Privacy Policy

CLUBE Privacy Policy

Last updated: October 20, 2025

Article 1 (Purpose of Personal Information Processing)

CLUBE (hereinafter referred to as "the Company") processes personal information for the following purposes. The personal information being processed is not used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be implemented.

  1. Member registration and management: Confirmation of membership intention, identification and authentication for membership service provision, maintenance and management of membership, prevention of improper use of services, various notices and notifications
  2. Provision of goods or services: Service provision, content provision, customized service provision, identity verification, payment and settlement
  3. Authentication service provision: Luxury authentication service provision, delivery of authentication results, issuance of authentication certificates
  4. Offline physical authentication: Product collection and return, authentication progress status notification
  5. Marketing and advertising: New service development and customized service provision, event and promotional information provision and participation opportunities, service provision and advertising placement according to demographic characteristics, service validity confirmation, access frequency analysis or statistics on member service use

Article 2 (Items of Personal Information Processed)

The Company processes the following personal information items:

  1. Required items:
    • Upon member registration: Name, email address, password, mobile phone number
    • Upon offline physical authentication application: Applicant name, phone number, delivery address (postal code, base address, detailed address)
    • Upon payment: Payment information (credit card information, account information, etc.)
  2. Optional items: Cash receipt issuance information
  3. Automatically collected items: Service usage records, access logs, cookies, access IP information, payment records
  4. When using authentication service: Product photos, brand and category information

Article 3 (Processing and Retention Period of Personal Information)

  1. The Company processes and retains personal information within the period of retention and use of personal information in accordance with laws or the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
  2. The processing and retention period for each personal information is as follows:
    • Member registration and management: Until member withdrawal. However, if investigation or inquiry is in progress due to violation of relevant laws, until the end of such investigation or inquiry
    • Provision of goods or services: Until completion of supply of goods and services and completion of payment and settlement. However, in the following cases, until the end of the relevant period:
      • Records on display and advertising, contract contents and performance in accordance with the Electronic Commerce Act: 5 years
      • Records on consumer complaints or dispute resolution in accordance with the Electronic Commerce Act: 3 years
      • Records on electronic financial transactions in accordance with the Electronic Financial Transactions Act: 5 years
    • Authentication service records: 1 year after completion of service provision

Article 4 (Provision of Personal Information to Third Parties)

  1. The Company processes personal information of information subjects only within the scope specified in Article 1 (Purpose of Personal Information Processing), and provides personal information to third parties only in cases corresponding to Article 17 of the Personal Information Protection Act, such as consent of the information subject or special provisions of laws.
  2. The Company provides personal information to third parties as follows:
    • Courier and logistics companies: Product collection and return for offline physical authentication service provision (Items provided: Name, phone number, address)
    • Payment processing companies: Payment processing (Items provided: Payment information)

Article 5 (Entrustment of Personal Information Processing)

  1. For smooth personal information processing, the Company entrusts personal information processing tasks as follows:
    • Payment processing: PG company (Payment approval and settlement)
    • Courier delivery: Courier company (Product collection and return)
    • Cloud service: AWS (Data storage)
  2. When concluding an entrustment contract, the Company specifies matters related to responsibility such as prohibition of personal information processing outside the purpose of performing entrusted tasks, technical and administrative protection measures, restriction of re-entrustment, management and supervision of trustees, and compensation for damages in accordance with Article 26 of the Personal Information Protection Act in documents such as contracts, and supervises whether trustees safely process personal information.
  3. If the content of entrusted tasks or trustees changes, we will disclose it through this privacy policy without delay.

Article 6 (Rights, Obligations, and Exercise Methods of Information Subjects)

  1. Information subjects can exercise the following personal information protection rights against the Company at any time:
    • Request for access to personal information
    • Request for correction in case of errors
    • Request for deletion
    • Request for suspension of processing
  2. Exercise of rights in accordance with paragraph 1 can be made to the Company in writing, by phone, email, facsimile (FAX), etc., and the Company will take action without delay.
  3. If an information subject requests correction or deletion of errors in personal information, the Company does not use or provide the personal information until correction or deletion is completed.
  4. Exercise of rights in accordance with paragraph 1 can be made through a legal representative or an agent authorized by the information subject. In this case, a power of attorney in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.

Article 7 (Destruction of Personal Information)

  1. The Company destroys personal information without delay when it becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose.
  2. The procedure and method of personal information destruction are as follows:
    • Destruction procedure: The Company selects personal information for which destruction reasons have occurred and destroys personal information after obtaining approval from the Company's personal information protection officer.
    • Destruction method: The Company destroys personal information recorded and stored in electronic file format using methods such as Low Level Format so that records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incineration.

Article 8 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

  1. Administrative measures: Establishment and implementation of internal management plans, regular employee education, etc.
  2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
  3. Physical measures: Access control to computer rooms, data storage rooms, etc.

Article 9 (Personal Information Protection Officer)

The Company is responsible for overall personal information processing tasks and designates a personal information protection officer as follows to handle complaints and relief for damages related to personal information processing:

  • Personal Information Protection Officer: CLUBE Customer Support Team
  • Contact: support@clube.com
  • Phone: 1588-0000

Information subjects can contact the personal information protection officer regarding all inquiries, complaints, and relief for damages related to personal information protection that occur while using the Company's services. The Company will respond and handle inquiries from information subjects without delay.

Article 10 (Changes to Privacy Policy)

This privacy policy applies from October 20, 2025, and if there are additions, deletions, or corrections to the contents according to laws and policies, we will notify through announcements 7 days before the implementation of the changes.

Supplementary Provisions

This policy takes effect from October 20, 2025.