Privacy Policy | A Spoonful of Korean

Privacy Policy

Guideline on Personal Information Processing for A Spoonful of Korean

Effective date: November 19, 2025

Article 1 Consent to Collection of Personal Information and Collection Method

A Spoonful of Korean (“A Spoonful of Korean”, business name: “에이 스푼풀 오브 코리안”) operates the website https://www.aspoonfulofkorean.com/ (hereinafter the “Website”).

The Website establishes a procedure that allows customers to click the button “Agree” to the terms of use, the collection of personal information, and the details of personal information used. Customers shall be deemed to have agreed to the collection and use of their personal information by clicking the “Agree” button.

Article 2 Personal Information Items Collected and Purpose of Using Personal Information

1. Definition of personal information

“Personal Information” means information on living persons and refers to names, identification numbers, or any other information that identifies such persons (including information which, even if it cannot identify a certain person by itself, can be easily combined with other information to identify such person).

The Website does not collect resident registration numbers, passport numbers, foreigner registration numbers, or similar national identification numbers.

2. Personal information of general members (registered users)

  • Time of collection: At the time of signing up for membership on the Website
  • Mandatory collection items: Email address, password, name, referrer information (how you found the Website)
  • Optional collection items: None
  • Purpose of using personal information: Membership registration and management, provision and use of services (including booking and management of online Korean lessons, course packages and digital materials), customer support and consultation, prevention of fraudulent or abusive use, and delivery of notices related to services
  • Retention period: In principle, member account information is deleted without delay upon withdrawal of membership, except when certain information must be retained in accordance with applicable laws and regulations, as specified in Article 4 below.

3. Order and payment information (members only – no guest checkout)

The Website only allows members to purchase online Korean lessons, lesson packages, and digital materials.

  • Time of collection: At the time a member places an order or makes a payment
  • Mandatory collection items: Name of member placing the order, email address, payment approval information (such as transaction ID, payment method information provided by PayPal or other payment processors), purchase details (product or service purchased, amount, date and time)
  • Optional collection items: Any additional message or request entered voluntarily by the customer in a free text field
  • Purpose of using personal information: Processing payments, providing access to online lessons, course packages and digital materials, issuing receipts and confirmations, handling customer inquiries and complaints, preventing fraudulent transactions and misuse, and fulfilling legal and tax obligations related to transactions
  • Retention period: Retained for five (5) years in accordance with relevant statutes (e.g. the Act on the Consumer Protection in Electronic Commerce, etc.), regardless of membership status, for the purpose of verifying transaction records, handling disputes, and complying with legal obligations.

4. Sensitive personal information

The Website does not collect any sensitive personal information such as information on ideology, beliefs, membership in labor unions or political parties, health, sexual life, biometric information, or criminal records, unless required by law and with separate consent as applicable.

Article 3 Collection of Personal Information via Cookies

1. Use of cookies

The Website may install and operate cookies that store and regularly retrieve customers’ information. A cookie is a small text file sent by the website server to the user’s browser and stored on the user’s computer or device.

The Website may use cookies for the following purposes:

  • Providing differentiated information and content depending on users’ interests and usage patterns
  • Analyzing access frequency, visit time, and usage statistics of users, identifying users’ tastes and interests, and using them for service improvement and target marketing
  • Tracing information on purchased items, pages visited, and items to which users pay attention, in order to provide customized services and recommendations
  • Operating and improving services related to web analytics and advertising, including but not limited to Google Analytics, Google Tag Manager, and Google AdSense

2. Operation of cookies and rejection of cookies

Cookies are stored on the hard disk or storage of users’ devices. Cookies identify users’ devices but do not directly identify the individual user.

Users may choose to accept all cookies, to be notified each time a cookie is stored, or to reject all cookies, by changing the settings of their web browser. However, if users refuse to store cookies, they may not be able to use some services that require cookies to function properly.

3. Method for changing settings to reject cookies

The procedure for changing cookie settings may differ depending on the browser used. Examples are as follows:

A. Chrome

Users can change settings by selecting the menu icon at the top right of the browser > “Settings” > “Privacy and security” > “Cookies and other site data” and adjusting cookie settings.

B. Other browsers (Edge, Safari, etc.)

Users can change cookie settings in the “Settings” or “Options” menu, usually under “Privacy” or “Security” sections.

Article 4 Periods of Retaining and Using Personal Information and Destruction of Personal Information

1. General retention principle

Customers’ personal information shall be destroyed without delay after the purposes of collection and use have been fulfilled. However, if personal information needs to be retained for a certain period of time for the purpose of verifying transaction parties’ rights and obligations in accordance with provisions of relevant statutes, such information shall be retained for the statutory period as follows:

A. Article 6 of the Act on the Consumer Protection in Electronic Commerce, etc.

  • Records on contracts or withdrawal of offers: Retained for five (5) years
  • Records on payments and the supply of goods or services: Retained for five (5) years
  • Records on the resolution of customers’ complaints or disputes: Retained for three (3) years

B. Article 15-2 of the Protection of Communications Secrets Act

  • Log-in records: Retained for three (3) months

C. Other related statutes

If other laws and regulations require the retention of certain information for a specified period, such information shall be retained accordingly.

In principle, member account information not related to transactions is deleted without delay upon withdrawal of membership, except where retention is required by law.

2. Destruction procedure and methods

A. Destruction procedure

  • Personal information entered for membership sign-up or service use is transferred to a separate database (or, in the case of paper documents, a separate filing cabinet) and stored for a certain period of time in accordance with internal guidelines and relevant statutes. After the retention period has expired, such information is destroyed.
  • Personal information transferred to a separate database shall not be used for purposes other than those stipulated by law.

B. Destruction methods

  • Personal information printed on paper is destroyed by shredding or incineration.
  • Personal information in electronic file format is permanently deleted using technical methods so that it cannot be restored or regenerated.

3. Dormant members

If a member has not logged in or used the services for the last twelve (12) months, the Website may classify such member as a dormant member in accordance with Article 29-2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.

In such a case, the Website shall notify the member in advance of the scheduled classification as a dormant member and potential forfeiture of membership. If the member does not respond within the specified period, the Website may at its discretion treat the membership as forfeited, and such member’s personal information may be stored and managed separately from other members’ personal information.

Personal information that is separated and stored shall be destroyed after the lapse of the statutory retention period. If a customer requests to resume the use of services before destruction, and if the relevant information has not been destroyed, such information may be reactivated and made available again at the time of resuming the use of services.

Article 5 Provision of Personal Information to Third Parties

1. In principle, the Website does not use customers’ personal information beyond the scope stated in Article 2 (Personal Information Items Collected and Purpose of Using Personal Information), nor does it provide such information to third parties (other persons, companies, or institutions) without the customer’s consent.

2. Exceptions

Personal information may be provided without separate consent in the following cases, to the extent permitted by law:

  • A. When personal information is required by investigative agencies or other authorities under relevant statutes and procedures
  • B. When personal information is provided in a form that does not identify any specific individual (for example, statistical data) for advertisers, suppliers, or research organizations to compile statistics or conduct academic or market research
  • C. When personal information is requested in accordance with procedures prescribed by other relevant statutes

Even in such cases, the Website shall make reasonable efforts to ensure that personal information is not provided indiscriminately and that it is used only within the scope of the original purpose of collection and use.

Article 6 Outsourcing of Personal Information Processing

For the smooth provision of services, improved convenience, and efficient business operations, the Website outsources the processing of certain tasks to external professional organizations as follows:

  • Website hosting and system maintenance: Imweb
  • Payment processing: PayPal
  • Web analytics: Google LLC (Google Analytics, Google Tag Manager)
  • Online advertising: Google LLC (Google AdSense)
  • Messaging and email communication: Kakao Corp. (KakaoTalk notification services such as Alimtalk, if used), Google LLC (Gmail)

The information shared with outsourcing companies is limited to the minimum necessary to perform the outsourced tasks. Optional personal information is provided to outsourcing companies only when required to provide the requested services and, if necessary, with the customer’s consent.

The list of outsourcing companies may be subject to change due to changes in services, contracts, or business needs. Any important changes to this list will be announced in advance via notices on the Website. For short-term events, customers participating in such events may be notified individually as necessary.

Article 7 Access and Modification of Personal Information

1. Customers may access or modify their personal information registered on the Website at any time.

They can log in and access the “My account > Account info” menu to directly view and correct their personal information.

Alternatively, they may request access or modification by sending an email or written request to the chief privacy officer or to the personal information handling contact point indicated in Article 11. In such cases, the Website shall take necessary measures without undue delay.

2. If a customer requests the correction of any errors in his or her personal information, such personal information shall not be used or provided to third parties by the Website until the correction has been completed.

3. If incorrect personal information has already been provided to a third party, the Website shall promptly notify the third party of the corrected information and request that the third party also correct the information, unless such correction is impossible or unreasonably burdensome.

Article 8 Withdrawal of Consent to Collection, Use, and Provision of Personal Information

1. Customers may withdraw their consent to the collection, use, and provision of their personal information at any time, including the consent given at the time of membership registration.

To withdraw consent and delete their account, customers can log in and use the “My account > Delete account” menu on the Website.

Customers may also withdraw consent by contacting the chief privacy officer or the personal information handling contact point in writing, by telephone, or via email. In such cases, the Website shall promptly take the necessary measures, such as deleting personal information and processing membership withdrawal, and shall notify the customer without delay of the measures taken.

2. The Website shall take necessary measures to ensure that withdrawal of consent (including membership withdrawal) is not more difficult than the procedure used to give consent in the first place.

Article 9 Measures for Ensuring the Security of Personal Information

The Website shall take technological, administrative, and physical measures necessary to ensure the security of personal information in accordance with Article 29 of the Personal Information Protection Act and other applicable laws.

1. Encryption of personal information

Important personal information, such as passwords, is stored and managed in encrypted form and is known only to the user who owns the information. Where necessary, additional security measures, such as encryption of files or transmitted data, are applied.

2. Technical measures against hacking and viruses

The Website uses security functions provided by its hosting company and related service providers and installs and regularly updates necessary security programs to prevent leakage or damage of personal information caused by hacking, computer viruses, or other malicious attacks.

The Website also restricts access to personal information to a limited number of persons, and access is controlled through passwords and other technical means. The Website further endeavors to monitor and block unauthorized access attempts.

3. Administrative and physical measures

The Website limits access to personal information to personnel who are required to handle such information for business purposes and provides training on personal information protection. When personal information is stored in systems or storage media, reasonable physical measures (such as device security settings) are taken to prevent unauthorized access.

Article 10 Protection of Personal Information of Children under Fourteen Years of Age

The Website recognizes the importance of protecting children’s personal information in an online environment.

The Website does not knowingly allow children under fourteen (14) years of age to sign up for membership or use services that require membership registration. Membership registration is intended only for individuals who are at least fourteen (14) years old.

If the Website becomes aware that a child under fourteen years of age has signed up as a member or provided personal information without the consent of a legal guardian (for example, due to identity theft or misuse of systems), the Website shall promptly delete such personal information and may take necessary measures to terminate the account. In such cases, the child’s legal guardian may contact the chief privacy officer to request access, correction, deletion, or suspension of processing of the child’s personal information, and the Website shall promptly comply with such requests in accordance with applicable law.

Article 11 Chief Privacy Officer

The Website appoints the following chief privacy officer who is responsible for overall management of personal information processing and handling of customers’ complaints and requests for relief related to personal information.

Chief Privacy Officer

  • Name: Choi Hyeongi (최현기)
  • Title: Representative (CEO)
  • Job grade/Position: Representative of “A Spoonful of Korean”
  • Contact point (email): aspoonfulofkorean@gmail.com
  • Contact point (telephone): +82-10-3606-3921

Customers may direct all inquiries, complaints, and requests related to personal information protection that occur while using the Website to the chief privacy officer and the contact points above. The Website will respond and handle such inquiries without delay.

Article 12 Modification of the Guideline on Personal Information Processing

This guideline on personal information processing shall take effect on the effective date determined by the Website.

If there are any additions, deletions, or corrections due to changes in statutes or internal policies, the Website shall announce such changes through notices on the Website at least seven (7) days prior to the effective date of the changes. In the case of material changes that are disadvantageous to users, a longer prior notice period may be provided if necessary.

[Effective date: 11-19-2025]

This English Privacy Policy is provided for convenience. If a Korean version is provided in the future, and there is any conflict between the two, the version designated as legally binding will prevail in accordance with applicable law.