BIGC Inc. (hereinafter referred to as the "Company") values the personal information of its members and complies with personal information protection regulations under relevant laws that the Company must observe, such as the "Personal Information Protection Act." Through this Privacy Policy, the Company informs members of the purposes and methods for which the personal information they provide is used and what measures are being taken for personal information protection. If the Company revises this Privacy Policy, it will notify users through the service's notice area (or individual notification).
The Company processes personal information for the following purposes and does not use it for purposes other than those specified below.
Purpose of Collection: Confirmation and acceptance of customer registration applications, identification and authentication for providing "Services," maintenance and management of membership status, age verification, prevention of duplicate registrations and unauthorized use, handling of civil complaints such as complaint processing and customer consultation, record keeping for dispute resolution, delivery of service-related notices, marketing and advertising, verification of "Service" validity, content provision such as statistics on members' use of "Services" including access frequency, purchase and fee payment, settlement, refund processing, delivery of goods or invoices, fulfillment of contracts regarding service provision such as financial transaction authentication and financial services.
Method of Collection: Direct input of essential information for membership registration and product order fulfillment; automatic collection or selection/submission of items when linking social service accounts that have previously provided personal information; collection via wired/wireless communication at the time of customer response and cancellation/refund processing; direct input or selection/submission of items for those who wish to participate in marketing, analysis, and promotional events.
① The Company processes and retains personal information within the period of retention and use agreed upon at the time of collection from the data subject or within the period required by law.
② Membership Registration and Management: Retained from membership registration until the termination (withdrawal) of the service use contract. However, in the following cases, information is retained until the respective reason is resolved:
Prevention of Unauthorized Use: Information is stored for one year from the date of withdrawal to prevent recurrence of unauthorized use by bad members and to resolve disputes.
Investigation Cooperation: In the case of an ongoing investigation by relevant authorities, until the end of the respective investigation.
③ Information Retention by Relevant Laws: If it is necessary to preserve information under the provisions of relevant laws, the Company stores member information for a certain period as prescribed by law below:
Records on labeling/advertising: 6 months (Electronic Commerce Act)
Records on contracts or withdrawal of subscription: 5 years (Electronic Commerce Act)
Records on payment and supply of goods: 5 years (Electronic Commerce Act)
Records on consumer complaints or dispute handling: 3 years (Electronic Commerce Act)
Declaration data for VAT tax base and tax amount: 5 years (Value Added Tax Act)
Records on service visits (logs): 3 years (Protection of Communications Secrets Act)
① To improve services, the Company may entrust the collection/handling/management of users' personal information to external parties and stipulates that personal information be managed safely during the entrustment contract in accordance with relevant regulations.
② The Company posts matters regarding the trustee and the scope of entrustment on its website. It strictly adheres to the service provider's instructions regarding personal information protection during entrustment contracts and stipulates confidentiality of personal information, prohibition of third-party provision, liability in case of accidents, entrustment period, and return or destruction of personal information after processing is completed, and keeps the contract contents in writing or electronically.
| Name | Details | Location | Retention & Use Period |
|---|---|---|---|
| Toss Payments Co., Ltd. | Payment and purchase safety service provision | Domestic | Immediate destruction upon achievement of purpose |
| PayPal Inc. | Payment processing and Fraud Detection (FDS), identification | Overseas | Immediate destruction upon achievement of purpose |
| GIANT NETWORK GROUP | Fulfillment / Delivery agency | Domestic | Immediate destruction upon achievement of purpose |
| Delivery companies linked to fulfillment (Rosen, etc.) | Delivery agency | Domestic | Immediate destruction upon achievement of purpose |
| KG Inicis | Real-name verification and identity/adult authentication | Domestic | Immediate destruction upon achievement of purpose |
| Amazon Web Services, Google LLC (GCP) | Service infrastructure establishment | Overseas | Until membership withdrawal or termination of contract |
| Tableau | Data analysis service | Overseas | Until membership withdrawal or termination of contract |
| Apple Inc, Google LLC | Payment agency service | Overseas | Until membership withdrawal or termination of contract |
| Google LLC (Firebase), Salesforce | Service key metrics and statistical information check | Overseas | Until membership withdrawal or termination of contract |
| Google LLC (BigQuery) | Cloud service for data storage and analysis | Overseas | Until membership withdrawal or termination of contract |
| Google LLC (Firebase) | Notification talk sending service | Overseas | Until membership withdrawal or termination of contract |
| NAVER Cloud Corp. | Mobile phone number authentication service | Domestic | Until membership withdrawal or termination of contract |
| AB180 Inc., Meta Platforms Inc | Marketing analysis | Overseas | Until membership withdrawal or termination of contract |
| TYPEFORM SL | Collection of user responses such as surveys | Overseas | Until membership withdrawal or termination of contract |
① Exercise of Rights by Data Subjects: The data subject (or legal guardian) may exercise the following rights toward the Company at any time:
Request to read personal information and provide copies.
Request for correction in case of errors: The respective personal information will not be used or provided until correction is completed, and results will be notified to third parties without delay.
Request for deletion (termination and withdrawal).
Request for suspension of processing.
Exercise of right to data portability: In accordance with the enforcement of relevant laws, personal information processed for consent or contract fulfillment can be requested to be transmitted in a machine-readable format.
Right to withdraw consent: Consent for collection and processing can be withdrawn at any time.
② How to Exercise Rights (Integrated Web/App Response):
When using the App: Rights can be exercised immediately via [My Page > Settings > Withdraw] or [1:1 Inquiry].
When using the Web/Other: Rights can be exercised immediately via [Top-right profile icon > Withdraw].
③ Obligations of Data Subjects:
Data subjects have the obligation to enter their personal information accurately and stay up to date. Users are responsible for accidents occurring due to inaccurate information entry.
The use of the service may be restricted or punished under relevant laws if another person's information is stolen or false information is entered.
Data subjects have the obligation to be careful not to leak their personal information, including passwords, and not to damage the personal information of others.
The Company processes the following personal information items:
| Purpose | Essential Items | Optional Items | Collection Method |
|---|---|---|---|
| Membership Registration (Social Login) | Kakao: Profile info, Email / Google: Email / Naver: Email / Apple: Email / Facebook: Email | Gender, Age group (Kakao, Google, Apple, Facebook), Nickname (Naver) | Mobile App, Web |
| Product Order & Delivery | Orderer info (Name, Phone, DOB, Email), Payment records, Recipient info (Name, Phone, Address) | Messenger (KakaoTalk) ID | Mobile App, Web |
| Events / Promotions | Winner info (Name, Phone, Email) | - | App, Web, Email, Event form |
| Messenger Service & Authentication | Mobile phone number | - | Mobile App, Web |
① Information collected during service use: Service use records, access logs, bad use records, mobile device info (model, OS version, UUID, ADID), payment records, access country info, language info, IP info, cookies.
② Additional information collected per service:
Purchase of products for on-site pickup: Passport number, or [Resident Registration Number / Alien Registration Number] solely for on-site identification.
Customer consultation: Consultation content, reply email, phone number.
Bank transfer purchase: Refund account info (Bank, Account holder, Account number).
Identity authentication: Name, Gender, DOB, Phone number, Carrier, Local/Foreigner status, CI, DI.
Artist settlement: To fulfill withholding tax obligations under tax law, [Individual] Name, Email, Phone, Address, Local/Foreigner status, Account info, [RRN Omitted] or [Alien Registration Number Redacted]; [Corporate] Corporate info, Business registration number, Settlement account info.
① Destruction Procedure: The Company destroys personal information without delay when it becomes unnecessary, such as the expiration of the retention period or achievement of the processing purpose. If it must be preserved by law, it is destroyed without delay after the respective period.
② Destruction Method:
Electronic files: Safely deleted using technical methods that cannot reproduce the records (Low-Level Format, Shredding, etc.).
Printed/Written documents: Destroyed by shredder or incineration.
③ Management of Long-term Inactive Users:
To enhance security, the Company may separately store or destroy the personal information of members who have not used (logged in) the service for more than one year.
The Company notifies the user of the fact, date, and items to be separated/destroyed 30 days before the action via email.
The Company takes the following safety measures to prevent loss, theft, leakage, alteration, or damage:
① Administrative Measures: Establishment and implementation of internal management plans, and regular security education for employees.
② Technical Measures: One-way encryption of passwords, use of SSL for important data transmission, installation of firewalls and vaccine programs, and differential management of access rights to the processing system.
③ Disclaimer: The Company is not responsible for problems caused by the leakage of personal information due to the user's own intention or negligence if the Company has fulfilled its obligations under relevant laws.
① Definition of Cookies: The Company uses "cookies" to store and retrieve usage information frequently to provide specialized customized services. Cookies are very small text files sent to your browser by the server and stored on your hard disk. In environments where cookies cannot be used (like mobile apps), similar technologies like ADID/IDFA are used.
② Purpose of Use: Target marketing and provision of personalized services through analysis of access frequency, visit time, and tracking of interests.
③ How to Reject: Users have the right to choose cookie settings.
Web Browser: [Settings] > [Privacy and Security] > [Cookies and other site data].
Mobile App: Device settings (iOS: Limit Ad Tracking, Android: Opt-out of Ads Personalization).
① Purpose of Collection and Use: For overseas delivery orders only, the Company collects and uses unique identifying information to fulfill customs clearance procedures.
② Items Collected:
Personal Customs Clearance Code (For domestic residents shipping overseas).
ID Number or Passport Number (For overseas residents according to local customs regulations).
③ Provision and Entrustment: For smooth clearance, information may be entrusted to: CJ Logistics, EFS, and respective local delivery partners.
④ Retention and Use Period: Retained for up to 1 month after clearance/delivery completion and destroyed without delay.
⑤ Right to Refuse: Users have the right to refuse consent. However, delivery to the respective country may be restricted if consent is not given.
The Company designates the following officer to protect personal information and handle complaints.
Personal Information Protection Officer
Name: Jung-woo Kim
Contact: jin@bigc.im
For other reports or consultations regarding personal information infringement, please contact:
Personal Information Infringement Reporting Center (privacy.kisa.or.kr / ☎ 118)
Supreme Prosecutors' Office Cyber Investigation Division (spo.go.kr / ☎ 1301)
Korean National Police Agency Cyber Bureau (cyberbureau.police.go.kr / ☎ 182)
Personal Information Dispute Mediation Committee (kopico.go.kr / ☎ 1833-6972)
Any changes to this policy will be notified through the "Notice" area of the Blip App/Web or via app push. This policy also includes a version number and effective date for easy tracking.
This Privacy Policy is effective from May 30, 2026.
Privacy Policy Version: v1.5