Privacy policy

Mdale Co., Ltd. (hereinafter, the “Company”) establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect customers’ personal information and to ensure prompt and smooth handling of related grievances.

Article 1 (Items of Personal Information Collected and Purpose of Processing)

The Company collects and uses only the minimum personal information necessary for the purposes set out below. Collected personal information will not be used for any purpose other than those specified. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent, in accordance with applicable laws.

  1. General Collection Items and Purposes

    Items Collected Purpose of Collection and Use
    Name, mobile phone number, email, year of birth, date of birth, gender, residential area, payment information (credit card details, bank account information, payment records, etc.) Membership registration, identity verification, ticket reservation, handling of customer inquiries (VOC), age verification to prevent membership by children under 14, statistical use for service improvement, marketing use
  2. Collection for Marketing and Advertising Purposes

    Items Collected Purpose of Collection and Use
    Name, mobile phone number, email, year of birth, gender, residential area, sign-up channel Information on new services/products, service usage statistics, demographic-based advertising, customer-tailored events, surveys, etc.
    ※ Provision of information for marketing and advertising purposes is conducted only with separate consent.
  3. Information Generated/Collected During Service Use or Processing

    Items Collected Purpose of Collection and Use
    IP information, cookie information, service usage records, payment information (credit card number, bank account number, mobile carrier payment approval number, etc.) Provision of ticket reservation services, verification of financial transactions, dispute prevention and resolution
Article 2 (Processing and Retention Period of Personal Information)

The Company retains and uses personal information for the period consented to by the customer at the time of collection or as required by law.

  1. Retention and Use Period: Until the supply of goods/services and completion of payment/settlement.
  2. Retention under the Act on Consumer Protection in Electronic Commerce, Etc.
    - Records on contracts or withdrawal of subscription: 5 years
    - Records on payment and supply of goods: 5 years
    - Records on consumer complaints or dispute handling: 3 years

Article 3 (Provision of Personal Information to Third Parties)

The Company does not provide personal information to third parties without the consent of the customer, except as permitted under Articles 17 and 18 of the Personal Information Protection Act or other applicable laws.

Article 4 (Entrustment of Personal Information Processing)
  1. The Company entrusts the following tasks to third parties for smooth service provision. If additional outsourcing is required, or if the entrusted party or the details of entrusted tasks change, such information will be notified through the website or other means.

    Entrusted Party Entrusted Task Retention and Use Period
    KICC Electronic payment processing 5 years for transactions exceeding KRW
    10,000; 1 year for transactions of KRW
    10,000 or less (under the Electronic Financial Transactions Act)

    2. In concluding outsourcing contracts, the Company specifies the scope of entrusted tasks, obligations for safeguarding personal information, etc., in accordance with Article 26 of the Personal Information Protection Act, and supervises compliance.
    3. The Company will promptly notify customers of any changes to entrusted parties or tasks.

Article 5 (Rights and Obligations of Data Subjects and Legal Representatives, and Methods of Exercise)
  1. Customers may request access, correction, deletion, or suspension of processing of their personal information at any time.
  2. Such requests may be made in writing, by phone, or by email, in accordance with Article 41(2)(1) of the Enforcement Decree of the Personal Information Protection Act.
  3. A customer’s legal representative or an authorized agent may exercise these rights by submitting a power of attorney in the prescribed form (Form No. 11 of the “Guidelines on Personal Information Processing”).
  4. Requests may be restricted if there are statutory grounds to limit access, deletion, or suspension of processing.
  5. The Company may verify whether the requester is the data subject or a duly authorized representative.

Article 6 (Destruction of Personal Information)
  1. The Company will destroy personal information without delay once the retention period has expired or the purpose of processing has been achieved. If retention is required by law, the information will be stored separately in a different database or location.
  2. Methods of destruction:

    Procedure Method

    Selection of personal information subject to destruction → Approval by the Chief Privacy Officer → Destruction

    - Electronic files: Permanently deleted using irreversible technical means
    - Paper documents: Shredded or incinerated
Article 7 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the safety of personal information:
- Administrative measures: Establishment and implementation of internal management plans, regular staff training
- Technical measures: Access control, encryption of unique identifiers, installation of security programs
- Physical measures: Locking devices and access control for storage areas

Article 8 (Installation, Operation, and Rejection of Cookies)
  1. “The Company uses cookies (small data files stored on the user’s browser) to maintain login sessions, provide customized services, and analyze access records.
  2. Customers may refuse cookies by adjusting their web browser settings (Tools > Internet Options > Privacy menu).
  3. Refusing cookies may limit the availability of certain services.

Article 9 (Chief Privacy Officer and Contact Information)

The Company designates the following person as its Chief Privacy Officer for handling personal information and data subject requests:

Role Name Position Department Contact
Chief Privacy Officer Ryu Jaeyong Director Garden Business Management 031-771-1700
Responsible Department Garden Business Management 031-771-1700

Article 10 (Requests for Access to Personal Information)

Data subjects may request access to their personal information under Article 35 of the Personal Information Protection Act through the following department:
- Department: Garden Business Management
- Point of Contact: Director Ryu Jaeyong
- Contact Number: 031-771-1700

Article 11 (Remedies for Infringement of Rights)

Customers may contact the following institutions to report or seek consultation regarding violations of personal information rights:

Institution Contact Website
Personal Information Infringement Report Center (KISA) 118 https://privacy.kisa.or.kr/
Personal Information Dispute Mediation Committee 1833-6972 https://www.kopico.go.kr
Supreme Prosecutors’ Office 1301 http://www.spo.go.kr
National Police Agency Cyber Bureau 182 https://ecrm.police.go.kr

Article 12 (Changes to the Privacy Policy)
  1. This Privacy Policy is the Company’s first version, established upon the launch of its services on May 24, 2025, and effective as of the same date.
  2. In the event of changes, the Company will provide prior notice through the website, and previous versions will remain accessible through an archive at the top of the page.