Purpose

• This privacy notice is for lesugiatelier. lesugiatelier is owned by Oscar Futurera Inc, based in Seoul, South Korea. Where the present terms of service ("Terms of Service" or "Agreement") refers to "lesugiatelier" it may refer to Oscar Futurera Inc. or both, depending on the context. These Terms of Service constitute a legally binding agreement between you and the Brand web name ("we", "us," "lesugiatelier", the "Company"), governing your use of the lesugiatelier (the "Site") and social media platforms, regardless of the means of access. The Site and social media platforms together are hereinafter collectively referred to as the "Site." If you do not agree to be bound by the Terms of Service, promptly exit the Site or social media platform, as applicable, and refrain from any future use of the Service. Lesugiatelier (hereinafter referred to as the "Site"), operated by OscarFuture Co., Ltd., values customer information and complies with relevant laws such as the "Personal Information Protection Act." In order to adhere to this, we have established this [Privacy Policy]. The [Privacy Policy] may change due to government guidelines, policy modifications, or other reasons. We kindly ask our customers to check it regularly when visiting the "Site.”
• ※ "This Agreement shall also apply to electronic commerce utilizing PC communication, wireless communication, and other methods, as long as they do not contradict the nature of this agreement.”

1. Collection Items and Collection Methods of Personal Information

1. ① The "Company" values your personal information and complies with the "Act on Promotion of Information and Communications Network Utilization and Information Protection."
2. ② The "Company" may select a natural person or a legal entity as a data controller to process user personal information in accordance with requests, and such entity may act as its representative (hereinafter referred to as the "Controller"). The Company promises to select Controllers that provide sufficient guarantees for technical and organizational security measures for personal information processing.
3. ③ Collected personal information items: The "Company" collects the following personal information for purposes such as membership registration, consultation, and service application.

   Data Collection	Source Data Collected
   when registering for membership	Name/Date of Birth/Gender/Login ID/Password/Home Phone Number/Mobile Phone Number/Email/Information of legal representative for users under 14
   when applying for services	Address/Payment Information
   when using service	Service Usage Records/Access Logs/Cookies/Access IP/Payment Records

4. ④ Collection Methods: Information can be collected through the website, written forms, bulletin boards, email, event participation, delivery requests, phone calls, faxes, and data collection tools.

2. Purpose of Collecting and Using Personal Information

1. ① The "Company" utilizes the collected personal information for the following purposes:

   Personal Information	Purpose of Use
   Identity and Profile Information	Used to create the user's service account.
   Contact and Transaction Information	Used to process user's orders and purchases.
   Device, Usage, and Technical Information	Utilized to enhance the functionality of the service on various devices using user's device information.
   Marketing and Communication Information	Employed to transmit marketing and communication related to various promotions and offerings.

2. ② This Privacy Policy serves to inform users of the methods through which the "Company" processes data and ensures that users are aware before accessing specific website pages and providing personal data. Users are required to familiarize themselves with this Privacy Policy before providing personal data through forms provided on each page of the website. Personal data is primarily processed through automated means, and this process is aligned with the purposes outlined in section 3.
3. ③ The "Company" takes precautions to ensure the secure processing and confidentiality of users' personal information, implementing all necessary measures to prevent the loss, misuse, damage, or deletion of personal data.
4. ④ Additionally, the "Company" collects specific personal information to identify users and provide optimized, personalized user experiences. This collection aims to rectify potential errors within the website. The collected data pertains to user connections (IP address, geographical location, access date and time, viewed and/or used pages, etc.) and the devices associated with those connections.

3. Retention and Use Period of Personal Information

1. ① Grounds for Retaining Information Pursuant to “Company” Policy

   Even in cases where a member withdraws, the “Company” retains member information to ensure the smooth provision of services and to prevent the improper use of services, as outlined below:

   Information Type	Retention Reason	Retention Period
   Records of improper/malicious use (including personal information of improper/malicious users)	Prevention of improper and malicious service usage, prevention of re-registration of improper/malicious users	1 year

2. ② Information Retention Based on Applicable Laws

   The “Company” complies with the provisions of relevant laws, including the Commercial Act and the Act on Consumer Protection in Electronic Commerce, etc. It retains member information for a certain period as stipulated by relevant laws.

   Information Record and Type Based on Applicable Laws	Retention Reason	Retention Period
   Payment and supply records of goods, etc.	Article 6 of the Act on Consumer Protection in Electronic Commerce, etc.	5 years
   Record of payment settlement and supply of goods, etc.	Article 6 of the Act on Consumer Protection in Electronic Commerce, etc.	5 years
   Record of consumer complaints or disputes	Article 6 of the Act on Consumer Protection in Electronic Commerce, etc.	3 years
   Service visit records	Article 15-2 of the Protection of Communications Secrets Act	3 months

4. Outsourcing of Personal Information Processing

1. ① The “Company" outsources personal information processing tasks as follows for efficient management of personal information-related tasks.

   Service Provider (Processor)	Outsourced Task
   Eximbay	Payment processing service (Worldwide)
   PAYPAL	Simple payment service (Worldwide)
   XROUTE	Delivery service (Worldwide)
   PREMIUM / UPS / FEDEX / EMS

   ※ Scope of Personal Information Collected through SNS and Third-Party Account Simplified Login

   Category	Collection Method	Purpose of Use	Collected Information
   Mandatory for Online Mall Members	Google Sign-up	Providing simplified login service by linking SNS and third-party accounts to existing registration information	Email
   Mandatory for Online Mall Members	Facebook Sign-up	Providing simplified login service by linking SNS and third-party accounts to existing registration information	Full Name, Gender, Email, Address, ID, Birthday

2. ② When entering into an outsourcing contract, the "Company" specifies matters such as the prohibition of personal information processing beyond the purpose of performing the entrusted task according to Article 26 of the "Personal Information Protection Act," technical and managerial protective measures, restrictions on re-entrustment, management and supervision of the trustee, liability for damages, etc., in documents such as contracts. The "Company" also oversees whether the trustee processes personal information securely.
3. ③ In the event of changes in the content of the entrusted task or the trustee, the "Company" will promptly disclose such changes through this privacy policy.

5. Transfer of Personal Information

1. ① When customers make purchases or provide consent to receive marketing notifications on the "Site," the "Company" entrusts the "Site" (lesugiatelier.com) with tasks such as product delivery, marketing, and providing information about new products/events. The entrusted entities are required to handle personal information securely in accordance with relevant privacy laws. The necessary matters are specified, managed, and supervised by the entrusted entities.

   Recipient of Transfer	Transferred Items	Date and Method of Transfer	Purpose and Processing Period	Information Management Responsible and Contact
   lesugiatelier	Name, Address, Contact Information (Safe Number), Name, ID, Email, Mobile Information, Gender, Personal Customs Clearance Number	Immediately after placing an order, transferred through database integration with our systems	- Product delivery to Lesugiatelier.com members	mailto:support@ofotd.com

   • Up to 1 year after membership withdrawal or withdrawal of consent mail to:support@ofotd.com

6. Procedure and Method of Personal Information Disposal

• The "Company" generally disposes of personal information without delay after the purpose of collection and use has been achieved. The procedure and method of disposal are as follows:
  1. ① Disposal and Separation Storage Procedure: Information provided by members for membership registration, etc., is transferred to a separate database or table after the purpose is achieved (in the case of paper, a separate filing cabinet). This information is stored for a certain period according to internal policies and other relevant laws (refer to retention and use period) and is then disposed of. Personal information transferred to a separate database or table will not be used for other purposes except as required by law.
  2. ② Disposal Method: Personal information printed on paper is shredded by a shredder or incinerated for disposal. Personal information stored in electronic file format is deleted using technical methods that prevent data recovery.
  3. ③ Disposal of Personal Information of Non-Using Customers, etc.: Based on the exception of Article 39-6 of the Personal Information Protection Act, the "Company" protects user privacy by disposing of personal information of members who have not used the service for one year after prior notice or by storing it separately. However, if a separate period is specified by other laws, the user's personal information is stored during that period.
  4. ④ Exceptional Situations: While personal information is not generally provided to external parties, exceptions apply in the following cases:
     • When the user has given prior consent
     • When required by law or when a law enforcement agency requests according to the procedures and methods specified by law

7. Installation, Operation, and Rejection of Personal Information Automatic Collection Devices

The "Company" may use 'cookies' to provide personalized services. 'Cookies' are small data packets sent by an HTTP server to the user's browser and stored on the user's computer hard drive. Cookies identify your computer but do not personally identify you.

• The "Company" uses cookies for the following purposes:
  1. ① Based on cookies set when members and non-members connect, providing convenient internet services by maintaining the service usage environment.
  2. ② Analyzing the visit and usage behavior of members and non-members to provide optimized services.
  3. ③ Cookies identify the user's computer but do not personally identify the user. Cookies are expired when the browser is closed or when the user logs out.

• Customers have the option to choose cookie installation. Therefore, customers can allow or reject all cookies through the settings of the web browser or set it to ask for confirmation every time cookies are saved.
• [Example of Setting Method]
  • ① For Microsoft Edge: Settings menu on the right side of the web browser > Cookies and site permissions > Manage and delete cookies and site data
  • ② For Chrome: Settings menu on the right side of the web browser > Privacy and security > Site settings > Cookies and site data

10. Complaints Services Regarding Personal Information

Members' personal information is primarily protected by the member's ID and password. The "Company" has established technical and managerial measures to ensure the safety of processing members' personal information and prevent its leakage, alteration, or damage.

• Inspection of personal information
• Correction in case of errors
• Request for suspension of personal information processing and refusal
• Filing objections against personal information processing

1. ① Technical Measures
   1. Member account passwords are encrypted and stored, ensuring that only the account holder can know them. Therefore, confirming and modifying personal information requiring account login can only be done by the account holder who knows the ID and password.
   2. Data is regularly backed up to prevent data loss and the latest antivirus programs are used to prevent leakage or damage of members' personal information or data due to computer viruses, etc.
   3. For payments and other transactions, security devices are adopted to securely transmit personal information over the network.
   4. To prevent information leakage due to hacking, intrusion prevention systems (firewalls) are used to control unauthorized external access, and all possible technological devices are employed to secure system-level security.
2. ② Managerial Measures
   1. When handling personal information by request from the member's password, etc., the "Company" makes the best effort to verify the individual's identity in the most secure manner and ensure safe processing of information.
   2. Access to personal information is limited to those in charge of personal information management tasks such as the personal information protection manager and other individuals who inevitably need to handle personal information for work purposes. Ongoing education for employees processing personal information emphasizes compliance with the personal information processing policy.
3. ③ Membership Termination
   1. When a user withdraws consent (cancels membership), the "Company" follows the principle of promptly disposing of personal information. However, if required by related laws to retain the information, the "Company" processes it in accordance with the processing and retention period specified in this personal information processing policy and ensures that access or usage is only allowed in necessary cases.

11. Personal Information Protection Manager / Request for Access to Personal Information

1. ① The "Company" is committed to providing customers with a safe way to use valuable information. In the event of an incident that contradicts the matters notified to customers regarding personal information protection, the personal information protection manager assumes full responsibility. For the protection of personal information and the handling of complaints related to the processing of personal information, the "Company" designates a personal information protection manager as follows:
   • Personal Information Protection Officer: Hyung Wook Kim
   • Affiliation: Oscar Futurera Inc.
   • Service Team: 070-4647-0821
   • Email: support@ofotd.com
2. ② While using the "Company," customers can report all personal information protection-related complaints to the personal information management officer or the relevant department. The "Online Mall" will promptly provide sufficient responses to user-reported issues.

Despite implementing technical security measures, the "Company" is not responsible for accidents caused by basic network risks such as hacking, unforeseen damage to information, or disputes arising from visitor-posted content.

12. Methods of Remedying Infringement of Rights

• If you are dissatisfied with the "Company's" internal resolution or need additional assistance, you can apply for dispute resolution or consultation through organizations such as the Korea Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency Personal Information Infringement Report Center. For other reports or consultations regarding personal information infringement, please contact the organizations below:
  • Korea Personal Information Dispute Mediation Committee: 1833-6971 (www.kopico.go.kr)
  • Korea Internet & Security Agency Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
  • Cyber Investigation Division of the Prosecutor's Office: 1201 (www.spo.go.kr)
  • Cyber Crime Investigation Unit, Korean National Police Agency: 182 (ecrm.cyber.go.kr)
  • Cyber Crime Investigation Unit, Korean National Police Agency: 182 (https://ecrm.cyber.go.kr/minwon/main)

13. Notice of Changes to Personal Information Processing Policy

1. ① This personal information processing policy may be changed due to government policies, laws, or the "Company's" requirements. In the event of additions, deletions, or corrections to the content, the "Company" will provide prior notice through the homepage, email, etc., 7 days before the changes take effect. If prior notice is difficult, the "Company" will announce the changes as soon as possible.
2. ② However, if important matters such as the purpose of collecting and using personal information or the recipients of third-party disclosures are added, deleted, or corrected, the "Company" will provide prior notice 30 days before the changes take effect.

• Announcement Date: 2023.08.24
• Effective Date: 2023.08.24