Privacy policy

Create Korea Co., Ltd. (the “Company”) complies with the Personal Information Protection Act and relevant laws to protect the freedom and rights of data subjects, lawfully processes personal information, and manages it safely. In accordance with Article 30 of the Personal Information Protection Act, the Company hereby establishes and discloses this Privacy Policy to inform data subjects of the procedures and standards for personal information processing, and to ensure prompt and smooth handling of related grievances.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Collected personal information will not be used for purposes other than those listed below. If the purpose of use changes, the Company will obtain separate consent.

Product order and delivery processing: order receipt, payment processing, address confirmation, product delivery (including both mandatory and optional uniforms)

Customer support: handling user inquiries and complaints, delivering notices

Service operation management: order history management, prevention of fraudulent use

Contract execution and performance confirmation: transaction history verification, user identification, etc.

Return and exchange processing: receipt of return/exchange requests, refunds/redelivery, tracking number confirmation, collection and receipt confirmation

Article 2 (Items of Personal Information Processed)

The Company processes the following items of personal information:

Required items: mobile phone number, ID, password

Optional items: shipping address, email address, clothing size, order requests, purchase history, reasons for return/exchange, tracking number

Article 3 (Methods of Collecting Personal Information)

The Company collects personal information by the following methods:

Direct input of mobile phone number, ID, and password during membership registration at the online uniform shop

Additional information entered during order placement (e.g., shipping address, size selection)

Additional information entered when submitting a return or exchange request (e.g., reason for return/exchange, tracking number)

Voluntary provision by users during customer inquiries or delivery-related communication

Information automatically generated or collected during service use (e.g., access IP, browser information)

Article 4 (Retention and Use Period of Personal Information)

The Company retains and uses collected personal information for the following periods:

Records related to contracts or withdrawal of offers: 5 years

Records related to payment and supply of goods, etc.: 5 years

Records related to consumer complaints or dispute resolution: 3 years

Other cases: retained for the period specified by relevant laws

Article 5 (Provision of Personal Information to Third Parties)

The Company processes personal information only within the scope specified in the purpose of processing and does not provide it to third parties except with the data subject’s consent or as permitted by law (Articles 17 and 18 of the Personal Information Protection Act). However, in cases of special legal provisions or emergencies such as disasters, infectious diseases, urgent threats to life or body, or urgent property loss, the Company may provide personal information to relevant agencies without consent.

For smooth service provision, if a user consents to third-party provision when purchasing products, the Company will provide only the minimum necessary information.

Cases of third-party provision are as follows:

1.Recipient: lotteglogis

2.Provided items: name, contact information, shipping address, purchase details, etc.

3.Purpose: product delivery, refund processing

4.Retention period: destroyed immediately after the purpose is achieved

Article 6 (Entrustment of Personal Information Processing)

The Company entrusts personal information processing as follows:

1.Entrusted companies: Airwallex

2.Entrusted tasks: payment processing, system maintenance

3.Protection measures: stipulation of personal information protection measures in contracts, etc.

When entering into an entrustment contract, the Company specifies in writing matters regarding prohibition of processing for purposes other than entrusted tasks, technical/managerial protection measures, re-entrustment restrictions, management/supervision of trustees, and liability for damages, and supervises the trustee’s safe processing of personal information.

If the contents of the entrusted tasks or the trustee change, the Company will promptly disclose such changes through this Privacy Policy.

Article 7 (Overseas Transfer of Personal Information)

The Company does not currently transfer collected personal information overseas. If overseas transfer becomes necessary in the future, the Company will notify data subjects in advance and obtain their consent.

Article 8 (Destruction of Personal Information)

When the retention period expires or the processing purpose is achieved, the Company promptly destroys the relevant personal information.

Electronic files: permanently deleted using methods that prevent recovery

Printed materials: shredded or incinerated

Article 9 (Rights and Obligations of Data Subjects and Exercise Methods)

Data subjects may request access, provision, correction, withdrawal of consent, deletion, or suspension of processing (“access, etc.”) of their personal information at any time.

Requests may be made in writing, by email, fax, or through the customer center, and the Company will respond without delay.

The Company may refuse requests for access or suspension of processing if grounds under Article 35(4) or Article 37(2) of the Personal Information Protection Act apply.

Requests for correction or deletion may be refused if the relevant personal information is specified as a collection target by other laws.

Article 10 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security of personal information:

Administrative measures: establishment of internal management plans, employee training, etc.

Technical measures: access control, encryption, security program operation (e.g., antivirus)

Physical measures: access control to data storage locations

Article 11 (Installation and Operation of Automatic Collection Devices and Refusal Thereof)

The Company does not use devices that automatically collect users’ personal information.

Article 12 (Personal Information Protection Officer and Grievance Handling Department Contact Information)

Name: CHEN YANGYANG

Position: Personal Information Protection Officer

Contact: 070-5176-2015 / yangyang.chen@wecre8te.com

Article 13 (Remedies for Infringement of Data Subjects’ Rights)

Data subjects may contact the following agencies for dispute resolution or consultation regarding personal information infringement:

Personal Information Infringement Report Center (KISA): 118 / https://privacy.kisa.or.kr

Personal Information Dispute Mediation Committee: 1833-6972 / https://www.kopico.go.kr

Article 14 (Changes to the Privacy Policy)

This Privacy Policy may be amended in accordance with relevant laws, government policies, or internal policies. Any changes will be announced so that users can easily check the revised content.

Announcement Date: 2025.05.08

Effective Date: 2025.05.08