Privacy Policy
Medit Shop Privacy Policy
Medit (hereinafter referred to as the “Company”) complies with the Personal Information Protection Act of Korea and other applicable data protection laws to process personal data lawfully and ensure its security.
The Company establishes and discloses this Privacy Policy to inform data subjects of the procedures and standards for the processing and protection of personal data, and to ensure that related inquiries and complaints are handled promptly and effectively.
1. Data Collection and Use
The Company collects and processes personal data to the minimum extent necessary for the provision of services.
|
Category |
Data Collected |
Purpose |
Retention Period |
Legal Basis |
|
Membership Management |
Name, email address, phone number |
Identity verification for membership registration, provision of member services, maintenance and management of membership status |
Up to 1 month after membership withdrawal |
PIPA Article 15(1)(4) (performance of contract) |
|
Order and Delivery |
Name, billing address, shipping address, payment information (including credit card number), email address, phone number |
Provision of products or services, payment processing, issuance of invoices and order confirmations, delivery of goods, handling returns, delivery status notifications |
Until the purpose is fulfilled or as required by applicable laws |
PIPA Article 15(1)(4) (performance of contract) |
|
Customer Support |
Name, email address |
Provision of customer support services (e.g., inquiries) |
Until the purpose is fulfilled or as required by applicable laws |
PIPA Article 15(1)(4) (performance of contract) |
|
Device and Behavioral Information |
Browser version, IP address, access time, cookie data, visited pages/products, search terms |
Provision of services, analysis of website usage, website optimization |
Until the purpose is fulfilled or as required by applicable laws |
PIPA Article 15(1)(4) (performance of contract); Article 15(1)(1) (consent) |
2. Retention and Destruction
The Company retains personal data only for as long as necessary to fulfill the purposes described above or as required by applicable laws.
Where required by law, personal data is retained for specific periods, including:
- Contract and withdrawal records: 5 years
- Payment and supply records: 5 years
- Consumer complaints: 3 years
- Advertising records: 6 months
- Communication logs (IP logs, access tracking) logs: 3 months
Additionally:
- If investigations are ongoing: until completion
- If rights/obligations remain: until settlement
Destruction of Personal Data
When personal data is no longer necessary, including upon expiration of the retention period or achievement of the processing purposes, the Company promptly destroys such data.
Where personal data must be retained in accordance with applicable laws, such data will be stored separately and used only for the purposes required by such laws.
The procedures and methods for destruction are as follows:
- Personal data selected for destruction is subject to internal approval prior to disposal.
- Personal data in electronic form is permanently deleted using methods that prevent recovery.
- Personal data in physical form is securely destroyed, such as by shredding or incineration.
3. Data Sharing
The Company may share or otherwise disclose personal data where there is a valid legal basis under applicable data protection laws, including where necessary for the performance of a contract, compliance with legal obligations, or the Company’s legitimate business interests, and only to the extent necessary for such purposes.
The Company may share personal data with service providers that process data on its behalf for purposes such as payment processing, logistics, customer support, and system operation.
The Company may also disclose personal data where required by applicable laws or legal processes.
4. Entrustment and Cross-Border Transfers
The Company entrusts certain personal data processing activities to third-party service providers and ensures appropriate contractual and technical safeguards in accordance with applicable data protection laws.
The Company may transfer personal data outside your country of residence where necessary for service provision. Where required, the Company obtains consent and applies appropriate safeguards.
|
Transferred Data |
Country |
Timing & Method of Transfer |
Recipient |
Purpose |
|
Name, email, contact details |
Canada |
Transmitted via system at the time of service use or order processing |
Shopify |
Website operation and order management |
|
Name, contact details, email |
USA |
Transmitted via system as needed for business operations |
SAP |
Business operations, CRM, expense processing |
|
Name, contact details, email, payment data |
Korea |
Transmitted via secure network (e.g., HTTPS) at the time of service use |
Toss Payments |
Payment processing and settlement |
|
Name, contact details, email, shipping address |
Germany and other relevant countries |
Transmitted via system at the time of product shipment |
DHL |
Delivery and logistics |
|
Name, email, access information |
USA |
Transmitted via system when customer inquiries are submitted |
Zendesk |
Customer support and inquiry management |
|
Name, email |
USA |
Transmitted via system at the time of payment processing |
PayPal |
International payment processing |
|
IP address, device information, browsing behavior |
USA |
Automatically collected and transmitted via cookies/SDK during website use |
Google LLC |
Website analytics and service improvement |
Unless otherwise specified, personal data is retained only for as long as necessary to fulfill its purposes or as required under applicable laws.
Where processing is based on consent, personal data is retained until consent is withdrawn, unless otherwise required by law.
The Company ensures that all outsourcing arrangements include appropriate safeguards, such as purpose limitation, security measures, restrictions on further entrustment, and ongoing supervision.
If you refuse the cross-border transfer of your personal data, certain services may be unavailable or limited. You may choose to discontinue use of the services or request account deletion by contacting us at support@medit.com or through https://shop.medit.com/pages/contact.
5. Security
The Company implements appropriate administrative, technical, and physical safeguards to protect personal data, including:
- Administrative: internal policies, training, dedicated teams
- Technical: access control, encryption, logging, security systems
- Physical: restricted access, secure storage, disaster protection
6. Cookies and Tracking
The Company uses cookies and similar technologies to provide and improve its services.
The Company may collect information such as browser type, IP address, access time, and browsing behavior for analytics and personalization purposes.
The Company uses such information to analyze usage patterns, improve the quality and performance of the services, and provide personalized content and advertising where permitted under applicable laws.
You may manage cookie preferences through browser settings or opt out of personalized advertising via:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
- Digital Advertising Alliance: https://optout.aboutads.info/
Disabling cookies may affect certain features of the services.
7. Your Rights
Depending on your location and the applicable data protection laws, you may have the right to:
- access your personal data
- correct inaccurate data
- request deletion
- request restriction of processing
- withdraw consent
- request data portability
- lodge a complaint with a supervisory authority
You may exercise your rights via account settings, email, or other designated channels.
The Company will respond within the timeframe required by applicable laws.
Please note that certain rights may be limited or restricted in accordance with applicable laws.
8. California Privacy Rights (California Residents Only)
The Company does not sell personal information in exchange for monetary consideration.
However, certain data sharing for analytics, advertising, or similar purposes may be considered a “sale” or “sharing” under applicable California law.
Where required under applicable California law, you have the right to opt out of the “sale” or “sharing” of your personal information.
You may exercise this right by adjusting your cookie preferences or contacting us at privacy@medit.com.
9. Children’s Privacy
The Company does not knowingly collect personal data from children under the age of 14 in Korea, or such other age as required under applicable laws.
If you believe that a child has provided personal data without appropriate consent, please contact us at privacy@medit.com, and we will take appropriate action, including deletion of such data.
10. Contact
Data Protection Officer(DPO)
- Name: Ki-young Hwang
- Title: CPO
- Email: privacy@medit.com
Department
- Data Platform & Ops Team
- Email: privacy@medit.com
11. Changes to This Policy
This Privacy Policy is effective as of: 2026. 04. 30.
Previous versions are available below link.
https://shop.medit.com/pages/privacy-policy-archive