FUTURE FRAME ← Home

Privacy Policy

Effective Date: May 18, 2026

BSHARE Co., Ltd. (hereinafter "the Company") establishes and discloses the following Personal Information Processing Policy in accordance with Article 30 of the Personal Information Protection Act of the Republic of Korea, in order to protect the personal information of data subjects and to handle related grievances promptly and smoothly.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. The personal information being processed shall not be used for purposes other than those listed below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

  1. Website membership registration and management
    Personal information is processed for purposes such as confirming intent to register as a member, identifying and authenticating users for membership services, maintaining and managing membership, verifying identity under the limited identity verification system, preventing unauthorized use of services, confirming consent from legal representatives when processing personal information of children under the age of 14, various notifications and communications, and handling grievances.
  2. Provision of goods or services
    Personal information is processed for purposes such as delivery of goods, provision of services, sending of contracts and invoices, provision of contents, provision of customized services, identity verification, age verification, payment and settlement of fees, and debt collection.
  3. Grievance handling
    Personal information is processed for purposes such as verifying the identity of complainants, confirming the contents of complaints, contacting and notifying for fact-finding investigations, and notifying of processing results.

Article 2 (Processing and Retention Period of Personal Information)

  1. The Company processes and retains personal information within the personal information retention/use period stipulated by law or within the personal information retention/use period agreed upon when collecting personal information from the data subject.
  2. The processing and retention period for each type of personal information is as follows:
    1. Website membership registration and management: Until the member withdraws from the website
      However, in the following cases, until the corresponding event ends:
      • If investigation or inquiry is in progress due to violation of relevant laws: Until the investigation or inquiry ends
      • If credits/debts remain due to the use of the website: Until the settlement of such credits/debts
    2. Provision of goods or services: Until the supply of goods/services is completed and the payment/settlement of fees is completed
      However, in the following cases, until the end of the relevant period:
      • Records of transactions such as labeling, advertising, contracts and performance under the Act on Consumer Protection in Electronic Commerce
        • Records of labeling and advertising: 6 months
        • Records of contracts, withdrawals of subscription, payments, and supply of goods: 5 years
        • Records of consumer complaints or disputes: 3 years
      • Records of communication confirmation data under Article 41 of the Protection of Communications Secrets Act
        • Subscriber's telecommunication date/time, start/end time, counterpart subscriber number, frequency of use, and location tracking data of originating base stations: 1 year
        • Computer communication, Internet log records, and access location tracking data: 3 months

Article 3 (Provision of Personal Information to Third Parties)

  1. The Company processes the personal information of data subjects only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only with the consent of the data subject, special provisions of law, etc., corresponding to Articles 17 and 18 of the Personal Information Protection Act. Otherwise, the Company does not provide the personal information of the data subject to third parties.
  2. The Company may provide personal information to third parties only to the minimum extent necessary with the consent of the data subject pursuant to Article 17 (1) 1 of the Personal Information Protection Act in the following cases:
    • Recipient of personal information: <e.g., OOO Card Co., Ltd.>
    • Recipient's purpose of using personal information: <e.g., business cooperation such as joint events and issuance of affiliated credit cards>
    • Personal information items provided: <e.g., name, address, phone number, email address, card payment account information>
    • Recipient's retention and use period: <e.g., during the transaction period under the credit card issuance contract>

Article 4 (Outsourcing of Personal Information Processing)

  1. The Company outsources personal information processing tasks as follows for smooth processing of personal information:
    • Outsourced tasks
    • Outsourcee (Trustee): Imweb Corp.
      Outsourced task: Provision of system for shopping mall hosting service, mobile app service, marketing service and additional/affiliated services, and delivery agency services such as KakaoTalk notifications, friend talks, and text messages.
    • Outsourcee (Trustee): OOO PG
      Outsourced task: Payment and escrow services
    • Outsourcee (Trustee): OOO Delivery
      Outsourced task: Product delivery services
    • Outsourcee (Trustee): OOO Customer Center
      Outsourced task: Customer consultation services
    • Outsourcee (Trustee): OOO
      Outsourced task: Identity verification services
    • Sub-outsourcees
    • Sub-outsourcee (Trustee): Imweb Corp. → Infobip Co., Ltd.
      Outsourced task: Sending of text messages and KakaoTalk notifications (informational messages)
    • Sub-outsourcee (Trustee): Imweb Corp. → Lunasoft Co., Ltd.
      Outsourced task: Sending of text messages, KakaoTalk notifications (informational messages) and friend talks
  2. When entering into an outsourcing contract, in accordance with Article 25 of the Personal Information Protection Act, the Company specifies in documents such as contracts the matters regarding prohibition of processing personal information for purposes other than performing the outsourced work, technical and administrative protective measures, restrictions on sub-outsourcing, management and supervision of the trustee, and responsibilities for damages, and supervises whether the trustee safely processes personal information.
  3. In the event of any change in the content of the outsourced work or the trustee, the Company will disclose such changes without delay through this Personal Information Processing Policy.

Article 5 (Rights of Data Subjects and Legal Representatives, and Methods of Exercise)

  1. Data subjects may exercise the following personal information protection-related rights against the Company at any time:
    1. Request for access to personal information
    2. Request for correction in case of errors
    3. Request for deletion
    4. Request for suspension of processing
  2. The exercise of rights under Paragraph 1 may be made to the Company in writing, by phone, by email, or by facsimile (FAX), and the Company will take action without delay.
  3. If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
  4. The exercise of rights under Paragraph 1 may be made through a legal representative of the data subject or an authorized agent. In this case, a power of attorney in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
  5. Data subjects shall not infringe upon the personal information or privacy of themselves or others being processed by the Company in violation of related laws such as the Personal Information Protection Act.

Article 6 (Personal Information Items Processed)

The Company processes the following personal information items:

  1. Website membership registration and management
    • Required items: <e.g., name, date of birth, ID, password, address, phone number, gender, email address, iPIN number>
    • Optional items: <e.g., marital status, areas of interest>
  2. Provision of goods or services
    • Required items: <e.g., name, date of birth, ID, password, address, phone number, email address, iPIN number, credit card number, bank account information and other payment information>
    • Optional items: <areas of interest, past purchase history>

Article 7 (Destruction of Personal Information)

  1. The Company will destroy the relevant personal information without delay when it becomes unnecessary due to the expiration of the retention period, the achievement of the processing purpose, or similar reasons.
  2. If personal information must continue to be preserved in accordance with other laws despite the expiration of the retention period agreed upon by the data subject or the achievement of the processing purpose, the personal information shall be moved to a separate database (DB) or stored in a different location.
  3. The procedures and methods of destroying personal information are as follows:
    1. Destruction procedure
      The Company selects the personal information for which the reason for destruction has occurred and destroys it with the approval of the Company's Chief Privacy Officer.
    2. Destruction method
      Personal information recorded and stored in electronic file form is destroyed in a manner that prevents the records from being reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.

Article 8 (Measures to Ensure the Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

  1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
  2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
  3. Physical measures: Access control to computer rooms, data storage rooms, etc.

Article 9 (Installation, Operation and Refusal of Automatic Personal Information Collection Devices)

  1. The Company uses 'cookies' that store and retrieve usage information from time to time to provide individually customized services to users.
  2. Cookies are small amounts of information that the server (http) used to operate the website sends to the user's computer browser and are stored on users' PCs or mobile devices.
  3. Data subjects may set options for allowing or blocking cookies through web browser options. However, if the storage of cookies is refused, there may be difficulties in using customized services.
▶ Allowing/Blocking Cookies in Web Browsers
· Chrome: Browser Settings > Privacy and Security > Clear Browsing Data
· Edge: Browser Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data
▶ Allowing/Blocking Cookies in Mobile Browsers
· Chrome (Mobile): Browser Settings > Privacy and Security > Clear Browsing Data
· Safari (Mobile): Device Settings > Safari > Advanced > Block All Cookies
· Samsung Internet: Browser Settings > Internet Usage History > Delete Internet Usage History
  1. The Company collects and uses information such as visit patterns, popular search terms, and secure access status of each service and website visited by users in the course of using the service in order to provide users with optimized information.

Article 10 (Chief Privacy Officer)

  1. The Company designates a Chief Privacy Officer as follows to take overall responsibility for personal information processing-related tasks and to handle complaints and damage relief of data subjects related to personal information processing:
▶ Chief Privacy Officer
Name: Kim Man-Ki
Position: CEO
Contact: <1566-0426>, <0504-085-7091>
※ Calls will be connected to the Personal Information Protection Department.
▶ Personal Information Protection Department
Department: Content Team
Contact: <1566-0426>, <0504-085-7091>
  1. Data subjects may inquire about all personal information protection-related inquiries, complaint handling, and damage relief that occur while using the Company's services (or business) to the Chief Privacy Officer and the relevant department. The Company will respond and process inquiries from data subjects without delay.

Article 11 (Request for Access to Personal Information)

Data subjects may request access to personal information under Article 35 of the Personal Information Protection Act to the department below. The Company will endeavor to process requests for access to personal information from data subjects promptly.

▶ Personal Information Protection Department
Department: Content Team
Contact: <1566-0426>, <0504-085-7091>

Article 12 (Remedies for Infringement of Rights and Interests)

Data subjects may inquire about damage relief and consultation regarding personal information infringement to the following organizations:

  1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
  2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
  4. National Police Agency: (without area code) 182 (ecrm.police.go.kr/minwon/main)

Article 13 (Enforcement and Amendment of the Privacy Policy)

This Privacy Policy shall be effective from May 18, 2026.