal behavioral data required for personalized services and does not gather sensitive information, such as beliefs, medical history, or social activities. Additionally, personalized advertising data is not collected from users under 14 years of age.
(2)
Data subjects may contact the following for inquiries about behavioral information, exercising their right to opt-out, and filing damage reports.
(3)
Data Protection Officer
| Name | Lee Minyoung |
| Company | KRISTINCOMPANY Co., Ltd. |
| Position | D/CEO |
| Email | support@shoecatch.ai |
| Phone | 02-2039-2345 |
The Company uses cookies and automated collection devices to provide personalized services and improve the overall user experience.
5. Retention and Destruction of Personal Information
The Company retains personal data only as long as it is necessary to fulfill the intended purpose or as required by applicable laws. Once retention periods expire, data is securely destroyed.
User Information
1.
General Retention: Personal data is deleted when the purpose of collection is achieved.
2.
Inactive Users: Accounts inactive for more than one year are flagged for deletion after a three-month segregation period.
3.
Legal Retention: Certain information is retained per legal obligations, as outlined below:
Personal Information Disposal Procedures and Methods
1.
Identification for Disposal:
a.
Personal data flagged for disposal is reviewed and approved by the Data Protection Officer before deletion.
2.
Methods of Disposal:
a.
Electronic Data: Permanently deleted using encryption methods that prevent recovery.
b.
Paper Records: Shredded or incinerated.
Mandatory Retention Periods According to Relevant Laws
The basis for retention and personal information items that must be preserved according to relevant laws are as follows:
1.
Retained items: Card company name, partial card number, IP, browser information, device information
| Purpose | Legal Basis | Retention Period |
|---|
| Contracts or Subscription Withdrawals | Act on Consumer Protection in Electronic Commerce | 5 years |
| Payment and Supply of Goods | Act on Consumer Protection in Electronic Commerce | 5 years |
| Consumer Complaints or Disputes | Act on Consumer Protection in Electronic Commerce | 3 years |
| Display/Advertising Records | Act on Consumer Protection in Electronic Commerce | 6 months |
| Tax Records (Books and Documents) | Framework Act on National Taxes | 5 years |
| Records of access | Protection of Communications Secrets Act | 3 months |
6. Delegation of Personal Information Processing
The Company entrusts specific tasks to trusted partners under strict confidentiality agreements:
Delegated Processing and Processors
| Processor | Delegated Tasks |
|---|
| Google | User behavior analysis |
| Stripe(TBD) | Payment and refund management |
| Amazon Web Service | Data hosting and storage |
| OpenAI | AI-based text and image generation |
| Stability AI | AI-based image generation |
7. Third-Party Provision of Personal Information
The Company provides personal data to third parties only with user consent or as required by law, including:
Information Provided to Third Parties Without Prior Consent Under Applicable Laws
1.
When providing information in a form that cannot identify specific individuals for statistical compilation, academic research, or market research purposes
2.
When requested by government agencies in accordance with applicable laws
3.
When there are investigative purposes related to crimes, or when requested by the Information and Communication Ethics Committee
4.
When there are requests following procedures specified in other applicable laws
Notice Regarding Personal Information Provision in Emergency Situations
1.
Personal information may be provided to relevant authorities without the consent of the data subject in emergency situations such as disasters, infectious diseases, incidents or accidents that pose immediate danger to life or body, or imminent property loss.
2.
Emergency situations are determined based on the "Guidelines for Personal Information Processing and Protection in Emergency Situations" jointly announced by relevant government departments.
8. Transfer of Personal Information Overseas
The Company may transfer personal data to international partners for tasks like user behavior analysis, payment processing, and system management.
Overseas Transfer Notice
| Purpose | Items | Time and Method | Retention Period | Company and Country | Contact |
|---|
| User behavior analysis and service improvement | Visit time, service usage records, IP information, cookies | Transmitted through encrypted network when providing service | Until membership withdrawal, service termination, or end of delegation contract | Google / USA | googlekrsupport@google.com |
| Payment and refunds | Payment information (credit card number, expiration date), payment history, billing/shipping address, IP information | Electronic transfer at the time of personal information collection | Until membership withdrawal, service termination, or end of delegation contract | Stripe(TBD) | complaints@stripe.com |
| Data storage and IT system operation/management | Account information (email), service usage records, server logs (IP access, visit time), stored files/data | Electronic transfer at the time of personal information collection | Until membership withdrawal, service termination, or end of delegation contract | Amazon Web Service | Aws-korea-privacy@amazon.com |
| Text generation and summarization based on provided information | User input text, service usage records | Electronic transfer at the time of personal information collection | Until membership withdrawal, service termination, or end of delegation contract | OpenAI | info@openai.com |
| Image generation based on provided information | User input text and images, service usage records | Electronic transfer at the time of personal information collection | Until membership withdrawal, service termination, or end of delegation contract | Stability AI | info@stability.ai |
1.
For methods, procedures, and effects of refusing personal information transfer: Please refer to User Rights and Exercise Methods
9. Security Measures for Personal Information
The Company adopts technical, administrative, and physical measures to protect data:
Minimization and Training of Personal Information Handling Staff
1.
We minimize the number of employees handling personal information and implement measures to manage personal information through regular privacy protection training.
Establishment and Implementation of Internal Management Plan
1.
We have established and implemented an internal management plan for the safe processing of personal information.
Storage and Prevention of Access Log Tampering
1.
To facilitate response to personal information breach incidents, we maintain and manage access records (web logs, summary information, etc.) to the personal information processing system for at least 1 year, and use security features to prevent access records from being tampered with, stolen, or lost.
Encryption of Personal Information
1.
Users' personal information is encrypted for storage and management.
Technical Measures Against Hacking
1.
The company installs and regularly updates security programs to prevent personal information leakage and damage from hacking or computer viruses. Additionally, systems are installed in areas with controlled external access and are technically and physically monitored and blocked.
Access Control Restrictions for Personal Information
1.
We implement measures for access control of personal information through the granting, modification, and removal of access rights to personal information processing systems.
10. Rights of Users and Legal Representatives
The Company ensures that users or their representatives can request access, correction, or deletion of their personal data through its support channels.
User Rights and Exercise Methods
1.
Account deletion: Workspace > Account > Delete Account
2.
Method and procedure for refusing personal information transfer: Contact through Customer Support. Effect of refusal: (For automatically collected information) Suspension of personal information processing by the data handler
3.
Additionally, you may request the suspension of processing and deletion of personal information through written documents, email, or other means.
4.
When a request for correction or deletion of personal information errors is made, the Company will not use or provide such personal information until the correction or deletion is completed.
5.
Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
6.
The Company verifies the identity of individuals requesting access, correction/deletion, or processing suspension of their personal information.
Rights and Exercise Methods of Legal Representatives
1.
When a legal representative or authorized agent exercises the user's rights (access, correction, processing suspension, deletion), they must submit a power of attorney according to "Form No. 11 of the Notice on Personal Information Processing Methods".
2.
The Company verifies whether the person requesting access, correction/deletion, or processing suspension is a legitimate representative.
11. Data Protection Officer and User Remedies
The Company designates a Data Protection Officer to address any privacy concerns or inquiries:
| Name | Lee Minyoung |
| Company | KRISTINCOMPANY Co., Ltd. |
| Position | D/CEO |
| Email | support@shoecatch.ai |
| Phone | 02-2039-2345 |
Role of the Data Protection Officer
Users may contact the Data Protection Officer regarding all matters related to personal information protection inquiries, complaints handling, and remedies that arise while using the service. The Company will respond to and process user inquiries without delay.
Organizations Available for Rights Violation Assistance
For detailed assistance regarding user rights violations, please contact the following organizations:
1.
Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)
a.
Jurisdiction: Personal information infringement reports, consultation requests
c.
Phone: (No area code) 118
d.
Address: Personal Information Infringement Report Center, 3rd Floor, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong) (58324)
2.
Personal Information Dispute Mediation Committee
a.
Jurisdiction: Personal information dispute mediation applications, collective dispute mediation (civil resolution)
c.
Phone: (No area code) 1833-6972
d.
Address: 4th Floor, Seoul Government Complex, 209 Sejong-daero, Jongno-gu, Seoul (03171)
3.
Supreme Prosecutors' Office Cybercrime Investigation Division
a.
Phone: (No area code) 1301
4.
National Police Agency Cyber Security Bureau
Additionally, if your rights or interests have been violated by dispositions or inactions taken by the head of a public institution regarding requests based on provisions for access, correction/deletion, or processing suspension of personal information, you may file an administrative appeal in accordance with the Administrative Appeals Act.
1.
Central Administrative Appeals Commission: Refer to phone number guide at
12. Changes to the Privacy Policy
The Company will announce updates to this Privacy Policy on its website.
Powered by ShoeCatch