Privacy Policy
Bungaejangter Inc. (“Bunjang”) establishes and discloses this Privacy Policy to protect users’ personal data and rights, and to ensure the prompt and transparent handling of user inquiries in accordance with the Personal Information Protection Act of the Republic of Korea and other applicable laws.
[Company Information]
Company Name: Bungaejangter Inc.
Email: help@bunjang.co.kr
Address: Majesta City, Hillstate Seoripul, 12 Seocho-daero 38-gil, Seocho-gu, Seoul, Republic of Korea
Contents
Purpose, Items, and Retention Period of Personal Data
Provision of Personal Data to Third Parties
Cross-Border Transfer of Personal Data
Processing of Children’s Personal Data (Under Age 16)
Rights of Data Subjects and How to Exercise Them
Designation of the Data Protection Officer (DPO)
Installation, Operation, and Rejection of Automatic Data Collection Tools
Measures to Ensure the Security of Personal Data
Changes to This Privacy Policy
1. Purpose, Items, and Retention Period of Personal Data Processing
A. Bunjang processes only the minimum amount of personal data necessary to provide its services for the purposes described below. Personal data shall not be processed for any purpose other than those stated. If the purpose or the processed data items change, Bunjang will take the legally required steps. Certain data may be stored for a statutory period if required by applicable laws.
[Personal Data Processed Without Consent]
The following personal data is processed without data subject consent under the legal bases permitted by applicable personal data protection laws.
Legal Basis | Processing Activity | Purpose | Data Items | Retention Period | |
| Contract performance and steps prior to entering into a contract | Member service operations | Membership registration and verification; provision of member-only services; identity verification; notifications |
| Deleted 30 days after account deletion (retained temporarily for fraud prevention and membership restriction purposes) |
[Personal Data Processed With Consent]
The following data is processed based on the explicit consent of the data subject:
Legal Basis | Processing Activity | Purpose | Data Items | Retention Period | |
| User consent |
| Information on new services/products, promotional opportunities | Email, country | Until consent withdrawal or account deletion |
2. Provision of Personal Data to Third Parties
Bunjang may provide personal data to third parties in compliance with 「Applicable personal data protection laws」. When doing so, Bunjang will notify users as required by law.
1. Service Providers:
Authorized third-party service providers supporting Bunjang’s business operations may be granted access to user data. These providers may fall into categories such as:
Email service providers
2. Other Transfers Permitted by Law or Contract:
Bunjang may provide personal data to third parties when permitted or required by law, contractual obligations, or with the user’s consent. Under such circumstances, data may be shared with:
Public authorities (prosecutors, police, tax authorities, data protection supervisory authorities, etc.) to the extent necessary to fulfill legal obligations or respond to formal requests.
3. Cross-Border Transfer of Personal Data
Bunjang transfers certain personal data collected from global users to overseas locations as follows, in accordance with applicable data protection laws.
[Email Delivery Services]
Bunjang may use email transmission systems provided by Twilio SendGrid, located in the United States.
Transfers rely on GDPR Article 45, based on the European Commission’s adequacy decision under the EU–US Data Privacy Framework (DPF) for certified organizations.
[Data Storage and Service Operations]
Global Bunjang services are operated from the headquarters in the Republic of Korea, and data is stored in the Korea Region of Amazon Web Services (“AWS”).
Korea has received an EU adequacy decision under GDPR Article 45, meaning personal data transferred from the EU to Korea is deemed to receive an equivalent level of protection without requiring additional safeguards.
4. Processing of Personal Data of Children Under the Age of 16
Bunjang does not knowingly collect or process personal data from children under the age of 16 requiring parental consent.
5. Rights of Data Subjects and How to Exercise Them
A. Bunjang safeguards the personal data of global users and ensures that users may exercise the following rights at any time:
Access, correction, deletion, restriction of processing
Withdrawal of marketing consent
Bunjang does not impose any disadvantage or discrimination for exercising these rights.
[EU Residents – GDPR Rights]
EU residents have the following rights under the General Data Protection Regulation (GDPR):
Right to be Informed: Transparent information about how personal data is collected and used
Right of Access: Ability to confirm processing and obtain a copy of personal data
Right to Rectification: Correct inaccurate or incomplete personal data
Right to Erasure (Right to be Forgotten): Request deletion when data is no longer necessary or when consent is withdrawn
Right to Restriction of Processing: Limit data processing in certain circumstances
Right to Data Portability: Receive data in electronic format or transfer it to another provider
Right to Object: Object to processing, including for direct marketing
Rights related to Automated Decision-Making: Reject decisions made solely by automated processing (including profiling)
※ Bunjang does not make decisions that rely exclusively on automated processing or that could negatively affect users.Right to Lodge a Complaint: Users may file a complaint with any EU Supervisory Authority in their country of residence, workplace, or where the alleged infringement occurred.
Right to Withdraw Consent: Consent for marketing communications may be withdrawn at any time via email or website settings, without affecting the lawfulness of processing prior to withdrawal.
[U.S. Residents – CCPA/CPRA Rights]
Under the California Consumer Privacy Act (CCPA/CPRA), U.S. residents have the following rights:
Right to Know: Know what personal data is collected, used, shared, or sold
Right to Delete: Request deletion of collected personal data
Right to Correct: Request correction of inaccurate data
Right to Opt-Out of Sale/Sharing: Refuse the sale or sharing of personal data for monetary or other valuable consideration
※ Bunjang does not sell or share personal data for value.Right to Non-Discrimination: Users shall not face discrimination for exercising their privacy rights
B. The rights under Paragraph A may be exercised through My Page or our customer support center, and Bunjang will take prompt action upon such requests.
Access & Correction
MY PAGE → Edit Profile
Deletion
MY PAGE → Edit Profile → Delete Account
Objection & Consent Withdrawal
MY PAGE → Edit Profile
Other Requests
1:1 Inquiry: help@bunjang.co.kr
6. Designation of the Data Protection Officer (DPO)
Bunjang designates the following DPO and department to oversee the overall management of personal data processing and to handle user complaints and inquiries.
A. Data Protection Officer (DPO)
Name: Byungseong Park
Position: Head of Division
Contact: 82-1670-2910 / privacy@bunjang.co.kr
B. Personal Data Protection Department
Department: Security Team
Contact: 82-1670-2910 / privacy@bunjang.co.kr
7. Installation, Operation, and Rejection of Automatic Data Collection Tools
A. Bunjang uses cookies to provide personalized services. Cookies are small data files transmitted by the server to the user’s browser and may be stored on the user’s device.
B. When accessing Bunjang’s website, the server reads cookies to provide services without requiring additional inputs.
C. Cookies identify devices, not individual users. Browser settings may allow: accept all cookies, receive alerts when cookies are set, or block all cookies.
D. Disabling cookies may reduce functionality or limit access to certain login-required services.
[Cookie Settings by Browser]
8. Measures to Ensure the Security of Personal Data
Bunjang implements the following administrative, technical, and physical safeguards as required by 「Applicable personal data protection laws」:
A. Minimization and Training of Personnel Handling Personal Data
Only authorized staff handle personal data, and staff are trained to manage data securely.
B. Establishment and Implementation of Internal Management Policies
To ensure the secure processing of personal data, we have established and implemented internal personal data protection guidelines.
C. Technical Measures Against Hacking and Malware
Users’ personal data and passwords are encrypted during storage and management so that only the individual user can access them. Important data is additionally protected through encryption of files and transmission data or by using file-locking mechanisms and other security features.
D. Encryption of Personal Data
Personal data and passwords are encrypted. Important data is encrypted during storage and transmission or protected via file-locking mechanisms.
E. Retention and Protection of Access Logs
Access logs to personal data systems are kept for at least two years and protected from tampering, theft, or loss.
F. Access Control for Personal Data Systems
Access rights to database systems processing personal data are granted, modified, and revoked as necessary to ensure appropriate access control, and unauthorized external access is blocked through intrusion prevention systems.
G. Document Security Through Locked Storage
Documents and removable storage media containing personal data are stored in secure locations equipped with locking mechanisms.
H. Physical Access Control for Data Storage Locations
Separate physical storage areas for personal data are maintained, and access control procedures are established and operated to prevent unauthorized entry.
9. Changes to This Privacy Policy
Bunjang will announce any updates to this Privacy Policy through website notices.
Notice Date: December 15, 2025
Effective Date: December 22, 2025
Previous versions of the Privacy Policy can be accessed below (per original document reference).